Slashdot Mirror
DRM and Threat Analysis
miladus writes "A timely and concise intervention by Ed Felten
on the topic of DRM and the models used (or not used) to represent the
threats to defeat. In brief, 2 models, one based on the potential of
large scale redistribution of copyrighted files implying defeat of DRM
if one user succeeds in bringing file inquestion to P2P network; the
other, refers to the majority of users who would casually copy files.
The implications of the schematization are most interesting because
they explain some the logic behind the often confused and confusing
rhetoric of DRM advocates and the necessity for rational grounding for
technologies."
I am okay with DRM as long as I know who holds the keys. With todays Homeland security, I am not sure that I am the only key holder.
From the article: ..."
"... leads to incoherent rhetoric
The only rhetoric I hear and see all the time are the many euphemisms used by the "DRM industry".
drm - I best manage my rights by deciding freely what to do with the data on my PC
copy *protection* - what does it protect?
piracy - I am not on a ship in the carribean sea.
etc.pp.
From the ref. article:
"Either you choose the Napsterization model, and accept that your technology must be utterly bulletproof; or you choose the casual-copying model, and accept that you will not prevent Napsterization. You can't have it both ways"
If you're a big enough monopoloy, you can PRETEND to have a bulletproof model - sell the model to the copyright holders, and sell (indirectly) a cracking tool to the mass market. Build yet another platform (Palladium) to break the latter tool.
If you keep throwing chairs, one day you'll break windows....
The DRM advocates must choose the Napsterization Model: It is potentially the most damaging, in terms of profits.
it would seem to me that copanies whos software checks in with servers (much like the constant updating of firewall software or even MS OSes) could easily track when software has been propogated throught the Napsterization model. When someone downloads the latest update 100 times you can figure that it has been comprimized.
Can someone with more knowledge on the subject please ream my argument. I, unlike some slashdoters, enjoy intelectual discourse.
I just want to make the observation that in real life you don't get to choose your threat, of course; both threat models are present to some extent. You can only talk about which threat model $protection_measure addresses and to what extent.
Another thing is that *AA can hope to bring the Napster model closer to the small-scale copying model by persecuting individual users. Witness:
On most p2p networks there is no anonymity and so there is still a chance of preventing this scenario. But all that changes when freenet comes into the picture. If it gets widely used, an ugly, long-drawn, bloody clash between "content creators" and "pirates" is inevitable. There are two possible outcomes at the end of it: 1) a draconian world ruled by the evil side 2) a severe reevaluation of our current notions on copyright, intellectual property, and revenue models. I dearly hope the clash occurs and the latter outcome results. The sooner we get out of the digital dark age the better.is that at some point the music has to be unencrypted. There is no way to prevent me from intercepting the signal being sent to my speakers, recording it and ripping it to mp3. The quality is not going to be that great, but that's par for the course on Kazaa. The same is true for movies... there will always be cam versions no matter what.
So, if we accept the (logical) "Napsterization" model using any type of encryption/fair use deprivation sceme is going to be pointless when the music/film has to be percieved by the human eyes and ears in the same way it always has been.
These people look deep into my soul and assign me a number based on the order I joined.
...that this is equally relevant to DRM skeptics.
When we argue that DRM has no place in copyright law we need real understanding of its purpose and effect. Otherwise, we're just fighting windmills. Enough people doing that already...
Any sufficiently advanced libertarian utopia is indistinguishable from government.
2) I haven't seen a bulletproof DRM system yet, not even a theoretical one.
but what do i know, i'm just a model.
It doesn't even work in a monopoly. What software companies don't understand is that casual copying is a form of price discrimination that benefits the seller. Consider:
1 customer is willing to pay $20
4 customers are willing to pay $5
With DRM, you can charge $20 and make $20 or charge $5 and make $25. But without DRM, you can charge $20 and make $40, because the one customer who is willing to pay $20 will buy his own copy, and the other 4 customers will chip in and buy another copy for $20 and pirate it amongst themselves.
The talk of two copying models and the level of protection needed to minimize each is profound. It speaks of a deep wisdom which many have overlooked.
But I want to add something to it. Everyone here knows what a capacitor is, right? It's two metal plates separated by a little insulator. When enough of a charge builds up between those two plates, the current will briefly jump the gap through the insulator.
The same applies to the Napsterizing/Casual-Copying model. Under casual copying, people make copies and distribute them to one or two friends. With Napsterization, one copy is made and broadcast to a great many people who want it.
The two are separated by a small gap. Will someone make one or two copies, or make it available for hundreds to download? That's where the capacitance comes in. If there's enough pressure, sooner or later a piece of media will jump the gap from casual copying and appear somewhere for everyone to grab a copy of.
What affects capacitance between the two? Well, the better the content is, the more people will want to show it to other people. The easier it is to show to other people, the more people will do so. P2P software today has cut the gap considerably. DRM is an attempt to add insulation and keep things from making the jump from casual copying to mass distribution.
It's been demonstrated, preventing any copies from being made is theoretically impossible, but the Content Cartels continue to try to prevent it. Likewise, preventing the jump to from casual copying to underground mass distribution is nearly impossible, but the Content Cartels continue suing every P2P, university, or network service that doesn't outlaw it outright.
It'd be interesting to see statistics on which results in more copies being made: P2P distribution or casual copying. Because it seems that P2P networks do more damage, but are much harder to prevent. And, in fact, if a DRM is put into place which prevents casual copying, I could see MORE people going to P2P systems to get copies from those who CAN break the "anti-fair-use technologies."
Thoughtful as the piece on different types of copying threat is, it becomes moot as the different types come closer together.
You cannot truly appreciate Dilbert until you read it in the original Klingon.
Felten's comments come close to, but do not quite repeat, the twin comments I have been making to friends about Digital Rights Manglement for the past year.
First, Digital Rights Manglement schemes assume that the control over use of media offered to producers due to the virtue of being digital -- controls which they have never before possed in any other medium -- outstrip the value of fair use rights for their entire [potential] audience, despite the twin facts that fair use rights are established in law, and that [some of] the controls suggested violate other legal doctrines such as first sale. This alone is enough to dissuade me from supporting any such schemes.
Secondly, even if you are a prolific creator -- such as Steven King or the Beatles -- you cannot create as much media output as you have input. Even for a creator, the fair use rights lost to DRM will outweigh the additional rights gained. Any way you slice the question, the public rights lost to Manglement will outweigh the private ones gained, because even the few beneficiaries also lose -- on a scale far larger than they gain. (The rest of us just lose.)
Do you like Japanese imports?
They are just interested in having some sort of encription system and then have laws to protect it.
It just doesn't mather if the technical aspects of the encription methods are strong or weak.
They just want to have laws to be able to go after anybody suspect of breaking the encription systems.
My advice to all the people doing research on ecription and security is this: just be very carefull..
I'd like an easy technological solution, but we don't have it, and we're not going to.
In fact, I suspect we do have one now: Easy and cheap online sale.
Smart content providers will beat the pirates on ease-of-use, not to mention good-conscience. It's not perfect, but I'm generally optimistic that it'll be good enough. While waiting for the un-smart content providers to die off we should fight to stop copyright law from becoming too badly "fixed".
Any sufficiently advanced libertarian utopia is indistinguishable from government.
Yes, they killed Napster. They managed to get rid of AudioGalaxy, too. But FreeNet, Kazaa, WinMX, and any P2P systems likely to show up in the future are comparatively unkillable. The killing off of the first few centralized sharing networks accomplished nothing except to make 'the enemy' harder to get next time around. They can't possibly affect them anymore, so instead they announce their uncopyable (and often unplayable) CDs as the solution to all copying problems. Not only is it a bad solution, it's a bad solution being applied to an entirely different problem. Similarly, a hardware/OS-level DRM-ed music file will only work until it is broken once, after which it gets shared as an ordinary unprotected file and the solution is worthless, inconveniencing only the non-sharing customers.
Dyolf Knip
The point made by the author can be generalized to any form of problem solving. When approaching a situation, you must first understand the problem before you can even begin to formulate an adequate solution. In my experience, this is the #1 thing that people do wrong in engineering (software or otherwise). Why just the other day, I was conversing with a collegue who was trying to decide between two ways of structuring a web application that would affect how the client used it. I asked him how the client currently does their business. He didn't know.
I am NEVER okay with DRM. As long as someone else holds the keys, they can change the rules anytime afterwards.
Consider, you buy DRM protected music this year.
Next year, through spending lots of money in Washington D.C., the industries are are granted the legal right to specify that the music you bought cannot be copied to any other form, and your DRM is automatically updated to enforce that without ever asking your consent.
The year after that they get a law where your purchased music will expire after ten years of use. Just won't play after that.
And the year after that, instead of unlimited plays allowed within your remaining eight years (the ten year limit was made retroactive, of course), you now have to pay a few pennies for each play. And btw, it now expires in seven (for you four) years.
You can't do anything because they own the keys and can change the conditions of their use any time they wish (true of any DRM system, to deal with compromised keys, if nothing else). Your only recourse is to the law -- and they've already preempted that route.
Let's be clear here: DRM IS NEVER OKAY. Got that?
And if you're foolish to think the rules never change on something after you've bought it, look at how copyrights on old music and movies continue to be extended beyond ever expiring? Even now, copyrighted material first published before you were born will never expire in your lifetime.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."