Open Source DRM

Clyde writes "The different worlds of DRM and Open Source have come together under OGG-S, a project that just recently went to beta with their Open Source DRM toolkit. The project license in GPL and uses OpenSSL for its encryption engine. It will be interesting to see if this project helps to spread the acceptance of Ogg Vorbis."

Please

[genka]

Tell me, Open Source DRM: is it a Good Thing or a Bad Thing?

Re:Please

[helix400]

I don't know. I guess I should stop worrying and let the /. crowd think for me on this subject. =)

Re:Please

[Nermal6693]

I'm wondering the same thing - anyone??

Re:Please

it's an oxymoron

Re:Please

[intermodal]

bad of course. it goes against everything Libre Software stands for

Re:Please

I think it's a good thing. It'll show that all the people that complain about not having access to the digital rights software are really just thieves and are mad because they can't steal from others.

Re:Please

[L.+VeGas]

Well, I'd be happy to tell you what to think, but since you ate that stupid apple, you have to form your own opinions for a change.

Serves you right, you smart-ass kids.

---
g0d

Re:Please

[ErikJson]

Time to comment on that ol' RFC 3514. It looks like we need to double the amount of evil bits. I'd set one to 1 and the other to 0 here... =)

Re:Please

[stratjakt]

Libre Software stands for Gratis Music?

Do you feel the same way about LDAP, PAM or other authentication schemes that prevents me from going into any linux box (like yours) on the 'net? Information wants to be free, after all.

Another Free-as-in-I-dont-wanna-pay scenario.

Re:Please

[Planesdragon]

So....

How about PGP? Strikes me as rather wrong, making it hard to read any message I put on my computer. Definitly against the tenents of Free Software.

Re:Please

Or you could just go to Iraq.

Hundreds of burning vehicles, both civilian and military, were scattered along the road from the Euphrates to Baghdad, along with hundreds of dead Iraqis, most in uniform, laying next to the vehicles. At least one US soldier was killed by friendly fire in the fighting.

Re:Please

Nice non sequitur. You're the king.

Re:Please

[Soko]

bad of course. it goes against everything Libre Software stands for

Hunh? What, Libre Software stands for making sure any and all content should be available without compensating the creator of the content in any way, shape or form? We use a license that restricts how your code is used, yet you want no restrictions on how the creations of others is used? *Rhetorical Question* Are you after a free ride, or Freedom?

I understand that you want fair use rights, as do we all. IMHO, if someone wishes to release thier creations with DRM, they are free to do so. I am free to ignore thier creation due to the DRM if I wish. Libre Software providing the freedom to release your creation as you want, and being compansated if you wish, is a good thing as it provides more freedom.

Until someone comes up with a viable way of compensating creators for thier content without restricing how that content is used in any way shape or form, restricted content is going to be reality, unfortunately. Using OSS tools to provide such restrictions, though distasteful, seems to be almost acceptable. At the very least, it shows that some proponents of Software Libre are sensitive to the needs of content creators, and so offers an olive branch to them. That should show we're not after a Free Ride, but Freedom.

Soko

Re:Please

I have no problem with paying, I have a problem with destroying fair use, I have a problem with having to explain to every device i own that I am not a dirty theif.

-troy

Re:Please

[intermodal]

theres a difference between wanted encryption and unwanted encryption. I do not care to explain to every device in my computer that i didn't steal a media file. I want it to just obey my orders and play the damn thing.

Re:Please

[intermodal]

You twisted what i said. I don't steal media files, but i dont want to spend my time making my devices believe me that i didnt steal it. I just want it to play the file without questioning me. Theres a difference between impeding my fair use and crippling my media's portability. I have a network, for example, and I dont want to have to explain to every one of my 20 computers that I own a file that I use from my server.

Re:Please

[intermodal]

for my reply, see the response of he who AC replied to you.

Re:Please

[Christ-on-a-bike]

I am free to ignore thier creation due to the DRM if I wish

But of course, that's not how it really works.

Until someone comes up with a viable way of compensating creators for thier content without restricing how that content is used in any way shape or form, restricted content is going to be reality

What about books? They aren't 'restricted content' except in that the law prevents unlicensed copying. They are only restricted in this very limited sense.

You seem to think DRM is a 'harmless technology', just as copyright is a 'harmless law'. But while the existence of a copyright law is justified to an extent, it is being abused and extended by big media firms so much as to make it draconian. And again, while DRM perhaps has its place, publishers threaten to implement it in a way that eliminates fair use.

Libre Software providing the freedom to release your creation as you want...

No, freedom isn't about releasing content 'how you want'. The restrictions we want to have on content are ones that prevent anyone from ever taking away our access to fair use of that content. DRM threatens to do exactly this.

Re:Please

[jcast]

Why do you think this will require you to explain any such thing? It looks to me as though the idea is when you buy the file, you also get a license key. Then, every player on the system locates that key automatically, without complaint.

Re:Please

[Com2Kid]

• What about books? They aren't 'restricted content' except in that the law prevents unlicensed copying. They are only restricted in this very limited sense.

*COUGH* old argument *COUGH*

They are restricted by The Real World(tm, Patent Pending).

See, there is this thing called paper and it costs money. Along with ink or toner, copying a book becomes a MAJOR PAIN IN THE ARSE.

Books have automatic built in (and for that matter kick ass!) DRM. One copy, one user at a time. No problem. Until somebody invents a selective layer X-Ray machine with OCR that is! :) (thus making scanning in books reallly easy, heh)

Re:Please

[jcast]

This system supports license servers; I would guess they'd allow mirroring the aforesaid as well. What it comes down to is there's no more hassle than setting up any other network permission system. You tell the damn thing who you are once, and it works for all resources thereafter. Simple.

Re:Please

[intermodal]

yes, but what if i tear down that server or replace the hard drive? seems to me that either i can tote the pair wherever i like, copying it freely, or i cannot when i reinstall move it from one system to the next. Also, if i want to burn this to CD and play it on my MP3 player in my car, how is this taken into account?

Re:Please

[jcast]

Have you even looked at the code? This no more goes agains the idea of Libre Software than Un*x permissions do.

Re:Please

[intermodal]

yes, theoretically. I have enough breakage when i try to run windows at work without introducing things to suddenly break to the linux network at home due to permissions errors stemming from who knows what. I do not believe this to be aas straightfowards as you do.

Re:Please

[zcat_NZ]

No, we need a quantum evil bit that can be both 0 and 1 at the same time!

Re:Please

[jcast]

Let me make one thing clear: nothing on Linux, with or without this system, breaks due to ``who knows what''. That's what source code is for.

Re:Please

[jcast]

This code does not destroy fair use. How can you think it does? It's a permission system, same as Un*x and GNU have always had.

Re:Please

[MORTAR_COMBAT!]

a selective layer X-Ray machine with OCR

hot damn that would rock. then add text-to-speech and my library becomes a set of books on tape. how sweet would that be.

Re:Please

[pesc]

We use a license that restricts how your code is used, yet you want no restrictions on how the creations of others is used?

Bad analogy. Please read paragraph 5 of the link you are referring to. The GPL does not restrict how your code is used. It gives you extra rights above what the copyright law provides when dealing with code that was written by other people.

DRM on the other hand attempts to restrict the rights you have under the copyright law.

In my mind, DRM is not needed and the copyright law is just fine. The plain old copyright law (without DMCA or DRM) allows copyright holders to go after and sue people that are illegally distributing their work. The big question is: So why does not RIAA/MPAA just do that; sue uploaders? It is like they want to appear more helpless than they actually are just to have more laws passed that allow them to have more control over how the stuff they sell is used.

Re:Please

[intermodal]

not really...protecting ones files with unix permissions is you keeping your files to yourself. once you start sharing in the digital world, you're on your own and it may spread like wildfire, which if i let it out of my protected directory, then that is the fate of that file which i am fine with.

Re:Please

[intermodal]

i am not saying that the whole system would break but rather the program itself. take my server for example. if i switch to a new box as a server, how do i get the files over there? if i can move them that easily how is this going to protect files to begin with? either way DRM is a pain in the ass.

Re:Please

[mmol_6453]

If your DRM-enabled player won't let you use content you have a right to (read, content whose license you accepted, and are following, in order to use it), then you've got a few options.

If the breakage is in the DRM specification, then don't use content protected by that form of DRM. If enough people do this, it's called a "grass-roots" movement. The providers will have to find a solution that satisfy's the consumer. (Of course, that's free-market doctrine, which doesn't always pan out.)

If the breakage is in the DRM implementation, then don't use that player. If the maintainers of that player want people to use their software, they'll have to find a solution. If it's a hardware player, demand a refund!

If the breakage is really the licenser saying "screw you" to those who accepted and followed the license, then don't use content from that licenser. He's shooting himself in the foot. Let him. Watch him. Laugh.

Re:Please

tell me... is posting really quicky without much thought a good thing or a bad thing?

Re:Please

[Bombcar]

That's why I've decided to combine the key and the file! I'm applying for a patent covering double ROT13 encoding of music files, which means you don't have to worry about having the keyfile! :)

Re:Please

[intermodal]

works for me ^_^

Re:Please

[einer]

And again, while DRM perhaps has its place, publishers threaten to implement it in a way that eliminates fair use.

If I have a product that I only want to distribute over a pair of drm headphones, and there's a market to buy it, it'll sell. You ARE free to ignore DRM. Content is a product, not a necessity.

NSYNC could release their next album on a copy proof (hypotetically of course) CD. It would still sell. The value to the consumer isn't that they can copy it or back it up, it's that they can listen to the music that they want to hear.

Until someone comes up with a viable way of compensating creators for thier content without restricing how that content is used in any way shape or form, restricted content is going to be reality

"What about books? They aren't 'restricted content' except in that the law prevents unlicensed copying. They are only restricted in this very limited sense. "

What about books? Ever try to play a book in a DVD player? They are incredibly hard to copy, and certainly on the scale that a CD can be reproduced. Books are basically DRM encumbered in this sense.

Freedom is most certainly about releasing content how you want.

Also, what's to say that you can't create a DRM'd backup of something? Just make it impossible to unlock without first locking out the original copy. There are smart people out there working really hard on stuff like this all day. They'll figure it out.

More choices is always better.

Also, technology can't be harmful. Technology just is. Nuclear Fission isn't bad. Broken policy and poor judgement can make bad things happen with any technology.

Re:Please

[arkanes]

Your argument basically boils down to "people don't want or care about fair use".

That's legitimate, but I submit that fair use, and the protection of it, is important to the artistic legacy of our society, and that it's the duty of Congress (and citizens who do care about it) to protect those freedoms. One of the most dangerous aspects of DRM is the way they allow publishers to gain all the legal advantages and protections of copyright without giving anything back.

If you feel that the basic principles that copyright is founded upon are no longer valid, then thats fine - but copyright is an implicit agreement, and people advocating DRM aren't recognizing that.

Re:Please

[Melantha_Bacchae]

jcast wrote:

> Let me make one thing clear: nothing on Linux, with or
> without this system, breaks due to ``who knows what''.
> That's what source code is for.

It has been a long time since it could be said that the users of Linux were all developers that can read source code. Even then, not all developers understood operating system development and were familiar enough with the Linux kernal to find the cause of any given problem in a reasonable amount of time.

With today's Linux user community, you are indeed going to run into "who knows what" given as the cause for problems in Linux. As Linux becomes more mainstream, the community is going to have to stop thinking of itself as composed entirely of kernal developers, and attitudes (such as the famous "read the friendly manual" hurled at newbies) are going to have to change.

Either that, or the newbies are going to run out and buy Macs, and all that will be left will be the kernal developers... And one lonesome little penguin.

"The path of peace is yours to discover for eternity."
Japanese version of "Mothra" (1961)

Re:Please

I wouldn't need DRM in any form. No I don't even want it, what the hell would it be good for anyway? I don't like the idea of someone controlling my computer usage in _any_ way. I don't like _anyone_ or _anything_ designed with that purpose in mind. PLEASE Do not endorse it!

Anonymous subCoward

Re:Please

[h4x0r-3l337]

The GPL does not restrict how your code is used

Of course it does. In fact, if you read the preamble, you'd have seen: "To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it." The fact that you release code under the GPL automatically restricts how it can be used. If you want to place NO restrictions on its use, you need to use a different license.

Is this possible?

[man1ed]

How could you prevent people from modifying the library to let them use other people's keys? What would stop people from pirating the keys at easily as the music?

Re:Is this possible?

Yes,
You need to be intelligent to understand and do this.

Re:Is this possible?

Do you think you could elaborate on that? Maybe give an executive summary of how you could create a DRM system that could not be exploited by someone with access to the specification and the ability to modify the relevant code?

Re:Is this possible?

[DrinkDr.Pepper]

By your logic someone could get an open ssh client's source code and hack the library so that you could decript someone else's session. Thats exactly what encryption aims to prevent.

Re:Is this possible?

I think the idea is that people won't mind spreading their private key...

Re:Is this possible?

You are absolutely wrong. You will never share your ssh password with other people, but you will/might share your music_listening password to other people. You CANNOT circumvent that with open source DRM software. To be effective, an open source DRM software must require some kind of key that you are not willing/you cannot share with other people.

Re:Is this possible?

[stratjakt]

You can share your password for that pay-per-month pr0n site or for giganews too, but pretty soon your account will be disabled when too many IPs try to access it.

As far as DRM for the web, it really doesnt make a difference.

Share your key? No more service for you.

Re:Is this possible?

> How could you prevent people from modifying the library to let them use other people's keys? What would stop people from pirating the keys at easily as the music?

(1) You're certainly free to hack your own copy of the library. But that's not the copy of the library that Sony Entertainment Inc. is going to use when they compile their production DRM code. There will be companies that will certify specific versions of the library as being "secure" -- and your hacks will not be included in those versions.

(2) You're free to "pirate" the public key -- anybody can possess it without compromising the security of the DRM system. But as for the corresponding private key: nobody will have access to it except for a few very well-paid people. Nobody else will see the private key unless they mount an armed invasion of the vault where it's kept.

Re:Is this possible?

[devilspgd]

Are we talking strictly online content? How about an offline machine that can't tell some rinky dink server that I'm listening to music right now.

Fight the Man!

[grub]

Open Source DRM is an obvious ploy by the Illuminati to spread "acceptible" DRM to the resistant open source community. Once they have us eating out of their palms their world domination plan will advance another great step forward.

Where's my tin foil hat?

Re:Fight the Man!

[Illuminati+Member]

Open Source DRM is an obvious ploy by the Illuminati to spread "acceptible" DRM to the resistant open source community

Umm... no its not... we ..umm... are just sitting back and doing nothing! Yeah, thats it!

BTW - Just a heads up. We can get around the tin foil hats, now.

Uh oh...

[Zathrus]

I can already see thousands of rabid open source fanatics imitating Gollum over this...

"It isss OGG, so it isss good! Yes!"

"Nooo! DRM! Hateful it is!"

etc.

Re:Uh oh...

[Dutchmaan]

Many people don't realize the little known fact that Gollum is actually a prehistoric Yoda!

Re:Uh oh...

[Zathrus]

This is a result of my only seing LOTR:FOTR twice and LOTR:TTT once, but seeing SW:ESB and SW:ROJ far too many times :)

Re:Uh oh...

[Baloo+Ursidae]

Yoda came before Gollum, or can be assumed as much since Star Wars happened "A long, long time ago, in a galaxy far, far away."

another thinly veiled attempt to make money

[Fefe]

by limiting other people's freedom and trying to create an artificial scarcity in one of the very few areas of our lives where we live in a world of plenty.

And on top of that they try to create good emotions for their products by basing it on other people's work and calling it "open source". The only catch is that you have to pay them to distribute binaries?! WTF? Neither openssl nor ogg nor vorbis require this, why do they?

This smells very bad to me.

Re:another thinly veiled attempt to make money

[Drakonian]

I thought your subject was pretty amusing. Damn those capitalist pigs! In SOVIET RUSSIA..... the central planning committee would distribute the binaries.

Re:another thinly veiled attempt to make money

[JonnyElvis42]

In SOVIET RUSSIA..... the central planning committee would distribute the binaries.

No, you've got it backwards. In Soviet Russia, the binaries distribute the central planning comittee, and there would be closed source, proprietary DRM.

Hey, wait a minute...

Re:another thinly veiled attempt to make money

[sidespace]

I am sorry if our page is not that clear, but all OGG-S work is released under the GPL. If YOU would like to release a binary-only version of OGG-S (that contains zero Xiph code and 100% SideSpace code) then all we ask is you pay us a one-time charge of $50.

I hope that is not unreasonable, and you understand this cost only subsidizes our development tools and web hosting.

Plus, we will give 10% of your purchase to the EFF to help protect everyone's digital rights online.

Re:another thinly veiled attempt to make money

[TopShelf]

Good point - after all, why bother with the thin veil anyway???

Re:another thinly veiled attempt to make money

[Elwood+P+Dowd]

I think that their commercial license is only required if you would like to distribute binaries under a non-FSF license. Distribution of binaries under the GPL looks ok. Users would, of course, be able to request your source, modify it so that they can defeat the DRM, and republish your media to their heart's content.

Until TCPA arrives, GPLed DRM technology serves no purpose.

Re:another thinly veiled attempt to make money

[Emmettfish]

Plus, we will give 10% of your purchase to the EFF to help protect everyone's digital rights online.

Why not give the ten percent to the Xiph.Org Foundation? After all, we make the codec that makes your product remotely valuable.

While you're at it, why don't you choose a name for your DRM scheme that isn't so closely identifiable with one of our trademarks?

Emmett Plant
CEO, Xiph.Org Foundation

Re:another thinly veiled attempt to make money

[mgoff]

another thinly veiled attempt to make money by limiting other people's freedom and trying to create an artificial scarcity in one of the very few areas of our lives where we live in a world of plenty

Artificial scarcity? How does that describe using DRM to enforce copyright? Artificial scarcity describes things like limited edition prints-- physical products that could be manufactured in greater quantities but are not in order to cause a shortage which drives up prices (or creates prestige). I'm pretty certain that a music publisher will be willing to sell the right for personal use to anyone.

Like it or not, I'm allowed to charge whatever I want for my creation-- and you're allowed to not buy it if you don't find enough value for the money. Your "freedom" is not infriged when I prevent you from violating my copyright. DRM is walking a fine line right now between enforcing valid copyrights and violating fair use. As long as they stay on the (copy) right side of that line, it's goodness. Collaborative (and open) development of DRM can help ensure that we stay on the right side of that line.

Re:another thinly veiled attempt to make money

[Drakonian]

Inquiring minds want to know why that moderating Redundant. Twice. Honestly. What is redundant about it?

Re:another thinly veiled attempt to make money

[sidespace]

Emmett,
I agree that 10% of our proceeds should go to Xiph.org; tonight I will update the web page so that 10% of a purchase will go to Xiph.org as well as the EFF. The reason this change was not done sooner was because at the time OGG-S started, Xiph was not a non-profit organization (charging for the fixed point decoder).
Also, if you believe the name of OGG-S could cause any consumer confusion please feel free to email me at rsage@sidespace.com and I will work on changing our site accordingly. Since OGG-S has been mentioned on the Vorbis mailing lists in the past, I had assumed this name would not cause any confusion.

Sincerely,

Ryan @ SideSpace

Re:another thinly veiled attempt to make money

[cyril3]

create an artificial scarcity

What's so artificial about the scarcity of good ideas, good music and good films.

Re:another thinly veiled attempt to make money

[Emmettfish]

I agree that 10% of our proceeds should go to Xiph.org; tonight I will update the web page so that 10% of a purchase will go to Xiph.org as well as the EFF. The reason this change was not done sooner was because at the time OGG-S started, Xiph was not a non-profit organization (charging for the fixed point decoder).

Sounds great, thanks!

Also, if you believe the name of OGG-S could cause any consumer confusion please feel free to email me at rsage@sidespace.com and I will work on changing our site accordingly. Since OGG-S has been mentioned on the Vorbis mailing lists in the past, I had assumed this name would not cause any confusion.

The fact that someone would package Ogg Vorbis with DRM was inevitable (and welcome, as is any derivative work based on our stuff); The only issue I have with this implementation (as I'm unaware of the technical aspects of it as yet) is that it uses the name 'Ogg.'

That being said, I would very much appreciate it if the name of this product were changed. I'd rather avoid confusion sooner rather than later. After all, 'Ogg Vorbis' was only a project codename, and was never expected to take off. :)

Emmett Plant
CEO, Xiph.Org Foundation

Re:another thinly veiled attempt to make money

[sirshannon]

if you want the masses to use that format, you need to change the name.

Seriously.

Re:another thinly veiled attempt to make money

[Linegod]

He's right. Who is ever going to use something with a crazy name like Ogg Vorbis. It's almost like you threw some random letters together like PNG, GIF, MP3, C#, Opteron, NVidia or Tivo.

You should have called it something like 'media format' so everyone would use it.

.

Re:another thinly veiled attempt to make money

[vsprintf]

Inquiring minds want to know why that moderating Redundant. Twice. Honestly. What is redundant about it?

Personally, I think *redundant* is what 12-year-olds with mod points use when they disagree with you. They have no idea what it means, but it sounds like they're dissing you, so it's a good choice.

The other possibility is that it's used by Coward Moderators who realize that it's unlikely to be caught in M2 - how many metamods will actually read a whole discussion and check all the time stamps to see if redundant was appropriate?

Depending on how you look at it, 99 percent of the comments on Slashdot could be considered redundant. I think that category should be ditched. (And I have no doubt some 12-year-old smartass will mod this redundant. :)

Re:another thinly veiled attempt to make money

[Drakonian]

Hehe, thanks for reaffirming my suspicions. Using your karma bonus too! A brave soul!

Re:another thinly veiled attempt to make money

How could you welcome DRM? Trator.

Re:another thinly veiled attempt to make money

[Alsee]

all OGG-S work is released under the GPL. If YOU would like to release a binary-only version of OGG-S (that contains zero Xiph code and 100% SideSpace code) then all we ask is you pay us a one-time charge of $50.

Ok, you're using dual licencing. However doesn't this mean that if someone contributes a piece of code solely under the GPL that you would have absolutly no right to incorporate that code and distribute it under the second licence?

-

Re:another thinly veiled attempt to make money

[Nitrometano]

It's not the purpose, it's the methode of enforcing the prevention of copyright violation that could limit personal freedom and even personal privacy. You know how the lines are being drawn(and how dark the future appears), so people MUST protect themselves from those methods used for the money-earners to protect their money.

Independent and Unsanctioned?

[Adrian+Lopez]

Is it safe to say that these people are in no way associated with the Ogg/Vorbis people? I can't see how this is a good thing. The whole point of Ogg formats is that they're open and free. Do we really want a version of Ogg/Vorbis that is saddled by use restrictions?

Re:Independent and Unsanctioned?

[be-fan]

If you look at the bottom, they have a line saying that they are in no way affiliated with Xiph.org

Re:Independent and Unsanctioned?

Is it safe to say that these people are in no way associated with the Ogg/Vorbis people? I can't see how this is a good thing. The whole point of Ogg formats is that they're open and free. Do we really want a version of Ogg/Vorbis that is saddled by use restrictions?

Open and free does not exclude DRM. An open implementation allows everyone to see how the thing works and examine the source code. A free implementation is unencumbered by patents and IP problems.

Just because something is free as in speech does not make it free as in beer.

Re:Independent and Unsanctioned?

[sidespace]

As mentioned on the OGG-S homepage, we are completely independant of Ogg Vorbis and Xiph.org.

This was done because we (and I am sure others) believe that DRM should be an add-on option that content providers or users can choose; not something that is forced upon consumers.

Re:Independent and Unsanctioned?

[Adrian+Lopez]

Open and free does not exclude DRM. An open implementation allows everyone to see how the thing works and examine the source code. A free implementation is unencumbered by patents and IP problems.

Just because something is free as in speech does not make it free as in beer.

The source code may be open and free (unless modified under SideSpace Solution's commercial license), but content that is saddled by DRM restrictions is not free in the "freedom" sense of the word.

Re:Independent and Unsanctioned?

[Adrian+Lopez]

It's not really the customer's choice when content is only available under DRM restrictions, is it? As such, it makes no difference whether the DRM software is integrated or "added on", since the choice to protect or not protect the content is ultimately left to content providers.

Re:Independent and Unsanctioned?

[Emmettfish]

Is it safe to say that these people are in no way associated with the Ogg/Vorbis people? I can't see how this is a good thing. The whole point of Ogg formats is that they're open and free. Do we really want a version of Ogg/Vorbis that is saddled by use restrictions?

I assure you that SideSpace is in no way, shape or form affiliated with the Xiph.Org Foundation, who make Ogg Vorbis and other royalty-free multimedia codecs.

Emmett Plant
CEO, Xiph.Org Foundation

Re:Independent and Unsanctioned?

The source code may be open and free (unless modified under SideSpace Solution's commercial license), but content that is saddled by DRM restrictions is not free in the "freedom" sense of the word.

So what? People have the right to do whatever they want with the results of their hard work.

It just so happens that OSS is a great way to multiply the utility-value of my programming work.

I'm Hopefully...

[Aknaton]

but doubtful. It would seem to me that any DRM where the source is available would be easily hacked. Maybe I'm wrong.

Re:I'm Hopefully...

[debest]

Not sure, but their page mentions something about "content-specfic encryption". This says (to me at least) that each file may be DRM'ed in a unique fashion?

Re:I'm Hopefully...

[gmuslera]

openssh is open, and is not so easily hacked (and when it is, is because errors in the implementation, not because you can see the code).

Re:I'm Hopefully...

[astrashe]

I think that they're hoping that people will buy binary licenses, so they don't have to GPL their changes.

Re:I'm Hopefully...

Yeah but with ssh you're not hoping the user doesn't find a decryption key on his own machine.

Re:I'm Hopefully...

[Billly+Gates]

Nope. The random rand() call can be used for the key at creation time. This makes it impossible to crack since the key will be truly random even though the source is available.

Re:I'm Hopefully...

[Sloppy]

At first glance, it appears to be Open Source developed, but it will not be deployed as Free Software. The user will not have access to exactly the same source code that generated the binary that they will be running. They will not be able to fix bugs, add features, recompile for a different platform, etc. If the company that sold them the product goes out of business or changes their business plans, they will be just as "orphaned" as a proprietary software user.

Re:I'm Hopefully...

[spitzak]

Openssh assummes the parties on both ends are interested in keeping the data secret. If the party on the other end of your ssh connection piped the data to a file that data would be quite readable despite having once been encrypted. The security relies on the fact that the party on the other end has no incentive to do such a thing.

How can they make this work?

[jansifae]

What is to keep me from going into the source and changing:

if(hasRights) {
decryptMusic;
}

to:

if(true) {
decryptMusic;
}

Re:How can they make this work?

[sqlrob]

Because the code is probably something closer to:

DecryptMusic(Key);

Can't do squat without the key.

However, preventing you from changing it to
DecryptMusicAndSaveAsMP3(Key);

is a lot harder, if not impossible. Of course, it does guarantee at least one sale to get that key. Not enough to make it worth it though.

Re:How can they make this work?

[TopShelf]

sshhhhhh.... if you keep quiet nobody will notice...

Re:How can they make this work?

[stratjakt]

The same thing that prevents people from changing the OpenSSL source to say "connectto("some guys online bank account")

You can't decrypt anything without the appropriate key to do so. There's nothing you can change in the source to magically disable it.

Re:How can they make this work?

[niemtelkcuf]

I am guessing that the password is also the encryption pharse so it is not as simple as setting it to ture.

Re:How can they make this work?

[binaryDigit]

The same thing that prevents people from changing the OpenSSL source to say "connectto("some guys online bank account") You can't decrypt anything without the appropriate key to do so. There's nothing you can change in the source to magically disable it.

The difference being one usually doesn't want others to get into their bank account. However, if person A didn't mind sharing their key, person B could have a modified version of the code that didn't look in the approved place (or whatever) and use person A's key instead, allowing them access to the content. I guess you could try to generate another key based on something like the persons hardware, but even then, you could modify the code to automagically generate this very same key.

Re:How can they make this work?

[korgull]

well, it's just a little easier than reverse engineering stuff, but that's just a matter of time and not whether things can or can't be done.

Re:How can they make this work?

[Lonath]

sshhhhhh.... if you keep quiet nobody will notice...

Nobody should crack any sort of DRM for the next 15-20 years.

Re:How can they make this work?

> What is to keep me from going into the source and changing ...

You're free to get a copy of the library and hack it all you want. But that's not the copy of the library that Sony Entertainment Inc. will use when they compile their production DRM code.

There will be companies that will certify various versions of the library as being "secure" -- and your hacks will not be included in those versions.

Re:How can they make this work?

[autocracy]

I would just like to note that you current .sig, iptables -t nat -A PREROUTING -o eth1 -d slashdot.org -j UP_MY_ASS, translates to "take everything I type on /. and shove it up my own ass." Most people just eat their words... I'd say that you've taken it a few steps further.

Re:How can they make this work?

So what's stopping someone from adding something like "Instead of playing this decrypted audio, go ahead and write it to a file. K thanks."

Is this where hardware and whatnot is supposed to come in?

Re:How can they make this work?

[sqlrob]

Yup. The point of TCPA is trust in the computer. Not your trust, the MPAA/RIAA/BSA's trust. It's completely untrustworthy as far as the user is concerned.

I know with Windows they are working on (already implemented?) Secure Audio Path, such that only signed drivers can be in the chain between the file and the hardware.

Re:How can they make this work?

[Anonymous+Lazybone]

How about this: buy legal content, have the appropriate library decode it, tap into the resulting data stream (even if you've got to "solder" a cable to each and every pixel of your screen), remove possibly existing watermarks (desync attack), and there you go. Nothing easier than that.

So, how can DRM help me prevent such a scenario?

Re:How can they make this work?

> How about this: buy legal content, have the appropriate library decode it, tap into the resulting data stream (even if you've got to "solder" a cable to each and every pixel of your screen), ...

(I'm the Anonymous Coward who posted the parent of your message.)

Yes, that will work. My original comment was only about the integrity of the library software itself. But of course, there's really no way that a software-only solution can provide true security for DRM. (FYI, I was being sarcastic in my original post when I put quotes around the word "secure".)

Flip to the Flizzop

It will be interesting to see if this project helps to spread the acceptance of Ogg Vorbis

Yeah, WE SLASHBOTS LIKE DRM NOW.

Because it's in ogg.

Psst. It doesnt matter if it's open source, it still makes it harder to steal your n'sync songs.

so which is the lesser of 2 evils

royalty ridden mp3 or drm ogg ... ... probably ogg since mp3 will probably be getting drm ...

/bzzzt *black cloud of smoke*

[overbom]

as if a million slashdotters all cried out at once.

I predict a cockfight between the people that actually endorse open source and those that just don't want to pay for anything. I would love to be proved wrong, though.

Re:/bzzzt *black cloud of smoke*

[rzbx]

"those that just don't want to pay for anything"

Assumptions a plenty here at slashdot. You find me one person that wants to pay for everything. How about the air we breathe, maybe someone should charge for that. Consider the fact that ideas unlike physical property is infinite in number. To "own" it is simply a means to control it. Giving any one person or company such control is dangerous and bad in many other ways that I will not discuss at the moment. I'll leave your imagination to think of some.

Re:/bzzzt *black cloud of smoke*

[overbom]

You find me one person that wants to pay for everything. How about the air we breathe

Hey, I've seen Total Recall too. ;P

That's a difficult person to find, since this is slashdot. I can surely find you plenty of people that don't want to pay for anything, though. natch.

I don't assume that I have a right to everything I see. Some of it has to be earned or purchased. Other things, such as air, cannot be regulated. You probably pay for heated or cooled air, though -- AC or central heating. And you probably pay for electricity. You might even pay "one company" for both of them, your energy company.

I expect to pay for some goods and services, given that we don't live in a communist society. Other goods and services are funded by our tax dollars.

Re:/bzzzt *black cloud of smoke*

[orthogonal]

I can surely find you plenty of people that don't want to pay for anything, though. natch.

I can surely find you pleanty of people on Slashdot who don't pay for anything.

I mean, after all, living in Mom's basement, eating from her fridge, and using Dad's Xbox and Dad's DSL is all free, right?

And not even Mom or Dad have to pay for hot water; it's not like these geeks are showering. Why wash off that nice layer of Dorito Dust and Mountain Dew?

So...

[gmuslera]

... now DRM will be good, now there is open implementations of it?

Re:So...

Yup, I'm still waiting for the open source version of palladium and for RMS himself to claim that it is the best security implentation ever devised on any platform. I figure about 12-18 months from now...

Vaseline

[Sanity]

While normally any Open Source software is a good thing, this project is little more than the vaseline that will make it that bit easier for big media to screw us just as they will screw users of non-Open Source software.

The only way to prevent this is for users to boycott Digital Restrictions Management technologies. As such, anything which makes it easier for DRM technologies to integrate with any software is a bad thing.

This project may comply to the letter of Open Source, but it entirely contradicts the spirit of open technology.

Re:Vaseline

[gmuslera]

Open Technology is about giving you rights away only if you wish to do so, not forcing you to lose your rights.

LGPL contradicts the spirit of open technology also? After all, you with an open source library could make propietary programs.

I think that this could be possitive. It could make open source access more information, to have more things that can be used with it, not less.

Re:Vaseline

[Sanity]

I think that this could be positive. It could make open source access more information, to have more things that can be used with it, not less.

Open technology is about having the right to control the property that you own. DRM is technology that, regardless of whether you paid for it, is designed to prevent you from controlling the technology that you own.

Re:Vaseline

[poot_rootbeer]

Where's the insight in parent comment? All I see is the same "big media wants to fuck us, all DRM is evil, blah blah blah", but nothing to support those claims.

This is karma whoring, plain and simple.

Re:Vaseline

[gmuslera]

One thing is implementations of this technology and the other, the good use of that kind of ideas. DRM should be a technology that must be designed to prevent you from controlling the technology/data/media/etc that you don't own.

Current or future implementations could be misused to avoiding to control what you own, but if it is well used, could be a good idea.

Re:Vaseline

[Sanity]

One thing is implementations of this technology and the other, the good use of that kind of ideas. DRM should be a technology that must be designed to prevent you from controlling the technology/data/media/etc that you don't own.

And the only way to control the data you don't own (if you accept that data is property - which I don't), is to prevent you from controlling the hardware that you do own.

Re:Vaseline

[Threni]

I think there should be a technical exam to be allowed to post to Slashdot - or some way of flagging posters who have not taken, or who have failed such a test. I have no interest in reading much of the ill-informed nonsense that is posted here. If I wanted that, i`d go to Kuro5hin. But I don't. This place would be better if each story had about 50 or 60 comments, so you could read all of them, and learn, not wade through 1000 "da man is screwing us", "MS sux" (yeah, i`d love to see which companies browsers these people are using) etc.

Re:Vaseline

[karnal]

You know, maybe we wouldn't have 1000 comments if people like you wouldn't comment on how the comments suck.

Oh wait....

Re:Vaseline

[dicka_j]

Is it against the spirit of "open source" to deny artists of the ability to protect their work?

Re:Vaseline

[cpt+kangarooski]

And furthermore, since DRM never goes away in the manner that legal protections do, and is never tempered by exceptions in the way that legal protections are, DRM necessarily involves keeping people from data that they have a right to access. Eventually in all cases where the gatekeepers are keeping people from data that the gatekeeper DOESN'T own.

And I concur that information isn't property, and at least for 5th Amendment purposes neither are rights regarding information.

DRM is inherently contrary to the concept of Open Source and in fact, of copyright. DRM must be attacked at every turn and never allowed to thrive.

Re:Vaseline

[cpt+kangarooski]

Well, it is certainly against the spirit of copyright to allow artists to protect their work too much. And DRM is too much.

Copyright ideally only allows artists to protect their work just enough. And what constitutes just enough is whatever is best for society generally -- not the artist.

Re:Vaseline

You, sir, have some very serious misundestandings of copyright law.

Re:Vaseline

You don't understand.

The purpose of the GPL is to advance the cause of a social movement.

The GPL functions as it does with the intention of reversing regular copyright - copyright being deemed to be immoral.

By using the LGPL instead of the GPL you do not advance the cause.

Re:Vaseline

[cpt+kangarooski]

Really. Well having studied a lot of copyright law, and as a person who's planning to go into practice as a copyright lawyer (God willing) in a couple of years, it's certainly critical that I correct any misunderstandings I might have.

So would you please be more specific?

I thought...

[mikeophile]

part of the appeal of Ogg was because it didn't have DRM?

Like some others said...

[MP3Chuck]

What's stopping someone from modifying the source so as to have access to a given *.oggs's DRM settings? Either we or they are overlooking something...

Re:Like some others said...

[DrinkDr.Pepper]

What's stopping someone? Nothing much, encryption. The same thing that prevents someone from modifying open ssh's code to give access to someone's terminal session. Whats stopping them is that modifying the source code will still never reveal the unencrypted data without the private key.

Re:Like some others said...

[OeLeWaPpErKe]

Except if you can play the file with this thing you can obviously convert it to regular ogg. (presumably event without ogg itself)

RTFA!

[OrangeHairMan]

According to the linked page,

Please note that OGG-S is neither affiliated with nor endorsed by Xiph.org or Ogg Vorbis.

Don't expect this to become anything big any time soon.

Orange

Say what?

[octalgirl]

Open Source DRM - isn't that like the ultimate digital oxymoron?

Re:Say what?

No you're the ultimate digital oxymoron, you pimple-faced oxy needing, valley girl speaking twat!

How about I introduce you to a new like umm term, it's called SKULLFUCK! That's where I take my cock and jam it into your eyesocket until my purple crown hits brain, then I rhytmically jam my hips forward and FUCK YOUR SKULL!

Coming Soon!

[aengblom]

Do it yourself rape!

Breaking your leg for dummies!

<really fast>Only $29.95</reallyfast>

Re:Coming Soon!

[Xerithane]

Would you mind writing a book, "Kneejerk Reactions and Spreading FUD for Dummies!"?

I can hook you up with a really good publisher.

Re:Coming Soon!

rape - now that's some funny stuff!

Re:Coming Soon!

[Alsee]

Correction:

<really fast>Only ten easy installments of $29.95</reallyfast>

-

I thought so

[Adrian+Lopez]

Right at the bottom of the page: "Please note that OGG-S is neither affiliated with nor endorsed by Xiph.org or Ogg Vorbis."

It's funny how these folks claim to care for people's fair-use rights (see the FAQ on their site). Protect fair use rights by establishing obstacles to fair use? Riiight.

license?

To bad openSSL has a license that is incompatible with the GNU GPL. While an exception can be made by them, I would be wary of their legal knowledge. I would think you would want to have a particularly competent legal staff to pull off a product like this.

From the FAQ

[benploni]

If OGG-S is open source, how can the encryption be secure?

If a company wishes to use OGG-S to protect their content, SideSpace Solutions highly recommends purchasing a binary distribution license. Under this license, any modifications to OGG-S (such as a change of encryption engine or private keys) do not have to be released.

Know the truth: There is no such thing as a remote trusted computer. Encryption has nothing to with DRM.

Re:From the FAQ

[elmegil]

What do you mean encryption has nothing to do with DRM? Encryption is about the only means to the end of DRM. Can you think of another way to enforce DRM goals in software that doesn't use encryption?

Re:From the FAQ

[benploni]

What do you mean encryption has nothing to do with DRM? Encryption is about the only means to the end of DRM. Can you think of another way to enforce DRM goals in software that doesn't use encryption?

Encryption allows you to send someone a secret. It does NOT allow you to dictate the use of the data. DRM schemes use encryption to hide the fact that DRM is a computer science impossibility. Look at the "embed" bit in truetype fonts for an example of DRM that doesnt use encryption. All DRM schemes, encrypted or otherwise, are nonsense that need onerous laws to prop them up. You simply can't keep secrets from yourself.

A cryptographic engineer,
Ben Ploni

Re:From the FAQ

[yakovlev]

But in DRM, the secret isn't being sent to YOU, it's being sent to YOUR COMPUTER. It's that whole trusted client thing. Software can probably never be a trusted client BY ITSELF (too many opportunities for corrupting the computer it's running on), but software in conjunction with a TCPA-like device gets pretty close.

I agree, you can't keep a secret from yourself (i.e. the music has to be output to you, and the video has to be displayed on your monitor. That secret you can always get, and many consider it the weak point in DRM), but this isn't the secret most DRM schemes seem designed to keep.

I.E. you have three layers on any given piece of data, for instance an E-book.

1.) The text of the book itself.
This must be displayed on the user's screen, thus allowing it to be copied by at least some sort of device that the attacker attaches to the monitor... or by simple retyping.

2.) The unencrypted file containing the text of the book itself.
This is what DRM is trying to keep from you. So long as you have no direct access to this file, it's much more difficult to copy, requiring either retyping the text or using a device as described above.

3.) The encrypted copy of the unencrypted file. This doesn't need to be protected, and since it can only be opened by trusted clients, it's relatively safe to let go in the wild.

So, DRM can be successful at protecting the unencrypted file, just not at protecting the human-readable data in that file.

Something like OCRing a screenshot lies in the fuzzy area between 1 and 2, but a good trusted client can keep screenshots from the user, so you have to assume that the only interfaces for the attacker to use to generate his file are the interfaces provided to the user (i.e. the keyboard, mouse, speaker output, and display output.)

Now, there's another problem with DRM. If the trusted client also refuses to play untrusted CONTENT, then the data that the attacker generates from the screen reader will be unusable on all trusted clients. Such a client isn't too difficult to imagine, as video game consoles already do this. In a hypothetical future where most people don't have access to a "general-purpose" computer, DRM could work. Sure, you could still make casette tapes of music coming out of your computer speakers and you could still make photocopies of text scraped from your monitor, but that kind of copying isn't what the big content producers are worried about.

I admit that the above scenario doesn't seem likely since at least one computer manufacturer (Apple) has made home content production a major part of their product marketing. Still, to say that all DRM schemes are nonsense is not looking at the concept closely enough.

Me Too

[M.C.+Hampster]

I'm hopefully... but doubtful also.

Who will really trust open sourced DRM?

[DuSTman31]

One of the main reasons corporates seem ready to trust DRM is that the software that can decrypt the DRMd media is relatively immutable..

If one were to release a new single using an open sourced DRM technology, there is simply no reason to believe that the software is "acting in good faith" according to the general idea of DRM.. One could easily adapt such an open-source DRM player so that instead of playing the file, it does something else with the decrypted data. Such as saving it to an un-encrypted version off the ogg file.

Such a file could then easily be put on your favourite peer-to-peer network.. And once one or two people have it, that's it. That one un-encrypted instance can get anywhere and everywhere..

Question about GNU...

[BaronAaron]

From the FAQ:
"If OGG-S is open source, how can the encryption be secure?

If a company wishes to use OGG-S to protect their content, SideSpace Solutions highly recommends purchasing a binary distribution license. Under this license, any modifications to OGG-S (such as a change of encryption engine or private keys) do not have to be released."

OK....
Under GNU, do you have to release any private encryption keys you may have used with the code?

Encryption keys would seem to fall under content/data and not code. It is my understanding of the GNU license that you must redistribute the source code, not any data that your created and feed into the application. As long as you provide sample data (in this case another encryption key) to allow the application to run properly when compiled.

I don't see how they can force people, under the GNU, to release any private keys.

Someone please explain.

I don't see how they can

Re:Question about GNU...

[alienw]

First, you would have to disclose the encryption engine in use. They say stuff about the keys to spread FUD and sell commercial copies. Of course they don't fall under the GPL umbrella.

Re:Question about GNU...

[Jester998]

I think they mean "private key generation method" or possibly "public-key cryptosystem" there... I don't think they're talking about the actual private key data. Just IMHO, of course...

Re:Question about GNU...

let's see what happenes when we expand the acronym 'GNU' in your text (only once, since it's recrusive). does it still make sense?


From the FAQ:
"If OGG-S is open source, how can the encryption be secure?

If a company wishes to use OGG-S to protect their content, SideSpace Solutions highly recommends purchasing a binary distribution license. Under this license, any modifications to OGG-S (such as a change of encryption engine or private keys) do not have to be released."

OK....
Under Gnu's Not Unix, do you have to release any private encryption keys you may have used with the code?

Encryption keys would seem to fall under content/data and not code. It is my understanding of the Gnu's Not Unix license that you must redistribute the source code, not any data that your created and feed into the application. As long as you provide sample data (in this case another encryption key) to allow the application to run properly when compiled.

I don't see how they can force people, under the Gnu's Not Unix, to release any private keys.

Someone please explain.

I don't see how they can


no, it does not. you are clearly an idiot. let's replace your instances of 'GNU' with 'the GPL', which is more likely what you meant.


From the FAQ:
"If OGG-S is open source, how can the encryption be secure?

If a company wishes to use OGG-S to protect their content, SideSpace Solutions highly recommends purchasing a binary distribution license. Under this license, any modifications to OGG-S (such as a change of encryption engine or private keys) do not have to be released."

OK....
Under the GPL, do you have to release any private encryption keys you may have used with the code?

Encryption keys would seem to fall under content/data and not code. It is my understanding of the GPL license that you must redistribute the source code, not any data that your created and feed into the application. As long as you provide sample data (in this case another encryption key) to allow the application to run properly when compiled.

I don't see how they can force people, under the GPL, to release any private keys.

Someone please explain.

I don't see how they can

Re:Question about GNU...

[uhoreg]

People may want to hardcode the keys, or obfuscate the code that reads the keys, so that others cannot find the key easily. If you had the GPL version, I could request the code, look for the spot that reads the key, and grab the key to get around your control.

Re:Question about GNU...

[Threni]

But you`ve answered your own question - they can't force you to supply private data.

An encryption system for secure email, for instance, could be a one-time-pad system. You`d supply the en/decryption system under the GPL, but not the one-time pad, which you`d create yourself. By your argument, anyone using Open Office would have to supply all the documents they created with it too.

Re:Question about GNU...

[Hobbex]

You are confusing secure with "secure".

The first is the actual meaning of the word, as in protecting computers and communicating parties from attack by malicious parties. By all accounts, open source software is at least as good as proprietary software at that (or maybe at worst as bad...).

The second, is the media industry "lets highjack a term that has a positive conotation" doublespake meaning of "secure". That is about making sure that users are not in control of their own computers, so that somebody else can make sure that media on their machines is only used in a manner deemed acceptable by a greater athority (the corporations). Open source software, by it's nature (1), cannot be used for this "secure", since it allows the user to modify it, and he will simply remove the part of the code that tells him what he can and can't do.

(1) This assumes it is running on open hardware. TCPA is an attempt to make sure that the their is closed hardware at the bottom layer that can validate the software, so even if the user can modify it, the modified version cannot read the media.

Re:Question about GNU...

[ivan256]

Under GNU, do you have to release any private encryption keys you may have used with the code?

That's irrelevant. If you negotiate a seperate licence with the copyright holder, you are not bound to the terms of the GPL, regardless of what they are.

tautology

open source / DRM

how worse COULD it get?

Re:Why isn't Redhat 9 iso's on KaZaA?

[ggwood]

Um because no one put it there. If you have KaZaA, you could put it up.

There isn't a way

[Sloppy]

Either the user has final say over how his computer operates, or he doesn't. If it's open, then the restrictions are merely "advisory" since the user has the power to ultimately decide how the computer behaves. If the restrictions are somehow enforced, then the the user must not really have full power over the computer's behavior.

It's not that it's just technologically impossible; it's logically impossible. A billion years of technological advances can't change that.

Upon analysis, this will either be shown to not really work, or it will turn out to just be "mostly" open, but with at least one opaque component.

Re:There isn't a way

[BabyDave]

Another impossibility in DRM:

• I buy some CDs. I then rip these to MP3s and burn them onto a CD-R.
• Scenario A: I use this CD in my CD/MP3 player, or on my computer at work, or whatever. This is allowed under fair use.
• Scenario B: I give this CD to my friend, and he copies the files onto his PC, or listens to the MP3s while I'm listening to the original CD somewhere else. This is copyright violation, and is illegal.

The only difference between these two scenarios is the physical location of the CD. This type of piracy cannot be prevented with software, without also blocking the fair use aspect (i.e. preventing the MP3 creation in the first place).

Re: There isn't a way

[Catiline]

It's not that it's just technologically impossible; it's logically impossible. A billion years of technological advances can't change that.

This was the very comment I was going to post -- logically, an Digital Rights Manglement module is a symbolic language [that assumes the end user cannot be trusted]. So how do you open source that language -- thus letting the [supposedly untrustworthy] end user alter it at their whim -- while guaranteeing that it still does Digital Rights Manglement?

You can't. The whole idea violates an (unspoken) premise of the system. This, my friends, is the modern day Spruce Goose. Shall we start a betting pool now as to how long it will take for someone to write an (undetectable) patch for "unlocking" their system keys?

Re:There isn't a way

[Euphonious+Coward]

BabyDave wrote, "I give this CD to my friend, and he copies the files onto his PC, or listens to the MP3s while I'm listening to the original CD somewhere else. This is copyright violation, and is illegal."

False. This is allowed under Fair Use. Making a copy for a friend is allowed, publication isn't. If you're not sure which it is, it's probably publication, but don't just give up hard-won rights for sheer laziness!

Re:There isn't a way

[GigsVT]

It's not fair use, in fact copying the CD for use at work really isn't Fair Use either. Fair Use is a very narrow exception, which allows you to publish limited parts of a copyrighted work for educational or research purposes.

There are other factors that come into play here, but they aren't called Fair Use. Do some research on the First Sale Doctrine.

Maybe you weren't talking about US law?

Re:There isn't a way

False. This is allowed under Fair Use.

TRUE. I FUcKED YoUR WoRTHLESS FuCKING MoTHER.

Comment removed

[account_deleted]

Comment removed based on user account deletion

This could be good.

[freality]

DRM isn't bad. Big Media/MS is bad. If DRM becomes mandated, it will be better to have an open-source implementation than not. This will reduce the plausibility of the likely MS argument that since there is no DRM on linux or mac, these systems should be excluded outright from certification.

It's like an arms race. If everyone's got it, nobody is at a disadvantage. "Keep your friends close, but keep your enemies closer." The same is true of TIA, btw.

Re:This could be good.

[Linux-based-robots]

Digital Restrictions Management most certainly is bad, regardless of whether Big Media/MS pushes it or not. Saying that "oh, Windows 2005 Palladium will have DRM, we've got to beat them to it with our own open source version!" is the wrong kind of approach. Some technologies we *don't* want in our operating systems, believe it or not. Most free software advocates are vehemently opposed to the idea of DRM, and I for one will never install an operating system with such a "feature."

Re:This could be good.

[EditorType]

I think it's not too helpful (though it certainly feels good!) to make blanket statements like Big Media is bad. How many of us enjoyed the first two installments of the LOTR films? The Star Wars films? The Matrix? None of those would have been possible without Big Media.

Re:This could be good.

I think it's not too helpful (though it certainly feels good!) to make blanket statements like Big Media is bad. How many of us enjoyed the first two installments of the LOTR films? The Star Wars films? The Matrix? None of those would have been possible without Big Media.

Actually, you are confusing Big Media with the movie studios and production companies. "Big Media" are the distributors and the middlemen--all the people that essentially get money for nothing. We need studios, directors, actors, animators, etc. We don't need Big Media.

The traditional argument is that Big Media is needed to advertise, underwrite, etc. the production of feature films, but I totally disagree. In our modern, well-connected society, we don't need giant organizations to make things happen. There is no reason why the tasks performed by the current Big Media cannot be more efficiently done by smaller companies. Of course the studios have their part as well. The production costs of many modern films is extremely bloated by ridiculous actor/actress contracts, unnecessary glitz and glamour, and generally careless spending. And the reason the studios get away with this is that they aren't the ones footing the bills and worrying about the bottom line. It's the same type of inefficiency that results from the multiple layers of government bureaucracy. Yes, there is still a need for underwriters. However, without Big Media, we get less crappy movies because the underwriters will not invest on production of films that are sure to fail. And the guaranteed success films like the ones you mentioned will have the underwriters lining up at the studios' doors.

Re:This could be good.

[cpt+kangarooski]

That doesn't matter.

It is entirely possible that if such works are only prone to being created under an unacceptable copyright regime that they come at too high a cost.

Music sung by castrati might be great. Pyramids built by slave labor might be wonderful. But for all the virtues of the end product, that doesn't mean that it is acceptable to have the systems that produced such things.

If the price of a sane copyright system is that blockbuster movies won't be produced, that's absolutely fine. Because the touchstone of a sane copyright system is that it benefits society more than if it didn't exist, if it were less protective or if it were more protective.

And of course, with shorter copyright terms, the Tolkien books would've begun to fall out of copyright by now -- meaning that a thousand different people could have made a thousand different films about them. Surely some would be better than what we've got now.

Re:This could be good.

[Alsee]

DRM isn't bad.

Yes it is. It is my computer and my harddrive and I have the right to alter my data any way I damn well please.

If DRM becomes mandated

If DRM becomes mandated then we have techno-ignorant legislators and we need to throw the idiots out of office. Any process you can do with a computer can be done with a human brain. Mandating DRM is just plain stupid.

It's like an arms race. If everyone's got it, nobody is at a disadvantage

No, it's more like handcuffs. If everyone's "got it" then everyone is at a disadvantage.

-

Re:This could be good.

I have the right to alter my data any way I damn well please.

You see, thats where you screw up. The whole point of copyright is that it isn't your data- the data belongs to the copyright holder.

Re:This could be good.

Before, mandating DRM would be the same as mandating windows, i.e. letting MS move a step of from monopoly to state monopoly. Even in the very MS-friendly US, the government would not (I hope) want to look that much like Soviet Russia. However, open source DRM would remove that obstacle, and make mandating DRM much more likely.

Re:This could be good.

[Alsee]

You see, thats where you screw up. The whole point of copyright is that it isn't your data- the data belongs to the copyright holder.

DRM advocates would certainly *like* that to be true, but it is flat-out FALSE.

According to copyright law it IS in fact my data. Not only do I own that copy, copyright law explicitly states that I have the right to sell that copy.

What copyright DOES say is that I may not infringe the copyright holder's limited monopoly on distributing new copies of the work.

-

Re:This could be good.

[freality]

According to copyright law it IS in fact my data.

I don't think that is correct. The work is owned for a (not so) limited time by the creator. It is licensed to you under the terms of copyright law by default, but other contracts can be used. Copyright in the constitution:

"To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries;"

Specifically, the US Copyright Office FAQ says:

"Section 106 of the 1976 Copyright Act generally gives the owner of copyright the exclusive right to do and to authorize others to do the following:

- To reproduce the work in copies or phonorecords;
- To prepare derivative works based upon the work;
- To distribute copies or phonorecords of the work to the public by sale or other transfer of ownership, or by rental, lease, or lending;
- To perform the work publicly, in the case of literary, musical, dramatic, and choreographic works, pantomimes, and motion pictures and other audiovisual works;
- To display the copyrighted work publicly, in the case of literary, musical, dramatic, and choreographic works, pantomimes, and pictorial, graphic, or sculptural works, including the individual images of a motion picture or other audiovisual work; and
- In the case of sound recordings, to perform the work publicly by means of a digital audio transmission."

Now, you can argue that this is bad, that those lawmakers were useless, etc., but it doesn't change the law. You'd be better served putting your energies into changing the law, or coping with it, which is all I'm saying. DRM is the natural reaction to file-sharing. Better to help create it - and so make sure it's fairly applied - than pretend the law isn't what it is and that Big Media/MS don't have money and good lawyers. Of course if things get really bleak, resist.

Re:This could be good.

[Alsee]

Now, you can argue that this is bad, that those lawmakers were useless, etc., but it doesn't change the law.

No, I never argued the law was bad.

I said that the anonymous poster (and now you) are wrong about copyright law. DRM advocates WANT to say the copyright holder owns the DRM-locked file, but THEY DO NOT. It is disinformation. They are trying to change copyright law.

The work is owned for a (not so) limited time by the creator.

Wrong. The creator is given limited exclusive rights on reproduction and distribution. He does NOT retain any ownership in copies he sells. I direct you to US copyright law Title 17 section 109:

the owner of a particular copy

This explicitly states that I OWN my particular copy. Section 109 goes on to state that I have the right to sell this copy. I own it, I can sell it.

If I own a book I can chop it up and glue it back together, I have the right to alter it any way I like. I have the exact same right to alter my files in any way I see fit. I have the right to play my music backwards. I have the right to run it through a mathmatical function (equalizer). I have the right to run it through a mathmatical function (decryption). All personal use, all entirely fair use, all entirely legal.

You'd be better served putting your energies into changing the law, or coping with it

No, I am "putting my energies" into PRESERVING copyright law. I'm opposing DRM advocates who are trying to chage the law.

DRM is the natural reaction to file-sharing.

DRM is an attempted power-grab by the publishing industries. They want new laws, new rights, new protections. They are trying to seize rights and protections away from the public. They are the ones "pretend[ing] the law isn't what it is".

-

Re:This could be good.

[benb]

> If DRM becomes mandated

This is exactly the key point and the problem. DRM is not acceptable. We must make sure that it doesn't become necessary for things we want to do. Anything that makes DRM more acceptable to the masses is thus a bad thing.

Re:This could be good.

[MrSubtle]

Whether it's good or bad, it's DUMB. Any scheme that allows music to be broadcast on the radio, distributed into millions of computers, and sold on millions of CDs with the idea that not a single copy will ever get out of the control of the record companies is just plain stupid. Any scheme that relies on 100% protection in order to work is doomed to failure.

Better yet, any scheme in which the music industry refuses to sell their music on reasonable terms is going to generate piract like...well, like Napster/LimeWire/Kazaa, etc.

Open Source DRM?

[SatanicPuppy]

Isn't that like OpenSource Windows?

So let me get this straight:

This is a project that is part of a free intellectual property movement which is designed to protect intellectual property from being used by people who have not liscensed it?

What the hell?

Okay, so it's going to be released under a liscense which allows anyone to modify, copy, and distribute the source, as long as they DO distribute the source. And the point of it is to make it impossible for someone to modify, copy, or distrubute the source, whether you paid for it or not...

I'm not getting anywhere here, but I think it sucks.

Just my .000124611 XPD (Palladium Ounces) worth.

Re:Open Source DRM?

[HiThere]

It lets people release information without releasing it. Well, ok. But why should I want it?

Having DRM might well be useful. Being required to use it probably isn't. But I don't have any problem with people being able to exchange data securely. I just have a problem with their requiring that I participate. If people want to make IP act like bricks and mortar, then they will find their IP is quickly made obsolete. But that's OK with me.

I don't buy copy protected software, except games, anymore. Once upon a time I did, but I learned better. The GPL community routes around that kind of damage (though I'll admit that sometimes it takes a few years).

That said, there will be some things put under DRM that can't be replicated. Songs, movies, etc. Too bad. This isn't a sufficient argument to decide that DRM is bad. If people want to treat their IP that way, it's their right. What's really needed is some way to limit the term of a copyright to something reasonable. This is difficult, as what is reasonable varies with the field. In some areas, 15 years is excessive. In other areas, I can see arguments for up to 30 years, and even, on very rare occasions, 70 years. But the longer the term, the more restricted the matter covered should be. If you are going to cover 70 years, the subject matter should be as restricted as a trademark, or more so. It should only cover bit-for-bit copies. For 3-5 years it should conver reasonably accurate translations. And in between, in between.

IP patents, however, should be strictly illegal. (I.e., not only should the patent be obviously invalid, but the official granting the patent should do hard time.)

short sighted

[stratjakt]

You are all so quick to want to outlaw a technology because it has an application you dont like. But if someone else feels the same about a tech you do like, you all get up in arms over it.

How many think xbox mod chips should be legal, because just because they can be used for piracy, they have other legal uses?

Now, how many think DRM should never be implemented, because it can be used to restrict what you can do with a CD you bought?

To me its the same issue. Technologies arent inherently evil, it's the uses they're put to.

DRM technology with SSL strength security has some good uses.

A content producer can have all his stuff locked tight with DRM while it's still in production, or use it on the screener films he sends to reviewers. If it isnt for sale yet, you have no right to any of it. It's merely protecting a trade secret.

It can also be used to verify the authenticity of footages, lets say the doctored photo in Time magazine yesterday.

It could be used to prove that the footage you see on TV is what was filmed by the digicam.

It can be used in court to prove that the security footage from the 7-11 hasnt been altered in any way.

It can be used to keep your nephew from stumbling across your pr0n collections.

It already exists anyways. Noone stops anyone from streaming a netradio over an SSL tunnel, or archiving their files with a password.

In short, preventing consumers from excersizing legitimate rights to use something they own is bad. DRM is not 'bad', DRM is a technology.

Re:short sighted

[OeLeWaPpErKe]

Dumb argument.

DRM is a technology people use. It isn't bad.

DRM is a technology preventing the use of other technology (and that is it's sole purpose). => DRM is bad.

So either I'm making a mistake here or there is no way to make your argument stick ( logics first semester if you can prove something to be right and wrong with a certain set of assumptions, the argument cannot be used (under a "complete" set of assumptions this cannot happen) )

Now, as others pointed out, DRM itself is a logical impossibility under any realistic set of assumptions.

Re:short sighted

[Xeth]

How many think xbox mod chips should be legal, because just because they can be used for piracy, they have other legal uses?

Now, how many think DRM should never be implemented, because it can be used to restrict what you can do with a CD you bought?

The difference there is that DRM restricts your freedoms, the modchip does not.

Re:short sighted

[sploxx]

> It can also be used to verify the authenticity of
> footages, lets say the doctored photo in Time
> magazine yesterday.

But you certainly don't need such a program for such a purpose. GPG/PGP is enough. Sign your content and nobody can alter it (without breaking the signature). But this has *nothing* to do with DRM.

If every reporter signs the photos he created, there would be no attempt to change a photo because the signature would be obviously broken.

Re:short sighted

[bnenning]

How many think xbox mod chips should be legal, because just because they can be used for piracy, they have other legal uses?

I do. And nobody is talking about outlawing DRM, just observing that it cannot work unless control of our systems is taken from us (which is the goal of Palladium and Fritz's legislation).

It already exists anyways. Noone stops anyone from streaming a netradio over an SSL tunnel, or archiving their files with a password.

Encryption is not DRM.

Re:short sighted

[cpt+kangarooski]

Who wants to outlaw it?

I'd NEVER suggest outlawing it. People should feel free to encrypt content as an aspect of their right of free speech.

HOWEVER, I will fight tirelessly to DISCOURAGE it. For example, we could revoke the copyright of any work that the author et al released in an encrypted format.

And we can refuse to legislate that people cannot break the protection; in fact we can offer them bounties for doing so, much as there is public financing of other sorts of information gathering such as digging up ancient tablets and such.

And we can exercise trade secret protection only in situations where it's appropriate; as a form of ensuring fair competition. Which not all hacking threatens.

And we can sure as hell not mandate that people respect DRM in any way whatsoever, save at their option.

DRM is a technology, yes. But it is not neutral; it is seriously skewed towards being very bad for society, much in the way that a specially created highly lethal bioweapon is. Or an atom bomb. Productive uses are rare and difficult and require serious work to keep them from fucking us all over.

DRM is definately in that category.

Re:short sighted

[AsparagusChallenge]

Because it does not work.

It could be used to prove that the footage you see on TV is what was filmed by the digicam.

If J. Stalin wanted to alter the footage be sure he would. This silly scheme is not as strong as the powers that be want to make it look, it's a real hoax and can't be trusted into. Getting false security is a very bad thing.

Re:short sighted

True, but you're still an idiot.

Open Source, but not free source.

[mikeophile]

Did anyone notice that it costs $50 to get the source code along with permission to modify and redistribute?

From the site:

Purchase of this product enables you to modify OGG-S decryption or encryption code and release your binary modifications to your users.

Re:Open Source, but not free source.

[offpath3]

As always, GPL'd code is free as in speech, not necessarily beer. Nothing to see here.

Re:Open Source, but not free source.

You cannot charge for access to GPLed code. So either this code is NOT GPLed (But of course can still be Open Source) or they are violating the GPL. But in either case, your statement does not apply.

Re:Open Source, but not free source.

[russlevy]

That's for the ability to release it as binary-only, without the source.

If you want to distribute under the GPL, it's free.

Re:Open Source, but not free source.

[uhoreg]

Of course, they screwed up the wording of that sentence. They are releasing the code under two licenses. One is the GPL, and you don't have to pay them for that license. The other license is a commercial license, which allows you to release a binary, with modifications, without the requirement of having to provide the source, and costs 50USD. So they should add something like "without having to provide the source" to the end of that sentence.

Re:Open Source, but not free source.

[Christ-on-a-bike]

You cannot charge for access to GPLed code

False. Dumbass/troll. GPL FAQ

Re:Open Source, but not free source.

[jcast]

It's a SourceForge project. That means you can download the source for free. Like always. You just get it under a GPL license.

Uhh...

[ndogg]

April Fools was two days ago guys...

I had rather hoped it was a joke...

and after looking at the corporate types in the pics on the sideshow.bob frontpage I realise it is. pictures of (token ethnic) users grinning at laptops like braindead morons is something I expect to see on microsoft's DRM page.

It seems that the marketing drones have finally imposed themselves onto the 'open source' bandwagon. Welcome to our world, please drive carefully and no - you can't park there - you are causing an obstruction.

Aside from it being bundled with Lindows for people who don't know better, who want's DRM really?

Hmm...

[kirun]

The question of whether this is good or not is really the question of where the balance of power between the artist and the consumer should be.

On the one hand, artists should be compensated for their work. So an ideal music format would make that happen.

On the other hand, the consumer should be able to "try before they buy", make backups, cross formats, lend it, print it out and feed it to their dog, apply stupid filters in Cool Edit, and generally play with it however they want. An ideal music format would make this happen as well.

Can any format offer both? It seems not. To offer the user freedom, the file has to get unlocked at some point, and then P2P ensures it will get copied. Many artists will prefer the "get money" option, and the paying customers will be out of luck.

So, maybe the solution is to do something to P2P. This usually meets howls of protest, but there may be another way. Shazam. This is a neat service for when you hear a song and don't recognise it. Call them, point your phone at the speaker, and you get a text message back identifying the song. I think their tech could have other uses...

So, we have a Napster-like model with central servers, only your music now must pass the not-an-existing-tune test before being added. Record companies can supply the tags before a song is released, legitimate files get through, everyone's sort of happy.

Although you might prefer un-crippled files and un-crippled P2P, the Deep Pockets are going to try their hardest to stop you. Is this halfway position the best you can expect?

Re:Why isn't Redhat 9 iso's on KaZaA?

[SatanicPuppy]

Heh. I'd put it up there, except I don't want my bandwidth to vanish for a week or so.

Besides, you should give them money. It's not like it costs very much to get the early download rights.

I only object to paying for data under the following conditions:

1) when it's a sucky overpriced product that I'm forced to use because some other jackass bought it and keeps sending me fricking documents.

2) when I hate the company that produces it, and I want to see them DIE DIE DIE.

3) or when they, in the slavish hunt for every last penny of possible revenue, implement some draconian copy protection scheme, which only serves to piss off people like me, and abuse old people and simpletons.

If none of these things apply, I have nothing against shelling out the money. I even kind of like it sometimes; I feel like I'm supporting something worthwhile. I'd just blow the money on smack and hot women anyway. =)

Just my opinion.

Cleaning up the image of open source

[Sheetrock]

While I am not likely to use DRM anytime soon, I think that this project goes a long way towards legitimizing open source in the commercial industry, where until now many might have seen open source as completely opposite to conventional business wisdom.

Hopefully, this will be the impetus necessary to make Linux relevant on the home desktop front, as content providers will be able to deploy their music and video without having qualms about the ease with which their material could be distributed ad infinitum. It's good to see the technology maturing to the point where it's admitted that not everything can be or should be free.

What does "OGG-S" Stand for?

[Euphonious+Coward]

What is this "OGG-S" supposed to stand for? ("Ogg" itself, of course, isn't an acronym.) If I may hazard some guesses:

• "Ogg's Goodies Gavel-Slammed"
• "Ogg Gets Gonads-Suckage"
• "Oggs Get Gut-Sliced"

But of course you can do better.

Re:What does "OGG-S" Stand for?

Ogg is Going to become Gay Shit

Re:What does "OGG-S" Stand for?

Ogg's Goodies Gavel-Slammed

I GaVel-SLAmmED YOuR FUcKiNG MoTHER

Open Source and DRM are fundamentally incompatible

[Omega+Hacker]

I worked for a startup that was researching DRM heavily (I was doing streaming-media stuff, others were doing DRM, and the company rightly failed promptly), and have done a lot of thinking about the issues.

Basically, OSS and DRM are mathematically incompatible. The purpose of DRM is to keep the user from being able to make a copy of the media in question. In order to do that, it must use encryption keys to hide the 'plaintext', and carefully control those keys. This is the core of what DRM is.

In order to plug the equivalent of the 'analog hole', all existing DRM implementations are binary-only, and carefully control and conceal the data path between the encrypted data and the finaly output hardware, so that it's 'impossible' for the user to get the plaintext.

As soon as you go Open Source, *anyone* can take the code appart, take the decryption routine, and get the plaintext right out of that. There is nothing 'forcing' the data directly into the hardware. At that point, the plaintext can be distributed, and the DRM has failed.

More important than that even is the fact that open-source licenses guarantee that you can redistribute your modifications. It will be a grand total of about 2.37 hours between initial release of the software and someone releasing a version that will export the plaintext. Guess how popular the original release will be?

No, I think the results of this little experiment will be mixed good and bad:

Good: it will prove that DRM is mathematically impossible

Bad: it will 'prove' that the industry *must* use binary-only distributions of such software in order to make it work

It remains to be seen which of these will take effect first.

dangit

Me thinks you missed the whole fraggin point! One of the ideas behind ogg is that it DOES NOT support DRM, Thats like a machine dependant java its a contradiction.

-troy

Maybee...

[lspd]

As bad as DRM sounds, maybee it's a blessing in disguise. No one like the product activation in Windows XP or Office XP, but at the same time product activation makes piracy less workable and forces users to face the high price tag Microsoft has placed on these products. When it's a choice between $200 for Office XP or $0 for OpenOffice rather than $0 for pirated Office 2K or $0 OpenOffice...if nothing else, the pricetag drives home the point that you need to at least TRY the alternatives.

Maybee the same will be true for music...that once every commercial song comes with a pricetag, listeners will finally begin to see Creative Commons/Open Audio License/Public Domain music as a better value. Once the audience is there, musicians will surely follow.

Re:Maybee...

[Loosewire]

except product activation doesent work . I have seen countless copies of xp made :-(

Re:Maybee...

[lspd]

I realize that. Audio DRM will not work either in the long run. The point is if Joe Average thinks it works and faces either paying for a commercial product or using a free product.

Re:Maybee...

[Loosewire]

Then they go to a techie and ask "err can you get me a copy of A lot of people will actively look for copy protection circumvention just beacuset there is copy protection there. The mindset it "Ah well its protected it must be good", and its true - some great things you can give away for love nor money to joe user...

Re:Maybee...

[Loosewire]

*sorry some things you CANT give away :p

Anyone care to bet

[leviramsey]

...that the open source DRM solution will quickly prove to be the best, most effective implementation of DRM?

Stop them from tarnishing the OGG name

As it stands now OGG is almost a synonym of unencomberd and vicarious quality. Please do not allow these people to poision it's reputation and destroy the headway allready gained.

Re:Stop them from tarnishing the OGG name

[cyril3]

do you have any idea what the word vicarious means.

Re:Stop them from tarnishing the OGG name

1 a : serving instead of someone or something else b : that has been delegated

A substitute,
What do you thing OGG is? It's substitute for WAV

Admire the hilt on this pig sticker.

[Erris]

At first glance it's not so bad. Looks like they simply encrypt files and demand a license through their client to decrypt them so you can hear it. The devil may be in the details and the moral premis is evil.

How does the client prevent piping of the decrypted output? Without that, you might as well skip the encryption. With that you get right back to the nasty non free world of files you can't write and someone else owns your computer.

DRM is an attempt to prop up and extend the whole dead tree publishing model that has no place in the digital world. Trying to force the restrictions of old technology on new is evil. Creating restrictions that older did not exist in older technology is even worse. DRM seeks this and is an abomination. A new revenue model must be made and people should be encouraged to share their information as well as create it. Obscuring information so that permision is required for each and every read, and that's what this can do, is even more restrictive than printed work which is durable and human readable.

GPLing this code is like making a dagger out of gold.

Re:Admire the hilt on this pig sticker.

[jcast]

I don't think they prevent the piping of the output. Nor should they. I agree the system may or may not work---but for our sake, we'd better not make life harder for them. I have an idea: why don't we use olive branches like this to try to reconcile with the media companies, and give them time to adjust their buisiness models?

Re:Admire the hilt on this pig sticker.

[mmol_6453]

It's all in the license. If the license is written "properly," they won't allow duplication in nonDRM'd form. Then you're under contract not to screw around with it.

Re:Admire the hilt on this pig sticker.

[Bombcar]

They can't do anything ANYTHING unless the DRM goes all the way into the kernel drivers, because if it is ever decripted digital data, then it is ours to eat. Care for a little tee, anyone?

Doesn't address the threat model

[johnynek]

There is no way that DRM can work unless the output is controlled as well. In the Linux kernel (or about any OS out there) all one needs to do is write an audio driver which writes the audio to file.

How does thier technology prevent this?

This whole DRM field is fool's gold. The obvious truth is that business models need to change. Get over it.

See Felton's discussion of threat models

Re:Doesn't address the threat model

[sploxx]

I'm not working in a DRM company, but I guess the overall plot is like this:

1. You get a watermarked and encrypted version of a file (say music) via public http/ftp.
2. You call the company, give them a hash of the encrypted file (so that they can compare it to their database), transfer money on their account and in turn, they
3. send you your *individual* decryption key.
4. you play the music, copy it freely, but don't think about giving it to someone else... BANG!
Because it will be watermarked, they can track the originator down.

Ok, there is one weakness left and this is probably the one every DRM-defeating scheme will exploit in the long term. The watermarking. If you known how it has been done, you can of course overwrite/kill the hidden hints in your media.
But that's the very reason why companies try to hide especially the watermarking process.
There is of course still the possibility of an attack (multiple people buying the same song and comparing their individually stamped versions), but it gets really hard to circumvent. Even if its only software.

Source won't help decrypt the files

[Beetjebrak]

A look at the source doesn't mean that you can simply defeat the encryption. Just like you can't r00t someone's ssh server by looking at the source of their version of OpenSSH.

Of course you could trojanize the source and try to get a limp version of the binaries to proliferate, but the chances of that working are very close to zero. If I were a publisher I'd test whether the encoding and DRM encryption worked before I were to sell my media to the world.

Re:Source won't help decrypt the files

[Elwood+P+Dowd]

DRM is supposed to protect you from a malicious person that already has the proper keys. Until the decryption is handled by "trusted" hardware (TCPA), yes, having access to the source & the key would let you defeat the DRM.

Re:Source won't help decrypt the files

[Beetjebrak]

I'm not _that_ well versed in things DRM, but isn't it a public-key like system? I imagine it works like this: publisher encrypts with private key, distributes licenses (public key) for a fee. Of course there'd have to be modifications to this to prevent users from trading these public keys, something to tie their license to their own machine, user account or something like that.. It just seems counter intuitive to me that encryption would be so easy to break when you have access to the source. Smells more like something is wrong with a particular business model if this doesnt work.

Re:Source won't help decrypt the files

[Elwood+P+Dowd]

It's not that the encryption is easy to break. It isn't. This system would still require that *one* person legally decrypts the file. What they do with it after it is decrypted is where open source would (and should) fall on its face.

TCPA doesn't have this problem.

binary-only is not enough

[Adrian+Lopez]

Even binary-only implementations are vulnerable. Binary code may be hard to understand, but it's still understandable. Open source DRM is similar to the current implementation of Windows Media DRM in that it's software only, which means it may be broken by discovering the decryption key and algorithm. Only something like TCPA would make this very difficult.

Re:binary-only is not enough

[Omega+Hacker]

Oh, of course. Binary-only just makes it harder. And once you hit the sound card, all bets are off anyway. Hence HDCP for DVI encryption. The assumption they keep making is that they can build something that's unbreakable, which is of course impossible in the face of someone willing to spend enough time and money to break it.

And of course the TCPA and friends would only create a thriving underground, where people would have to be at least a little smarter than the X-box modchip makers and actually attempt to conceal themselves.

WOULD YOU FUCK HER?

FINALLY!! Spyware-free DRM!

[Beetjebrak]

Great, open source DRM! At last!

My big issue with M$'s DRM solutions is the fact that they are closed source. This means that I can't check what happens to my personal information or whether the system contains any hidden "features" that I don't like.

Open source DRM enables digital publishing for profit AND the user gets the peace of mind that there is NO SPYWARE or other fishy stuff going on in the background.

Huh?

[Ignorant+Aardvark]

Open source digital rights management? What?! It's not still April 1st, is it?

how different from SSL or GPG?

[mabhatter654]

This could be extended to source code too!

Much like GPG keys, the source can be in the open because with a big enough pool, you still can't easily break it even knowing the source! From an Open Source business standpoint, that is the final step in creating a fairly secure system end-for-end.

The benefit is that being Open Source it's optional to add. You might need it to aquire content, but that could be a good thing. After all, for Linux to succeed the world must learn to work in pure source! Think of what Nvidia and ATI could do if they knew they could send out encrypted source files and what architecures not yet concieved could be developed. You could retarget to new systems by creating source modifications, but not actually seeing the source! Linux also has all the mechanisms [think gentoo] to verify, and passout the keys via a trusted system.

The best part is that being Open Source there can be multiple trusted authorities online! Each distro could be a trusted source as well as individual vendors online sites. The only thing missing is certified ISPs that can prove you're you connected to their network. The phone Co already does this, it just needs minor work to be useable on such a grand scale. It also cuts the other way in that you personally can choose your own degree of certification and your own vendors to keep the keys! No one vendor can dominate the market as the entry fee is only $50!

A good thing..

[elemur]

Its good.

Why? Because it would be implemented in, obviously, an open manner with publically defined protocols and specifications. Therefore, anybody who wanted to build an infrastructure to support DRM could do so without locking people into a single vendor or implementation.

Somebody asked why couldn't you just change the libraries to let you bypass it? Well sure, if you can change the code on the machine, you *may* be able to bypass protections, depending on what they are. For example, if the file (text, sound, media, etc.) is encrypted and requires a decrypt key, mucking around in the code isn't going to help it decrypt itself.

Now.. what about extracting the protected media after the decrypt step? Well, thats a bit harder. In fact, that was how people broke Microsoft's first WMP protection.. they wrote a null sound driver that just dumped the output to a file. Works pretty well. Don't think that they didn't notice, when all of their drivers need to be signed these days..

Anyway.. there are different parts to Digital Rights Management. Step 1 is access.. can you access a file or not. Crypto protects that, and no open or closed source will change that. Step 2 is decrypted control. Who can manipulate the decrypted bytes of the media? That is up to people to implement and protect as they see fit.

Remember that an OSS DRM solution could provide an open source platform for building closed source clients and devices.. You have the advantge of an open standard combined with actual devices using it.

An alternate open DRM solution

[Argyle]

The Internet Streaming Media Alliance has released a spec for DRM that is vendor-neutral and involves no royalties.

Not truly open source, but perhaps better than Windows of Real DRM,

DRM in the free software spirit

[Florian+Weimer]

Both Linux (proprietary modules tainting the kernel) and GCC (the GNAT frontend can check for source code license violations) already include DRM. But these DRM systems are advisory, and not compulsory.

I think an advisory DRM system, combined with micropayment would be a nice thing, especially for free software. For example, your mail user agent could ask, "You are about to send this song to a friend. The artists suggest you donate them $0.50. Do you agree?". Too far-fetched? Maybe. But it's much more realistic than all the other DRM proposals I've seen so far.

Re:DRM in the free software spirit

[t_allardyce]

Micropayments are a good idea aslong as they work - thats the hardpart, a system that can deal with all those millions of transactions smoothly and securly. with an advisory system like that on say a Windows platform will give you a very effective solution. Most people wont know or care to switch the system off and will probably click yes by accident a couple of times (if not out of kindness). Couple this with yes/no buttons that randomly switch places (every second) and your well on your way to being rich.

But more likely it's bad

[nothings]

DRM is a tool that can and will be used to abrogate fair use (without messing with the legal right to fair use, i.e. doing an end-run around the law).

Ubiquitous deployment of DRM just does away with the opportunity of anyone to vote with their (virtual) wallet. It gets us in a position where we have no choice.

Ditto ubiquitous deployment of "trusted computing" in hardware. First get it in everybody's hands, then in a few years start using it, then in a few years start requiring it. See also 'copy-protected' CDs.

Re:YES! another thinly logical attempt to make mon

But that's ok. Your trademark dispute sets you far above the propietary demons of commercial software.

Completely different actually, giving somebody the rights to use/modify and redistribute my code doesn't give them the rights to use my name.

Now, you have been stuffed into a non-profit (read: poor) organization.

It's read as written, some of us are happy not to be ripping people off. I make enough to live and have a decent standard of living, what more could anybody possibly want?

Re:Open Source and DRM are fundamentally incompati

[renehollan]

Ah, but you can have open source DRM, and Fair Use rights too, if you bend the definition of what constitutes software and what constitutes data.

First, while software released under a free license, like the GPL, has to be redistributed under specified terms, the data such software processes does not (in general -- there are a few exceptions where output of a GPL program contains GPL code, thus restricting redistribution of compilation of that code without the rest of the source -- which usually comprises the input to the initial GPL program in the first place -- think parser generator). This is the entire basis for openssl and similar code: you can keep the keys secret.

Thus, if the keys involved are kept secret on a secure processor, and that processor only runs code signed with other secure keys, said code can be completely open!

Of course, you lose control over what this processor does (since it can't execute arbitrary code), but you can examine the code that it does execute. Furthermore, such a processor could also execute unsigned code, but not provide access to the keys it protects. If the processor is limited to decoding encrypted entertainment data, the fact that one does not have control over it is no worse than not having control over a remote server to which one connects over the internet -- it's not like your whole general purpose computer is locked up (and the biggest problem with TCPA -- it locks the whole machine, not just some remote part, and encourages laws making the possession of unlockable machines illegal).

This does raise the whole issue of key management and distribution, of course, but fair use creation of archival copies of encrypted content, and storage in different forms now becomes possible: you just need a decryptor at the end. No one ever complained about needing speakers to listen to music or a TV to watch, er, TV.

The problem of "fair" DRM then reduces to one of establishing a trust hierarchy that producers of decryptors, copyright content producers, and consumers can all accept. I argue that problem is solvable, at least in the mathematical sense. The question is: "Is it economically viable?"

I think the answer is yes, particularly with a U.S. government push to "secure the internet".

Excellent political move

[pvera]

The open source movement needs initiatives like this to distinguish open source from freeloading. A DRM solution tells RIAA and their minions that there are alternatives out there to make DRM work without resorting to obscene violations of privacy.

Almost everybody I know that uses MP3 or other formats want to pay for their music, what they don't want is unfair restrictions and obstacles to interrupt their enjoyment of the music once they purchase it. I even spent over a year using encrypted windows media music at work to prove to the network admin the music was for my own enjoyment and that I was not sharing it. It worked really nice but it was ackward, plus the files became useless once I left that company.

a use

[zogger]

--I don't see this as being inline with "art" per se, those sorts of artists who are into that would use what is already available, if they went that route, and it's already quite controversial in that respect..quite....

Now I CAN see an immediate practical use for this, distributing digital audio/video/stills of a political and sensitive nature. And like perhaps that example the other day, the doctored war photo that got that guy fired. Well, bad example because he did it HIMSELF, but along those lines. Say the original photographer or videographer, transmitting the image(s)or audio from a remote place, he could use this, to make sure his work wasn't altered by someone else, as in get intercepted, doctored, and then used for an agenda of some sort.

DRM is not possible, period!

[dbrown]

God, this sickens me to no end. I thought the OSS culture was smarter than this. It's not that I hate DRM, its the fact that DRM is a logcial fallacy. Spending time on DRM is like spending time trying to prove 2+2=5. You'll never succeed. Never!

If I can read it, see it, or hear it. I can make a copy. End of story, end of discussion. It doesn't matter how much you encrypt something, eventually it will need to be unencrypted for a human to read/see/hear it. At that point, it can be copied. Maybe it won't be a copy of the exact bits, but it will be a copy. For example, I could buy an e-book with heavy DRM. I load that e-book into my DRM e-book reader so I can read it. I then begin to transcribe the book into my word processor. Sure its tedious, but it only takes one person to do this and all the DRM in the world can't stop it.

When will people learn that DRM is a complete and utter waste of time?!

Sheesh.

Re:DRM is not possible, period!

[Graymalkin]

You've entirely missed the point of DRM. The point isn't to keep you from copying something which you will if so inclined, the point is to provide a legal defense against you if/when you do.

Think about it like this. You leave your über-hundred dollar stereo out on the sidewalk in front of your house for a couple days. Lo' and behold when you come out to look for it, it's been swiped. A couple days later you hear the riotous cacophony of the Pink Floyd CD you left in your stereo blasting down the block. You go down the street and look in the window and there on your trecherous neighbor's entertainment center is your stereo with your personalized nameplate on the front and everything. You call the flat foots down on the bloke without hesitance.

Later in court you tell your sob story about missing your most priced stereo. In the cross examination the defending attorney asks if your stereo was so prized why in the hell did you leave it on the sidewalk. Typically folks who prize something do not leave it out in the open waiting for someone to haul off with it. The judge then tell you that you're an idiot and drops the theft charges against the neighbor. It would be a bizzare twist of fate for your case to even get THAT FAR.

The judge tells you that you're an idiot because you have no reasonable expectation of security when you leave stuff on your sidewalk. Some people will pass the stuff by but there are plenty of people who see a stereo on the sidewalk as a gift from above. If the supposedly prized stereo was locked up in your house and it was stolen you'd actually have some ground to argue on.

DRM-free CDs and MP3s are the stereo on the sidewalk, it is obvious who it belongs to but it is sitting out on the sidewalk in the faint hope it will be there in the morning. DRM enabled media is the stereo under lock and key. Sure people can still break in and steal something but the fact there's a lock there changes the situation from a matter of conscience to a matter of law. It isn't illegal to pick stuff up off the sidewalk, it is however illegal to break into a dude's house and steal his stereo.

Copyrighting the stuff on the CDs is equivilent to the faint hope your stereo will be on the sidewalk where you left it. While it is plain the stereo belongs to you it is still out in the open. Putting DRM on the disc gives a property owner to actually pursue someone circumventing said protection. DRM is legal protection not practical protection.

It is oronic actually

[fateswarm]

It is oronic actually, the same irony on Open Source and free software all over again. Mr RMS tries to convince us that we must be free. You believe him but you extend that to the point to say we must be free to be closed source as well.

But from the mouths of open source and free software zealots I get the point that they think they are the free ones, not the ones that use closed source.

So, they either consider freedom the open source and free software or nothing.

So, I get your point, I get their point. What's the conclusion?

Nothing. The same irony all over again. The same circle that goes round and around and around all over again.

But I think. I think, you're the smartest. Not that you said it as it is, but you're closest to the truth.

The truth is, it doesn't matter if you're with open source, or free software, or closed source. What does matter is what you create, what help you give to other people who want to create something like this you created, and how usefull it is that thing you created after all.

So, let's please be more open to what people create, and what help they give to their users and developers that are interested in what they are doing, and less concerned on what licence they distribute it with.

Re:Open Source and DRM are fundamentally incompati

[entrigant]

So, this is exactly the same problem with OpenSSH, and how anyone can decrypt a SSH session because the source is open... erm oh wait, it's not that easy. Just to throw in a phrase well all hate, but is applicalbe here... Please think OUTSIDE the box.

is this a good thing or a bad thing

[CakerX]

is this a good thing or a bad thing??? really??

The encryption IS wanted.

[mmol_6453]

Actually, in both cases the encryption is wanted, by the people who have the right to encrypt it.

You have the right to encrypt anything on your machine, in the name of privacy.

You also have the right to encrypt anything you make before giving it to other people, then choosing when and how they can unencrypt it. This is called "DRM."

If an artist doesn't want his music sampled, well, sucks to be him. He's going to make fewer sales, and won't earn as much money. DRM protects a savvy user's authority. It doesn't protect idiots from themselves.

Re:The encryption IS wanted.

[intermodal]

what you say contains truth, however if I recieve a PGP encoded email, I can decrypt it and leave it that way. A DRM system has the undesired effect of not allowing me to do this. That is my problem with DRM.

Re:The encryption IS wanted.

[mmol_6453]

If you've accepted the license to use the DRM'd material, then the system will let you use it. It's your choice whether or not you find the material worth accepting the license.

Re:The encryption IS wanted.

[intermodal]

well then to clarify my position stated in the initial post i made, this development is bad and I will not use it. That is my decision, you are free to choose as you will.

Re:Open Source and DRM are fundamentally incompati

[SiliconEntity]

As soon as you go Open Source, *anyone* can take the code appart, take the decryption routine, and get the plaintext right out of that. There is nothing 'forcing' the data directly into the hardware. At that point, the plaintext can be distributed, and the DRM has failed.

That's a good point. But if you had some secure hardware like TCPA, open source DRM could work. What would happen is that the hash of your open source application gets reported to the remote system, using the secure hardware. If the hash is different from what it is supposed to be, then the remote system won't send you the data.

Also, the open source application can save the data encrypted so that it can only be unlocked when that same application (unmodified) is run. So after downloading, if you hack your app, you can't unlock the data.

That's the theory, anyway. Now one problem is that Open Source is supposed to encourage modification, but a mod will change the hash, so the remote system has to know and approve all the "good" versions of the software that are floating around.

But the point is, if you're going to use something like TCPA at all, wouldn't you rather use it with an Open Source application so that you know *exactly* what it's going to do? Rather than a closed app which cloaks its activities with encryption so you don't have any idea what it's doing?

Demand Open Source when you use Trusted Computing technology!

but 2+2 =5 is true

mod 1.

(2+2)mod 1 = 5 mod 1

The case against Digital Restrictions Management

[Peter+Eckersley]

(in almost all of its forms)

I'm writing a (rather long, rather detailed) article arguing against DRM-enforced copyright, as a matter of public policy.

It's available here in workping-paper form.

We have to stop perpetuating this myth

[freeweed]

No one like the product activation in Windows XP or Office XP, but at the same time product activation makes piracy less workable and forces users to face the high price tag Microsoft has placed on these products.

Ok, so it's mostly Microsoft who spreads this one, but even some Slashdot users fall for it.

You think product activation stopped XP piracy one iota? Think again. Cracked copies were floating around before it even hit retail shelves. Service pack 1, you say? Once again, within days of that debacle, a workaround even my parents can handle was available.

People get their warezed XP the same way they got their warezed 2000, ME, 98, etc. Kazaa and its ilk are making it even easier.

Know who product activation hurts? Not pirates, that's for sure. It hurts those of us who do anything more than install XP once, on one system, ever. Want to mirror your desktop's contents onto your laptop? Sorry. Have to re-install Windows? Sorry. Bought a new computer? Sorry. If you're lucky, you're only forced to upload some data to Microsoft. No internet? Hope you don't mind sitting on hold for a while. Past what Microsoft considers an acceptable amount of re-installs? Oh well, hope you have another $300.

The University I attend gets free copies of Windows and Visual Studio for its CS students. I can get as many license keys as I want without paying. But, I still have to deal with Microsoft's insane activation scheme if I want to use XP. Instead, I just use 2000. One CD, and *I* get to choose how I use it.

Know what most students are doing, to get around the hassle of activating XP so many times? That's right, downloading the cracked version. Guess what they're going to do once they're out of school and want the latest version of Windows?

Re:We have to stop perpetuating this myth

[apweiler]

Nothing to add, really, just a small anecdote about this. I read in a magazine (not a computing mag, though) that about 30% of people who were planning to get XP *legitimately* said they were still going to crack the activation because it pissed them off, and this was before XP was released. Dunno where they pulled the statistic from, but it's interesting.

Posting from Windows 98 *gasp*, and even a semi-legitimate copy: Installed from an original CD - but an OEM copy that came with a different computer than mine but wasn't installed on that one...

"Just say no"? "BUT I WANT IT!!!!1!1"

[yerricde]

If the breakage is really the licenser saying "screw you" to those who accepted and followed the license, then don't use content from that licenser.

What if the licensor is The Walt Disney Company, and the licensee is a mother of children who are still too young for school? "Just say no to Di$ney" would probably not click too well with little kids.

Re:"Just say no"? "BUT I WANT IT!!!!1!1"

[mmol_6453]

As a general rule, a class-action suit would be fully justified. And in order.

In the mean time, for the Disney example, her children can watch Bob the Builder, Veggie Tales, Teletubbies, Sesame Street, and any other of mind-numbing-yet-educational material.

Or her kids could watch movies by Pixar and Warner Bros. Or break out that mothballed VCR and rent something interesting from the library.

Re:"Just say no"? "BUT I WANT IT!!!!1!1"

Or you could just Whip out daddy's belt.
That'll fix their "I want Disney" attitude.

Re:"Just say no"? "BUT I WANT IT!!!!1!1"

What if the licensor is The Walt Disney Company, and the licensee is a mother of children who are still too young for school? "Just say no to Di$ney" would probably not click too well with little kids.

It's easy to tell Disney to take a hike. The Disney that parents grew up with is gone and the name has been reflagged. The last decade Disney and subsidiaries have not only declined in quality, but seem to churn out only soft core pedo- and homo-erotica. Not stuff for children. Not quality either. Not cheap.

There is an increasing availability of quality non-Disney films and short films for children. Not just classics like Pippi, but also many new works. You just have to look. Maybe Disney's licenses are the nudge parents need to look for the quality again.

Open Source DRM a GOOD THING

[einhverfr]

I actually think this is a good thing. It will help Open Source Software gain acceptance many places it is accepted yet. This will also help to develop a more bulletproof DRM technology which could help safegard the movement from the attacks of Hollywood....

There is also another benefit to open source DRM. If the current content providers continue to aggressively lock their material down, it may provide an option for those of us who want to see Free (as in Speech) content develop and become a viable model. If we are clever, this could create an opertunity for open content of music as well as documentation and software.

Re:Open Source DRM a GOOD THING

What I'm really waiting for is all the other DRM apps to start stealing this GPL'ed code.... then we can bust em all for copyright infringement.

Ironic isn't it??

Automatic page turner

[yerricde]

Until somebody invents a selective layer X-Ray machine with OCR that is! :) (thus making scanning in books reallly easy, heh)

Either that, or just adapt the sheet-feeding mechanisms from inkjet printers to turn the pages automatically, and then scan and OCR two-page spreads.

Did I just violate the DMCA with this comment?

Re:Automatic page turner

[Com2Kid]

• Did I just violate the DMCA [cornell.edu] with this comment?

No, but you did violate the "it ain't gonna happen" rule. :-P

I think a system of automated vacuum tubes would be far more realistic, even then it would have to be calibrated to each book separately.

Think of how horrid of a job inkjet sheet feeding mechanisms do on various thicknesses of paper. . . .

Let me make it simple.

[Erris]

Good:

OGG - a patent and royalty free means of sharing music.

Bad:

OGGS - a patent and royalty free means of preventing music sharing or even listening.

Really, Really Bad:

These methods applied to textbooks, technical publications and other "real" information.

Why should I "reconcile" myself to those who treat me like a criminal? No thanks, I don't need their stuff and want them to stay out of mine. For instance, indexing files on a local network is not a crime. I'm never going to buy DRM crippled stuff because it interferes with my ability to use what I buy.

Re:Let me make it simple.

[jcast]

I didn't mean we should reconcile ourselves to the RIAA---I meant we should try to get them to reconcile themselves to us. I.e., get them to stop treating us like criminals. It's worth a shot.

Avoiding another Circuit City DIVX debacle

[yerricde]

How about an offline machine that can't tell some rinky dink server that I'm listening to music right now.

You're referring to one of the drawbacks of Circuit City's DIVX system, that it required a telephone connection. But now that wireless continues to grow more widespread, how about legislation to require 802.11 cards in all PCs sold with digital media playback software?

Re:Avoiding another Circuit City DIVX debacle

[devilspgd]

I think it's a reasonable argument to want to use legitimate media without having to whore yourself to an online provider first... Unless of course they plan on including online access, in which case I'm looking forward to watching DVDs on a plane. You think a voice call from a plane is expensive, try data.

Why ??AA doesn't go after P2P

[yerricde]

So why does not RIAA/MPAA just do that; sue uploaders?

Because it's nearly impossible to find enough uploaders to make the lawyers' time worth it.

Re:Why isn't Redhat 9 iso's on KaZaA?

Actually since kazaa is available to people that use Windoze NOT linux. Linux is such a small percentage that it doesn't matter as far as free warez is concerned.

Signature survive the analog hole?

[yerricde]

If every reporter signs the photos he created, there would be no attempt to change a photo because the signature would be obviously broken.

Then how would the signature survive cropping, printing, and scanning, so that the subscriber can verify the signature?

Re:Signature survive the analog hole?

[sploxx]

I think that can be managed. There is a repository holding the signed originals or you make the signature out of the data in the image that will not be altered by cropping etc. You have of course make that relatively tolerant so that it doesn't complain about the noise added by printing/scanning.
But DRM would help here, either :)

Re:Signature survive the analog hole?

[sploxx]

s/would/wouldn't

It's all about the client side

[MikeO]

Exactly. And DRM these days is much more about restricting your use of content once you get it than it is about controlling your access to it in the first place.

Encrypting the content with a key is true security. Having the key also tell the client-side app that you should only be able to play the content for 30 days, or that you should not be able to give it to your buddy or burn it to a CD is security-through-obscurity. It is this control that the media companies want, and it is something which, for obvious reasons, is impossible to do in an open source app.

Hardware Circumvention

What if someone built a sound card that just stores of feeds any data it recieves back to the computer through another channel?

It's against the DMCA, of course. :)

It's the victim's fault, you see

[chrisis]

No, YOU'VE entirely missed the point of DRM. The trouble with your analogy is that you've decided that there are certain kinds of theft that are acceptable. Theft is theft. It doesn't matter whether I've left my door unlocked, or locked, or forgotten my walkman at the fast food joint -- or set my stereo up on the sidewalk. Somebody helps themselves to my property, it's theft, pure and simple. I shudder to think that there might be judges who will rule on the basis of your twisted perception of relative morality instead of on the basis of the law.

If DRM was what you say it is, then why are the media giants going after the file-swappers? If you're right, they don't have a leg to stand on! Their music is "out in the open". Nonsense -- they're going after the file swappers because the file swappers are in breach of copyright. There is already a basis in law that allows for prosecution of ppl who illegally copy. DRM is NOT about legal protection. DRM is about CONTENT CONTROL.

You're wrong...

[aquarian]

The appeal of Ogg has nothing to do with DRM. Ogg ensures a royalty-free codec. DRM for content is a completely different matter.

No it doesn't

All they have to do is buy the key under a false identity, or trojan some innocents machine and steal their key.

So what if it's watermarked, it doesn't matter if the watermark can't be traced to the originater of the hack.

It makes things a little more hairy, but it won't stop the problem.

DRM:today you have access to the kernel. Tomorrow?

[chrisis]

DRM isn't bad? Do you have any idea what DRM /means/? DRM requires content to be authorised by central "trusted" authorisation servers. That means that access to /your/ content is controlled by whoever controls the authentication servers. That means that you have to ask permission to view your own data!

How can that possibly be good? How can you give a mandate to something like that?

Pretending that it is an "arms race", and making sure everyone's got it would mean that DRM would become ubiquitous -- and that any data anyone produces will be placed under the dominion of the despotic maniacs behind "Trusted Computing".

Open Source should NEVER get into bed with DRM. It's laughable to think that anyone could DREAM that DRM would permit Open Source [software or content's] continued existence. Can you imagine giving someone sponsored by Bill the control over your access to the linux kernel? Allowing DRM to become ubiquitous, even tacitly supporting DRM would make that situation a reality.

Re:Open Source and DRM are fundamentally incompati

[cpt+kangarooski]

The problem of "fair" DRM then reduces to one of establishing a trust hierarchy that producers of decryptors, copyright content producers, and consumers can all accept.

That is total nonsense. What is a fair use is a fair use. The author can HATE that use, but it doesn't matter. It is STILL a fair use that the user can undertake.

Authors often hate parodies of their works. Or having to compete against used copies of their own works. Or having people take quotes or clips from their works. Or having people spaceshift or timeshift their works. Or importing copies of works legally made abroad that are infringing here under certain circumstances.

Fuck 'em. We get to do all of those things regardless. And as soon as the copyright term expires, we can do literally anything with it.

Unless DRM can PERFECTLY permit people to do whatever the Supreme Court would let them do under that exact same scenario, (meaning for example that the DRM will have to know what the intent of the user is), it is an abject failure.

We have to fight it at every turn.

oxymoron?

[wing.app]

No, ultimate digital is an oxymoron though. ;)

Re:Open Source and DRM are fundamentally incompati

[damiam]

You can't modify the source to give you access to a file you don't have the key for, but you can modify it to send the decrypted output to file instead of the sound card, which would give you a protection-free copy.

Re:Open Source and DRM are fundamentally incompati

[mdielmann]

I don't quite agree with you. You can have an open standard for DRM, and therefore an open reference on how to implement that DRM standard. Now, that reference can' be released under something like the GPL, I agree. However, I don't see why it couldn't be released under a license like BSD or something similar. So, open source and DRM is okay, but GPL and DRM is not.

Acid

I don't even know my neighbor! I'd stuff his head in a vat of acid, if that meant I could be rich!

Maybe use in Content Management System?

[grag]

Yes, I am aware that one can likely bypass a DRM system.

On the other hand, what if they were able to develop a system that used a spec generic enough to be used on any type of data file and integrate it with a content management system or workflow management system? I can see a niche for something like this.

With the open source involved, this could restrict it only to places where one entity has complete control of the infrastructure, a business for example.

Server, X-11 terminals hardwired to the network, no open ethernet ports anywhere, ta-da. Ok, I'm sure there is more to it, but most businesses have full control of their networks and can create the proper environment to further enforce the DRM.

I know the medical field and government would benefit from this, yet I would prefer to have an open sourced, open standard system and know it uses a strong encryption algorithm other than a do-not-print flag set in the file enforced by the DMCA.

Could such a system be created following the open source philosophy with open standards and be secure?

If there is, don't hesitate to let me know.

This is great!

[darnok]

I see this as a very big step forward, and congratulations to all involved. Contrary to some of the knee-jerk responses, there are valid places where audio encryption could be very useful for society as a whole.

To quote just one, audio evidence is regularly admitted in court. However, there is a significant possibility that this evidence can be tampered with. If the "source" audio was recorded+encrypted on the fly on a "closed" piece of hardware, maybe even with a GPS to capture the geographic location and time of day, it'd be possible to get an extra level of confidence that the audio was kosher and thus give it more weight in evidence.

Now I'm sure that it would be theoretically possible to tamper with such evidence, but it makes it that much tougher to do than e.g. people taking a conversation sample on cassette tape, then editing it using the appropriate tools and rewriting it to tape again.

Re:This is great!

[spitzak]

The tamper-proof data you are talking about can be done by "signing" it with a private key that is known only to a trusted party (for instance it can be burned into a tamper-proof chip in the original camera). This is an excellent idea and maybe should be added to all recording devices.

But it is not DRM. Anybody can copy the data, signature and all.

THIS is how to handle disputes

[stwrtpj]

That being said, I would very much appreciate it if the name of this product were changed. I'd rather avoid confusion sooner rather than later. After all, 'Ogg Vorbis' was only a project codename, and was never expected to take off. :)

People, take a look at this simple, polite exchange between two groups that have a disagreement over the equivalent of a trademark issue. THIS is how it should be done. I shudder to think of how many lawyers would be involved by this time had this been two corporations.

Thank you, both of you, for providing this excellent example.

Re:Why isn't Redhat 9 iso's on KaZaA?

[redcane]

kazaa released a linux client. I used it for some time. I don't know if they broke it with their nutwork "upgrades" though.

Re:Open Source and DRM are fundamentally incompati

[Jordy]

That's a good point. But if you had some secure hardware like TCPA, open source DRM could work. What would happen is that the hash of your open source application gets reported to the remote system, using the secure hardware. If the hash is different from what it is supposed to be, then the remote system won't send you the data.

This is why you don't modify the application on disk. Instead you modify it at runtime or alternatively monitor the memory address where the decrypted frames are being read before being passed to the decompressor externally.

Heck you could even build a memory bus logger if the apps are run in some sort of protected VM to get access to the decrypted frames (once you figure out the offset that is).

But this is all really beside the point. People are willing to put up with the quality of radio, movies shot in theaters by digital cameras, horribly overcompressed digital cable tv and all sorts of other inferior media products. Somehow I doubt anyone is going to notice an extra A/D conversion done down the line to bypass all this silly DRM stuff with a $5 cable bought at radio shack.

no

[LittleBigLui]

i think i finally have found a useful application of dupe posts.

Re:Open Source and DRM are fundamentally incompati

A program for which you have the source, but you can not compile the (modified) source into a working program is by most standards NOT considered open source.

As TCPA would stop the modified program from working, this would make it non-opensource.

This has even been suggested as a possible way for MS to attack the GPL. Yes you can get the source, but you can not change it and get a working program out of it, if you don't pay to have it signed.

Re:Open Source and DRM are fundamentally incompati

[aminorex]

Abstractly considered, there is fundamentally no difference
between a source distribution and a binary distribution.
The practical difference that is most relevant in this case
is that a binary is more inconvenient to read. But plenty
of people spend long hours running softice and know x86
opcode tables better than their mother's face.

Whether the source is open or closed, I don't think there's
a difference with regard to the accessibility of the plain
text content, or of the private keys. Binaries can be patched
with a finite additional effort beyond that required to
modify source and recompile. Signatures can be forged on
a patched binary no less easily than they can be forged on
a compilation from source.

The difference is moot, in my opinion. Please correct my
error, if you perceive one.

Re:Open Source and DRM are fundamentally incompati

[Steeltoe]

As soon as you go Open Source, *anyone* can take the code appart, take the decryption routine, and get the plaintext right out of that. There is nothing 'forcing' the data directly into the hardware. At that point, the plaintext can be distributed, and the DRM has failed.

The whole point of encrypting with known algorithms is that it is very hard to decrypt without the keys. I think you must have used a very weak algorithm. You don't release the keys anywhere, they must be hidden away as best you can. Of course, doing safe decryption on an untrusted platform is impossible (see below).

I don't see any mathematics in your post. So I have to ask for proof before believing you. Next time, avoid buzzwords just to be modded up..

Secondly, I believe you have some experience, but the future of DRM will not be in software.. With closed hardware, it's probably (who REALLY knows?) possible to combine Open Source and DRM. Point being that Microsoft announced they will release their sourcecode for Palladium, so that everybody can see that there is no 'evil' code in there. That it does what Microsoft says it will. The core code that runs in a hardware-protected sandbox should be perfectly safe (in theory) from tampering by other than Microsoft.

Thirdly, OSS supporting DRM is a bad move because that will validate closing up the hardware from the people. Maybe many thinks this is a good idea, but in the long run we WILL be better off defeating DRM before it becomes valid.

The people should make the decision NOT to buy DRM-enabled devices and programs. Just stop supporting DRM and all its likes RIGHT NOW. There is nothing to be gained for the people in the technology. It defeats the whole purpose of a multi-purpose device: That somebody else controls what you can and can't do on your own terminal.

For once in your life, take a stand. Have some spine! If it means you can't buy the latest N-Sync album over the net, just don't do it! Walk out into nature and meditate, you'll be much happier and better off..

What is "secure" depends on where you stand.

[Paul+Crowley]

Security is all about proper operation in the face of an adversary. As a result, one person's security is another's insecurity.

If I break into your colo server and use it for bad purposes, I may take steps to stop you getting in in order to kick me out. From your point of view, the box is still the victim of a security vulnerability, while from mine it is now secure.

I want hardware I've paid for be secure in my favour; I don't want it to be secure against me.

Re:Open Source and DRM are fundamentally incompati

[wirde]

The problem with DRM solutions based on encryption using key-pairs is that the key needed to decrypt the song must be stored on your computer. If you can restore the key, you can decrypt the song.

It really does not matter if the software is open source or not (though it will be harder to crack the binary only version).

Software only DRM is security by obfuscation only. Such security measures can *always* be broken.

Public/private key security depends on the user being trusted (naturally). The problem is that in the DRM case, the trusted user is the mp3-player (but that a malicious user has complete access to the system).

Re:Open Source and DRM are fundamentally incompati

[wirde]

The fundamental difference between SSH and DRM is that it is perfectly ok if the SSH-user knows the key used to encrypt/decrypt data. In DRM only the software must be able to find the key.

Free Fascist Code

..an idea for the 21st century

Re:Open Source and DRM are fundamentally incompati

[luisdom]

You have mixed key and encryption algorithm. You "put the key" in the algorithm, then feed the message, and there comes the ciphered text. To decrypt it you may need the same key or another, it depends on the type of algorithm you are using.
You have a ton of public implementations of AES, DES, etc, as long as the full description by the authors.

Re:Open Source and DRM are fundamentally incompati

Another problem though, is that no-one in their right mind would use asymm encryption for streaming media. You have any idea how much overhead is created by using asymm encryption?
SSH for instance also uses asymm encryption only for session key exchange.
Ho on earth are you going to keep your 'session' key hidden from the user??

Dragging the Ogg name thru the mud

[Quizo69]

The name of this DRM scheme seems awfully suspect to say the least.

With all the headway Ogg Vorbis has been making, it seems that this could be a veiled attempt to get those not so knowledgeable to begin associating the Ogg name with "bad" DRM. Then you get the typical kneejerk reaction of "Don't use Ogg, they'll embed DRM in it then you will be locked in" etc.

I'd suggest that Xiph.org protect their name NOW before the wrong message gets pumped out by the media. Ogg is WAY too close to saying "Ogg-S is bad" and thereby making mental association of "Ogg is bad".

Re:Open Source and DRM are fundamentally incompati

[renehollan]

That is total nonsense. What is a fair use is a fair use. The author can HATE that use, but it doesn't matter. It is STILL a fair use that the user can undertake.

Not quite: the only popular system that consumers should accept should permit such fair use. I maintain that it is possible to build such a system, and still have it forbid other, "less fair" uses.

The only difficulty is not technical, but the fact that legal fair use is a shifting definition, changing with the times, and thus difficult to codify. However, short copyright intevals, and the means (and legal requirement on DRM device manufacturers) to provide upgrades that permit new fair uses, an alleviate this problem: it is not mathematically impossible to solve.

The key is multifacetted: 1) fair use needs to have a codified definition that encompasses as much of legal fair use as possible and the flexibility to accept more; 2) copyright needs to be short enough that eventually any restrictive system opens up; 3) restrictive processing that the consumer does not control should NOT be part of a general computing platform, but rather integrated into audio and video "end devices" (TVs, displays, and speakers).

This is a joke, right?

[Nyhm]

The lack of proofreading aside, I get the strong impression this is the author's first application of cryptography. At the highest level, this does implement a DRM scheme (which is by definition fundamenatlly flawed, of course). The devil is in the details.

Take page 17 of the Systems Design Document, for example. The use of Low and High security levels is misguided and misleading: "This level of encryption ensures that content can only be decrypted by applications that are not malicious..." How so?

On the same page, the use of the term "PUBLICKEY" is questionable. Public key usually implies public key cryptography, but this is a symmetric key. Furthermore, what is a 1024-bit 3DES key? 3DES uses a 168-bit key.

Still on page 17, SHA1 values should not be referred to as checksums. Later, they are properly called hash values. Weak terminology is a minor complaint, but has no place in a security paper.

Overall, I hope the music industry (et al.) uses Media-S for all its DRM needs!

Re:DRM:today you have access to the kernel. Tomorr

DRM isn't bad? Do you have any idea what DRM /means/?

I think the argument is that it's not too late to change what DRM means. Yet.

Re:Open Source and DRM are fundamentally incompati

[cpt+kangarooski]

Problems with your key:
1) Fair use cannot be properly codified. It's a constitutional doctrine. Congress can provide its own definition of fair use, seperate and apart from the judicial doctrine, and basically has in the form of 17 USC 107 (which repeats what the current judicial doctrine is) but they cannot stop the courts from having their own.

2) While I like copyrights being of minimal duration to achieve maximal public benefit, how could DRM possibly be aware of changes in the law? Congress could wipe out copyright tomorrow if it wanted to. And of course, particular material may be determined not to be copyrighted, or may have copyrights suspended or revoked only after judicial intervention. Copyright holders cannot be relied upon to be honest; their interests are in asserting copyrights no matter what.

3) Fair use is applicable no matter what technology one wishes to employ. I can time shift and space shift with a VCR if I want to. Restrictive technology should simply never exist.

Re:Open Source and DRM are fundamentally incompati

[renehollan]

1) Fair use cannot be properly codified.

One can, however, approximate its codification quite well: once limited plain text extracts can exist, and complete unlimited archival encrypted copies, what else is required? All other requirements become legal ones, and not hindered by restrictive technology. We can use the "genie out of the bottle" to our advantage here, and still severly limit the bane of copyright holders: blanket, widely distributed outright copies.

2) While I like copyrights being of minimal duration to achieve maximal public benefit, how could DRM possibly be aware of changes in the law?

Simple: the law can require that DRM software permit this, and open DRM software can be inspected to ensure that it does. It's the keys that remain secret. Of course, that does not prevent unscrupulously restrictive hardware or firmware, but then the "smoking gun" of non-complience with the law becomes quite obvious.

And of course, particular material may be determined not to be copyrighted, or may have copyrights suspended or revoked only after judicial intervention. Copyright holders cannot be relied upon to be honest; their interests are in asserting copyrights no matter what.

The corresponding judicial order would include release of any corresponding keys, or, more likely a small key set that puts an unencrypted version into the public domain.

While an inconvenience to someone who only has the encrypted version, presumably they obtained such a version in the belief that the restrictsions were valid and to find they are not is a bonus.

It does raise the issue of lost keys, however. I would argue that, with such a system, copyright should only be enforcable on material with plain text versions in government escrow.

3) Fair use is applicable no matter what technology one wishes to employ. I can time shift and space shift with a VCR if I want to.

You could certainly do this with encrypted content.

Restrictive technology should simply never exist.

I'm afraid that, as it becomes possible for code to enforce law, it will be used for that purpose. Such code can be overly enforcive, or finely tuned to the intent of the law. Open DRM implementations allow the latter (and may be a bit more lax than the law permits, relying on non-code legal enforcement for the difference). Closed ones do not.

Re:Open Source and DRM are fundamentally incompati

[cpt+kangarooski]

One can, however, approximate its codification quite well: once limited plain text extracts can exist, and complete unlimited archival encrypted copies, what else is required?

Fair use can, depending on the circumstances, permit the entirety of a work to be copied. Timeshifting, spaceshifting, and parody are all examples.

If I were creating a parody of a work, I might do so by taking the entire work, and then juxtapose it with other elements. Or I might take an extremely substantial amount of the work -- the entire visual part of a movie for example, and combine it with another soundtrack.

How can any brainless technology decide what's okay and what isn't, when it can take a host of federal judges, who are pretty smart themselves, quite a lot of effort to hash things out?

Fair use is decided on a case by case basis. It makes reference to things that technology cannot possibly hope to anticipate or know, such as the economic impact of a use, or the user's intent.

Technology is not and likely will never be up to the job. Maybe if we had strong AI you'd have an argument.

Simple: the law can require that DRM software permit this, and open DRM software can be inspected to ensure that it does.

Sounds like a content-based restriction on free speech to me. Maybe even viewpoint discrimination.

Re:Open Source and DRM are fundamentally incompati

[apweiler]

once limited plain text extracts can exist

Apart from all the other points that have been made, this one seems quite plain to me: Once they can exist, you can make extracts of each bit of the content and reassemble them into a full plaintext copy. Tough luck.

OK. Say the DRM system prevents me making more than, say, 10 extracts of 100 words each of an E-Book, 5 extracts of 10 seconds of a song, or something like that - and some kind of authority keeps track of this across different computers, of course. Now, I go to IRC and find 50, 100, 500 people who have the same piece of media, each makes appropriate extracts, someone collects them and reassembles them. A lot of work? Yes, but look at the lengths some warez dudes will go to just to get a cracked copy of something out - and once it's out on P2P, you lose. (Which is of course the problem with all of this - once one copy is out, perhaps even an analogue recording from line-out, all is lost.)

What I'm increasingly thinking might make sense is a kind of 'voluntary' DRM (or simple copy-protection) - leave the code completely open so that people *can* circumvent it quite easily, but tell them that it's a) probably illegal and b) possibly immoral.

Re:Open Source and DRM are fundamentally incompati

[renehollan]

Time and space shifting are no problem with this: a proper key escrow system can distribute "your" keys to all the equipment you own. By itself such an escrow mechanism does little to impede privacy since it (a) simply protects content available to the masses and not private in nature and (b) is not correlated with people encrypting for you with the public key (though I can see how that might happen if it is not carefully designed).

Entire extracts, bit-perfect, extracts for parody? While fair use, I find it unlikely that this would be done with a lengthy work in a manner that would require perfect extracts. I'm sure you can find fair use examples that are prevented with such DRM (since fair use can't yet be codified), but such uses probably comprise a small percentage of the fair use specturm -- time and space shifting, archival backups, and minor extracts are the big issues, IMHO.

If the "industry" screams for DRM, I'd rather provide somewhat palatable DRM as a fait acompli, rather than having clearly more draconian forms shoved doen my throat which make any fair use impossible.

I can furthermore see plenty of legitimate uses for providing computing resources under the control of selected others, besides hoisting **AA's profits (just clearly not all my computing resources. Rather than a blanket data freeway to my computer, I think of it as a digital "right of way", clearly defined and limited.

Sounds like a content-based restriction on free speech to me. Maybe even viewpoint discrimination.

Sorry, I don't understand how you reach this conclusion. The notion that I have is that if DRM is entrenched in a device, and a fair use is discovered that it prevents, the onus is on the owner of the keys restricting the fair use to make it possible (or, to make the restriction requiring the keys short enough so the problem "goes away" reasonably quickly).

Re:Open Source and DRM are fundamentally incompati

[renehollan]

Of course, limited extracts can be combined to make a whole. I was mostly concerned with the ability to time and space shift and make backups. However, others criticized my ideas based on other fair uses, and rightly point out that, since fair use can't be codified, there will always be some fair use that is unduly restricted (I have legal solutions to this, but the problem is acknowledged). I'd be happy if that unfortunate circumstance applied to a very small minority of fair uses.

As to the "parallel small extract loophole", a combination of fair pricing, difficulty in coordinating extraction, and ease of identifying blatent large-scale violators, should make this less of a problem than it might theoretically be. If "piracy" were the theoretical problem with unencrypted media that it could be, no more than one CD would ever be sold, and that copy illegaly duplicated and redistributed. Of course, that never happens. Sorry, if tha **AAs want any DRM, fair use has to be a priority and they can't have something completely bulletproof.

I can, however, imagine relases that might lock out some fair uses, legitimately, for short durations after release, espescially problematic ones. I'm thinking weeks, or at most, months here, before extracts are allowed, for example. Before one cries, "lack of fair use!" the response , "You didn't need to make an extract the day before release, you can wait 3 months" is offered. For most entertainment media, this is probably reasonable, though for news (which expires quickly), delays on the order of minutes to a few hours, at most a day, might be in order.

Re:Open Source and DRM are fundamentally incompati

[cpt+kangarooski]

Time and space shifting are no problem with this: a proper key escrow system can distribute "your" keys to all the equipment you own.

Sadly, it's a big problem. Rights are held by people -- not things. My VCR has no right to time shift. I have that right, whether I do so on my VCR or using someone else's. For example, if what you said was true, how would I take a cd to Kinkos to burn a copy on their CD burner, which at present I have every right to do there if I have a right to do it at all.

Entire extracts, bit-perfect, extracts for parody? While fair use, I find it unlikely that this would be done with a lengthy work in a manner that would require perfect extracts. I'm sure you can find fair use examples that are prevented with such DRM (since fair use can't yet be codified), but such uses probably comprise a small percentage of the fair use specturm -- time and space shifting, archival backups, and minor extracts are the big issues, IMHO.

It is utterly irrelevant whether it happens a lot. Copyright is intended to promote the public good, and it constitutionally required to have a fair use exception since to do otherwise would be to frustrate it's very aims. You're basically saying that copyright does not have to do what we want it to do, viz. perform a public service. That's totally unacceptable.

Furthermore, all uses start out small -- timeshifting began with the people that were testing out Sony's Betamax, and the famous lawsuit on the issue covered what they were doing; not what, eventually, tens of thousands or more people were doing.

Ditto for people spaceshifting CDs to mp3 back in the days of the Diamond lawsuit.

Your foolish, shortsighted proposal would have the effect of forever fixing the state of fair use without a single care as to whether or not it was actually a good idea. For how can public demand ever be measured for something if it is quite impossible to get there?

Think of the way that demand had to be cultivated for a myriad of products and services, from xerox machines to tupperware. There was no articulable preexisting demand at all.

So shall it be for the next major class of fair use, I suspect. We'll never know that everyone will do it until they discover that they can, thanks to the efforts of trailblazers that are engaging in it early.

If the "industry" screams for DRM, I'd rather provide somewhat palatable DRM as a fait acompli, rather than having clearly more draconian forms shoved doen my throat which make any fair use impossible.

I refuse to compromise on it. Frankly, I feel that if any author releases any copy or edition of their work in a protected format, that we ought to revoke their copyright then and there, as well as any existing prior causes of action.

DRM is fundementally incompatable with the goals of the copyright system. We cannot forbid it, but we certainly can utterly fail to reward those who would engage in it, and generally discourage it at every turn. (e.g. not permitting DRM to be a deductable business expense for tax purposes, etc.)

Sorry, I don't understand how you reach this conclusion [that government mandating the use of DRM would be a content based restriction on free speech].

Well, imagine if the government said that anything you write has to include the phrase 'God bless America' in it? That would be totally unacceptable, because they are forcing you to say something that you do not want to say.

Likewise, if the government said that everything you write has to include a DRM system, they are ALSO mandating speech, which is a hugely bad thing to do. Particularly if you're trying to write about how awful DRM is.

In the commercial arena there's the tiniest of exceptions for certain types of health and safety information (such as ingredients in drugs) and truthful advertising, but nothing to the level of what you propose.

a fair use is discovered that it prevents

Such a fair use likely never will be discovered. There'll be no capability to get that far. Read Lessig's book 'Code' for a discussion of how the capabilities of things limit or impede our ability to perceive anything outside of those existing capabilities.

Re:Open Source and DRM are fundamentally incompati

[apweiler]

All quite valid, but ultimately, I don't really see the point anymore - if you're going to trust people a bit, you might as well trust them fully.

As for 'no extracts for 3 months' - what about reviews? Special licenses for reviewers? Nice, the RIAA gets to decide who's allowed to review an album...

'No more than one CD sold' - I don't mean that everyone will get a pirated copy if one's available, but that everyone who wants to pirate can and will once a plaintext copy is out on P2P. Large-scale violators? Ordinary P2P, once it's out, it's hard to see where it originated; if the RIAA gets tougher in tracking down these people, move to Freenet.

As I said - I don't really see the point. Why not trust people for a change...
(I know, because the RIAA wants to expand their profits and control, and fair use is not compatible with that)

Re:Open Source and DRM are fundamentally incompati

[renehollan]

All quite valid, but ultimately, I don't really see the point anymore - if you're going to trust people a bit, you might as well trust them fully.

Unfortunately, a small minority of people are used to justify laws that make life miserable for all the rest of us. You can't trust people unknown to you. Do you?

The point is that I can see legitimate value in special-purpose computing devices in one's posession that one does not control. Think electric meter.... do you control yours? One of those forms of legitimate value is providing some kind of rights control to copyright holders in exchange for quicker, cheaper access for consumers. Just because that isn't the deal the **AA wants (having their cake and eating it too), doesn't mean it shouldn't be the line in the sand we draw. Basically, "You want DRM? This kind of DRM or none at all."

As for 'no extracts for 3 months' - what about reviews? Special licenses for reviewers? Nice, the RIAA gets to decide who's allowed to review an album...

I picked three months as an arbitrary figure. In practice one of several conditions would exist, (a) professional reviewers would have equipment that permitted extracts regardless of encoded restrictions, and clearly not controlled by content producers; (b) restriction periods would not be anywhere near three months on a CD release... a week perhaps? Let the die hards buy it unreviewed or even unheard -- there is some music I purchase that way based on band reputation; (c) An extract is not necessary for a review.

Other positive applications of such devices, which necessarily imply a public key trust hierarchy, are relatively secure communications as a matter of course. Yes, the keys are escrowed, so it isn't "secure" in the sense we'd consider it, but it is a far cry from a completely public internet, which I can't see as a bad thing. There's no stopping anyone from layering greater security over it.

Re:Open Source and DRM are fundamentally incompati

[renehollan]

For example, if what you said was true, how would I take a cd to Kinkos to burn a copy on their CD burner, which at present I have every right to do there if I have a right to do it at all.

Er, the same way you do now? A perfect copy of encrypted material is perfectly fine. Have you never photocopied something in a foreign language for a friend?

Your foolish, shortsighted proposal would have the effect of forever fixing the state of fair use without a single care as to whether or not it was actually a good idea. For how can public demand ever be measured for something if it is quite impossible to get there?

Think of the way that demand had to be cultivated for a myriad of products and services, from xerox machines to tupperware. There was no articulable preexisting demand at all.

You presume that the only way a fair use can be argued, defended, and, in general, identified, is if it can be exercized apriori of determination of its legal status. While convenient to demonstrate its practicality, I don't see that as necessary to imagine it.

Let those that can envision new fair uses argue their legitimacy as fair, and if they win, obtain judgements against users of DRM systems that do not respect them. This turns the whole burden around and makes DRM quite inconvenient on the copyright holder. This does not mean that it may not be a justifiable inconvenience: the trick is to constrain restriction periods to a suffciently short interval that no new fair use unduely constrained is likely to appear. This does mean copyright terms being severely reduced, of course, lest the copyright holders want to continuously play fair use catch up.

The alternative is to completely eliminate copyright as allowing any but severly defined (i.e. codifiable) fair uses, because it is incompatible with any kind of DRM, as it stands today. I can see that happening, with severe constraints on DRM-imposed restrictions.

The problem is that copyright, at present, is no longer practical to enforce without DRM that eliminates all fair uses. Something has to give, and I don't think that intellectual property law (vis. copyrights, patents, trademarks, and they are all very different), will just go away.

DRM is fundementally incompatable with the goals of the copyright system. We cannot forbid it, but we certainly can utterly fail to reward those who would engage in it, and generally discourage it at every turn. (e.g. not permitting DRM to be a deductable business expense for tax purposes, etc.)

Yes, economic boycott of DRM is a distinct possibility. But, to be a success, the public at large would have to reject the notion of copyright as a right. I don't think the average person is aware enough of the issues to take a vocal stance.

I do think that the public at large values fair uses such as time-shifting, space-shifting, etc. and has little care for other ones (parody, criticism, and new uses). Defending those is better than losing all of them, and doesn't require taking an extreme position. Furthermore, once the notion of common fair use is entrenched in the public psyche, support can be garnered to regain less common ones.

Yes, I am proposing a tactical retreat from the "oppose any and all DRM", because I don't think that argument will carry the day.

Well, imagine if the government said that anything you write has to include the phrase 'God bless America' in it? That would be totally unacceptable, because they are forcing you to say something that you do not want to say.

Likewise, if the government said that everything you write has to include a DRM system, they are ALSO mandating speech, which is a hugely bad thing to do. Particularly if you're trying to write about how awful DRM is.

Oh! I would never endorse a system that mandated DRM: content creators should be as free to exercise their right (or not) as they wish. You're arging, in effect, that if someone tried to do a copyleft aroun