Sun's Open Source DRM

DigDuality writes "Wired has an interesting look at Sun's proposed 'Open Source DRM'. From the article: 'Its goal is to promulgate an open-source architecture for digital rights management that would cut across devices, regardless of the manufacturer, and assign rights to individuals rather than gadgets [...] If DReaM works, consumers will be able to access their purchased songs through a number of providers, and using a wide variety of devices." Slashdot took a first look at Sun's DReaM last August.

weird perspective for a conflict... and wrong!

[yagu]

I'm kind of surprised Sun gets it wrong this time. DRM and its insult/harm to the consuming demographic has almost nothing to do with its technological underpinnings and mostly everything to do with customers' collective perception of the disdain by the industry.

It's already enough of a pain to use unencumbered technology. Thankfully (I guess) I'm part of the tech-savvy crowd, I've done all of (okay most...) my research and homework on HDTV, mp3's and ripping, copy protected CDs not to buy (a tip of the hat to Amazon for flagging copy protected CDs) but it's a constant gauntlet we run.

But have you helped and worked with people who are trying to get their home wired and set up and continued running? It's a nightmare, and I'm not even talking about DRM yet. Even if the first (two) generations of HD DVD roll out unencumbered, they're going to be a royal pain... but with DRM, commercial or open source, forget about it!

From the article:

Jacobs expects the fiercest resistance to come from backers of existing, closed-source DRM. "If you happen to be one of those handful of winners -- there are probably two winners at the moment -- you want to make sure there's a lot of FUD out there about how hard it is for the whole world to switch over to anything other than what they've already got. But in reality, everyone else is on the outside, looking with great envy at the potential for success that's been shown by this first generation of digital distribution solutions. And so all these other suppliers on the outside are looking at how they (can) get in."

This is a red herring -- Jacobs merely describes the battle for rolling out DRM. The strongest resistance will come from the user community and I don't even think it's likely to be fierce, it's likely to be passive. Mass consumers will look at the wall of technology, the rules, the configurations, the expense, and will quietly resist the new technology and DRM by simply staying with the already-good-enough media they have.

The article tries to compare this "fix" to the old saw about incompatibilities between browsers. This is NOT the same thing, this is about transparent and without paranoia product use and the "fix" fails the sniff test.

If the industry: RIAA, etc, don't figure this out in time an entire generation of new technology for entertainment runs the risk of dying on the Ethernet vine.

Re:weird perspective for a conflict... and wrong!

[networkBoy]

MOD PARENT UP UP UP.

This is so correct. My favorite media player is my modified Xbox because it works. I have no real need to pirate anything, but having your current library of videos available "on demand" is great, the added bonus of my daughter not being able to scratch her $40 a pop and up disney DVDs. DRM may kill this system, which means I will not be getting new content.
-nB

Re:weird perspective for a conflict... and wrong!

[Japher]

I'll probably get modded down for this, but here goes anyway. I see a lot of valid arguments against each new DRM mechanisim that comes out, but nobody seems to be offering an alternative. Sure, it would be great if we didn't have to deal with DRM, and it would be nice if we could trust everyone not to steal protected content, but thats not the way things are. Don't get me wrong, I hate the RIAA as much as the next guy, and I think they generally work against the better interest of the public as well as artists, but they do have the right to protect their investments. So my question for everyone opposing this move by Sun is this: Whats wrong with having an open source, freely distributed DRM system so we can at least be sure nothing nasty is going on behind the scene?

Re:weird perspective for a conflict... and wrong!

[nkh]

I see a lot of valid arguments against each new DRM mechanisim that comes out, but nobody seems to be offering an alternative.

The alternative is NO DRM, that's very easy: I buy and I can do whatever I want with it (no, I haven't said "put it on the internet") There is no DRM without problems to the customers: the CD that is not playing in the car, the song you can't put on your mp3 player or the game that won't play in three years on the new Windows (and yes, I still play Monkey Island, that would be impossible with DRM)

Whats wrong with having an open source, freely distributed DRM system

The DRM is wrong. If you don't trust me, your customer giving my money, I'm not buying.

Re:weird perspective for a conflict... and wrong!

[kimvette]

I believe the alternative is called "Copyright Law" which is in of itself in need of a major overhaul, especially where the DRM mongers see copyright as a one-way street and oh-so-conveniently forget about Fair Use and also about expiration of the copyright down the road, which DRM effectively prevents.

DRM should be outlawed since it allows copyright holders to violate copyright law by preventing a work from ever becoming public domain. Period.

Re:weird perspective for a conflict... and wrong!

[hackstraw]

DRM may kill this system, which means I will not be getting new content.

I just thought of what the media people would do if they were in another service industry. Lets take for example, running water. Lets pretend that Sony gets into the water business.

If they were in the running water business, they would probably be in other businesses as well. Like Sony does content, hardware, etc. So you could get a Sony sink and faucet with your Sony water.

The difference is that you would have to use your Sony sink, or Sony licensed sink to drink your Sony water. The Sony water would then have to be protected so that a Panasonic sink would not be able to dispense of the Sony water. How would they do that?

DRM. Yes, they would add a poison to the water, at great expense and danger to the public. The water would kill you in seconds of ingestion without the aid of a Sony sink to remove the poison.

Of course, you could license the rights to drink Sony's poisoned water, but all of the fittings would be nonstandard. You would have to get special tools to work on the sink. Oh, and Sony water would never just go through PVC or copper pipe. The Sony water would need an end to end transport system.

Re:weird perspective for a conflict... and wrong!

[IAmTheDave]

Whats wrong with having an open source, freely distributed DRM system so we can at least be sure nothing nasty is going on behind the scene?

If DRM were used as you read, that would certainly make an argument for the validation of DRM. However, the people you speak of on this site that oppose DRM do so because it's not about piracy and lost moneys - it's about control. Taking control out of the hands of the consumer and putting control into the hands of the corporation.

Originally, control of distribution was about as far as things went. But with technology, media companies see the ability to control the media (and the devices that play such media) through the entire lifecycle of the device or media. Creation to destruction - media corporations watching everything you do, every time you do it.

In this understanding, DRM is inherantly (sp?) evil. Sun hopping on board - even with "open source" as a moniker, makes Sun still a player on the evil stage of control. Open source control of my legally purchased media is still control and is still - to it's very core concept - wrong.

Re:weird perspective for a conflict... and wrong!

[hunterx11]

Don't get me wrong, I hate the RIAA as much as the next guy, and I think they generally work against the better interest of the public as well as artists, but they do have the right to protect their investments.

For once, someone actually is begging the question on /. The assumption here is that DRM significantly deters piracy. This claim is far from obviously true, and I have never seen any solid evidence to support it. However, it is known that people who use media encumbered by DRM if anything have a worse experience than those who use unencumbered media (including pirates). Definitely providing value to the customers is a better idea (and a sounder business decision) than possibly putting a small dent in piracy while inconveniencing legitimate customers.

Re:weird perspective for a conflict... and wrong!

"So from my perspective I think it's only rational to recognize that, unfortunately, we DO need locks on the front door. "

Fine. Go put locks on YOUR front door, and post as many security guards and cameras around as you like. But if you're selling to me, your guards and cameras have no business being around once I pay. Stores have cameras to protect the property in the store; they don't attach a mini-camera to see what you do with products you buy.

Or, would you like Ford to put a camera on your car, to check that you don't install third party parts? Perhaps Sony would like to visit once a month to see that you haven't modded your PS2? AT&T might like to stop by and make sure you're not putting any unapproved devices on your phone line. DirecTV knows you didn't buy satellite service from them, so they'd like to take a peek and make sure you didn't buy a black market receiver off ebay.

There's got to be a limit to this, and that's at the point of sale. It doesn't matter if you trust the buyer. If you find they violated the copyright, go sue them later. That's the remedy the law provides, and it is perfectly adequate.

Which brings up the problem that people seem to buy the claim that copying is currently a significant economic loss. Just about every non-??AA study I've heard suggests it is negligible, or encourages sales. That's not to say there isn't the right to enforce existing laws, but that there's no demonstrated need for additional protections. So this sort of lock is not only improper, it is entirely unnecessary. How much lower would DVD prices be, if casual copying were completely eliminated? How many more movies would be made per year, if only CSS were uncrackable? Which studios have closed shop, because the VCR and the Internet destroyed their revenue stream? If enforcement of existing laws is adequate, and there is no gain from stricter laws, why should anyone favor more rules?

Think of speeding, maybe. It's not that it doesn't happen, or that it doesn't have negative effects when it does happen. It's just that it's silly to put a lot of additional effort into cracking down on it when we would gain little benefit. Why don't we put a speed governor in every car sold? I tend to think it's because there are some circumstances where it's better to let the driver make a judgment than to strictly enforce the law, but as much as I dislike the idea, I have no solid reasons. But arguing for DRM is a lot like saying every car must have a speed governor. ...

Another comment is that "we're probably going to need to do it ourselves" doesn't apply to this any more than to Microsoft or Apple. It sounds like Sun is thinking of a closed-source project where applications would be reviewed by a committee rather than by a single company. This is probably good if you're a company; you never want to have to trust your product to a single competitor. But it's no more open to the average developer than the DVD CCA is. ...

As a separate issue, how would an Open Source DRM system work? If I'm able to decrypt a file once, I'm able to save it in an unencumbered format. It's fundamentally different than encryption; PGP, for example, isn't designed to prevent you from posting every email you get to a web page. Current schemes assume that the recipient of the keys can be trusted to use them for only the intended purpose. This seems to be based on an assumption that a hacker can't see the code or key (because they're using a microcontroller that has a hardware Code Protect feature), that a network protocol can't be emulated (for cases where a key must be retrieved from a server), or that it's too much of a pain to bother (presumably what Windows Media and Fairplay must do). These are all essentially security through obscurity, and I don't see how that can work in an Open Source environment.

Re:weird perspective for a conflict... and wrong!

[Alsee]

Gahhh! I really wish people would QUIT TALKING ABOUT MAGIC FAIRY DUST!

So how about DRM that let's YOU do whatever you want with it? (Except put it on the internet, which you implied you weren't going to do anyway.)
To my mind a "perfect" DRM system would do just that.

It does not exist. It cannot exist. It is a physical and logical impossibility.

The general ability to make noninfringing use fundamentally means the ability to create general software and independantly independant products capable of reading the raw unrestricted data and manipulating it in any new and innovative way and creating general unrestricted output. Innovative uses and innovative products are BY DEFINITION impossible to define in advance.

So either explain why a blind person should go to prison for using a text-to-speech converter on a DRM'd e-book and explain why a programmer should go to prison for distributing that text-to-speech converter to blind people, or quit saying that all you want is some physically impossible magic fairy dust DRM that allows people to do whatever noninfringing things.

In one sense, this is what Apple does with iTMS music, in that I can put a purchased song on any number of iPods that I've registered as mine.

Completely false. iTunes is completely locked down and PROHIBITS EVERYTHING, everything other than playing the files using the predefinded and restricted software on the predefined and restricted players in the predefined and restricted manner.

They cannot be played on any other mp3 player. They cannot be played in WinAmp or any other music software. They cannot be run through any visulization software. They cannot be played backwards. They cannot be linked up with a lyrics text file for synchronized playback/lyrics display. You can't do ANYTHING except play it in the most basic manner, and only on a restricted Apple iPod or in the restricted Apple PC player.

You claim you want a "perfect" DRM system would let people whatever they want (except put it on the internet), but in fact what you are defending is DRM that prohibits everything, and which says that blind people go to prison for text-to-speeching an e-book and which says that programmers go to prison for supplying that product for blind people.

I'm sorry, but there is no magic fairy dust DRM system that you say you want. It does not and cannot exist. You either need to give up on DRM enforcment, or you need to exterminate the free market and prohibit innovative products and prohibit interoperable products and you need to say that blind people go to prison for playing e-books and that people who supply software for blind people also go to prison. That's what DRM enforcment means - that if the supplied e-book software didn't already have a text-to-speech feature that those blind people and those programmers are criminal for circumventing the DRM itself.

I think it's only rational to recognize that, unfortunately, we DO need locks on the front door.

Fine, put all the locks on the front door you like. However once I BUY THE HOUSE, it is absolutely absurd to suggest that I should go to prison for "picking the lock" and ripping the the entire door off MY house so I can move my piano into my livingroom.

Why are so many people so keen on destroying traditional copyright, to instead replace it with DRM and imprisoning innocent noninfringing people? This is entirely new and it is entirely invalid and entirely unacceptable and entirely baseless.

Yes to copyright, no to horribly broken DRM laws.

DRM never worked... all we've done is create a broken law criminalizing innocent people in a horribly misguided attempt to get DRM to kinda-sorta work.

-

The real question

is how they mean to spell it: Dream or D-Ream?

Interesting!

I always find it strange how Sun's business model seems to constantly be evolving towards developing products that either

a) no one wants, or
b) have already been made.

Just because it's open source doesn't make it "right," or even useful. DRM is all about the content provider being able to dictate what your computer is capable, and incapable of doing; if you really do want your computer use restricted by commercial companies (not even necessarily within your own country), then yeah, maybe this might be a good idea.

This is the kind of DRM I could support

[Maxo-Texas]

If I read the article correctly...

I purchase the -right- to listen to a song.

Once purchased, I can replace it if I lose it.

Once purchased, I can listen to it on any new form of playback that comes along.

---
I doubt it will be supported since it undercuts the dream by the media creators that we pay every single time we play a song- and we rebuy it for each new playback device.

Re:This is the kind of DRM I could support

[Cheapy]

I'd rather not have the DRM at all.

Not GPL v3 then...

[TangoCharlie]

I don't suppose it'll be licensed under the GPLv3 then?!

I guess DRM is not going to go away anytime soon, so it would be better that
the implementation is open-sourced. However, a high-quality open-sourced
DRM mechanism is less likely to have the "holes" which the Hymn project,
for example, rely on...

Anyway, it's probably doomed anyway... can you see Apple or Microsoft using it?

Erm, no.

Assign rights to individuals rather than gadgets

[Spy+der+Mann]

Um, isn't this what LAWS are for?

Wake up Sun!

[Ex+Machina]

When was the last time some consumer/end-user level standard you pushed was adopted en masse?

Java... NO (not on set top boxes that is)
JXTA... NO
SunRay... NO (only a few universities / corps)
Liberty Alliance... NO
OpenLook... NO
JINI... NO

I'll throw in a few non-consumer things, just to be a dick:
SBus, JavaOS/JavaStation, etc.

Sun's history is littered with failured "standards".

Re:Wake up Sun!

[jb.hl.com]

Java is a massive success. Right now, a lot of people have it on their PCs, if only for LimeWire. And new mobile phones will, 99% of the time, have a Java runtime environment on them. I know mine does. Might just be used by bored commuters to play sudoku or whatever on the bus, but it's still used, and useful.

Damned if you do, damned if you don't

[Bogtha]

Open source support for DRM - con: DRM can only be successful with widespread software support. By supporting DRM, you make it easier for DRM to be successful.

Open source boycott of DRM - con: DRM can probably gain widespread software support even without open-source software support, so a boycott is likely to only have the effect of alienating open-source software to end-users.

If open-source platforms were significantly more popular, then supporting DRM probably wouldn't be a good idea. But because open-source platforms don't have significant mindshare among the general public, it's more difficult to resist, as the only effect resisting will have is negative.

Would be nice, but..

[The+Cisco+Kid]

If its 'open source', then it will be trivial for any qualified coder who wants to produce a modified version of the code to remove the restrictions instead of enforcing them. Even if the 'rights holders' are somehow fooled at first, I think they'll catch on eventually.

There is no way for restrictions such as those desired by the 'rights holders' to be enforced absent proprietary binary-only programs doing it for them. And even those usually are defeated, as well. The scheme MS used to call Palladium, where the restrictions extend right to the hardware, is the only way it can ever work even close to their satisfaction. And quite frankly, I hope that never happens, becuase that is the end of any hope of ever overcoming the MS monopoly.

Re:Would be nice, but..

[MobyDisk]

People used to say the same thing about encryption: If it was open, then anyone could break it easily. But we have learned that for encryption to be ubiquitous and reliable, the algorithm must be open.

Perhaps it will turn out that DRM is the same way. Has anyone read any serious research into DRM strategies and algorithms? Does this turn out to be the case that it must be closed to be secure? Isn't it really just a key distribution question?

Re:Would be nice, but..

[sqlrob]

It means they aren't secure.

Open Source Encryption is fine, since only the people with the keys can do anything useful to the data stream, an attacker is still in trouble.

With DRM, the attacker and the valid user can be one and the same. That's a lot harder to protect.

Technical description?

[PastaLover]

Does anybody have a link to a good technical discussion of this thing? This article really is fluff and doesn't get into any details. I would very much like to know how they intend to bar un-authorized people from playing their files. After all, the program is open source (or is it?) so can be easily modified to allow the audio output to be written to an unprotected file somewhere. Obviously they would need to encrypt their files in some way, but then how do they intent to prevent people from getting at the keys?

Totally confusing. :/

Middlemanhandling

[Doc+Ruby]

How about consumers get to "access" the content we own any which way we please? Not just some restricted way that fits the transient business model of whoever used to own it before they sold it to us. Not just through some extra intermediary who adds no value, just enforces "rights" the seller feels privileged to retain in violation of actual property rights. Just sell us the damn stuff, and keep your greasy fingers out of our pockets while we use it however we want.

If we actually do something that violates a law or agreement with you, then by all means prosecute/sue us. Or stay out of the business if it's too risky for you. Just stop selling me yet another copy of _Dark Side of the Moon_ just because you made my last player obsolete.

Re:Assign rights to individuals rather than gadget

[coldmist]

No, laws NEVER, I repeat, NEVER assign rights to individuals. Rights should be protected by laws, from encroachments by the respective government or other individuals, but can not be "assigned".

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. --That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, --That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness.

Sadly, DRM is needed

[MikeRT]

The problem is that most people feel that it's not harming anyone when they copy movies back and forth and things like that. I know that it's not taking money out of the hands of the studios and labels, but it does add up to sales that they could get. A lot of pirates are people with the money to actually buy the content that they copy for free.

There is a very real free rider argument to be made here. Most small bands don't get a lot of support from the "fans" that just rip off their music. In college, I had a few guys be shocked by how good they thought Lacuna Coil's album Comalies was. They had the money to buy it, but they insisted that I just burn them CD-to-CD copies instead. They never went to the shows, never bought the merchandise, but hey Lacuna Coil kicks ass and damned if they can't eat off of good will from non-paying fans! Please, no bullshit comparisons to radio. That's like saying that since a movie is shown on HBO, that there is nothing harmful to the movie maker when the fans never buy the DVD, but just make a digital copy off of digital cable TV.

You're not sticking it to the man, but rather sticking it to the very people who are getting fucked over by The Man. Even most bands that make it on Fuse and MTV2 are getting screwed by their labels. I'm still waiting for an alternative system to come into existance going on seven years after people started saying that Napster would give birth to one based on viral marketting and internet sales. Guess what? It hasn't happened. The best that we can hope for is to change the middleman's behavior the way that the antitrust trial forced Microsoft to stop pointing a knife at OEMs' throats.

An open source DRM is something that can be defined in a fairly democratic way. It is a way for buyers to define the terms that they are happy with. If it's never supported, the labels and studios get less money. If it is, then great. Either way, no harm, no foul. Just don't expect the content creators to accept a world in which they are forced to rely on good will and honest behavior. If the terms of Apple's store aren't good enough for you, then promote this DRM by buying content sold through it. Simply taking content you want because it is not sold at prices and DRM terms of your liking is wrong, and dangerous, because the next generation might grow up thinking that that rule applies to jewelry, cars, electronics and other physical property.

DRM Dilemma & a solution

[sweetnjguy29]

I really hate DRM because it limits my freedom. I don't like how complicated it makes copying a simple DVD. But I really like the idea of DRM because it has the potential to protect my work from unauthorized distribution and copying and increasing my cashflow.

The problems I have seen so far with DRM are:
1) Heavyhandedness of DRM schemes
2) Shitty implimentation that causes serious problems on users' computers (eg Sony Rootkit)
3) Inconsistant quality of the DRM scheme itself, which leads to...
4) Easy to crack DRM that is useless.
5) Consumers don't understand that DRM is restricting their rights because,...
6) ...copyright holders mislead and confuse consumers when they buy DRM'ed goods.
7) Small business people can't afford to set up and maintain a good DRM system
8) Large business people don't understand DRM

I think all 8 of these points could be solved with an open-source (or free) software solution. DRM needs to be fair. Not burdonsome.

I have a feeling that Sun's DRM scheme won't use a GPL or any other widely accepted open-source license. Thats the real issue here people!

DOA thanks to MS and the **AA

[suitepotato]

The DRM wars have taught us several things thus far.

1. Content originators view any exposure to to their content as a potential profit and any exposure not paid for as theft.
2. Content originator associations see #1 as an absolute beyond question on the level of religious dogma. This has risen to the level of holy effrontery.
3. Content originator associations view all possible viewers of content as possible non-paying viewers of content and hence as possible theives of content.

DRM has been essentially linked with the concept that we the people are the enemies of those who bring us our entertainment and we exist to be milked for money and nothing more. As a longtime writer who's given away his works for free, I keep in mind that sometimes being a content originator isn't about making money but about doing something more ephemeral for myself. In the clash of absolutes, an inflexible wall has been erected and we are up against it. DRM open source or otherwise is a dead issue, no sale.