EU Encouraging Standardized DRM, Licensing

I Don't Believe in Imaginary Property writes "The European Commission is trying to encourage a standard licensing and DRM scheme for all of Europe, as well as 'cooperation procedures' and 'codes of conduct' for ISPs, copyright holders, and customers. No legislation has been proposed yet, but the 'cooperation procedures' sound like a push for an EU version of the DMCA Takedown Notices, which are already routinely sent to people outside the US. While simplified licensing might be nice, it's interesting that they don't appear to understand the inherent tension between standardization, interoperability and DRM — break once, copy everywhere."

Hm...

[rxmd]

they don't appear to understand the inherent tension between standardization, interoperability and DRM break once, copy everywhere.

Well to be honest that sounds like a good thing. If the industry is forced to do their DRM in an interoperable way it will be better than the present situation where DRMed content is practically not interoperable at all. And if the industry is forced to get their act together and actually do it right, because if they implement some kind of half-assed scheme that gets broken everywhere at once and forever, it doesn't sound too bad either. So maybe they do understand it.

I'm not a friend of DRM, but it's likely to stay around for a while, and in that case I'd rather have it implemented well than what we see at present.

Re:Hm...

[QuantumG]

And if the industry is forced to get their act together and actually do it right, Do DRM right. Do something that is information theory impossible, but do it right. Yes. I'll just get my magic pixie dust now. This time we'll sprinkle it *right*.

Re:Hm...

[rlauzon]

The only problem is that standardized DRM is a pipe dream.

DRM relies on a secret in order to work. If the DRM is standardized, that secret it out and the DRM is broken.

This, of course, presumes that the purpose of DRM is to "protect" content. We all know that the only purpose of DRM is to lock consumers into a product and restrict consumer choice. So standardizing DRM is something that companies want to avoid at all costs.

Re:Hm...

[TheVelvetFlamebait]

OTOH, letting DRM fail naturally from poor interoperability would be a potent lesson for the labels and studios.

Give them the benefit of the doubt, let them distribute any way they want, then turn 'round and say "I told you so".

Re:Hm...

[pla]

If the industry is forced to do their DRM in an interoperable way it will be better than the present situation where DRMed content is practically not interoperable at all.

And how do you propose we grant iPods the ability to "know" the intent of their users?

Because truly "interoperable", transparent DRM would require exactly that. A Zune would need to know whether you mean for that particular copy to go to a machine you own as a backup, or to a random stranger's machine as a time-limited "sample". And it can't just ask you, because you could conceivably lie.

I do, however, agree with you on one point - If we can get a single form of DRM codified as international law, then when we crack that one, we'll finally have won the war rather than just another battle in an ongoing war.



IMO, "break once copy everywhere" provides the only truly long-term solution to the artifically-imposed DRM "problem".

Re:Hm...

[MartinG]

I think you are looking too much at the short term.

Having more interoperable DRM will be better than having non-interoperable DRM right now, but it will only delay the real goal of no DRM at all.

I'd prefer to put up with a short term spate of incompatability, shortly followed by no DRM at all (which is actually already starting to happen, at least in with music) than a half-assed sort-of-better solution that in reality will never fully work as intended.

Re:Hm...

"Standardized" DRM will be based on a TPM in every machine. Ever machine that wants to access "premium" content will require a licensed, signed and certified operating system with certified drivers. In other words: Microsoft and/or Apple, running on Intel and/or AMD, with NVIDIA and/or ATI video cards... and all the software certified to "protect the precious digital bits owned by the copyright holder". And all of this will be enforced by treacherous computing PC hardware.

Re:Hm...

[badfish99]

Actually, if you read TFA, it sounds as though they want Europe-wide licencing for media downloads. Having one standard DRM schema might or might not be part of this, but they also want to stop the practice whereby paid-for downloads are charged at different prices in different countries: for example, Apple notoriously charge more for itunes downloads in the UK than they do in euro-zone countries. The original purpose of the EU was to create a "common market" where this sort of abuse could not happen.

Re:Hm...

[Richard+W.M.+Jones]

And all of this will be enforced by treacherous computing PC hardware.

Sure, but the treacherous hardware is here, in my hands. (Literally in fact - my desktop machine is an Intel development box which contains a TPM chip). Since it's in my hands, I can use whatever resources are available, and all the time and ingenuity in the world to break the DRM.

Once one person anywhere breaks the DRM on a piece of content and releases that content DRM-free, then everyone has the DRM-free content

Still don't believe me? If you want a parallel case, think about games consoles & "ROMs" (ie. game images) which are distributed on the net because a tiny fraction of a percent of console owners broke apart their consoles, found out how they worked, and removed the DRM from the games.

Rich.

Re:Hm...

[mlts]

When I think of standardized DRM, I am reminded of the Clipper Chip, of the mid 90s. Said chip was being pushed to be a part of pretty much any electronic appliance (computers, cars, modems) for cryptography. To protect the algorithm (which was classified at the time), the chips were highly tamper resistant (for the time), and were programmed with the Skipjack algorithm in a secure location after being made. Of course, we all know how well taken key escrow was at the time, and the Clipper chip died a slow death.

I can see someone coming out with a "TPM v2" chip that, instead of acting like a passive smart card like the 1.2 chip today, it being more of an active function, perhaps doing all the audio and video decoding on it, and only allowing decrypted input to be passed to another, similarly armored and tamper resistant, chip on the monitor. Of course, said "TPM v2" chip would be updatable and images pushed out within hours or days of someone breaching it. It could even be an integral part in the booting/running process of a machine, allowing and denying programs to run. Like the Clipper chip, its manufacture and algorithms can be made classified or top secret.

Then, laws and treaties (similar to WIPO) being put into force that make disassembly or modification of the "offical" chip meaning large amounts of time in a prison, and if one country doesn't enforce the law in their own nation, extradition treaties with another country could force citizens to be tried by judges in other countries.

Of course, somewhere down the line the chip becomes mandatory, similar to the V-Chip is in US TVs, and of course, sooner or later, it will require to phone home to be updated periodically.

Eventually, said chip could be made into something that can scan people's systems for anything that whatever nation thinks is bad, and silently phone home with the info, similar to how Punkbuster and WoW's Warden report people running cheat programs. Then, when someone goes to rip their latest DVD for their iPod, the chip notices the ripping/decoding software, phone homes immediately, and in less than 24 hours, the police arrive with a DMCA-based arrest warrent. (No search warrant would be necessary -- the chip would have done a formal scan of the machine and have sent up in a cryptographically signed/timestamped manner "proof" of the infraction with a list of software present.)

I can see standardized DRM taking place... and its a quite fearful thing, not just combining all the old school cypherpunk's fears with regard to key escrow in hardware, but taking modern issues such as rootkits, spyware, and "super-root" access, and mixing all this into one very noxious hodgepodge.

Re:Hm...

Sure, but the treacherous hardware is here, in my hands. (Literally in fact - my desktop machine is an Intel development box which contains a TPM chip). Since it's in my hands, I can use whatever resources are available, and all the time and ingenuity in the world to break the DRM.

True, but you are missing the point. DRM (at least for the tech companies) is not about piracy. It's about control over legal uses of technology. "Standardized DRM", is a codeword for Trusted Computing -- it's something that technology companies like Intel, Apple and Microsoft want very badly. Look at Intel - since about 1997 everything Intel has done as been influenced by DRM. '97 is when Intel put its engineers (in force) to work on programs that were deliberately meant to "secure a PC, softare and data, from the owner". I was at a talk from an Intel engineer using this exact phrase - he didn't call it DRM, because it wasn't in common use then.

For the last 25 years, the PC has been a mostly open platform - TC is an attempt to reformulate it into a closed vendor-lock-in platform, which rewards those companies who already have massive market share. Ultimately, the tech companies knows that piracy of content (at least in some form) is impossible to prevent. They also know that control of what code runs on a machines is a cash cow.

So... "standardized DRM" is the dumb-down layman's term for a world in which almost every PC has a Fritz chip/TPM which can be asked "is the machine running software with digital signature X" -- can it be 'trusted'. No Fritz chip/TPM... you aren't trusted, and you get nothing. No digitally signed and certified software... you aren't trusted, and you get nothing.

Gates/Job/Ballmer/[Insert tech company head here] wet dream.

Re:Hm...

[Drinking+Bleach]

Doing DRM right would be cutting off the viewer/listeners eyes, ears, fingers, and anything else that could potentially copy the information, no matter how tedious.

Re:Hm...

[somersault]

You are a moron. If someone can listen to it, then they can also place a microphone next to it and record it. Sure the quality will be slightly degraded, but if it's done in a soundproof room in the middle of the countryside then it will be pretty decent quality. It's called the analog hole. I'm not a cracker so I'm not sure about the hardware side of things, but it's funny how modchip makers and crackers keep being able to crack supposedly uncrackable hardware too, huh? You don't know what you're talking about with your 'tamper-proof' hardware, unless you're talking about rigging every unit with C4. I can just see it now "WARRANTY VOID IF SEAL BROKEN (oh and your living room may end up rather void too)"

Re:Hm...

[bzipitidoo]

That's what baffles me too. Why can't these people understand that DRM cannot work? When 16 year old kids can break their schemes, you'd think that would be a strong hint that their schemes are hopelessly weak. But they don't take it that way, they only see that that one scheme wasn't strong enough, and delude themselves that it's still possible, and waste lots of effort trying again. They sort of half-assed understand that none of their schemes can hope to work, that's why they try to pass laws that make it illegal for DRM to be bypassed. If DRM actually worked, those laws wouldn't be necessary. Too bad they don't really understand, or they wouldn't waste money trying to create DRM systems, and bribing lawmakers to pass these stupid laws.

It's one thing for the ignorant to push these DRM schemes. But MS ought to know better. Their refusal to understand is criminally stupid. Vista is exhibit A there. Now the DRM proponents are engaged in the grandest attempt yet. They're going to try to control the users' devices from end to end. Vista was just the first shot. Unfortunately for Vista, it has to run on a PC, and that provides but one of many ways to bypass it. Next try might well be a "Trusted Computing" PC, which I expect no one will buy. TC was supposed to protect users from malicious software. TC wasn't supposed to be perverted to serve malicious DRM software at the expense of its users. And it doesn't stop with enforcing their "rights", the controllers start to want to use DRM to just plain gouge their customers, because they can. Double bonus when there's a technical problem that strips users of their privileges. They make money in 2 ways, by not spending money to fix the problem and by forcing their hapless users to work around the problem by paying for everything again! Region encoding is another example. Treacherous Computing indeed! No one will buy such a system by choice, at least not without severe brainwashing. Even if everyone could be forced to buy such systems, it still could not work. Just takes one user somewhere to introduce an unapproved device. It's impossible to stop such an "attack". Every large high school will have a few 16 year olds who will be quite capable of doing that.

They called it "copy protection" in the 1980's. That's all DRM is, is copy protection by another name. And they pressed every undocumented feature they could find into the service of copy protection, because at its heart, copy protection is security through obscurity. And none of it worked. What's that quote? "Those who do not learn from history are doomed to repeat it". So you have examples from recent history, you have many scientists who understand that it doesn't work and didn't need to try it even once to know better, but none of that stops these DRM fools.

this cloud has a silver lining though

[jacquesm]

The EU is pretty fragmentary and local law trumps EU law when it comes to the citizens of your own country. This creates all kinds of loopholes.

Also, and I know that's a weird line of reasoning but I think that it is valid, the sooner we get through this shit the better, and if it takes getting these idiotic laws and then breaking them en masse then so be it.

The population is slowly starting to wake up to the idiocy of some of these laws. Right now chinese law (see the recent RIAA vs Baidu suit) is more reasonable when it comes to some of this stuff than the so called bastion of democracy and privacy that the EU is supposed to be.

We're being sold out here and that has never before been more apparent, maybe this is what it takes to get people to wake up, I sure hope so.

It's going to take more than a few torrent sites to get taken down for people to realize that their rights are being eroded left right and center.

Re:this cloud has a silver lining though

[bigtomrodney]

Actually EU law supersedes national law when it conflicts. This has been upheld on many occasions
European Law Supremacy

Re:this cloud has a silver lining though

[AliasMarlowe]

...and local law trumps EU law... Wrong.
The primacy of EU law over national law is explicit in the EU treaties to which all member countries are signatories. National laws must be amended and regulations recodified to comply with EU law (causing a certain amount of obscene posturing and squealing by local politicians).

Re:this cloud has a silver lining though

[Blimundus]

"The EU is pretty fragmentary and local law trumps EU law when it comes to the citizens of your own country. This creates all kinds of loopholes." That's completely false. EU law (if correctly adopted, and with sufficient legal basis in the treaties) prevails over local law. Also, some EU laws (the regulations, as opposed to the directives), don't even have to be implemented into local law to have direct effect.

Re:this cloud has a silver lining though

[jacquesm]

Yes, for the foreign parties it does, but for the local parties it doesn't !

I'll give you an example:

A dutch guy wants to marry a woman from Africa. In the netherlands he'd have to fulfill all kinds of BS requirements so he moves to Belgium, then marries the woman while in Africa and then moves with her to Belgium. In Belgium the dutch person can claim EU resident status, so EU law will trump belgium law.

(this is known as the 'belgium route' in the netherlands)

But in the Netherlands because he's Dutch he would not be able to do that, for a Dutch national in the Netherlands Dutch law trumps EU law.

(which is why the belgium route exists)

I know this sounds crazy but it really is true, an eu-resident but non-dutch person in the Netherlands has more rights in the Netherlands than a Dutch person does and conversely a Dutch person has more rights in other European countries than those countries nationals.

Re:this cloud has a silver lining though

This has nothing to do with Dutch national law trumping EU law in this case, which it doesn't, but with the fact that family law (the law governing marriage, custody of children, etc.), is not harmonized EU-wide. Every EU member state has its own marriage laws, but every member state also is obliged to respect marriages that have taken place under the laws of other member states.

Therefore, by moving to Belgium, you can profit from the (in this case) more liberal family law in Belgium, and when you move back to the Netherlands, the state is obliged to respect the marriage that has taken place in Belgium.

Therefore, your example is in fact an illustration of how EU law does trump national law!

Re:this cloud has a silver lining though

[jacquesm]

that's not how it is explained here:

http://nl.wikipedia.org/wiki/Belgi%C3%AB-route

I hope you can read dutch, just in case here is a translation of one section of the article:

"Discrimination of own subjects.

European law trumps national law. And yet, every member state is free to apply more strict rules to its own subjects.
This so-called 'reverse discrimination' can not be remedied by Communitylaw, because it is a direct consequence of
the limited powers of the Community. The obligations with respect to liberalization, such as described in the
Communitylaw, has according to the current jurisprudence of the Court in principle only applicability to the
cross border traffic. This indicates exactly the necessity of living (temporarily) abroad before you can use European law."

and the original dutch:

"Discriminatie van eigen onderdanen

Het Europees Recht gaat boven Nationaal Recht. Toch staat het elk lidstaat vrij, om haar eigen onderdanen aan strengere regels te onderwerpen. Deze zogeheten omgekeerde discriminatie" kan door het Gemeenschapsrecht niet worden verholpen, omdat deze het gevolg is van de beperkte bevoegdheid van de Gemeenschap. De verplichting tot liberalisering, zoals dat staat in het Gemeenschapsrecht, heeft namelijk volgens de geldende jurisprudentie van het Hof in beginsel alleen betrekking op het grensoverschrijdende verkeer. Welke dus exact de noodzaak aangeeft waarom het nodig is om (tijdelijk) in het buitenland te wonen, alvorens je gebruik mag makenvan het Europees recht."

I realize this is highly confusing but this really is the way how things are. In other words, if everybody in the EU would retain their nationality and would move to a different EU country (farfetched but theoretically possible) all the national laws would cease to be applicable overnight.

Re:this cloud has a silver lining though

[datachild]

This isn't a troll but I will point out a few things that I find odd with your post.


Firstly, I'm sure there is a good reason as to why DRM exists at all, and why these laws that we all find dumb are being passed.
A few that come to mind are...

Big corporations corrupting politicians even further
This is a no-brainer really. What a better way to ensure your survival than to simply pay off a politician to try to pass a law?
Big corporations like Sony, Microsoft, and so on have lots of money that they can spend to make sure that the customer stays locked in,
and as obvious as my post seems so far, I think this gets lost in translating between bullshit and facts.

Unfortunately I cannot believe some of the laws they apply for. It's laughable because they should be minding their own business and not
attempting to pass a law that they have no clue about, but they are too busy exchanging laws and money with corporations to care about things
like common sense, logic, and what have you.

Sadly I've no idea what will become of this, but as long as there are politicians, there will be a problem. At the moment, I don't have a solution either.


DRM is a way to control people, not content
It's quite clear to all of us from all these torrent websites, and the warez scene that dates back to the 1980s in general, as to why they are still alive.
The companies that produce things like software, movies, audio, et cetera, aren't stupid. They KNOW their content is getting pirated, and reading a story a few
weeks ago, they are using it as a metric to find out how popular their content is. Instead, I think they are trying to control people themselves, to make sure
that no one else except them can dictate how that content is viewed. I mean, look at Sony for example -- you need a Blu-Ray player to watch Blu-Ray movies.
Yes, seems like a duh type of thing, but it's a pretty good lock-in.


Companies want to see how much shit they can get away with
This is one of my favorite ones to date. You see a company doing something stupid and you just know they are testing the grounds to see how much shit they can get away with.
Awhile ago, Rogers, a Canadian ISP inserted ads into the HTTP stream before the site loaded, so you would see an overlay of Yahoo! on Google. Who the fuck, honestly?
Laws are no different, in my opinion. When you want to pass a ridiculous law, you apply for it, and then you wait to see what was disagreed on. While some of the points
may get rejected, some of the other ones will remain, and then you strip the law of the ones that got rejected, and apply for again. Rinse and repeat.


However, on the flip side...


"Consumers" are at fault as well
Firstly, for letting yourselves be called that. Secondly, for not caring about your rights as citizens, not just customers. And thirdly, because you let the people who
represent you and who you pay to be where they are today fuck you over by the three points I've already stated. I'm sure posting on Digg and Slashdot and saying "Fuck Bush",
"Ron Paul's the answer, now what's the question?", and "Obama-nation" is great and all, but it doesn't really solve anything. You are stuck with what you have because you refuse
to act with something more than just a keyboard. Voicing your opinion is one thing, changing laws and defending The Constitution is another. I'm sure politicians laugh at all the
protests anyway. They are being paid off, and you helped them get to their position.


You have your rights, content makers have theirs
This is where my post meets the parent. I laugh whenever I see on Slashdot someone saying how they use Bittorrent to just download Linux distributions. That's a great way
to act like a politician. It's bullshit, and you know it. While I am not one of these so called "content makers," I do pity them regarding what Bitt

Re:this cloud has a silver lining though

[hughk]

This isn't family law, it comes down to the law regarding freedom of movement of EU nationals and right to live and work in other countries. An EU person is entitled to bring their non-EU spouse plus any non-EU dependent children to any EU country except their own. If they bring their spouse to their own country then local immigration law trumps freedom of movement. In practical terms it means that if an EU citizen marries a non-EU person outside the EU citizen's country of residence and then brings them there to settle, they will enjoy the same rights to live and work as the EU citizen with the only condition being that the EU citizen must be able to show that he or she can support their spouse financially. Once settled and with a full residence permit, the non-EU citizen is entitled to all the benefits that an EU citizen can get. Once you have such a EU 'dependent' permit for a Schengen country, then you can travel throughout Schengen countries without a visa, but if you want to visit a non-Schengen EU country, such as Ireland which demands visas for nationals of your country then you are theoretically entitled to a more or less free one when travelling with your EU spouse, but you still have to apply for it!

a better idea

[theheadlessrabbit]

I have a proposal for an alternative to DRM.

Imagine what would happen if instead of locking content, media companies just made content that no one in their right mind would possibly want.

imagine if all new movies were either endless strings of sequels, or remakes of other movies you've already seen.
imagine if all music was watered-down over-produced generic crap.
imagine if the most popular video game system were to offer downloads of all their classic titles at great prices.
imagine if the dominant operating system was so buggy, incompatible, and slow, that no one wanted to use it.

if, in some parallel universe, those four things were to somehow able to happen, all at the same time, no one would pirate anything!

sadly, we may never see such a world...

Re:a better idea

[Jugalator]

sadly, we may never see such a world... Sure, you may say that you are a dreamer, but you are not the only one.

Re:a better idea

[goldspider]

Yeah, I see what ya did there. Now if only that actually stopped people from pirating!

The moral of the story is that no matter how bad a product is, people will take it if they can get it for free.

The Fallacy of DRM: a summary

[Morgaine]

DRM relies on encryption.

Encryption is designed to secure communication between Alice and Bob while denying it to the evil Eve.

In DRM, Bob and Eve are one and the same person.

In other words, DRM seeks to give a person access to an item while denying him/her access to that item. This is not a recipe for success.

The proponents of DRM seem to have a fundamental misunderstanding of the strengths and weaknesses of encryption, and so are attempting to use it in a manner that is inherently weak. The fact that DRM schemes are so frequently and so rapidly broken by people with minimal cracking resources is a clear pointer to this.

For further information, Google on Schneier.

Standardized restrictions?

[WoollyMittens]

If you standardize DRM, the materials which the content providers are trying to control will have to work anywhere and all the time. This by the very definition is NOT what DRM is about. It is about managed access, not universal access. A standardized DRM scheme would be just as useful to the content providers as MP3.

But is it then as interesting to their supporters?

[Jugalator]

I wonder if DRM isn't used a lot just because it locks out the competition. It certainly seems like a strategy beyond encryption and copy(right) protection at least, where Apple has strongly opposed opening up their DRM method, and even more visibly with Microsoft suddenly switching to a new form of DRM in the Zune Marketplace and in the process making Zune players incompatible with their old PlaysForSure encryption. I doubt it was because they thought PlaysForSure used a too weak encryption. :-p

Re:It's over...

[somersault]

Yeah, because the only useful thing the internet did was help spread illegal music? Have we so quickly forgotten our roots? Won't someone please think of the porn stars? :(