Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lala Invents Network DRM

Posted by kdawson on from the ensnaring-your-music dept.

An anonymous reader writes in with a CNet story about the record label-backed music company Lala, which claims to have invented "Network DRM." Lala has filed for a patent on moving DRM from a file wrapper, like Windows Media and FairPlay, to the server. Digital music veteran Michael Robertson has quotes from the patent application on his blog. (Here is the application.) Lala describes an invention that monitors every access, allows only authorized devices (so far there are none), blocks downloads, and can revoke content at the labels' request.

3 of 212 comments (clear)

  1. I've thought about this at length. by Rene+S.+Hollan · · Score: 4, Informative

    The basic idea is that content is encrypted with a per-user public key, where the private key is held ("securely", for some definition of "securely") in display and playback devices that the user owns. When a private key is issued to a user, it is delivered in a secure (again, for some definition of "secure" key store, from which a limited number of copies can be imported to "authorized" (using some PKI mechanism) display and playback devices.

    This has the benefit that content can (a) be copied for backup and archival purposes, (b) played on a "reasonable" number of devices a user owns, (c) played on other devices via temporary "secure" key export and import functions (so you can watch your movies at your friend's house, but not on your TV at the same time, unless on an "extra" TV -- within the limits of key copies), (d) lent to a small number of friends to access your library, and (e) allow anyone to make content for your display and playback devices (remember, the encryption key is public).

    This is not rocket science, and to "someone practiced in the art" of PKI, strikes me as sufficiently obvious as to invalidate any patent claims.

    It suffers from two problems:

    First, the concept of someone having possession of a decryption key and not access to it are at odds. Like I said, "for some definition of 'secure'" Tamper-proof crypto chips are not cheap. Of course, the cost of extracting a key to allow access to one person's licensed media probably makes it sufficiently impractical: if media are watermarked as well as encrypted on a per-licencee basis, tracking back to who's key was used to crack some content would be easy, as well as an individual who licenses excessive amounts of content (to crack, and illegally redistribute in plain form, or encrypted with others' public keys).

    Second, and more troubling, is that it does not allow for arguably fair uses: mashup videos, for example, because one can't extract some of the content, and how much could be extracted as a fair use would depend on the use. Some arguably legal fair uses could be prevented, and others abused by a group of indivuduals to reproduce the whole from the sum of arbitrarily small parts.

    The issue of what happens when one loses a device holding private keys to one's media also deserves consideration. Of course, content providers could form a consortium that provide key escrow services so that lost keys could be recovered.

    --
    In Liberty, Rene
  2. Re:Claim 7 Has Your Number by theworldgoesaway · · Score: 5, Informative

    This really isn't at all accurate. It doesn't do *anything* to your local content. It uploads a list/files for your music to a central server, which you can then stream (but not download) through their (quite nice) web-based media player. It's basically a way to access your music away from home. I use it all day long at the office to listen to music - and I can get my whole collection (not just what fits on my iPhone) and I don't need to set up Orb or something like that. Again, it does NOTHING to your local music.

    In addition to that, they will sell you streaming-only songs (available through the same web player) for 10c a pop. No, you can't download them, etc, but they're 10c. So I can check out an album I like for $1, and if I decide to get the mp3 version (no DRM), they sell that for a standard price and apply the 10c you already paid to the price.

    Really, there's NOTHING sinister going on here. It's actually a really great service. I have no affiliation with them, but I'm a very pleased customer. I listen to music via Lala all day at work, and I buy a lot of music for streaming through them. It's an excellent, well-designed store and media platform. I lose no control over my own media, and I'm happy to pay an extremely discounted rate for *access* to other music, with the option to pay for DRM-free MP3s. It's a valuable service, and I lose no control whatsoever. I do wish they'd give me the option to re-download music I'd uploaded (so it could serve as a backup, not just an alternative form of access), but I imagine that's as much a bandwidth issue as anything else.

    In short, this is a highly misleading and biased article. There's nothing sneaky or underhanded going on here, this is Michael Robertson bashing a competitor who has a far superior and really quite excellent product.

  3. Re:Lala - Hilarious Clowns by zenslug · · Score: 4, Informative

    As an employee of Lala I can tell you that we're definitely not evil. At least I don't think so.

    Yes, we have a scanner. Downloading it and running it is completely optional. The only thing we do with it is to grant access to allow you to stream the music you already own. It's not a conspiracy, seriously. It ties in directly to the concept of putting your music collection online. If we can get people to use Lala like some people use iTunes (which requires all your music to have people use it regularly), then we'll have more opportunities to sell them DRM-free mp3s.

    But we also have a 10-cent price-point for unlimited streaming of a song. You pay 10 cents and you can then stream that song on the website as much as you want. It goes into your online collection. That is there to help us cover our licensing costs that we pay to the labels. Will it work? Some people like it. Are they fools to buy it? Depends on your perspective, but there is always the risk that Lala goes out of business, sure.

    So you combine the 10-cent "web song" which lives in your online collection with the music you already own (we don't care where you got the files), and now there is only one place to go to access your music, and that is Lala. That's the concept, at least.

    Yeah, we got investment from a music label. They are not a controlling interest, and they have never approached us with any evil demand for info on what people upload. They agreed to this feature (after having sued others over the same concept years earlier) because they have learned lessons of the past. They have a long way to go, though. They're slowing learning.