Cory Doctorow: "OMG DRM is r33ly bad!"

Ahhh. Another week, another anti-DRM…well, **screed**…by author, blogger, and Disney fetishist enthusiast [Cory Doctorow][Cory].

In _[Apple’s Copy Protection Isn’t Just Bad for Consumers, it’s Bad for Business][Cory article]_ — more honestly titled _How iTunes Screws the Music Industry and the Public_ on his blog — Cory points his blamethrower at Apple and boldly claims that DRM “**makes media companies into [Apple’s] servants**”.

Let’s set aside for a moment that (1) Apple couldn’t be a successful content retailer without having mutually-beneficial relationships with content providers, (2) content providers (presumably) have _some_ free will when it comes to deciding whether to work with Apple, and (3) DRM was a prerequisite for Apple’s entry into digital music sales, as dictated by its content providers.

Right off the bat, Cory claims that the “only possible” outcomes of DRM are:

* A popular single-vendor system that’s bad for the industry and general public
* A multi-vendor system that’s bad for the industry and general public

Even if you assume that this gross oversimplification of the content value chain to “the industry” and “the general public” is useful, that’s a not-terribly-productive Chicken Little view of DRM in general, and an unfair characterization of Apple’s DRM specifically.

In Coryland, a “good” outcome in regards to DRM can’t possibly exist for the industry or consumers. But even if you believe that, the concept of a **neutral** or **balanced** outcome — one which has both pluses and minuses, but on the whole is a reasonable compromise — is conspicuously missing from that worldview.

**All successful DRM systems must result in _at least_ a neutral outcome for both the industry and consumers.** Any DRM system that’s bad for both the industry and the general public dies quickly, if it gains any sort of toehold at all.

> Steve Jobs sells [restrictions on the media] — though you’d be hard pressed to find someone who _values_ those restrictions.

_Hard pressed?_ C’mon, it’s not rocket science — content **providers** value digitally-enforced restrictions because they want _some_ friction in the otherwise-frictionless world of file sharing in order to feel comfortable selling their goods digitally. Content **retailers** value digitally-enforced restrictions because without those capabilities, they have no content, and therefore no business.

Also, saying that Steve Jobs “sells restrictions” is like saying that Cory “sells non-recycled paper”. Both generally (but not always) come with the territory of selling digital music and works of fiction respectively, and other than that are really beside the point (which is, after all, selling content).

> No one but Apple is allowed to make players for iTunes Music Store songs, and no one but Apple can sell you proprietary file-format music that will play on the iPod.

But the corollary to that is **everyone is allowed to sell unprotected music that will play on the iPod**, which is exactly what Cory wants. So what is he complaining about?

By emphasizing what a travesty it is that no other content retailers can sell DRM-encrypted music to iPod users (which we know is not his goal anyway) Cory panders to the interests of “the industry” in hopes that they’ll hog-pile on Apple. What he doesn’t understand is that (1) the industry is generally happy with their relationship with Apple, (2) the industry is learning from Apple, and (3) the industry knows that Apple’s unusually-high marketshare in paid digital content is a temporary artifact of the industry’s youth.

He also implies that this somehow reduces consumer choice, which is silly. Here are several completely legal ways to get music that will play perfectly on your iPod:

* Buy and rip CDs
* Buy DRM-free music from eMusic
* Buy DRM’d music from the iTunes Music Store
* Buy DRM’d music using any system that lets you burn CDs, then rip it
* Download free (public domain, Creative Commons-licensed, etc.) music
* Subscribe to music-focused podcasts

> Apple has already demonstrated its willingness to abuse its monopoly over iTunes players by shipping “updates” to iTunes that add new restrictions to the songs its customers have already purchased.

Meh. It’s true that before version 4.5, iTunes let you burn a playlist containing music purchased from the iTunes Music Store ten times instead of the current seven. However, iTunes 4.5 also raised the number of computers that you could authorize to five, up from three.

> Steve Jobs and Apple managed to lure the music industry into licensing the copyrights for the iTunes Music Store even though the Store’s use-restrictions are comparatively mild.

Right…Steve **lured** the poor, defenceless music industry into licensing their content for the iTunes Music store, which (at the time) had — wait for it! — **zero million customers**.

> Steve Jobs really doesn’t care how many CPUs you play an iTune on, or whether you burn a playlist seven or 10 times.

Here, Cory simply shows that he has no idea what he’s talking about. Could anyone really be so naive as to believe that these are the initial terms that content providers offered, and all Steve did was say “yes”? Steve fought like hell for the current terms — not for the good of all mankind, but because he knew the pricing and rights that would enable the iTunes Music Store to be successful.

> There’s no good answer to designing a “good DRM.” Or rather, no DRM is good DRM.

That’s the kind of crazy digi-hippy talk that is **not** going to advance the cause. Cory’s also not thinking about how DRM could work for us — I’m personally looking forward to the use of DRM to protect and control access to individuals’ private data.

So, Apple didn’t invent the concept of DRM. The iPod doesn’t force you to buy DRM-encrypted content, and there’s _lots_ of alternatives. And consumers don’t seem to particularly _mind_ Apple’s DRM implementation a whole heck of a lot. So why the angst in his pants?

* [InformationWeek: Apple’s Copy Protection Isn’t Just Bad for Consumers, it’s Bad for Business][Cory article]

[Cory article]:

First baby-step to MPEG-4 DRM

ISMA (Internet Streaming Media Alliance) has completed its MPEG-4 Content Protection Specification, and it’s now available for peer review for experts in network security, content protection and cryptography.

The encryption method chosen for the new specification is based on the National Institute of Standards & Technology’s (NIST) 128-bit AES encryption standard. Importantly, this method is unencumbered by any additional royalty fees and intellectual property concerns. It’s also compatible with established IETF (Internet Engineering Task Force) specifications.

Many people seem to be misinterpreting this announcement as meaning, “Great! Now I can do DRM for MPEG-4!” However, the specification doesn’t specify a specific rights and key management system, and so doesn’t actually enable DRM (much less DRM interoperability) of any sort. Rob Koenen, president of the MPEG-4 Industry Forum, notes:

I see it as another step toward more interoperability in DRM. But that’s a difficult problem to solve. There are many little steps to be taken on the road to more interoperable DRM and agreeing on encryption is only one of them.

Assuming it passes peer review, the specification is expected to be finalized in June.

"But mom, everybody does it!"

The Ipsos Group is a marketing research firm. According to a recent survey, 18% of Americans 12 and over — about 40 million people — have downloaded music within the last 30 days. Most of them are males age 24 or younger (downloading activity falls by half in the 24-34 group, and by nearly half again in the 35-54 group). Few believe that downloading hurts artists, and almost nobody believes that downloading is wrong.

The most popular reasons given for downloading were:

  • To sample music online before making a purchase
  • To download songs they want without having to purchase an entire album
  • To get access to songs not easily available in stores

The RIAA probably interprets this data as “our customers are criminals”. But what it really says that the RIAA doesn’t understand their customers’ customers, and is therefore fumbling what’s supposed to be a leadership role during the transition to digital distribution.

Why isn’t there a legitimate way for me to get music not available in my local music stores, or even on CD at all because of the costs involved in duplicating and distributing them? Why isn’t there a way for me to sample music and then easily purchase (say, for 50¢) individual songs?

Janis Ian: "Don't sever a high-tech lifeline for musicians"

Recently, the U.S. District Court for the District of Columbia ruled that Verizon must give the RIAA the name of a customer suspected — there is no evidence — of downloading “infringing” files. In an L.A. Times editorial, Janis Ian comments on the RIAA’s actions from the point of view of an average, successful recording artist.

The record companies say this decision will mean more money for musicians, but they have it backward. The downloaded music they’re shutting off actually creates sales by exposing artists to new fans. If this ruling stands, many smaller musicians will be hurt financially, and many will be pushed out of the music business altogether.

She also updates us on how downloading has helped her.

Thousands of people have downloaded my music since then — and they’re not trying to steal. They’re just looking for music they can no longer find on the tight playlists of their local radio stations. After I first posted downloadable music, my merchandise sales went up 300%. They’re still double what they were before the MP3s went online.

Not only does the RIAA continue to be more and more of a liability for artists and labels, but it’s also inspired unprecedented hatred in their customers. Can it be fixed before it destroys the industy it’s supposed to represent? Hilary Rosen is scheduled to depart at the end of this year, but there’s a good chance that she may just be parroting attitudes irrevocably ingrained into the organization. At some point, it’s easier just to start again from scratch.

Microsoft retreats on "Palladium" name

The much-reviled “Palladium” — a reference to items, generally passed from one person to another as gifts, that are believed to protect the the lives of those who carry them — is now the generic-sounding and much-reviled “next-generation secure computing base”.

Since Microsoft is apparently going the security-through-obscurity route even with the name, I hereby give “next-generation secure computing base” the name of We did not want to be in a position of rolling over them.

He also claimed that the name was not changed in an effort to dodge the massive criticism that Palladium received (and “next-generation secure computing base” will receive), but c’mon — of course it was. [via Ars Technica]

ISMA sets schedule to finalize MPEG-4 DRM spec

This week, ISMA (Internet Streaming Media Alliance) shared their roadmap for the digital rights management technical specification they’ve been working on for MPEG-4. It uses MPEG-4’s IPMP (Intellectual Property Management Protection) standard, and will work for both realtime and progressive (a.k.a. downloaded, a.k.a. shared) streaming content.

They intend to make it available for review at the NAB (National Broadcasters Association) convention in April, and to release the final specification by the end of June. ISMA has formed a content advisory board (members haven’t yet been announced, but it’s likely that they’re courting movie studios, the MPAA and the RIAA) and I expect that ISMA will want the approval of this board before releasing the final specification.

In another bit of very good news, ISMA has announced that they’ll be introducing a certification program. Vendors that are interoperable with the standard will be able to use a common trademark.

Hilary Rosen's iPod

Wired Magazine is running a human interest story on Hiliary Rosen in their February issue. For the rest of this year, she’ll be doing everything she can to soften the militant image she’s acquired during her grossly-misguided leadership of the RIAA, and this article is the start of that.

In the article, she’s the only person in the music industry that knows what’s going on (she implies), a lesbian who’s fought on the frontier of gay politics (she tells Wired), and is really a valiant — albeit misunderstood — defender of the consumer (she says).

Near the end of the story we learn that she’s the hypocritical owner of an iPod. And although most of the article is a puff piece — that’s the price of getting to talk with her — with this revelation the tone changes, and the article starts to intersect with reality.

As the forces of free music grow cagier and more diffuse, Rosen is confronting them with the same overwhelming legal force she used to bury Napster. She has repeatedly said that the industry is open to finding online partnerships that work, but she has shown little interest in teaming up with potential partners like Kazaa and Aimster, both of which she has taken to court in recent months.

“We’d be glad to sit down with them,” says Philip Corwin, Kazaa’s Washington lobbyist. “But when someone’s hitting you over the head with a 2-by-4, it’s hard to reach out your hand.”

Rosen’s public image has only worsened as she’s intensified her attack on file-sharing uploaders, using tactics that make John Ashcroft look timid.

Even friend/admirer Jim Griffin admits:

…at least thus far, she will be remembered not as an agent for constructive change, but as an agent standing in the way of constructive change.

Deservedly so.

The opening of the XBox

It’s no secret that, unlike other gaming consoles, the XBox is basically a PC that Microsoft loses money on with every sale (analysts estimate $125 per unit). Since its introduction, there’s been tension between Microsoft (who naturally wants to keep the XBox a closed platform) and folks who see the XBox’s potential as a great and inexpensive platform (which won’t be running Windows, of course) for more than just games and DVDs.

Until now, hackers have focused on patching Microsoft’s XBox BIOS. Now, a company called OzXChip has introduced a new XBox modchip that comes with an open-source Linux BIOS (which can be “flashed” with an update merely by inserting a CD) preinstalled. Linux distributions that will work on this configuration are nearly ready for release. And that means that XBox shizzle is about to hit the fizzle, my peoples. [via Slashdot]

Hilary Rosen resigning from RIAA

Hilary Rosen, who’s been running the RIAA in full defensive paranoid mode since 1988, is finally resigning. Unfortunately, she’s not doing so until end of the year.

During my tenure here, the recording industry has undergone dramatic challenges and it is well positioned for future success. I have been extremely proud to be a part of this industry transition.

Which is odd, since she failed miserably. Rep. Rick Boucher put it this way:

I do not think that she has been a spiritual champion of the industry embracing the internet as a distribution medium. I think the industry clearly needs to do that. It’s the only way that the industry has to compete with peer-to-peer [file-sharing systems].

Jack Valenti, who also doesn’t understand any technology beyond color television and similarly runs the MPAA in full defensive paranoid mode, remarked:

Hilary has been a valiant, brave leader for the U.S. music industry. I confess that I am an ardent admirer of her skills, her tenacity and her integrity. She’ll be a hard act to follow.

I disagree. Her marketing instincts were completely backwards — product-oriented (“ship what’s on the truck”) rather than consumer-oriented (“what do people want?”). She damaged the RIAA’s reputation in ways that will take years to repair. As record sales flagged, she cowardly blamed her customers rather than herself or the economy, and it would not surprise me if she was finally asked to leave.