1. Latent effects of DRMs
There should be more consideration given to the ability of DRM to change the capabilities of your device after the fact. If you buy a device with a DVD burner, but buried within the device's DRM language is the ability of a broadcaster to disable your burner for his shows, then how will you know whether your burner will work with the shows you've bought the device for? In the US, a Media Center PC can no longer be used to burn DVDs of the Sopranos because HBO has switched on a "no-burn" flag. Likewise, users of the Rhapsody music service may lock in to a service contract and compatible devices because their favourite artists are available on Rhapsody, and find themselves both locked in and shut out when the artists terminate their agreements with Rhapsody – a common occurrence today.

2. The concept of "authorized domain" is based on unrealistic social assumptions
With regard to "authorized domain" and the idea that a cartel will set out devices that know what constitutes a household. In the DRM meetings I've attended where this is being implemented, the notion of an authorized domain is being driven by assumptions about what constitutes a family that are far from universal. It might be impossible for a child who is in joint custody to her parents to bring her videos from one parent's home to another. A family where one party travels too often may find its media fragmented and locked out of its devices. Divorce, marriage, custody – all of these are moving from the realm of the social contract to a determination made in secret by a cartel of content companies who are locking in all their views of what constitutes a valid household.

3. The "authorized domains" is a mere option not a guarantee
Further to authorized domain: even within an authorized domain, the DRM systems envisioned will allow rightsholders to restrict how you use the media you lawfully acquire. The authorized domain allows a rightsholder to give you the flexibility to watch a movie anywhere in your household, but it does not require that the rightsholder do so: already in the proposal for the authorized domain is the ability to limit viewing to a single device, or to cap the number of viewings, or to limit viewings to "local" devices (i.e., even though your authorized domain includes your car, a music company can still force you to buy music that only plays in your house, and you'll have to buy the same music over again for your car).

4. Increased vulnerability by DRMs
Regarding vulnerabilities created by DRM, see the recent revelation that Microsoft's DRM has a flaw that allows malicious people to embed viruses in your music, so when you play the music back, it compromises your machine. This is a much more direct risk than that from Trusted Computing – needless to say, non-DRM music does not carry this risk.

5. The promise of lower prices for DRM protected content is not held in practice
Regarding flexible business models: while there is the theoretical possibility that DRM could enable a marketplace of infinite price discrimination, where someone who merely wants to listen to a track once pays less than someone who acquires the permanent right to listen to the same music, it should be noted that to date, DRM systems have been used exclusively to sell music with less flexibility than non-DRM equivalents at higher prices – in other words, DRM in the market is used exclusively to charge consumers more for less.

6. The promise of piracy prevention by DRM is not held in practice
A meta-question that's often missed here is, "Does DRM work at its stated purpose?" We know that DRM can be used to take rights away from consumers who want to do legitimate things, but is there any evidence that DRM has ever been successfully used to keep a work from being shared on the Internet or sold by counterfeiters on CD or DVD? My experience of this suggests that DRM is a complete failure at accomplishing its stated goal: In other words, DRM costs consumers a lot and does not prevent piracy — there isn't a single instance in the history of the field where a DRM system prevent some piece of content from appearing and circulating on the P2P networks.

7. The Broadcast Flag isn't a "standard"
It's a mistake to characterize the Broadcast Flag as "standardization" – what is standard with the Broadcast Flag is that if you build a TV, it must detect the flag and lock flagged content away. What liberties can be exercised within the lockbox is not determined by a technical standard, but rather by an FCC review whose criteria are still not set, through which a given technology will be either approved or denied approval for inclusion in digital television devices. There is no guarantee of interoperability, similar capability or other "standard" elements in the Broadcast Flag regime.

8. Effective "forensic" DRM is rather unlikely and not without problems of its own
Regarding DRM for "tracking unlawful use" – given the experience of the SDMI watermarking technology, there's plenty of reason to believe that "robust" watermark (eg one that can't be removed or altered) is improbable. If "forensic" DRM can be removed by users before engaging in an "unlawful use", we should assume it will be. More: what's to stop me from attacking you by releasing files on the Internet with a watermark that fingers you as the originator? Finally – how can we reconcile the goal of a world where users can listen, read and watch media anonymously with a scheme that requires that all such media have to be tagged with the user's identity?

Bottom line
The INDICARE State-of-the-Art-report does a great job of telling everyone's story, including the DRM propopents', but juxtaposing the other side's remarks with good, compact rebuttals. Some issues when assessing intricate technical matters of DRMs may still deserve further consideration.

Sources
  • Helberger et al. (2004): Helberger Natali (ed.); Dufft Nicole; Gompel, Stef; Kerényi, Kristóf; Krings, Bettina; Lambers, Rik; Orwat, Carsten; Riehm, Ulrich: Digital rights management and consumer acceptability. A multi-disciplinary discussion of consumer concerns and expectations. State-of-the-art report, Amsterdam, December 2004; http://www.indicare.org/soareport

About the author: Cory Doctorow (craphound.com) is European Affairs Coordinator for the Electronic Frontier Foundation (eff.org), a member-supported nonprofit group that works to uphold civil liberties values in technology law, policy and standards. He represents EFF's interests at various standards bodies and consortia, and at the United Nations' World Intellectual Property Organization. Doctorow is also a prolific writer who appears on the mastheads at Wired, Make and Popular Science Magazines, and whose science fiction novels have won the Campbell, Sunburst and Locus Awards and whose story 0wnz0red was nominated for the Nebula Award. He is the co-editor of the popular weblog Boing Boing (boingboing.net). Born in Canada, he now lives in London, England. Contact: Cory Doctorow at cory@eff.org

Status: first posted 19.01.2005; included in INDICARE Monitor, Vol. 1, No 8, 28 January 2005; licensed under Creative Commons
URL: http://www.indicare.org/tiki-read_article.php?articleId=69