It's been a while -- been awfully busy.

Journal renehollan's Journal: It's been a while -- been awfully busy. 3

Journal by renehollan on Wednesday July 17, 2002 @05:47PM

Yeah, I've let this journal go by the wayside. Stuff has happened, of course, but tending to it has been a higher priority than writing about it.

OTOH, I recently posted a comment in response to a DRM Conference article on /., and thought it worth preserving. So, here it is (the hyperlinks and some of the highlighting is lost):

The case FOR DRM

No. Really, a case can be made for DRM... just not the DRM envisioned by the cronies at the various AAs out there.

Let's examine all the bad things about DRM:

1. It kills fair use. Well, yes, but that's an implementation detail. It need not have to. In fact, I'd argue that it should be legislated that any mandatory DRM mechanism should protect fair use rights (and I generally hate more laws). That this scenario is unlikely is an attribute of the political climate and intense content provider lobbying rather than a defect of the principles of DRM. But, imagine a DRM mechanism which automatically releases copyright material into the public domain when the copyright term expires.

2. It stifles "sharing" and enforces "property" rights on things which shouldn't be property. True, but that is a legal and philosophical debate. The fact is that people are generally willing to accept restricted licenses for using something in order to pay less to have access. IOW, I can either pay an artist big bucks to record an album for me, or hope he records one, and don't undercut his efforts to sell them for $10 a pop once I have my copy. A third option, popular in the 1950s for classical music recordings, is to have content produced by prior subscription: when enough subscriptions are sold, the recording is made and distributed to the subscribers. This strikes at the nature of copyright itself, and whether it should have a moral and legal basis. While the existing terms are outrageous, and the music industry probably does gouge artists, DRM is nothing more than a tool for enforcing an agreement. It is the reasonableness of the agreement that should be examined, not the tool.

3. DRM stifles creation of independent content and raises the barrier to entry for independent artists. This is true if (a) DRM use is always mandated, (b) content is difficult or expensive to protect, and/or (c) content designed for mass distribution is difficult or expensive to protect. If this is the case, then clearly DRM is being exploited to restrict access to production and distribution channels: it may prevent you from making an unprotected video for your grandmother or it may prevent you from streaming samples of your music free to anyone in order to get recognized. I don't discount this as a goal of the nefarious AAs out there. However, that's clearly abuse of a monopoly or oligopoly and should be exposed as such.

4. People are too stupid to realize what they are about to lose -- they don't understand how bad DRM could be. Yes, people are stupid. Just look at what leaders democracies elect. But if we "hacking 3l337e" are incapable of educating them, then some of the blame falls on our shoulders. It may be tough, but replacing "stupid" above with "ignorant" (which is a curable condition) would not be a bad start. I am not suggesting this is easy: the public has been conditioned to accept restrictions of civil liberties in the name of preventing future crime (witness the whole DMCA fiasco and post-9/11/2001 "bend over while I rape your rights" hysteria). Yet, when it comes to accepting legislation regarding potentially very oppressive technologies, the state is generally "trusted". Nevertheless, attempts have to be made, including educating what few legislators may not have been bought yet, and are sympathetic to our concerns.

5. DRM will cause me to lose control of my computer. It will become a glorified TV. Again, this is certainly possible. However, DRM could also permit your computer to cache content that you have not yet licensed but are likely to, or keep secure other people's content. The issue isn't so much, Digital Rights ement, but rather the scope of what is Managed. No, it shouldn't be the whole computer.

That's still a lot of reasons to be wary about DRM as it's envisioned today. All the responses to concerns above are of the "yeah, but it doesn't have to be that way" form, and until we are sure it won't be that way, we are wise to be distrustful. But, it helps to look at a case where DRM would make perfect sense.

Webcam Now [webcamnow.com] offers free hosting and download of webcam images, and text and voice chat services. Their site caters to "Friends and Family" (hmm, I smell a trademark infringement suit) as well as "Unmonitored" sections (yes, mostly free amateur exhibitionist porn). Anyone can get an account and upload images to their heart's content, to be served up to Java applets in viewers' browsers. The "free" view rate is 6 frames per minute, and a "pay" rate of 60 frames per minute is available for (I think) US$9.95 a month. This is rather generous, Jennicam [jennicam.org] updates free images at the rate of once every 15 minutes. Smart move, actually -- they're basically selling bandwidth on the basis of desired content that costs them nothing.

The (black) hack potential is obvious: say I don't want to pay $10 a month, but still want a frame per second refresh or I want to roll my own client (white hack). How can Webcam Now throttle access to their data? More importantly, how can they prevent me from redistributing the images I get?

The obvious answer is an authenticated communication channel that permits faster request rates and an encrypted channel between their image servers and my display. This does not make it impossible to capture what the display shows, but likely makes it difficult enough to thwart casual infringement and severely affect the resolution of what I capture.

Without DRM used to keep the image data secret between their servers and my display, those images could be redistributed anywhere. What if someone scrapes them for their own paid "amateur porn" site outside of the legal jurisdictions where Webcam Now operates? While I'm sure the exhibitionists who use Webcam Now's services don't mind being seen, they'd probably be pretty miffed if someone's making a tidy profit from their free shows: the $9.95 a month probably seems reasonable for Webcam Now to collect per fast viewer to pay for the bandwidth, but heck, if the viewership justifies image scrapers, why not set up their own adult site? They'd leave Webcam Now, and much of the fast-streaming revenue would dry up. While some might exploit the exposure in order to break into the professional porn industry, the true amateurs would probably be upset: somehow being presented as an "unmonitored" video is different than being scraped and represented as "hard core slutty filth". I'd bet that paid fast-streaming porn subsidizes much of the free slow-streaming parts of that site, including the "family" stuff.

On a related note, what if a couple want to do a private long-distance "show" for eachother? Whether they chose to record their cyber-sexcapades or not, they'd probably like the content to remain unviewable except on certain equipment, lest it be redistributed. DRM to the rescue.

Given that the pornography industry seams to be one of the early adopters of new technology (it is rumoured that it fueled the demand for VCRs), perhaps it should drive how DRM is implemented and deployed.

The other aspect of this is controlled access to bandwidth. As it stands, Webcam Now uses trivial encryption on their images, and trusted Java applets to not pull images faster than permitted. While an authenticated session could result in traffic throttled at the source, this requires the server to enforce the stream-throttling policy. As anyone knows, the less a server has to do, the better it scales. Letting the client enforce the access rate policy is a step in this direction. However, once the client application is cracked, it's game over. The current solution involves either accepting the policy enforcement on the part of each server, or a multi-tiered approach where dedicated aggregation and policy servers sit between client machines and data servers. This works rather well, but increases operating costs: the more work you can off-load to the client, the cheaper your operation becomes. However, securely off-loading access policies to client PCs is not possible without DRM.

So, where does this leave us? DRM certainly has legitimate uses, and need not be overbearing or invasive. In fact, it should be deployed in very restricted areas, where secure computing or encrypted content needs to be managed. Example include secure client-side web proxies, display, and audio devices (though it's value in the latter is questionable since "adequate" resolution analog recording is so easy). It should not be a ubiquitious part of a central processor, nor should it enforce draconian measures that are unconstitutional. The burden of complying with constitutional fair use rights should lie with the DRM implementer.

This discussion has been archived. No new comments can be posted.