I sent a comment off to the FTC today, as it’s the last day they’re soliciting comments on DRM. They’ve got a workshop coming up next month, and they’re looking for public comments. Browsing through the comments, I was struck by the number of people who are focused on videogames. Below is my comment.
DRM is a first step towards striking a balance between the needs of consumers and the interests of content producers. Done properly, taking Valve’s Steam as an example, it is beneficial to both consumers and content producers. Unfortunately, due to wildly overstepping their boundaries, as Sony did with their rootkit, changing DRM standards, forcing a repurchase of already licensed materials, or simply pulling the plug on the authorization server, as MLB did with their licensed game replays, content producers have consistently shown that they cannot be trusted to use DRM in a manner that is consistent with a positive customer experience, let alone in the consumer’s interests.
Even when implemented well, there are still sometimes onerous limitations placed on consumers. With high definition video gear, some systems purposely degrade the quality output to analog devices. This forces consumers to needlessly spend money to replace functional equipment simply because the content producer doesn’t want their content played on analog devices.
Recently, Microsoft’s Gears of War video game ceased working. Because of the DRM in the product, put in to stop cheating, the product stopped working due to the expiration of a certificate. Companies have consistently (MLB, Wal-Mart, MSN, etc) shown they are unwilling to support authentication servers and existing applications after they have stopped making the company money, in spite of consumers desire to continue to use the media they’ve rightfully paid for. When the business decision is made to turn off the authentication servers, consumers may no longer be able to legally access their properly licensed content.
Circumventing DRM, in the United States, is illegal. There are some specific exemptions, but all are of limited use when it comes to works entering the public domain. If a work that enters the public domain is protected by DRM, it may be technically infeasible to access it. If an authentication server isn’t available or if the encryption is sufficiently strong, the public may never exercise their rights with the content.
Some DRM systems dramatically overstep the boundaries of what most consumers would expect. From Sony’s music CD rootkit debacle to Blu Ray players’ BD+ DRM system, content producers routinely interfere with consumers’ rights to use their legally purchased hardware. In the case of Sony, software was secretly installed, without the consumer’s consent or knowledge, that exposed consumers to being hacked. The BD+ DRM system modifies itself, based on commands embedded in BluRay media. If one of these modifications renders the hardware inoperable, is it reasonable to expect that the content provider who distributed the disc will accept responsibility and provide a new BluRay player to the consumer?
All of these measures also impede fair use. I’m working on a professional presentation that uses scenes from movies to illustrate computer security concepts as seen in the movies. While I am legally allowed to include brief clips to illustrate my points, I need to use some potentially illegal tools to access the audio and video, due to DRM restrictions placed on DVD’s.
Even with all of these restrictions, at best, DRM only keeps honest people honest. Nearly every DRM system out there, from Apple’s FairPlay to Microsoft’s WMA, from the AS Consortium’s AACS DRM (used by many Blu Ray content producers) to DVD CA’s CSS (used on DVD’s), even including VHS tape’s Macrovision, all have been successfully bypassed. What is an inconvenience to consumers is a challenge to hackers, one that they have roundly met and won in nearly every instance, bypassing most major DRM systems.
Simply put, DRM is an inconvenience. It is one that penalizes honest consumers, who have to deal with it, and content providers, who have to keep coming up with new and novel schemes. It does little to stop piracy, as it’s also merely an inconvenience to those who seek unauthorized access to media.