DRM products are defective by design. Time to tell users what they’re buying
The Electronic Frontier Foundation is calling for the labelling of products encumbered with digital rights management. Its increasingly important as we trust technology with our lives
Digital products are weird: they are inert without software to animate them, and software is so technologically and legally weird that it can be very hard to know exactly what youre buying.
But there just might be some clarity on the horizon, thanks to documents I recently filed with the Federal Trade Commission (FTC), signed by the Electronic Frontier Foundation (EFF), several publishers and public interest groups and 20 EFF supporters with important (and alarming!) stories to tell.
In 1998, the US Congress enacted the Digital Millennium Copyright Act (DMCA), whose Section 1201 makes it a felony to bypass or tamper with access controls (today we call these DRM or digital rights management). Originally this was used to ensure that no one reconfigured their games console to play unofficial games (meaning that the console maker could extract fees from games companies without fear of competition) and that DVD players werent modified to play out-of-region discs. But software proliferated and the DMCA wasnt far behind.
Manufacturers of all descriptions realised they could control competition and create a powerful, state-enforced lock-in by skinning their products with DRM, and DRM crept into cat-litter pans, thermostats, cars, tractors, voting machines, coffee machines, pacemakers, and, of course, ebooks, video games, music and videos. Add DRM to a car and you can control which mechanics can access its diagnostics and fix it.
Add DRM to, say, a cat-litter pan and you can force customers to buy fresh perfume cartridges on the regular, ensuring a continuing revenue stream any attempt to bypass the perfume-checking function (refilling the cartridge with unscented water, replacing it with a third-party cartridge) can be detected with software and stopped cold. Any customer or competitor who bypasses the system is a potential felon.
What for-profit company wouldnt take advantage of such a sweet offer from the government? Ive battled DRM for decades. It offends me because I believe that when you buy things, you should be able to use and adapt them in ways that suit your needs, even if that cuts into the bottom line of the manufacturer. It scares me, too: laws like DMCA 1201 have been used to punish and threaten security professionals who have revealed defects in products.
As DRM creeps into products that we literally entrust with our lives, we absolutely cannot afford to have structural impediments to the speedy disclosure of information about defects that make those products unfit for use.
When you fight DRM, its advocates will tell you that people dont mind DRM after all, look at all the DRM-encumbered products they buy! Its true that a lot of people buy DRM-locked products, but that doesnt mean they dont mind it. It could just as easily mean that they dont realise that theyre getting DRM when they buy, or that they dont know which DRM theyre getting and what it does.
In EFFs request for an FTC investigation into DRM labelling practices, we highlight the stories of 20 Americans who bought products where they were not notified of the existence of DRM or were partially notified, but with insufficient detail about what the DRM was taking away from them. These people found that the games they bought permanently disabled their DVD recorder drives, or that their travel books couldnt be read while travelling, or that the videos they purchased wouldnt play back on their monitors or in their classrooms.
In our open letter on DRM labelling a letter signed by a diverse coalition of rights holders, public interest groups, and publishers we ask the FTC to take action to ensure that people know what theyre getting when they buy products encumbered with DRM. DRM-free publishers love this idea, because where DRM-labelling prevails, customers overwhelmingly favour DRM-free products.
But DRM-encumbered publishers should also love this, because they keep telling us that people dont mind DRM. One significant challenge to DRM labelling is that the restrictions imposed by DRM can be incredibly complex a video may play back on most manufacturers displays, but not all, and not at every resolution, and not if the video player believes that it is running in a virtual machine or has been relocated to a different country.
READ Fake news and a 400-year-old problem: how can we end the post-truth crisis?
Powered by Inline Related Posts
Whats more, most modern DRM is designed for renewability which is a DRM-vendor euphemism for a remote kill-switch. These DRM tools phone home periodically for updates, and install these updates without user intervention, and then disable some or all of the features that were there when you bought the product.
Apple repeatedly did this with iTunes, while Nintendo designed the 3DS game system to render itself permanently inoperable if an update detected evidence of tampering. This means that any solution the FTC comes up with will require extensive disclosures from the more baroque DRM schemes which is as it should be. You cant consent without being informed, and the entire basis for taking away our rights with DRM products is that were consenting when we choose DRM. All of this is just a sticking plaster, of course.
The real solution is to reform the laws that protect DRM DMCA 1201 in the US, EUCD Article 6 in the EU, among others to ensure that doing legal things with your own property remains legal. The fact that this principle needs legal protection tells you how bonkers the whole thing is. Thats why EFF has filed a lawsuit against the US government seeking to invalidate Section 1201 of the DMCA.
Until that judgment is in, though, labelling serves an important purpose: warning customers when theyre buying a product thats defective by design.