Stop DRM from becoming a “privacy nightmare”

Canadian iTunes users were delighted when Apple announced, last month, that it had cut deals with three of the largest music labels – Warner Music, Sony BMG and Universal Music Group – to offer songs free of digital rights management (DRM) restrictions.

(Apple had already been offering DRM-free songs from the fourth big label – EMI – for more than a year).

Music to their ears

Users were even more thrilled to discover they could strip their existing DRM-wrapped music of the controversial software. But their exhilaration plummeted a bit when they learned it would costs them 30 cents a song to get a DRM-free version of their existing track.

Today, in addition to iTunes, millions of DRM-free songs are available to Canadians via PureTracks – which recently announced a new DRM-free mobile music store and service for BlackBerry smartphones.

Some observers see all this as an indication the industry is realizing how futile and ultimately counterproductive DRM limitations actually are.

“Many companies and industries, especially the music industry, have recognized that using DRM, of often does more harm than good,” said Michael Geist, Canada research chair of Internet and e-commerce law at the University of Ottawa.

These “digital locks”, he said, only serve to irritate customers.

DRM-free music is devoid of restrictions such as how many devices can store a purchased song, which devices it will play on, and how many times the song can be burned on to a CD.

DRM turns to nightmare

“We found repeated instances of companies offering up DRM music and then deciding at some future point to stop supporting that particular form of DRM,” said Geist.

When that happens, he said, users find they’re locked out of their purchases when they switch computers. “I think that raises a very significant consumer concern.”

Huge changes in consumer buying patterns are at the root of this problem, other Canadian observers say.

“Content industry proponents believe people aren’t paying as much for music and movies as they previously did,” said Russell McOrmond, a leader in the open source movement.

But he says using technology (specifically digital locks) to address what is essentially a social challenge isn’t the answer.

McOrmond suggests that to boost sales content providers need to get a better handle on customer needs and then match their services to meet those needs.

Instead they choose to prevent owners from controlling their personal communications devices – as essentially that’s what DRM is all about, he said.

He said if people understood fully how DRM worked they would be even more strongly opposed to it, “if they have “even the most basic respect for personal property rights.”

The concern that DRM technology may seriously violate people’s privacy rights was found to be very well founded by a study by the Canadian Internet Policy and Public Interest Clinic (CIPPIC) in 2007.

It discovered content providers were using DRM to collect, use and disclose consumers’ personal information for secondary purposes, without giving the user adequate notice or the opportunity to opt-out of collection.

The report was based on an investigation of DRM systems used in 16 different digital products and services including Apple’s iTunes Music Store, Microsoft’s Office Visio, and Symantec’s Norton SystemWorks 2006.

Digital locks not the answer

While Canadian consumers aren’t legally prohibited from unlocking digital media, there may involve contractual violations depending on the media, said Geist.

“The concern with Bill C-61 was that the government was going to make even the mere act of unlocking something that’s been locked an act of infringement,” he said.

(While Bill C-61 – that sought to amend Canada’s Copyright Act – died on the table when the 39th Parliament was dissolved prematurely on September 7, 2008 – much of the content in that bill is likely be included in the new copyright bill expected to be introduced in the fall).

There’s absolutely no need for DRM to provide legal protection.
according to Geist.

He noted that copyrighted works by all content creators – individuals and companies – are protected whether or not they choose to use DRM.

Some of the most successful Canadian record labels absolutely reject the use DRM, Geist said.

While the music industry has turned away from DRM in the past year, the technology continues to impose “impermissible burdens on consumers,” according to the Electronic Frontier Foundation.

It cites Apple’s DRM restrictions on iTunes movies, iPhones and iPods.

DRM can also be risky from a security standpoint, the Foundation says, citing the infamous Sony BMG case to demonstrate how DRM can introduce “security flaws into millions of computers.”  

What impact will widespread commercial availability of DRM-free have on illegal file sharing on peer-to-peer networks? That’s a hotly debated question.

Geist doesn’t believe digital locks – and legally prohibiting people from removing those – will reduce P2P file sharing. “Ten years of experience tells us that’s simply not true.”

He noted that if something is locked down, all it takes is one unlocked copy to appear on a file sharing network and it can be easily and freely shared.

It’s a view echoed by the Electronic Frontier Foundation. “Evidence continues to mount that DRM does little to inhibit unauthorized copying, it may actually encourage it.”

Several so-called solutions to the copyright violation problem aren’t possible from a technical standpoint, according to an executive from ipoque, a Leipzig, Germany-based provider of deep packet inspection (DPI) products for Internet traffic management and analysis.

And those that take a social approach could never be implemented, adds Hendrik Schulze, chief technology officer, ipoque.

ipoque seeks to objectively assess P2P counter-measures in its recently published a white paper, Copyright Protection in the Internet.

It acknowledges that the interests of different groups – such as industry lobbyists and privacy activists – differ significantly on this issue.

The white paper subjects these methods to a “reality check” by taking a technical point of view.

According to ipoque’s study, only two technical solutions are realistically open to businesses: hash-based identification and active monitoring.

In a peer-to-peer network, every file is identified by a hash (unique ID) of some kind, Schulze explained. Files containing copyrighted material can be detected and therefore filtered out from transfers.

While hash-based identification is feasible, affective and affordable (ipoque estimates the cost at approx. 1.5 Euro per user), network operators are simply not interested in installing this additional equipment, said Schulze.

Alternatively, Schulze recommends active monitoring of copyright infringement and penalizing those who violate against copyright laws. 

It’s less intrusive, doesn’t require installation of equipment, and more cost effective because it runs anywhere there is an Internet connection, he said.

Share on LinkedIn Share with Google+