The problem with DRM

The trouble with trying to get people to watch this talk by Cory Doctorow is that it’s 45 minutes long, and you don’t know why it’s important until you’ve seen it. Here’s an executive summary of why it matters. Unfortunately, because I have no space to fill in the details, it may sound ever so slightly like the ravings of a paranoid madman. If so, I apologise: go watch the long version, where Cory explains it much more gently and sanely.

  • Our current way of selling books and films is to restrict access to people who pay for it and to restrict the rights of copying and distribution to people who pay for them, meaning you can’t watch a film without paying, and you can’t legally give a copy of your DVD to your friend.
  • Nowadays, everyone can make copies of everything and distribute them on the internet at very little cost and effort, which means you can make these activities illegal, but you can’t actually stop them.
  • To counter this, media companies tout something called digital rights management (DRM), which tries to ensure that you only access content that you have paid for (e.g. your cable box only shows channels you have paid for, unless you modify it).
  • In many countries, it’s currently illegal not only to circumvent DRM but even to talk about how to do so. DRM requires secrecy (unlike proper cryptography, see talk for details).
  • Nobody really wants a device that only does what you tell it to if it approves of your instructions. Some people want such devices for *other* people, e.g. their granny, but everyone wants *their* computer to do just what they say.
  • So for DRM to actually work, it has to be hidden from the user. Otherwise people will remove it.
  • Since the computer reports on itself to the user, it has to be hidden from the rest of the computer as well.
  • This mean you have no way of knowing what the DRM component is doing, and the people who wrote it can basically do whatever they like.
  • This includes taking all your personal information, taking photos of you and your family, obtaining your passwords and financial information, etc.
  • All this has already happened at least once (see talk for unpleasant details).
  • Even if you trust the people who wrote the DRM not to take advantage of this situation (ha!), DRM creates a massive security hole for others to exploit, such as virus writers, or authoritarian regimes.
  • Back in 2005, Sony installed DRM software without the user’s knowledge, and the virus writers used it for just that purpose (see talk for details).
  • If 95% of the world’s devices cannot copy DRM-protected movies, but the other 5% can still turn them into DRM-free content that the rest can play, DRM is largely pointless. So DRM enthusiasts basically want it on every consumer machine, by law.
  • The Western world is massively dependent on computers. They are in our cars, our pacemakers, our washing machines, our banks, our nuclear power plants, our weapons of mass destruction. Almost all of them are connected to the internet in some way. This network is now the nervous system of our society. It’s easy to underestimate its importance, because it’s mostly invisible.
  • In the DRM vision, this now-fundamental network would mostly consist of vast numbers of fundamentally compromised machines that do the will of whoever controls the DRM component. Or whoever can get control of it.
  • Because politicians are generally badly informed about technological matters, and easily persuaded by arguments such as “the country is losing billions in lost sales to piracy” (generally nonsense ) there is a serious risk that DRM advocates may get their way, as they will swear blind that none of these risks are real (as Sony did) and there will always be someone who claims they can make a system with no such problems (basic cryptography suggests they will always be wrong).
  • People will tell you that without these measures, we will have no film industry, no new music, no new books, no new photographs. They are wrong, of course. If anything, DRM is helping the pirates by making their versions more attractive (see Cory’s other writings for much discussion of this point). But even if they were right, we should still reject DRM. To do otherwise is to invite a technological nightmare that makes 1984 look like a libertarian paradise, just to ensure that no-one manages to watch an episode of Game of Thrones without paying for it.

Thanks for reading. If you liked this article, please share it on Facebook or Twitter.

Leave a Reply

Your email address will not be published. Required fields are marked *