Father of MPEG Replies To Jobs On DRM

marco_marcelli writes with a link to the founder and chairman of MPEG, Leonardo Chiariglione, replying to Steve Jobs on DRM and TPM. After laying the groundwork by distinguishing DRM from digital rights protection, Chiariglione suggests we look to GSM as a model of how a fully open and standardized DRM stack enabled rapid worldwide adoption. He gently reminds Jobs (and us) that there exists a reference implementation of such a DRM stack — Chillout — that would be suitable for use in the music business.

Completely Moot

It has already been established that DRM is bad. It doesn't work and it hurts everybody.

So frankly, who cares about this small part of Jobs' argument?

His main point -- that there shouldn't be DRM -- is correct.

Re:Completely Moot

Another big influence in the market thinks differently. According to Microsoft [forbes.com]: "Our view is it's our job to provide the technology and the content providers can tell us what kind of restrictions and policies they want to apply to that."

So Microsoft could choose to go a more flexible route with DRM. That might change the market. But I think we all know that's not going to happen.

Re:Completely Moot

"Our view is it's our job to provide the technology and the content providers can tell us what kind of restrictions and policies they want to apply to that."

That's an interesting opinion to have. If party X is in charge of dictating the restrictions and policies in your product, isn't party X your real customer?

Re:Completely Moot

But the thing is, if Microsoft says, We are going to implement Y system which has XZ restrcition capabilities. The content owners only have XZ as options. But MS choose to have as many restriction capabilities as possible.

Re:Completely Moot

Advertisers are the customers. Viewers are the product.

What should we believe?

What should we believe? Microsoft's claims -- that they favor and aim to provide an open platform --, or our lieing eyes, which are currently witnessing a thing called "Zune" which is the exact opposite of open.

DRM doesn't kill music; people kill music.

"Our view is it's our job to provide the technology and the content providers can tell us what kind of restrictions and policies they want to apply to that."

"Our view is it's our job to provide the weapons and the warlords can tell us what kind of restrictions and policies they want to apply to that." Where's the difference?

Re:Completely Moot

So Microsoft could choose to go a more flexible route with DRM. That might change the market. But I think we all know that's not going to happen.

When I buy a song from iTunes, I know *exactly* the rights and restrictions applied. Everything in my iTunes library has exactly one of two restrictions: the FairPlay DRM set and none.

With Windows Media Player, I have no fracking clue. Will this track self-destruct in 3 plays? Will this track play indefinitely? Can that track only be used while my subscription is active? Can this one be burnt to a CD?

MS's approach to DRM is the same as their approach to Windows PC technology and is the exact reason their ecosystem, while vast in scope, is also vastly inferior. It's precisely this issue that has led MS to go with the more vertical approach with the Xbox and Zune. It's interesting to note that these two markets where MS is the underdog, where they must woo the consumer with a superior experience if they are to have any hope of success, they take the more controlled, limited approach (the type of approach, in fact, that they deride Apple for taking with their PC hardware and their iPod).

Re:Completely Moot

The way to express it to the suits is "DRM hurts your sales." I think that was the real thrust of Jobs's argument, that music companies could stand to expand their market presence immeasurably if only they promoted interoperability and ease of use--and that's just impossible as long as they insist on DRM.

Jobs and Gates are essentially doing the same thing here. They both understand that DRM is pretty bogus, they are both supporting it since that is the only way to bring the content providers onboard at the moment.

Having attended one of Leonardo's SDMI meetings I would not trust him as far as I could spit. He was the architect of the SDMI fiasco. I have no confidence in either his technical or his political skills.

Incidentally the title father of MPEG is somewhat overblown.

Re:Completely Moot

In case you wonder what SDMI was (this was me), and how it relates to Mr. Chiariglione today, hopefully this will save you a little time.

The End of SDMI [archive.org]

The reason why the article says SDMI is "ending" is because SDMI was a "solution" to the MP3 problem of the late '90's. When Eric Scheirer wrote the article for MP3.com, he had this to say:

"The solution is to get the technology companies into bed with the record industry. But the consumer-electronics industry knows a hard lesson that the RIAA has yet to learn: regardless of the business model, it has to start with value to the consumer. What it all adds up to is this: the floodgates are opening. Portable devices will be huge for Christmas this year [Article published Oct 15 1999]; they will all play MP3, and none of them will be SDMI-compliant in any way that matters."

So if SDMI (Mr. Chiariglione 's baby) was truly failing in October of 1999, and MP3 was going to be the wave of the future, the core problem was DRM.

But Mr. Chiariglione had a rebuttal for that article (also on mp3.com), just like he has a rebuttal for Jobs today.

SDMI Checks In [archive.org]

Moreover, in contrast to your report on October 15, SDMI is not merely some theoretical possibility. I am sure you have seen the same announcements I have-advertisements and other public statements that announce the intention of some leading manufacturing companies to produce portable devices complying with the SDMI specification.

Mr. Chiariglione is convinced that SDMI will be a success.

Finally, read the Wikipedia article on SDMI for the rest of the story:

Scheirer's comments proved to be correct; the SDMI has been inactive since May 18, 2001.

Re:Completely Moot

Gates and Jobs are not essentially doing the same thing. One is telling the music companies to drop DRM the other is saying "whatever you want we will give it to you". I think most people can tell the difference between those two positions.

Re:Completely Moot

He's right that redefinitions of digital "rights" "management" to suit the speaker is pernicious, but in my opinion it's because the people trying to implement the stuff are almost always being deceptive.

If "management" *could mean (as TFA suggests) just attaching stuff to your work that indicates what you think your rights are, I'm all for it I guess. Attach it, be honest, and I'll avoid most of your crap like the plague.

But what many technologies do is actually digital rights *enforcement (i.e. of what your rights are) on people who might not share that opinion; in a great many instances, the federal government agrees with the *recipient about what is allowable.

Re:Completely Moot

If they're targetting Apple, you can look forward to a version of iTunes that doesn't work with iTMS and an iPod that is incapable of playing any DRM-protected songs. Apple does not have the right to remove DRM from the songs it sells. The real target should be the companies that license the songs, since they are the only ones that can control the terms of distribution for their content.

Re:Completely Moot

"If Jobs realized that it couldn't be successful without DRM and he really believed DRM was bad, he would have decided against opening the store in the first place.

Or he could, you know, like, open the store and let the MARKET decide how they felt about it.

Being "consistent" would have removed OUR choice in the matter. It's one thing to get on your high horse and make a decision. It's quite another to do so and assume that what you're doing is right for everyone else. For example, I've no doubt that a pro-life individual would be happy to stand up and make your decsion for you in that matter, but that ignores you right to choose for yourself.

Further, consistency is the hobgoblin of small minds. Steve could well have accepted the idea that DRM is a neccessary evil and now, after years of actually running the business that's the iTMS and seeing the results, decided that it's no longer needed.

I "expect" people to be able to look at the world and have the wisdom and courage to change their minds if needed.

Re:Completely Moot

Different permissions on music bought from the same store are going to be confusing for both consumers and music labels.

You certainly don't want to confuse customers with all that freedom, why, they might start asking why they can't do all the nice things with all tracks they buy. And we wouldn't want them to learn about the evils of DRM, no sir, they should just think thats the way the world now works.

chillout

Open source... DRM...

I don't know how to feel just now!

What's with the Pro DRM Articles?

What's with all the pro-DRM articles recently? I thought /. readers were generally opposed to DRM. I think that is 4 in 2 days.

Re:What's with the Pro DRM Articles?

Yeah, what's with all the opposing viewpoints lately? We come to Slashdot to turn off our brains, not to actually think.

Re:What's with the Pro DRM Articles?

Exactly right. If you have a view you better have no doubt, because once you doubt you could be wrong. Which makes your stance untenable. It's like back when God existed. He doubted the logic of his existence and *poof* he disappeared. Do you want to disappear? Then never doubt what you think. Ever.

42

Swi

Re:What's with the Pro DRM Articles?

You put DRM in your stuff, I don't buy it, that simple. There's no such thing as good DRM.

I'll second that.

If I can't buy a product without DRM, I'll download it from a torrent site, or I'll go without. If I crack the DRM to get a copy in a different format, I'll be a "criminal" anyway, so might as well go the path of least resistance.

Re:What's with the Pro DRM Articles?

Based on many past threads and discussions- you are making a bit of an overstatement.

Lots of people here are anti-drm / information wants to be free. In varies from the college student being as ethical as they can afford to be (buy a few CD's and then pirate the rest when they run out of money) to the folks who have absolutely no respect for copyright to people like me that have no respect for the extended copyright periods that I feel were bought by media companies (If it's over 28 years old, I'll pirate away unless i can get it for a *reasonable* price).

For example: I put down $200 smackers five seasons for get smart. On the other hand I ahoy'd some 1960-1966 comics in cdisplay format vs paying $50 for them in hardback format. I'll also download things so I can take them on a trip with me- for example I downloaded Moulin Rouge (which I own on DVD) because I wanted to take it with me and not risk losing my original.

I have a problem with DRM period. I think we have a temporary window where these products are grossly overpriced. I completely disagree that an "artist" should get paid for the rest of their life for a song when the rest of the world gets paid by the hour. The purpose of copyright is not to provide artists/ creators retirement but to encourage them to create works for the public. Given how many artists there are striving to create entertainment today- I really doubt they need any more encouragement.

When I...

When I look at the Wiki, I think of something 'a person' in the security field says time and time again:

"Any person can invent a security system so clever that she or he can't think of how to break it."

                            -Bruce Schneier

As a wireless/microwave engineer

Despite disliking DRM, GSM is the most sophisticated communications protocol that I have ever seen. I have read the standard (dispite getting a headache in 5 minutes) and it is totally locked down using encryption, session keys, etc. Perhaps I am in error, but I doubt the standard itself has ever been cracked- unless via law enforcement with the complicity of the companies involved.

Yet it is the most widely used wireless personal communication standard in the world. Woe are the hackers and crackers who try to attact it directly. But like any encrypted system, the weak points usually lie elsewhere. Those would be the point of attack.

Re:As a wireless/microwave engineer

GSM is very secure, but is a communications protocol, not a DRM protocol. GSM allows Andrew and Betty to talk, without Charlie hearing. As has been stated often before, in DRM, Betty and Charlie are the same person.

Re:As a wireless/microwave engineer

Looks like the implementations of GSM encryption are known to be weak:

http://www.gsm-security.net/faq/gsm-a3-a8-comp128- broken-security.shtml [gsm-security.net]

Re:As a wireless/microwave engineer

I don't know if you would call 40 bit encryption [hackcanada.com] a lockdown, especially since it doesn't protect your conversation from the phone company, even if you are calling the other person with a GSM phone. Furthermore, they weaken or turn off encryption in most countries. Sounds like a typical effect of a DRM scheme on users all right.

Re:As a wireless/microwave engineer

There are briefcase-sized portable systems that allow easy eavesdropping on GSM communications. IIRC, the encryption is weak, and the tower can be actually told to turn it off anyway.

GSM is insecure

GSM is the most sophisticated communications protocol that I have ever seen. I have read the standard (dispite getting a headache in 5 minutes) and it is totally locked down using encryption, session keys, etc.

I am shocked to see this statement so highly moderated ! You are obviously not qualified to comment on the GSM standard. GSM is riddled with flaws and makes use of particularly weak ciphers that are known to be so poorly designed that communications can be decrypted in a few seconds with a stantard PC. [technion.ac.il]

Fuck DRM!

If Steve Jobs gets rid off it. He will be my personal hero and I am buying myself a Mac.
Go Steve, Go!

Standards adoption in an existing marketplace

DRM isn't necessarily evil; it's the unfair enforcement of such DRM that is, which is his main point. He's also saying also that a standard unencrypted mp3 can have DRM merely by being bound by a license agreement; it's once you start employing a digital means to enforce those terms that DRM begins to become intrusive. Chiariglione goes on to talk about open DRM standards and how the music industry should adopt one to promote interoperability. The problem there is that not everyone will adopt the standards, be it for their own personal gain (IE, Apple), or because they're existing technology lacks the capability of supporting a new standard (IE, retroactive compatibility wont be there). This is the main argument for completely open and free MP3 files; anybody with a player since 1992 can play mp3s. Granted, if apple were to ever go DRM-Free, it'd be with unprotected AAC (MPEG-4) files, but the idea is the same.

please define your terms ..

"he uses the term DRM without defining it"

If I was on Usenet I would assume the OP was doing the meaning of the word shuffle. Pretending to misunderstand what the other fella meant and addressing a made up meaning instead.

"while it makes sense to claim, based on empirical evidence, that protected music does not sell, it remains to be demonstrated that managed music does not"

What's the difference between 'managed' and 'protected' in relation to Jobs meaning of DRM and your version of DRM.

'That would be like saying that the Creative Commons movement is a hollow shell'

False analogy and strawman .. :)

"Curiously Steve Jobs restricts his analysis to just one option: how can Apple safely license its DRM technology to other manufacturers and be able to keep its obligations vis-à vis the record companies"

Well he can only speak for Apple after all.

They are scared.

The content industry wants one universal DRM. Everyone thought that would be MS and they were happy. When Apple won the battle, they were not happy. What you are seeing by calls for Apple to license their DRM is this frustration made public and an attempt to allow MS to embrace, extend and extinguish Fairplay. Jobs called their bluff and they realize they just may well be fucked on this. Interesting times.

Difference between a comm protocol and content

Mr. Chiariglione suggests GSM as a model of an open standard that everyone has been using for years to perform sophisticated DRM. I don't know much about GSM, but when I enter into a service agreement with a communications provider, I am doing so for live communications. Perhaps the market is morphing to providing content on mobile phones, but the success of GSM was not built on that model. I pay my mobile phone service provider monthly for access to their network, and if my phone was to stop working because my provider locked me out of their network, I would stop paying them. The agreement would be at an end, and there wouldn't be any content locked in the DRM that I want. I'm not paying them for the right to use their network in perpetuity. On the other hand, I purchase CDs and DVDs so that I may enjoy the content FOREVER. I do not pay them monthly to keep listening to the music or watching the movies, and I am not willing to enter into that sort of agreement. DRM on my music or video content is locking ME away from the content I have legally licensed, especially if the vendors disappear. So while the DRM in GSM might be acceptable, it is not acceptable on the content I purchase.

DRM TPM GSM... bwahhh???

People... PLEASE unabbreviate your abbreviations at first mention in an article. To those that don't know what TPM or GSM are (isn't GSM for cell phones?), this article appears completely ridiculous. I thought it was a joke at first.

All lies in the definition here

The author simply uses "digital content protection" where we would use DRM, and DRM as an all encompasing term for encryption, digital signatures, computer readable copyright licenses and probably a bunch of other things he didn't directly meantion. From this he concludes that DRM is both widely used and accepted. Now whether he is trying to convince poeple that the fight is allready lost and we should work on interoperable lockdowns or is just confused himself I don't know.

More detail would have been nice...

Interesting article... the author goes into a fair bit of detail in differentiating between the assigning of rights to digital media and the enforcing the rights on digital media. This is rather unusual, since the the most common usage of DRM has always been about enforcing the rights of the creator.

It would have been nice if he had gone into as much detail about GSM, and what specifically in the GSM system makes it specifically suited to DRM. I am assuming that he is referring to the encryption system used by GSM. If that is the case, there is a fundamental flaw here: as with all other DRM schemes this would require that the "keys" be stored along with the encrypted data, and the devices would know how to decrypt the data. It would only be a matter of time that someone would discover a method to retrieve the keys from the media. It works for GSM because, GSM being a communication system, there are protocols for exchanging keys between two ends of the system.

To me this appears to be an advertisement to use their DRM technology.

OMA DRM

Is a bag of shit. Most phones only implement OMA DRM 1.0 - forward lock. OMA DRM 2 - I doubt it will catch on. How many phones have implemented it and how many content providers are using it?

The issue isn't DRM, it's greed

If music were priced at its real cost plus the same small profit that all other manufacturing enjoys, it would cost $1.00 an album. After all, production costs have already been recouped for 99.9% of popular music, hundreds of times over for anything in the top 40.

And with such low pricing, people wouldn't even think twice about buying every new album that comes out in their genre. Youngsters have no money anyway, so asking them to cough up inflated prices is just completely ridiculous, and counterproductive since kids create much of the music buzz. They'll eventually purchase all the CDs that they really appreciate once they've grown up anyway --- just have patience!

You wouldn't need DRM not only because very low cost would make non-market acquisition pointless, but also because everybody would have all the music they want --- there would be nothing left to copy, in one's area of interest!

[The argument that pricing music logically would make new music cost hundreds of dollars per album is bollocks: like in all industries, development of a new product should be funded from past profits, and amortized across projected future sales. Music should be no exception, and the fact that currently the income from sales of age-old music is pure untouched profit and not reinvested to fund new production just shows the extent to which greed has distorted the music industry.]

DRM is only an issue today because of the artificial scarcity created by artifically high pricing --- greed.

Sounds like this guy ....

is even more egotistical than Steve Jobs.

He pretty much restates the overall theme of Jobs' point, in a manner that sounds condescending because we "stupid" people don't understand that DRM can apply to multiple facets of information and technology.

What a prick.

protection vs. management

I'm sure I could read up on the difference between protection vs. management.
It doesn't seem like one could be much different than the other.

There are two types of people. The RIAA see's customers and priates. The truth is there are customers and meme-speaders. Most people at times perform both roles. While it's great if people want to buy your stuff, the 2nd best choice is to have your stuff be made popular by the meme-spreaders.

If I want something from a store (brick, "e," or otherwise); I have to pay..

People should be able to copy works.

Copyright notices should be copied along w/ the work (e.g., as in GPL/Linux)

There should be a free or paid (up to the author) system whereby I can compare my "bits" to the original "bits" to make sure my copy is authentic (if that was something I wanted to do).

There should be within the copyright notice a universal resource locator that would allow me to pay and/or donate something for the bits (should I want to).

he is wrong...

Sharing of technology is impossible. Open formats? Impossible. It has never been done before.
It would be impossible for apple to share DRM because it is simply impossible. Cant you guys get it? :-)

I find it really funny how the same people that propose open formats for Office, turn around and say that "open" DRM is impossible. A lot of that "impossible" comes from monopoly of largest hardware provider.

It is impossible for Apple to open their DRM, and it is impossible for Apple to use non-DRM music, even if publishers give them rights to do so.

Job's outcry makes very little sense, and industry leaders are calling him out for it. What Jobs is saying is that they can not provide access to their DRM nor can they provide NON-DRM music if publishers allow it. So basically Jobs is claiming that he cant do anything because of the publishers, even if publishers are calling for lesser restrictions.

At the same time, one of the biggest publishers - EMI - is testing non-drm sales, of course not on iTunes, since Apple isnt allowing it.
So it turns out that it is Apple who is now not allowing publishers not to use the DRM.

Open letter to Steve Jobs

Did anyone read the open letter to Steve Jobs over at the Inquirer?

http://www.theinquirer.net/default.aspx?article=37 522 [theinquirer.net]

Existing players and compatibility

The problem we face is many existing players have DRM or have no framework to allow for new open DRM to be added.

Of course, manufacturers can write new firmware, but I'm sure that would only be done for current models.

The only way forward is to have no DRM to allow for 100% compatibility.

Interesting Times

It's a little bit strange that when the head of a company with the most successful DRM platform says "No DRM is better than interoperable DRM", people seem to be getting more supportive of interoperable DRM.

It's also a little bit strange that "the father of MPEG" is how Leonardo Chiariglione is described, rather than the more relevant "father of SDMI".

But how do you prevent theft?

Lets examine this from the point of view of the artist. That person or person(s) works hard at making some form of art. It really makes no difference what the art is, it could be music, sculpture, painting, books, motion pictures it really does not matter, lets just assume the arguments.

Now how does that person make a living doing this?

• A musician thinks up a melody, some words, fills it in and records it, then attempts to sell it to the masses. This is how that person or person(s) pay their electric bill, mortgage, buys food, GI Joe with the Kung Foo grip for their kids.
• A sculptor take a chuck of rock, clay or whatever the medium is and transforms it into a shape that is both appealing to the eye and makes some sort of artistic statement. The scupltor then tries to sell it for whatever they can get for it so they can pay their electric bill, mortgage, buys food, GI Joe with the Kung Foo grip for their kids.
• A takes a blank canvas or whatever the medium is and transforms it into an image that is both appealing to the eye and makes some sort of artistic statement. The painter then tries to sell it for whatever they can get for it so they can pay their electric bill, mortgage, buys food, GI Joe with the Kung Foo grip for their kids.

• Now I could go on and on but your all smart, I think you get the point. The {___________} {insert the appropriate moniker here }, does whatever they do so they can pay their electric bill, mortgage, buys food, GI Joe with the Kung Foo grip for their kids.

  The transportablity of the item by digital means seems to make the difference here. You cant download a sculpture or a painting, you can download an image of the sculture or painting, but not the actual item. A fine paitning or sculpture might very well sell for a very large amount of money. If you buy it, its yours, you own it, but not ALL the rights to it unless that is spelled out in the sales contract. Can you then set up shop, make a mold and make plaster casts of it and sell them? I dont think so. Can you hire another artist to duplicate the painting you purchased for a large amount of money then sell the copies, again I dont think so, that is if you are a law abiding person as I do beleive the original artist retains that right, well unless you purchased it from them I would imagine.

  Let us now take the example or say, U2 or Cold Play. These are artists who create a of work of art, in this case its music. They are willing to sell you a copy, for your individual and personal use only, to enjoy their particular art form. Now most people are quite content with that, but there seem to be some people who believe they have the right to then give that to anyone they want to, en mass! I don't think any reasonable person would think that was ok.

  So here is my proposal to solve this problem. I know that everyone wants to be able to do is play content, that they have purchased, on any device that they own. I think that a form of PGP is the answer.

  Everyone knows that in PGP you have a public and private key. Lets just take this one step further. The private key comes with the content. The public key is something you make up. The part that I think makes this work, is that each device, iPod, Zune, Your car radio, your whatever player all have a unique key of their own. That key gets mashed with your key and creates your personal key, for that device. You buy another device and you create another key for that device. At your computer or whatnot you can either have it read form the device electronicaly ( device is in the cradle ) or you can manualy type it in if the key comes from say your car stereo.

  Whatever system you use to purchase digital content with, be it iTunes or whatever knows the Private Key and your Personal Key, but not the key from the iPod, Zune, Phone, whatever. The Private & Personal keys get embeded into the particular bit of music, video, book on tape, etc. Now all of your content will play on all o

DRM=cost centre for Apple, profit centre for MSFT

DRM costs Apple money to implement and update whenever it is cracked. Apple has make their best effort to update the DRM scheme because it is part of their contract with the labels. Apple would save money if they did not have to use DRM and they would not have to update iTunes so often. It is often forgotten that many iPods were purchased long before iTMS was available in a particular market. Many also forget that many people own iPod but purchase little or no music from iTMS.

MSFT earns revenue from DRM through licensing fees and royalties from Playsforsure device manufacturers and music stores. MSFT has also implemented the Protected Media Path within Vista which will disable or degrade the performance of hardware which does not implement features to enforce DRM protections.

The WMA DRM has the added benefit of a platform lock in for the windows OS.

Yes, let's waste more money on DRM

You would think after 30 years of companies trying to protect their products--be it software, music, movies--via digital encryption of one sort or another, they would realize they're just wasting money. Blu-ray and HD-DVD were "uncrackable", until they were released to the public. How much did Sony and Toshiba waste on developing those encryption technologies? 10 million USD? 50 million USD?

A universal DRM that everyone uses? Yeah, right. Companies won't go for it, it'll cost too much, and it'll be broken in about a month.

I say you want to copy something, copy it. If you get caught, you're breaking the law and you either go to jail or pay a hefty fine. Put a personalized watermark on it or something that's hard to remove, maybe baked into the video or encoded in the music stream and leave it at that. Let the law handle the rest.

who cares standardized DRM stack enables adoption

worldwide or not ?

we do not care about different drm abilities or possibilities or easy adoption or whatever - we just DONT WANT DRM.

Missing the point?

Chillout seems to be meters and meters (in screen space) of specifications how one might represent various things that one might want to represent. That part of Chillout is complete overkill for what Apple wants.

What it doesn't do is specify (except for a reference to "users using smartcards") how to handle the problematic parts: How do I make sure that someone who isn't a legitimate user cannot pretend to be an existing legitimate user. How can I make sure that nobody can fake a permission to play music. How can I make sure that a device that is capable of playing music with the right permission doesn't make a copy of the music at exactly that point.

It looks to me as if Chillout is a complete overkill solution for five percent of the problem, and doesn't concern itself with the hard 95 percent.

Who says that they HAVE the rights they "manage?"

L. Chiariglione got my back up immediately when he defined DRM as "a means to manage rights with digital technologies." Well, no.

The most obnoxious thing about so-called DRM is that it allows content owners to manage any arbitrary restrictions. There is absolutely nothing about DRM to ensure that those restrictions are, in any way, aligned with rights the manager actually holds, and in practice DRM users invariably overreach.

A famous example was Adobe releasing an eBook version of "Alice's Adventures in Wonderland," which is well and truly in the public domain, with restrictions prohibiting its use with text-to-speech converters... and compounding the error by presenting this with unfortunate wording, which said, not that they were preventing the electronic conversion to speech, but that the user could not "read it aloud."

Adobe has insisted that it was all a mistake, as it may well have been, but nevertheless DRM allowed them to exercise "rights" they did not possess.

Now, since nothing about intellectual property is obvious, and most likely not even a lawyer knows what the law is until there is a court case, there probably is no way at all to implement a technology that actually manages "rights." In practice, DRM manages whatever the content vendor believes or wishes its rights were, not what those right may actually be.

In practice, content rights owners opinions of the extent of their own rights are, at the very least, expansive and optimistic. The RIAA believes, for example, that when I copied my collection of vinyl LP's to CD-Rs, and the moment when I threw away the LPs I lost my right to listen to those CR-R's. Without DRM, such beliefs are no more than a curiosity. With DRM, the content owner becomes judge and jury, and the DRM techology becomes the executioner.

Word games and red herrings

Look, I used to refer to myself as a "hacker". By that, I meant that I was really good at programming. That's what most people who used the word meant. Then people started talking about guys who broke into computers as "hackers" and pretty soon I had to give up using the word the way I was used to.

What Steve was talking about was content protection technologies - restricting the ability of the user through technical means. That's what people mean when they say DRM. Anything you have to say about Steve's letter that doesn't have
to do with that face of DRM is, well, it's got nothing to do with Steve's letter.

Yep, a DRM system that didn't restrict a user's abilities wouldn't get any pushback, Steve wouldn't be writing about it like this, it'd be great, but it also wouldn't exist. The only reason to statically encrypt a published document, song, or movie is to restrict the abilities of the person who buys it. Without region coding, there would be no CSS. Without the restrictions in iTunes music, there would be no Fairplay.

GSM is a red herring. GSM is a communications mechanism. It's not using a broadcast model, the call is point-to-point. Using encryption for authentication and privacy has nothing to do with anything the music industry wants out of DRM. Take out the restrictons on the end user, and there's no point to it.

We must hurry...

"We must hurry to create the prison cell we think is comfortable for fear that someone else will create a prison cell we don't."

This is a false dichotomy, as in both cases we end up prisoners.

Instead of "rushing" to create or accept a single form of Illegal Prior Restraint (often misspelled "DRM") we need to rush to prevent any such Illegal Prior Restraint.

A side effect of this Prior Restraint is that, when combined with the DMCA (in the U.S. and its puppet regimes), is that even as we speak "technologists" can create untested, arbitrary technologies which, at them moment of their initiation have the force of law. That is, if you read the law it basically says "anything created within [these bounds] immediately functions to create a new body of criminal estate, and in so doing may immediately and retroactively reclassify existing technologies and inventions as illegal."

Consider, I produce a tool that does stenographic analysis on images; this tool specifically analyzes an arbitrary image to identify the best ways that the picture _can_ _be_ used to store hidden information. (That is, it identifies the best places and means to encode information. e.g. it tells you that you _could_ fit 2kbits in the sky-part, while you could put 8kbits in the ocean part of a given image before the image is degraded enough to start showing visible signs of manipulation.) This application is completely legal. Then some guy produces an "effective content protection mechanism" that uses the "album cover" image as a Illegal Public Restraint key vector. When he does that, my existing program is "automagically" reclassified as a criminal-grade circumvention tool. It's legal magic!

So, again, here we are being encouraged in a race to the bottom, fueled by technologists who think that just because a thing can be done (half-assed-ly at best) it really ought to be done.

Just say NO to Illegal Prior Restraint and any technology that is being sold to you as a "kinder, gentler" IPR.

Whenever someone proposes something outlandish they are just hoping you will fight them back to "a reasonable compromise", which will seem "not so bad" but which if you mentally went back to before the whole debacle you would see for what it was. A Really Bad Idea.

Enough Already. The continuous questions of the "what if we make it shaped like a bird? What if we make it taste like pancakes?" form are just telling them how to focus their marketing while lulling you into a sense that there _simply_ _must_ be a configuration that you could live with. It's emotional manipulation. You begin to feel unreasonable because you don't want IPR "even if" thy go to the trouble to make it strawberry shortcake IPR with medical care attached lovingly by your grandmother.

You don't want it. You really don't. No matter how palatable they try to make it.

How bout this? I'll cut off your leg and use it to beat your children to death. But I'll give you ice cream... how about that?

IPR is just as self defeating.

The ONLY REASONABLE ANSWER is NO Illegal Prior Restraint.
 

No to DRM

If you can hear IT, see IT, IT can be duplicated. IT can be cracked. 1000 engineers work on a DRM "scheme", 100 million hackers crack it. DRM is a waste of money for the providers and a pain in the a$$ for law biding music/movie lovers. Itunes music can be copied, burn and rip, thats all, no protection.

Not so *simple* after all

~ Er, .. what exactly was so 'simple' about Leonardo's way to "skin the DRM cat"? While he supplies clear definitions of exisiting systems and issues, he still doesn't address how the issue can be *solved*. And, in my opinion, the DRM of the GSM system is not quite the same apple as an MP3. Artists and Record Co.'s stand to lose if people distribute music freely. User experience cannot be closely monitored and people will complain if, for instance, they bought a perfectly encoded mp3 (m4a) from the iTunes Store but listened to it on a Zune or a Creative Zen player! How often are customers complaining about GSM because their cellphone reception quality is bad? They'd either blame the network provider or the handset manufacturer not the underlying DRM/ software!! A closer comparison, in this case perhaps, would be the 'Visa' / 'Mastercard' systems. (Note that sometimes customers still do have troubles when they shop at a store that only accepts one system). So in the end the "innovativeness" or the extent of services offered and the friendliness is going to determine what DRM system will prevail and Apple does have a stronger culture for offering a much more friendly User Experience and technology. Ultimately though, if DRM is totally done away with, as Jobs suggests, the iTunes/ iPod market will expand itself to accommodate those Users who want to shop on iTunes Store but use other mp3 players [than the iPod] and further to customers who want to own an iPod but not necessairly shop on iTunes Store. The user base of iPod/iTunes will remain fairly steady (because,let's face it, it IS a superior product/ service experience). None others, in the industry, have come close to offering such a clean experience. Steve Jobs is probably right in suggesting that abolition of DRM should not affect the Records Companies adversely and that it may, in practice, stand to improve sales and customer satisfaction. In my [humble and not-so-business savvy] opinion though, it may only improve the sales only marginally but i do think it will be a positive trend for all. ~

I take issue with some of his statements...

Overall, Chiariglione writes very well and has some interesting ideas. But my approval of his ideas started to wane when I read this line:

He recognises that a DRM (protection) system that is transparent to the user would be an advantage to them. After all the DVD's CSS does exactly that, were it not for the unfortunate "region code".

No, Leonardo, the DVD CSS system is *not* transparent to the user, especially if you are using a Free Software operating system. I agree that the region-coding is sucky, and several multi-region settop boxes exist, but you didn't go far enough: the DVD CSS scheme (and the DRM schemes on HD-DVD and on Blu-ray) are NOT transparent to all users out there.

Let's continue...

The way to go is to have a standard system like GSM that anybody can practical [sic] implement

Well I did some digging on the 3gpp FAQ [3gpp.org] and I think I found some answers (although if someone wants to correct me or do some digging, I'd be very appreciative.

• The basic standards seem to be freely available (although their answer to this question is damn cryptic!): "Does a company implementing..have to pay any royalties..?", Answer: "[3gpp] is not a legal entity but a Partnership...between...standardization organizations in the field of telecommunications."
• The GSM specs seem to include patents which are RAND (Reasonable And Non-Discriminatory) licensed. AFAIK, RAND licensing is incompatible with most Free Software licenses...

So again, no, Leonardo. GSM is *not* an Open Specification that anyone can implement. It is encumbered with patents.

Continuing, we have:

do you think that we would have had the MP3 phenomenon without the MP3 standard or the billions of video files taken by cell phones - and shared - without the MP4 standard?

Yes, I think that the "personal" music and video revolutions could have happened without the specific MP3 and MP4 standards. Having a standard enables people to share audio and video, true. But even if those standards weren't ones that were patent-encumbered (such as MP3 and MP4), the revolution would have taken place once the hardware (iPods, cell phones, digital cameras) were small enough and portable enough for people to take with them everywhere.

It would be really hard to define a "one size fits all" DRM standard.

Actually, I think it would be easy: Let people license their files however they want, but don't encrypt, watermark, or otherwise f*ck with the contents of the files. That is to say, take the "restriction" out of DRM.

Leonardo Chiariglione sounds like a smart guy who is trying to work on creating international standards, and for that I applaud him. But I'd like him to go a bit farther and to make TRULY OPEN standards that anyone can implement, for any reason, on any hardware, without paying anything...that's what a standard should be -- not something locked down with encumbrances that prevent people from using it.

Why Software DRM is Mission Impossible

Really Steve has explained in his article: I do not know why so many people can’t get it.

In the current PC architecture, the video and audio cards expect non-encrypted data. That means, in order to feed data to it, you have to decrypt the DRM'd data in main memory and transer them to the video/audio cards. That means, it has to be crackable, esp. when DRM is done in the user land. When done in the kernel, it will be more difficult, but still you may be able to get all the data on the hardware interface or by hacking the kernel.

That already implied two ways to ‘enhance’ DRM. You may choose to encrypt all the data going through the hardware interface, and you may choose to sign the kernel modules and use TPM to establish and chain of trust and verify the OS kernel. And you can do both. The second approach is quite difficult for general-purose OSs, but works fine for embedded systems (thus TiVo). The first approach is already used by Windows Vista.

So as far as we are not talking about special DRM hardware, there is no such thing as open DRM. DRM cannot be open, and that is very nature. At least before the days when standardized DRM hardware are dominant....

Just thought I'd join in praising GSM

as it really is a much under-appreciated standard.
I have a tiny little SIM card.
I can shove it in practically any handset I want.
People can dial a number and talk to me, practically wherever I am on the planet.

Whilst you can bitch and moan about roaming charges and our fan-boy attachment to particular handset manufacturers, the just the basic idea of voice calls anywhere is amazing.
Telephony was a breakthrough - but on a global scale took decades to rollout - and even now most of the planet doesn't have a copper connection to their abode. GSM like most technologies hasn't just expanded onto a subset of what went before it - it's claimed it's own larger footprint.
Whilst I might have a warm feeling as my phone pops online at every airport I pass through, the image of a Maasai tribesman chatting on a Nokia handset in the middle of nowhere is quite simply amazing.
If you randomly selected two people of the face of the planet and tried to work out the easiest and fastest way to get them to communicate, GSM would definitely feature.

Just to come back ontopic, DRM is merely going to be a blip and it will go soon (for music at least). CDs aren't going anywhere. Whilst we have CDs, lossless 44.1kHz music will be available without DRM (both legally and illegally).
The simple truth is that digital DRM gives the customer nothing currently. CD is the same price, CD can be ripped onto anything, CD isn't going to break when you install Vista, CD isn't going to vanish when your HD crashes, CD doesn't restrict my next portable player choice, CD gives you better quality and if iTunes indulges your instant gratification button - then limewire, torrent, nntp etc can all do the same for less.
If DRM is to succeed, then it needs to give us something other than restrictions:
Better sound quality than CD
Streaming access on any client device I own
Time limited access to next album from somebody I've already bought
Basically there are unlimited options that could be given to me with 'digital music', but so far the best I've been offered is 'What you get from a CD + a load of restrictions'

Hollow argument.

DRM is bad, period.
It's the equivalent of a bible with a quarter slot. When the time runs out, the bible snaps closed.
(yeah, I saw it in an old Simpsons episode..what was it? oh yeah! "Homer gets a gun" Hey perhaps Gun Control advocates should change their bill to "Gun Rights Management". Eat your hearth out, Karl Rove.

Summary of the argument

Here's a summary of his argument:

"DRM IS NOT BAD ... if you redefine "DRM" to include stuff like Creative Commons licensing and xpdf's implementation of the PDF permissions system."