decoration decoration

When you want to know more...
For layout only
Site Map
About Groklaw
Legal Research
ApplevSamsung p.2
Cast: Lawyers
Comes v. MS
Gordon v MS
IV v. Google
Legal Docs
MS Litigations
News Picks
Novell v. MS
Novell-MS Deal
OOXML Appeals
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v Novell
Sean Daly
Software Patents
Switch to Linux
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.

Contact PJ

Click here to email PJ. You won't find me on Facebook Donate Paypal

User Functions



Don't have an account yet? Sign up as a New User

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.

What's New

No new stories

COMMENTS last 48 hrs
No new comments


hosted by ibiblio

On servers donated to ibiblio by AMD.

Some Safety and Reliability Questions About DRM, by Victor Yodaiken
Wednesday, January 11 2006 @ 09:46 PM EST

Some Safety and Reliability Questions About DRM
~ by Victor Yodaiken
President and CEO, FSMLabs

Digital Rights Management (DRM) technologies are supposed to protect digitized “content”, like movies and musical performances from being illicitly copied or used. DRM technology is sometimes described as security technology when it is really licensing technology –- something very different. In fact, DRM may decrease security and reliability.

Consider what might happen if a computer equipped with DRM technologies was also used for the primary telephone of some unlucky person who opened his email mail to find a spammer had sent him a pirated copy of a song. The song begins to play automatically just as our fictional victim recognizes that he is experiencing a heart attack and he desperately clicks the Skype window to dial emergency services. But all he sees on the screen is a big notice:


Is this a realistic scenario? Based on the recent Sony BMG fiasco, it is.

Sony BMG put DRM software onto CDs that broke the basic system security and made the entire system slower and less reliable. Imagine that your children put such a CD on your computer and opened an avenue for hackers to make copies of your business memos and personal email. Imagine what would happen to the PC running a safety monitoring system for a nuclear power plant that was also used by a technician who wanted to listen to CDs on the job.

We are entering the era of ubiquitous and safety critical computing, but the developers of DRM technologies seem to believe that computers are nothing more than personal entertainment systems for consumers. This belief is convenient, because creating DRM mechanisms that respect security, safety, and reliability concerns is going to be an expensive and complex engineering task.

Our company sells real-time control software that runs on standard platforms –- the combination of standard operating systems and processors and we have customers using Linux and PCs to control robots, telecommunications switches, electric power lines, and machine tools. We're worried about how DRM technology either built into the base hardware or into network services will interact with software that provides safety critical services or that manipulates confidential data or that has timing constraints.

Here are some issues:

  1. One goal of DRM developers is to prevent “digitization”. For example, they want to make sure it is hard to play a CD on one device in front of a microphone that records it, free of DRM, onto another device. But it would be bad if our poor heart attack victim had evaded his email-induced problem only to find the Skype call interrupted because a music CD playing in his office triggered an anti-copying DRM mechanism. Another example I like to bring up is an armed robber wearing a Mickey-Mouse t-shirt with some embedded DRM triggering patterns in it –- and a security camera that obligingly shuts down when it detects the pattern.

  2. If DRM is going to work, it will need to be enforced by a web of reinforcing mechanisms: the processor will have a hardware ID and a hardware locked key that will be inspected by the operating system which will have its own keys that will be required by databases and media players and network devices. What happens if a network card breaks and is replaced -– causing the DRM system to conclude hardware has changed? Do we need to wait for new keys?

  3. How will DRM-locked and DRM-free systems interact? The computer that controls a medical blood test machine should not have DRM mechanisms on it, but will that cause problems when it tries to transmit results to a DRM-locked server? It's certainly plausible that DRM mechanisms will be built into the network hardware/software combination on the server and it will be tempting to make servers that refuse messages from “unsafe” (DRM-free) sites.

  4. Who controls DRM authenticity keys? Can a record company in dispute with an artist deny that artist keys needed so that her new works can be published directly or by a second company? What happens if your company's design documents or advertising or spreadsheets get caught up in DRM controls –- who do you call to get a key? If you have data in one database or file system and you switch, can you export the data without permission of the vendor of the first system? Will DRM keys be under the control of companies with an interest in denying their competitors access to the market?

  5. If someone wants to develop a media player used in a manufacturing system, will a DRM-enforcing operating system or computer board refuse to allow the media player access to video ports without a DRM key? What about drivers for nonstandard devices -– will these trigger DRM issues?

  6. Will DRM actions interfere with system timing? If DRM mechanisms are built into the BIOS software or board or processor firmware, can the processor be diverted from controlling a robot arm or monitoring a valve on a nuclear power plant to check licenses?

  7. Will DRM-locked technology be clearly labeled and inform users of possible problems? Is it going to be easy for a technician upgrading software on a computer controlling an intensive care unit vent or an airplane communication system to inadvertently install DRM-sensitive software instead of the DRM-free software?

  8. If all commercially available notebook computers are DRM-locked how will we assure that a portable digital diagnostic unit carried around by visiting nurses doesn't start to misbehave when the nurse loads a photo of her family from a digital camera with DRM requirements?

  9. Will virus writers be able to trigger DRM falsely on infected computers? Can a virus that purposely tries to copy DRM-locked music cause the computer to shutdown or lose functionality? Once one machine on a network is detected as possibly insecure will other machines refuse to talk to it? How can a network that has been marked as compromised be reset?

  10. Will DRM mechanisms trigger if they are placed behind a firewall? Currently, DRM mechanisms appear to be being designed to allow remote checking from the “license owner”. If it is possible to defeat those mechanisms by blocking some network traffic, DRM will be easy to evade. If not, DRM will battle network security.

  11. Will DRM network hooks provide security holes for virus writers? This question has already been answered by SONY BMG and the answer is not reassuring.

To summarize, DRM is a potentially dangerous and intrusive licensing technology that is being pushed into production before safety and reliability issues have been addressed. The widespread use of standard computer products to control all sorts of important systems is being ignored and DRM is being introduced as if there was no role for computers except as personal entertainment devices and as if computer users were purely consumers of prepackaged “content”. This approach seems sure to create more problems as time goes by.

Victor Yodaiken is the creator of RTLinux and President and CEO of FSMLabs, a software development company headquartered in New Mexico. Yodaiken has been working on operating systems in both industry and academia since the early 1980s, when he was one of the developers of one of the first commercial distributed fault tolerant UNIX systems. In a technical article published in Linuxdevices in 2002, he argued that without a major attitude change digital rights management technologies would cause software security failures and generate safety problems for everything from medical equipment to military systems. There is an updated version of the article here. See also DRM Out of Balance at LinuxDevices.

© Victor Yodaiken 2006.


Some Safety and Reliability Questions About DRM, by Victor Yodaiken | 401 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
Some Safety and Reliability Questions About DRM, by Victor Yodaiken
Authored by: Anonymous on Wednesday, January 11 2006 @ 09:51 PM EST
It's not about safety or reliability though, is it. It's about profit and
business models.

Were it not about these, your points would be listened to by the medai
companies. As it is, they'll deny the ship is sinking even when they have to
cling on to the side of the ship to do it.

[ Reply to This | # ]

Authored by: Ossymoon on Wednesday, January 11 2006 @ 09:54 PM EST
Please place corrections here


He's a technomage... He appears when you want him least, and need him most.

[ Reply to This | # ]

    Off Topic
    Authored by: Ossymoon on Wednesday, January 11 2006 @ 09:56 PM EST
    Please place off topic things here

    Don't forget to link!!!


    He's a technomage... He appears when you want him least, and need him most.

    [ Reply to This | # ]

    Look, can we please stop this particular FUD?
    Authored by: Anonymous on Wednesday, January 11 2006 @ 09:58 PM EST
    "Imagine what would happen to the PC running a safety monitoring system for
    a nuclear power plant that was also used by a technician who wanted to listen to
    CDs on the job."

    A technician who plays CDs on a PC that's running a (critical) safety monitoring
    system for a nuclear power plant is grossly misusing the system in a manner for
    which both he and the system designers (who allowed this to be possible) should
    be fired. Regardless of DRM concerns, that PC should not be running any
    programs -- such as music players -- that it has not been completely certified
    to be able to run safely while doing its job.

    There are perfectly good examples of cases where DRM software could get onto a
    mission-critical computer and cause trouble. This particular scenario is,
    however, one that is completely implausible, and insofar as it is plausible, is
    a dangerous situation for far more reasons that DRM. Thus, using this as an
    argument is FUD. We should not stoop so low, particlarly when we have no need

    - Brooks

    [ Reply to This | # ]

    This is sort of a "scare".......
    Authored by: Latesigner on Wednesday, January 11 2006 @ 10:29 PM EST
    Okay share isn't part of the corporate mindset and they'd really like to go back
    to the days when they delivered the content and consumers consumed.
    But now it's interactive and all those old "rights", that didn't
    matter because they couldn't be used, have now been labeled piracy.
    Let's enforce the consumer's rights and make DRM that gets in the way illegal.
    When that's clear we can address the piracy issue.

    The only way to have an "ownership" society is to make slaves of the rest of us.

    [ Reply to This | # ]

    Just say 'NO' to anything with DRM
    Authored by: kawabago on Wednesday, January 11 2006 @ 10:55 PM EST
    If I become a cultural vagrant unable to access any electronic content, then
    I'll read books from the library. They have millions of them so I'll never run
    out. Millions of used CD's without DRM are always available for music. As for
    movies, am I really missing anything?

    I paint watercolours and imagine if I built a big black box to install DRM
    around one of my paintings. Then I'd charge people just to look at it and no
    money back if you don't like it. What a great way to trash a career, prevent
    people from appreciating my work. Limiting my audience should drive down the
    price of my art right through the floor!

    How great it feels to watch people's expressions as they view my work. Nothing
    I've ever done has given me such satisfaction. I don't care if they buy it or
    not, just that they liked it is enough for me. Someone else will buy it.

    Art, any art, is communication. Communication is most effective when it reaches
    the most people. DRM is the opposite, it prevents communication. Any art that
    is wrapped up in DRM is dead. In 10 years will you still be able to play the
    $3,000 worth of iTunes songs you own? Won't all the culture that is locked up in
    DRM become inaccessible as technology changes? Doesn't that mean that to
    historians the DRM era will a big blank space in our cultural heritage. All the
    art and culture of a generation locked up and lost forever with DRM.

    That's why I'm not buying into any DRM system. I know my art will be appreciated
    by generations to come. Will yours?


    [ Reply to This | # ]

    A more realistic worry
    Authored by: Anonymous on Wednesday, January 11 2006 @ 11:00 PM EST
    is that if DRM becomes ubiquitous, in fifty years time all of our culture will
    be gone. It is bad enough with the legal obstacles provided by copyright now,
    but while it may be illegal, at least there are no technical obstructions to
    playing an old 75 and preserving the content into a digital format. Imagine if
    all music video and books were to be protected by DRM. Just how usable do you
    think they will be in 20 years time; in 50 years time: how usable will they be
    in 150 years time when they FINALLY come out of copyright! This is a mechanism
    for the total destruction of our culture. Our descendants will curse the tragic
    loss of early 21st century popular culture to DRM.

    [ Reply to This | # ]

    DRM -- Piracy? Or not?
    Authored by: Anonymous on Wednesday, January 11 2006 @ 11:20 PM EST
    Piracy has often been the scrapegoat for the "need" for effective
    Digital Rights Management technology. The theory goes something like this:
    "If P2P did not exist and people had no way of massive distribution of
    copyrighted content, then DRM would not be necessary." However, once the
    underlying objectives of DRM is examined more closely, an astute audience begins
    to realize that DRM was going to come. P2P and "piracy" simply
    accelerated the process.

    DRM has only one purpose: To make you pay multiple times for the content you
    used to be able to pay once and enjoy. Instead of owning a CD, you might only
    own some bits that evaporate after being viewed a number of times, or an
    expiration date. The content cartel wants to create a future where you never
    really "own" any content, but only "rent" it.

    That is, instead of keeping copyright in the realm of public performance,
    distribution, and copying, the content cartel wants to expand the scope of
    copyright-- through legislative means via anti-circumention laws, through
    contract laws with EULAs, and through technical means via DRM. The ultimate
    goal is to effectively transform "copyright" to

    Once the content cartel can control every use of a work, then a whole bunch of
    new "business models" open up. Every little use that you thought you
    had the right to perform day is an opportunity for money to be made.
    Time-shifting? That'll cost you some money. Space-shifting? That'll cost
    money too. If you want to listen to the song more than twice, you'll have to
    shell out the dough. If you want to excerpt, or make "fair use", or
    create a backup, then you'll have to pay too. Oh, the future player (controlled
    by the content cartel via restrictive licensing terms on the player technology)
    will detect how many people are in your room when you try to play, and multiply
    the costs accordingly. If you can think of a use, then the content cartel will
    want to monetize it.

    The content cartel is well on its way even before "piracy" took center
    stage. Remember "software licensing"? Ten years ago, everyone knew
    it was a myth. Then a few court cases (like ProCD) started to make it a
    reality. Now you talk to a good percentage of people, and they'll say that
    software licensing is a natural thing, even though no one ever
    "licensed" a book. And in five years? Who's to say that everyone
    won't think software is licensed, not sold?

    Of course, a reasonable person would suggest that even Congress would not be so
    bribed as to take away Fair Use, or the Doctrine of First Sale. The problem is
    that while the law might permit Fair Use and other rights, you will not have the
    technical means to exercise those rights. Anyone trying to create the tools
    will risk the wrath of anti-circumvention. And the content cartel is happy,
    too-- after all, you still do have the right to Fair Use. But if you want to
    exercise the right, the RIAA has the chance to make some money. No one ever
    said Fair Use had to be "free".

    Consider the possibility that the public library could exist given the IP regime
    today, if it was not born years ago when IP was much more reasonable? Would
    Congress be brave enough to protect libraries with special exemptions to
    copyright law, if it did not have the benefit of hindsight in the value of the
    public library to literacy and education? Given the DMCA, could anyone afford
    the legal liability of opening a public library?

    Every time someone loans a book from a public library, that book reflects the
    loss of a "potential sale". Isn't "lost sale" a familiar
    tone coming from the RIAA, MPAA, and the BSA? The public library is a vehicle
    for massive copyright infringement by taking away sales. Even if no (illegal)
    copies of the book were made, you can bet that the content cartel wants to
    maximize their profits and find a way to charge for each use. DRM allows them
    to do this. The RIAA already tried to shut down secondhand (used) CD sales once

    When everything is taken under a broader light, then it is perfectly clear that
    piracy really doesn't have anything to do with DRM at all. Its a smokescreen.
    Because all of the reasons for wanting DRM comes from economics, and maximizing
    profits. That's why DRM was going to come around one day, piracy or not.

    As far as the customer or user is concerned, DRM is a losing proposition. DRM
    does not really create any value, but rather it takes it away from you and gives
    it back to the copyright holder.

    In the future, you will have to pay more, but you'll end up getting less.


    [ Reply to This | # ]

    Some Safety and Reliability Questions About DRM, by Victor Yodaiken
    Authored by: Anonymous on Wednesday, January 11 2006 @ 11:33 PM EST
    I used my my commodore 64 as a real time controlling device. It was really bad
    at it. Conclusion: Computers are not suitable for real time controlling tasks.

    The above conclusion is approx. just as flawed as this article. Just because
    Sony's semi-DRM solution has all kinds of flaws doesn't mean that such flaws are
    inherent to DRM in itself. Just like the fact that Kazaa installs all kinds of
    malware doesn't imply that P2P software is inherently flawed.

    Victor could have made a valid point by pointing out that running content from a
    CD can compromise the security of a system. Whether that's due to bugs, criminal
    intent, or an incompetent DRM implementation is hardly relevant.

    The health care and nuclear industry examples that victor provides are
    interesting from a trusted computing platform point of view though. A trusted
    platform can help to ensure that hardware with the potential to be
    life-threathening is running the exact software that people expect it to be
    running and not infected with viruses, Sony's DRM or other non-authorized

    [ Reply to This | # ]

    The answer is simple...
    Authored by: Anonymous on Wednesday, January 11 2006 @ 11:42 PM EST
    Easy, just run everything under a "Virtual Machine Monitor" and all hardare is simulated! For any user actions, like for instance running an Illegal DRM incumbered CD/DVD, hence the "users VM environemnt" being put "on hold" but the reatime processes running in a different partition (heart pace maker monitor, etc) are unaffected?

    In the mean time someone writes a "Virtual Machine HostOS Driver" module for the simulated "Video/Sound Processor" redirector module that shunts the simulated Video/Audio hardware driver of one VM (pick your OS of choice of course) to pump the Totally "illegal" Video/Audio Stream content directly into another unrelated VM User's OS partition Video/Audio input channel which then proceeds to copy that covert stream to its final Covert/Illegal/CD/DVD/VM/non-DRM simulated non-DRM/CD/DVD/hard_disk/copy/clone/replicated virtual destination for all kinds of fun and personal pleasure. That way everyone is happy, arn't they? According to the DRM nothing was copied, and the CPU says the heart pacemaker monitor didn't skip a real-time beat, and the bandit sure made off whith a Gazillion copies at $10.00 a pop! So, err, whats the problem here? Oh, you think that Sony might object? How would they ever know they were supposed to be upset, Even with their SUPER ROOT kits deployed? Do I see a problem here? Yes, they just won't stop a dedicated hacker, that is for sure. If they can "play" the CD/DVD then thay can not stop you from "playing" the CD/DVD!! Its just a good thing for their sake that i'm and honest hacker, unless of course they do something sooooo *stupid* as to make somebody like me angry - lol; Good thing for them, I guess. because I have yet to buy one of those CD's! ;*}

    [ Reply to This | # ]

    Authored by: mobrien_12 on Wednesday, January 11 2006 @ 11:42 PM EST
    Nice article, but if I may put in my $0.02.

    I do not believe DRM has anything to do with stopping illicit copying. That's
    what the RIAA and MPAA and Microsoft is saying (so "supposed to be"
    might be an accurate statement).

    However, this whole thing has just been about the large media companies trying
    to exert greater control over content and extend copyright restrictions not for
    the sake of justice, or the protection of the artist, or even for morality. No,
    the real reason is just sheer greed.

    Why do movie and record companies whine about their "intellectual
    property" when they SELL content? If they sell an album or a movie, the
    customer gets a piece of that intellectual property! True, he/she has very
    restricted copying rights (that's the whole point behind copyright law) but the
    customer is buying something! If the media companies want absolute control over
    content, they should just lock it away in their vaults and not try to sell it.

    But greed pops up, and they think that "intellectual property" means
    they can sell things without selling things, and fix prices, and crank out
    lifeless soulless garbage and are somehow magically entitled to the publics
    money. Then when they alienate their customers and their sales drop, they whine
    to their bought-and-paid-for congressmen and senators about the

    I remember Jack Valenti trying to justify region coding on DVD's, "well you
    see, the pirates... blah blah blah." Region coding has nothing to do with
    piracy. It has everything to do with greed and attempts to keep control over
    something that they sell. "Have your cake and eat it too" comes to
    mind... or maybe "eat your cake and sell it too."

    [ Reply to This | # ]

    Difference between DRM and rootkits
    Authored by: gibodean on Thursday, January 12 2006 @ 12:09 AM EST
    The article seems to blur the line between what is DRM and what it a
    rootkit/spyware/virus type thing.

    They are not the same.

    The fact that a rootkit can be used by Sony to try to "Manage" their
    Digital "Rights" does not mean that all DRM is necessarily going to
    destroy your computer.

    DRM is bad, no doubt, for many reasons that you mention, especially lack of
    "fair use" provisions, and use of the product after copyright
    expiration. But, you computer slowing down, and becoming "infected"
    is not a result of DRM. It's a result of over-zealous companies going too far,
    and treating your computer as if it's theirs.

    Most DRM is simply a pain, which makes you not able to use your data.

    And most rootkits and viruses are written by spammers and crackers.

    Companies using DRM should be avoided by consumers. Companies using rootkits
    should be criminally charged.

    [ Reply to This | # ]

    Some Safety and Reliability Questions About DRM, by Victor Yodaiken
    Authored by: Anonymous on Thursday, January 12 2006 @ 12:26 AM EST
    It just means that US manufacturers of DRM compromised PC's will lose sales to
    Chinese and Indian manufactured PC's that don't have the technology. The same
    has happened with CD readers already, and DVD players that have region encoding.

    [ Reply to This | # ]

    It's about time to finally state...
    Authored by: pallmall on Thursday, January 12 2006 @ 12:32 AM EST
    ... that the record companies, movie studios, and their contracted "artists" have no more right to exist in their present form as candle makers existed before the light bulb came along.

    Let them disappear. If their "high-quality" content goes with them, so be it. New forms of content and distribution business models will take their place if technology is allowed to progress free of DRM restrictions.

    Remember, the DRM they want will be included in device hardware and software whether you want it or not, whether you play any of their "property" or not, whether you know it or not. Look at the legislation being proposed in the US Congress and it is clear that it may become a CRIME to even possess a device that does not include DRM. It's already a CRIME to even contemplate ways to circumvent current DRM.

    Also remember that DRM doesn't stop with songs and movies. It allows monitoring of all information on your hardware/software, all use of your hardware/software, and all changes in your hardware/software. The decision of what can and can't be viewed will not be up to you. Think of it -- TOTAL CONTROL OF INFORMATION in the hands of a government/media-industry alliance.

    The DRM battles fought now are for our children. What kind of "intellectual rights" will they have if we give them away now for a song?

    Groklaw! -- If I had better things to do, I'd still be doing this.

    [ Reply to This | # ]

    More expensive?
    Authored by: Anonymous on Thursday, January 12 2006 @ 01:29 AM EST
    Well, will those devices that are going to be DRM-free become just more
    expensive, prohibitively so for the ordinary person?

    [ Reply to This | # ]

    DRM is a Hardware technique
    Authored by: Winter on Thursday, January 12 2006 @ 03:35 AM EST
    It is a theory for PHB's and ignorants in general that DRM has something to do
    with digital content.

    However, digital content can not be protected, period.

    The only feasible DRM schemes are based on cryptography and involve a secret,
    digital key. The key cannot be protected, as it is digital too.

    Therefore, all DRM schemes involve hardware peripherals that are kept outside of
    the control of the consumer. All DRM is about taking away the hardware from the
    consumer. That is, all DRM involve letting outsiders control YOUR PC and home.

    A fitting analogue is installing video camera's (with audio) in your house that
    let an outsider activate your TV, audio, and VCR. But only if they are convinced
    that you are using them in the correct way. They might even warn you if a
    burglar enters, but they promise nothing. And they promise, really, to not look
    at what you are doing in your house. Honest. Never. So, hey, you can feel safe


    Revenge, Justice, Security, and Revenge, chose any two.

    [ Reply to This | # ]

    Some Safety and Reliability Questions About DRM, by Victor Yodaiken
    Authored by: Anonymous on Thursday, January 12 2006 @ 03:44 AM EST
    Now here's a case (from The Register) where the use of DRM is have a bad impact on a member of the film industry.

    Spielburg film looses any chance of a BAFTA award

    [ Reply to This | # ]

    Even 'personal entertainment systems' suffer from DRM
    Authored by: moonbroth on Thursday, January 12 2006 @ 05:53 AM EST
    Developers of DRM technologies seem to believe that computers are nothing more than personal entertainment systems for consumers.

    Even if this were true, the developers of DRM technologies ignore the fact that I don't want my (gaming-optimised, expensive, bleeding-edge) PC's performance to suffer a 1-2% CPU overhead and performance hit, multiplied for every brand of DRM that's been unwillingly or surreptitiously installed on it.

    I'd encourage anyone who's concerned by this overreaching nonsense to sign up to the PledgeBank pledge to boycott all DRM'd CDs forever (see this BoingBoing article and the related PledgeBank signup page) and show the music labels where you stand.

    Cheers, Nick

    [ Reply to This | # ]

    It's the insidiousness that bothers me
    Authored by: RPN on Thursday, January 12 2006 @ 06:07 AM EST
    The problem is not for me DRM per se (though I think it's a nonsense anyway).
    The real problem lies in having multiple DRM's in place and it isn't just about
    music and video. Anyone and everyone with 'IP to protect' will get in on the act
    if they think they can get away with it. You could end up with DRM applications
    from music sources, film sources, software companies, web sites.... A total
    nightmare under any OS (and for the OS companies and security companies - it's
    real hard to feel sorry for MS but I bet they are, rightly, furious about the
    Sony and Norton actions) because you cannot quarentee their interactions with
    each other and the rest of your system; and DRM absolutely can't begin to work
    without going low level in the OS. Not only that but you may well not be able to
    figure out which one is causing the trouble and in theory at least it's illegal
    in many places to poke around trying to work that out let alone what is wrong
    with the particular DRM involved. This really reminds me of the eighties when
    so-called 'dongles' were tried for a while by some software companies as a way
    to stop software piracy. They were a nightmare and a user revolt meant they did
    not last long. I hope that will prove the case with DRM but at the moment there
    is no sign of a strong enough backlash sadly.

    I also think other posters are right to see this as a very real push to a
    subscription/micropayment model for everyone and everything which, perhaps not
    wholly rationally, really gives me the creeps for a variety of security,
    personal finance management, ownership versus rental and other reasons. I've
    never been comfortable with 'renting' anything and I understand part of the
    swell of dislike with MS in the business world is about the shift to
    'subsciption' versus purchase pricing. It's certainly a real issue for my
    employer and a reason we have not upgraded anything for quite a while and new
    purchases for new hardware have been purchased singles rather than through a
    business licencing scheme.

    Sorry MS/EMI/Sony/etc etc etc if you shift to this sort of pricing you can
    forget me as a future customer. I am simply not prepared to mess about with
    multiple DRM implimentations on my computers and I have absolutely no interest
    in 'pay per view/listen' in any shape or form. Treat me like a customer offering
    me a quality product and I will be a customer. Otherwise forget it. Especially
    if your actions imply I am a criminal.

    It is also a reason my employer, albeit a small one, may very well go FOSS when
    obsolesnce really bites with the software we currently have in use. Not the only
    one but one that really should give software companies some pause for thought.


    [ Reply to This | # ]

    If your guy was using Skype to call emergency services
    Authored by: Anonymous on Thursday, January 12 2006 @ 06:09 AM EST
    then his doom was his own making, not that of DRM. You can't make emergency
    calls over Skype. Why didn't he just pick up the phone like everyone else?

    [ Reply to This | # ]

    Truth in names
    Authored by: Anonymous on Thursday, January 12 2006 @ 06:59 AM EST
    We all go along with the "PC" name DRM, AKA Digital Rights
    "Management". What DRM really is, would be named Digital Rights
    We should start calling the wolf a wolf, not some pet name created by wolves.

    Everyone goes along, merrily repeating the "management" line; DRM is
    restriction, not management.

    [ Reply to This | # ]

    Some Safety and Reliability Questions About DRM, by Victor Yodaiken
    Authored by: Anonymous on Thursday, January 12 2006 @ 07:24 AM EST
    If I rent an auto for a day, that's a contract between me
    and (say) Hertz. If for any reason the auto is
    unavailable, like it breaks down, then I expect Hertz to
    fix the problem and get me on my way with whatever I
    wanted to do.
    It's also quite reasonable for me to want to own an auto
    'forever', or to lease an auto for a fixed number of
    So what's different about DRM ? Provided the terms of the
    contract are clear before money changes hands; and
    provided the copyright owner respects my rights too (in
    this case, if Sony break my PC, then Sony need to show up
    and fix it again; and if the CD is unplayable then Sony
    need to show up with a replacement), then things should be
    Besides, Sony need 'free' music, too. How do you think
    they find new artists ? The current ones will eventually
    get old and retire; there must be renewal.

    [ Reply to This | # ]

    Who owns "your" computer
    Authored by: overshoot on Thursday, January 12 2006 @ 08:09 AM EST
    One question that the TPC has always avoided: who is the "owner" of the computer? Their documents keep referring to that "owner" but they have steadfastly refused to clarify who that is.

    Either the "owner" is the person or company that paid for it (etc.) or some other party.

      If it's the titular owner
    • The owner can recover keys stored in the computer (for instance, to move them to a backup machine.)
      • This is unacceptable to the **AA, since it totally defeats DRM
    • The owner can flush keys (etc.) rendering encrypted files unreadable
        This is totally unacceptable to law enforcement.
      • Theonly way it is going to be accepted would be with a built-in backdoor
      • Hmmm ... built-in backdoor. How long until that gets cracked?
      • For that matter, you can bet that Microsoft will know the "back door." Please roll a paranoia check.

      On the other hand, if the "owner" is some other party (e.g. Intel)
    • Data becomes hostage to the "owner"
      • The "owner" who may be a competitor
      • In any case, the delay may be expensive (as VY notes)
      • This would seem to be totally unacceptable to the business community
    • Any claim of "unbreakable security" goes out the window, since this has the classic problems of key escrow.
    • How is this going to go over with non-US governments?

    My read is that the DRM demand is not negotiable, so the titular owner won't normally have key-recovery capability. I also think that the business community won't (long) accept having to beg Intel for recovery keys; if nothing else the bookkeeping expenses are likely to be staggering. Finally, there isn't a snowball's chance that any government will accept a scheme that can't be gotten around with a court order.

    My (tentative, paranoid) conclusion is that the chip manufacturers will keep the master keys and that "trusted users" (read large companies, governments, etc.) will be able to get the keys to purchased computers at the time of purchase, but that ordinary users won't. The contractual terms associated with corporate purchases should be a treat.

    [ Reply to This | # ]

    Return to 'Pay per Performance' and new claims of rights
    Authored by: Anonymous on Thursday, January 12 2006 @ 10:16 AM EST
    To me this looks like the content rights owners are against *ALL* copies, even
    the ones they sell. What they want is to collect royalties on every
    "play" of the content. You think you just bought a CD? Well, no, you
    just bought the convenience of being able to play their content at your
    discretion. You still have to pay for each playing. As wireless networking
    begins to saturate our world even the most portable players can be in constant
    contact with the licensing and billing servers. Temporary off-network periods
    can be accomodated much the way pay-per-view cable boxes handle this.

    As for the inclusion of DRM into everything, I see this also in monetary terms.
    Look at any movie credits and you will see credits for the camera, the tripod,
    even the film used. Now look at the attitude some digital camera manufacturers
    have toward their proprietary formats. Next? These manufacturers will want
    rights to photographs you take using their equipment. Sure, the photographs
    themselves are copyright by you, but if you bought an "amateur" camera
    did you notice the term in the EULA that states that if you use a photograph in
    any publication for compensation or use the camera for professional, compensated
    work you both need their permission and owe them compensation? (fictitious, but
    plausible future restriction) You want to use a camera professionally? Buy the
    more expensive camera with a "pro" license or buy a usage license.

    We are realistically headed towards both of these kinds of scenarios.

    [ Reply to This | # ]

    Seems I posted this a bit too early
    Authored by: NetArch on Thursday, January 12 2006 @ 11:05 AM EST
    Given this storyline, it seems I posted this a bit too early:

    I know it's old (December 9 2005), but it's relevant to the general tone of topics here on Groklaw. If it's been discussed here before, I obviously missed it.

    The full article is here. And it's written by another Pamela ;-)

    "U.S. District Judge Henry Kennedy Jr. in D.C. ruled that obtaining a username and password from a third party that has authorized access does not violate the DMCA. Kennedy cited the only other court to rule on improper use of a legitimate password, holding that gaining access to a third party's legitimate password is not the same as hacking. (My bold).

    "It is irrelevant who provided the username/password combination to the defendant, or, given that the combination itself was legitimate, how it was obtained," Kennedy wrote in Egilman v. Keller & Heckman, No. 04-876HHK. Use of a legitimate password does not "circumvent" a technology used to control access, Kennedy concluded."

    So let me get this straight: All I have to do to get around the DMCA is to (a) go dumpster diving, or (b) hang around the local bar and start buying drinks for anyone with a beef about my intended target. So we penalize university researchers who probe protection mechanisms to find their flaws, but any gumshoe is off the hook if they play like Sam Spade? The DMCA makes any technological circumventions illegal, but good old detective work is OK?

    I guess this article defining Soci al Engineering as a hacking technique is completely and legally wrong then. As one poster in the other thread said, "Since when is hacking a legal term?"

    I know that there are other laws that would cover things the DCMA does not, but I still feel that the more the DMCA gets poked and prodded, the more its foundations seem to be a bit sandy.

    On a tech note, I can't remember the trick to get around the bug in Geeklog that inserts spaces in the label of a long url tag (Social Engineering above)...

    NetArch - building a better Internet one subnet at a time...

    [ Reply to This | # ]

    Some Safety and Reliability Questions About DRM, by Victor Yodaiken
    Authored by: The Cornishman on Thursday, January 12 2006 @ 11:08 AM EST
    There's all sorts of ways that this issue is less critical than the nuclear
    safety example would indicate.
    First of all, I wouldn't deploy Windows as part of a safety-critical system.
    That's a no-brainer. Next, if I did have to make a Windows client part of a
    safety system it wouldn't have a CD drive or a USB port, so the operator would
    be unable to load DRM'd music. Furthermore, any attempt to do so would be a
    breach of the Security Operating Procedure, and the operator would very soon be
    not an operator, after all. I'd like him/her to be concentrating on the Nuclear
    Safety, not Girls Aloud!

    (c) assigned to PJ

    [ Reply to This | # ]

    Some Safety and Reliability Questions About DRM, by Victor Yodaiken
    Authored by: lyndon on Thursday, January 12 2006 @ 11:08 AM EST
    We've recently been discussing the ODF format, as being potentially future
    proof. How future proof do you think DRM will be? The recent Sony example CD
    wouldn't actually work on Win2003 as the OS prevents software from doing what
    that program that did. (Essentially hooking into and replacing an OS function).
    How long will todays DRM schemes last? Until the next version of Windows, do we
    get our money back then? So you have all your DRM'd music CDs and you upgrade
    your OS. Oops, bye bye music. to me this is at least as bad as the loss of 'fair
    use', not that there's such a thing as fair use in the UK anyway....

    [ Reply to This | # ]

    Some Safety and Reliability Questions About DRM, by Victor Yodaiken
    Authored by: John Hasler on Thursday, January 12 2006 @ 12:23 PM EST
    Some of this stuff is pretty implausible. Anyone who uses a computer capable of
    playing music CDs for a life safety or security critical purpose is negligent.
    In fact, anyone who uses a commodity computer for such purposes at all is
    negligent. In any case, there will be two classes of computer: DRM-free
    industrial and commercial machines that will be very expensive and very hard for
    "consumers" to get, and "consumer" appliances. This will,
    of course, drive up the cost of many industrial and commercial applications that
    could have safely used cheap commodity computers but for the DRM and cripple
    innovation and education by blocking exploration and experimentation.

    IOANAL. Licensed under the GNU General Public License

    [ Reply to This | # ]

    Some Safety and Reliability Questions About DRM, by Victor Yodaiken
    Authored by: unixgeezer on Thursday, January 12 2006 @ 01:01 PM EST
    Victor has given us a landmark position paper on the evils of DRM. It reminds
    me of Edsger Dijkstra's classic "GOTO Statement Considered Harmful."

    What is it going to take to get the political community to disown this
    illegitimate offspring of the "content" industry? Will there have to
    be some shocking and catastrophic failure that can be laid squarely at the feet
    of the DMCA and Sen. Fritz Hollywood? Of course, several federal agency heads
    would have to be thrown off the sleigh before the wolves get to the members of

    To call DRM and the DMCA "wrong" is a faint approximation of how bad
    they are. They would have to notch up several levels in many areas (appropriate
    remedies, protection of fair use, etc.) to even rise to the dignity of error.

    Unix Geezer

    [ Reply to This | # ]

    Take cover folks, 'cause HERE IT COMES!
    Authored by: raynfala on Thursday, January 12 2006 @ 01:35 PM EST
    10. Will DRM mechanisms trigger if they are placed behind a firewall? Currently, DRM mechanisms appear to be being designed to allow remote checking from the “license owner”. If it is possible to defeat those mechanisms by blocking some network traffic, DRM will be easy to evade. If not, DRM will battle network security.

    No, the DRM software won't have to battle network security. The content vendors will merely pressure Congress to pass a bill that makes it illegal to manufacture or use any router, firewall, switch, or any other packet-filtering device that interferes with DRM-related network traffic.
    Welcome to the new 1984. >:^|


    [ Reply to This | # ]

    Some Sanity and Intelligence Questions About Victor Yodaiken
    Authored by: Anonymous on Thursday, January 12 2006 @ 04:37 PM EST
    > We are entering the era of ubiquitous and safety critical computing,
    > but the developers of DRM technologies seem to believe that
    > computers are nothing more than personal entertainment systems for
    > consumers

    You, sir, are either incredibly naive, or a demagogue.

    "Computers" *are* personal entertainment systems for consumers.

    "Computers" are also IBM, Siemens, and Hitachi mainframes doing
    high-volume, secure processing of bank and stock-exchange transactions.

    "Computers" are also dedicated boxes monitoring and manipulating the
    control surfaces on Boeing and Airbus passenger jets.

    "Computers" are also corporate file servers, which shouldn't even have
    something as unnecessary and dangerous as Windows Media Player, or any other
    media player software, installed on them.

    "Computers" are also embedded controllers that manage automated
    manufacturing facilities, oil refineries, nuclear power plants, medical test
    equipment, and other industrial processes.

    And this is only scratching the surface of all the different kinds of devices
    that you are carelessly lumping under the one-size-fits-all heading of
    "computers." Your sedulous conflation of all these very different
    kinds of devices is only muddying the issue.

    I completely agree with you that the companies pushing media-oriented DRM would
    like to treat consumer PCs as "personal entertainment systems for
    consumers," but frankly, that is exactly what they are: no more, no less.
    Welcome to the long-hyped Digital Convergence. They have many other
    capabilities, being "general-purpose" computers and all; but the
    consumer PC industry, in its infinite wisdom, has decreed that they shall all be
    "personal entertainment systems for consumers."

    Your understanding of the situation is so sketchy that I can't even get beyond
    your first example of a presumed VoIP-based 911 failure. Skype, Vonage, etc.
    are all very clever applications, but because they live or die based on the
    reliability of these consumer PCs, they *are not* POTS, nor can they ever be.
    Do you have a consumer Windows PC that can compete with an ILEC on reliability?
    Until you do, expecting VoIP to be a replacement for POTS in *any* situation is
    merely wishful thinking.

    The fact that VoIP apps are being marketed as a POTS replacement -- and that
    ISPs, telcos, and cablecos are marketing them as such -- is one of the sleaziest
    cases of corporate irresponsibility that I've ever seen. It's even worse than
    marketing cellphones as POTS replacements, which is already pretty disingenuous.
    POTS evolved extensively over a hundred years or so, and incredible amounts of
    research and engineering (essentially, all the money that could be gouged by a
    regulated monopoly, except maybe the bits that went into research and
    development of such things as active semiconductor devices) went into making it
    reliable and predictable enough to *mostly* be an effective emergency system.
    But even POTS has limitations and pathological failure modes as an emergency
    system, as you would know if you had bothered to study the subject.

    VoIP is not POTS; it was not designed to be POTS; it has a different
    architecture and different failure modes; and anyone who believes that it is a
    plug-compatible replacement for POTS in any critical situation has drunk the
    kool-aid. VoIP is a different thing, and insisting that it act just like POTS
    is not only foolish, but retrogressive. The US FCC does not understand this,
    and apparently neither do you.

    If you want to rail about how the DRM-mongers are wrecking consumer PCs, go
    ahead. Just stop expecting things from consumer PCs that they are not capable
    doing, and leave the rest of the computers out of it. And perhaps you'll find
    that when you do that, most of your arguments evaporate.

    [ Reply to This | # ]

    Some Safety and Reliability Questions About DRM, by Victor Yodaiken
    Authored by: Anonymous on Thursday, January 12 2006 @ 09:08 PM EST
    The RIAA have had their day in the sun. Wait until the recording companies have
    their first class action suit. And not a simple one like the Sony annoyance
    suit. One because their unnecessary software brought down critical systems,
    such as medical or emergency systems, and some lives are lost. After they cough
    up a few Billion $$$, the downloading of some songs may not seem so bad.

    [ Reply to This | # ]

    Some Safety and Reliability Questions About DRM, by Victor Yodaiken
    Authored by: Anonymous on Thursday, January 12 2006 @ 10:56 PM EST
    After all of the discussions about this topic it is simple to say that we need
    to ensure that the DRM concept is not embedded into our electronics hardware.
    This is a particularly insideous issue that could cause far greater harm to
    everybody, even the people with the big money who run the media companies.
    Anybody who reads this comment can get further info from the One of the endangered devices, the basic 'D to
    A' converter, is being attacked by the media industry. The media industry has
    expressed that they'd like to see the electronic manufacturers include an
    'enhancement' that would shut down the D/A converter. Imagine what would happen
    to a simple answering machine with this embedded option. Anybody calling your
    home could control your ability to listen to the recordings simply by adding the
    proper coding to the message they put on you machine.

    DRM is 'BAD'.

    We really need to fight hardware DRM and keep the media industry straight by
    forcing them to stay away from our electronic devices. And we should stress that
    the media industry express DRM for what it really is meant for; licensing and
    control of their products. DRM has absolutely no value for security and should
    have never been expressed as such.
    The only purposes for DRM are to support greed and protect the power base of
    the currently strong media corporations. But of course this is just an

    [ Reply to This | # ]

    Sounds like FUD to me
    Authored by: Anonymous on Friday, January 13 2006 @ 03:27 AM EST
    I think that, as a group campaigning against the use of FUD, we must be sure
    that we don't use it ourselves.

    [ Reply to This | # ]

    Some Safety and Reliability Questions About DRM, by Victor Yodaiken
    Authored by: Anonymous on Friday, January 13 2006 @ 07:38 AM EST
    You may have security or convenience, but achieving both at the same time is
    extremely difficult.

    [ Reply to This | # ]

    Some Safety and Reliability Questions About DRM, by Victor Yodaiken
    Authored by: Anonymous on Friday, January 13 2006 @ 09:53 AM EST
    Number 2) alredy is a problem with some software licences.
    Specifically, some propriatary compilers require a license
    key that has the ethernet MAC as part of its ingredients.
    Change the card or MB and you are down until you can get
    a new license. That is fine if you have the time and are
    in a place where you can contact the vendor.

    [ Reply to This | # ]

    Isolated Networks
    Authored by: Anonymous on Friday, January 13 2006 @ 01:29 PM EST
    The issues with DRM extend well beyond the traditional Internet. Not all computers are connected to the Internet, or are connected at all times. If DRM "calls home" and will not allow access without Internet access, there will be problems for disconnected users (play that movie on your laptop on the plane, a multi-media system on a boat or car, a sensitive corporate or Government network, or even classified network). Some systems must be loaded from fresh media and must NEVER touch external networks (think nuclear power plant management networks). For many reasons, these systems may need to display/play multi-media content, both open and DRM restricted (think training materials). DRM must not impeade their operation in these environments (think about what a PITA Microsoft's authentication for XP is for these networks).

    I have been a fan of Open Source and Open Standards for a very long time. Users need to be able to freely and openly access their own and public content (think video from their camera). Public and Government documents must be freely open and accessible (think Mass.). Systems need to be freely interoperable (Linux, Mac, Solaris, Windows). DRM, especially at the hardware level, threatens ALL of this. The entry price point for software MUST be low for true public access to data (think $100US laptops) and DRM threatens this as well.

    A publisher DOES have the right to put controls on their content. However, their controls MUST NOT force a general purpose computer into a box where it can only operate in one mode of operation (Internet connected, hardware DRM, etc.). When that computer is not accessing the DRMed data, the computer should be freely usable without being impaired by installed DRM hardware or DRM software (think Sony Rootkit). Computers are, and must remain, general purpose systems.

    Modern computers are multitasking and now often run multiple operating systems at the same time (Xen, UML, VMWare, VirtualPC). DRM should not interfere with or preclude these operations (think DRM that forces you to be in the lowest level/base/ring0 O/S to access the media). DRM must not interfere with low-level capabilities like real-time kernels (think RealTime Linux).

    My 1C worth (after taxes)

    [ Reply to This | # ]

    Groklaw © Copyright 2003-2013 Pamela Jones.
    All trademarks and copyrights on this page are owned by their respective owners.
    Comments are owned by the individual posters.

    PJ's articles are licensed under a Creative Commons License. ( Details )