You know how I've been saying that we need to look beyond just Sony and focus instead on DRM? Here's why: take a look at this transcript of an online chat with Cary Sherman, President of the RIAA. He doesn't see what the fuss is about. Everyone protects CDs, he says. Sony said it was sorry for the security problem, so we should all just move on.
The entertainment industry's reaction to Sony's rootkit tells us we'd be wise to look more deeply into what they are doing with DRM. It clearly isn't just Sony.
Here's the part of the chat with Sherman about Sony and protecting copyrighted works:
Columbia University, Columbia Spectator: With fears of illegal file sharing throughout the music industry, many companies have taken measures into their own hands. Within the last two weeks, there has been a great deal of discussion about Sony BMG's rootkit program. Does the RIAA condone such actions on the part of individual companies to protect their profits?
Cary Sherman: There is nothing unusual about technology being used to protect intellectual property. You can't simply make an extra copy of a Microsoft operating system, or virtually any other commercially-released software program for that matter. Same with videogames. Movies, too, are protected. Why should CDs be any different?
The problem with the SonyBMG situation is that the technology they used contained a security vulnerability of which they were unaware. They have apologized for their mistake, ceased manufacture of CDs with that technology,and pulled CDs with that technology from store shelves. Seems very responsible to me. How many times that software applications created the same problem? Lots. I wonder whether they've taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?
One other thing to point out: The music industry has been more permissive about copying of its copyrighted product than virtually any other industry. How many burns are you allowed of a movie? None. How many of a videogame? None. You get the idea. Even the CDs with content protection allow consumers to burn 3 copies or so for personal use. The idea is not to inhibit personal use, but to allow personal use but discourage (not prevent, you can never prevent) copying well beyond personal use. . . .
U. of Houston: What future measures does the RIAA plan against music piracy? Is it going to be protected so no one can make a copy of cds?
Cary Sherman: You've got to distinguish between what RIAA does and what individual record companies do. RIAA will continue to protect intellectual property rights in court, etc. But only an individual record company can decide to use copy protection on a CD. Record companies have different policies on whether to use such technology, but I know of no record companies in the US that have sought to prevent the making of any copies at all. Everyone understands that consumers want to be able to listen to their music in their car, in the family room, at the beach, and that allowing them to do that is part of giving them a great music experience. So even when a CD is protected, it will almost certainly allow personal use copying.
To Sherman, the only problem with the rootkit was a "security vulnerability" that he alleges Sony didn't know about. I don't share his view that this is the only problem, since I don't appreciate being spied on nor do I find it acceptable that someone alters my computer without my agreement, but I think we can deduce from his words that such techniques, minus the "security vulnerability", are widespread.
First of all, this isn't comparable to malware that shows up from time to time affecting the Windows operating system. Here is the difference: Microsoft, one trusts, isn't writing the malware and deliberately putting it into its products. Sony did put the rootkit in its products.
Perhaps he is trying to create Sony's legal alibi, that it was First4 Internet's fault, but Sony's reaction to the rootkit's discovery belies that excuse. Remember the fatal words, that most people don't know what a rootkit is, so why should they care? Trust me, sir, we care.
Sherman says that you can't copy Microsoft's operating system, or virtually any other commercially-released software program. My answer to that is: that's what's the matter with them. It's one reason why I use the GNU/Linux operating system. You can copy Red Hat and SUSE and Mandriva to your heart's content, and they are still in business. They are commercially released software programs, so what he said isn't true. Microsoft's business model isn't the only one possible.
Sherman also thinks music companies are being very generous, by allowing three copies so you can go to the beach, have a copy in the family room, etc. But let me ask you something: How many times am I allowed to read a copyrighted book? That's right. There is no limit. I can take it with me to the beach, and I can take it into the family room, and I can read it in the bedroom, or on the bus on my way to work.
Now, you will say, yes, but that is not copying, and you'd be right. It's not, but it is all just me. I am not sharing the book or distributing it to anyone else. I just want to be able to read it anywhere.
It is the same with music. Because of technology, instead of hand-carrying that song or ebook around with you, you can make a personal copy for your iPod and leave one on the office computer and have a copy on your laptop. That's progress as far as convenience is concerned. Here's my question: What is the difference to the music industry or book publisher if I make those copies?
I could just carry my song with me, the original copy, and then duplicate exactly the book experience. But even if I make endless copies just for myself, has the music industry lost a penny?
The problem, if there is one, is distribution, not copying.
If a company limits the number of times I can listen to music, or how I can read a book, is it normal copyright law as we know it that they are enforcing? Is it normal anything? Doesn't the change in what tech now allows mandate a change in the law to make it possible for normal people to act like normal people?
Is it *copying* that should be regulated -- that's all computers do -- or should it be distribution? It's only the latter, so far as I can see, that does them any commercial harm, even if you agree with their premise that file-sharing hurts them. The conversation is about the way the world used to be; but everything has changed.
We've learned that Microsoft and others are designing DRM so that the copyright holder can choose whatever rights they wish. There is no built-in limit for them. For that matter, there is no fair use. What happened to that part of copyright law? Why don't these copyright holders have to abide by that part of the law? They have structured the conversation as piracy, with all the emphasis on their alleged losses. But they are not alone in losing. We are losing too. We are losing a normal cultural life, a normal human life. And we are losing fair use.
Here's the experience of a man who bought an ebook only to discover that the author allowed you to make only one copy a year. No doubt the author thought he was being very generous, since he doesn't have to allow you to make any copies, subject only to fair use. But notice how this bargain played out in real life:
I figured I’d print out a chunk of it 4 pages to a sheet and read it walking in from the parking lot and at lunch, etc. because I was enjoying the content. I did the math and figured if I did 6 per sheet instead, I’d just get a whole copy and be done with it. So, I hit print and headed to my office to see the printout. Turned out too small for even me to be comfortable with, so I hit cancel to avoid wasting toner and paper. I went back to print it at 4 per instead and discovered one of the wonderful “features” of the DRM that the author decided to use. Apparently, he chose to “allow” printing of the book once per year. You read right. And, the 12 pages that made it out of my printer counted as my once. On every machine I ever want to use the file on.
After all of that, I figured I’d just download another copy to my workstation on the client site for reading during lunch and work with what I had. I worked the morning away and made it to lunch, when I logged into Amazon to do the whole download dance again. As I hadn’t modified my Acrobat installation on that machine, I just launched it. It started up and started trying to verify the rights and then promptly died. It couldn’t see the servers. Apparently, this “consumer friendly” DRM uses the LDAP ports to verify rather than the web port 80. Given the literally thousands of corporate firewalls that only allow ports 80 and 443 as outbound traffic, this pretty much meant that the file was useless there too.
I tried a couple of different ways to see if I could easily route the traffic, etc. to no avail and wasted my entire lunch hour. When I got home, I looked for a way to break it open (never even crossed my mind until it slapped me over and over), but generally don’t like downloading cracking tools and abandoned that quickly. I tried printing to postscript, etc. as well as a last ditch resort. Thought I might save a copy of the PDF itself and transfer that, but the DRM kicks in again. I quit once I’d put about $150 worth of my billable time into it and figured I’d just read what I had and vow never to buy another one of these things again.
The net result is that I paid a dollar amount that most ebook publishers would be thrilled with: $9 for a digital copy of a book. I was OK with it. I barely even hesitated. I wanted the immediate delivery. I then tried to do EXACTLY what I do with every single print book I buy: read it while walking in from the parking lot, at lunch, etc. I never tried to give it to anyone else. I never “shared” it or distributed it in any way. Yet, the DRM so got in my way that I’ve moved from being the ideal ebook customer to never going anywhere near any ebook that uses anything similar ever again.
DRM sounds fine to the moguls because they aren't thinking of us as humans, only as criminals.
The part Sherman and his ilk can't understand is that while we are happy to pay for things we want, once we buy them, we want to own them, and like a book I buy I want to be able to do whatever is convenient with it myself, and I want to be able to loan it to my best friend if I really like the book, and I want to be able to quote a chunk of it on my blog to encourage others to buy it or just to share a thought worth sharing. Don't tell me tech can't devise a way to enable and enforce all of these things. I also might decide to try to become a writer, and just like writers have always done, I might at the beginning try to learn by copying the style of the author I admire, and I don't want to have to worry about infringing his "methods and concepts" by trying to learn that way.
That's normal. It's what normal people have always done with culture. And until the RIAA understands that, they are not going to be able to provide us with what we want, because no knowledgeable person will accept DRM as they offer it, and the result will be that their sales will continue to decline. Thanks to Sony, there are now millions of people who just got knowledgeable about DRM overnight.
There is no "great music experience" with DRM. That is the bottom line, and so their sales will keep shrinking, though they will probably never understand why. I love music. I used to buy a lot of it. I'm very happy to pay for artistic work. But I will never in my lifetime pay for DRM'd anything.