[A2k] Shuttleworth, Note to content owners: DRM doesn’t work

[Soenke Zehle]

<http://www.markshuttleworth.com/>
Note to content owners: DRM doesn’t work
April 7th, 2007

There are some ideas that are broken, but attractive enough to some
people that they are doomed to be tried again and again.

DRM is one of them.

I was thrilled to see recently that the processing key for *all* HD
discs produced to date has been discovered and published. I expect this
to lead to the complete unraveling of the Blu-Ray and HD-DVD content
protection schemes before even 1% of the potential market for those
players has been reached. Good news indeed, because it may inspire the
people who setup such schemes to reconsider.

We’ve been here before. The DVD-CSS encryption system was cracked very
quickly - stylishly and legally so. Content owners - Hollywood Inc -
were outraged and pursued anybody who even referred to the free software
which could perform the trivial decryption process. They used the DMCA
as a way to extend the laws of copyright well beyond their original
intent. They behaved like a deer in the headlights - blinded by the
perceived oncoming doom of a world where their content flows quickly and
efficiently, unable to see potential routes to safety while those
headlights approach. Their market was changing, facing new opportunities
and new threats, and they wanted to slow down the pace of change.
Content owners think that DRM can slow down the natural evolution of a
marketplace.

In the case of movies, a big driver of DRM adoption was the
unwillingness of the industry to get out of the analog era. Movies are
typically distributed to theaters on celluloid film, great big reels of
it. It costs a lot to print and distribute those films to the cinemas
who will display it. So the realities of real-world distribution have
come to define the release strategy of most movies. Companies print a
certain number of films, and ship those to cinemas in a few countries.
When the movie run is finished there, those same films are shipped to
new countries. This is why a movie is typically released at different
times in different countries. It’s purely a physical constraint on the
logistics of moving chunks of celluloid, and has no place in today’s era
of instant, global, digital distribution.

Of course, when DVD’s came along, content owners did not want people to
buy the DVD in the USA, then ship that to Australia before the film was
showing in cinemas there. Hence the brain damage that we call region
encoding - the content owners designed DVD-CSS so that it was not only
encrypted, but contained a region marker that is supposed to prevent it
from being played anywhere other than the market for which it was
released. If you live outside the US, and have ever tried to buy a
small-run por^W documentary movie from the US you’ll know what I mean by
brain damage: it doesn’t play outside the US, and the demand in your
region is not sufficient to justify a print run in your region-coding,
so sorry for you.

The truth is that survival in any market depends on your ability to keep
up with what is possible. The movie owners need to push hard for global
digital distribution - that will let them get movies out on cinema
globally on the same day (modulo translation), the same way that you and
I can see everything on YouTube the day it is uploaded.

The truth is also that, as the landscape changes, different business
models come and go in their viability. Those folks who try to impose
analog rules on digital content will find themselves on the wrong side
of the tidal wave. Sorry for you. It’s necessary to innovate (again,
sometimes!) and stay ahead of the curve, perhaps even being willing to
cannibalize your own existing business - though to be honest
cannibalizing someone else’s is so much more appealing.

Right now the content owners need to be thinking about how they turn
this networked world to their advantage, not fight the tide, and also
how to restructure the costs inherent in their own businesses to make
them more in line with the sorts of revenues that are possible in a
totally digital world.

Here are some reality bites:

* Any DRM that involves offline key storage will be broken. It
doesn’t matter if that key is mostly stored on protected hardware,
either, because sooner or later one of those gets broken too. And if you
want your content to be viewable on most PC’s you will have software
viewers. They get broken even faster. So, even if you try to protect
every single analog pathway (my favourite is the push for encrypted
channels between the hifi and the speakers!) someone, somewhere will get
raw access to your content. All you are doing is driving up the cost of
your infrastructure - I wonder what the cost of all the crypto
associated with HD DVD/BluRay is, when you factor in the complexity, the
design, and the incremental cost of IP, hardware and software for every
single HD-capable device out there.

* The alternative to offline key storage is streaming-only access,
and that is equally unprotectable. The classic streaming system, TV
broadcast, was hacked when the VCR came out, and that was blessed as
fair use. Today we see one of the digital satellite radio companies
(Sirius or XM, I think) being sued by content owners for their support
of a device which records their CD-quality broadcasts to MP3 players.
Web content streaming services that don’t allow you to save the content
locally are a very useless form of protection, easily and regularly
subverted. And of course not everyone wants to be online when they are
watching your content.

* It only takes one crack. For any given piece of content, all it
takes is one unprotected copy, and you have to assume that anyone who
wants it will get it. Whether it is software off a warez site, or music
from an MP3 download service in Russia, or a file sharing system, you
cannot plug all the holes. Face it, people either want to pay you for
your content, or they don’t, and your best strategy is to make it as
easy as possible for people who want to comply with the law to do so.
That does not translate into suing grannies and schoolkids, it
translates into effective delivery systems that allow everyone to do the
right thing, easily.

* Someone will find a business model that doesn’t depend on the old
way of thinking, and if it is not you, then they will eat you alive. You
will probably sue them, but this will be nothing but a defensive action
as the industry reforms around their new business model, without you.
And by the industry I don’t mean your competitors - they will likely be
in the same hole - but your suppliers and your customers. The
distributors of content are the ones at risk here, not the creators or
the consumers.

The music industry’s fear of Napster led them down the DRM rabbit-hole.
Microsoft, Apple, SONY and others all developed DRM systems and pitched
those to the music industry as a “sane ” approach to online music
distribution. It was a nice pitch: “All the distribution benefits of
download, all the economic benefits of vinyl”, in a nutshell.

Of these contenders, SONY was clearly ruled out because they are a
content owner and there’s no way the rest of the industry would pay a
technology tax to a competitor (much as Nokia’s Symbian never gained
much traction with the other biggies, because it was too tied to Nokia).
Microsoft was a non-starter, because they are too obviously powerful and
the music industry could see a hostile takeover coming a mile away. But
cute, cuddly Apple wouldn’t harm anyone! So iTunes and AAC were roundly
and widely embraced, and Apple succeeded in turning the distribution and
playing of legal digital music into a virtual monopoly. Apple played a
masterful game, and took full advantage of the music industry’s fear.

The joyful irony in this of course is Steve Jobs recent call for the
music industry to adopt DRM-free distribution, giving Apple the moral
high ground. Very, very nicely played indeed!

A few years back I was in Davos, at the World Economic Forum. It was
perhaps 2002 or 2003, a few years after the dot-com bust. It was the
early days of the iPaq, everyone at the conference had been loaned one.
I remember clearly sitting in on a session that was more or less a CEO
confessional, a sort of absolution-by-admission-of-stupidity gig. One by
one, some well known figures stood up and told horror stories about how
they’d let the inmates run the asylum, and allowed twenty-something year
olds to tell them how to spend their shareholder capital on dot-com
projects. This was really interesting to me, as I’d spent the dot-com
period telling big companies NOT to over-invest, and to focus on
improving their relationships with existing customers and partners using
the net, not taking over the world overnight.

But the real kicker came at the very end, when the head of SONY USA,
also responsible for its music division, Sir Stringer, stood up to make
his peace. He gloated on at length about how SONY had NOT invested in
the dot-com, and thus how he felt he must be the only person in the room
who had not been taken in by the kids. It was a very funny, very witty
speech that earned a round of applause and laughter. I was left
wondering whether he had any clue whatsoever how many songs would fit on
the iPaq in his pocket, or how long it would take to download them. I
suspected not. Of all the CEO’s who had spoken that day, I thought he
was the one most likely to be hit hard, and soon, by the digital train.

Sir Stringer is now CEO of SONY worldwide. Funny, then, that the SONY
PS3 should have been delayed so that work could be completed on its DRM
system.

Some bad ideas are just too attractive to die, once and for all.