I have an idea Ernest. How about we prove that dead bolts work. Make it legal for people to break locks and enter other people's homes. Would you like that? The result won't be that people get to use each other's homes. It will be that a lot of people get shot.

Perhaps what you're advocating is that copyright holders "shoot" at those who would skirt their DRM. Meaning, yeah, you could crack it, but would you want to be the unfortunate soul who cracked software that would write a few random bytes over files on your hard drive if it detected it had been cracked? Or, in a twist of irony, posted your credit card number and pharmaceutical doses to the file sharing networks? It wouldn't happen to everyone of course, just enough to instill fear into the populace.

I would rather have laws which establish mutual respect between creative people and the consumers of their work, even though I am sure I could make a ton of money selling copyright shotguns. What kind of world would you prefer Ernest?

P.S. You still fail to see or acknowledge the distinction between connectivity and flow. If you make bad behavior a little more difficult and keep good behavior affordable, you can cut down on a lot of bad behavior or even marginalize it to malcontents with an axe to grind.

Geez, Brad, do I have to explain this again. Physical locks and digital locks have quite different characteristics. If they didn't, then we could just have one set of laws and everything would be hunky-dory. Just as the fact that copyrighted works can be cheaply and easily copied means that we have different rules and purposes for copyright law than standard property law. They are related, yes, but they are also different in non-trivial ways. So, I'm terribly sorry if I don't see your physical example as particularly relevant.

In any case, you sort of miss the point of my argument. You see, no one goes around claiming that physical locks stop burglary. Everyone recognizes that it isn't the lock that does the work, but the law. Any reasonably competent crook can bypass most security systems. If they don't it is because of law, not the physical aspects of the lock. Yes, the analogy isn't entirely perfect, there are differential values, stronger locks on my car send the thief to cars with less strong locks, yadda yadda. But see my first paragraph above.

As for your self-help arguments, again that doesn't make a whole lot of sense. We generally don't let people kill people who break locks. Set up a death trap in your home to kill intruders and when you are found out, you will go to jail. Same thing for DRM. Put a virus on my system for violating DRM? You're going to jail. So, I really don't see that as a valid option.

As far as laws of mutual respect, we had them, until the balance got all thrown out of whack with the DMCA and copyright that lasts 7 decades beyond the death of the author.

PS You still fail to see or acknowledge that I am well aware of the distinction between connectivity and flow. I was thinking in terms of connectivity and flow for copyright long before you were. The carrot/stick approach is one I've talked about for a long, long time. You also fail to acknowledge that DRM makes a lousy stick, as I've explained in the response I called "In Response to Brad Hutchings."

I don't even know why I bother posting here. For those (uhum, Ernest) challenged by subtlety... Here is the analogy:

Dead bolts -- think of as DRM. These are both hurdles to entry, though not infallible. They also serve as a statement of "this belongs to someone". Respect the lock, respect the DRM, everyone is cool.

Laws against burglary -- think of as DMCA. These are a legal recognition that the locks are valid things to have in place. One good reason to have these laws is to relieve the owner of property or creator of copyrighted works from having to physically defend the property or works.

I'll share something with you about this intellectual property, real property dichotomy. I once caught two teenagers who had broken into my garage. The kids ran off before the cops arrived. Repairs to my garage door were over $1000. At the time I caught them, they were attempting to break into my house from the garage. I have had a few instances where people have purposely misappropriated my software. The sense of violation is pretty similar. DRM plays a strong role in keeping these incidents fairly rare, just as the double lock on my house/garage door probably kept them out of the house for a extra few minutes until I returned home.

P.S. I'm not talking about flow/connectivity of "copyright" (whatever the hell that means). I'm talking about effective availability of cracked media on darknets. Derek Slater pointed me to a paper that explicitly makes my point for small darknets. Hey, without re-reading my response to your "In Response to Brad Hutchings" post, can you even give a semi-graph-theoretic distinction between connectivity and flow? Curious...

OK, here's my quiz question for Ernest, a one sentence answer to which would convince me that he gets the graph-theoretic concepts of connectivity and flow and can apply these concepts in social contexts. Ernest, you have to do this off the top of your head, no consulting David Weinberger.

Here's the question:

Why did/do SixDegrees.com, Friendster, Orkut, etc. suck?

This only takes one sentence to answer the question and prove that you get the concepts of connectivity and flow.

Gosh Brad, let me see, physical locks are similar to DRM. Gee, I ... I .. I never saw it before, I never noticed the similarity.

Here is why your garage door analogy doesn't really work. How effective would your locks be if you sold copies of your garage door to anyone who wanted one? How long do you think it would take for thieves to break through your locks? And how long, then, would it take for them to copy everything worth stealing in your house and make it available at flea market and give away copy after copy after copy?

Kind of hard to picture this flea market, huh? That is because the analogy with physical goods is seriously flawed. What would our world be like if we had replicators for physical goods and sold copies of our doors to anyone who wanted one? Would people use dead bolts in such a world? I doubt it, but who the heck knows what such a world would look like.

PS The fact that you don't see the connection between my theories of copyright, which are based on the right of distribution (as opposed to the reproduction right, which only came into being in the Copyright Act of 1909) shows how little you understand what I'm talking about. Of course, if you have less connectivity you decrease flow. Duh. But, as I pointed out in my response to you, the connectivity inhibited by DRM is not a particularly important element given the flow that exists. So, yes, if we were able to create a world of very small darknets, then, yes, DRM might have some relevance. But, given that we don't have a world of small darknets, and creating one would have many, many costs, then, no, it doesn't make sense to spend so many legal resources defending DRM when, in fact, DRM acts more as a barrier to entry and anti-competitive function than as an anti-piracy function.

PPS With regard to social software and why they suck? I'm not going to play your game, because I wouldn't even know where to begin with why they suck. They suck on so many levels I still don't understand what all the buzz is about.

Of course, if you have less connectivity you decrease flow.

Yep, this misunderstanding of the concept probably explains why your views on DRM do not jibe with reality. It's OK for you to consult David Weinberger (point "Third") for the answer to the social networking question. That may yield some insight about why flow is different from connectivity, and in distribution networks (just like social networks), flow is what it's all about.

I apologize for using the term loosely. It depends on how you define flow. I was using the term in a particular way relating to the overall efficiency of getting information from point A to point C. The fewer connections in a network, the more steps any particular bit of information has to use in order to get from point A to point C, for example through point B, D, E, and F. So, overall, it is more difficult to get information. The more connections, then the easier it is to get from A to C, through a single point B, for example. In the first example, I would say there is less flow of information. In the second example, with more connectivity, there is more flow, using my definition.

Now, if you want to explain precisely what you mean by the terms so we can have a proper debate, then, by all means, do so. Until then, your snarky arguments that I don't understand a thing are meaningless as we aren't even using the same vocabulary.

Obviously (to some), comparisons of DRM with physical locks is akin to staking a claim upon particular water molecules. A concept that Blefuscudians would be proud of.

However, that is not where the argument truly lies.

Rather than attempt to dissuade fools from their infatuation with DRM, we should rather be preparing our arguments to convince wise musicians to release their music under a Creative Commons license.

Let the anally retentive DRM fanatics hoard their illusory IP. Let them alienate their audiences. But, how would you evangelise the idea that the remaining enlightened artists should release their work unencumbered?

Irrespective of whether DRM works or not, what are the merits of the alternative?

Ernest,

Why is it that on a Friday afternoon, it typically takes 2 to 2.5 hours to get from South Orange County, CA (where I live) to the San Fernando Valley, when it might take an hour on a Saturday afternoon?

One word answer: "flow". There are all sorts of connections... I could take the 405 or the 5 all the way up, or swing out toward Pasadena on the 605 and take the 210 west. So, you see, connectivity and flow are, past the point of triviality, quite independent concepts in weighted, directed graphs (that's a graph theory term). Does that make sense to you?

So, if you're traveling from South Orange County to San Fernando Valley on a Saturday, and the 405 and 5 are blocked, leaving you only the 605 and 210, it'll still take an hour to get to the San Fernando Valley because flow and connections are entirely independent?

Past the point of triviality, Ernest... That is the key here. Um, the 605/210 route is only for earthquakes, riots, and to catch USC kicking someone's @$$ in the Rose Bowl maybe once or twice a year.

OK, I'll assume your with me at this point... that, for example, just being 3 or 4 degrees from John Kerry doesn't mean that you can leverage that connection to have a really dull and boring lunch (or being a female 3 or 4 degrees from Bill Clinton doesn't mean you could be the next Monica Lewinsky).

We need to turn this concept on its head. Consider, how is it possible that with the mighty Colorado river, the most amazing dams in the world, and aquaducts and pipes leading to every home in Nevada, Arizona, and SoCal... Why worry about the snowpack in the Rockies each year?

You are getting closer to understanding why DRM is effective grasshopper.

Well, the snowpack is finite, physical resource. Copies aren't.

You are such a one-dimensional thinker. Of course, you are correct in your differentiation of snowpack and copies. But guess what? That's not the point.

Another example that can be modeled as a relevant graph theory problem similar to the DRM issue...

Let's say you're going on a neighborhood scavenger hunt (darknet where you have to visit a node to query it). Are you more likely to find a bicentennial quarter or a penny with "One cent" on the back?

Yeah, that's me, the one-dimensional wonder. It would be nice if you would stop throwing out zen koans and actually make an argument and show how your examples are relevant.

I still haven't seen anything like a proof that content protection schemes can never work. Other than vague theorizing on blogs such as this one. If there is a more rigorous demonstration of this theorem, please cite to it.

I can provide you with plenty of empirical proof (every single major media DRM released). I can provide you with the logic of security experts like Schneier. If that doesn't satisfy you, nothing will.

OK -- provide away. Give me some cites.

Here's a few:

CSS - DeCSS. SDMI - Ed Felten's Team. iTunes - PlayFair. WMF - Various. RealPlayer - Streambox VCR. XBox - Various Chip Companies, harddrive hack. PS2 - Various Chip Companies. SunnComm - Shift key. Macrovision - Various "picture enhancers."

Well, that's just a list, not an analysis. But I'll take what I can get. The major problem with your list is that there is no weighing of the costs and benefits. If a gazillion supercomputers operating in parallel are needed to crack the system, it goes on your list. The theorem you need to prove is not "There is no content protection scheme that cannot be broken, assuming infinite resources and time." It's "There is no content protection scheme that withstands attacks with frequency X for time period T, where X is the percentage of successful attacks sufficient to cause harm Y over time period T, where Y exceeds the value imparted by the use of the content protection scheme during time period T." A mere list doesn't even begin to prove this thesis. Can you cite to anything else? After all, I thought this was obvious.

Well, my, my. Ain't we the serious one demanding all sorts or rigorous study and all? Afraid to use a real name, but brave enough to take potshots from behand a veil of anonymity and make all sorts of demands.

Oh, and aren't you cute? Listing little letters and showing off your algebra skills?

You forgot something, you know. Y = harm ... but you don't bother to define what constitutes harm. Actually, you don't even bother to give a letter, such as V for value or DRM, which you also don't define. What is the value of DRM? What do you count, and please, be precise.

After all, I've never said that DRM is valueless. I've simply said it doesn't have much value for defeating piracy. DRM (backed by laws, such as the DMCA) has plenty of value for inhibiting competition and raising barriers to entry. I've never denied it.

So, if you really want some answers to your questions, instead of acting the part of a cowardly, snarky commentator, why don't you cite a bit more of what you believe. After all, I thought you wanted serious debate instead of the un-earned feeling of superiority that encourages you to continue posting.

I seem to have hit a nerve. If you don't have an answer, that's fine; no one is an expert in everything, and it's perfectly acceptable to state one's opinion on a blog and not be able to cite research or spell out a rigorous argument to support it. But my suggestion in that case would be to avoid statements such as "The logic is pretty simple and compelling. Yet, there remain people who insist that DRM still works." This makes it sound like you believe people who take the other side are not just mistaken but irrational.

I don't think it's legitimate to ask me to define the terms that I spelled out, when that was an attempt to construct what I believe must be *your* argument, not mine. I'll short-circuit further debate on this by stating up front that I don't have an argument that "There *is* (or will be) a content protection scheme that can withstand attacks with frequency X for time period T, where X is the percentage of successful attacks sufficient to cause harm Y over time period T, where Y exceeds the value imparted by the use of the content protection scheme during time period T." I suppose time will tell. I'm just skeptical that there's a rigorous argument for the opposite conclusion, such that it is irrational to maintain otherwise. We can get into a more specific attempt to define the terms of the argument if you'd like, but given your characterization of my off-the-cuff effort above I'm not sure that interests you.

As for my pseudonymity, I fail to see why this should bother you. I'm not using it to harm you or your blog. One of the major achievements of the Enlightenment was the development of the principle that it is the quality of the argument that is supposed to matter, not the identity of the speaker. As far as I can tell, my identity is completely irrelevant to this discussion. Why do you believe otherwise?

You've hit a nerve by not making it clear exactly what you want me to answer then snarkily complaining when I don't answer it. Throwing out pseudo-algebraic formula to seem as if you have some serious logic is a snarky response.

It is particular snarky when you try sneak in undefined terms that you haven't even given a letter. After all, if I am to show that "Y" is greater than something (Y > ?) and you neither name "?" nor define how it is to be measured, then it is rather difficult to make an argument, now isn't it? It pissed me off that you complain about my logic, but leave such glaring flaws in your own.

As for logic, we have proofs that certain cryptographic techniques (such as one-time pads) are theoretically unbreakable when used properly. No such proofs for DRM exist. Indeed, how can they, when you give the enemy the cryptotext, algorithm and key all in a near little package. It is only a function of some time, T, when they will break it. Now you may claim that there is some DRM system "X" (which has yet to be found) where time "T" is some length such that "X" is valuable for something. What that something is, we don't know, since you won't define it, so it sort of hard to understand why we should care about "X".

Which brings me to my second point, you are shifting the burden of proof. If there were such a DRM "X" that it could survive a time "T" that was valuable for some reason, then we would have no need for the DMCA, now would we? Obviously, if the DRM was technially sufficient, then there would be no need to make it illegal to crack it or distribute cracks. We might as well pass a law making it illegal for Spider-man to engage in vigilantism. That is the point of my argument. The very existence of the DMCA is an admission that DRM is not sufficient on a technical level. It doesn't "work."

I offer a means of empirical proof, however. Get rid of the law. If DRM is technically sufficient, as you claim, then the absence of the law will make no difference. If the logic of your position is flawless, then the means of empirical proof is readily at hand for you.

It is true that is the quality of argument that should be relevant. The problem is that pseudonymity allows one to use poor logic, hide it behind rhetorical tricks and not have to be accountable for it. Identity creates accountability. You choose not to be held accountable for your arguments.

Dude. What-EVer.

Indeed.

Rolo... If you're ever in SoCal, drop me an e-mail and let's have lunch. Ernest seems a bit, um, right-brained and his reaction seemed like that of someone who isn't comfortable a lot of variables. Coincidentally, he doesn't like pseudonyms either ;-). And if you scroll down the blog a bit, he doesn't even seem to like people he doesn't know (of), so using your name might not lend much credibility to your argument. But that doesn't mean he's not a smart guy.

What was conspicuosly missing from this exchange was what I think is the key value of DRM in protecting software or content. That value is psychological. The lock says to the user that the rights owner would prefer that they not share with a million of their closest friends. Honest, reasonable people will respect the lock. Reasonable developers and content distributors will try to offer reasonable terms of use in contracts and reasonable enforcement via DRM. The dishonest and unreasonable will take refuge in some of the rhetoric of the copyfight to justify their own illegal and unethical behavior.

Brad,

I've never argued that DRM should be illegal. I say, let companies use DRM if they so choose. What I disagree with is the DMCA, a law that makes cracking DRM and providing DRM cracks illegal.

Now, if it was DRM that was keeping people honest, then there would be no need for a law to back up the DRM, since the DRM itself would keep people honest. Yet, we have a law.

This means, that what is keeping people honest is not the specific technology, but the law. The value of DRM lies not in the technological sophistication of the device, but in the law that backs it up.

The average consumer (or script kiddie for that matter) is not going to be able to crack a slightly sophisticated Vigenere Cipher. Heck, they probably don't stand a chance against a non-standard codec.

That's all I'm saying. DRM will inevitably be cracked. What value it does provide comes from the law that backs it up, not the specific technology. If I'm wrong and it is the technology that does the work, then let's get rid of the law.

The problem with the lock analogy is that, sometimes, honest, reasonable people want to do perfectly legal salutory things, like make fair use of a work, which the lock does not permit. Perhaps fair use isn't important, or the people who want to make fair use of a work are not honest nor reasonable, and we should get rid of fair use. Call me right-brained if you will (btw, I went to Don Bosco Technical Institute for high school, where I spent half of each day learning electronics and computer programming in assembly, was a cryptographic repair tech in the Marine Corps, received a BS from the engineering Academy, aka USNA, earned my Engineering Officer of the Watch qualification as Electrical Officer aboard the USS Bunker Hill, and served as an engineering training officer for 7th Fleet ... all very right-brained tasks, of course), but I believe that some people want to make fair use of works and that the majority of those people are honest and reasonable. Your opinion may differ.

If, as I think, fair use is an important limitation on copyright that exists for purposes of free speech, then the ability to make fair use of a work is something the law should support, not inhibit.

Again, if a company wants to use DRM and make fair use difficult, fine. However, I am arguing that it should not be the law that makes fair use difficult, if not impossible.

Using DRM circumvention tools - which don't remove the ID that will make it possible for the copyright holder to trace the file back to you - is unethical?

Why hasn't Apple gone after the US based ISP (http://www.ctyme.com/hosting/) which is hosting hymn?

Why hasn't Apple terminated the iTMS accounts of people who have admitted on their blogs that they've used hymn?

Why isn't Apple enforcing the iTMS Terms of Service? "It's a contract" the DRM zealots keep saying.

http://www.eff.org/deeplinks/archives/001673.php

It's those who support theft of Fair Use rights that are dishonest and unreasonable.

Brad, you're right that I was ignoring the "psychological" value of DRMs (I'm going to break down and use this acronym, although we're talking about more than what are traditionally labelled "DRMs" here) in my posts. That was intentional. I don't deny that DRMs can serve a useful signifying function -- akin to a fence with a gate surrounding your property. In fact, Ernest agrees with you that DRMs may have that effect -- it's just that he believes that that will be the *only* effect, apart from whatever additional deterrence the DMCA anticircumvention provisions add. But I also believe, contra Ernest and possibly you also, that DRMs may also serve as a tangible impediment to the unauthorized redistribution of content. That was what I was trying to get at when I rephrased the question I think Ernest and others need to answer, and used variables to do so, not realizing that that would throw Ernest into a tizzy.

The idea is that, even if someone somewhere manages to figure out a way around a given content protection system, and exposes some of the content it protects, even given the increased speed and efficiency of transmission of information over the Internet, if such breaks are isolated in nature, the system will still prevent enough escape of content to serve its purpose (putting aside for a moment the "psychological effect" and the deterrence effect of the DMCA).

To spell out the key notion in more detail (and without using variables so as to not inflame the local populace), there is for every content protection scheme and every set of content a threshold frequency of circumventions among the population of likely users such that when that threshold is surpassed, the amount of harm from the unauthorized access will exceed the amount of benefit from controlled, protected distribution. I refer to a "threshold frequency" of circumventions in order to build in the notion that the ease of distribution of a hack matters significantly to the final analysis. For example, a hack that requires use of a solder iron will necessarily be limited in scope to a determined few. That is, assuming a large population of users, the hack will be low frequency. However, a hack that can be turned into a downloadable executable software utility will have a much larger frequency. A hack that is incorporated into a hardware or software device that is sold on the open market by a corporate manufacturer will have an even larger frequency.

The "threshold" frequency will depend on the content that is being protected. For nuclear secrets, the threshold frequency is extremely low. Even a single successful hack could produce humongous harm that would overwhelm the benefits from wider circulation. Those benefits would be convenience for researchers, perhaps, or similar such advantages, but those benefits obviously pale next to the possibility of a foreign non-nuclear power obtaining the content in question.

However, the "threshold" frequency for entertainment content that depends only on a large enough base of paying customers to support it (i.e., the market value of such content in various forms) is somewhat larger. A single leak will not have the devastating consequences to the system that a leak of nuclear secrets would have. Of course, I imagine Ernest and his cohorts would argue that even a single hack means that the content being protected will nearly instantaneously distributed worldwide in digital form. But if there are sufficiently few sources for such copies, those who distribute them are undertaking an enormous risk, and that will deter some of them. As long as the threshold is not reached (and as long as the threshold is greater than a single compromise over an infinite number of users), those few who are impervious to such threats will not likely surmount the efficacy of existing legal sanctions, combined with the expedited procedures adopted in the DMCA and elsewhere. It is important to remember that in the pre-digital world, there has always been illegal copying, but that copying has by and large not so damaged the market for the content, so long as there were factors in place that limited its extent (such as the difficulty of making and selling physical copies).

For entertainment content, in determining the threshold frequency, it should be recalled that such content is both continually being updated, such that a hack today, if stopped or repaired, will not affect the market for new content tomorrow; and that such content decreases in value over time, such that a hack of older content is less harmful to the overall system than a hack that exposes just-released content. Both of these limit the harm that a single hack of a system protecting entertainment content would have.

Of course, this entire discussion is premised on the notion that there are (and will be) no content protection schemes that are not broken months after hitting the market, an assumption I'm not sure is reasonable but which I'm making for the purposes of discussion.

Rolo,

This is what I don't get about your argument. You keep insisting that DRM (i.e., the technology) is important, when it is in effect, the law that makes your system work.

What I disagree with you is that DRM provides any significant deterrent effect absent the DMCA. If it were legal to produce devices with cracks in them, if you could take your Xbox to the local EB Games and get it mod-chipped (no reason for you to touch the soldering iron yourself), if 3-2-1 XCopy could be purchased in every Fry's and Circuit City, I seriously doubt that breaks would be isolated.

That the breaks are at all isolated today is not due to the technology of DRM, but due to the law.

The frequency of circumvention, as you put it, is largely determined by the law and not the technology. Absent the law, the technology doesn't really make a difference. Now, you can argue that there are all sorts of neat, updateable DRM technologies that are BOBE resistant and would function to some extent absent the law, but there is only one way to prove that. Get rid of the law. That was the whole point of the original post. Prove me wrong. Get rid of the law, and we will see how strong these technologies are. Actually, you don't even have to get rid of the law. Just have the developer of the particular DRM technology declare that they are so confident in the technology that they will not enforce the DMCA with regard to that technology.

With regard to entertainment technologies, I would argue that the threshold frequency is close enough to 1 that DRM doesn't really matter. What keeps people from pirating materials today is not DRM, but the inconvenience of searching for and downloading content via the filesharing networks. Every single bit of popular content (music, video, movies) is available on the filesharing networks despite DRM. If people aren't downloading it, it is because they chose not to for a variety of reasons, not because of DRM. Heck, most movies (and much music) are out on the internet long before they are readily available to consumers.

Well, you're making one of two arguments here. One possibility is the argument that DRM schemes have no tangible effect on illegal redistribution, except for whatever cover the DMCA provides. This is the argument I address above. As you say, we disagree. I'm not sure what there is not to get about this. We simply disagree.

The second possibility is that you admit that DRM has some effect on illegal redistribution, in which case we don't disagree (except perhaps as to the degree). But you are claiming that because the law plays some role in deterrence, DRM schemes are superfluous. This strikes me as an extremely weak argument. Let's translate this into the physical world for a moment. Let's say someone was arguing that locks serve no purpose. "Sure they do," I say, "they prevent people from entering buildings." "Ah," you say, "that's not true. Social norms prohibiting trespass prevent that; breaking and entering laws take care of the rest. Locks do nothing. There has never been a lock that can't be picked." "I admit laws play a deterrent role," I say, "and I admit there are people who can pick locks. But there are some people who can't pick all the locks they'd like to, who aren't deterred by legal sanctions, and locks keep them from going where they aren't supposed to." "Prove it," you say, "repeal all laws against breaking and entering."

Your argument is as bad as this one. The fact that the DMCA may play some deterrent role doesn't *by itself* mean that DRM plays no role. If you retreat to the position that all DRM schemes are inherently weak due to some heretofore undiscovered law of physics, then we're back to square one and I'll go back to my argument about frequency of hacks.

So, with regard to argument number one, DRM breaks would still be isolated in the absence of the DMCA because ... ? Give me one example of successful DRM for major media. After all, if such technology existed, one would suppose it would already be in common use.

As for argument number two, again with the physical world analogies. The digital world is not the physical world. If it were, there would be no need for copyright law, no need for the DMCA, no need for these debates, period. Existing law would translate neatly over to the world of IP and that would be the end of the discussion.

Let's try to shift the analogy a bit, shall we? The purpose of the lock is to keep people from getting something valuable inside the building. First, once one lock-breaker (or a small number) have broken into the building, they have enough information to start making additional keys. So, if you don't have the talent to pick the lock yourself, you can generally go to the locksmith and get a duplicate key. However, something this is frequently even easier is that right next door to the building you are protecting with locks is a huge warehouse that has copies of everything valuable you are trying to protect and it is completely unlocked. So, even if any particular thief can't get into the building you are protecting, they can still get into the warehouse next door and take what they want. The lock has accomplished what, exactly, with regard to protecting the valuable items?

Now, if the warehouse is unattractive to thieves it is unattractive for reasons that have nothing to do with the lock on the building next door. For example, the warehouse may be disorganized, or items frequently mislabeled, etc. Nevertheless, I fail to see the connection to the lock next door. If anything, the lock increases the desirability of getting things from the warehouse. One of the reasons for this is that the lock next door doesn't merely prevent trespass, it also prevents use of a public easement called "fair use."

Another problem with your analogy to locks is that you have me asking to "repeal all laws against breaking and entering." Not at all. The equivalent law to breaking and entering in the copyright world is copyright infringement. I'm not arguing to eliminate laws against copyright infringement. The equivalent law to the DMCA is a law that makes breaking of all locks illegal.

If we had a law making the breaking of all locks illegal, that would be foolish. People who lost the key to a lock they purchased and put on their garage would be out of luck. But assuming such a law had passed, I would be calling for its repeal. Now, if the law against lock breaking were repealed, does that mean there would be more breaking and entering? No. Locks and the laws against breaking and entering would still keep many people from trespassing. Locks, the technology, still serve a deterrent function. On the other hand, were the DMCA to be repealed, I do not believe DRM would play much of a deterrent function at all.

"So, with regard to argument number one, DRM breaks would still be isolated in the absence of the DMCA because ... ?" There you go again. "Argument number one" is my attempt to guess at YOUR argument. Again, you're asking me to spell out your argument even further. That's YOUR job, not mine (assuming this is even your argument, which was the whole reason I spelled out 2 alternatives, because I couldn't figure out what your argument is). Obviously if your argument that DRM technologies add nothing to the deterrent value of the DMCA alone is true, then DRM technologies add nothing to the deterrent value of the DMCA alone. This is a tautology.

"Give me one example of successful DRM for major media." CSS has been pretty successful, to date. Also, cable scrambling is pretty successful. HBO signals are no longer pirated, by and large. SSL connections are largely safe. WEP works for most users. PGP is a fine way to encrypt personal e-mail. Others are coming, but your request for large numbers of content protection schemes is a bit unreasonable, given that the market is just emerging. It's kind of like asking where all the successful long-term uses of RFIDs are. And sure, CSS has been cracked. But this was the whole purpose of the "frequency" terminology I introduced above, at least, assuming you're taking tack #1 -- cracked, therefore by definition not successful. If you're taking tack #2 -- not successful because law plays a role -- then I think you're argument is like the physical locks one. Your call to repeal the DMCA is exactly like the call to repeal "breaking and entering" laws. In such a case, larceny (infringement) would still be illegal, but entering a building without permission would not be. And it's totally beside the point if the proponent of locks (DRM schemes) admits that the law has a deterrent effect, but is not providing the entire deterrent effect. Repealing the law would just remove the additional deterrent. You haven't shown why a supporter of DRM schemes must agree that the law provides no deterrent effect whatsoever in order to remain consistent with some other position he/she is committed to.

"Let's try to shift the analogy a bit, shall we? The purpose of the lock is to keep people from getting something valuable inside the building. However, right next door to the building you are protecting with locks is a huge warehouse that has copies of everything valuable you are trying to protect and it is completely unlocked. So, even if any particular thief can't get into the building you are protecting, they can still get into the warehouse next door and take what they want. The lock has accomplished what, exactly, with regard to protecting the valuable items?"

So there need to be more locks. Fine.

"On the other hand, were the DMCA to be repealed, I do not believe DRM would play much of a deterrent function at all."

I think you are adopting argument number one, then -- DRM technologies add nothing. As I've said, I don't buy your notion that there is some sort of magical law of physics that implies this. And I believe time will demonstrate that, as I've explained above, the threshold frequency of circumventions for entertainment content is significantly greater than 1/infinity. But for the moment we disagree without a large body of evidence yet on either side. Your position is not as obvious as you seem to think it is.

You seem to be claiming that DRM has deterrent value because it decreases the frequency of circumvention. I was merely asking why DRM would do that in the absence of the DMCA. I'm arguing that, in the absence of the DMCA, the frequency of circumvention for DRM would be zero for some short period of time until it basically becomes infinite.

CSS has been successful? Not as a technology it hasn't. Cracks have been available for years. If they aren't as widely used as they might be it is because of the DMCA, not because of the inherent technological prowess of CSS.

Cable scrambling prevents you from accessing the signal and doesn't attempt to control what you do with the signal once you have it. As such, it is distinct technically from DRM. What the addressable encryption is protecting is not the content (which you can easily copy), but the service. Legally, it is also distinct as cable piracy was illegal prior to the DMCA.

PGP and SSL are also not DRM. They protect information from a man-in-the-middle attack (someone trying to listen into the conversation and figure out what is going on). There are many effect encryption systems that provide this service. However, they do not do what DRM tries to do, which is protect against copying by the recipient of the information. You can send me a PGP-encrypted email, but if I am the legitimate receiver, you can't stop me from copying and redistributing the email.

WEP is also similar to PGP and SSL, but unlike them it has been cracked and the software to take advantage of it is readily available for download from the internet. If it isn't commonly used, it is because many people don't even bother to enable WEP and you need to be physically proximate to the signal.

This is an emerging market? Well, only if you consider the consumer PC an emerging market. The desire for strong DRM has been around since at least the early years of the consumer PC market. Some of the earliest DRM copy protection systems were designed to prevent piracy among PC owners. Remember the era of floppy disk protection? Considering how valuable DRM that actually worked would be, one would expect such a system to have been developed by now if it were at all easy.

Now you claim that my call to get rid of the DMCA is the equivalent of calling to repeal trespassing laws. If you enter a building without permission (and you aren't guilty of breaking and entering), you are still likely guilty of trespassing. Your base assumption seems to be that cracking encryption is always a crime. However, there is such a thing as fair use. As I noted before, it is similar to a public easement over private property. Put up a fence to block a public easement and I have right to climb and, frequently, cut through that fence to use the easement. For some reason, you keep ignoring the whole fair use argument.

You say that your locks have a deterrent effect. A deterrent effect for what? I'm talking about the deterrent effect for infringement. For example, if your goal is to keep people from reaching a beach, and so you lock your house up and put a fence across the public easement, that doesn't mean you've kept people off the beach. People can always go entirely around your property to reach the beach, or even use boats. You haven't shown that your locks will create a deterrent effect to people going on the beach. You can claim there is some effect, but that isn't proof.

Of course, you will now claim that we have to make boats illegal and extend the fence around your house to block all paths. Fine. However, that doesn't make your locks useful now.

Perhaps your threshold argument is valid. Sort of hard to see its validity, however, when all content of any interest is widely available on the filesharing networks. Whatever the threshold may be, we're above it, even with DRM and the DMCA.

This seems to be the throw spaghetti at a wall and see what sticks technique to argumentation. I'm ignoring the fair use point because that's a policy argument, and your original post and my responses were originally aimed only at whether content protection schemes (I'm not going to use "DRM" as shorthand any more, because you reverted back to a narrow use of the term) are effective as technological measures to prevent unauthorized redistribution.

Your claim that CSS has not been successful is bizarre, given that it is in widespread use and undoubtedly deters thousands from uploading full-resolution copies of movies to peer-to-peer networks. As I said before if you're definition of "successful" means it has to resist any attack at all, even one that would cost millions of dollars to undertake, that's unreasonable.

My only point about the newness of content protection is that there is a lot more coming. I don't think even you deny this. We can argue about the pre-history if you like but that's really off-topic. As is the difference between content protection and DRM (I'm talking about the former; you're free to limit your arguments -- policy-based I would assume -- to the latter).

The post that started this whole argument was about both technology and policy, it is entitled, "Prove DRM Works - Eliminate the DMCA." My point being that policy (i.e., law) was hiding what the technology was really capable of.

I raise fair use as a point of dispute to your analogy to physical locks. I was showing how your analogy was flawed, as physical locks and DRM do not operate similarly.

I'm reverting to a narrow use of the term "DRM"? Could you please tell me what definition of DRM you use that includes PGP, SSL and WEP? Can you tell me what "rights" they manage?

My claim is that to the extent that CSS is successful, not because of technology, but because of the law. It might as well be a Vignere Cipher. CSS would not be successful without the law.

Furthermore, you may not doubt that CSS deters thousands from uploading films, but I do doubt it. If you want to upload a film, you first download it, then upload it. How has CSS prevented that?

My definition of successful is not to resist any attack at all, but to resist sufficient attacks that it would be valuable in the absence of the DMCA. I fail to see how CSS would meet that standard. In any case, "millions of dollars" to undertake is a bit of an overstatement. It was cracked by a teenager (more or less) in Norway, with resorces that probably didn't get very high in the 5 digits, if that.

Yes, there are new content protection systems coming. Why aren't they here? After decades of work on them and millions of dollars spent on development, why don't we have stronger systems? We have incredible encryption systems, such as triple-DES (and others) that will thwart virtually any man-in-the-middle attack. Where is the DRM equivalent of triple-DES? Why hasn't DRM made as much progress as communication crypto?

Apple's FairPlay uses AES.

http://www.esat.kuleuven.ac.be/~rijmen/rijndael/
http://nanocrew.net/software/DeDRMS/DeDRMS.cs

Not that using a secure algorithm makes much of a difference when you hand the attacker the ciphertext and the key.

Furthermore, you may not doubt that CSS deters thousands from uploading films, but I do doubt it. If you want to upload a film, you first download it, then upload it. How has CSS prevented that?

Flow vs. connectivity Ernest. Just because you are within 6 degrees of your movie does not mean you will be able to get it. The seeding of the darknet is the critical flaw in your whole argument. While you focus on the file sharing networks, there are other darknets (circles of friends, etc.) that are smaller but as prominent in the equation of DRM effectiveness.

Perhaps it might be useful to think of DRM as a marketing tactic rather than an enforcement tactic. It's damned effective.

The seeding of the darknet is not the critical flaw in my argument you think it is Brad. First, I don't really think we are in a darknet situation right now. There are millions of simultaneous users of the various major filesharing networks. That is hardly, small isolated darknets. Second, even if the darknets were smaller, they will rarely be completely isolated. The borders will be porous. There will be those who serve as bridges between two otherwise isolated networks. This will slow the distribution of content, but will not stop it. Third, people will belong to multiple darknets and social networks. There will be many paths for them to follow to get to content. Even with small darknets, information transmission will still be robust due to lots of redundancy.

I'm not really sure how DRM is a marketing tactic, other than "Here is something that does less, costs more, and interferes with your fair use rights." Nevertheless, even if you were correct, why should the government pass laws enforcing particular marketing tactics?

This argument is going around in circles.

"I raise fair use as a point of dispute to your analogy to physical locks. I was showing how your analogy was flawed, as physical locks and DRM do not operate similarly."

I have no idea how the doctrine of fair use could possibly be relevant to whether a technology prevents unauthorized access. At most it is relevant to determining whether the technology prevents too much access as a policy matter. This is an entirely separate question from whether the technology works to prevent illegal access, apart from whatever deterrent effect the DMCA has, which was where we started. Your continuing attempt to throw in this and other red herrings frustrates any progress in this discussion.

"I'm reverting to a narrow use of the term 'DRM'? Could you please tell me what definition of DRM you use that includes PGP, SSL and WEP? Can you tell me what 'rights' they manage?"

I never said that these were DRM schemes, properly speaking. I have tried to keep the reference to all content protection schemes, and it's you that has insisted on using the abbreviation "DRM," which I briefly thought you intended to use as shorthand for all content protection. You can use whatever abbreviations you like, but don't criticize me for it.

"My definition of successful is not to resist any attack at all, but to resist sufficient attacks that it would be valuable in the absence of the DMCA. I fail to see how CSS would meet that standard. In any case, 'millions of dollars' to undertake is a bit of an overstatement. It was cracked by a teenager (more or less) in Norway, with resorces that probably didn't get very high in the 5 digits, if that."

My reference to the multi-million dollar attack was intended to be separate from the reference to CSS. The point was that, because you believe the threshold frequency for entertainment content hacks is near 1/infinity, even a hack that takes millions of dollars to accomplish makes, under your theory, a content protection scheme "unsuccessful." I believe that position, which you are committed to, is untenable.

Fine, I'll drop the fair use argument since it annoys you so. However, I continue to dispute your analogy to physical locks, which have many characteristics that distinguish them from DRM. If they were identical, we would have no problem using the same laws as physical locks. However, we have different laws, which indicates that are relevant distinctions between the two.

I asked, "Give me one example of successful DRM for major media." You responded by citing PGP, SSL and WEP. You may not have specifically said they were DRM schemes, but I should be forgiven for seeing an implication that you had.

You now imply that I'm using a non-standard definition of DRM. Would you please clarify this position?

Well, you're absolutely right. If a crack cost millions of dollars to implement and replicate, then DRM would be successful. And if pigs could fly, we'd all wear helmets outdoors. In any case, you mistate my position, it would be more accurate to say I believe that the threshold frequency is near 1/(oh, I don't know, tens or hundreds of thousands).

However, you have yet to provide an example of DRM that has cost anywhere near this to crack. It would take millions of dollars to crack triple-DES. Again, I ask, where is the triple-DES of the DRM world?

Ernest,

Can you provide a concise, current, legal definition of "fair use" in relation to digital content? How specifically does DRM interfere with these (mostly court created) rights?

There is no specific definition of "fair use" in relation to digital content. There is "fair use" for content, whether digital or not. Although the "fair use" doctrine was originally developed by the judiciary, it was made statutory in the Copyright Act of 1976 and codified at 17 USC 107.

Technically, it is not actually the DRM that interferes with these rights, but the DMCA which makes violating DRM illegal that interferes with these rights. For example, appropriately limited quotation for purposes of criticism or commentary is perfectly legitimate fair use. DRM generally forbids quotation, as quotation involves copying and DRM generally prohibits copying. When the DMCA makes it illegal for me to ignore the DRM, then I must obey the DRM's prohibition on copying. I would then be unable to quote, which would interfere with my fair use rights.

Ernest, DRM cannot possibly restrict quotation, just like it cannot restrict parody. For instance, the Friends finale came out on CSS protected DVD just a week after it aired on NBC, yet SNL was able to do a parody soon after involving members of Bush's cabinet. Sure, they are all owned by GE and presumably, they could have cleared rights or repurposed content without DMCA lawsuiits, but I still fail to see how DRM would have entered into this "fair use".

Sure, certain types of quotation and fair use will still be possible. I'm not denying that all fair uses are prohibited. If you want to do a parody, for example, you often will recreate the work and DRM will not likely be an issue.

However, what of the scholar who wants to use a copy of the original work to discuss or highlight some aspect of the original work? The scholar could describe a scene from a movie, but sometimes a picture is worth a thousand words. Often, it is better to show, than to describe. I could talk about how graphic and realistic the Normandy Beach portion of "Saving Private Ryan" is, but being able to show a small clip from the movie would be much more effective.

Ernest, What settiing is this scholar in? A lecture? Play the clip. DRM doesn't make that impossible. Let's consider an e-Book with DRM that disallows making an electronic copy and does not have copy/paste features. How does DRM prevent you from transcribing the portions you need to another medium?

You know what I'm getting at here, right? I'd like to know what court case says that "fair use" requires that the publisher make it economical and provide the highest quality fidelity of the fairly used copy. If there is no such case, and since the scope of "fair use" is broadly court defined, then I don't see how DRM technically interferes with anyone's fair use rights.

Brad, maybe the scholar believes in sharing his scholarship as widely as possible and wants to put his review on the web, with video clip. Is it so hard to imagine? For every example of where DRM doesn't interfere with fair use, I can provide one where it does.

I know what your getting at, but you don't seem to be reading what I'm saying. I never said outlaw DRM because it interferes with fair use. Go ahead and use DRM. I may think it is foolish, but knock yourself out. I also didn't say it was DRM alone that interferes with anyone's rights. I said, "Technically, it is not actually the DRM that interferes with these rights, but the DMCA which makes violating DRM illegal that interferes with these rights."

No Ernest, even the DMCA that makes circumventing DRM illegal does not interfere with fair use rights! It can't. Couldn't the scholar use a videocamera to record the TV screen as the clip is played back?

This is why I think you're over-the-top on this DRM thing. You claim that DRM/DMCA interferes with fair use rights. It doesn't. You still have the vague rights to use the works. It may not be as economical or hi-fidelity as digital media permit in theory, but the right to fair use in not infringed.

The reliance on DRM is not because the content industry is run by Catholic school nuns. It's because without it, people en masse tend to make a little more than fair use of things. With it, more people buy. The software industry has known this for a long time. The content industry is finding it out and wading its way through the jellyfish in the DRM surf. If the investment in developing and deploying DRM didn't have a positive effect on the bottom line, the content industry wouldn't bother.

No Brad, not if the scholar wanted to make an exact copy. Using a videocamera to record would, as you admit, result in some loss of data as you go from a digital-analog-digital conversion. You claim that this is no big deal, but basically, you are arguing the paraphrasing and quotation are the same thing. By your logic, fair use would not be infringed by a law that said "exact quotations are prohibited by copyright, only paraphrasing is permitted." Call me crazy, but I don't accept that argument. Sometimes exact quotation is exactly what is needed.

Second, this is a very odd argument for you to make. If the analog hole is no impediment to making copies, then DRM doesn't serve as an impediment to piracy, either, which seems to negate your whole argument as to why DRM is important as anti-piracy method.

You keep missing the point I make over and over again. I'm not saying that DRM doesn't have a positive effect on the bottom line. I'm saying that the anti-piracy aspects of DRM don't have a positive effect on the bottom line. Companies you DRM for a number of reasons unrelated to piracy, such as raising barriers to entry, as well as the other reasons I mention here: http://www.corante.com/copyfight/archives/003559.html

Again Ernest, you overlook the psychology of actors in the marketplace. Since DVDs are the thing now, how many people do you think would take a pirated copy on VHS if they could get a the DVD for $20? Put 'em side by side on a WalMart shelf. Probably many take the tape, but it won't be everybody. For example, you're average Linux nerd can't use an unauthorized player to make VHS tapes play on his laptop.

I do think there is some merit to your argument that DRM is being used to raise barriers to entry. I don't see that as wrong, although I have a feeling that the market will only accept such behaviors on the margins and raise the expectation of total system quality/price/performance. I also think that there are many suppliers in the equation with many different motivations. I know it cuts down on casual privacy from my experience with software. I also know that no physical or logical network is efficient enough at copying that it doesn't require a threshold seed level to keep content available. Storage and bandwidth are not free. Organization is even more expensive.

As to fair use... It is a defense against enforcement of copyright laws, not a right in and of itself. If you need to critique a DVD quality 30-second clip from Bill and Ted's Excellent Adventure on your scholarly website, maybe you need to contact the rights holder and ask permission.

Brad, I'm not sure what your example is meant to prove. You don't have pirated copies of movies on the shelves of WalMart and I'm not saying you should. What I will say is that it isn't DRM that is making the authorized version seem more attractive to the consumer.

The market utterly rejects raised barriers to entry of this sort (and all the other things that make DRM attractive). If the market didn't then we wouldn't need a law enforcing DRM.

Yes, there is a threshold seed, but the level is remarkably low. Storage and bandwidth aren't free, but in the aggregrate they might as well be for the purposes we are discussing. Go check the filesharing networks. The only determining factor as to whether a particular item of consumer media is available is its popularity ... not DRM (and the popularity threshold is sometimes surprisingly low).

Fair use is an affirmative defense, that is true, but it doesn't mean it is not a right in and of itself. Without fair use, copyright law would be unconsitutional, so it seems fair to call fair use a "right." Also, it is easy to mock examples of fair use, but it is difficult to explain the limiting principle of an argument that basically says, fair use only covers paraphrasing and nothing more.