There are many things in the world that you feel to be true, but you’re not exactly sure why. So if you’re a thinking person, you’re left with this nagging suspicion that you should be better able to come up with a better explanation than "But it’s just wrong!"
For many people, myself included, digital rights management (DRM) technologies fall into this category. Even if we have no intention of breaking copyright law by downloading music or movies willy-nilly, and even though many of us earn our livings through the production and sale of copyrighted material, we’re still offended that the entertainment and media conglomerates of the world – the Content Cartel, as one commentator has labeled them – are pushing so hard to ensure that every song, every movie, every television show, is wrapped up tight in some form of DRM that controls access to the content and use of it.
Thanks to a talk by Professor Dan Burk of the University of Minnesota Law School that was organized by Cornell University’s Information Science Department, I have a significantly better sense of just why DRM makes my skin crawl. If you’re generally interested in the topic of DRM and the law, I encourage you to read the draft paper on which Professor Burk based his talk.
Legal Rules versus Legal Standards — As Professor Burk explained, the law is broken down into two basic aspects: rules and standards. A legal rule is a specific imperative in which all the thought surrounding the details of the law takes place ahead of time. In theory, at least, with a legal rule, the body establishing the rule deliberates on specifics such as boundaries, exceptions, penalties, and so on, and for violators of the resulting law, there is no leeway for interpretation. For instance, consider a drug possession law that states that offenders caught with more than 5 grams of marijuana must serve a 3 year prison term. If some stupid pothead kid falls into that category, regardless of any other circumstances, it’s off to prison for 3 years.
Contrast that with a legal standard, which essentially posits a goal and lays down some guidelines for defining illegal behavior, but which leaves significant room for interpretation. So, instead of a rigid law stating exactly what behavior is considered illegal and mandating specific punishment, a law based on a legal standard would declare that drug possession was illegal, but would leave discretion in the hands of the judge as to whether the crime warrants a lesser punishment (in the case of the pothead kid) or greater punishment (in the case of a known drug dealer caught with a kilo of heroin).
I’m no legal scholar, but from a common sense standpoint, I think most people would prefer legal standards to legal rules. After all, laws are created by politicians; would you trust a politician – even one of the honorable ones – working with hypothetical "what if" scenarios to define a crime and a punishment? Or would you prefer that cases be decided by a judge with the actual facts of a specific case at her fingertips? Consider a law that most of you have probably broken in the last few days – the law against speeding. Would you prefer a law that said being caught driving over the speed limit was grounds for an automatic $200 fine, or one that gave the police officer and the traffic court leeway to see that driving a seriously injured person to the emergency room was grounds for dismissal?
As Professor Burk pointed out to me in email subsequently, some people do prefer rules to standards for the simple reason that the rules are predictable, so you know what to expect beforehand. He also noted that some people also become concerned about judges having too much power, although it seems to me that most of the people who complain about "judicial activism" are politicians, and are bent out of shape about having competition.
DRM: Them’s the Rules — Let’s step back a moment. Creating a law is only one of many ways that societally acceptable behaviors can be encouraged. If society’s overall goal is for people to drive more slowly and cautiously, putting speed bumps in the road would have the same effect, as would keeping the road and shoulders narrow. Of course, those strategies have other downsides, such as slowing down ambulances or making it difficult for fire trucks to maneuver, and they don’t absolutely prevent the unwanted behavior, they just discourage it. You can still drive quickly over speed bumps or along narrow roads. In this respect, such extra-legal strategies are akin to legal standards – they leave some wiggle room in the system.
DRM technologies fall roughly into this category of extra-legal methods of encouraging behavior, but there’s at least one important difference: DRM, like all technology, is an embodiment of a legal rule, not a legal standard. It’s simply impossible to create a DRM technology that can evaluate and approve exceptions, no matter how reasonable or legal they may be. If you want to play a song purchased from the iTunes Music Store without stripping the DRM, you must use an iPod or iTunes on an authorized machine; there’s no wiggle room at all.
This is a big deal because the law that DRM instantiates is copyright law, and copyright law is distinctly a case of a legal standard. Copyright law allows all sorts of exceptions, including fair use, reproduction by libraries and archives, and musical performances at agricultural or horticultural fairs (I wonder how much that last exemption cost?). Plus, in any copyright infringement case, the judge would have to take into account what was copied, how it was copied, what the intent was in copying, and the harm done to the copyright owner in the marketplace. No matter how hard the Content Cartel tries to conflate the two under the rubric of "piracy," there’s a big difference between the downloading of a song from Kazaa and the burning and reselling of thousands of DVDs of the latest Harry Potter movie.
So now you can see why DRM rubs so many people the wrong way. It’s turning copyright law, which is at its heart a reasonable legal standard, into a legal rule with no ifs, ands, or buts.
Permission and Forgiveness — There’s another aspect to the way DRM stands in for laws. No matter whether we’re talking about legal rules or legal standards, you’re still free to do whatever you want and then ask for forgiveness if you’re caught. As a result, many violations of the law are never noticed, and many others never make it to court because the cost to society of enforcing them is higher than the benefit (a police officer can make the decision that it’s more important to get that injured person to the hospital than it is to enforce the speed limit).
However, the corollary to this fact is that our laws thus reach further than we intend. Exceeding the speed limit at any time is technically a violation of the traffic laws, but no one really believes that enforcing the speed limit is so important that cars should automatically inform the police whenever you are speeding. Similarly, every unauthorized copy of a digital media file is technically an infringement of copyright law, but few people outside the RIAA probably believe that every iPod owner should be hauled into court to justify copying music from a Mac to an iPod under fair use.
So in the real world, we’re used to asking for forgiveness after committing actions that are technically in violation of a law (and frankly, we’re used to getting away with a lot of violations that are too trivial to justify enforcing). In the digital world, however, DRM inverts this system, forcing us instead to ask for permission rather than forgiveness. Anyone who has ever been a teenager knows just how problematic that is – parents seldom agree to the cool stuff. When it comes to technology, the end result of being forced to ask for permission is that experimentation and innovation are stifled. If the original Napster and the other peer-to-peer file sharing networks hadn’t scared the hidebound music industry silly, do you think they would ever have agreed to Apple creating the iTunes Music Store?
Because most DRM systems start from the written copyright law and prevent any behavior that would technically be an infringement, they not only fail to account for the exceptions in copyright law, they also ignore our societal expectations about how laws should work in practice. It would be like car manufacturers outfitting all cars with limiters that could determine the posted speed limit on any stretch of road and prevent the car from driving faster than that, for any reason. Talk about grounds for a revolt!
Room to Move? In fact, there is a little wiggle room with DRM-protected content like songs from the iTunes Music Store, and that’s the fact that pretty much every piece of DRM technology has been broken. According to Professor Burk, the peer-to-peer tracking company BigChampagne has found that it takes about 4 minutes after release for a song using copy-prevention technologies to appear on the file sharing networks. So you could purchase a song from the iTunes Music Store, remove the FairPlay DRM in any one of a variety of ways, and use it in some way that would otherwise be impossible.
But there’s a problem with creating your own wiggle room by breaking a DRM technology: our old friend the DMCA (Digital Millennium Copyright Act); see "The Evil That Is the DMCA" in TidBITS-656. The DMCA distinguishes between access of content and usage of content (though it’s a relatively fuzzy distinction), and forbids any circumvention of access control technologies. However, the DMCA does not forbid the circumvention of usage control technologies; the thought is that this was the loophole Congress left to allow fair use of material that you had legally purchased. However, the problem is that the DMCA also bans the supplying of tools to circumvent either access or usage control technologies. In short, you can legally break any usage control technologies you want, but you can’t get any help doing it, nor can you create tools for anyone else to do it. Needless to say, this is a barrier which essentially no one can cross legally.
There is some hope that the courts have recently seen the danger behind the DMCA. In his talk, Professor Burk called out a pair of cases where appellate courts had ruled against plaintiffs brandishing the DMCA. In one case, Chamberlain v. Skylink, Chamberlain sued to prevent Skylink from reverse engineering the codes necessary to make Chamberlain’s garage doors open; Skylink was reverse engineering the codes for use in a universal garage door opener. The court ruled that Congress had no such anti-competitive behavior in mind with the DMCA. And in Lexmark v. Static Control, the court ruled that Lexmark could not use the DMCA to prevent Static Control from reverse engineering the chips necessary to create off-brand toner cartridges for Lexmark printers.
The moral of this story, if there is one, is that DRM technologies are more subtly pernicious in their effect than may be apparent from first glance, due to the way in which they embody legal rules and eliminate the human effect in determining how copyright law should be interpreted and enforced. That realization does little to assuage the annoyance many people feel when their lives are unnecessarily complicated by DRM, but at least it puts into words why DRM is so often annoying, not to mention concerning for the future of technological experimentation and innovation.
PayBITS: If Adam’s article helped you understand how DRM
is undermining copyright law and why that’s concerning,
consider a donation to the EFF.
Read more about PayBITS: <http://www.tidbits.com/paybits/>