DRM to join death and taxes. Will Sun's DReaM spare us the nightmare?

DRM to join death and taxes. Will Sun's DReaM spare us the nightmare?

Summary: While I was on vacation last week, I noticed that Cory Doctorow issued a scathing review of Sun's Project DReaM in response to my podcast interview of Sun Labs director of engineering Tom Jacobs who heads up development of DReaM.  Under the auspices of an organization called the Open Media Commons, Sun is pitching DReaM as an open standards and open source DRM (digital rights management) technology (I prefer the acronym C.

TOPICS: Open Source

While I was on vacation last week, I noticed that Cory Doctorow issued a scathing review of Sun's Project DReaM in response to my podcast interview of Sun Labs director of engineering Tom Jacobs who heads up development of DReaM.  Under the auspices of an organization called the Open Media Commons, Sun is pitching DReaM as an open standards and open source DRM (digital rights management) technology (I prefer the acronym C.R.A.P.) that will do to the proprietary versions of DRM that are out there (like those from Apple and Microsoft) what the Sun-founded Liberty Alliance did to Microsoft's proprietary Passport identity system.  Most of the content we want will be saddled with DRM, and the producers of that content cannot be convinced otherwise. Based on Sun's assessment that better than 90 percent of the world's credentialed transactions rely on Liberty-based credentials, Sun says Liberty is why Passport never got much traction.  

In his writeup (headlined How Sun's "open DRM" dooms them and all they touch), Cory calls the open source nature of DReaM into question when he quite correctly picks on two key aspects of the technology.  The first is that any code that claims to support it must run as signed code before it will be allowed to unlock locked content.  Not only must a Certificate Authority play a role in code signing (adding complication), the code must be tested by some independent outfit to make sure that it upholds the sort of DRM principles that movie studios, record labels, and other publishers require.  Significant expense could be involved; expense that could lock out certain open source developers thereby stifling the innovation that open source is known for.   The second aspect that Cory zeroes in on is DReaM's reliance on "trusted hardware." 

Even though DReaM isn't yet in the market, it's important to know that the existing proprietary solutions that are out there involve very much the same architecture.  Although the code isn't signed in Certificate Authority fashion, the DRM principles that code-signing guarantees are upheld by the closed nature of the systems.  For example, Apple and Microsoft must guarantee movie studios and record labels that the DRM systems they put into the market will adequately serve publishers' intentions when it comes to their content (eg: what restrictions -- what the "R" in DRM should really stand for -- such as expirations and limits on copying can be technologically enforced).  Since the only code that's available is pre-compiled executable code (like Apple's iTunes Software or Microsoft's Windows Media Player) and it comes from pre-ordained sources (sources that have passed muster with content publishers), it's the equivalent of code-signing. Companies like Microsoft and Apple can probably even tell if their compiled code has been tampered with (eg: a virus) and trigger content license revocation. 

Although they're not hardware enforced trust (a la a Trusted Platform Modules or TPMs), software products like iTunes and Windows Media Player also do their best to emulate a trusted hardware environment where there's a connection between the content license and the identity of the licensee.  Anyone who has used iTunes knows how, before music can be purchased from the iTunes Music Store and played back, an iTunes account (usually credit-card based, but sometimes not)  must be established and associated with each instance of the iTunes software and/or an iPod (in both cases, marrying identity to machine). Hardware-based trust -- the sort that DReaM works with -- is more bulletproof than that sort of software-based trust (TPM-like hardware is found in only a handful of systems like Lenovo's Thinkpads).  But some argue that even though software trust is easily broken (in the context of DRM, this is known as "circumvention": an act that's strictly prohibited by the Digital Millennium Copyright Act), hardware-based trust has problems of its own.  For example, how to make the hardware encoded keys portable for legitimate reasons (using more than one system or simply upgrading to another system). 

To the extent that a link is created between content and identity, third lesser known and discussed issue with respect to how the existing systems work are the proprietary identity systems on which they're built.  Today, the closed nature of those systems has yet to rear it's ugly head.  But tomorrow, particularly with user-centric identity systems like YADIS (for contextually sharing personal profile information) and the Higgins Trust Framework (for cross-domain authentication), users may end up bemoaning proprietary identity management systems if they don't federate with more broadly accepted and open systems (sidebar: there will be connectivity between Higgins and Microsoft's InfoCard. But what role, if any, that could play in Microsoft's PlaysForSure DRM ecosystem, I couldn't say). 

To the extent that DReaM also relies on identity, one can't downplay the potential Liberty Alliance connection.  In refraining from using the word "open," might a benevolently dictated DRM layered on top of a benevolently dictated identity framework do?

As opposed to not settling for DRM at all, the question for many is whether to settle for a somewhat vendor-independent (and to some extent, studio-independent) DRM.  For the trainwrecks it has already caused and for ones it will cause, many of us abhor DRM in the first place and have tirelessly campaigned against it.  My biggest beef with DRM has always been the proprietary versions of it gaining traction in the marketplace and the amount of unprecedented power that the top one or two DRM systems in the marketplace will afford to their purveyors. Power over content publishers.  Power over end users. One need not look far for the evidence. 

Already, record studios are in a power struggle with Apple. 

Purchases of downloadable music now account for 6 percent of the record industry's total sales and of that 6 percent Apple is the dominant player.  Additionally, that 6 percent number doesn't tell the whole story about the strength and growth of the online channel.  Where as the 6 percent of record industry revenues is dominated by the sale of 99 cent songs, a lot if not most or all of the remaining 94 percent is based on the sale of complete albums which tend to cost $12 or more on Compact Disc.  In other words, whereas the sales of downloadable music may only account for 6 percent of overall revenue, it accounts for a significantly larger percentage of overall items sold.  Apple's iTunes music store recently eclipsed the 1 billion song mark.  iTunes has gotten so big that record labels have no choice.  No choice but to use it.  No choice but toplay by Apple's rules.  For example, in the recent feud between Apple and the major record labels over download pricing, the record labels didn't have much choice but to go along with Apple.

Likewise, Apple keeps its DRM close to the vest having only licensed it to Motorola for a handful of phones.  The double-whammy is that as music buyers amass their collections of music, they may eventually become disappointed to learn that, because of Apple's failure to make its DRM more broadly available to other device manufacturers, their music collections won't work on anything but iPods and a few of Motorola's phones.  So, you're an iPod owner that likes that hot new device from iRiver or Creative?  Or that music capable phone from Nokia, HP, or Samsung? You have two costly choices.  Throw out your iTunes purchased music collection and start over using yet another proprietary DRM scheme (which could land you in the same position a few years down the line) or find a way to break the DRM off your existing collection (comes with DMCA-provisioned fines and jailtime if you're caught).   Content publishers are crazy about the situation either.  They, according to Sun's Jacobs, see content portability as being important to the sucess of their business in the digital age.

Unfortunately, to get that portability (the sort that could be gotten through using more commonly practiced standards such as FLAC, MP3, and MP4), content publishers (record labels, movie studios, etc.) are not willing to give up on the protection (DRM) and laws (DMCA) that to them are the only viable instruments for keeping their businesses from going to hell in a handbasket.  Without both, publishers argue, Internet-based piracy of their copyrighted material would ruin them.  We can hate DRM all we want.  But the cold stark reality is most of the content we want -- whether it's music, movies, Cable TV, still images, and even text documents -- will be saddled with DRM and the producers of that content cannot be convinced otherwise. 

So, from the technology side of things, we can bitch and moan about DRM all we want.  But as long as publishers remain unconvinced (and as long as no real viable alternative to their content exists -- which, in the big picture has proven to be the case, especially with video and movies), the lockdown will continue.  This brings us full circle to the question of DReaM's openness and neutrality. So right is Cory Doctorow about DReaM not being open source that he drew an indirect but corroborating response from Sun president and COO Jonathan Schwartz.  Schwartz was directly responding to a post (see Is DReaM a Nightmare?) by Sun chief open source officer Simon Phipps' who wrote:

In my view, [Project DReaM] has unfortunately conflated two different debates. By invoking F/OSS it automatically brings with it the worldview that implies. In the dialectic of that world, software is considered to either promote liberty or to promote monopoly, with F/OSS always promoting liberty. By associating DRM (which can never promote liberty) and F/OSS (which always does), anyone is guaranteed to come across as initially clueless, it is a semantic inevitability. This is the justified attack that Cory makes and he has my respect and broad agreement in making the point.....Project DReAM is not an open source play. I can't help believe that DRM will be a fact of life for at least the next five years. My view is that it's a disaster for modern culture, not least because it destroys "fair use" rights by quantising discretion. But, like death and taxes, it seems inescapable. So given we have to head into this void, the DReaM approach is to try to create a system that is the least worst option.

Replied Schwartz:

....my views hew close to Mr. Doctorow's, as well. But there's no hiding from the reality that important deployments are occurring, today, that mandate DRM -  absent an alternative, what's deployed [today] will be far more insidious than what DReaM presents. Certainly less developer accessible. So can DRM promote freedom? No. But Sun can promote freedom of choice, while we work toward a world in which DRM, as defined today, is no longer relevant.

When I first started railing against proprietary DRM, I took a more conciliatory approach.  I said if we have to have it, at least give us an open standard that isn't so restricting to our fair use (fair use in my eyes, not someone else's).  Buying a song at the iTunes Music Store and loading it onto an Escient Fireball Music Server in my basement so it can serve music to my bedroom or my kitchen was the sort of simple, non-pirate like usage I had in mind. 

But, after the Electronic Frontier Foundation's Brad Templeton showed me how  the terms DRM and open are oxymorons, I slipped right down the slope I was on, forsaking all forms of DRM.  I still do.  It's rotten, complicated, and problematic.  On the one hand, Cory is right.  DReaM subverts open source.  So too is Brad.  There is no such thing as open source DRM.  Given that Catch-22, if DRM on content is as sure a bet as death and taxes are but we can't have open source DRM, perhaps we are down to the least worst option after all.

Topic: Open Source

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • And if...

    ... the content providers successfully require DRM, and if the content providers are mistrustful of open source, then to the degree that DReaM is open-source oriented it will be ignored or opposed by the only people who matter in the decision process.

    Have the RIAA and MPAA companies given any response to the DReaM process?

    Another issue is: given their problems with Apple, are the RIAA companies likely to allow another supplier which is organizationally independent?
    With Microsoft, the RIAA companies can sign a contract assuring complete control over all non-technical decisions about DRM. Would the same situation occur with DReaM?

    As in chess, it's appropriate to locate the other side's best move from its point of view.
    Anton Philidor
    • Why would MS relinquish power?

      ---With Microsoft, the RIAA companies can sign a contract assuring complete control over all non-technical decisions about DRM.---

      Are you sure about this? Given MS' strong grip on most of the things involved with their products, I have a hard time seeing them being any less controlling than Apple. Why trade one devil for another?
      tic swayback
  • Feature

    [i]hardware-based trust has problems of its own. For example, how to make the hardware encoded keys portable for legitimate reasons (using more than one system or simply upgrading to another system).[/i]

    That's not a bug, that's a feature. One of the big selling points for [i]whatchacallit[/i] is planned obsolescense: the product can be resold any number of times to the same customers.
    Yagotta B. Kidding
  • DRM ... Ugh

    Consider if the world relied on about 2 popular proprietary DRM technologies to hold its data, the companies that owned those two technologies would have the keys to much of the data in the world. That is a staggering amount of power!

    I agree that Open Source and DRM have contradictory principles, and the two will actually wrestle with each other. But the same also applies to the PC industry and DRM. The first stands for the empowerment and liberty of individuals, while the second?s sole purpose is to take them away.

    I do not buy the argument that DRM is inevitable. I believe established content providers will try and fail to make it widespread. It is bound to fail because never in the history of free economies, have consumers gravitated towards products that take away their liberties! Never! DRM is destined to fail!
    P. Douglas
    • I agree with you 100%, but...

      it's also historically known that people as a whole don't react until [b]after[/b] it's gotten to the point where it's totally unbearable. Take a look at the rapidly rising cost of gas around the world, for example. Where I live(Jersey City, NJ), the price is nearing $3/gallon(again), yet people are still filling up and are only now considering alternative sources, like ethanol. At least in the US, we could have reacted after hurricane Katrina hit and sent prices back down if we started pushing ethanol, hybrid cars, and the like, but instead we gave the oil magnates a reason to suck us dry even more today.

      The same thing will happen with DRM. Techies such as you, me, and David already see the dangers, but the targeted consumers of DRM(record/movie producers) see an extra revenue stream for content, leaving consumer freedoms as an unfortunate casualty. And they make sure most of the time DRM is transparent to the consumer, so no one's the wiser.

      The best way to get non-techies involved against DRM is to show not just how DRM can restrict/deny your fair use and first sale rights, but also how DRM can violate your security as well(Sony XCP/MediaMax, StarForce, etc). When people hear that DRM can screw up their computers, that's when they start to get the message. Show them DRM trainwrecks, and people start listening.

      So you're correct, DRM will fail, but not until the general public catches up with us. By then, though, DRM may become as prevalent as viruses and spyware, and that's a pretty big hole for people to dig out of.
      Tony Agudo
      • It is just a matter of time

        When people have to start upgrading their computers with DRM'd files, then you'll start seeing a general backlash.
        P. Douglas
        • In that case...

          the sooner the backlash comes, the better!

          PS- I almost forgot to mention that not only do we need to show DRM trainwrecks, but also examples of how media content can be sold without DRM:

          Tony Agudo
          • It is about superior products & services: not protection

            These established content providers are silly. They keep beating their heads when new technologies come along, swearing that they will wipe out their businesses. They did this for the audio and video cassettes, and other technologies. Quite frankly, these technologies, and people?s casual copying of content using them, actually help their businesses ? keeping people interested in the content who cannot afford to buy.

            When I started out working after college, I used to record songs from the radio onto audio cassettes because I didn?t have money to buy CDs. When I could afford to buy CDs, I ditched audio cassettes because of the higher quality and greater convenience of CDs.

            Established content providers need to realize that they make money from supplying superior products and services over free ones that are available ? not from trying to close off every conceivable non-paying avenue to content. DRM?ing their content is not what secures and increases established content providers revenue ? since this hardly matters to real pirates. In fact, I guarantee if content that is now protected, were to be sold unprotected, online sales would increase several fold.
            P. Douglas
          • Indeed!

            [i]In fact, I guarantee if content that is now protected, were to be sold unprotected, online sales would increase several fold.[/i]

            It would be great for Apple, for example, to ditch or freely license FairPlay and be able to reach out to the non-iPod markets. And they really can't complain about piracy because pirated copies are already out there anyway, in spite of DRM. That's just a fact of life.

            Like you said, content providers should embrace new technologies, not lock them down and devalue their content. That's what makes the pirates actually look good: it's not government or business secrets, it's multimedia sold to the general public, so they should treat it as such.
            Tony Agudo
          • true

            Up until a couple of months ago, I used to buy
            a lot of songs using iTunes. I loved it because I could afford to sample and buy individual tracks,
            plus they have a good selection.
            It was good up until Apple upgraded iTunes DRM again and I couldn't convert my songs to mp3.
            If I can't convert, I have to worry about losing my collection and since my software only supports MP3 or OGG, I can't use them in my part-time DJ gig.
            I agree that it doesn't matter to pirates whether the content is DRMed or not--they won't buy it either way. Instead, the people that actually
            love music and movies and are willing to buy what
            they like are made to jump through hoops to get to DRMed. How is that a great business model and who's paying for all this DRM effort?
        • We Are Already There

          Wi8ndows Media Player 10 is only available for XP or higher. Despite what MS claims to the EU Court, and they are lying to them about MS Media Player for Mac (They discontinued it and it nly plays up to V 9), The only way to get Windows Media 10 content is through a Windows XP or device that licensed it.

          MS does not and will not license WMP 10 to any computer OS maker or even media player company that makes media players, even for Windows, that will run on 9X, NT, or 2K. The highest you can go with old Windows, Linux, or Mac is V 9.
          Edward Meyers
      • DRM is different than Gas

        I need Gas to get to work. Be that driving car, paying for mass transit, heating my home, or buying goods. In some form or another Gasoline comes into play in my life. Costs of good increase for example when gas prices go up due to deliveries costing more. Therefore even if I choose to walk I'm affected by gas.

        With DRM if I stop buying content I have more money to spend elsewhere. I'm not hurt in the slightest. If I find DRM too cumbersome I stop buying and spend my money on other things. DRM has no effect on me what so ever. Unlike gas where even if I choose not use I still pay.
  • Why accept DRM?

    Like others here, I don't agree that DRM is an inevitability. Look at what's happening in the music industry now--the people demanding DRM, the big record companies, are all slowly dying off. Technology has reached a point where they can no longer provide any useful service to an artist. They're essentially dead men walking.

    So what happens to the demand for DRM when artists are controlling their own works, releasing their own recordings?

    Long term, the same thing will happen to the movie studios. Clearly making a movie is a more involved process than recording an album, but one can see a day where technology improves to the point where a studio is no longer a necessity.
    tic swayback
  • Moot point

    Many will accept DRM because they don't really care that much. They sit down and watch the tube or listen to music while they work, and having "legal" media is easy enough for them.

    Others, those who care, will include diligent seekers of ways to break or circumvent the DRM restrictions. I just don't think any DRM scheme will ever be both unbreakable and workable (i.e. any "unbreakable" scheme will be avoided even by the first group of users mentioned in the above paragraph).

    Almost as quickly as new schemes are introduced, they'll be broken, and the anti-DRM zealots will always have unfettered media available.

    My take, anyway.
    • Not Really Moot

      "They sit down and watch the tube or listen to music while they work, and having "legal" media is easy enough for them."

      I generally agree with the above statement. But, while most folks won't realize the problems short-term, many will begin to see the problems when content they "own" can't be resold, transferred to a new device, or copied in a legal fashion onto some type of media server for their home. This will take a couple years. But, I'm hopeful that DRM will go the way of copy-protected software: A better solution had to be found.

      mark d.
  • Remember the Cd vs mini disk war of the 90's?

    This somehow reminds me of how the record industry tried to move us from CD to mini disk in the 90's, when most of us at that time had already spent sizable amounts of money in music CD's.
    The new systems didn't sell, because people didn't wan't to invest again.

    For my part, I'm refraining from buying any drm-ed music. If I'm spending money, then it's on a real CD or a real DVD, or on drm-free stuff and I hope (?) they will be usable in the future.
    So, will the public vote for "no-drm" once they realize the economic consequences of lock-in? Or will the masses be happy with vendor lock-in.

    Who knows.
  • Consumers get the backlash

    Why do consumers always have to get the ass of the deal when big media companies compete to get their way with the consumer?
    Anthony S.
  • I don't think so

    "Most of the content we want will be saddled with DRM, and the producers of that content cannot be convinced otherwise."

    There loss then when they see me and many others like me not buying. I'm not so sure a huge drop in sale wouldn't convince them otherwise.
  • Open/Benevolent is not the right focus.

    I have to agree that DRM is almost inevitable. It is better than the reprehensible practice of supporting an obsolete business model by buying draconian and one-sided government legislation. However, I am concerned about the one-sidedness and pervasiveness of current DRM models. I believe this is where we should put our focus, not on whether the DRM is proprietary, partly open sourced, or fully open sourced.

    I urge Congress to mandate some recognized expert body, such as the IEEE, to formulate a set of balanced standards that contain features to support everyone's interests fairly. It should preserve the legal acts that have long been available to consumers - backup, copying for personal use, recording from broadcast, and so on. It should prevent piracy and theft. It should support commercial transactions involving the content. If this balanced approach does not happen, the purveyers of content are likely to kill the goose that laid the golden egg as they continue to demonize and alienate their own customers.

    Wouldn't it be great if performers were to make their money the old fashioned way -- the way they have for many centuries -- one performance at a time? No recording, regardless of depth and fidelity, can ever match a live performance. If we kept that in mind, we wouldn't care so much about who does what with recorded content. Sadly, there's too much money in it and money makes people do crazy things. Thus this model isn't realistic for the communication age.
    • Focus

      This post brings up a number of points worthy of consideration:
      - Open source and DRM are unlikely to have much synergy.
      - The IEEE could certainly assist by helping ensure that developers can provide DRM effectively, which in turn makes it more likely that customer needs will be accomodated.
      - DRM is a patch on an obsolete business model.

      Our wild and wooly nascent communications web has already dismembered a number of business models that provided value solely through distribution. This was much of the purpose of record companies; they would be in deep trouble if this were all the value they provided. At the high end of content, however, are film, concert performance, plays, & festivals that require the capitalization capability of large companies.

      At the level of popular music, short film, commercials, etc., we have only begun to see the power technology and internet distribution confer on individuals and small groups. While some music, film, and literature would suffer if we all pirated the work of others, we unquestionably have more choices in the arts than we had in the heyday of big record companies and studios.

      What will still require capitalization and large teams are feature films, music and film festivals, large performances. Much of this will be worth recording and worth paying for, as will live performances by talented artists (dramatic, musical, lyrical). But the heavy-overhead, coke-snorting inefficiency and profit of big entertainment is gone for good; DRM is merely a footnote to the decline of that empire. In ten years, the present discussion will seem quite odd.