News

30 Days of DRM – Day 17: Broken or Obsolete Technology (Circumvention Rights)

The inclusion of a right to circumvent in the event that the TPM breaks or becomes obsolete is relatively uncontroversial.  The U.S. Registrar of Copyrights has included a specific exception for this situation since 2000 and the Australian Parliamentary Review Committee recommended the inclusion of such an exception this year.  The exception reflects the recognition that the continual evolution of technology places the investment that consumers make in entertainment and software products at risk in the event that a TPM ceases to function or becomes obsolete.  While products do not come with a guarantee to function forever, the law should not impair consumers who seek to circumvent techologies that are no longer supported and thus create a significant barrier to access to their own property.

The current DVD market provides a good illustration of the potential problem. DVDs have become a huge consumer success story with millions of people accumulating large libraries of favourite movies and telephone shows. As the industry introduces next-generation DVD technologies (Blu-Ray, HD DVD, HVD), the prospect that the current DVD libraries might one day become obsolete becomes a distinct possibility (Blu-Ray manufacturers can include backwards compatibility, but are not required to do so).  In future years, consumers with a DVD that contains an obscure TPM could easily find themselves unable to access the content for which they have already paid.  Unlocking that content will therefore become necessary and consumers should have the right to do so without fear of breaking the law.

Rather than adopting the DMCA approach – which did not include the right within the statute itself but rather added it during the Registrar of Copyrights tri-annual review – Canada should ensure that this circumvention right is included within the law from day one.

8 Comments

  1. One aspect of this 30 days of DRM that I do not understand is the repeated mention of exceptions, consumer or individual or group rights, to circumvent. This exception-based approach is of extremely minimal utility to the public in addressing the perils of DRM. This minimal utility is reduced to zero in the future where DRM gets stronger and stronger (and is embedded in hardware). The All Party Internet Group in the UK has even picked up on this problem and suggested that very different kinds of countermeasures are required: “…it is quite possible that TPM systems will become pretty much unbreakable. We therefore believe that permitting circumvention is unlikely
    to be a long term method of addressing an ill, and that the proper way to address a serious
    problem would always be to require the removal, or partial removal, of the TPM system.” (para 68 of “Report of an Inquiry by the All Party Internet Group”).

  2. As far as TPM systems becoming unbreakable is concerned, it doesn’t seem to be a great danger.

    After all, from a cryptographic point of view, the attacker has the ciphertext, the key and a good idea of the plaintext. In most cases, there’ll be numerous works to work from. Breaking TPMs may be tedious, but it certainly won’t be difficult.

  3. “The most secure computer in the world is one locked in a vault without any means of power or communication” short of that, well look at DRM’s trackrecord so far… đŸ˜‰

  4. Russell McOrmond says:

    Unbreakable TPMs?
    We need to remember that the non-standard usage that so-called “copy protection” or “DRM” puts to TPMs are vulnerable not because of problems with TPMs that can be improved over time, but problems with this incorrect usage. In a normal cryptographic system it relies on the key being secret, such that only those with the right keys can decrypt the content (or sign the content, or…). In this case the key may be embedded in hardware and/or software, but it is not secret.

    The theory is that it is possible to make a safe so secure that you can put it in the home of a safecracker where they have unlimited access to it. Not only that, but you can give them a “locked box” with the keys to hundreds of other safes and they won’t be motivated to open it (IE: won’t unlock the TPM on a device they own which contains the keys necessary to unlock digital content).

    No matter what “DRM” is ever created it will always be relatively easy for a technically sophisticated infringer to circumvent it, and for a non-sophisticated infringer to share the content the way they would have if the “DRM” never existed.

    DRM isn’t about stopping copyright infringement as it is incapable of doing that, but enabling the private regulation of the otherwise lawful activities of law abiding citizens. It enables business models which are otherwise not supported in the law. (ie: price discrimination in violation of trade and competition law, etc)

  5. violation of competiton law says:

    “DRM isn’t about stopping copyright infringement as it is incapable of doing that, but enabling the private regulation of the otherwise lawful activities of law abiding citizens. It enables business models which are otherwise not supported in the law. (ie: price discrimination in violation of trade and competition law, etc) ”

    I do agree with you, except that so far it does not break the competiton law. The law is so narrow, the iTune-iPod bundle would only be illegal if Apple had a monopoly and prevented entry in the mp3 device market. (A thing that may possibly happen, but just not yet).

    As for price discrimination, yes, you need 2 conditions to be able to do it: have some market power (i.e. less than perfect competiton) and prevent arbitrage (resell market). DRM are made to prevent arbitrage. On a philosophical side, yes this should go against the competitive market philosophy. But the competition law doesn’t give a damn.

    It’s funny when we think of the symbol of the free-market economy – the stock market – is nothing but an arbitrage system. You buy a stock to resell it, you pay 80$ to Google to see your stock skyrocket to 400$ afterward. Yet we want to to prevent arbitrage on digital goods, saying that this new buisness model is a good thing.

  6. I agree – TPM should be removable due to with problems with circumvention and excemption. What happens when (if) the copyright expires, anyway? TPM was circumvented for DVDs but the backup programmer was jailed and his software declared illegal.

    So where will these tools come from? You want to download from some dodgy site? Will Canadian government “allow” us to BUY backup software (to allow us our backup rights), much less sponsor, this cracking software for us? Will the US government/RIIA/etc stand for that?

    The “Trusted Hardware” will make it much more difficult for *ordinary* users to legitimately backup and/or use protected content. Vista is already planned to be more “secure” – only MS-certified DVD drivers will be able to be run. MS-Genuine is but the first step, and just because it’s ALLOWED in Canada, doesn’t mean MS will change a thing. And if methods become available, you may still get sued, just to scare people like they’ve done already.

  7. Russell McOrmond says:

    Re: violation of competiton law
    “The law is so narrow, the iTune-iPod bundle would only be illegal if Apple had a monopoly and prevented entry in the mp3 device market.”

    It isn’t the “mp3 device market” we need to focus on given the issue is not with DRM-free MP3 files or other audio files that have the competition violation, but encrypted audio files where the monopolist holds the digital keys. Apple does have a (legally protected in some countries) monopoly on the market for devices with the right keys to unlock and access the music sold on the Apple iTunes music store. Creating this monopoly is the only real outcome of “DRM” that isn’t simply marketing.

    How does this implicate competition law?

    a) It is a refusal to deal when they don’t license this to other player manufacturers, such as what France was asking for. This doesn’t solve the underlying problem (allowing TPMs to be applied to devices without the informed permission of the owners of those devices), but does allow there to be more than one company involved to keep the system a tiny bit more honest.

    b) It is a form of tied selling to condition the ability to access songs purchased on iTunes (possibly an existing library) with access technology that is controlled by Apple (which treats the owner of this hardware as the attacker).

    BTW: Sign the Petition to protect Information Technology property rights [ link ] This would include a modernization of our competition law to bring it into the new century to deal with knowledge-economy monopolies as well.

  8. Bongo Player
    TPMs are technologies such as encryption, watermarking and access control, that are designed to prevent or discourage the unauthorised use of digital files.