Home' Technology Review : May June 2006 Contents TECHNOLOGY REVIEW /
FEATURE STORY 57
Sony BMG has never fully accepted the blame; even in
the December settlement agreement the company denied
that it bore any legal liability or that anyone had been dam-
aged by any wrongful conduct. Still, by most measures of
corporate responsibility, Sony BMG has gone to remark-
able lengths to make up for the rootkit asco. The company
now seems to be wary of crossing Russinovich s " ne line."
"There has to be a balance str uck between protection of con-
tent and nurturing and protection of technology," acknowl-
edges Sony BMG spokesman Cory Shields.
Indeed, Sony BMG s mistakes in the rootkit case pro-
vide some insights into what good digital rights manage-
ment would, by contrast, look like.
First, say computer security professionals, good DRM
should be transparent. To these professionals, the rootkit
episode carried secrecy too far. If a rootkit provides a hid-
ing place for vir uses, worms, and Trojans, it makes the job
faced by computers virus-scanning software much more
di cult. And if more legitimate companies start to design
their software to mimic malware, that job becomes nearly
impossible. "Now all of your security software has to dis-
tinguish between good malicious code and bad malicious
code," Schneier says.
To be consumer friendly, therefore, DRM software must
be computer friendly. It should not hide itself from the com-
puter s operating system, nor take up more than its share of
processing or memory. And the ter ms of use and functions
of the software should be spelled out in a way that is clear
to the user, not buried in a 20-page EULA. "People should
understand the bargain they are making and the restrictions
they may be subject to," says David Sohn, a sta counsel
specializing in intellectual-property law at the Center for
Democracy and Technology in Washington, DC.
Second, DRM technology should respect users privacy
and security. It should collect only that personal informa-
tion needed for authentication, and only after obtaining the
users consent. And content protection measures cannot be
implemented at the expense of a computer system s secu-
rity against real malware.
Third, good DRM should be user ser viceable. If a DRM
system breaks, consumers should still be able to access the
content they purchased, and if it becomes a security threat,
they should be able to turn it o . Yet under the U.S. Digital
Millennium Copyright Act (DMCA) of 1998, it is unlaw-
ful to circumvent the technology protecting digital content.
There is no exception for cases such as that of the Sony
BMG rootkit, where the DRM technology itself may be
causing harm. This bizarre situation might be remedied if
e orts by some lawmakers to amend the DMCA succeed.
On December 14, for the third congressional session in a
row, Rep. Zoe Lofgren, a Democrat from Silicon Valley,
introduced a bill that would make it legal to circumvent
DRM technology if the unprotected content is then used
for noninfringing purposes, such as archiving. Lofgren s bill
has been referred to the House Committee on the Judiciary,
where it awaits review.
Fourth, and perhaps most important, good DRM tech-
nology should be flexible. The proposition Sony BMG made
to customers with XCP was rather skimpy: buy this CD for
$13.98 and you can make three copies, in Windows Media
Audio format only. The copies can t be copied---and they
won t play on other people s computers. Reasonable DRM,
by contrast, would give consumers the freedom to use the
content they ve purchased in noninfringing ways, such as
ripping it to their computers and uploading it to their mobile
players, or perhaps let them choose exactly how they would
like to use the content and charge accordingly. Time-shifting
(recording live audio feeds for consumption later), place-
shifting (streaming music over the Internet from a home
computer to a remote location), or even sampling and remix-
ing might all come with di erent price tags. "The market-
place should reward or punish products based on whether
they are providing the exibility people want," Sohn says.
Some DRM technologies o er increasing exibility. Sohn
points to FairPlay, the DRM system behind Apple s iTunes,
as one example other content distributors might do well to
imitate: customers can listen to FairPlay-protected songs
on a computer, make playlists, burn those playlists to CDs,
and move the songs to portable devices. (Sohn is not a fan
of FairPlay s inability to operate with non-Apple products,
however.) The success of the iTunes music store, Sohn says,
suggests that this combination of features is "meeting con-
sumer demand." TiVo to Go is another example: owners
of TiVo digital video recorders can transfer recorded shows
to DVDs, desktop PCs, laptops, and mobile devices such as
the video iPod and Sony s PlayStation Portable.
But for every iTunes and TiVo, there are still numerous
examples of restrictive DRM schemes that treat customers
like criminals. Until there is consensus about what rights
consumers deserve and which restrictions are necessary to
protect the incomes of artists and their studios, buying digi-
tal content will probably continue to be a thorny business.
"There is absolutely a right for the holders of intellectual
property to protect that property," says Stephen Toulouse,
security program manager at the Microsoft Security
Response Center, where researchers spent weeks last fall
helping Windows users respond to the rootkit epidemic.
"But as a consumer myself, I d like to see software vendors
and studios getting feedback from consumers and creating
technologies that re ected it."
In the end, then, the record labels best response to fall-
ing music revenues may be to exercise more imagination,
not more control.
Wade Roush is senior editor at Technology Review.
Links Archive March April 2006 September October 2006 Navigation Previous Page Next Page