Tag Archives: Digital rights management

links for 2008-09-13

Foiling EMI

Further to my rant yesterday about digital rights management, my friend Mark tells me that getting around the Coldplay X&Y copy protection is easy — just rip it on a Mac. He’s right, at least for me: Works like a dream, after no joy at all on two ThinkPads.

This may not be true with all copies of the CD. I bought mine in Hong Kong in 2005, although it appears to be imported from Europe. A piece on ConsumerAffairs says the “CD’s restrictions also prevent it from being played or copied on Macintosh PCs.” Some folk reported problems playing it on their Macs.

Hopefully this idiocy will not last much longer. Boing Boing reported a couple of weeks ago that EMI was apparently ending copy protection on new CDs, although I’ve not seen anything since. If this is true, I suggest we all send our Coldplay and other copy protected CDs back to EMI and demand copies without DRM on them.

The Death of DRM, the Rise of Patrons

Forget being a big old mass music consumer. Become a Patron of the Arts.

The IHT’s Victoria Shannon chronicles the last few gasps of life in Digital Rights Management (DRM) for music, saying that “With the falloff in CD sales persisting and even digital revenue growth now faltering in the face of rampant music sharing by consumers, the major record labels appear to be closer than ever to releasing music on the Internet with no copying restrictions.” This has the inevitability of death about it (this morning I tried again to rip my DRM-crippled Coldplay CD of X&Y, unsuccessfully) which makes me wonder: What will follow?

Most thoughts seem to be on the free music, supported by advertising, and largely distributed as promotion for expensive live concerts:

Jacques Attali, the French economist … who forecast in his newest book that all recorded music would be free in the next several decades — consumers will instead pay for live performances, he predicted — said the business model of digital music should reflect the old radio model: free online music supported by advertising.

“A lot of people will still make money out of it,” he said during an interview at Midem.

I think this shows a lack of imagination and understanding of how music has fractured. My sense is that while Britney Spears will continue to exist in the Celebrity for Celebrity’s Sake World, music has already spread via MySpace etc into much smaller, more diverse niches. I’m not saying anything sparkingly new here, but given that most articles about the majors and DRM and online file sharing focus on the big numbers, I would have thought a much more interesting model to look at is that on places like eMusic, of which I’ve been a subscriber since 2002.

What happens for me is this: I find an artist I like by searching through what neighbors are selecting for me, like this balloon on my login page:

And then I’ll follow my nose until I find something I like. Or I’ll listen to Last.fm until I hear something I really like and then see if it’s up on eMusic. This is all pretty obvious, and I’m sure lots of people do this, and probably more, already. But what I think this leads to is a kind of artistic patronage where we consumers see it in our interests to support those musicians we love.

In my case, for example, if I really like the stuff of one artist I’ll try to contact them and tell them so: No one so far has refused to write back and hasn’t sounded appreciative to hear from a fan. Examples of this are Thom Brennan and Tim Story, whose music I find a suitable accompaniment to anything, from jogging to taking night bus rides to Chiangmai in the rain. I’m summoning up the courage to contact my long time hero, David Sylvian, who doesn’t have a direct email address.

Of course, nowadays one can view their MySpace page, or join an email newletter, and build links up there. But my point is this: My relationship with these musicians is much more along traditional lines of someone who will support their artistic output through financial support — buying their music in their hope that it will help them produce more.

Surely the Internet has taught us one very useful lesson in the past year: That it’s well-suited to help us find what we want, even if can’t define well what it is. First step was Google, which helped us find what we wanted if we knew some keywords about it. Next step: a less specific wander, a browse in the old sense, that helps us stumble upon that which we know we’ll want when we find it.

Suspected Fraudsters Behind the Sony DRM Virus Arrested

Three men have been arrested in the UK and Finland following an investigation into internet fraud. The three are a motley bunch, according to The Sunday Times: a 63-year-old from England, a 28-year-old from Scotland and a 19-year-old from Finland. Together they are alleged to have formed a gang called M00P. They are accused of being behind a virus known as Ryknos, Breplibot or Stinx-Q, which apparently allowed the gang access to commercial information through a back door. Thousands of computers, most of them in the UK, were infected. Infection here means total control over the computer in question. The virus was first spotted in November 2005.

What’s particularly interesting about this, and doesn’t seem to be mentioned in the mainstream press, is that the virus used a vulnerability created by Sony’s much despised DRM copy-protection software — a program installed as part of software to play Sony’s CDs on computers, but which would secretly install extra code designed to protect the CD from being copied beyond a limited number of times. The virus basically piggybacked the hole left by Sony’s software, so unless users who had installed Sony’s software had removed it, they were at the virus’ mercy.

The virus was well targeted and used clever social engineering tricks. It was tailored to businesses, disguised as a requested update for a photo attached to an email that read, in part, “Hello, Your photograph was forwarded to us as part of an article we are publishing for our December edition of Total Business Monthly. Can you check over the format and get back to us with your approval or any changes? If the picture is not to your liking then please send a preferred one. We have attached the photo with the article here.” Who’s not going to click on that? I know I nearly did.

If those detained were involved, it’ll be interesting to hear what they’ve got to say about the Sony rootkit (which has long been abandoned. Great piece on the saga by Wade Roush in this month’s Technology Review.

The End of the Sorry Sony Saga?

Sony to recall copy-protected CDs, according to the BBC:

Sony BMG is recalling music CDs that use controversial anti-piracy software. The software was widely criticised because it used virus-like techniques to stop illegal copies being made.

Widespread pressure has made the music giant remove CDs bearing the software from stores. It will also swap bought CDs for copies free of the XCP anti-piracy software. Sony is also providing software to make it easy to remove the controversial program from Windows computers.

Will Sony ever recover from this? Probably, but it’s not going to be easy. Hopefully they’ll think hard and long about this whole sorry episode. Well done, bloggers, for making this story gain traction.

The Smell of Sterile Burning

There’s a growing noise about Sony’s apparent attempt to install digital rights management software usually associated with bad guys trying to maintain control of a compromised computer: Mark’s Sysinternals Blog: Sony, Rootkits and Digital Rights Management Gone Too Far:

The entire experience was frustrating and irritating. Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.

While I believe in the media industry’s right to use copy protection mechanisms to prevent illegal copying, I don’t think that we’ve found the right balance of fair use and copy protection, yet. This is a clear case of Sony taking DRM too far.

The comments below Mark Russinovich’s post reveal not only growing frustration with such clumsy attempts to control what users do with CDs they buy from legitimate sources, but it may also prompt a class-action suit against the company in the U.S. since early versions of the End User Licence Agreement on the software may not have covered such software installation. A representative of SF-based Green Welling LLP has posted a comment asking to hear from “any California residents that have experienced this problem before the EULA was changed. We have looked at many DRM cases and Sony went too far with this particular scheme”. (The End User License Agreement originally, according to Russinovich, made “no mention of the fact that I was agreeing to have software put on my system that I couldn’t uninstall”.) Bruce Schneier asks whether Sony may have “violated the the Computer Misuse Act in the UK? If this isn’t clearly in the EULA, they have exceeded their privilege on the customer’s system by installing a rootkit to hide their software.”

Sony deny that their software is malware or spyware: Their FAQ says “the protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution. It is otherwise inactive. The software does not collect any personal information nor is it designed to be intrusive to your computer system. Also, the protection components are never installed without the consumer first accepting the End User License Agreement.”

According to eWeek, the technology has a name: ‘sterile burning’. And it’s built by a British company called First 4 Internet, whose CEO, Mathew Gilliat-Smith, is quoted as saying it’s not a rootkit but part of a copy protection system designed to balance security and ease of use for the CD buyer. First 4 Internet call it XCP for Extended Copy Protection which “aims to provide effective levels of protection against the unauthorised copying of digital audio and data files without compromising sound quality and playability. XCP helps to protect the rights of Artists and Record Labels while accommodating consumer needs for ‘fair use’ copying.” More specifically, it

protects the content of an audio disc without compromising playability or quality. By using a range of methodologies, including the construction of multiple protection layers, limiting the ROM player accessibility to the provided player software and encapsulating the Red Book audio content, XCP can be used by content owners to help protect digital content from unauthorised copying.

It was first shipped by Sony BMG in March. A new version has been developed with features which, eWeek says, “respond to many of the questions Russinovich raised in his analysis” and will be available in new Sony BMG CDs. But will it be too late by then? Who in their right mind would risk buying a Sony BMG CD?

The Future: Software on a Stick

Why isn’t more software sold on sticks these days?

F-Secure sent me their latest offeing, F-Secure Internet Security 2006, on a USB dongle. I don’t know if this how you buy it in stores but it makes a lot of sense. Why isn’t all software delivered like this, instead of on CD-Roms? Or is it and I’ve just missed it?

Advantages:

  • Coolness: It would be much more fun to have a drawer full of colorful dongles than a boring sleeve-book of CDs. Handing freebies out at expos would be easier too.
  • Piracy. I’m sure it would be crackable, but how about if the key were stored on the USB drive? You wouldn’t want to get into having to have the USB drive inserted in the computer for the program to run every time, but if it was possible for the key drive to leave its fingerprint on the computer this could perhaps be used as a way of making software harder to crack. I have no idea how this might be done.
  • Portability. With the rise of USB drive-based applications via the likes of U3, wouldn’t it be great if you could take your Adobe Photoshop or whatever with you? Say you have to work on another computer, you just insert your USB drive and run all your favourites from there. No installation, no more serial numbers, no infraction of EULAs. This is the U3 idea, but so far that idea doesn’t seem to encompass bigger programs, nor does it embrace the idea of using both USB drive and computer in tandem. Say I’m using Photoshop on my desktop, with all my settings and plugins there, why couldn’t I tell the software ‘OK, now I’m hitting the road with my USB drive. Load all my recent stuff onto the drive along with any relevant serial numbers until I tell you otherwise.’
  • Flexibility: You could run the software from the USB drive if you preferred, before actually installing it.

And just in case you haven’t seen it, check out this list of software that can be run off a stick.

More Things To Stuff In Your USB Port

Another visit to the  Hong Kong electronics expo thing. It really is big. I don’t think I’ve covered a third of it and I’m exhausted. Anyway, clearly I had no idea what I was talking about when I listed some gadgets you can plug into your USB port. There’s more.

The thing this year seems to be to mix n match a USB dongle. One USB drive, for example, also sports Wi-Fi. Another is also a Bluetooth dongle. Then there are the whacky things that just make the most of being a) powered by the computer and/or b) connected to the computer.

Shenzhen-based 6dragon Technology Co. Ltd (“Quality, Value and Service are not the only words we use, but these are also what we stand for”*), for example offers the following:

Massage

  • A USB vacuum (which, as the blurb puts it, ‘Can the dust of the valid clearance calculator keyboard’);
  • Several different USB-powered oxygen bars (‘Delicate style to be integrated with autos: Moreover, it is suitable to the office as well as home environment. And your taste lies here.’ Indeed);
  • The folk at 6Dragon (“If you are looking for someone to stand behind you for the long term, you will not go wrong with 6dragon!”*) also showed me a USB-radio, that looks like a dongle, but I can’t find it on their website. I see engadget were there some time ago but it was new to me.

Anyway, now you’re beginning to get an idea of what you could use your USB drive for. Go for it. Be the envy of your office-mates.

* Authentic quotes from website.

Poor Man’s WiFi

Further to my piece on WiFi for the masses, here’s another way to cut costs: Make your own WiFi dish out of a Chinese cooking vat scoop, poke a USB WiFi dongle through the mesh, and you can pick up signals more than 10 kilometres away. Total cost: about $40 for the USB dongle, NZ$8 for the dish.

The guy behind this, Kiwi Stan Swan, has previously developed the Sardine Can Antenna. I love the ideas and think he should be marketing them to those parts of the world where WiFi is turning into a bridge from having no communications at all to having Internet and VoIP.

Some (Not So) Light Reading

For those of you easing back into work after the holidays, or stuck in the office before the New Year partying begins, here are some suggestions for Internet reading.

The future of Microsoft: Is 2004 going to be Redmond’s swansong? Some people think so, including The Inquirer, which says that the company’s flat first quarter earnings are a sign “it is running low on wiggle room, the core customers are negotiating hard, and Microsoft is giving way”. Interesting, if somewhat aggressive, reading. For the usual Slashdot discussion of the topic, go here. Certainly it’s going to be a difficult year for Microsoft, and one way the company may go is to try to further lock in users to its formats — Word, audio, Excel, whatever — and to lock other software companies out.

That’s also the tack that veteran commentator Steve Gillmor believes Apple is taking with its iPod. He points out that what was once a MP3 player is now threatening to be a lot more than that, from a PDA to a video device (to a handphone, as well). But Gillmor also points out that this is part of a bigger battle to try to establish one kind of Digital Rights Management over another. (This basically is a legal and software trick that limits your freedom to copy or alter files, whether they’re music, words or pictures. Say your version of Microsoft Word supported DRM, you may find yourself unable, say, to copy a document you’re viewing, or to save it in another format, or, more insidiously, unable to access a Word document composed in a non-Microsoft program, say, Open Office. DRM effectively removes the kind of supremacy you’ve enjoyed over what you own: In music, for example, DRM would mean you rent rather than own your CD collection.)

Gillmor discusses Apple’s approach, which is slightly different, but with seemingly similar goals: To lock the consumer into using a proprietary format. I think consumers will — and should — fight any attempt to limit access to their files, whether they be music, words, pictures or movies, tooth and nail. Legitimate fears of piracy and security should not allow any corporation to dictate the size or make of wall protecting us (look at e-voting for the lessons we should learn on that.). This year will define where we go on this issue. Or as Mr Gillmor says: “With the election looming as a referendum on issues of security, rights and opportunity, and the Internet emerging as a major player for the first time, DRM may be democracy’s Last Waltz.”