LockLizard Digital Rights Management, DRM Security

DRM and the hazards of research

2011-10-13T16:55:22Z

I am deeply indebted to Tom Lehrer for the immortal observation, "Let no one else's work evade your eyes, Remember why the good Lord made your eyes, So don't shade your eyes, But plagiarize, plagiarize, plagiarize - Only be sure always to call it please 'research'."

More recently, and less pithily, marketing professors Dinah Vernik of Rice and Devavrat Purohit and Preyas Desai of Duke used analytical modelling to examine how piracy is influenced by the presence or absence of DRM restrictions, which prevent unauthorized copies of digital data, such as music, from being made. They found that while these restrictions make piracy more costly and difficult, the restrictions also have a negative impact on legal users who have no intention of doing anything illegal. gamrconnect.vgchartz.com/thread.php?id=135288

Should we conclude that DRM is evil, or is it that the academe have a downer if they don't have unfettered access to anything and everything?

Well, I guess it all depends on what you are selling, and to whom.

The marketing professors appear to have concentrated on the music industry and comparisons with CD copying. And I suppose that since it is a large industry it is valid to make statements about it, but perhaps unsound to generalise from a highly specific format to the copyright industry in large.

It would be rather like saying that there should be no copyright in the Coca Cola brand or the Levis’ trademark (or go talk to the motor industry and they will lay the wisdom on you!).

Copyright and Intellectual Property Rights (and its protection using DRM) is the exercise of an economic right granted by law. Some industries (pharmaceutics, for instance) consider it to be seriously important. Indeed, they need DRM to prevent leakage. There is no desire to see their research available to Messrs. Lehrer, Vernik et al for any reason at all. And it would be both brave and foolish to suggest that the desire of people wanting to listen to music tracks (paid for or not) should have any influence.

There are whole areas of publishing where DRM is the enabler of the service and not the thing preventing it. Product training courses is a good example.

Universities like to say that education should be free (well, maybe after you have paid the tuition fees you would think that the books should be free?), but of course they are not the only ones in the business. Huge numbers of companies have training courses in using their products, and they are not about to give them away for free. They could stick to the classroom approach, or, with DRM, go to much lower cost faster to deliver methods. It's not quite the same as the music industry saying to authors they can recover the piracy losses by live performances (duh).

There are many other types of documents that need serious DRM if they are to go digital. Information exchanged between parties in litigation (discovery, for the more jurist inclined), bids for contracts, minutes of board meetings, documents provided during mergers, acquisitions or company sales: the list is very long indeed. And not to be sacrificed on the altar of the claimed justification of a right to make copies because for a short period of time, with the cassette recorder, you could.

Rights to use Copyright works enshrined in the Berne Convention (Geneva must have had an off day?) include access for personal study and for the right to parody.

Now I don't know if any directors of public companies ever thought that visiting Professors or MBA students had the right to study the minutes of board meetings as a matter of personal research. (Truth be told I fancy there's more than a handful of Revenue Services who would mortgage serious body parts for that right?)

And there's the rub (Shakespeare). To get greener, eliminate the paperwork, stop shipping rainforests around the world and so on, we need to go digital. But for serious industries that absolutely does not mean giving up control. Quite the reverse. Unless and until there are adequate control safeguards (DRM by any another name would smell as sweet) there is every incentive to ignore digital editions in favour of due diligence.

Now this may not chime with game players or music mixers. But vox populi is not always vox Dei. (The voice of the people is the voice of God, to save you doing an Internet search.) There will always be claims that unfettered access to information is essential for the most rapid development of society. I would not want to try that one on my government, or yours for that matter. And they are the people most led by vox populi – the elections.

So beware the siren call of the anti-DRM brigade. Just because it seems to be good for music sales does not mean it is good for everything else. One size does not fit all.

A DRM defining moment

2010-09-06T12:04:00Z

I find it very helpful to be reminded from time to time that there are many perceptions as to what is (or is not) DRM, and what DRM can be applied to, so I was fascinated to read an article by Anthony Dhanendran, Computeractive 16 Aug 2010 that made the bold statement, "DRM only applies to 'digital' products, that is music, video, ebooks (digital books that can be loaded onto a handheld PC to read), games and other software - there's no way to apply DRM to a physical product such as a paperback book."

Is that right?

Anthony then goes on to remark that the problem is all with digital works and the ability to make copies easily, and that’s the problem with the digital environment.

So I guess that my taking a paperback over to the photocopier (there are some big ones that will copy a book automatically) and getting a copy simply does not happen, or that I can scan the book in using the scanning function kindly provided by the manufacturer and bingo – instant digital copy of the physical!

Now we're cooking with gas.

It has always been possible to copy works in a physical form. Fact. In the past, what stopped people was difficulty, time and effort to do it, and most importantly - the cost. Whilst it was significantly cheaper to buy another original than to get a copy then the originals won. (What is really what is going on today with the big music players going in and out of DRM - is best revenue achieved from either model, given that copying is a problem.)

So let's talk a bit about copying.

When the right to make a copy for personal study (and that meant you making a copy for only you, not making it for anybody else) was granted under 'fair use' it was not intended to be a copier's charter. Generally you made a copy by drawing or handwriting what you wanted to copy – the concept of 'push button copying' was impossible, and so never thought about (yes, I know that lawyers will tell you that the law is perfect and needs no change, and is fully up to date, thank you). And whilst the technology people have rushed ahead and buried the ability (but not the right) to copy deep into every possible aspect of computing itself (nothing in memory or on disk you see or use is an original, they're all copies) the law is still updating itself.

You can make a copy of the Three Graces (by Canova, Raphael or whoever, there's no monopoly on original interpretations) but you need to be jolly clever and skilled to make it worthwhile, just as you can make a copy of a piece of music by performing all the parts and then pulling the whole work together.

So maybe all we need is a small modification to the law to clarify that if you make a copy using 'sweat of the brow' or old fashioned hard work, then that is a qualifying use for personal study, but not otherwise. All that would do is confirm the original intent and would not alter anything that DRM is doing, merely bring into line rules of the physical and the digital worlds.

Digital signatures and timestamping – fact or fancy?

2010-04-13T12:07:00Z

If you look back to the mid 1990's, the great dreams of the security technologists were that you could prove beyond any possible doubt the authenticity of a document by giving it a digital signature, and exactly and precisely when it was created by a timestamp.

So what happened? If that was the proof beyond all possible, probable shadow of doubt (Gilbert & Sullivan: Gondoliers) that whatever it was could not be implemented, then the deafening silence of more than 10 years is proof positive enough.

Of course there continue to be people, or even large companies, who want you to open a significantly large (wallet, checking account) commitment to the PKI pipe dream of what life would be like if everything is perfect and computer manufacturers behave like model gentlemen and a Hacker is the permanent secretary to the British Prime Minister (please see the famous series Yes Minister for further details).

Or maybe not.

Lewis Carroll once famously said in the persona of the White Queen, "Why, sometimes I've believed as many as six impossible things before breakfast." But it does take more than a little practice!

Digital signatures are fine provided you believe absolutely the people who gave them, and they are financially warranted up to the hilt if what you are doing fails (and btw as you were reading this I just revoked my digital signature - so does that make this a pack of lies?).

Timestamping? I know people who have patents over the measuring and allocating of time. Poor old Lewis Carroll as the Mad Hatter was condemned to perpetual tea time when accused of 'Murdering the time,' and so it was always half past three (sounds a bit like Jeremy Clarkson?). We have plenty of law to establish when something happened that has nothing at all to do with the concept of the atomic clock, let alone the claims of timestamping systems.

Yes, it is true, that if you personally commit yourself to digital signatures and timestamps then you can live in a world that Lewis Carroll could well have identified with, if not sympathised with, but that was Wonderland.

And if you do spot a Snark, please, please, please check it isn’t a Boojum (!?).

So, although it's frightfully technologically clever, just pause for a moment and ask yourself if it sounds more like a banker offering you subordinated debt as a Grade A profitable investment. You know what I mean.

The Internet is the right to copy

2010-02-12T22:03:00Z

One of the most unreasonable arguments that you see applied day in and day out on the Internet (and on roads before the introduction of speed cameras) is the 'right' to do something just because you can.

It's an interesting argument because it is really an argument for the ultimate failure in ordered society - that I can do anything I can get away with - I have no morals, ethics, scruples or responsibilities.

After all, it justifies any action at all, rape, murder, child pornography - you name it and it's OK.

Hey, but wait a minute, you say. That's all too heavy. I didn’t mean all that nasty and illegal stuff. Obviously that's all way too bad and has got to be wrong (well I sure hope that's what you're saying).

So we are into drawing lines? Some things are agreed to be bad and just because you can do them does not mean that you should, and if society (not just the cops) finds you doing them then there shall be punishment.

Now obviously murder is not good. But where is drug dealing? Does it rank alongside liquor selling? Is pornography OK but child pornography is not? And how do you define them anyway? Where do you rate selling dud cars (maybe that's a bit too topical right now).

But let's cut to the chase. Does the guy who writes music or the gal writing a play or the group playing a track deserve to get paid for their work?

OK, you could argue that the group playing tracks can get paid for live performances, but I don't know as Elvis, The Beatles, or Madonna would be terrifically impressed by that. Yes, live work is important to artistes because they get what you never can from a dead studio - an audience, the feel, the thrill of the audience. So, what about the others. Are they just supposed to produce and then give it away? How long do you think authors would last if they had to give away their work and rely on a few crumbs from the hostel to keep them going?

True, some authors made it big on the conference circuit. Now I don't mean Tony Blair or GW Bush or their like. For one thing, authors they ain't. But Charles Dickens did very well of it for the Brits, and Mark Twain for the Yanks, and you can certainly describe them as authors.

But their real money did not come from lectures, but from printing. Thomas Paine made his legendary contribution - The Rights of Man, for the American Civil War, as a paid for pamphlet! If the Internet had existed then, do you suppose Twitter would have produced anything like in under a century? Being well read is not the same thing as being well paid.

In fact the laws of copyright were introduced in order to prevent the rich (the well paid) from gaining a monopoly over the production and delivery of information.

So whilst the Internet may have given enormous freedoms - the freedom of expression - the access to open and alternative publicity, it has not created a new medium by and through which those creating information as their trading activity can make their livings.

And whilst this remains the case, however much the Internet may prevent censorship and may grant great voice to the weak and the oppressed - truly great capabilities of our time - it acts to deny information and knowledge creators their right to employment and to trade.

At the moment, outside of the communities paid for by advertising, people pay in order to make information available on the Internet. Whether it's purchasing your own server or paying for a domain name, or paying to put up a web site, it's all paying to peddle your own knowledge. But can you afford to give away the information that you need to sell to make a living? Maybe the knowledge economy is already dead.

A crisis of identity

2009-12-09T15:39:00Z

It is difficult to guess whether the national security and counter terrorism and contra paedophile brigades will, even when combined, push through a demand for electronic identity more than the anti-hacker and anti-spam and DRM must be personal brigades. No, this is not one of those nice after dinner talking points, but a close analysis of the must have an identity brigades and their stances.

In our own little backwater of the United Kingdom we have seen the government move through regulations that mean you cannot open a bank or savings account, or buy property or trade in shares, without producing photo-id. Never mind who that disenfranchises. You know it is for your own good because it could only ever be a problem if you had something to hide!

That might not be so bad except they also intend to use it to enable them to dig into every aspect of every electronic transaction you ever carry out, and once cheques and cash have been removed that should just about cover it. After all, no-one could ever steal your electronic identity - could they?

But bigger battles are being fought in the US and the Far East.

In the US there are some interesting conflicts (and I am not talking about Iraq/Afghanistan here), with the national security boys wanting to be able to monitor anything wherever, whenever and however they choose, the counter-terrorism (not quite the same slice) people wanting to make sure they can identify who everyone is at a physical level, and the contra paedophile groups wanting to be able to identify everyone who has ever gone near a porn site because they must be inherently evil. Their ideas of identification vary significantly, because their end objectives of using the information also vary.

The US and the Far East also have some interests in common, perhaps because the Far East is now a major investor in the entertainments sector – films, music, computer games and hardware – the DRM brigade. In some circumstances (downloading from file sharing or similar) they wish to be able to identify who is at both ends of the equation, but mainly they want to be able to enforce a series of use rules for electronic information, and they really really really do not want to know who is the user unless that is the only way to run the system because it causes lots of other problems.

But the war is being fought by global commerce and industry. They are sick to the back teeth with the cost and damage caused by spam, hacking, information theft, so-called social networking systems and other employee time-wasting activities that it seems impossible to prevent. That is where real money is lost that makes the cries of all the other players unimportant.

And the people that deserve a bit of help here are commerce and industry – globally. Because there is no angle for gain by any one country over all the others. After all, security mechanisms fail at the weakest link, don't they. So we are either all in this together, or we have nothing at all.

But since global commerce and industry do not have a voice, whilst all the other players do, we are going to continue seeing the lobby industries maintain their conflicting momentum whilst successfully draining time, energy and money from the people actually trying to do business. Of course they will say that their agenda is valid and will solve everyone’s problems, but then they would, wouldn't they.

Meantime I think we will stick to our guns. Simple DRM systems that do not try to identify the actual individual who is licensed, but stop whoever they are from readily giving away what they have bought. It may not solve the world's problems, but it solves a defined problem, which is a lot better than doing nothing.

Oh, and it avoids all the stuff about personal data, monitoring and so on, that gets some regulators really excited.

Is DRM open to abuse?

2009-08-19T16:35:00Z

Is DRM open to abuse?

In a word, yes.

Whilst we are not ashamed to be significant suppliers of DRM enforcing mechanisms and systems, we are convinced that the original reasons for creating copyright law, as demonstrated by the debates in the British parliament, were correct, and should be observed.

Although the origins of copyright might be argued to go back to ancient China and the right to reproduce official forms, modern copyright was determined to make sure that authors (creators) of works would be able to enjoy the fruits of their labours, just as those who created physical goods. Because if they did not, then the only authors would be those sponsored by government, industry and commerce, an unhappy trinity on which to place your reliance.

And it was recognized that, in those days, getting full recompense for the writing of a book (other than popular novels) could take a very long time, and so copyright was granted even after the death of the author so that the family might draw benefit of the inheritance.

There was strong debate to the effect that the legislators did not want ‘publishers’ to be able to buy copyrights, because that might give them the means to decide what was to be published and what was not, but market forces prevented the development of the idea that author rights should be inalienable.

Now all of us can readily develop arguments to propose that in the Internet age distribution costs are marginal, and access to market is immediately global, and therefore perhaps copyright should last for no longer than the author (as it were). But we cannot support arguments that say that an author should be behoven to hand-outs from those who feel like giving some money. This reduces the author to the status of a street beggar, a corner musician or a pavement artist. We believe that approach to be flawed (as no doubt would JK Rowling on the one hand and the estate of JRR Tolkein on the other).

But that should not be taken to mean that we believe DRM should be used as a mechanism to forcibly manipulate markets.

We live today in what Arthur C Clarke famously described to the US Congress (positing words originally from Marshall McLuhan) that the world is a global village. But the dictum is that we are global. And to be global is to be transparent in our dealings with our global customers.

So we do not accept that there should be regional pricing models, or that Internet goods and services should be restricted by either price of delivery date. We, as a business, operate transparently in all markets. We offer what we have at the same price (on the day of quotation since we suffer from exposure to the [unnecessary] manipulation of the currency markets) to any and all countries in the world permitted to purchase encryption technology by regulation.

When we release new product it is done globally, even though we have the tools to do otherwise. Why don’t we charge different prices in different markets? Simply because we believe that is a flawed and dangerous trade model. It would be wrong for us to, through our pricing structures, compel different regions to compete at an economic (dis)advantage as determined by us. The world is already the global village that Clarke foresaw, but it seems that some folks have thus far failed to, following Belshazzar, read the writing on the wall.

So we believe that DRM controls are correct, and that it is essential to reward the rights of an author to get paid for the work that they have carried out. But we do not believe that DRM controls should be used to manipulate the economic environment.

Associated Press makes the DRM news (but not how you think)

2009-08-10T20:11:00Z

I read in an article arstechnica.com/tech-policy/news/2009/07/drm-for-news-inside-the-aps-plan-to-wrap-its-content.ars that Associated Press (AP) would like a bit more DRM control over information they publish on the web.

Now you might be forgiven for thinking that applying security to information you want to publish for public use, and to be incorporated, either by reference or as text, in the work of others, would be a challenge. And you’d be right!

The reasons security is so difficult to introduce are:

-   content suppliers put accessibility above everything else;
-   web product providers want to be first to get the latest and greatest out there and grab whatever market share for themselves – regardless of the sustainability (more frequently lack of) of the economic model they are pursuing;
-   information security requires people to do something for which they do not perceive they have any gain or any responsibility, so they don’t bother.

So what is AP trying to do? Introduce another HTML tag which contains the authors (or copyright owner’s) rights.

Now that’s not likely to set the world on fire, and I agree with the other security people talked to about this, it doesn’t change current security at all.

But whilst the AP approach looks like fig leaf and mirrors (conceals and reveals all at the same time – a bit like the Windmill?) there actually is some value to it.

It doesn’t stop copying or actual theft and manipulation. To achieve that it would have to envelope content and have a content licensing system, and that would be heavy, complex (for them to implement) and could have profound implications on their direct customers using them as a news feed. Bad news indeed.

But it does achieve two things that will go a long way to solving problems caused by ‘deep linking’ where a web site links through content that is not its own, but makes it look like it is from them.

The first is that by adding tags that will pass through the browsers unharmed, anyone doing nothing more than linking will be caught by a simple tool such as a web crawler, which can automatically process the apparent content and locate unauthorized content re-distributors who can then be investigated manually, and prosecuted when it is in the commercial interest of AP so to do.

The second is to establish a ‘standard’ (and they ought to be looking to join a European initiative on that front because this is not a competitive matter and because if you go for two standards the odds are you will lose both) by which authors rights can be represented, so that the encoding can get international recognition, and, perhaps, go on to become something that law can be used to dignify and recognize. That would be valuable to the IT industry because it would set markers for how to start looking at the rules to apply to web content. And you never know – DRM integration might just be starting.

Arguments for and against DRM

2009-04-03T13:49:00Z

The US Federal Trade Commission recently held a ‘town hall’ meeting in order to listen to the arguments being put for and against DRM.

Naturally, the great and the good from all [California?] camps were represented and much was said about the music, film and computer games industries, and how DRM was evil and had failed and therefore should never ever be used, and, in fact, you should never try to protect any information (my own summary).

Gamers and music players said, “DRM only harms lawful owners and does nothing to prevent dedicated hackers, so there is no purpose in having it.”

Well, I guess you might say that having speeding or DUI laws has no effect on criminals (actually, no amount of law has any effect on criminals if you think about it) so we should not have laws. Maybe bank fraud is OK as well?

The nub of the argument goes that if I try it and like it then I might think about buying it. But I have a full copy already, so there’s not actually any real pressure on me to do anything! This is about the same as having access to every book in the world for free and then trying to make a case for having to buy one of them.

Freedom in artistic and literary expression comes from the ability to profit from it, not be condemned to starve for lack of income. Great pamphleteers such as Thomas Paine didn’t give away their work – far from it. He sold it. He wrote the three top-selling literary works of the eighteenth century, which inspired the American Revolution, issued a historic battle cry for individual rights and challenged the corrupt power of government churches. And the income helped him continue his work. Perhaps the modern age would prefer he had never succeeded?

Aha! cry the modern Internet copiers. But talent is what sells, not scarcity.

Well, if you are a music group and you get your real money out of gigs then
I can see where you are coming from. But if you are a writer, then exactly what gigs do you present at? And if you do electronic training courses precisely because you can’t be at all the gigs, then are you supposed to suffer because you have a different economic model?

The only economic model you ever have to consider is how sales get made and invoices get paid. So if a folk band find that giving away tracks is good PR for getting ‘bums on seats’ at gigs then that’s fine. But don’t go claiming that it’s the only possible and valid economic model.

DRM is here to stay where the economic model dictates that scarcity is the most effective route to market. Who would spend a lot of money for a financial analysis of a market if they can get it for nothing, or pay for a training course if they can get it for free. The fact of the matter is that people don’t pay for what they get for free. There is no economic model here.

Even the people who first brought in Copyright law said that they hated the idea of it, but if you denied the author economic benefit from the use of their intellect (as opposed to their hands) then there was no incentive to create works. And if you left it to ‘market forces’ (the rich, companies, governments) then you would usher in the most deadly of futures for the creation and dissemination of knowledge.

So forget the posturing of the music copying community. They are busy re-inventing music concerts (gigs) as the way bands made their livings before records really got going. Maybe they want to reinvent the public lecture tours when successful authors made a part of their living (now a circuit for retired politicians). Check out your own economic model, and if you need scarcity to protect your intellectual capital, then you need DRM!

Anti-DRM fun and fallacy

2008-12-11T22:53:00Z

Reading through many articles and blogs provides curious glimpses into the thinking processes of authors (or perhaps more accurately academic project writers?).

A recent observation that interested me was a statement that, “I don’t see why I should have to pay to read a whole book. All I want is a very small portion of the text, and I don’t see why I should have to pay for that.”

Having just had dinner, I wondered how my butcher/supermarket would feel if I said that I didn’t want the whole cow, just the fillet of beef, and since that was such a small piece I didn’t see why I should pay to have it either.

OK, maybe that’s not such a good example.

So let’s get to the point. How would you know, without reading a significant portion of the book, which paragraph was the right one to quote from and why? And why is it you think there should be a right to grab a key piece of the hard work of someone else for nothing in order to benefit yourself, for nothing?

Let’s expand on this. The only way you can possibly know the value of one paragraph as against another in an author’s work is to have read it. Take the following abstraction from an article by Joseph Priestly:

“It is no doubt time, and of course opportunity of examination and discussion, that gives stability to any principles. But this new theory has not only kept its ground, but has been constantly and uniformly advancing in reputation, more than ten years, which, as the attention of so many persons, the best judges of everything relating to the subject has been unremittingly given to it, is no inconsiderable period. Every year of the last twenty or thirty has been of more importance to science, and especially to chemistry, than any ten in the preceding century. So firmly established has this new theory been considered, that a new nomenclature, entirely founded upon it, has been invented, and is now almost in universal use; so that, whether adopt the new system or not, we are under the necessity of learning the new language, if we would understand some of the most valuable of modern publications.”

Now this is jolly good stuff, and with very little effort you could use this paragraph to support almost any scientific claim that you might feel like making. It might dampen the ardour to understand that Priestly was arguing about Phlogiston, in 1796. To know whether he was for or against, you would have to read a great deal more of the text. And that is the point our modern author pointedly ignores.

The second point is to wonder why people think anything in a digital format is a ‘free lunch.’ Just because something is in digital form does not mean it is being given away – just try convincing Microsoft to give away Windows Vista and see where that gets you! Sure modern authors and publishers are moving to using digital form for publishing. But that does not equate to them giving everything away for free. Publishers pay people to write, they pay to create market interest, awareness, they syndicate work with other publishers, and so on. That all costs money, and, especially in this modern economic climate, people expect to be paid for what they do. As any student of entropy will tell you, “There are no free lunches.”

So maybe our scholars should think more carefully? If you want to go out and do the work needed to be able to write the paragraph in your own name, that’s fine. But don’t claim that in advance you know exactly which paragraph of a work is exactly correct for you. That’s obviously not true unless you have already read the work, and one might wonder how that could be without having purchased it? And please don’t claim that you shouldn’t have to pay for just choosing a very small part of the work. Maybe pearls are free in WalMart this week, but likely not.

Cryptography isn’t DRM

2008-10-21T12:46:00Z

One of the commonest errors you see made in articles about information security is to equate the secrecy obtained by cryptography with the licensing control applied by DRM.

You will see plenty of ‘experts’ state that you can use cryptography to ensure the security of your information, when what they actually mean is that a recipient can check that what they receive has not been altered or falsified, and that unauthorized people cannot have read it first.

Now that isn’t DRM. When you, as the authorized recipient of encrypted information decrypt it, you can do precisely what you like with it. Copy it, send it to your friends (or even your enemies), alter it, anything you feel like.

But DRM is about very much more.

DRM has to deal with what you are allowed to do with information that you are authorized to receive. Generally you are not allowed to pass information on to others. (That is considered implicit in military systems, but is a physical or manual control, and you can’t apply that to electronic information. What the military do is make sure it can’t leave the system it is stored on, which is not an option if you’re selling eBooks.)

As importantly, you may not be able to make printed copies, or that might be allowed but a Copyright mark is prominently displayed when you do that. You might only be able to use the electronic information for a limited number of times (pay per view) or for a limited time period (documents for evaluation or for bidding for contracts).

Only DRM controls have the ability to ensure that the controls, or license terms that go along with the information actually get enforced.

Of course DRM also makes use of encryption technology both to be sure that nothing can be used unless the recipient is authorized, but that’s only the start of the story.

So next time someone tells you that all your security problems can be solved by encryption, just let them know better.

It’s a funny old world

2008-09-24T16:11:00Z

Although not the only person to use the quotation, Margaret Thatcher famously said those words to describe losing the election to be the leader of the Conservative Party and therefore the post of Prime Minister and First Lord of the Treasury.

And when you look out at the IT security industry you risk having the same feeling that she did.

Although not very surprising, people have gone out and solved problems that were easy, leaving the difficult ones to specialists whilst using marketing muscle to ‘persuade’ customers that their solutions fit the problems.

A good case in point would be the global adoption of the secure connection technology SSL (Secure Sockets Layer). Pedalled for many years as the certainty of a secure connection, it has been nothing of the kind. Yes, it very securely connects together two locations that do not know each other. And that’s the problem. You only think you are connected to the bank, and they only think they are connected to you.

It’s been a bit the same with DRM.

At one level it has been stunningly bad. The music and film copying brigades got it into their heads that just because in the cassette tape days you could tape anything off the radio or the record deck (mind you the quality was absolutely dreadful) and make copies (which were even worse – but you could do it!) then you had the divine right to copy anything. After all, let’s not worry about copyright.

And at the other end of the equation, DRM system providers did themselves no favours either. They tried to implement DRM that prevented people from making copies of their own works, or DRM that just enabled suppliers to charge different amounts for exactly the same product in different places around the world. Finally, DRM providers made the serious mistake of trying to embed themselves into operating systems, and behaving like viruses or hackers.

There has also been the dichotomy about use of DRM protected products – to print or not to print? I have discussed this with several eBook publishers and they have mixed views. At one level we all agree that the eBook has immense power and potential over the paper book – quick indexes; searching; linking both internal and external: all things a paper book simply can’t deliver. At another level, people just don’t really read eBooks the same way they do paper.

When did you last take your laptop to the lavatory so you could read something in peace?

And maybe that’s what’s lacking in the eBook development thinking? An eBook version of a training course is not quite the same proposition as the eBook version of a fashion magazine. And the eBook version of your broker’s guide to share trading is not the same as the latest best selling novel.

There are similarities, certainly, but a good guide would be found by looking at the ‘intended use scenario.’ Is the product intended primarily for social, domestic and leisure, or is it primarily for business?

Current document DRM systems are focused on business applications use (which includes handling formal business documents that may be used both at work and at home – the home element does not dominate the primary point that the business use dominates the rights and rights management). Business DRM is reasonably well scoped.

But many suppliers are leaping onto the DRM bandwagon trying to apply it to scenarios where the use (and the formality of use) is very different.

If you argued that when you buy a novel, when you have read it then you can give it, in its entirety (not a copy) to someone else that might be an acceptable use. But a business training course was never provided for that purpose. It was provided for a specific and limited use, often for a very restricted period of time. And the same concepts do not apply.

And some business documents are not being distributed for copying at all. Some are business secrets, some are documents disclosed because they have to be, but only to identified individuals, and so on. There is absolutely every reason for the distributor to want to be sure that the document is not copied, or forwarded to anyone, or maybe even printed.

But the DRM mechanisms are just the same. The secret is in who you apply them to and how you apply them.

Of course you will upset people by introducing DRM. All the people who think they should be able to copy and distribute your information for starters! And all the people who hate DRM just on principle (but please see the first group again also).

But maybe those are the very people you wanted to control in the first place?

It’s a funny old world, isn’t it?

DRM is a barrier to eBook adoption say students

2008-09-02T21:57:00Z

Being interested in opinions on the rights, wrongs, virtues and demerits perceived by many communities, I found the following article http://arstechnica.com/news.ars/post/20080828-study-students-need-open-source-e-textbooks.html to be of some interest.

If you read the article, you start from an offered conclusion that student text books ought to be available under open source type Creative Commons licenses. But as you dig further down, you find out that students are complaining about the cost of text books.

The arguments seem to be:

- text books are too expensive anyway;
- you can’t print out much at a go;
- they have a short life;
- they cost as much as the print editions.

So the complaints seem to be much more like those being used on film and music companies than they are about DRM itself.

Now I would have to agree that it seems very strange that it costs me the same to buy a book that I have for ever, or an electronic book which I only get to use for 6 months. At the same time the electronic book supplier might be offering me something rather different with the electronic book – things I just can’t do with the paper edition. Searching (it saves me having to read the whole thing although maybe I actually learn less?) and hyperlinking to other reference work, articles, forums and so on are things I just don’t get on paper, or images I can work with.

Why should I get upset about not being able to print the ebook? If I want a print edition then surely that is what I should have purchased to begin with. If I want to print information then I should expect to pay a premium (normally called a royalty) for the right to make copies of the book. That’s totally normal. And just the same as in the software world. It isn’t realistic to think I can buy some software for one machine and then put it on as many machines as I suddenly decide – hey man, that’s piracy.

So I am not totally convinced by the student’s arguments. Yes, we all moan about the price of things, from cars to condos and from tuna to text books. And that’s normal, good and healthy. And in the bargaining business you always start from an extreme position if you think you can get away with it, so, of course, a study that asks the students the right questions will get whatever result they feel like.

I’m equally certain that if you asked the College Professors who specified the books for the term and the course (and maybe even wrote them?) they would not be wanting to give away their work, even though they were paid to gain their expertise. And if you asked the publishers, they will have a view all of their own (but don’t ask me what it is because I haven’t asked them).

So bottom line, it’s popular to attack DRM because, hey, it stops me from doing my own thing. Everyone seems to think that buying something grants you the right to use what you bought anyhow you want. Well, that isn’t the case with automobiles, guns, software, drugs, or a whole load of other things. And so far there’s no proof ebooks are any different.

As a closing thought, the other day I had to spend 350 bucks to buy a paper book that is a definitive reference on company valuation methods. It is out of print, and there are only two companies who can supply it from stock. There are no electronic versions, and it is not in the library. Next? I would have liked an ebook version with search and hyperlinks but it isn’t available. And I bet if it was it would cost a damn site more than the paper edition – and I would have paid it!

Is there such a thing as personal data anymore

2008-08-26T17:58:00Z

The other day we see reported in the press (in this case SC Magazine http://haymarket.puresendmail.com/hmiclick/4t6676cRbkg92yRmd0R8l9a2cRng1R4tbura/2/www.scmagazineuk.com/UK-Government-takes-rap-for-latest-data-blunder/article/115785/) that yet again personal data held by the UK government has leaked its way out into the public domain.

In the past we have managed to hit tax claimants, car drivers, and student doctors. But just as we thought things were getting better they and their partners managed to hit a most unlikely and vulnerable sector of society – criminals.

It might well be jingoism to say, “Well, why should they get protection – so who cares.” But as we know, it turns out that there are wrong convictions, and not every prisoner is a paedophile, murderer, rapist or thief. Some are just people who couldn’t pay the mortgage.

And would we want people to be readily exposed to blackmail because of their pasts? Making it easier for other criminals to recruit them when they have served the punishment society exacted? Probably not a good idea.

What it also does is reinforce genuine and growing concern that information professionals and management simply do not have any grip on protecting the privacy of information. They may (and the Press may say they may not) have some grasp about access controls. But there seems to be no clue about how to stop the leaking and spreading of information that has been entrusted to them to manage.

And the biggest collectors and processors of really high value and fairly accurate personal data are - governments, whether national or local.

So the nightmare scenario is that governments give themselves the right to collect more and more personal information about people (not just their citizens), and consolidate it under the guise of (pick one or more for your own country as required) identity control, taxation, prevention of terrorism, then they are at the same time creating the opportunity for even bigger targets for hackers, and ever bigger losses of personal data.

But whilst there seems to be no effective way, if news stories are correct, of persuading government officials and the companies working for them to raise standards and take personal responsibility for losses, then you can forget having personal data.

Customers demand DRM controls – it’s true

2008-08-19T21:11:00Z

Now even consultants would normally be hard pressed to find an argument that customers want DRM controls protecting information.

If you believe the modern anti-DRM blog sites, DRM is akin to the works of the (please pick a suitable negative deity suited to your particular persuasion). Imposing controls on honest citizens is an affront to their dignity (let’s just not worry about speed traps because we don’t believe you can be trusted to obey the law).

But, and this is serious, there are sectors of the community that want the protection of DRM controls.

One important group is the individuals or organizations that are buying training courses so that they can train themselves or their people so they can carry out licensed services and demonstrate that they have proven capabilities and expertise. They are investing serious money in the enhancement and development of their staff and their businesses. The last thing they want to see is competitors being able to undercut them because they haven’t paid the proper fees. That is unfair competition from the unethical and unscrupulous. Why should the honest and law abiding suffer at the hands of the dishonest? Or is that the purpose of hacking?

Another group who demand DRM controls are those receiving confidential information. Because when confidential information leaks out, the finger pointing starts, and absent DRM controls that can act to identify the actual source of a leak, then the selection of a scapegoat can commence. So the presence of DRM controls helps protect the recipients of information, because it can help prove they were not the source of any leak or compromize. And when it comes to keeping your reputation as well as your job, DRM can prove invaluable.

And a third group who want DRM controls are those who need to receive information but the owner of the information wants some actual certainty the information will be looked after properly. In this group are the people who have to send out personal data that has to be human accessible. This is the fastest growing group, because US regulation is now getting much more stern about encrypting personal data in computers. It is now specifying that there has to be some management and control, and is going for tougher penalties to incentivise compliance. Naturally, people sending out DRM controlled information are better placed to easily prove they did a good job.

So before you show me another web site about how bad DRM is and how it is that nothing should be DRM protected, just think for a moment about the fact that it is essential in some industries, and, that without it, your personal data can still be handed around without anyone being able to stop it.

When in doubt – shoot the messenger!

2008-08-06T21:59:00Z

Sophocles, in his work Antigone, said, "No one loves the messenger who brings bad news."

This week provided more than it’s share of light entertainment with blogs of disinformation. Top of the list goes to the people who figure that Lizard Safeguard ought to work on every operating system known to man (or is that persons?). It says clearly on the box, works with PC and Mac – and nothing else. It’s rather like buying a book that’s published in English and then complaining because it isn’t in Danish (and likely never will be). It doesn’t run on an IBM mainframe either, btw.

And second error prize has to go to those who say it doesn’t work on the Mac. It does.

As a general rule, two out of three is pretty bad, but what about number 3?

“The system is unusable because it insists on always connecting to the Internet before you can use anything.”

It is true that you have to connect to the Internet the first time you open a document – it has to check that you are the bona fide purchaser, and it has to get the information needed to decrypt the document. After that, it totally depends on what the owner of the document has chosen to enforce. And nothing to do with LockLizard, because they can only enforce what the publisher defines as the rules. You don’t go round blaming Microsoft because your system administrator decided the frequency you update your logon password – so why blame LockLizard about the way the system administrator has configured their controls?

But, of course, the modern attitude is to use any possible reason to try and prevent people from implementing DRM controls, even though all the available evidence proves rampant piracy and theft of digitized information. So use every possible opportunity, no matter how ridiculous, to claim rights that don’t exist.

And don’t forget to blame the messenger! The DRM provider creates a toolkit that the publisher implements in whatever way they see fit. But of course the DRM provider is the evil guy because they are stupid enough to implement what the publisher said. It’s Hobson’s choice - damned if you do and damned if you don’t. If you are the DRM provider and you don’t enforce what your customer, the publisher, says, then they will soon be after you, and probably with good cause. But it seems that if you implement what the publishers want, then the people getting the information want to blame you for doing a good job!

Of course the attitudes are so different if what is being published is personal data – oh you should have taken the strongest possible means to protect it – what do you mean you didn’t check who was accessing the data. And so on. Just because it’s not your personal data, it doesn’t mean you have the right to do what you like with it – or does it?

Web 2.0 - What’s wrong with using what you know?

2008-08-06T11:29:00Z

It has been interesting reading the blogs, analysts and industrial pundits who have decided that Web 2.0 is the best thing since ….. well, maybe Web 1.x? and that every being on the planet should endorse its concepts – sharing information, whether personal or corporate in places whether public or private.

Team playing, that’s the thing. As long as we all work together the results will be bigger, better, quicker, cheaper, more FUN.

To try and avoid the risk of being a party pooper I put out a few inquiries (name the usual search engines) about Web 2.0 security. After all, before I go revealing whatever it is that I decide I’m going to reveal, I’d rather like a few ideas about who might get their sticky little hands on whatever I am posting. Well, Google muscled in with (around?) 160,000,000 entries, Yahoo hoisted 316,000,000 and MSN claimed 72,800,000. I admit it. I didn’t read them all, I just didn’t have the time.

But the summaries on the first few pages, regardless of who I consulted, was just the same. No security, and no plan for security.

Now this is kind of worrying.

We are all supposed to bring in whatever we want and then share it (knowingly or otherwise) with a group of people we may (or may actually not) know, and that’s good.

Somehow I figure there’s going to be a ton of material that my CEO (wife, partner, children, friends and acquaintances – the list goes on) does not want me to give to other people. Yes, I know a couple of those photos after the hot tub might be a bit insensitive, but, hell, it happened didn’t it? And maybe I shouldn’t have published that extract about how we always get the best procurement price – but it is what we do, isn’t it?

You see, that’s the problem. We all coexist with and in many groups, all at the same time. But those groups are not connected by common views, objectives, rules or members. And it’s not clear if the members of each group even share common ideals. All Americans support America, of course. Except those who crash jets, or oppose foreign wars, or ….

So even when you think you know who the players are you don’t know what they will do with the information you give them, or what information you may have given them access to without your even knowing.

The problem is that Web 2.0 does not have DRM controls that help you decide the limits that can be put on the use of your information. It’s certainly the information super highway – but it’s all about sharing and none of it’s about control. Caveat orator – let the speaker beware – should be our watchword.

But no doubt, like the IT fashions and fancies that have gone before, it will require a lot of fingers to be burned before any security, let alone DRM gets added. So in the meantime, if you don’t want your information being shared about, get some DRM protecting what you have got, whilst you still have it.

Does the death of music DRM mean the death of DRM itself?

2008-07-31T19:00:00Z

I am sure you will have read the article in efflux.com http://www.efluxmedia.com/news_Yahoo_Music_Dead_Another_Reason_To_Never_Buy_DRM_Protected_Tracks_21005.html warning of the death of the Microsoft music DRM by August 31, and Google by September 30 (2008).

Their conclusion? “Digital rights management technologies are a failure commercially and technically. There are too many standards which are not interoperable, they restrict the customer's freedom to high degrees and they are an everyday nuisance to work with.”

Well wash my mouth out with soap (no I don’t mean SOAP which is another load of XML).

Let’s look at that rather broad conclusion.

There are too many standards? Excuse me? I looked up DRM standards in ISO (International Standards Organization, the people who figure out what is the standard for electric cable so you don’t blow your hands off touching the stuff, the rails that trains run on so that they stay running on them, and serious computer standards – you know, stuff that matters), and drew a blank. Now if someone had said manufacturer’s standards, I could buy into the argument.

An everyday nuisance to work with? Well, you might get paid to listen to music tracks. Or maybe they just mean you can’t readily copy tracks and give them away? (I bet you can buy a license to do that, but its costly.)

But what most people have yet to understand is that the DRM industry is seriously new, and that there is precisely no desire by major players (tape, CD, DVD, PDF and so on) to provide interoperable standards, when we haven’t even agreed what standards are being looked for, and why, or how they should be implemented.

The current market is in what the economists call the ‘prime mover’ phase. Literally, that means that the first into the market can do what they like, set any standards they feel like, and charge any price that suits them! The market has been there since the late 1990s. Not quite recently? And mainly because it has not suited any major player to see International Standards emerge, it has not changed.

Actually, rather than worry about the latest squabble about whose industrial standard should be dominant, we should be worrying about what sorts of DRM standards are going to emerge, and how to be able to influence them. They are rather like taxation – you can never stop a government from taxing you. That’s how they stay alive, by taking your money (and if the statistics are correct they get more money out of individuals than they get out of corporations, which ought to be rather worrying).

Despite what the pundits say, DRM is not going to go away. The people who create and sell intellectual property (IPR) have to make their livings from doing that. They are not going to give away their livelihoods any more than you or the pirates are going to. The people you really need to fear are those who do not need a day job to pay their way, or where the day job is so badly supervised that they can afford to waste their employer’s time whilst they pursue illegal interests.

And just as the Internet has moved from being a free information source (1995-2002) it is now increasingly a paid information source and what was previously free is no longer available unless you pay for it. If you examine information sources now they consist of sources that have been paid for as a matter of public interest (the Gutenberg series that have made much of the Classical repertoire (Shakespeare, Plato and many other Classical greats such as Chaucer) accessible to any and all. We applaud these measures. Even if modern schooling fails to inculcate any appreciation for works other than Homer Simpson, we agree that works out of copyright should be available to all – but MUST be assured as being the actual words, and not some Bowdlerism (Thomas Bowdler (July 11, 1754 – February 24, 1825) was an English physician who published an expurgated edition of William Shakespeare's work that he considered to be more appropriate for women and children than the original, and, according to some sources, actually made it more accessible!).

Apparently political correctness is not a new disease?

Seekers after truth deserve some measured verity. But you can’t deliver that without DRM. Because DRM is, as the Germans say, “A sword with no handles.” It does not merely control what a recipient can do with the information they receive, it verifies that the information they have gained possession of is truly coming from the claimed source – the publisher.

There is nothing negative in this for the publisher. Actually, for the publisher it is a comfort. Because otherwise how else can a publisher ‘prove’ what it is they actually published, given the modern world where information theft and the misuse of information are commonplace? The fact of DRM tools provides an abiding proof that they truly are the source of specific information, and that can help publishers obtain prosecution of unreasonable and irresponsible pirates on the one hand, and avoid prosecution for things they never did publish, on the other.

So think carefully before trying to consign DRM to the dustbin of history. It may be following closely behind such must have’s as death and taxes.

Does organized piracy contribute to better markets?

2008-07-28T23:09:00Z

I read, from the July pages of www.StarNewsOnline.com that “The Pirate Bay, which is based in Sweden, presents a devilishly fearless challenge to American textbook publishers. It describes itself as an “anticopyright organization” and offers music, movies, television shows and software, as well as e-books like textbooks — not a single item of which, it boasts, has ever been removed at the request of a copyright owner.” Hmm. Sounds like Pirates?

But how many economic analyses have you read that actually examined the effects of piracy on product markets? Probably very few.

Big hitters like the music, TV and film people complain about losses in their industries. Designer label clothes and perfume producers complain. Software manufacturers also complain.

But if you make a careful analysis, piracy always occurs when there are serious market pricing inequalities that are not addressed by regulation. Or to try to be a bit clearer, when you can buy a product in one country for x, and in another country for a half of x, there is a serious price inequality. If no action is taken to correct a price inequality, this creates the vacuum that pirates, being, at heart, just as serious capitalists as any industrialist, will naturally seek to fill.

This is not some vague modern theory. Rather it is a statement that has stood the test of time. When in the UK in the 1800s, it was decided by government to raise the tax on alcohol and tobacco to be significantly above that of France, somewhere only 14 miles away, pirates were handed a market second only to the government forcing you buy your postal service from them (and they did do that).

There are many more recent examples. Designer jeans manufacturers and perfume manufacturers won global legal battles that enabled them to enforce per country pricing for their products, and to be able to prevent countries purchasing at lower prices from reselling to other, higher priced countries.

The same has been true in the information world.

I cannot understand how it is that the same information can possibly have a different value in a different country. I agree, that, if translation into a different language from the source is necessary, then that might introduce a cost that has to be paid for, but I also assume that the seller will have thought about the effects of price on market before launching their wares, and will have worried about what price to set in order to make a viable return (please see economists for the math behind price/market/demand models, I don’t have the desire to write a book on it). To give you a practical example, the other day I paid over $350 for a book that it was essential I could read right now, was out of print, and only one supplier could deliver a copy next day.

The bottom line, as they say, is that any DRM controls built by man can be removed by man. It all depends on cost/effort/desire. Risk analysis. DRM controls over things that can be seen or heard can be ‘removed’ using a camera and a microphone. That cannot be prevented. There will be loss of quality, and, if your product has high embedded functionality (ability to search on information, links to other objects, embedded information) there may be critical loss of functionality that renders a copy of little or no value in the market place. You may also be using features such as dynamic watermarking, that significantly reduce the desire of legitimate users to allow pirates access to their materials because they may be personally identified as the source of piracy. Hopefully, in your DRM system, you are using features such as encryption, that can prevent trivial ways of accessing and copying your work(s).

But do please always remember that to a greater or lesser extent, if the cost and effort are low enough, and the desire is high enough, then copies of the basic information can be made. What can be stopped is stealing embedded functionality that the DRM controls also protect.

The greatest effector you can face is desire. If your market is students and your strategy is to charge premium price then you can expect a high ‘desire’ to break your controls. If you choose a lower price because you can sell year on year the same product, then you lower desire.

We sell our products at exactly the same price globally. There are no exceptions. There are no premiums. There are no discounts. At one level it’s a rough deal because poor economies have to pay ‘relatively’ more. But there is a level playing field. There is no market price fixing. We do not demand a different price in Chile from Canada, or in the United States from the United Kingdom. And maybe that’s part of the equation? Part of the equation of persuading people it’s not worth the bother of pirating information is to set prices that are both globally consistent and do not overly increase the desire to find a way to bypass them.

That’s not part of the choice of a DRM product supplier, although you might prefer to choose one that is realistic about what can be achieved and clear about being a DRM provider and nothing else.

Getting too casual with information

2008-07-15T14:05:00Z

As can be the case, we have been rather overtaken by recent events – in my case an office move – actually only about a mile as the (insert the feathered creature of your preference) flies.

Fortunately our office move really did happen over a weekend. And whilst it had precisely zero impact on our customers – everything carried on running seamlessly – that was not entirely the case for us staff.

Take me (please), for instance. For reasons that are so obvious I am not going to explain them, my shaver cord happened to be on my desk when the removers came. That is the last time I, or anyone else saw it. So the emerging beard can be explained by the fact that I am too tight to buy a new Braun top of the range machine without a fight!

And what has that got to do with information security?

Well, during last week the UK government published a whole series of reports (on the same day, so you know they had saved up all the bad news for a moment when they hoped nobody was watching) on how major government departments like the Inland Revenue (HMRC in the UK and IRS in the US) and the Ministry of Defense had managed to lose millions of people’s personal data and that none of it was protected in any way, shape or form.

The major thrust of the reports was that management did not consider that the personal data they held in trust was their responsibility to protect and therefore they did not see any need to spend any money at all on protecting it.

A second, and perhaps even more dangerous revelation was that government collected information that it subsequently used for purposes that were not consistent with what it had been collected it for.

It is, of course, now normal that neither government ministers nor civil service officials will be exposed as charlatans or hypocrites, and that nobody will have their careers ended because they clearly failed to live up to the standards (moral, ethical, documented or expected) that they pretended were in force. Governments and their officials should not pretend surprise when the electorate ignore them – if nobody is accountable then who cares who gets elected?

Well, with guidance like that from on high, what hope is there for the rest of us?

Usually we look to governments and big industry to show the way in both corporate and civil behaviour. After all, they make the law, and they enforce that law.

But right now their governance is, to put it mildly, severely lacking. If, to quote a very famous film, “Frankly, my dear, I don’t give a damn,” then why should we believe them when they talk about Copyright and similar protections? It looks like a load of irrelevance, and anyone wanting information protection will have to go with what they can get. There’s no point in waiting for the prognostications of the governments, or the divinations of standards bodies (international or industry led) because it is totally clear that the leaders are not interested.

And that brings me back to the power cord. Nobody at the removers is interested in my problem. So I am going to have to sort it out for myself – and the beard itches!

The case for Digital Rights Management

2008-04-01T16:31:00Z

There are many good and valid reasons why people wish to be able to publish and transmit information electronically. The rise of social web sites testifies to the willingness of people to make information available to selected individuals or groups.

However, a willingness to share should not be interpreted as a wholesale license to all and sundry to freely make copies of electronic information and re-distribute it without even acknowledging the original ownership, or paying a Copyright fee.

Much has been made, in the technology world, of the concepts of Open Source, CopyLeft, Limited Rights and so on, as arguments for the desirability of making all electronically held information freely available to all comers. In the music receiving industry (as against the music publishing industry) there has been considerable pressure to make copying and redistribution a ‘right,’ merely because it is difficult to prevent.

Such arguments are intellectually barren. They are like saying that because you own a gun you have a ‘right’ to shoot anything you like because it is difficult to stop you, or that because you can buy a car you can drive it anywhere you like and in any manner that you wish.

Because people suffer physical harm as a result of such poor behaviours we pass laws to take action if behaviour is unacceptable. Since Copyright is an economic right, we also have laws to protect Copyright owners from economic harm where behaviour is unacceptable.

So we must reject the claim that merely because you can do something then you automatically have the right to do it. (This was never true in Roman Law countries anyway.)

Empirical evidence suggests that computer users cannot be trusted to use information provided electronically only and solely for lawful purposes. Regrettably, it is essential to instil enlightened self-interest into the users of electronically provided information. This is essential, simply because, “Computers are all about copying.” (Prof. JAL Sterling and S Mathews in a paper on protocols and interfaces). Not only do computers facilitate copying, but they ensure that such copies are always perfect in every detail.

This creates significant problems whose Intellectual Property(IP) (whether being offered for sale or being made available for some purpose as the result of a commercial agreement or a ruling of a competent Court, or some other reason) is being distributed electronically. Agreements for the control of the use of IP are normally very precise, and set out to prevent unauthorized use. Given the propensity of users to do things because they can, it is essential to provide a system of controls (Digital Rights Management or DRM) that actively ensure that the permitted uses must be observed, and cannot be trivially ignored.

Similarly, those wishing to make their livings from selling their intellectual capacity (creating works by thinking) as opposed to their physical capacity (making objects) must have the ability to enforce their economic right. To suggest that all the world (tout le monde) cannot make their livings from publishing and selling on the Internet would be a travesty of the so-called knowledge-based economies. Whilst some may seek to demonstrate their intellectual capacities by ‘giving away’ the fruits of their labours as marketing in the hope of selling something else, not everyone has the luxury of such an indulgence. One cannot see authors such as JK Rowling agreeing, http://entertainment.timesonline.co.uk/tol/arts_and_entertainment/books/article3621625.ece seems to be an indication of her view about copying!

Academics (who, incidentally are paid to write, and often write as a matter of advertising, as do I) may claim that all intellectual capacity should be available for their study, comment, parody and so on. I wonder how many electronic copies of Deathly Hallows were provided free gratis to the academic community for that purpose? And without any limitation as to copying and being able to pass on?

The fact of the matter is that there are cogent economic and political reasons why DRM technologies are required to protect documents in electronic form, and it is wrong to suggest that that there should be no mechanisms enforcing the control of authorized use made available and put in place. Let those who wish to give away their work do so if they will, but allow those who sell their work to obtain fair and relevant recompense for their labours.