EFF Asks FTC To Demand 'Truth In Labeling' For DRM
from the that's-a-strategy dept
Interesting move by Cory Doctorow and the EFF in sending some letters to the FTC making a strong case that DRM requires some "truth in labeling" details in order to make sure people know what they're buying. We've been pointing out for years, that DRM often means that you don't really own what you think you bought. The argument is pretty straightforward:The legal force behind DRM makes the issue of advance notice especially pressing. It’s bad enough to when a product is designed to prevent its owner from engaging in lawful, legitimate, desirable conduct -- but when the owner is legally prohibited from reconfiguring the product to enable that conduct, it’s vital that they be informed of this restriction before they make a purchase, so that they might make an informed decision.The letter also includes numerous examples of people being stymied from actually using products they had purchased, thanks to unclear DRM restrictions. Here's an example from the music world:
Though many companies sell products with DRM encumbrances, few provide notice of these encumbrances. Of those that do, fewer still enumerate the restrictions in plain, prominent language. Of the few who do so, none mention the ability of the manufacturer to change the rules of the game after the fact, by updating the DRM through non-negotiable updates that remove functionality that was present at the time of purchase.
Adam J installed Microsoft’s Groove and it automatically imported his iTunes and Amazon libraries, and automatically -- and erroneously -- flagged 30% of his collection as being DRMencumbered. It then added Groove’s own DRM to these tracks, and they will no longer play unless he buys a premium connection and even then, only when he is connected to the Internet.And here's one from the hardware world:
John F bought a 27” Sony Wega HD flat-screen TV from a Best Buy store in 2004, believing that the set’s HDMI port would accommodate his PC, allowing him to use it as both a TV and a computer monitor. However, Sony had deployed DRM code to prevent this use, significantly reducing the value of his $2,100 purchase. There was no notice of this DRM, and store personnel were not aware of it.There are a lot more like that. In a separate letter from EFF, along with a number of other consumer interest groups, but also content creators like Baen Books, Humble Bundle and McSweeney's, they suggest some ways that a labeling notice might work.
This is an interesting approach to dealing with DRM. I'm always a little wary of the need to go running to the government for help without other alternatives being exhausted first, but the letters do make a strong case that this is a longstanding problem that has not been solved through the marketplace. Of course, it might be nice if retailers simply adopted this directly first, rather than it getting to the point where the FTC needs to step in.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: drm, ftc, truth in advertising, truth in labeling
Reader Comments
The First Word
“Of course we need government to solve this problem; government created it! Bear in mind that, if you strip away the legal context and look purely at what DRM actually does, what you see is a hacking tool. If it were not for the DMCA specifically giving it legal validation and protection, deploying DRM would be a criminal act. (And those legal protections and validations being repealed would be an unambiguously good thing, but that's another matter...)
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Bullshit. No one in the history of the internet has ever done that.
[ link to this | view in chronology ]
DRM -- digital rights mismanagement
And what about my internet-connected CAR, where remote hacking is now a possibility? Not to mention a police search that turns up the entire driving history of the vehicle, including my speed just before I killed someone in an accident?
And, for my own case, I have an 8051 emulator from NoHau. This was big...in 1996... to run it today, I have to run it in a Windows XP virtual machine with the date no later than June, 2012 -- due to an accident (a bug) in the DRM programming.
Yup, FTC: We need *much* better disclosure. Does it have to be connected? What can it store? What are the actual rights I have purchased? and if it breaks?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
As for wondering about financial info via Apple: there has been no disclosed data breach of AppleIDs since the AppleID program went online, so you can stop wondering :)
There's enough bad DRM-related stuff going on that we don't need to drag speculative hearsay into the mix.
Sticking with Apple, currently I have to digitally sign my software once a week if I want to keep it running on my devices, otherwise I have to pay Apple $99 for an annual certificate for the same privilege. Why not just set it up so I can sign my device AND the software with the same key that lasts for more than a week??? It would cover most of the same security issues, but I'd get to run the software I not only own but created, without having to go back to Apple again and again for permission.
[ link to this | view in chronology ]
Of course we need government to solve this problem; government created it! Bear in mind that, if you strip away the legal context and look purely at what DRM actually does, what you see is a hacking tool. If it were not for the DMCA specifically giving it legal validation and protection, deploying DRM would be a criminal act. (And those legal protections and validations being repealed would be an unambiguously good thing, but that's another matter...)
[ link to this | view in chronology ]
Re:
Created by...
We The People!
Next time be sure to put the blame where it properly lay!
[ link to this | view in chronology ]
Re: Re:
Oh, so you take personal responsibility for everything the government does? Please post your personal address and contact information. There are a few things that some people might want to come "talk" to you about.
[ link to this | view in chronology ]
Re: Re: Re:
This means "we" are the root of the problem.
Go ahead, see if you can even get any meaningful number of people to go and march on Congress for these problems.
None of our Founding Fathers would be voted into Office Today. The American Citizen is the problem! Completely ignorant of how their own government works and will do and say anything to avoid responsibility for their own actions, even when caught red handed!
America is a Nation full of lying, backstabbing, ignorant, and corrupt individuals. The worse part is the juvenile denial about how far this Nation has fallen.
Sure there maybe many decent people here, but they are clearly in the minority!
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
"Still waiting for your personal contact info."
just trolling
[ link to this | view in chronology ]
Re: Re: Re: Re:
Do they have any responsibility for their actions, such that it's right to blame them when they do something contrary to public wishes or wants, are they basically puppets for the public such that any and all blame is to be placed on the public (somehow) pulling their strings, or is it somewhere in the middle?
Judging by your repeating insistence that the public is the one to blame I can't help but think that you place very little responsibility and blame on the politicians themselves, shifting it instead to the public for not... voting better or something?
[ link to this | view in chronology ]
Re: Re: Re: Re:
It's hard for me to tell, are you talking about the government or the MPAA here? You don't have to wait 4 years to stop "voting for" the MPAA.
[ link to this | view in chronology ]
Re: Re: Re: Re:
It is easy to complain about the political system, but much much harder to actually achieve significant political change.
[ link to this | view in chronology ]
Re: Re:
If I order crème brûlée in a restaurant and the cook burns down the kitchen, should I blame myself for the incompetency of the cook?
The lawmakers draw a salary that is a heck more than that of a cook. Passing something as braindead as the DMCA on cue of the industry is akin to a cook with five star price tag buying frozen prepared food from the supermarket and being too stupid to microwave it to serving temperature.
[ link to this | view in chronology ]
Re: Re: Re:
The staffers employed to research and write bills for Congress and the Senate were removed around the turn of the century -- around the same time that laws on lobbying were relaxed.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
You can't be responsible for anything can you?
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Or is blaming everyone else what you have determined to be the next logical step since you obviously can't blame the government? All right then. Check in again a couple months and we'll see how superior in the ways of productivity your methodology has proven to be.
[ link to this | view in chronology ]
Re:
This is obnoxious, qualifies as DRM in the context of the law, and may qualify as a defective product in some jurisdictions, but I cannot see how that would qualify as a hacking tool. I will grant that some of the newer more invasive DRM techniques are so nasty that they either are hacking tools or leave the system dangerously exposed to them, but it is overstating to say that all DRM are also hacking tools.
Now that "everyone has an always-on Internet connection" (a product manager meme that I despise), games have switched to using the affirmative response of an Internet-accessible license server instead of checking for a manufacturer-issued CD. Again, this effectively impedes access to the work, both for illegitimate users and for any customers unfortunate enough to incorrectly fail the check (including customers whose only failure is wanting to use the work after the vendor decommissioned the license server). However, as with the CD-as-a-dongle approach, that alone is not enough to be useful as a hacking tool.
With regard to solving it in the market: if not for the DMCA's anti-circumvention rules, there would be a ready market for DRM-stripping products and services. This is not theory. We saw this with CD ripping and CD emulation software in the mid-to-late 1990s, when customers resorted to ever more elaborate ways of convincing the DRM-encumbered games that launching was permitted. Among other legitimate uses, this was popular with people who regularly played more DRM-encumbered games than they had CD drives available, so it was not possible to keep all the game CDs in the system concurrently. Copying the CD to the hard drive, then mounting a virtual image of it would, if the emulation was good enough, satisfy the DRM's CD check without requiring the CD to be loaded. Yes, this could be abused by gifting/selling the CD after ripping, but it was also used to avoid the wear and tear of constantly shifting CDs in and out of the system. I think I once played with someone who claimed to have used the rip+emulate approach because his CD drive was noisy when spinning (so he wanted it to spin down whenever practical) and tended to spin down when unused, causing the game to stall at awkward points when it accessed the CD again, requiring a multiple second spin-up phase. Accessing the virtual CD on the hard drive was always fast and did not add to noise. The DMCA's anti-circumvention rules prohibit bypassing DRM even for non-infringing uses, so CD emulation for the purpose of bypassing a DRM check is now illegal, as is marketing software to assist in that purpose.
Remove the anti-circumvention rules and the market would return to solving problems like that. As long as those rules stand, we need pro-customer rules to protect against DRM.
[ link to this | view in chronology ]
Another Possible Solution
1. State clearly and unambiguously what the user can and cannot do.
2. Not restrict, encumber, or otherwise interfere in the lawful and productive use of the product for as long as the product exists, irrespective of ownership. This includes not preventing reconfiguration necessary to such use.
3. In the case of products which end users cannot reconfigure them for legitimate purposes without falling afoul of DRM, reconfigure the products for the end-users at no cost to the end user for as long as the product exists.
4. Not sell or rent; offer for sale or rent; refer to or develop the device in question.
And finally, under no circumstances whatsoever, can the vendor alter the terms of any license agreement covering a product after the product has been sold, without the written agreement and consent of the current owner of the device.
[ link to this | view in chronology ]
Re: Another Possible Solution
Like when Google bricked Revolv devices by shutting down the servers - just months into people's "Lifetime Subscriptions." They'd met any "for as long as the product exists" condition, because the moment they shut down the server the product effectively no longer existed.
The same goes for Microsoft PlaysForSure - so-named to reassure people that this wouldn't happen after they abandoned previous DRM schemes - when it was shut down and replaced by the Zune marketplace. (Which was later shut down and replaced.)
Companies can also use the age-old maneuver for getting rid of an inconvenient responsibility: Spin it off as a separate company, and let that company go under.
[ link to this | view in chronology ]
Re: Re: Another Possible Solution
[ link to this | view in chronology ]
Re: Re: Re: Another Possible Solution
I bought an automobile headlight bulb with a "lifetime warranty" from one of the big national auto parts chain stores. When it failed I took it back and was told that the warranty was for the "lifetime" of the bulb and had expired because the bulb had obviously died.
[ link to this | view in chronology ]
Re: Re: Re: Re: Another Possible Solution
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Malware Superhighway
[ link to this | view in chronology ]
[ link to this | view in chronology ]
"John F" and HDMI
Why would a TV refuse to display a signal? Is that a real thing now, or just a misunderstanding of what's happening? I know that DRM on computers/players may refuse to show things if the TV doesn't support the right DRM features (HDCP), but I've never heard of the TV refusing.
[ link to this | view in chronology ]
Re: "John F" and HDMI
[ link to this | view in chronology ]
Re: "John F" and HDMI
With HD-DVD, Blu-Ray your player or player software sends the data to your monitor still encrypted. The monitor itself decrypts the data. Your monitor and video card must both be High-bandwidth Digital Content Protection (HDCP) compliant for it to work.
A TV from 2004 would not be HDCP compliant. They nailed down the HDTV standards, released the first wave of HDTVs and monitors to the market AND THEN introduced HDCP.
For a while the major video card makers charged a premium for HDCP-compliant video cards. Then the first HDCP-encumbered content was released, and many of those cards didn't work with it. The chipsets were compliant, but not the rest of the card.)
HDCP 2.1 became the standard for 4K content. It's a totally different standard so your old HDCP-compliant HDTVs and monitors won't work with it. But 2.1 had some security flaws, so it's being replaced by 2.2. Which is not bound to backward compatibility to 2.1, so don't count on early 4K TVs to work with new content.
[ link to this | view in chronology ]
Re: Re: "John F" and HDMI
No, the decryption is performed in the monitor, after the player sends it the decryption key.
[ link to this | view in chronology ]
Re: Re: Re: "John F" and HDMI
With DVD the decryption is done in the player or player software.
[ link to this | view in chronology ]
Re: Re: Re: Re: "John F" and HDMI
That's not HDCP. We're talking about HDCP. With HDCP the data is encrypted as travels over the wire to prevent the program from being captured by simply tapping into the wire. It isn't decrypted until it gets inside the display/output/receiver device.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: "John F" and HDMI
[ link to this | view in chronology ]
Re: Re: Re: Re: "John F" and HDMI
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: "John F" and HDMI
But when the monitor is HDCP compliant and you don't have HDCP handshake problems and you're not trying to display HDCP 2.2 protected content on an "older" HDCP 2.0 compliant 4K monitor, then the decryption is done by the monitor.
[ link to this | view in chronology ]
Re: Re: "John F" and HDMI
While from a DRM point of view it makes sense for players to refuse to output to a display that cannot handle the decryption, it makes no sense for the display to refuse unencrypted data,
[ link to this | view in chronology ]
Re: Re: Re: "John F" and HDMI
"Advanced Access Content System (AACS) is required on all Blu-Ray projects, unless you are producing a ROM-only product. Any Blu-ray disc (BD-25 or BD-50) with any video content, be it for commercial or non-profit purposes must pay the AACS fees. ... AACS is required on all Blu-ray discs and costs $1,585 per title plus $0.05/disc"
That's probably illegal under anti-trust laws, but if the government doesn't care it doesn't really matter.
[ link to this | view in chronology ]
Re: Re: Re: Re: "John F" and HDMI
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: "John F" and HDMI
Occasionally the big publishers demand that the hardware makers sell devices that play *ONLY* DRM-encumbered content. If you can't stop self-publishers from distributing their music without you, you can make sure no-one's devices will play it.
[ link to this | view in chronology ]
Re: Re: "John F" and HDMI
(But if the TV manufacturer did implement some form of HDCP, and it became outdated, they should take some blame: they participated in a system that they knew would be obsolete at the whim of a third party, and didn't warn people.)
[ link to this | view in chronology ]
Re: Re: Re: "John F" and HDMI
Er, make that warning require a TV that hasn't had its keys revoked...
Say someone reverse-engineers a Sony TV and extracts its model-specific keys. The DCP LLC authority - which licenses the keys - revokes them. "Compromised" keys are included in a black-list on all Blu-Rays produced from then on. (And presumably through HD cable.) That model of TV - whoever owns them - and likely other models - will simply refuse to play new content.
So who do you demand redress from? Not the TV manufacturer; they're doing what they're required to do, and in any case it's the player refusing to send the data to the TV. Not the player manufacturer or Blu-Ray publisher or cable company; they're doing what they're required to do. Not DCP LLC; their key revocation requirement was part of the licence the manufacturers and distributors agreed to. Everyone can claim that they're not to blame.
Fortunately the master key for HDCP 1.x was found and released in 2010, making revocation useless. 2.x has been breached. Dunno if it was the master key, but we'll see if anyone's 4K monitors stop working.
[ link to this | view in chronology ]
Re: Re: Re: Re: "John F" and HDMI
Not actually. Revocation will still make stuff stop working. With the keys, technically knowledgeable people can work around the problem. Regular people will have to order obscure parts from shady foreign companies, if they know about it at all—and if any companies are willing to take the risks (remember Lik Sang?).
[ link to this | view in chronology ]
Re: Re: Re: Re: "John F" and HDMI
The only other solution I can see, which is far worse since it still burdens innocent consumers, is that there be a process by which the consumer can demand a full refund for the new content upon demonstration that the consumer's device is on the blacklist. (Yes, this is also exploitable if you're willing to keep on hand both a good TV and a blacklisted TV, then pull out proof of the blacklisted TV whenever you want to return a disc. DRM is broken by design. I like ideas where that brokenness boomerangs back to hurt the entities that force it on everyone, rather than where that brokenness hurts the customer.) This forces the consumer to abstain from any new content, but at least protects them from the situation that they buy an instance of encrypted content that they cannot use. Along this line, it would be in the producer's best interest to make sure that the disclaimers on the packaging make very clear which models of TV will not be permitted to show the disc.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: "John F" and HDMI
The manufacturer would respond by saying that the TV isn't defective. It still plays all the content available when it was sold. The decision to revoke the keys on later media was entirely out of their hands. Nor are they responsible for the Blu-Ray distributors including the keys in their discs' blacklists.
It's all set up so that in the event of a lawsuit, everyone can point the blame at someone else.
Now we have new 4K TVs that shipped with HDCP 2.0. Except that 2.0 got broken, and was replaced with 2.2. The 2.0 4K TVs won't work with 2.2 content, and it can't be fixed with a firmware update.
[ link to this | view in chronology ]
HDMI / HDCP / key revocation
I understand that the involved parties have spent quite a lot of effort setting up legal fictions to deflect blame away from each other. I accept that, under the current legal regime, they would likely win a lawsuit that tried to hold them to account for their anti-customer actions. I contend that a pro-customer law would be written in such a way that somebody can be held liable in a way that makes the customer whole, whether that be by providing them a product that works as originally advertised or by providing a refund for that product.
[ link to this | view in chronology ]
Re: "John F" and HDMI
[ link to this | view in chronology ]
Alternatively...
Prohibit the use of words such as 'purchase' or 'buy' for anything infected by DRM, instead replacing them with 'licence', from the tags on the floor all the way up to the register.
I imagine if people really knew how little they actually owned the reaction would be interesting, to say the least.
[ link to this | view in chronology ]
Re: Alternatively...
1. Do you still maintain full possession of item without paying another dime? Taxes, Contracts, or Subscriptions apply here. If you still have to give someone money for it to remain in your physical possession or you lose it, then you do not own it. Examples of NO are your home, things you lease like vehicles, or are paying to own or rent like furniture from Rent-A-Center. Technically government owns ALL land. Stop paying taxes, you will find out who owns it soon enough.
2. Does the item still fully function without paying another dime? If you must purchase a Contract, Support Agreement, or Subscription for the product to be fully functional then you do not own it. Examples of NO are Cell Phones, Current generation consoles, and OnStar for your vehicle.
3. Do you have power to block any other 3rd party out of the system directly preventing them from altering your product in any way? Examples of NO are PC's now stocked with Windows 10 where Microsoft prevents you ability to natively stop them from doing things to your Computer.
People own very very little despite falsely believing that they own much. You just get to have a say in things as long as you pay societies cost of having a say in things.
[ link to this | view in chronology ]
Re: Re: Alternatively...
You can use the phone over WiFi with no issues (Google Voice will even give you a phone number to send/receive calls!)
The real problem we're seeing here is bundling. Many companies bundle services and products, and make them near-impossible to separate. The end result is that DRM in the service can make the purchased product useless. You still own it, but it won't perform its intended function.
Kind of like owning a house, but someone else owns the land and won't let you gain access to the house.
[ link to this | view in chronology ]
Re: Re: Re: Alternatively...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
How about Full Refunds, in writing, always
Bought a bluray player when bluray first hit the market. The Bluray was so new it didn't update drm from the discs, thus it wouldn't play newer bluray's as they cam out, nothing from Disney worked on the player, nothing from Disney, ever, worked...
I went to my state attorney general's website, filled out a form, 6 months later I received a call from the manufacturer who was willing to provide a newer model. I instead chose a full refund and no longer buy products from them. THEY LOST MY BUSINESS BECAUSE OF DRM.
DRM sucks, especially when the those implementing it don't even know how to correctly implement it.
I could provide a list of software products from now defunct companies or companies that refuse to support previous versions which have basically disabled play or use of software that I legally purchased.
Because I lost a dongle or can't reinstall on an updated or in my case repaired computer DRM has cost me time, money and extreme frustration.
Worse, some of the many DRM implementations according to reports out there, are vectors for malware. i.e.
Malware uses Apple's FairPlay DRM to attack iOS users
Techdirt: Virus Writers Take Advantage Of Sony's Rootkit
[ link to this | view in chronology ]
Re: How about Full Refunds, in writing, always
Did the AG also punish them? Or was more like it's OK to rob a bank so long as you offer to give the money back if you get caught?
[ link to this | view in chronology ]
Re: How about Full Refunds, in writing, always
If this is what the future looks like I think I will call myself a Luddite and skip it as much as I can. Or at the very least actively work not to buy these things.
[ link to this | view in chronology ]
Re: Re: How about Full Refunds, in writing, always
Simple perhaps, but the fact that you have to break the law to get a working product is a pretty good indicator that something has gone seriously wrong at one or more places.
[ link to this | view in chronology ]
Re: Re: Re: How about Full Refunds, in writing, always
[ link to this | view in chronology ]
Re: Re: Re: Re: How about Full Refunds, in writing, always
[ link to this | view in chronology ]
This product contains DRM which allow us to control how you use the product. We may alter it however we like at your risk. You may need to connect a camera and film yourself naked before we install basic features but if you are ugly don't bother as we will refuse to install these features anyways.
[ link to this | view in chronology ]
If TPP passes in the 2016 lame duck session,
The whole point of the TPP IP section is to remove Congressional ability to weaken IP laws, DRM included.
[ link to this | view in chronology ]
The only solution is to stop buying anything that is controlled by these organizations. A month of greatly diminished sales will bring about change.
[ link to this | view in chronology ]