Friday, September 5, 2008

Copyright Law in the Virtual World

Christian Olsson of ByteShield, Inc. took the time to write an interesting comment on my last post about PC gaming, copy-protection, and piracy. I wanted to respond through another post because I think his comment raises some interesting questions. I'll start first with ByteShield's whitepaper, Is Anti-Piracy/DRM the Cure or the Disease for PC Games?, that Christian mentioned in his comment.

In the introduction of the white paper, it acknowledges that DRM schemes have failed and are rapidly cracked; however, at the same time the white paper acknowledges that piracy would be worse than it is today if no such measures were taken. I can't seem to understand how these two realities can coexist. If DRM has failed, then how has DRM made piracy less of a problem? I don't follow the logic being used here. Again, I see this acknowledgment that DRM has lessened piracy somewhat to be a vapid "conventional wisdom" of the gaming industry, much like peer-to-peer file-sharing is seen as a decrease in sales in the music industry.

The white paper also makes passing mention of digital technology "decimat[ing]" the music industry, as well as mentioning the "threat" to DVD sales. I've written about the music industry before, and there is conflicting evidence about the loss of CD sales due to digital file-sharing. I'm more convinced by the studies that have shown that CD sale losses have lessened as a result of file-sharing, and remember that CD sales were already declining before applications like Napster hit the scene. I'm not familiar with DVD sales, but I'm not convinced that file-sharing is causing a decrease in sales, either.

I'll reference this post again, because I make a point towards the end of the post that I think needs repeating. All too often it is assumed that piracy of digital content equals lost sales. I'm not convinced of this at all because those making this assumption have never provided any evidence to support what is underlying this assumption -- that those who have pirated the content would have purchased the content if there were no means to obtain it otherwise. The music industry makes this assumption all the time -- that a downloaded song is less revenue in their pockets. But they have no reason to think that the individual who downloaded the song would have purchased it in the first place.

There's another piece to this that I think needs to be mentioned as well. Digital content is different from physical content in a number of ways, and the most important is also the most obvious -- digital content is virtual. Why is this important? The virtual nature of digital content means that my consumption of this content does not in any way deprive another of consumption and enjoyment of this content. Perfect copies can be infinitely created at almost no cost. Digital content will never be a scarce commodity, and here lies the problem.

Our entire copyright system is based upon the assumptions and limitations of physical content. Physical content is limited in quantity, deteriorates over time, and the analog nature of physical content means that any copies of the content will be of lesser quality than the original. All of these things make the original more valuable than any copies, which is different from digital content. All the digital copies will be exactly the same, making them the same value. Content producers are trying to force digital content into the limitations of physical content. Copyright works by creating artificial scarcity -- it grants authors/inventors the exclusive right to produce and distribute copies for a set amount of time. DRM schemes are attempts to create that artificial scarcity; however, the nature of computers and software means that copies have to be made in order to run the program. Digital content exists within a realm of infinite copies. Furthermore, making copies of digital content is easier than ever. Just as the printing press lowered the barriers to entry in the book publishing world, computers and software have lowered the barriers to entry in the digital content world.

DRM schemes will always be hacked, bypassed, and subverted. As I argued in the older post, this is because of the nature of encryption. DRM is encryption, but in order to make that encrypted content useful content producers have to provide a means for the consumer to decrypt and read the content. DRM fails because DRM will always give hackers all the tools to crack their code. Without providing those tools, the content is useless and unreadable to consumers who have obtained the content legally.

To bring this all together, I think Brad Wardell sums up everything concisely:

The question our industry needs to ask itself is pretty straight forward: Is the goal of IP protection to increase our revenue or is it to prevent people who aren't going to buy games from playing them?
The white paper does make some good points. There's discussion about the lost trust between gamers and developers, and I think that is a key point. Gamers don't want to feel like criminals, nor do gamers want to be punished with draconian DRM for legally purchasing a game. ByteShield recognizes that, and I applaud them for it. ByteShield also appears to recognize that copy-protection will be hacked at some point in the game's life cycle, but the company doesn't think that DRM is ultimately futile.

The protection scheme in the white paper appears to use some features of the current DRM schemes like StarForce and SecuROM. The key to ByteShield's SUM (Software Usage Management) seems to be a connection to a remote server to run the various security checks. That in-and-of-itself us a huge potential problem for DRM. What happens when ByteShield turns off its servers? Or moves over to a new system, much like what the MLB did for its downloadable game service? What happens when ByteShield goes out of business? There's no guarantee that any of the content protected by SUM will be anything but useless to the consumer.

Also included in the protection scheme are limited number of activations and repeated verification. Gamers screamed to high hell when BioWare announced they were going to use repeated verification for Mass Effect, and the same protest was heard when EA revealed that Spore would do the same thing. Ultimately, that part of the copy-protection scheme was dropped. I don't think that ByteShield is going to have much success with that.

ByteShield is very confident that their copy-protection will be virtually unhackable to all but the most determined programming sadists. I'll be curious to see how their system holds up.

The white paper also goes through a number of common complaints against DRM and discusses ByteShield's response to those complaints. The company claims that SUM will not install hidden drivers or files, and will install transparently. In this spirit of transparency, games loaded with SUM will be clearly marked on the box for consumers. They also claim that they will retain the ability to remove the DRM at any point in the game's life cycle, that the DRM files will not run unless the game is running (gee... where have we heard that one before?), that SUM will not edit the user's registry, that SUM will not require the CD/DVD to be in the drive, that SUM will be uninstalled with the game, and the SUM will not refuse a game launch because of programs like drive emulators. If true, this is all well and good.

There are a couple of things mentioned that trouble me -- number one being the required internet connection to activate the game. Not everyone uses the internet at home, or even has access to broadband. Some gamers have a separate "gaming" PC, which is never connected to the internet. Patches and updates can usually be downloaded from another computer and then transferred to the computer without an internet connection. If repeated verification is used, then I think there is too much of a burden placed on users. What should someone, who has legally purchased a game, do if they lose their internet connection and SUM decides that a verification is in order? Moreover, people should not be required to have an internet connection for a game like Mass Effect, which is entirely single-player.

Another thing that is troubling, and maybe I'm just not entirely clear about it, is the limited user/installation distinction. ByteShield claims that the number of users will be limited, not the number of installations. I'm not sure I understand how ByteShield will go about differentiating the two. Other DRM schemes track the number of installations as if they were users. In any event, I see the potential that a legitimate user could be denied re-installing a game at some point. I need further explanation about how this actually works.

ByteShield is also offering a lot of options to developers -- the ability to offer full feature trial versions is good for the industry. Many gamers complain that demos do not accurately represent what the game is, and therefore, they become less likely to make a purchase. One thing that I think would be beneficial is the full disclosure of all the options a developer has chosen. Since it seems that each developer can customize the copy-protection using ByteShield's system, it would continue that spirit of transparency to be open and up front about what gamers can expect to be able to do with each protected game.

In the end, I feel that ByteShield will be different enough from StarForce and SecuROM to actually respect some consumer rights; however, I think the same potentials for exploitation exist within the SUM system. In addition, I think that these kinds of protection schemes are still missing the point -- digital content is too different from physical content to be treated as the same in copyright law. We need more than just a re-appropriation of existing laws to digital content; we need to recognize that digital content and its copyright needs to be handled differently than physical content, lest we stifle creativity and innovation by overprotecting content.

[UPDATE]: Further reading here (Talkjack's 16 point PC Gamers' DRM Charter, referenced in the white paper), and here (discussion of StarForce DRM by Talkjack).

4 comments:

Ann said...

This DRM stuff is killing me!!!

I do not live in the US anymore so I could care less about the breaking US law and removing DRM for personal use.

DRM no DRM…. I just want to be able to play my media on any platform that I choose. DRM is like going into your local stereo shop and having to

purchase a DVD player for each movie studio.

So now I found a great decission - MelodyCan converter (http://www.melodycan.com) which helps me to resolve drm-protection problem.

illegal youth said...

Thanks for the comment, Ann.

The problem with DRM is that it is a technological quick-fix for what Lawrence Lessig would call a "latent ambiguity" in the Constitution.

The copyright clause was written hundreds of years ago, and only states in broad terms that the exclusive right to produce and distribute copies of works will be granted to artists/inventors for a limited time. US copyright law is largely based on the assumptions and limitations of physical content.

I'd argue that we need to have a new discussion about digital content and the values that we want to preserve in any new copyright laws that govern the use of copyrighted content.

Do we want to retain the values of sharing, modifying, and/or creating derivative works from existing works? Do we want to retain the values within the First-Sale Doctrine? The values of Fair Use? The long held values of interacting with the culture that interests us? These are the questions we need to be asking ourselves, and ultimately, the answers we derive from such questions will shape how copyright law will apply to digital content in the future.

I, for one, hope that we do retain these values in digital content. DRM, as it exists today, is actively changing the perception of these values, and thus, influencing how the culture will react to such values. The current track of over-protection that we are on will stifle creativity and innovation by cutting people off from the ability to interact with their culture. I believe that this does a disservice to us all.

Christian Olsson said...

Thanks Illegal Youth for responding to my post on your BLOG - Twisted Arm of Illegal Youth – on your article entitled “Copyright Law in the Virtual World” – I’ve tried to elaborate and clarify in answer to your points:

1. “If DRM has failed, then how has DRM made piracy less of a problem?” - DRM can reduce some types of illegal copying. If it is extremely easy to circumvent the protection, many amateurs will do it. If the protection is more challenging, some people will not be able to get around the DRM and some of these will actually purchase the game/software, rather than find it on a torrent site. While virtually all DRM solutions have been cracked, the piracy problem might have been yet larger if all games/software had been distributed unprotected.

2. “All too often it is assumed that piracy of digital content equals lost sales. I'm not convinced of this at all because those making this assumption have never provided any evidence to support what is underlying this assumption -- that those who have pirated the content would have purchased the content if there were no means to obtain it otherwise” – The real question is how much of piracy would turn into sales. Given piracy rates for certain games and software, the proportion does not need to be large before the impact is significant. For example, a UK study has shown that for every purchased copy of games, 10 pirated copies are used. AutoDesk has publicly stated similar numbers for AutoCAD. If only 1 of every 10 illegal copies turn into sales, revenues would double.

We have seen references to a European consumer research study, which claimed that 30% of piracy would turn into revenue. We find that number hard to believe, but if it is anywhere near true, the revenue potential is quite high.

3. “Our entire copyright system is based upon the assumptions and limitations of physical content” - Your discussion is right on – the real issue is how easy or difficult is it to copy? A hardcover book is a lot of work to copy, a loose leaf article much easier and an electronic article requires almost no effort to copy. Thus, digital content is much easier to copy. The task of good DRM is to make it more work to copy, so that anybody desiring the content will purchase it.

4. “The virtual nature of digital content means that my consumption of this content does not in any way deprive another of consumption and enjoyment of this content” - This is equally true of physical content.

5. ”DRM fails because DRM will always give hackers all the tools to crack their code” – The key word is ‘tools’. Everything can be broken ‘manually’ and/or by brute force. The key inventions in ByteShield aim to make it necessary to solve a large number of ‘puzzles’, one at a time. Yes, it can be cracked, but the work effort required is very large.

6. ”Is the goal of IP protection to increase our revenue or is it to prevent people who aren't going to buy games from playing them?” ByteShield’s answer is both – prevention will increase revenue, control of free, full-feature trials encourages purchases.

7. “ByteShield also appears to recognize that copy-protection will be hacked at some point in the game's life cycle, but the company doesn't think that DRM is ultimately futile” – ByteShield believes protection is valuable if approached our way i.e. extremely large effort to crack, no or minor impact on honest users and no impact on PC game and software developers.

8. “What happens when ByteShield turns off its servers? Or moves over to a new system, much like what the MLB did for its downloadable game service? What happens when ByteShield goes out of business? There's no guarantee that any of the content protected by SUM will be anything but useless to the consumer” – ByteShield will in such cases assist the Publisher in changing the ByteShield SUM protection from limited usage to free and unlimited usage.

9. “Also included in the protection scheme are limited number of activations and repeated verification…. I don't think that ByteShield is going to have much success with that.” – and – “there are a couple of things mentioned that trouble me -- number one being the required internet connection to activate the game” - Online connectivity is becoming ubiquitous because of the benefits it affords users – always on, always up-to-date, always connected, etc, etc and ByteShield is simply taking advantage of that situation to enable copyright protection along with multiple user benefits such as ‘unlimited activations’ – yes an occasional internet connection is needed but this is a necessary component of balancing the rights of both copyright holders and honest users without all the other limitations of DRM systems.

10. “ByteShield is very confident that their copy-protection will be virtually unhackable to all but the most determined programming sadists. I'll be curious to see how their system holds up.” - About a year ago, a unit of the Department of Defense invested 2 months in trying to crack ByteShield and, as far as we can tell, they did not succeed (the results are classified).

11. “Another thing that is troubling, and maybe I'm just not entirely clear about it, is the limited user/installation distinction. ByteShield claims that the number of users will be limited, not the number of installations. I'm not sure I understand how ByteShield will go about differentiating the two. Other DRM schemes track the number of installations as if they were users. In any event, I see the potential that a legitimate user could be denied re-installing a game at some point. I need further explanation about how this actually works.” – This is crucial to our product and why we view ByteShield as considerably more end user friendly than other solutions. End users can install the game/software on an unlimited number of computers and keep on adding installations, as hardware changes or system crashes etc. occur. The real item to control is not the number of installations; it is how many of these installations can be used, at the same time. Thus, with ByteShield, the permission to run moves from one PC to another, seamlessly. The publisher can decide, per activation code:
a) How many users will be allowed
b) How many active installations each user will be allowed
c) How quickly the permission to run moves from one user to another and from one computer to another

Also the ByteShield whitepaper “Is Anti-Piracy/DRM the Cure or the Disease for PC Games?” discusses how ByteShield meets Talkjack's 16 point PC Gamers' DRM Charter. Finally we are updating this whitepaper to also include a ByteShield point by point view of Brad Wardell of Stardock’s “The Gamer’s Bill of Rights”.

Christian

illegal youth said...

Christian,

Thanks again for the comment! I've furthered the discussion in a new post.