Christian Olsson of ByteShield, Inc. took the time to write an interesting comment on my last post about PC gaming, copy-protection, and piracy. I wanted to respond through another post because I think his comment raises some interesting questions. I'll start first with ByteShield's whitepaper, Is Anti-Piracy/DRM the Cure or the Disease for PC Games?, that Christian mentioned in his comment.
In the introduction of the white paper, it acknowledges that DRM schemes have failed and are rapidly cracked; however, at the same time the white paper acknowledges that piracy would be worse than it is today if no such measures were taken. I can't seem to understand how these two realities can coexist. If DRM has failed, then how has DRM made piracy less of a problem? I don't follow the logic being used here. Again, I see this acknowledgment that DRM has lessened piracy somewhat to be a vapid "conventional wisdom" of the gaming industry, much like peer-to-peer file-sharing is seen as a decrease in sales in the music industry.
The white paper also makes passing mention of digital technology "decimat[ing]" the music industry, as well as mentioning the "threat" to DVD sales. I've written about the music industry before, and there is conflicting evidence about the loss of CD sales due to digital file-sharing. I'm more convinced by the studies that have shown that CD sale losses have lessened as a result of file-sharing, and remember that CD sales were already declining before applications like Napster hit the scene. I'm not familiar with DVD sales, but I'm not convinced that file-sharing is causing a decrease in sales, either.
I'll reference this post again, because I make a point towards the end of the post that I think needs repeating. All too often it is assumed that piracy of digital content equals lost sales. I'm not convinced of this at all because those making this assumption have never provided any evidence to support what is underlying this assumption -- that those who have pirated the content would have purchased the content if there were no means to obtain it otherwise. The music industry makes this assumption all the time -- that a downloaded song is less revenue in their pockets. But they have no reason to think that the individual who downloaded the song would have purchased it in the first place.
There's another piece to this that I think needs to be mentioned as well. Digital content is different from physical content in a number of ways, and the most important is also the most obvious -- digital content is virtual. Why is this important? The virtual nature of digital content means that my consumption of this content does not in any way deprive another of consumption and enjoyment of this content. Perfect copies can be infinitely created at almost no cost. Digital content will never be a scarce commodity, and here lies the problem.
Our entire copyright system is based upon the assumptions and limitations of physical content. Physical content is limited in quantity, deteriorates over time, and the analog nature of physical content means that any copies of the content will be of lesser quality than the original. All of these things make the original more valuable than any copies, which is different from digital content. All the digital copies will be exactly the same, making them the same value. Content producers are trying to force digital content into the limitations of physical content. Copyright works by creating artificial scarcity -- it grants authors/inventors the exclusive right to produce and distribute copies for a set amount of time. DRM schemes are attempts to create that artificial scarcity; however, the nature of computers and software means that copies have to be made in order to run the program. Digital content exists within a realm of infinite copies. Furthermore, making copies of digital content is easier than ever. Just as the printing press lowered the barriers to entry in the book publishing world, computers and software have lowered the barriers to entry in the digital content world.
DRM schemes will always be hacked, bypassed, and subverted. As I argued in the older post, this is because of the nature of encryption. DRM is encryption, but in order to make that encrypted content useful content producers have to provide a means for the consumer to decrypt and read the content. DRM fails because DRM will always give hackers all the tools to crack their code. Without providing those tools, the content is useless and unreadable to consumers who have obtained the content legally.
To bring this all together, I think Brad Wardell sums up everything concisely:
The question our industry needs to ask itself is pretty straight forward: Is the goal of IP protection to increase our revenue or is it to prevent people who aren't going to buy games from playing them?The white paper does make some good points. There's discussion about the lost trust between gamers and developers, and I think that is a key point. Gamers don't want to feel like criminals, nor do gamers want to be punished with draconian DRM for legally purchasing a game. ByteShield recognizes that, and I applaud them for it. ByteShield also appears to recognize that copy-protection will be hacked at some point in the game's life cycle, but the company doesn't think that DRM is ultimately futile.
The protection scheme in the white paper appears to use some features of the current DRM schemes like StarForce and SecuROM. The key to ByteShield's SUM (Software Usage Management) seems to be a connection to a remote server to run the various security checks. That in-and-of-itself us a huge potential problem for DRM. What happens when ByteShield turns off its servers? Or moves over to a new system, much like what the MLB did for its downloadable game service? What happens when ByteShield goes out of business? There's no guarantee that any of the content protected by SUM will be anything but useless to the consumer.
Also included in the protection scheme are limited number of activations and repeated verification. Gamers screamed to high hell when BioWare announced they were going to use repeated verification for Mass Effect, and the same protest was heard when EA revealed that Spore would do the same thing. Ultimately, that part of the copy-protection scheme was dropped. I don't think that ByteShield is going to have much success with that.
ByteShield is very confident that their copy-protection will be virtually unhackable to all but the most determined programming sadists. I'll be curious to see how their system holds up.
The white paper also goes through a number of common complaints against DRM and discusses ByteShield's response to those complaints. The company claims that SUM will not install hidden drivers or files, and will install transparently. In this spirit of transparency, games loaded with SUM will be clearly marked on the box for consumers. They also claim that they will retain the ability to remove the DRM at any point in the game's life cycle, that the DRM files will not run unless the game is running (gee... where have we heard that one before?), that SUM will not edit the user's registry, that SUM will not require the CD/DVD to be in the drive, that SUM will be uninstalled with the game, and the SUM will not refuse a game launch because of programs like drive emulators. If true, this is all well and good.
There are a couple of things mentioned that trouble me -- number one being the required internet connection to activate the game. Not everyone uses the internet at home, or even has access to broadband. Some gamers have a separate "gaming" PC, which is never connected to the internet. Patches and updates can usually be downloaded from another computer and then transferred to the computer without an internet connection. If repeated verification is used, then I think there is too much of a burden placed on users. What should someone, who has legally purchased a game, do if they lose their internet connection and SUM decides that a verification is in order? Moreover, people should not be required to have an internet connection for a game like Mass Effect, which is entirely single-player.
Another thing that is troubling, and maybe I'm just not entirely clear about it, is the limited user/installation distinction. ByteShield claims that the number of users will be limited, not the number of installations. I'm not sure I understand how ByteShield will go about differentiating the two. Other DRM schemes track the number of installations as if they were users. In any event, I see the potential that a legitimate user could be denied re-installing a game at some point. I need further explanation about how this actually works.
ByteShield is also offering a lot of options to developers -- the ability to offer full feature trial versions is good for the industry. Many gamers complain that demos do not accurately represent what the game is, and therefore, they become less likely to make a purchase. One thing that I think would be beneficial is the full disclosure of all the options a developer has chosen. Since it seems that each developer can customize the copy-protection using ByteShield's system, it would continue that spirit of transparency to be open and up front about what gamers can expect to be able to do with each protected game.
In the end, I feel that ByteShield will be different enough from StarForce and SecuROM to actually respect some consumer rights; however, I think the same potentials for exploitation exist within the SUM system. In addition, I think that these kinds of protection schemes are still missing the point -- digital content is too different from physical content to be treated as the same in copyright law. We need more than just a re-appropriation of existing laws to digital content; we need to recognize that digital content and its copyright needs to be handled differently than physical content, lest we stifle creativity and innovation by overprotecting content.
[UPDATE]: Further reading here (Talkjack's 16 point PC Gamers' DRM Charter, referenced in the white paper), and here (discussion of StarForce DRM by Talkjack).