Monday, September 22, 2008

What Cultural Values Do We Want to Protect?

Christian Olsson of ByteShield was kind enough to respond to my analysis of the company's white paper on DRM and PC piracy. I'll take each answer one at a time (Olsson's points in italics):

DRM can reduce some types of illegal copying. If it is extremely easy to circumvent the protection, many amateurs will do it. If the protection is more challenging, some people will not be able to get around the DRM and some of these will actually purchase the game/software, rather than find it on a torrent site. While virtually all DRM solutions have been cracked, the piracy problem might have been yet larger if all games/software had been distributed unprotected.
I'm not entirely convinced. I do accept that certain forms of copy-protection are more difficult to circumvent than others; however, I don't think that necessarily translates into fewer people cracking the protection. I've seen how hackers crack copy-protection while also synthesizing the steps necessary so that any user could repeat the steps with little technical knowledge. Even if we accept that more "amateurish" users will be unable to circumvent the copy-protection, I still find it unlikely that those users would then go out and purchase the software. And this brings me to the next point of Olsson's:
The real question is how much of piracy would turn into sales. Given piracy rates for certain games and software, the proportion does not need to be large before the impact is significant. For example, a UK study has shown that for every purchased copy of games, 10 pirated copies are used. AutoDesk has publicly stated similar numbers for AutoCAD. If only 1 of every 10 illegal copies turn into sales, revenues would double.

We have seen references to a European consumer research study, which claimed that 30% of piracy would turn into revenue. We find that number hard to believe, but if it is anywhere near true, the revenue potential is quite high.
I'm not familiar with the UK study referenced (or the European consumer research study, for that matter), but I would be interested in reading the paper. Still, I wonder if these studies are market research or academic -- it would be quite interesting if the latter and not the former. I've not seen any academic research that asks the question at hand, only commercial research, which is usually of questionable validity.

If the conversion ratio really is 1:10, then perhaps Christian is on to something. But as I wrote before, Russell Caroll, director of marketing for Reflexive Entertainment, found the ratio to be much larger:
As we believe that we are decreasing the number of pirates downloading the game with our DRM fixes, combining the increased sales number together with the decreased downloads, we find 1 additional sale for every 1,000 less pirated downloads. Put another way, for every 1,000 pirated copies we eliminated, we created 1 additional sale.

Though many of the pirates may be simply shifting to another source of games for their illegal activities, the number is nonetheless striking and poignant. The sales to download ratio found on Reflexive implies that a pirated copy is more similar to the loss of a download (a poorly converting one!) than the loss of a sale.

Though that doesn’t make a 92% piracy rate of one of our banner products any less distressing, knowing that eliminating 50,000 pirated copies might only produce 50 additional legal copies does help put things in perspective. [emphasis mine]
Reflexive found that ratio to be 1:1000, not 1:10. But I also think that Olsson is framing the question wrong. It's not how many pirated copies are used for each purchased copy, because that doesn't tell us whether or not those who pirated the games would have bought them at all. The proper way to look at this is the way that Carroll investigated the piracy of Reflexive's games -- how many sales did additional (i.e., more difficult to crack) DRM generate? The number appears to be quite small.

My own experience with people who regularly downloaded games without purchasing them paints a different picture than the one that Olsson assumes. If these individuals were unable to crack the copy-protection, they would usually just move on to another game, not purchase the game that they could not crack. The only data that I've seen on this is from Reflexive, and their conclusion supports my anecdotal evidence.
Your discussion is right on – the real issue is how easy or difficult is it to copy? A hardcover book is a lot of work to copy, a loose leaf article much easier and an electronic article requires almost no effort to copy. Thus, digital content is much easier to copy. The task of good DRM is to make it more work to copy, so that anybody desiring the content will purchase it.
This answers Wardell's question, "Is the goal of IP protection to increase our revenue or is it to prevent people who aren't going to buy games from playing them?" And that answer is to "make it more work to copy," i.e., "prevent people who aren't going to buy games from playing them." I don't think that the case has been made that making DRM more difficult to crack will result in increased sales. If the Reflexive experiment says anything, it's that we shouldn't assume preventing piracy results in new sales.

But to the point I was making -- my consumption of digital content does not deprive another of the same consumption. Because digital content is so easily produced and distributed, we can have an unlimited number of virtual copies. Physical content, by contrast, has limitations -- only one person can use a book at any time, and there is no easy way to make a copy for another person. Therefore, because of the limitations of physical content, my consumption of the book does prevent another from the same consumption. If I take a book from the library, no one else can take out that book. If I download a copy of the book from the internet, the book is still available for everyone else. This is a key distinction that copyright law does not address. The nature of digital content is different from physical content, and thus, should be regulated differently.
The key word is ‘tools’. Everything can be broken ‘manually’ and/or by brute force. The key inventions in ByteShield aim to make it necessary to solve a large number of ‘puzzles’, one at a time. Yes, it can be cracked, but the work effort required is very large.
Here, Olsson essentially concedes my point. Whoever cracks the copy-protection will likely make it easy for others to do so as well, otherwise the hacker's effort won't be of use to most anyone else. For example, a crack isn't a detailed description about how to modify an .exe file, it is the modified .exe file. I don't mean to dissuade ByteShield's efforts, but at a fundamental level, it's all the same.
ByteShield’s answer is both – prevention will increase revenue, control of free, full-feature trials encourages purchases.
I've already discussed how why I don't think DRM will increase revenue, so I won't go over it again. However, I do think that full-feature trials could encourage purchases.
ByteShield believes protection is valuable if approached our way i.e. extremely large effort to crack, no or minor impact on honest users and no impact on PC game and software developers.
The last part of that sentence is key. I think that ByteShield understands the concerns of honest gamers, and so far their SUM protection scheme does appear to have a lesser impact on users than other schemes such as SecuROM and StarForce.
ByteShield will in such cases assist the Publisher in changing the ByteShield SUM protection from limited usage to free and unlimited usage.
This is also very good to hear. Value has said the same thing about Steam, which is one reason that I think a lot of people are willing to put up with Value's DRM. EA, on the other hand, has made no such promises and has a history of ending online support for past games. I think that is part of the reason so many people are upset with the way that EA handles copy-protection.
Online connectivity is becoming ubiquitous because of the benefits it affords users – always on, always up-to-date, always connected, etc, etc and ByteShield is simply taking advantage of that situation to enable copyright protection along with multiple user benefits such as ‘unlimited activations’ – yes an occasional internet connection is needed but this is a necessary component of balancing the rights of both copyright holders and honest users without all the other limitations of DRM systems.
I understand that ByteShield is taking advantage of the "always connected" aspect of some people's computers; however, this is still a limitation that did not exist before. I can take a book anywhere. I can read it in the car, on a train, or in my living room. If online activations and persistent re-activations are enforced, I will be unable to be so flexible with my digital content as I am with my physical content. This is what has been called a technological quick-fix, and as it is currently stated, conflicts with the values that we commonly associate with our cultural content.

Not to mention that not all users will have an "always connected" broadband internet connection, or even an internet connection at all. I don't have to phone Random House every time I open a book, so why should I have to phone EA every time I want to play a game?
About a year ago, a unit of the Department of Defense invested 2 months in trying to crack ByteShield and, as far as we can tell, they did not succeed (the results are classified).
I guess I'll have to take ByteShield's word for it. That does seem promising, though.
This is crucial to our product and why we view ByteShield as considerably more end user friendly than other solutions. End users can install the game/software on an unlimited number of computers and keep on adding installations, as hardware changes or system crashes etc. occur. The real item to control is not the number of installations; it is how many of these installations can be used, at the same time. Thus, with ByteShield, the permission to run moves from one PC to another, seamlessly. The publisher can decide, per activation code:

a) How many users will be allowed
b) How many active installations each user will be allowed
c) How quickly the permission to run moves from one user to another and from one computer to another
Ah, ok. This makes more sense to me now. ByteShield checks for multiple installations of the same software activating at the same time. While ByteShield allows for more permissive use of software, the decision appears to be up to the publisher/developer, ultimately. Would EA choose to be so permissive? Doubtful, considering that users can only have one account per copy of Spore, which was virtually unheard of beforehand. Think of it as getting only one save file with Doom.

Again, we're allowing technology to dictate our values instead of using law. I don't predict good things when we allow publishers/developers to have this kind of control, especially when the potential exists to circumvent long established user rights and expectations.

The most important point I want to get across is that digital content is different from physical content. Copyright law does not address these differences. DRM and other copy-protection schemes violate users' long held consumer rights more than they prevent piracy.

Ultimately, we need to decide what values we want to protect. Do we want to be able to use our cultural content as we see fit? Do we want to protect our seemingly natural inclination to share, modify, sample, and create further derivative works from existing works? Do we still believe that the works of artists/inventors are a public service, and that as an incentive to create such works the public grants said artists/inventors with a monopoly on production and distribution for a limited time?

4 comments:

Christian Olsson said...

Thank you Illegal Youth for taking the time to read our white paper and for your open minded thinking and points – we’ve tried to respond to these points below (your points replicated in italics):

Illegal Youth: 1. “I've not seen any academic research that asks the question at hand, only commercial research, which is usually of questionable validity.”
ByteShield: You’re right, there does not seem to be much academic research and perhaps that’s why companies have resorted to what you describe as ‘commercial research.’ The Goizueta Business School, Emory University, Atlanta GA academic research report “An Empirical Examination of Global Software Piracy: Implications for Pricing and Public Policy” doesn’t focus on software protection but it does investigate the effects of piracy and has some conclusions that you might find interesting:
• “contrary to some popular arguments that piracy necessarily leads to future sales, the overall beneficial effects of software piracy while indeed present, are quite limited”
• “we underscore the importance of enforcement actions such as law-suits in mitigating piracy and conclude that a focus on deterrence is superior to prevention strategies.”


Illegal Youth: 2. ““I don't think that the case has been made that making DRM more difficult to crack will result in increased sales. If the Reflexive experiment says anything, it's that we shouldn't assume preventing piracy results in new sales.””
ByteShield: Russell Carroll's post, that you quote, also explains that Reflexive uses an in-house developed DRM that they have repeatedly improved and continue to use. As one commenter (Jarmo Petajaaho) on the article put it, “DRM fixes 1 to 4 cumulatively increased sales more than 80%. That number is extremely hard to beat with other means (better demo, more marketing etc.) It seems to make a very good case for having strong DRM and keeping it updated.“ Russell’s follow-up post closes with “Clearly, if we could always have a big gain from a [DRM] fix that maintains itself, it is worth spending the time to fight piracy. However, since that isn't always the case, it can sometimes (often?) be pretty discouraging to try and stop piracy. I don't think that means that we should be any least [less] earnest in our fight…”
From our point of view the Reflexive example shows that DRM has increased revenue, though not as much as they would like. You are making our point that DRM has decreased piracy and increased sales. If Reflexive used ByteShield’s much stronger SUM protection they’d see more sales with very little impact on honest users.

Illegal Youth: 3. “ The most important point I want to get across is that digital content is different from physical content. Copyright law does not address these differences. DRM and other copy-protection schemes violate users' long held consumer rights more than they prevent piracy.”
ByteShield: We accept your point but until Copyright law changes that is the law we all have to deal with. We’re not attorneys but it seems to us that a system like ByteShield’s enables the ‘first sale’ principle to be applied to software instead of the current software industry approach to ‘license’ rather than ‘sell’ its products.

Illegal Youth: 4. “I think that ByteShield understands the concerns of honest gamers, and so far their SUM protection scheme does appear to have a lesser impact on users than other schemes such as SecuROM and StarForce.”
ByteShield: Thanks

Illegal Youth: 5. “I understand that ByteShield is taking advantage of the "always connected" aspect of some people's computers; however, this is still a limitation that did not exist before. I can take a book anywhere. I can read it in the car, on a train, or in my living room. If online activations and persistent re-activations are enforced, I will be unable to be so flexible with my digital content as I am with my physical content. This is what has been called a technological quick-fix, and as it is currently stated, conflicts with the values that we commonly associate with our cultural content.”
ByteShield: We agree that online connectivity is a new limitation, although it is becoming ubiquitous because of the benefits it affords users – always on, always up-to-date, always connected, etc, and that many publishers now offer online games for which online connectivity is a prerequisite to play.
A developer or publisher managing ByteShield protection of their game can select how many consecutive offline runs are allowed. This can be zero or any number (eg 20). If and when an online connection is made the ByteShield server resets the counter so the user may be oblivious to the issue (or the game developer can display the counter so the use is never surprised). As we said previously an occasional internet connection is needed but this is a necessary component of balancing the rights of both copyright holders and honest users without all the other limitations of DRM systems.


Christian
ByteShield, Inc.

Christian Olsson said...

Sorry the links don't work. They should be:

1) “An Empirical Examination of Global Software Piracy: Implications for Pricing and Public Policy”
http://digital.mit.edu/wise2006/papers/3B-3_piracy-choicemodel.pdf

2) Russell's post: http://www.gamasutra.com/php-bin/news_index.php?story=17408

illegal youth said...

Thanks again, Christian, for the thoughtful comments. I've responded in a new post.

setrst said...

"About a year ago, a unit of the Department of Defense invested 2 months in trying to crack ByteShield and, as far as we can tell, they did not succeed (the results are classified)."

Well,DoD better hire 'LIne Hackers UTD'.What I mean is this

http://linehackersutd.smfforfree3.com/index.php/topic,20.0.html

Cheers from setrst.blogspot.com