Steal This Essay 2: Why Encryption Doesn't Help
-----------------------------------------------
by Dan Kohn
"Doveriai no proveriai." (Trust but verify.)
- Russian proverb, as quoted by Ronald Reagan
Even as content becomes a public good, content creators (or at
least the publishing and recording industries that claim to
represent them) have been led to believe that encryption can
protect their revenue streams. As I noted in the first of these
essays, they are lambs being led to the slaughter.
http://db.tidbits.com/getbits.acgi?tbart=06604>
Why is all content becoming a public good? It has realistically
been nonrival for some time now, meaning that I can copy your CD
of music or software for a few pennies or less, and you are in no
way disadvantaged. (Of course, the author of that content may feel
quite disadvantaged by this "theft," but as long as I don't
scratch your CDs, there's no reason for you to care that I
borrowed them for a few minutes.) In fact, the central concept
of digitization - converting all content to streams of zeros and
ones - entails making it infinitely copyable without any loss of
quality, the very essence of nonrival goods.
What has only become clear in the last couple years (although
the Recording Industry Association of America - the RIAA -
still has its head in the sand) is that digital content is also
nonexcludable. Of course, tens of millions of dollars have been
spent on a variety of means to make digital content uncopyable.
Supposedly unremovable watermarks are embedded in images to detect
copies (e.g., SDMI and Macrovision), content is encrypted so that
it can only be viewed through an authorized player (e.g., DVD CSS
and Microsoft's and Real Network's digital rights management
systems being used in the music industry's Napster competitors,
PressPlay and MusicNet), or some form of registration is required
for activation (e.g., Office and Windows XP).
http://www.riaa.org/
http://www.sdmi.org/
http://www.macrovision.com/
http://www.dvdcca.org/
http://www.pressplay.com/
http://www.musicnet.com/
**Encryption Is Ultimately Futile** -- The problem with the
security of these approaches is that, as cryptographer Bruce
Schneier points out, there are basically only two types of users:
regular ones against whom _any_ form of copy protection will work,
and experienced hackers, whom _no_ form of technology can stop.
Your technophobe mother represents the first category, and your
geeky nephew exemplifies the members of the second category. Why
can't the hackers be stopped by encryption? If the challenge were
just to transfer a file from one point to another without letting
someone get to see its contents, encryption is up to the job. But,
consumers don't listen to or watch encrypted versions of content.
(I have, and it looks like static). They watch the regular,
unencrypted version. So, somewhere close to the user, the content
must be decrypted. And that decryption process typically runs on a
PC, where experienced hackers can watch it work one instruction at
a time, and change those instructions to enable the unencrypted
content to be copied.
Phrased differently, as long as the intention is ultimately to
deliver the content to the customer (and hopefully even the RIAA
is still trying to do that), then it's impossible to stop wily
hackers from getting at the content in its unencrypted form and
having their way with it. "Trying to secure [digital goods] is
like trying to make water not wet," Schneier said recently. "Bits
are copyable by definition."
In early 2000, a 16-year-old in Norway named Jon Johansen was
upset because he wanted to be able to play DVD movies in his Linux
box's DVD drive, but the movie industry had not authorized any
players for Linux. So, working with several anonymous contacts on
the Internet, he cracked the copy protection scheme used by all
DVDs, enabling them to be played on his machine and, incidentally,
to be copied endlessly and perfectly. (The Norwegian police
actually confiscated his computer at the request of the Motion
Picture Association of America several days after he distributed
the code on the Internet, providing a classic example of tardy
barn door closing.) More to the point, one could ask what chance
any copy protection scheme has, when random 16-year-olds with an
Internet connection can succeed in breaking it in their spare
time.
But the news for authors such as myself, who might want to get
paid for our work, gets worse. There are many in the music
industry who believe that a 98 percent copy protection rate would
be just fine, the same way that department stores calculate a
presumed level of spoilage (i.e., stolen goods) in their
inventories. That works for department stores because their goods
are rival, so that even if a few shoplifters get their items for
free, everyone else still has to pay. The problem for the RIAA is
that nonrival content means crack once, run everywhere. That is,
all it takes is one smart hacker to defeat the copy protection
schemes for everyone. Then, your nephew can either distribute his
hacks in an easy to use format that even your mother can install,
or, more directly, he can just distribute the unencrypted content.
**Advertising Support?** If content can't be made excludable (and
thus easily charged for) via encryption, perhaps there are other
ways to build business models around content. What about
advertising? After all, broadcast television is essentially
nonrival and nonexcludable, and it's financed by advertising.
Unfortunately, no. First, as they have become ubiquitous, banner
ads have dropped dramatically in effectiveness, as measured by
click-through rates, which have fallen from 4 percent to 0.1
percent. This is not too surprising, given that most people hate
banner ads and do everything to try to ignore them. Ad rates for
some large sites have fallen correspondingly from 40 cents per
impression to less than 0.1 cents, one of the primary causes of
the many new applications of former dot-com employees for
Starbucks barista positions.
And for content providers, the news grows still worse. The
downturn in the economy has made it harder, particularly for
publications without loyal readers, to attract advertisers, even
at the lower ad rates. Then there's software such as WebWasher
that automatically detects the banner ads on any given Web page
and strips them out, which incidentally causes the page to load
faster (just as a 30 minute television sitcom can be viewed in 22
minutes without the ads). Ad blocking software replaces the ads
that are supposed to be funding the content with blank space,
which is what content providers' revenue models are starting to
look like. The software is not perfect, but it's getting better
and is already effective enough to strike fear into the hearts of
content publishers and advertisers.
http://www.webwasher.com/en/products/wwash/functions.htm
Even the soap companies that have funded so many years of daytime
drama may start reconsidering their advertising budgets over the
next decade, as digital video recorders such as TiVo become
increasingly common. These enable viewers to have their favorite
shows easily stored to a hard drive, where they can be
conveniently replayed at the time of the viewer's (rather than the
programmer's) convenience. Imagine setting your own viewing
schedule rather than having it dictated by snotty network
executives in LA and New York. Plus, these devices let you skip
right past the commercials with a few clicks of the remote,
thereby crumbling the foundations of 50 years of a profitable
broadcast industry. New PC-based recorders such as SnapStream even
support sharing recorded shows across the Internet, enabling video
to take its place next to MP3s on the new peer-to-peer networks
that are quickly replacing Napster. Why schedule your evening
around a broadcast schedule and sit through brain-numbing
commercials, when the show is available whenever you want it with
the commercials already edited out? A world full of digital video
recorders is one in which the couch potato is liberated from the
slings and arrows of network programming (how dare they put that
promising new show against Survivor!), and once again is empowered
to make real choices about how, when, and what to watch. [For more
on TiVo, see Andrew Laurence's two-part article series "TiVo:
Freedom Through Time Shifting" and be sure to read the in-depth
TidBITS Talk discussion on how personal video recorders are
changing advertising. -Adam]
http://www.snapstream.com/
http://db.tidbits.com/getbits.acgi?tbser=1204
http://db.tidbits.com/getbits.acgi?tlkthrd=1461
Are there any categories of content from which individuals can be
excluded? Only two that I can see. The first is showing movies at
movie theaters. With a significant investment in digital
distribution, and an even bigger investment into physical security
at the theater, studios should be able to distribute movies
without them immediately being copied onto the Internet (but watch
out for those 16-year-old projectionist/hackers). The other
category would appear to be Web services, where software is split
into components that are loosely coupled and distributed across
the Internet. Since you're interacting with numerous other
computers, your identity can be continually reaffirmed (what
Microsoft is planning with Hailstorm), making it nearly impossible
to avoid paying. But any software that supports a disconnected
mode (such as an operating system), can be easily (by hacker
standards) modified so that it no longer "calls home" to ensure
authenticity. The registration system for Windows XP was cracked
so that running a simple program will remove the requirement for
online activation, six months before the software was even
released.
Content won't truly be a pure public good for another ten years or
so until broadband home Internet connections are ubiquitous,
making it trivial to transfer large files around. But, since the
process is already accelerating (Napster began with college
students who already have broadband connectivity, and some new
peer-to-peer file sharing services are designed explicitly for
downloading very large files in the background), it's worth asking
why anyone will create content when the old models for getting
paid don't work. The answer will have to wait for another essay.
[Dan Kohn is a General Partner with Skymoon Ventures. His writings
are announced through <[EMAIL PROTECTED]> and can
be discussed through <[EMAIL PROTECTED]>.]
http://www.dankohn.com/
http://www.skymoonventures.com/
---
You are currently subscribed to e-gold-list as: archive@jab.org
To unsubscribe send a blank email to [EMAIL PROTECTED]
Did you know that e-metal is a wonderful holiday gift? Avoid the hassle this year!
