Tuesday, December 06, 2005

digital rights malware

you might think that there's a legitimate need for DRM... you might think that DRM gives users options and flexibility... you might think that the Sony BMG DRM rootkit fiasco was an isolated incident that would never happen again...

you'd be wrong...

digital rights management, or more accurately digital rights malware is a technology whereby people who provide the user with content exercise what they feel is their right to take some measure of control over the user's electronic equipment...

it doesn't prevent copying (it can't prevent copying), at best it prevents using copies on machines that the content providers (or DRM providers acting as agents of the content providers) don't think the user should be allowed to use the copies on... i say at best because it totally ignores the concept of the darknet which effectively renders copy controls useless as soon as one person finds a way around the controls...

DRM takes control of the user's equipment - not to the same degree (usually) as a remote access trojan, but it's still taking some control and it is doing so without the authorization of the user... even under those circumstances where the full extent of the DRM's behaviour is revealed in an End User License Agreement (EULA), the EULA will go unread (as they all do) because EULA's are so full of legalese that the ordinary person can't actually understand them...

DRM can't work without treating the user as an opponent, it's entire reason for being is to prevent the user from doing things that the user wants to do... there can be no legitimate need to install software on user-owned computers that acts against the user's interests unless you condone a copyright police state...

copyright should be protected by law, not technology, but the content providers don't trust the law to do that so they turn to DRM in order to gain more control... then they lobby for anti-circumvention laws to protect their DRM, effectively legitimizing the control they're grabbing in the eyes of the law and shifting the authority to make copyright policy away from the government and towards content providers (with all their vested interests)... but of course they don't trust the laws that protect DRM anymore than they do the laws that protect copyright so they employ additional offensive technology to protect their DRM as happened in the Sony BMG debacle, and as will continue to happen (though with better PR) and possibly even escalate... it has to keep happening or the content providers have to start relying solely on the law to provide protection, thereby giving up the control they so obviously desire...

ultimately what it comes down to is control... DRM is meant to usurp the user's (and, when combined with anti-circumvention laws, the government's) control and therefore is much deserving of the malware classification (even if anti-virus/anti-spyware/anti-malware vendors can't or won't deal with that particular class of malware (yet)...

0 comments: