The Two Best Books About the DMCA

The blogosphere is doing a great job examining the legacy of the Digital Millennium Copyright Act (DMCA), which was enacted into law ten years ago this week. But people frequently ask me where they can turn for a more in-depth analysis of the DMCA, DRM, and their impact on digital culture. For them, there are two books I recommend first and foremost.

First, there is Jessica Litman's Digital Copyright, which does a masterful job explaining how the DMCA (and much of the rest of our copyright law) came to be. Tracing the law from its beginnings in the internal bureaucracy of the Clinton administration in 1992, over to the international treaty realm of the World Intellectual Property Organization (WIPO), and back to Congress, her account lays bare the political realities that produced a law that put corporate interests before the public interest.

Second, there is Tarleton Gillespie's Wired Shut, which picks up where Digital Copyright leaves off, tracing how the DMCA has been used as part of a larger effort to use technology and law to "weld the hood shut" on new digital devices. Tarleton's book is a bit more academic in tone than Jessica's, but at the heart of it are three fantastic chapters than provide a full historical accounting of the controversies surrounding (1) SDMI (chapter 5); (2) the development of CSS, used to encrypt DVDs (chapter 6); and (3) the broadcast flag for digital broadcast television (chapter 7). For those who want to get right to the action, I recommend starting at Chapter 5. EFF was deeply involved in all three of these watershed digital controversies, so to some degree these chapters are also a history of our digital copyright efforts.

If you want to understand what the DMCA does, and how we ended up with it as the law of the land, these two books are where to start.

[Permalink]

DMCA: Ten Years of Unintended Consequences

Today is the tenth anniversary of the Digital Millennium Copyright Act (DMCA), signed into law by President Bill Clinton on October 28, 1998. EFF is marking the occasion with the release of a 19-page report that focuses on the most notorious part of the law: the ban on "circumventing" digital rights management (DRM) and other "technological protection measures." The report, entitled Unintended Consequences: Ten Years Under the DMCA, collects reported cases where the DMCA was used not against copyright infringers, but instead against consumers, scientists and legitimate competitors.

The collected stories are like a trip down memory lane for those who have followed digital freedom issues over the past decade. Here are a few examples of DMCA abuse in the report that you might remember:

• In 1999, Sony sues Connectix over the Virtual Game Station, which let you play your legit Playstation games on your Macintosh.
• In 2001, the Secure Digital Music Initiative (SDMI) threatens Princeton Professor Ed Felten's research team over disclosure of vulnerabilities in audio watermarking technology.
• In 2001, Russian programmer Dmitry Sklyarov is arrested after speaking at Defcon, accused of building software for his employer, ElcomSoft, that converted Adobe e-books to PDF.
• In 2002, Blizzard sues a group of hobbyist open source developers over bnetd, server software that allows people to play Blizzard games against each other over the Internet.
• In 2003, Lexmark uses the DMCA to block distribution of chips that allow refilling of laser toner cartridges.
• In 2004, Hollywood succeeds in shutting down 321 Studios' DVD X Copy software, which allowed people to make backup copies of their own DVDs.
• In 2006, computer security researchers at Princeton delay disclosure of the Sony-BMG "rootkit" based on fears of DMCA liability.
• In 2008, Hollywood targets Real Networks over RealDVD, software that allows you to copy DVDs to a hard drive for later viewing.

The collection of stories makes vividly clear what EFF has been saying for the past ten years: the DMCA has harmed fair use, free speech, scientific research, and legitimate competition.

That's all the more galling because the law has failed in its stated goal of preventing digital piracy, instead being used to prop up weak DRM schemes whose only purpose is to hinder competition, innovation, and interoperability. That explains why the music industry has largely abandoned DRM, while the Hollywood studios cling to it more fervently than ever.

Not everything in the DMCA is bad. While the anti-circumvention provisions have proven to be a dangerous failure, the so-called "safe harbor" provisions for online service providers have succeeded in creating enough legal certainty to launch companies like Yahoo, Google, eBay, YouTube, and MySpace. Of course, copyright owners have been working hard in cases like Viacom v. YouTube and Io v. Veoh to erode these safe harbors. And, while the safe harbors have protected intermediaries like Google, they have not adequately protected the free speech interests of internet users, as the McCain-Palin campaign recently learned.

There have been recent rumors that the new Congress might reopen the DMCA, creating an opportunity for reform. Unfortunately, that may also create an opportunity for MPAA and RIAA mischief. For now, here's hoping that the DRM continues its slow death and the anti-circumvention provisions become less relevant to real businesses, while the courts continue to interpret the safe harbors to leave a door open to the Internet's disruptive innovators.

P.S. For more perspectives on the DMCA's origins and legacy during this 10 year anniversary week, see Freedom to Tinker and the Public Knowledge blog all this week.

[Permalink]

Why Hollywood Hates RealDVD

Why does Hollywood hate RealDVD so much? Here's a hint: it has nothing to do with piracy and everything to do with controlling innovation.

Earlier this week, a district court in San Francisco extended the temporary restraining order (TRO) blocking RealNetworks' distribution of its RealDVD software, at least until a full-dress preliminary injunction hearing can be held sometime in late November. Although reporters have done a good job reporting on the hearing, they have not answered a more basic question: why does Hollywood care so much about RealDVD in the first place?

It's not about piracy. After all, those who want to copy DVDs have plenty of free, widely available, easy-to-use software to choose from (e.g., Handbrake, DVD Shrink, Mac The Ripper). And those who want to skip the tedium of DVD ripping altogether can easily download movies from unauthorized sources like The Pirate Bay. In short, Hollywood can't possibly believe that the $30, DRM-hobbled RealDVD software represents a piracy threat in an environment rife with easier options.

So why unleash all the expensive lawyers to kill RealDVD? Answer: to send a message about what happens to those who innovate without permission in a post-DMCA world.

As we've said for years, DRM systems like the Content Scramble System (CSS) used on DVDs are not principally about preventing piracy. Rather, DRM is the legal "hook" that forces technology companies to enter into license agreements before they build products that can play movies (Hollywood lawyers candidly admit this "hook IP" strategy). Those license agreements, in turn, define what the devices can and can't do, thereby protecting Hollywood business models from disruptive innovation.

This arrangement reverses the previous innovation status quo. Where non-DRM'd content (e.g., books, broadcast TV, the CD) is concerned, innovators do not have to ask permission before building new products that can copy and play copyrighted works (e.g., the photocopier, the VCR, the iPod). But where DRM'd content like DVDs are concerned, Hollywood intended the DMCA's anti-circumvention provisions to slam the door on that kind of disruptive innovation. After the DMCA, technology vendors would have to ask permission, sign licenses, and make concessions, if they were going to build things to play DRM'd Hollywood movies.

So it's not that Hollywood implacably hates personal use format-shifting and space-shifting -- rather, Hollywood wants to make sure those new features happen on Hollywood's terms ("pay us again"), on Hollywood's timetable ("later"), and only after valuable concessions have been wrung from technology companies ("watermark detection, compliance & robustness requirements, down-rezzing").

That's why RealDVD is such a threat. By reading the existing CSS license carefully, Real (and Kaleidescape before it) found a way to create a new product category without first getting permission from (and paying obeisance to) the Hollywood studios. Real's defection represents a threat to several schemes that Hollywood has been working on for throttling DVD innovation over the next several years. For example:

• Managed Copy: Hollywood has been negotiating for years with technology companies over "Managed Copy," a mechanism that will allow limited copying of DVD and Bluray discs onto PCs and portable devices. "Managed Copy" has been promised for years, yet has not materialized, thanks to power struggles inside the organizations that run the relevant DRM licenses (DVD-CCA for DVDs, AACS-LA for Bluray). In the course of these negotiations, Hollywood has managed to wrest several important concessions from technology vendors (including requiring that computers do watermark detection to spot pirated copies when reading data from Bluray discs, and imposing DRM on resulting copies). If those technology companies can build things like RealDVD and Kaleidescape under the terms of the existing contract, then the prospect of more negotiations and concessions for Managed Copy suddenly seems much less appealing.
• Digital Copy: Hollywood has begun selling DVDs that come with a second disc that permits the making of a copy on a PC. The catch? You have to pay extra for the right to make this personal use copy -- in other words, Hollywood is stealing your fair use rights and selling them back to you piecemeal.
• Internet Download Services: you already bought it on DVD, but now Hollywood wants you to buy it a second time from iTunes, Amazon, or MovieLink if you want to watch the same movie on a PC or iPod.

So that's the real story here. It's not about piracy. It's about Real defecting from the DRM licensing cartel, building what consumers want now instead of negotiating endlessly for a spot in Hollywood's next Five Year Plan for the DVD format.

[Permalink]

Why MPAA Should Lose Against RealDVD

Earlier this week, the motion picture industry sued RealNetworks over its RealDVD software. The MPAA companies also asked for an immediate temporary restraining order (TRO) to block Real from distributing the product, which allows consumers to copy their DVDs onto their personal computers for later playback.

There are many obvious reasons why this is a short-sighted and futile gesture by the studios (as Jon Healey of the L.A. Times points out), but let's focus just on the fatal flaws in their legal theory. (We've posted the key legal documents, including TRO briefs, for those who want to read them and form their own opinions.)

In order to obtain a TRO or preliminary injunction, the studios have to demonstrate both (1) a likelihood of prevailing on the merits of the case and (2) irreparable harm if they don't get an immediate order blocking distribution of RealDVD. They fail on both counts.

Irreparable Harm ... Not

Let's take "irreparable harm" first. The studios claim that if consumers get the power to copy DVDs (gasp!), it will be a catastrophe for Hollywood's DVD, VOD, and digital download businesses. I'm not sure what alternate version of reality the MPAA is living in, but consumers have been able to copy DVDs for a long time, thanks to free, widely available DVD rippers like Handbrake, DVD Shrink, and MacTheRipper. And, as we pointed out back in 2006 in a filing with the Copyright Office, this isn't a fringe activity only for hacker super-users. DVD rippers are in wide circulation and have been routinely reviewed in the mainstream press (like the Fort Worth Star-Telegram, PC World and MacWorld, not to mention Lifehacker). In fact, most of us were wondering how RealDVD was going to compete with Handbrake, particularly since RealDVD costs more ($30 v. free) and does less (Windows only v. multi-platform, DRM restrictions v. no restrictions).

So if DVD copiers are already in the hands of millions of consumers, how does the introduction of RealDVD threaten "irreparable harm" to Hollywood? Answer: it doesn't.

Hollywood also argues that "Real's (false) prophesies of legality have the likely potential of altering consumer attitudes towards DVD-copying and, accordingly, consumer behavior." That's absurd. If the distribution of RealDVD does not threaten irreparable harm (because it's just one more DVD ripper), then Real's public statements about their legal position (all protected by the First Amendment) certainly can't tip the balance. After all, the MPAA's litigation, legislation, and public education efforts have already reached far more consumers than Real could ever hope to. Plus, there are those FBI warnings in every DVD, as the studios tout in the first line of their TRO brief: "Anyone who has ever watched a popular movie on a DVD knows from the opening frames that copying the content of the DVD is strictly prohibited."

[Aside for law nerds: The studios also make a half-hearted claim that they are entitled to a presumption of irreparable harm because that's the norm in intellectual property cases. That argument died two years ago, with the Supreme Court's 2006 ruling in eBay v. MercExchange rejecting those "presumptions." In fact, these same movie studios lost this same argument in front of the district court judge in MGM v. Grokster last year. See 518 F.Supp.2d 1197, 1212-14 (C.D. Cal. 2007).]

DMCA Violation ... Not

Nor are the studios likely to prevail on the merits of their DMCA claim. According to the studios, RealDVD "circumvents" the CSS encryption system that protects DVDs. The problem with that argument is that Real has a license from DVD-CCA to decrypt DVD movies, and the DVD-CCA v. Kaleidescape case tells us that the license does not prohibit making bit-for-bit digital copies of DVDs, so long as you keep them secure and play them in a software player that complies with the license requirements. This brings us to the heart of the studio's argument:

Although Real has authorization under the CSS license to use the decryption keys and licensed technology to play content on DVDs, Real does not have authority to use that technology to make a permanent, playable copy of DVD content. By using authorized technology for an unauthorized purpose, Real "avoid[s]," "bypass[es]" and "impair[s]" those very measures. In short, RealDVD circumvents CSS's access- and copy-control protections.

The trouble with this line of argument is that two courts have ruled that "using authorized technology for an unauthorized purpose" does not violate the DMCA. According to those courts, if someone gives you a password, and then you use it in an unauthorized way, there's no DMCA "circumvention." Here, the "password" would be the CSS keys to decrypt DVDs, which Real received as a DVD-CCA licensee. So using those keys for an "unauthorized purpose" is no DMCA violation. And, since the studios are seeking their TRO based solely on the DMCA, that should be the end of that.

[Aside for copyright nerds: if you believe the MPAA that the DVD-CCA license does not authorize "copying," but only "playback" of DVDs, then what about all the temporary RAM copies that are made by all licensed DVD players? The MPAA just got done arguing strenuously in the Cablevision case that all those RAM copies count as copies, no matter how short-lived. Have they changed their minds and embraced the Second Circuit's contrary ruling?]

The court should deny the TRO (and any subsequent preliminary injunction). Let the MPAA try to prove its case in court. In the meantime, let Real distribute RealDVD into the crowded market of PC-based DVD rippers and hard-drive based DVD jukeboxes. After all, Handbrake is more likely to kill off RealDVD than Hollywood is.

[Permalink]

The Latest on DVD Copying

Real Networks has received quite a bit of attention thanks to the launch of its Real DVD software, designed to allow people to copy their DVDs to their hard drives for later playback. (Why is that a big deal? Because Hollywood DVDs are encrypted with CSS, and if you decrypt them without permission, the motion picture industry's lawyers may come a-callin'.)

Today there are two approaches for those who want to make and distribute DVD copying tools. First, you can just build a DVD decryptor, the U.S. court cases that have held that the distribution of those products violates the DMCA notwithstanding. Despite those legal precedents, there is no shortage of free, easy-to-use tools that take this approach, including Handbrake (Win/Mac/Lin), DVD Shrink (Win), or MacTheRipper (Mac). (The motion picture studios argue that anyone who uses these tools violates the DMCA, as well.)

The other approach is the one pioneered by Kaleidescape: sign licenses with the DVD-CCA (the cartel that controls the CSS encryption technology), build a licensed player, make bit-for-bit copies of encrypted files from DVD (aka "DVD archiving" as opposed to "DVD ripping"), and play back those files in the licensed player. DVD-CCA subsequently sued Kaleidescape claiming that the license requires that the original DVD be physically present in the device upon playback, but Kaleidescape prevailed. The case is currently on appeal (DVD-CCA filed its opening brief in December 2007).

Real has chosen to follow in Kaleidescape's footsteps. Apparently, it is not alone -- CEPro has an informative article summarizing all the DVD media server solutions for the home theater market that were announced at the recent CEDIA conference. Looks like Hollywood's iron-fisted grip of DVDs is slipping a little every day.

UPDATE: CEPro has followed up with an article that gathers all the FAQ answers offered by makers of DVD copying/server solutions (Kaleidescape, Real, Escient, ReQuest, Xperinet, Axonix, Fuze Media) to the question "how is this legal?"

[Permalink]

What If the Kindle Succeeds?

The news recently has been full of reports that Amazon's e-book reader, the Kindle, is doing better than expected. Analyst Mark Mahaney from Citibank says Amazon is on track to sell about 380,000 Kindles this year, and says the Kindle "is becoming the iPod of the book world," with sales expected to hit $1 billion by 2010.

For it's part, Amazon remains coy about releasing the actual numbers, so it might be best to take these predictions with a grain of salt — and sales of the Kindle haven't come close to the numbers for the iPod. But Amazon has reported that, of titles carried in both paper and electronic form, the e-books comprise 10% of sales, a percentage that is likely to grow.

Steve Jobs said recently that the whole idea of e-book readers was flawed since "people don't read anymore". But for those of us who do read, the e-book elicits skepticism for different reasons. For us, the look and feel, even the smell, of a physical book is part of the joy of reading. Will anyone actually want to curl up with an electronic device for an evening of literary comfort?

But the success of the Kindle suggests that some people will. And digital books bring some advantages that suggest the trend won't disappear any time soon:

• Ease of access: We have become accustomed to the fact that we can access millions of songs and albums instantaneously online, with a single click. The same is now increasingly possible with books.
• Ease of sharing: Everyone loves to share a good book with friends. Digital books can be shared as easily as sending an email — and you don't need to give up your copy in order to do so! (Publishers may try to restrict copying with DRM copy protection, but as we saw with MP3 files, this strategy will fail.)
• Ease of carrying: A single Kindle device can carry at least 200 books. As the technology improves, you will soon be able to carry a copy of your entire library in your bag (and have a back-up at home), just as you now carry your music collection in your pocket.
• Price: As more people use digital books and as competition increases, the price of digital books will come down, reflecting the real costs of production — no expensive printing, no shipping across country or storing in warehouses.

Skeptics should remember that it wasn't long ago that many predicted that CDs would never replace vinyl, and later that MP3s would never replace CDs. You can still find great record stores that specialize in vinyl, but the trend towards digital music has been steady and unstoppable. And the music industry has paid a huge price for their failure to embrace the new technology. After first ignoring new technologies, they then proceeded to try to sue innovators, restrict users with DRM copy protection and then punish fans with indiscriminate lawsuits, none of which did a thing to stop online sharing of music. Sales are down, illegal filesharing is up, and no one has found a way to unite the industry around monetizing the sharing of digital music (though EFF has suggested a Better Way Forward).

Will the same thing happen to the publishing industry as books become digital? If the trend continues, with better devices promising longer battery life and better screen resolution, digital books will become a force to be reckoned with. Are we doomed to watch the publishing industry run through the same gamut of bad decisions that have plagued the recording industry for the last few years?

Here are some questions the book industry should be asking itself.

[Read the entire post]

DRM for Streaming Music Dies a Quiet Death

Yet another nail has been driven into DRM's coffin, this time for streaming audio (PCPro has a nice overview of the state of DRM for digital music).

Two of the leading on-demand streaming music sites, iMeem and LaLa, are not using DRM on their audio streams, instead sending the music as MP3s dusted with a dash of obfuscation. This is significant because both sites have been licensed by all the major record labels -- the very same record labels that were just last year pushing Congress to require DRM on all noninteractive webcasts. So it looks like the RIAA companies have changed their minds, dropping DRM requirements for the on-demand streaming music services.

This should put an end to legislation to mandate DRM on noninteractive webcasters. After all, why should these webcasters be in a worse position than the free, on-demand music services like LaLa and iMeem?

This also undermines the argument that DRM for music is necessary for subscription services. If the major labels have given up DRM for free, ad-supported (correction: iMeem is ad-supported, LaLa is free for a first listen of a track, 10 cents for repeat listening), on-demand streaming services like LaLa and iMeem, there's no plausible reason to insist on DRM for paid subscription services like Rhapsody and Napster 2.0. After all, there's no reason to think that those who prefer commercial-free subscriptions like Rhapsody are more likely to "pirate" streams than those who prefer ad-supported services like LaLa iMeem.

LaLa and iMeem each take slightly different approaches to streaming music. LaLa uses HTTP to download each requested song as an MP3 to your browser, but relies on aggressive "no-cache" headers and pre-expired date stamps to suggest that your browser not make a copy of the file on your hard drive. Using a packet sniffer to capture the entire HTTP session, however, easily reveals the complete MP3 embedded right after the HTTP headers.

iMeem also downloads and caches each requested song, but sends the MP3 as the audio track of a Flash Video file. This FLV file is typically saved (cached) on your hard drive as an obscurely named temporary file, which is overwritten when you request your next song (we mentioned iMeem's approach back in January, and it's essentially unchanged). Copy this temp file, however, and you can easily extract the audio track from the Flash video, saving it as a stand-alone MP3 file.

(The location of this TemporaryItems folder, and its equivalent on other operating systems, varies significantly depending on operating system and version. On some operating systems it's buried deep within the directory hierarchy, but it can be found automatically with standard tools.)

While the light obfuscation used by iMeem and LaLa might create a "speed bump" of inconvenience for users who want to keep the MP3 files, it doesn't rise to the level of a "technical protection measure" protected by the DMCA. In short, this is yet another example of why there is no legitimate business case for DRM on music -- it doesn't prevent piracy and it's not necessary to enable "new business models" like subscription or ad-supported music. (Of course, as the movie industry has demonstrated, DRM can still be valuable for impeding competition and putting the brakes on disruptive innovation. But it's hard to see how the law should protect those goals.)

[Permalink]

In Memoriam: Ed Foster, 1949-2008

Ed Foster, the journalist and consumer advocate behind InfoWorld's GripeLine column and GripeLog blog, died of a heart attack this weekend. He was 59.

It's no exaggeration to say that Ed was one of the preeminent consumer rights activists of the digital age. During his more than 20 years as a "reader advocate" at InfoWorld, he was far ahead of his time, recognizing that in a world increasingly dominated by software and online services, the digital consumer needed a champion when squaring off against the likes of Microsoft, Adobe or AutoDesk. Following in the traditions of the best consumer reporters before him, Ed exposed software vendors and online service providers that treated their customers shabbily.

But it was in his tireless work against "sneakwraps" -- those "end user license agreements" (EULAs) and "terms of service" (TOS) that require our "agreement" -- that Ed was without peer. You may not be reading all those "agreements" before you click thru, but Ed was. He recognized earlier than most that sneakwraps were going to be the digital consumer's worst nemesis, the mechanism that stripped consumers of the legal protections they enjoy when buying a book, a chair, or an automobile. Long before most consumer groups were thinking about sneakwraps, Ed was covering and participating in efforts to block UCITA, a package of state laws pushed by large software vendors that would have stripped consumers of valuable protections under contract law (UCITA was ultimately adopted by only two states, VA and MD, and has since been abandoned). Ed also contributed his insights on DRM, product activation, and reverse engineering to groups like AFFECT (Americans For Fair Electronic Tranactions) and EFF, making sure we knew what consumers were dealing with in the trenches.

Ed will be sorely missed, both professionally and personally, by all who benefited from his wisdom. Here are a few of my personal favorites from among his remarkable output of columns and posts:

Embroidering on a Copyright Shakedown Theme -- casting the spotlight on the "Embroidery Software Protection Coalition" (ESPC) after it sent settlement demand letters to grandmothers who bought embroidery software on eBay. Based on Ed's tip, EFF stepped in to protect the interests of innocent purchasers.

Sneakwrap Files: McAfee Automatic Renewals -- a consumer advocate's classic, wherein Ed confronts McAfee over the "automatic renewal" provision buried in the fine print of their EULA. McAfee backs down and coughs up a refund.

The Lexmark Car -- an April Fool's post explaining what the world would be like if a car manufacturer tried to get away with the kinds of shenanigans practiced by Lexmark in connection with their laser toner cartridges.

Into the DMCA Groove -- in 2003, an eBay seller gets into hot water after trying to auction a promo CD given away at The Gap. Ed cries foul, predicting 5 years in advance the exact outcome of EFF's UMG v. Augusto case, where a court found that "promo use only" labels can't trump the first sale doctrine.

[Permalink]

Yahoo! Offers Refunds to Customers Who Bought DRM-Crippled Tunes

Last week, Yahoo! faced a predictable backlash when they announced that they would be ending support for the DRM that came with music sold through its Yahoo Music service. EFF and others criticized the decision, saying Yahoo should either continue to support the DRM or compensate their customers with refunds and/or replacement mp3s. Now, Yahoo has happily chosen to do right by their customers and provide full refunds for any music sold through Yahoo Music that came wrapped in what is soon-to-be obsolete copy protection.

As many commentators have noted, this is not the first such DRM kerfuffle, and it won't be the last. DRM creates headaches, not just for the customers who find their use of their music restricted, but also for the companies that sell it, since they are required to ensure the DRM will continue to work under each new operating system change as time goes on. When companies try to phase out their DRM support — as MSN Music tried to do a few months ago — they face outraged customers who find the music they paid for will no longer play the next time they upgrade. (MSN decided to delay the decision by continuing support for DRM until 2011.)

Small wonder that so many online music retailers continue to move away from DRM and towards more user-friendly formats like MP3s. But this problem will continue to dog the companies that sold DRM music to customers in the past. Online music retailers like Yahoo, MSN Music, and Apple's iTunes have sold millions of tracks burdened with copyright protection that will require continued support if customers are to receive what they thought they paid for. Those customers handed over their hard-earned cash for music that they expect to be able to continue to enjoy now and in the future — just as we continue to enjoy the vinyl records and even 8-track tapes that were sold decades ago. Companies like Yahoo have an obligation to ensure that expectation is met.

Yahoo's decision sets a good precedent for when this problem inevitably arises again. Vendors that sold DRM-crippled music must either continue supporting tech that no one likes — as MSN Music chose to do — or take Yahoo's path and fairly compensate consumers with refunds. It's the right thing to do.

[Permalink]

Here We Go Again: Yahoo! Music Throws Away the DRM Keys

Just over a month after consumer backlash caused MSN Music to rescind its decision to deactivate the digital rights management ("DRM") servers that allowed MSN Music purchasers to "reauthorize" music files after upgrading operating systems or buying new computers, Yahoo! Music has decided to deactivate its own DRM servers.

The ironically named Yahoo! Music Unlimited Store will shut its virtual doors in September, and, as of October 1, will no longer provide license keys for music purchased from the store, nor will it authorize song playback on additional computers. That means Yahoo! Music customers will not be able to transfer songs to “unauthorized computers” or access the songs after changing operating systems. Yahoo! advises customers to back up their music to a CD if they want to be able to access it in the future. In other words, Yahoo! wants its customers to invest more time, labor and money in order to continue to enjoy the music for which they have already paid. In fact, the more music they bought, the more work they'll have to do. What is worse, this suggestion could put customers at legal risk, as they may not have documentation of purchase. Furthermore, there is no certainty that all relevant copyright owners would agree that making such backup copies without permission is lawful.

We’ve warned music fans for years that they could lose their DRM-wrapped music if vendors decided to withdraw support for it. Nonetheless, we hoped that the experience of MSN Music would encourage other vendors to think twice before making their customers pay the price for the vendors’ own faulty business decisions.

If Yahoo! wants to make things right, it should do the following:

• Issue a full public apology to your Yahoo! Music customers.
• Offer to refund the purchase price of the affected downloads or, at the customer's option, provide replacements from an online store that offers the same tracks in a DRM-free format.
• Ensure that all Yahoo! Music buyers have (or have permanent access to) receipts identifying dates, amounts, and titles purchased, so they have proofs of purchase. Or, better yet, offer to cover their legal costs if they are hit with a copyright infringement claim based on a song purchased through Yahoo! Music.
• Widely publicize the above measures so that Yahoo! customers know their options. That publicity should include, at a minimum, advertising in major music magazines and newspapers in every major U.S. city, as well as targeted keyword advertising.

At the very least, this announcement is further evidence (if such evidence were needed) that DRM is just bad business. It's bad for the consumers who don't actually own the music they pay for; it's bad for the rightsholders who lose out when legal copies of their songs are worth less than illegally obtained copies; and it's bad for the companies that must choose between maintaining technology that is defective by design or violating the trust of their customers.

[Permalink]