In the course of my recent extended interview with Cory Doctorow in Budapest, I asked him whether he saw parallels between post-Charlie Hebdo government attitudes towards cybersecurity and Big Publishing/Big Media attitudes towards DRM. This was his response.
The way to understand how big publishers think about DRM is not that they think it really prevents piracy. If you press them on this, their standard answer is that it’s imperfect but better than nothing, it’s a speed bump, it slows things down. None of those arguments actually hold water: they’re not evidence-grounded.
What we need to distinguish when we talk about what DRM does is what it does to individuals versus what it does to firms, foundations and people with a profile and a name. And DRM has effectively no impact on what you or I can choose to do. What it does do is make sure that if you’re investing in a company that might do something lawful, but to do that has to remove DRM, then that investment will never surface, because removing DRM is illegal even if you’re doing something that is otherwise legal.
What that means is there are features whose restrictions can be monetized, such as ripping a DVD. Instead of ripping a DVD if you want to watch it on your tablet, you are lawfully required to buy it again from an online video store. And it’s not hard to rip a DVD and put it on your tablet. Here in Hungary there’s VLC and they will help you rip your DVD. But you can’t go into an Argos or a shop in the high street that caters to an audience of normal people and buy a product that does what iTunes does for CDs for your DVDs. And what they want to be able to do is not prevent piracy but create a market for selling you something that you should by rights be allowed to get for free, and they want to prevent competition. DRM’s actually very good for that, not because it’s technically challenging, but because it gives you a basis to sue people who do it. It creates a private law.
States, when they start to talk about DRM, don’t usually call it DRM: They usually talk about it in terms of other capabilities it lawful interception capability. The attorney general, the mayor of New York, and David Cameron have all said that there should be some kind of back door in devices that have full-disk encryption and some kind of mechanism for communicating with each other using strong crypto. David Cameron has called it a golden key. And even if you accept the idea that there might be a golden key, which is kind of silly, a cryptographer friend of mine said the only university where the cryptographers believe there is a golden key is Hogwarts, the only way you can stop me from installing a crypto app that doesn’t support the golden key, or refreshing my file system with one that doesn’t have a golden key back door, is by making it illegal for firms to produce the technology that allows for that, by having a wider set of policies that are not technological but are a kind of range of political and economic policies about what can be produced, how hardware and software can be made, and so on. That’s a very ambitious policy project. You are effectively specifying microlithography details for chip foundries when you do this.
And to a certain extent I think David Cameron doesn’t understand this. But I do think that people in his policy and advisory circle do see a huge advantage in taking all the main high street firms and the two commercial operating system vendors and insisting that they build back doors in, if for nothing else than it lets them separate the sheep from the goats. It becomes a presumption of guilt to be using anything but these tools. And for the commercial vendors, to a certain extent, there is a huge potential upside to this.
If it becomes illegal to use any software or hardware or OS you want within your data center, then it becomes a fight not between whether there are walled gardens or not, but about which walled garden succeeds. That is a very attractive commercial proposition to a certain type of firm who, although they would bemoan the loss of strong crypto and the potential downside to their clients and their industrial secrecy, would at the same time be very interested in a world in which BSD and GNU Linux disappeared from the data centers and were replaced by enterprise versions of OS10 and Windows.