I *love* audiobooks. When I was a high-school-aged page at a public library in the 1980s, I would pass endless hours shelving and repairing books while listening to "books on tape" from the library's collection. By the time iTunes came along, I'd amassed a huge collection of cassette and CD audiobooks and I painstakingly ripped them to my collection.


Then came Audible, and I was in heaven - all the audiobooks, none of the hassle of ripping CDs. There was only one problem: the Digital Rights Management (DRM). You see, I've spent most of my adult life campaigning against DRM, because I think it's an existential danger to all computer users - and because it's a way for tech companies to hijack the relationship between creators and their audiences.


In 2011, I gave a speech at Berlin's Chaos Communications Congress called "The Coming War on General Purpose Computing." In it, I explained that DRM was technologically incoherent, a bizarre fantasy in which untrusted users of computers could be given encrypted files and all the tools needed to decrypt them, but somehow be prevented from using those decrypted files in ways that conflicted with the preferences of the company that supplied those files:



As I said then, computers are stubbornly, inescapably "general purpose." The only computer we know how to make - the Turing-complete von Neumann machine - is the computer that can run all the programs we know how to write.



When someone claims to have built a computer-powered "appliance" - say, a smart speaker or (God help us all) a smart toaster - that can only run certain programs, what they mean is that they've designed a computer that *can* run every program, but which will *refuse* to run programs unless the manufacturer approves them.


But this is *also* technological nonsense. The program that checks to see whether other programs are approved by the manufacturer is *also* running on an untrusted adversary's computer (with DRM, *you* are the manufacturer's untrusted adversary). Because that overseer program is running on a computer you own, you can replace it, alter it, or subvert it, allowing you to run programs that the manufacturer doesn't like.


That would include (for example) a modified DRM program that unscrambles the manufacturer-supplied video, audio or text file and then, rather than throwing away the unscrambled copy when you're done with it, saves it so you can open it with a program that doesn't restrict you from sharing it.


As a technical matter, DRM *can't* work. Once one person figures out how to patch a DRM program so that it saves the files it descrambles, they can share that knowledge (or a program they've written based on that knowledge) with everyone in the world, instantaneously, at the push of a button. Anyone who has that new program can save unscrambled copies of the files they've bought and share those, too.


DRM vendors hand-wave this away, saying things like "this just keeps honest users honest." As Ed Felten once said, "Keeping honest users honest is like keeping tall users tall."


In reality, DRM vendors know that technical countermeasures aren't the bulwark against unauthorized reproduction of their files. They aren't technology companies at all - they're *legal* companies.


In 1998, Bill Clinton signed the Digital Millennium Copyright Act (DMCA) into law. This is a complex law and a decidedly mixed bag, but of all the impacts that the DMCA's many clauses have had on the world, none have been so quietly, profoundly terrible as Section 1201, the "anti-circumvention" clause that protects DRM.


Under DMCA 1201, it is a felony to "traffick" in tools that bypass DRM. Doing so can land you in prison for five years and hit you with a fine of up to $500,000 (for a first offense). This clause is so broadly written that merely passing on factual information about bugs in a system with DRM can put you in hot water.


Here's where we get to the existential risk to all computer users part. As a technology, DRM has to run as code that is beyond your observation and control. If there's a program running on your computer or phone called "DRM" you can delete it, or go into your process manager and force-quit it. No one *wants* DRM.


No one woke up this morning and said, "Dammit, I wish there was a way I could do *less* with the entertainment files I buy online." DRM has to hide itself from you, or the first time it gets in your way, you'll get rid of it.


The proliferation of DRM means that all the commercial operating systems now have a way to run programs that the owners of computers can't observe or control. Anything that a technologist does to weaken that sneaky, hidden facility risks DMCA 1201 prosecution - and half a decade in prison.


That means that every device with DRM is designed to run programs you can't see or kill, and no one is allowed to investigate these devices and warn you if they have defects that would allow malicious software to run in that deliberately obscured part of your computer, stealing your data and covertly operating your device's sensors and actuators.


This isn't just about hacking your camera and microphone: remember, every computerized "appliance" is capable of running every program, which means that your car's steering and brakes are at risk from malicious software, as are your medical implants and the smart thermostat in your home.


A device that is designed for sneaky code execution and is legally off-limits to independent auditing is bad. A *world* of those devices - devices we put inside our bodies and put our bodies inside of - is *fucking terrifying*.

DRM is bad news for our technological future, but it's also terrible news for our *commercial* future.


Because DMCA 1201 bans trafficking in circumvention devices under *any* circumstances, manufacturers who design their products with a thin skin of DRM around them can make using those products in the ways you prefer into a literal crime - what Jay Freeman calls "felony contempt of business model."


The most obvious example of this is the Right to Repair fight. Devices from tractors and cars to insulin pumps, wheelchairs and ventilators have been redesigned to use DRM to detect and block independent repair, even when the technician uses the manufacturer's own parts. These devices are booby-trapped so that any "tampering" requires a new authorization code from the manufacturer, which is only given to the manufacturer's own service technicians.


This allows manufacturers to gouge you on repair and parts, or to simply declare your device to be beyond repair and sell you a new one. Global, monopolistic corporations are drowning the planet in e-waste as a side-effect of their desire to block refurbished devices and parts from cutting into their sales of replacements:



DRM laws like DMCA 1201 are now all over the world, spread by the US Trade Representative, who made DRM laws a condition of trading with the USA, and a feature of the WTO agreement. Whether you're in South America, Australia, Europe, Canada, Japan, or even China, DRM-breaking tools are illegal. But remember: DRM is a technological fool's errand. So while there is no above-ground, legal market for DRM-breaking tools, there is still a thriving underground for them.


For example, farmers all over the world replace the software on their John Deere tractors with software of rumored Ukrainian origin that floats around on the internet. This software lets them fix their tractors without having to wait days for a $200 visit from a John Deere technician, but no one knows what's in the software, or who made it, or whether it has sneaky back-doors or other malicious code:



And yet, manufacturers keep putting DRM in their products. The prospect of making it a felony to displease your corporate shareholders is just too much to resist.

Which brings me back to Audible. Back before Amazon owned Audible, I bought thousands of dollars' worth of Audible audiobooks, and they worked great - but they failed badly. When I switched operating systems and could no longer get an Audible playback program, I was in danger of losing my audiobook investment.


In the end, I had to rig up three old computers to play my Audible audiobooks out in real time and recapture them as plain old MP3s. It took *weeks*. If I'd made the switch a couple years later, it would have been *months* (the "audiobooks" folder on my current system has *281 days'* worth of audio!).


Show newer

@pluralistic this just proves that we don't own our product at all in case it comes with a DRM

@pluralistic this makes me realize how important organizations such as Raspberry Pi are

Sign in to participate in the conversation
La Quadrature du Net - Mastodon - Media Fédéré

Mamot.fr est un serveur Mastodon francophone, géré par La Quadrature du Net.