This is DRAFT. It will later be published to the Digital Copyright Canada website.

Abuses of Digital Rights Management (DRM).

Creative Commons License
This work is licensed under a Creative Commons License.

Canadian New Media1 has an article indicating that "Newly-named Parliamentary secretary to the minister of Canadian Heritage Sarmite Bulte says implementation of the World Intellectual Property Organization (WIPO) Internet treaties stands an excellent chance of being one of the first pieces of legislation passed by a new minority Liberal government." These treaties were signed in 1996 at a time when few researchers and policy makers understood the Internet well enough to decide how to regulate it.

Policy makers who support legal protection for DRM2 appear to operate under the assumption that DRM will only be used by copyright holders to protect rights granted to them by the copyright act3. I want to highlight two abuses of DRM technology by third parties, each of which can have more harmful consequences to creators than the form of copyright infringement that DRM is intended to protect against. The first is abuse of DRM by copyright infringers, and the second is abuse of DRM by media intermediaries to solidify market monopolization. It should be remembered that these are just two harmful consequences among many that have been submitted to parliament to try to alert them to the fact that the WIPO treaties contain considerable unintended consequences that have not yet received adequate research and deliberation4.

Abuse of DRM by copyright infringers

At the Linux Symposium5 Harald Welte6 of the Netfilter project7 spoke about a few of the cases where they have pursued violations of the copyright on their work. Linux is quite often embedded within many consumer electronic devices such as the popular LinkSys8 router. While the authors of Linux do not charge LinkSys a royalty for the use of this valuable software, the software is licensed under the GNU General Public License9 which does have a number of conditions on those who wish to distribute original or modified versions of the software. One of the most important conditions is that if you distribute original or modified versions you must make the source code of the modified version available to the public under a compatible license. This type of license is called a Copyleft license10, and while it does not require (and is not compatible with) royalty payments for the software, the public receives a form of in-kind payment in the form of value-add software from those who chose to advance the software.

Unfortunately not all companies using this valuable software obey the terms of this license, so violations happen. In order to detect violations, and bring infingers into compliance, the copyright holder needs to be able to look at software distributed by various hardware manufacturers, reverse-engineer the software, and determine if the software is infringing or not. The ability of copyright holders to legally reverse engineer software in order to determine license compliance is imperative.

What if the infringer had used DRM in order to hide the infringement? In this case the copyright holder would need to circumvent that DRM in order to check license compliance. This is not a problem today as DRM circumvention is merely an inconvenience as no DRM can truly work as advertised (this will be left for technical discussions that was included in many submissions to the government in 2001). The problem comes when government change the law such that any circumvention of DRM, including for lawful purposes, becomes an illegal act.

By making circumvention of DRM, or "trafficking" in DRM circumvention information or "devices", an illegal activity we have provided a powerful tool for larger copyright infringers to protect themselves against smaller copyright holders.

Abuse of DRM by software and media monopolies

As part of the September 2003 consultations on the Competition Act I made a submission11. In it I described the problem created by vendor dependent DRM as a form of tied-selling (section 77 of the Competition Act). In this case it is content under copyright that is tied to the products of DRM or other software vendors. Examples would be DVD movies tied to the claimed "trade secret" DRM technology from DVD CCA, or music on so-called "legal" download sites such as PureTracks and Napster Canada which are tied to Microsoft DRM technologies. As a user of a Free/Libre and Open Source Software (FLOSS) operating system called GNU/Linux, I must either circumvent this DRM in order to enjoy legally purchased content, or not purchase content at all. My primary business is as a commercial support company for FLOSS software including GNU/Linux, and I feel it is unjustifiable (and questionably legal) to be forced to purchase competing software to be able to legally enjoy legally purchased/rented content.

Complaints about this type of abuse are already starting to be filed in various countries, including a recent filing with the French Competition Council about Apple's FairPlay digital rights technology used by the iPod12.

If vendors are allowed to move away from vendor independent standards which allow for a competitive market in Information and Communications Technology (ICT), this will create further artificial market dependencies on the vendors of specific DRM software. The nature of DRM makes it impossible to have open vendor-neutral DRM, as the purpose of DRM is to disable citizen control over ICT devices they own, while open standards (and FLOSS) have the opposite effect of enabling/protecting citizen control over their ICT property.

To demonstrate my main point I will take DRM to its logical extreme. In the case of music we have both the music publishing industry that publishes sheet music used by performers who then record these works as part of the recording industry. The recording industry claims they need DRM in order to protect their recordings from their customers. In this case the DRM is intended to be embedded within various playback devices such as CD or MP3 players.

In the case of the music publishing industry, the DRM they would want would be embedded within various electronic instruments. This way the electronic instrument could detect what songs were being performed and relay this information back to the music publishing industry. It may be possible to convince people that the instrument should deactivate itself if the musician attempted to perform a song that had not been adequately licensed.

The music and recording industry could have DRM from end-to-end (performance-to-audience) for all electronic music, closing so-called "loopholes". What we also created is a media monopoly for the proprietary DRM vendors such that they are in a position to determine what licensing regimes are possible. These vendors are inserted as a dependency for any electronic communication of works that allow them to collect considerable monopoly rents. They may even wish to decide what music will be played, only allowing music to be authorized that was licensed from within their subset of the music or recording industries.

The music publishing industry does not need make use of DRM in order for us to have this harmful situation. While musicians could be able to perform whatever music they want without having to pay the DRM tax or be licensed by the DRM vendors, they will still need to sign onto that regime if they wish to get recorded and make use of the distribution networks of the recording industry. As media players will be tuned to only play the most popular DRM, and license agreements may disallow players from playing DRM-free media files, a musician will be left with no alternative but to sign with the monopoly labels under whatever terms the labels dictate.

As with the abuse of DRM by copyright infringers, we have created a situation where DRM is being used against creators by third parties. The assumption that DRM will be under the control of the creator is false, as DRM software is created by software vendors for their own private purposes and not to protect the interests of creators of other types of works. This is another example of a situation created by legal protection for DRM that is far more harmful to the interests of the creators of music than the type of infringement that DRM is intended to protect them from.

1Canadian New Media (Accessed Aug 6, 2004)

2The WIPO treaties talk about "Technological Measures" (Technological Protection Measures, or TPMs) and "Rights Management Information". It is important to differentiate between two quite different classes of TPMs to understand the debate around DRM.

The first type of TPM are those intended to protect first parties (a sender and a receiver) to a communication from a third party (an eavesdropper, or someone who otherwise does not have legitimate access to the communication). This class of TPMs does not require remote control over the hardware which people own, and in fact best works when it is the owner (and not a third party) that is in control of their computer. The open standards/open source communities which facilitated much of the growth of the Internet are very strong in providing this type of TPM.

The second type of TPM are those intended to protect the sender from the receiver such that the receiver doesn't have the ability to do with a message what a receiver would otherwise naturally be able to do. Normally if I tell you something, you are physically able to tell someone else. Whether you are legally or morally authorized to tell someone else is a matter of law and social structure, not a matter of control over the communication itself. This type of TPM comes under the name of "Digital Rights Management". Given the intent of this type of TPM is to take control of technology away from those receiving messages, it is largely incompatible with the open standards/open source community.

For more information see: `Trusted Computing' Frequently Asked Questions, by Ross Anderson
- TC / TCG / LaGrande / NGSCB / Longhorn / Palladium / TCPA
Version 1.1 (August 2003) (Accessed July 27, 2004)

"25. So a `Trusted Computer' is a computer that can break my security?
That's a polite way of putting it"

Microsoft Research DRM talk, by Cory Doctorow <>, June 17, 2004 (Accessed July 30, 2004)

"Here's what I'm here to convince you of:
1. That DRM systems don't work
2. That DRM systems are bad for society
3. That DRM systems are bad for business
4. That DRM systems are bad for artists
5. That DRM is a bad business-move for MSFT"

3It is important to remember that past attempts at digital rights management has not been used to protect the rights granted by copyright, but a new and highly controversial limit on access to works. It is an important policy question to decide whether copyright holders should be allowed to limit access to works which have already been legally purchased by audiences.

4In 2001 our community was responsible for approximately 650 of the 700 responses that Canadians sent to that round of the consultation process.

Response from Canadians (700 documents) (Accessed July 27, 2004)

The Digital Copyright Canada forum started under the name of "Canada DMCA Opponents" to respond to that consultation. (Accessed July 27, 2004)

There have been a number of reports from the USA such as:

Digital Millennium Copyright Act (DMCA) Archive, including EFF white paper "Unintended Consequences - Five Years under the DMCA" (Accessed July 27, 2004)

DRM: The Good, the Bad and the Ugly, June 2004
Colleges, Code and Copyright: The Impact of Digital Networks and Technological Controls on Copyright: Publications in Librarianship no. 56 American Library Association Presented June 10-11, 2004 Symposium sponsored by the Center for Intellectual Property in the Digital Environment, University of Maryland University College, Adelphi, Maryland, U.S.A.

5GPL violations BOF, hosted by Harald Marc Welte. (Accessed Aug 6, 2004)
Slides are at*checkout*/trunk/presentation/gpl-bof-ols2004/gpl-bof-ols2004.mgp (Accessed Aug 6, 2004)

6Harald Marc Welte (Accessed Aug 6, 2004) . For his personal webpage see (Accessed Aug 6, 2004)

7Netfilter and iptables are building blocks of a framework inside the Linux 2.4.x and 2.6.x kernel. This framework enables packet filtering, network addresss [and port] translation (NA[P]T) and other packet mangling used in firewalls. (Accessed Aug 6, 2004)

8LinkSys produces many products that embed Linux within them (Accessed Aug 6, 2004)

9GNU General Public License (Accessed Aug 6, 2004)

10"What is Copyleft" (Accessed Aug 6, 2004). Also see ShareAlike as part of the Creative Commons which is the same concept for non-software works (Accessed Aug 6, 2004)

11Submission to the Competition Bureau (Accessed Aug 6, 2004)

12"Virgin: Apple's not playing fair with iPod", By Ina Fried, Staff Writer, CNET (Accessed Aug 6, 2004)