crypto and public policy

The Two Laws of DRM

Filed under: Security & Crypto — November 11, 2005 @ 9:27 am

People are in shock that Sony is effectively installing spyware to help them in their DRM effort. How dare Sony surreptitiously install a program on your computer that effectively overrides the operating system’s default behavior when reading CDs? Haven’t they gone too far?

Yes, of course they went too far. But the line was crossed years ago, when the entire concept of DRM for personal computers was broached. After all, DRM is about control. More specifically, DRM is about taking control away from *you*, the user. Using spyware/malware/unintended-ware to implement DRM is just a slightly different tactic in the grand scheme to enforce the entertainment industry’s wishes. The Two Laws of DRM, if you will:

First Law of DRM: A computer will not violate its manufacturer’s orders, or, through inaction, allow its manufacturer’s orders to be violated.

Second Law of DRM: A computer will follow its user’s orders, except where those conflict with the First Law.

Is there room in the world for this “trusted computing” (where “trusted” means the manufacturer trusts the machine)? Of course there is. Hospital computers should keep medical records safe and disallow sharing of such records with computers that are not DRM-enabled. Voting machines should boot only voting software. ATMs should authenticate as official ATMs when connecting to the banking network.

But in all of these cases, there’s one salient fact: the machine does not belong to the user. The machine is there to serve a higher purpose. It’s the hospital’s data vault. It’s the enforcer of democracy. It’s the bank’s teller. It’s never the user’s machine.

So why are we surprised by Sony’s actions? DRM is about making your computer a tool of the entertainment industry. It no longer serves you, it serves the content distributors.

And the question we must ask is simple. Who should control your home computer? You, or the manufacturer? You, or the entertainment industry?

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.