Defective By Design - that's what their site is called, and they write exclusively about Digital Rights Management. Their most recent post is a timeline of the march of DRM over the past decade, from shortly before the Digital Millenium Copyright Act (DMCA) was passed, through the debacle of the Sony rootkit, to Amazon's deletion of purchased copies of Orwell's 1984 on the Kindle.

An interesting read - and links to the articles that give the details on each item.

A recent article points out that one person has cracked the secret to a whole slew of devices based on a "Trusted Platform Module" or TPM (not to be confused with "Technical Protection Measure" which it also is) - this is a chip that holds a secret key to the rest of a computer's secure software and breaking it means that all manner of otherwise secure facilities are now no longer considered as secure.

These include things like the X-box and the way Microsoft limits additional hardware and software to only their own "signed" selections. It also includes the security of most cell phone texts and email.

The chips' manufacturer, Infineon (their chips are the ones most likely to be used in this case, although there are other manufacturers) is right in claiming that, while this shows the possibility is there, it is only useful if one has the actual device and a lot of very technical skills needed for each and every system that is to be cracked, including use of various acids and some extremely fine needles to tap the very fine contacts inside the chip.

All in all, this particular hack is unlikely to be of concern to many people or companies - but other hacks that involve use of less sophisticated but nevertheless complex tactics, such as "jailbreaking" the iPhone or other locked-down hardware are much less dependent upon skill the second time around.

You see, the skill is in finding the initial attack method - replicating it for the second, third and millionth use of the technique is trivial. The "security by obscurity" technique employed (hiding the key in something that takes some getting to - but once the key is found, having the lock in plain site) is not very useful in today's communicating world.

News of a new exploit of a flaw in Microsoft Windows is passed around in seconds - and in fact there is a market for it where you can purchase such information.

Hiding the key inside hardware that has active components watching for hacks is far better. I expect more products will employ this kind of technology in the future. If the reason for using such keys is to help me protect my own security then that's a good thing - but if it is to help protect a manufacturer's business model then it is not. 

I refuse to purchase anything that has strings attached to it by the manufacturer such that I do not truly control it for my benefit alone. How about you?

I have boxes of vinyl records, DVDs and CDs, and of course a library full of books - and my kids (now 25 and 26) like a lot of the music, video, books I like - why shouldn't I leave them my collection, and why shouldn't they be able to enjoy it as I have?

It seems that with my hard-copy things this will be so, but what about works I purchase in the future that don't have an existence in hardware that is useable without connecting it to the internet and thus to the vendors' key servers?

If I have a Kindle full of e-books and/or a iPad full of music and video and ebooks and programs, will they be able to transfer them to one of their similar units? How about to their new XYZ-Super-Pad? (not yet invented but watch for it next year)

Will they be able to transfer my rights fully to one of themselves? Transfer to only one, mind you - not both as thats making another copy. They'll have to figure out who gets what.

This question is something you and your heirs should be asking every single time you purchase something that has no physical presence in a hard, read-only object. Even read-only items such as games and DVDs are being subjected to scrutiny by the publishers on whether they can get into the act of the "secondary" market of used and swapped units.

The First Sale doctrine is being attacked. Do you really "own" what you think you do? Digital Rights Management systems in place and in the future may limit your rights under this doctrine - and there's nothing you can do about it but simply not play the game - don't purchase such rights-limited product.

The latest leaked information about ACTA (Anti-counterfeiting Trade Agreement) points up the fact that making ISPs responsible for the illegal actions of their customers is still on the table.

Don't these bureaucrats understand that responsibility without authority is a lose-lose option - and giving ISPs the authority to do something about things that are illegal is opening up the world to judicial concepts that are at direct odds to our long-established rule of law.

No matter whether I or others think this is a direct attack by the publishing industry on the technological revolution, this is a direct attack on the free world's judicial system and rule of law.

Kind of makes me glad I'm a rational anarchist. 

What part of making ISPs Common Carriers don't these guys understand? It's either that or the only entities who can take the responsibility and also deal with the judicial side is government - and that's going to go over really well with the private enterprise people.

OK - so a bunch of countries (including Canada) got together in 2005 and set out the Tunis Commitement wherein:

3. We reaffirm the universality, indivisibility, interdependence and interrelation of all human rights and fundamental freedoms, including the right to development, as enshrined in the Vienna Declaration. We also reaffirm that democracy, sustainable development, and respect for human rights and fundamental freedoms as well as good governance at all levels are interdependent and mutually reinforcing. We further resolve to strengthen respect for the rule of law in international as in national affairs.

4. We reaffirm paragraphs 4, 5 and 55 of the Geneva Declaration of Principles. We recognize that freedom of expression and the free flow of information, ideas, and knowledge, are essential for the Information Society and beneficial to development.

Now IANAL (I am not a lawyer) - but how do you square the above with the concept of "3 strikes" and removal of an entire family's access to the internet in a completely non-judicial manner?

I'm going to broaden this "Digital Rights" topic from its original focus of Digital Rights Management to include human Digital Rights - the right of people any/everywhere to participate in the digital revolution in much the same manner that people can participate in the physical road systems of our planet.

There are a lot of parallels here - with one exception; the digital road system is evolving far faster than the physical road system ever did, so it is far more disruptive of the world's social and economic sphere than the evolution of the road system ever was with the possible exception of the expansion of the North American highway system after World War II at the expense of the railroads/streetcars (see the back-story to the cartoon film "Who Framed Roger Rabbit" as well as this article on the US Federal-Aid Highway Act (1954)) 

The point is that the digital highway is somewhat following the pattern of build-out of the road system in North America; first by the military, then by private enterprise, then local governments, then by the Federal government connecting all the dots in the national highway system.

Just in case you think I've been picking on Amazon and Major League Baseball recently in some of my articles about Digital Rights Management, here are some links to others who have taken money for their product and then turned it off.

• Microsoft's MSN Music's "PlaysForSure" DRM key server - slated for turn-off in August of 2008, has been extended to "at least" the end of 2011 - no word on extensions
• Yahoo! Music pulled their key server as of September 30, 2008
• Wal-mart's digital music threatens to shut down their key server October 9, 2008 then relents
• And of course - back to Amazon and the fact they can turn your Kindle off entirely - and you lose the books you've paid for - no refund this time.
• Virgin Music (UK) closed their system down October 19, 2007

The one good thing about the Apple iPod, iPhone and new iPad is that the "Fairplay" DRM they use does not need to "phone home" for you to play the item, so if (heaven forbid) Apple ever went out of the music business you still get to keep your music - and you can burn it to CD unencumbered by DRM anyway. And of course, since January 6th last year, Apple now sells much of its music in straight MP3 flavour.

Originally published 2001

No matter what DRM technology is used to protect the digital media you might receive your documents, music or video on, at some point the information contained in "the box" must come out and present itself in a way that you as a human, flesh and blood receiver must have. Until technology can bypass your eyes and ears and put things directly from digital storage into your brain, there must be a translation of the information into something that not only you can see and hear, but so can a microphone and video camera or scanner.

Originally written in 2003

In the light of the Canadian Copyright Act (the Act), those who copy music for their own personal use (i.e. private copiers) are not criminals. It doesn't matter what the source of the material copied: Internet, radio, TV, borrowed CDs, moldy-oldy vinyl, 8-track, cassette or whatever. The Blank Audio Media Levy compensates for this copying so there is no criminal.

The Act also specifies that there are "broadcasters" who have to pay royalties and that otherwise, the copyright holder controls who can access their works.

Whether those who have purchased (or "private copied") a copy can offer their copy for copying via the Internet is a question the courts have not yet ruled on as far as I know. Are these P2P (peer to peer) "offers" publishing, broadcasting, or just a case of rapid loaning (since I can loan another individual my copy so they can make their own copy?) How is P2P different from pirating where an individual or company makes many copies of the original and offers them for sale, sometimes complete with liner notes, cover art and imprint on the CD?

What we do all seem to agree is that the pirate is a criminal. The pirate copies wholesale for a profit. The pirate is in it for the money.

Question is, is the P2P sharer in it for the money?

Nope - not that I can see. There are no P2P systems that reward the sharer in money as far as I know.

Are they in it for notches on their virtual belt? Are they rebelling against something? Or are they being altruistic?

The answer is... Yes.

The P2P sharer is doing all of the above; at least some portion of them is doing one or the other of the above. The question is, which is the dominant activity and what can (or should) be done about it?

Some of the problem is social - the guys who want to "notch" their way to stardom by hosting the most MP3s are just the latest round of anti-social phenomenon. They can't possibly listen to everything they have but instead gain some sort of notoriety from their "conquest".

Some of the problem is economic. The general population is now aware of the cost of duplication of a CD. The market that publishing works in is now different from what it was 25 years ago when duplication of music was hard, expensive and imperfect.

Some of the problem is political. It's political in the broad sense of the word, not partisan political. The P2P sharer makes a statement against the "system" by helping to change it. The problem I see is that the changes are not necessarily for the better. The recent passing of the DMCA and more recently the passing in the EU of new copyright legislation (see guardian.co.uk  for an article on this) and the threat of the Free Trade Area for the Americas (FTAA) treaty (see my rant) have pushed the rights of the creator to the point where I expect a real backlash from the purchasing public similar to that suffered by software publishers back in the days of distribution on floppy disk. Back then (not all that long ago, but many have obviously forgotten) the publishers started doing all sorts of things to stop people from being able to copy the floppy that software came on. Laser drilled holes, special software, special disk formats, and all sorts of things meant that Joe Average couldn't make a backup copy of the software he'd purchased and had to beg if the original got destroyed.

Joe Average will rebel even more - just watch. Making him criminal won't work, it will only bring down the publishers faster.

richard