This is the blog of Ant Miller, senior research manager and dilettante geek at large at the BBC.
I wail moan and cuss about the challenges and fun to be found here.
These are my personal opinions, and not those of my employer. Or anyone else here for that matter.

Wednesday, February 14, 2007

BBC does gritty DRM podcast

Those brilliant chaps at backstage have been exceptionally brave/clever and put out a podcast exploring the myriad issues around the use of DRM on BBC content delivered over the web. The luminaries engaged in this admittedly long 'cast include Tom Loosemore, Miles Metcalf and many others.

The reactions have been gerally positive- though boingboing seems to have reacted more to the crcumstances than perhaps the actual content of the 'cast.

The one point I'd make.., the two points I'd make are:
The law is behind the times and will have to change, and it should be opne and clear about the new rights and responsibilites of creators and users of media- a clear fair law is a better barrier to priacy than any encyption.
Secondly, a good drm system need nt be proprietory- there is o theoretical impediment to fully robust open source DRM- only the keys must be secure, all else can, and really, for a public service, should be open.

Erm, can I have a third point- DRM has two parts, hard (technical managment of access and security) and soft (definition of rights and managed allocation thereof) and by and large we, the world at large, are a bit weak at both.

1 comment:

doctorow said...

DRM depends on security through obscurity. You have to deliver a platform to the user that he himself can't open, examine, modify and improve. otherwise, he can "improve" it to eliminate the anti-copying systems.

Therefore, *all* DRM begins with a blanket prohibition on user-modifiability (the very soul of "openness). Even Sun's Open DRM, which uses trusted hardware and code-signing to prevent you from modifying the source, even though you can see the source. Openness isn't about sourcecode: it's about the freedom to modify sourcecode.

All DRMs have a licensing authority. That authority inspects, approves, and licenses DRM implementations.

Compare this with, say, DVB-T. DVB-T has a licensing authority, too. If you make a DVB-T receiver, DVB-LA will inspect it and determine whether it is technically capable of receiving DVB-T signals. They will then grant or withhold permission to use the DVB-T logo.

Now, imagine that you make a superior DVB-T tuner, but one that is out-of-spec (such a thing is very common in radio applications, viz all the extensions to 802.11). DVB may withhold the logo, but that doesn't mean you can't interoperate with DVB-T signals, nor that you can't advertise this fact. The only penalty you pay for not meeting the standards of the LA is that you can't advertise that you've been approved by the LA.

It's like a Kosher board -- you can have Kosher food that isn't approved by a Rabbi. That doesn't make it non-Kosher. It doesn't mean you can't sell it. It doesn't even mean you can't tell people that you believe that it is Kosher! It just means that you can't use the specific Rabbinical seal that advertises its Koshnerness.

DRM is different. If you don't meet the standards set by the licensing authority (e.g., if you aren't restrictive in your handling of content, if you don't hide the keys while the video is playing, etc), they won't give you a set of keys. You literally can't interoperate without permission.

This is conceptually irreconcilable with the idea of an "open standard." An open standard doesn't require permission. It doesn't require a prohibition on user improvement. It doesn't require manufacturers to eschew features that the market would otherwise approve of.

DRM is about your computer allowing remote parties to enforce policy against you. IOW: you say to your computer: "please save this file." I say to *your* computer, "Don't let Ian save this file." Your computer --- *your property* -- takes orders from me, not you.

This is malware by another name. Your property belongs to you. Not "intellectual property" (a metaphor and an ideologically loaded one at that) -- actual, physical property that you own, in your house. Designing computers to take orders from someone else is like designing rocket-ships with self-destruct buttons: whenever someone hits the button by accident in a sci-fi movie, I think, "Why the hell did some daft engineer build in the capability to explode if you push the wrong button." Now we're building PCs with a mode where remote parties can impose their wills on the PC's owner -- it's every bit as daft.