Thursday, June 24, 2004

FAIRCOPY, P2P and people looking for new music

The author of sharph.net thinks that FAIRCOPY won't catch on. He argues that the service defeats the purpose of P2P for people that want to find new music because they can't listen to it. I think that's not correct, because it's possible to offer a, possibly lo-fi, Creative Commons (CC)-licensed free sample, while selling the hi-fi version. As an example, Brad Sucks offers CC-licensed 64 kbps MP3s of his songs while selling the 192 kbps MP3, as you can see here.

The CC license allows to share this 64 kbps sample on P2P networks, and I think 64 kbps is enough to find out if you like the song, and that if you like it then you'll want to buy the 192 kbps version. So people will still be able to find and listen to new music through P2P.

Note that in FAIRCOPY, the author decides not only the sale price and distributor commision, but also the free sample, the license, and the format of the work on sale, so the previosly mentioned bitrates and licenses were used only as examples. Thus, the free sample could be a 30s. clip, or the entire song at 40, 64, 96 or 128 kbps, or... whatever, because the author can also upload a file that will be used as a sample. As for the sample license, the author can choose between 2 CC licenses and another, more restrictive license. And the author also decides the format of the work on sale, so in the case of a music work, it can be not only MP3, but also FLAC, Ogg Vorbis or whatever.

Saturday, June 19, 2004

Cory Doctorow talk at Microsoft on DRM

I've read this interesting talk about copyright, technology and DRM that Cory Doctorow gave to people at Microsoft. I agree with him in general, although, in my opinion, the following paragraphs could take readers to wrong conclusions about DRM as related to FAIRCOPY (disclosure: I'm the founder/developer/... of FAIRCOPY) :


Cryptography -- secret writing -- is the practice of keeping secrets. It involves three parties: a sender, a receiver and an attacker (actually, there can be more attackers, senders and recipients, but let's keep this simple). We usually call these people Alice, Bob and Carol.

(...)

In DRM, the attacker is *also the recipient*. It's not Alice and Bob and Carol, it's just Alice and Bob. Alice sells Bob a DVD. She sells Bob a DVD player. The DVD has a movie on it -- say, Pirates of the Caribbean -- and it's enciphered with an algorithm called CSS -- Content Scrambling System. The DVD player has a CSS un-scrambler.

Now, let's take stock of what's a secret here: the cipher is well-known. The ciphertext is most assuredly in enemy hands, arrr. So what? As long as the key is secret from the attacker, we're golden.

But there's the rub. Alice wants Bob to buy Pirates of the Caribbean from her. Bob will only buy Pirates of the Caribbean if he can descramble the CSS-encrypted VOB -- video object -- on his DVD player. Otherwise, the disc is only useful to Bob as a drinks-coaster. So Alice has to provide Bob -- the attacker -- with the key, the cipher and the ciphertext.

Hilarity ensues.

DRM systems are broken in minutes, sometimes days. Rarely, months. It's not because the people who think them up are stupid. It's not because the people who break them are smart. It's not because there's a flaw in the algorithms. At the end of the day, all DRM systems share a common vulnerability: they provide their attackers with ciphertext, the cipher and the key. At this point, the secret isn't a secret anymore.


I would like to comment on this because some people erroneously think that FAIRCOPY uses DRM. What Cory describes is not necessarily DRM. In my opinion, to qualify as DRM the technology should try to control the use of the DRM-protected work after you have bought it. This is certainly the case for digital downloads of songs provided by some services that try to stop you, by means of DRM technology, from burning them into CDs or sharing them with other people (songs can only be played on your hardware or on a limited number of devices).

FAIRCOPY's use of ciphering matches Cory's description of the application of ciphering to DRM, but FAIRCOPY's use of ciphering is clearly not DRM because it's only used to prevent people from accessing the content of a sharable EFC file without paying, but once you have paid, you get the content without any protection, there's no technology trying to control the use of the work that you bought (although there's an economical incentive for sharing the EFC files that hopefully will be more effective at stopping people from sharing the decrypted work than any technology).