March 13, 2005

Dreaming of DRM

By: Tim Lee

Songs at Apple’s iTunes Music Store are flying off their virtual shelves. Apple sold its 200 millionth song last December, and already this month the company has passed the 300 million mark. The increasing rate of downloads is no doubt a sign that iTunes and the iPod are attracting millions of satisfied customers.

Those customers are in for a nasty shock if they ever decide to leave the safe confines of Apple’s products: they can’t take their music with them. Apple scrambles every song it sells online using “digital rights management” (DRM) technology to prevent piracy, rendering them unreadable to non-Apple programs and devices. And converting your legally purchased music to a format readable by non-Apple products is a crime under provisions of a little-noticed 1998 law known as the Digital Millennium Copyright Act. That’s right: a user who “circumvents” a DRM scheme–by, for example, copying those files to a non-Apple music player–is subject to fines of up to half a million dollars and up to five years in jail.

Computer geeks have been squawking about this issue for years. But these days, the issue matters beyond the pocket protector class. In the time it takes you to read this column, Apple will sell approximately 5,000 songs to ordinary consumers who probably don’t realize their purchase will only work with Apple products and that it would be illegal to convert them to other formats.

The cruel irony is that DRM software does next to nothing to prevent piracy because it only takes one non-protected copy of a song to allow unlimited copies to be distributed around the world. And there are plenty of simple and legal ways to obtain such a non-protected file. The easiest is to “rip” the song from a physical CD– a feature supported by all major jukebox software, including iTunes. That process is entirely legal, it takes about a minute, and it produces a perfect, unprotected copy of the original song.

Moreover, history is littered with failed attempts at copy protection. No copy-protection scheme has ever withstood more than a few months of serious scrutiny. Software to defeat Apple’s DRM scheme was released within six months of the launch of the iTunes Music Store. Apple used the DMCA to force that software off of American servers, but it promptly re-appeared for download on web sites based overseas.

At this point, it might be objected that iTunes users do not have an unlimited right to do as they please with music they purchase from Apple’s store. The iTunes “terms of service” requires that users may not “attempt to, or encourage or assist any other person to, circumvent or modify any security technology or software.” Apple’s DRM scheme, it might be argued, is a harmless mechanism for enforcing intellectual property rights–and customers agreed to respect it when they signed up for an iTunes account.

That point, however, fails to justify the DMCA. For starters, not all DRM schemes are backed up by contractual obligations. A good example is the DVD format for home video. Movies in DVD format are scrambled to discourage piracy, but Best Buy doesn’t require customers to sign a contract every time they purchase a DVD promising not to unscramble them.

Yet when a group of programmers wrote software to allow DVDs to be played on the Linux operating system–a platform DVD makers had declined to support–the software was banned under the DMCA as a piracy tool. It is hard to see how either the intellectual property or contractual rights of Hollywood are violated when the legal owner of a DVD circumvents DVD copy-protection in order to play a movie on his Linux computer. Under the DMCA, however, the act of circumvention is itself a crime, regardless of whether any piracy occurs.

Even in cases where customers are under contractual obligations to respect DRM schemes, the objection still fails, because it is not the business of the criminal law to enforce the terms of ordinary commercial contracts. Companies are free to place any conditions they like on products they sell. But it is the job of the company–not the federal government–to see that their customers comply with the terms of sale. If those conditions are arbitrary, unreasonable, and impossible to enforce–as the terms of Apple’s DRM scheme arguably are–then the company ought to bear the legal and public relations costs that come with monitoring and suing their own customers when they are ignored and evaded.

Imposing criminal penalties on those who violate contracts raises obvious concerns about civil liberties. It also gives copyright holders unfair leverage. If Apple violates its contract with its customers, the customers could not have Apple CEO Steve Jobs thrown in jail. Rather, they would have to sue Apple in court, an expensive and cumbersome process. But when a customer circumvents Apple’s DRM scheme, Apple can ask the federal government to criminally prosecute the customer under the DMCA. That makes it cost-effective for Apple to enforce its heavy-handed restrictions on how consumers may use the music they have purchased.

DRM systems may yet prove an effective piracy deterrent, and companies should be free to deploy them. But requiring customers to comply with them on pain of criminal penalties is a step too far. DRM systems must succeed or fail on their merits without being propped up by the long arm of the law.

Tim Lee is science and technology editor of Brainwash and a staff writer at the Cato Institute. His website is binarybits.org.