March 2001 Column

[ Site Index] [ Linux Index] [ Feedback ]

Reality Check: Copyright Fascism at work

I'm sitting down to write this column on Christmas Day. You might assume this is because I've succumbed to a fit of stakhanovite zeal, or maybe I'm just a sad geek who needs to get a life. But you'd be wrong: I'm doing it because some gentlemen at IBM's Almaden lab have submitted some proposals to the technical committee T13, a subcommittee of the US National Committee on Information Technology Standards. (And you're right: I really *am* a sad geek who needs to get a life if this sort of thing plonks me down in front of a text editor on Christmas Day.)

By now, you've probably heard about the CPRM proposal ("Content Protection for Recordable Media") that's been put forward for inclusion in the next release of the ATA hard disk drive interface spec. I'm not going to throw random wild accusations at the T13 committee: I'm just going to throw in a quote from the paper (which you can find on the web):

    "CPRM was ... designed to meet the requirements of SDMI." 
The key point to note is that SDMI is the Secure Digital Music Initiative, basically a music industry scheme to render CD's and MP3's obsolete and to forcibly replace all existing commercial music media with ones that aren't copyable.

As other journalists have noted, CPRM was proposed for the ATA standard (usually implemented in fixed media such as hard disks) rather than as an extension to ATAPI (usually used in removable media such as CDROMs or Zip disks).

You'll be unsurprised to learn that this is unpopular with Open Source advocates. Alan Cox said: "it seems to be very similar to the DVD stuff, including ideas for play once only blocks and the like. Pay per read hard disk." Richard Stallman made similar-ish utterances, saying it was a threat to free software. In fact, it's hard to find anyone in the software business who'll stand up for CPRM-aware drives. Side-effects of CPRM include the fact that you can't copy from a CPRM drive to a non-CPRM-aware drive, and you can't defragment a filesystem stored on a CPRM drive without horrendous problems.

So what's the point?

Reality check time: CPRM is not aimed at us. CPRM is aimed at TiVo and Replay and anyone else who builds HiFi or video equipment that can potentially record digital music or TV content. The same week that news of CPRM was broken via The Register, we also heard about a new scheme called DFAST -- a scrambling mechanism to be rammed down the throats of all OEMs in the US who produce TV's, video recorders, and set-top boxes. DFAST basically adds a flag to digital TV broadcasts that can specify "copying forbidden" or "copy no more than once".

If you put CPRM together with DFAST-enabled cable boxes, you have a cast-iron guarantee that your next-generation TiVo system (or equivalent) will have to obey the DFAST protocol (for transmitting copy control information) and record onto CPRM drives (that prevent this from being bypassed). At least, that's the SDMI consortium's opinion and, being a committee, they must be right, right?

Actually, the whole SDMI (Secure Digital Music Initiative) fiasco has more holes under the waterline than the Titanic. They seem to have forgotten that all you need to bypass any digital music copy protection scheme is a couple of decent digital-to-analog converters and some coaxial cable; any fingerprinting scheme good enough to survive being fuzzed up and converted back again is also robust enough to make an intrusive noise that will annoy people listening to the music. Similar objections can apply to the CPRM proposal. For one thing, it's not compulsory; you can build an ATA hard drive that's not CPRM compliant and still call it an ATA hard drive. What are the odds that some enterprising non-US company will build an ATA hard drive with CPRM circuitry in it that can be switched on or off in software -- or even made to correctly acknowledge the CPRM encryption requests during writes but ignore them during reads? (It'll be sold as a disaster recovery tool for system administrators, of course.) And the CPRM proposal doesn't affect SCSI drives, or devices that use Fibre Channel or IEEE1394 to move data back and forth. Most importantly, unlike the DVD consortium manufacturers don't have to sign license agreements with penalty clauses before they can build IDE drives.

So expecting the CPRM initiative to add copy protection to every hard drive on the planet is a bit of an over-reaction.

Hijackers and Shoplifters

The real victim of this whole fiasco is the English language, and I don't think this point can be over-stressed too much. Over the past few years we've become used to software marketeers calling people who make illicit copies of software "pirates"; now we have music industry spin-doctors calling a draconian and restrictive anti-copying scheme "copy protection". Both of these usages are insulting, demeaning, and corrupt the language we use to discuss these proposals -- which makes them doubly dangerous, because we run the risk of having our perceptions of the issues coloured by extraneous implications.

Let's get one thing straight. A pirate, in the real world, is someone who robs, maims, murders, rapes, and pillages the crew and passengers of ships. (When they're airborn we call them hijackers.) These crimes are abominable and deserve our contempt. But in the bizarre lookinglass world of software marketing, a pirate is someone who copies a CDROM or floppy disk without paying. The offense and the label attached to it by the industry propaganda arm do not match up; calling these people software pirates is equivalent to calling a shoplifter a hijacker.

Think for a moment about the implications of this statement: "because of the risk of shoplifting we need to be able to access any potential purchaser's home and audit their property to ensure that they've paid for all the posessions that they've bought." That's the level of control that people who refer to "shoplifters" as "pirates" are asking for -- the ability to inspect your computer and audit it in case the software you're using doesn't belong to you.

The original statement was: "because of the risk of piracy we need to be able to access any potential purchaser's hard drive and audit their software to ensure that they've paid for it". The use of the stigmatized term "pirate" adds a false sense of urgency to the demands that they be allowed to violate our privacy.

A similar piece of sleigh-of-tongue affects our naming of people who gain unauthorised access to a computer over a network. They used to be called crackers or hackers; now we have enthusiastic post-Cold War intelligence agencies (looking for some continuity of employment) calling them "network terrorists". One of the first commandments of network security is "thou shalt not connect a safety-critical system (like your heart pacemaker) to a publicly accessible network." And indeed, this is broadly obeyed: in the real world, as opposed to Disney movies, crackers simply don't get into the US nuclear missile command system because the terminals are protected by barbed wire and men with guns. For the most part, these "network terrorists" are actually guilty of defacing public web sites and mounting denial-of-service attacks on ISPs. This is not exactly in the same league as blowing up airliners in flight or cutting the throat of every man, woman and child in an Algerian village.

Protected from your rights

So finally we get round to "copy protection". Copy protection sounds nice and cosy, sort of like "side impact protection" -- something that's designed to increase your chances of enjoying a long and healthy life. But in reality it's nothing of the sort; it's a scam that can more accurately be termed "copy prevention". It protects nothing except a software or data vendor's right to charge you money for their product -- meanwhile imposing unreasonable demands and burdens on the end user.

The software industry was hot on copy protection in the 1970's and 1980's -- but guess what? Copy protection schemes were unpopular with the users because they got in the way of the use of the product that had been paid for. The theory was that by preventing copying, the software companies were ensuring that everybody who used their software would pay for it. But in reality, most people who use illicitly copied software do so because they're curious about whether or not they want it. Many users of illicit copies go on to either erase it (it's no use to them) or buy a legitimate copy (for the manuals and support). Those who continue to use an illicit copy are typically not in the market; that is, if the illicit copy wasn't available they wouldn't buy a legal copy at all. (Possibly they don't have the money. Or their use was motivated by casual curiosity.)

The only really damaging category of illicit copier is the bootlegger -- someone who runs off masses of copies, disguised as the real thing, and sells them on a for-profit basis. But these people are their own worst enemy -- they have to sell the product, therefore they can be tracked down and sued for breach of copyright.

The software industry effectively wised up to this situation some years ago, and while minor attempts to impede casual copying continue, the idea of fitting hardware dongles or requiring users to type in random words from random pages in the manual died out quietly in the 1980's. Unprotected software simply out-sold equivalent copy-protected products.

What we're seeing now is the big media operations getting into the serious business of selling data direct to the public. These conglomerates -- the outcome of a wave of consolidations, mergers and takeovers that began in the late 1970's and saw magazines, book publishers, TV and radio stations and Holywood movie studios gobbled up and turned into huge vertically-integrated consortia -- think the internet is the new TV. They face, however, the problem that the viewers have PC's instead of televisions: the same copying problem confronts them that confronted the early software industry. Consequently they're going through the same learning process about copy protection that the software companies went through twenty years ago.

And now to Linux.

If there's a problem here for the future of Linux, it's that the big media conglomerates simply don't understand it. They are used to dealing with content platforms that are owned and controlled by big companies. They are used to being able to sign agreements with these big companies, which in turn means that they know who to sue if their copyright is breached. With Linux, who do you sue? (The big media corporations aren't the only people who think this way: one factor impeding the uptake of Linux in large corporate IT situations is management fears that if something goes wrong, there's nobody to sue.)

The big danger is that Linux, due to its open architecture, will be seen as a pure copying and cracking tool by the big media corporations. A closed operating system is one that can be forced (via legal agreement and software device driver) to comply with the diktat of CPRM or SDMI copying control. But a truly open system is one where top-down controls tend to be subverted. We've already seen a truly ferocious legal dust- up begin over the DeCSS crack to DVD region encoding; the great fear is that some large organisation like Sony Music will try to get the US state courts to ban Linux entirely on the grounds that it is a tool for circumventing copyright protection and hence illegal under the US Digital Millennium Copyright Act (2000). We can assume that companies like Redhat, SuSE and IBM, and organisations like the EFF, would fight this kicking and screaming all the way to the supreme court -- but how effectively remains to be seen.


Storms can blow up in a hurry, and calm down almost as fast. It's now three weeks since the CPRM controversy erupted, and although it's not over yet some rather interesting developments have taken place in the intervening time.

A fair amount of spin has been emerging from IBM and Intel, who are suggesting that the CPRM plan deals only with removable drives (such as IBM's MicroDrive CF2 hard disks). Andre Hedrick, a Linux developer and member of the T.13 committee, proposed that the CPRM control should be made software-configurable, and could be switched off. This proposal was bounced by the committee, but there's a counter-proposal that will effectively differentiate between removable and fixed ATA drives -- and CPRM will not be supported on fixed drives. As of mid-January this looks set to go through, and implies that the major sponsors of CPRM in the hardware community are sensitive to consumer pressure. However, CPRM is also being proposed in the T.10 committee that sets the standards for the SCSI device interface, so the storm isn't over yet.

Talking to the computer

I'm writing this piece using a rather different tool from the one I normally use to write my column. Yes folks, I'm not typing this or selecting letters using a text widget: I'm dictating it to my laptop.

You see, some months ago I began to get pains in my wrists. If you have never had RSI consider yourself lucky; what begins as a dull ache in the back of your hands, with stabbing pains running up the middle finger, builds up over time until you can't get to sleep at night. You try various things to reduce the pain, but none of them work. Hand exercises don't work. Go see the doctor? Yes, but they're likely to prescribe lots of time with no typing: this isn't much help if you're a freelance journalist.

So now I'm trying IBM ViaVoice for Linux. No, you can't buy it in the shops. You can't even buy it via IBM's Web site. They sell it, but only for the American and Canadian markets (even though it works fine with English English once you train it). I'm finding it an education. I've come to the conclusion that I've been spoiled recently; all the software I use is relatively mature and robust. Even a development release of a linux kernel takes less setting up than a speech recognition application. ViaVoice for Linux comes in a nifty box containing a CD-ROM and a microphone. First, you must set up sound support on your computer.

As if that isn't enough, you must download and install version 1.2.2 of the java linux runtime on your computer. When you stick the CD-ROM in your machine you have to locate the read me file, figure out how to run the install script ... then run a setup utility to create a voice profile. This latter involves hanging a microphone over your ear and wibbling in to it for about three hours, all the while feeling like a complete idiot. (This isn't helped by the cat glaring at you if you've taken leave of your senses).

Finally you get to play with the IBM ViaVoice dictation application. This is a fairly nifty basic word processing and text editor that's speech-enabled. It understands exactly what you say all the time and gives rise to text that looks a bit like this. Of course you can train it so that it understands you better, but this is a head scratching thing at first because the user interface is documented in an acrobat file hidden deep within the bowels of your system and the readme text doesn't point to it.

ViaVoice does continuous speech recognition. What this means is that it tries to guess the meaning of words from their context in the sentence. You probably remember some weird spelling checkers from the 1980's that tried to do this, with mixed success. ViaVoice works better than those old-time spelling checkers a bit, but it's still prone to errors and training. In fact, I'm beginning to see that using speech recognition software is a bit like learning to type all over again: you have to put in a fairly serious investment of time and effort in order to get the software trained so that it understands your peculiar quirks.

This is not to say that it doesn't work, but it's not a magic bullet: you need to take time to train the speech recognition software, and to learn how to speak clearly into the microphone. All in all, it is no easier than learning how to use a new type of keyboard; however it gives you a chance to strain a whole different set of muscles -- the ones in your throat. If you run into me at a Linux expo and I am talking in a very hoarse voice with an American accent, you'll know who to blame.

IBM ViaVoice for Linux may be going on sale in the U.K. soon: however, it's not the ideal answer to the problem. What I would really like to see is an open source speech recognition system that runs as a kernel module; it would ideally be usable with any application that requires input or output from standard input or to standard output. I want to teach my bash to sing; I want to swear at vi. Another important thing that seems to be missing from ViaVoice is the ability to take your trained grammar with you; I've installed ViaVoice on my laptop, but what if I want to use it on my desktop machine? It's as if every time you moved to a new computer you had to learn a new type of keyboard. The ability to move freely between machines equipped with speech recognition without having to re-train them seems like an obvious requirement, but it's missing. It's also a business opportunity: IBM could open-source the ViaVoice product and still make money by providing an ASP (a centrally hosted system selling a subscription-based service) that keeps track of your speech patterns and makes them available to any ViaVoice client you sit down in front of.

[ Site Index] [ Linux Index] [ Feedback ]