Father of MPEG Replies To Jobs On DRM

marco_marcelli writes with a link to the founder and chairman of MPEG, Leonardo Chiariglione, replying to Steve Jobs on DRM and TPM. After laying the groundwork by distinguishing DRM from digital rights protection, Chiariglione suggests we look to GSM as a model of how a fully open and standardized DRM stack enabled rapid worldwide adoption. He gently reminds Jobs (and us) that there exists a reference implementation of such a DRM stack — Chillout — that would be suitable for use in the music business.

Re:What's with the Pro DRM Articles?

[Anonymous Coward]

God forbid we try to actually understand the various facets of the argument! Being a zealot is based on blind faith that your view is right!

Re:Completely Moot

[Mateo_LeFou]

He's right that redefinitions of digital "rights" "management" to suit the speaker is pernicious, but in my opinion it's because the people trying to implement the stuff are almost always being deceptive.

If "management" *could mean (as TFA suggests) just attaching stuff to your work that indicates what you think your rights are, I'm all for it I guess. Attach it, be honest, and I'll avoid most of your crap like the plague.

But what many technologies do is actually digital rights *enforcement (i.e. of what your rights are) on people who might not share that opinion; in a great many instances, the federal government agrees with the *recipient about what is allowable.

Standards adoption in an existing marketplace

[appleguru]

DRM isn't necessarily evil; it's the unfair enforcement of such DRM that is, which is his main point. He's also saying also that a standard unencrypted mp3 can have DRM merely by being bound by a license agreement; it's once you start employing a digital means to enforce those terms that DRM begins to become intrusive. Chiariglione goes on to talk about open DRM standards and how the music industry should adopt one to promote interoperability. The problem there is that not everyone will adopt the standards, be it for their own personal gain (IE, Apple), or because they're existing technology lacks the capability of supporting a new standard (IE, retroactive compatibility wont be there). This is the main argument for completely open and free MP3 files; anybody with a player since 1992 can play mp3s. Granted, if apple were to ever go DRM-Free, it'd be with unprotected AAC (MPEG-4) files, but the idea is the same.

Re:As a wireless/microwave engineer

[sidz1979]

Despite disliking DRM, GSM is the most sophisticated communications protocol that I have ever seen. I have read the standard (dispite getting a headache in 5 minutes) and it is totally locked down using encryption, session keys, etc. Perhaps I am in error, but I doubt the standard itself has ever been cracked- unless via law enforcement with the complicity of the companies involved.

However, it is important realize that there isn't as much motivation to crack/hack a communications protocol as there is to break the DRM on music/video. I can bet that there are a lot more "attempts" on Movie-DRM schemes than there would be on GSM encryption.

please define your terms ..

[rs232]

"he uses the term DRM without defining it"

If I was on Usenet I would assume the OP was doing the meaning of the word shuffle. Pretending to misunderstand what the other fella meant and addressing a made up meaning instead.

"while it makes sense to claim, based on empirical evidence, that protected music does not sell, it remains to be demonstrated that managed music does not"

What's the difference between 'managed' and 'protected' in relation to Jobs meaning of DRM and your version of DRM.

'That would be like saying that the Creative Commons movement is a hollow shell'

False analogy and strawman .. :)

"Curiously Steve Jobs restricts his analysis to just one option: how can Apple safely license its DRM technology to other manufacturers and be able to keep its obligations vis-à vis the record companies"

Well he can only speak for Apple after all.

Re:As a wireless/microwave engineer

[iluvcapra]

GSM is very secure, but is a communications protocol, not a DRM protocol. GSM allows Andrew and Betty to talk, without Charlie hearing. As has been stated often before, in DRM, Betty and Charlie are the same person.

Re:Completely Moot

[Mateo_LeFou]

"Our view is it's our job to provide the technology and the content providers can tell us what kind of restrictions and policies they want to apply to that."

That's an interesting opinion to have. If party X is in charge of dictating the restrictions and policies in your product, isn't party X your real customer?

MOD PARENT UP

[Anonymous Coward]

Security protocols can be proved secure (given a few mathematical assumptions on the complexity of the underlying math).
DRM is provably unsecure, since it implies that one party which shares the secret must never learn the secret.

DRM TPM GSM... bwahhh???

[jhealy]

People... PLEASE unabbreviate your abbreviations at first mention in an article. To those that don't know what TPM or GSM are (isn't GSM for cell phones?), this article appears completely ridiculous. I thought it was a joke at first.

Re:Completely Moot

[FauxPasIII]

> I agree, until the DRM algorithms get implanted in the brain there's always a way around it - microphones!

(USian-centric post follows)

Used in that context, microphones are already illegal under the DMCA. It's not hard to imagine a near future where it's illegal to sell speakers or mics which are not DRM-enforcing, with a short grandfathering-in period for already-owned analog-fed gear.

The legal chains are complete. The enforcement machinery isn't in place yet, but it's coming.

All lies in the definition here

[arose]

The author simply uses "digital content protection" where we would use DRM, and DRM as an all encompasing term for encryption, digital signatures, computer readable copyright licenses and probably a bunch of other things he didn't directly meantion. From this he concludes that DRM is both widely used and accepted. Now whether he is trying to convince poeple that the fight is allready lost and we should work on interoperable lockdowns or is just confused himself I don't know.

Re:Completely Moot

[MindStalker]

But the thing is, if Microsoft says, We are going to implement Y system which has XZ restrcition capabilities. The content owners only have XZ as options. But MS choose to have as many restriction capabilities as possible.

Re:Completely Moot

[iamacat]

To be successful in anything, one needs to know when what you believe in is going to be practical or not. Different permissions on music bought from the same store are going to be confusing for both consumers and music labels. A user will not be happy if he brings a CD full of AACs to his friends place and only 1/3rd of them play. Let him burn a plain CD instead and be able to play everything. Big labels will complain that Apple is promoting other people's songs as superior to theirs and withdraw, or demand that Apple also allows them to set custom, more or less restrictive permissions, or variable prices.

In the same way, Apple ties OSX to their hardware, because otherwise it would be either widely pirated or need Windows-style activation. But they are willing to sell upgrades and even expensive pro software without copy protection. All in all, they are making an effort to minimize DRM and its side effects for legitimate users.

What should we believe?

[Nicolas MONNET]

What should we believe? Microsoft's claims -- that they favor and aim to provide an open platform --, or our lieing eyes, which are currently witnessing a thing called "Zune" which is the exact opposite of open.

Sounds like this guy ....

[HerculesMO]

is even more egotistical than Steve Jobs.

He pretty much restates the overall theme of Jobs' point, in a manner that sounds condescending because we "stupid" people don't understand that DRM can apply to multiple facets of information and technology.

What a prick.

Re:Standards adoption in an existing marketplace

[JAFSlashdotter]

DRM isn't necessarily evil; it's the unfair enforcement of such DRM that is, which is his main point. He's also saying also that a standard unencrypted mp3 can have DRM merely by being bound by a license agreement; it's once you start employing a digital means to enforce those terms that DRM begins to become intrusive.

Mr. Chiariglione differentiates between DRM (management), which would be that unencrypted MP3 with license notice attached, and DRM (protection) which enforces.

Chiariglione goes on to talk about open DRM standards and how the music industry should adopt one to promote interoperability.

And when he does, it seems to me that he's in favor of the (protection) form, because here's what he says (from TFA):

Indeed most people are unaware that this 20-year old communication system is based on a very sophisticated DRM (protection) technology that has been standardised by ETSI which also handles the governance.

and then soon after:

The way to go is to have a standard system like the one used in GSM that anybody can practical implement and anybody can use to enjoy the content that they legitimately purchase.

Now, I could be misreading that, but if he says GSM is based on DRM (protection) and music content should use a system like the one used in GSM, then he is advocating DRM (protection), isn't he? So doesn't that land us in the same-old-situation where at some point, my DRM (protection) encumbered content will be inaccessable to me? Will I still have my fair use rights? Will I be able to take a 3 second fair-use sample and attach it to my research paper multimedia presentation on vulgarity in contemporary culture? If the answer is no, I would call that "unfair enforcement".

DRM doesn't kill music; people kill music.

[tepples]

"Our view is it's our job to provide the technology and the content providers can tell us what kind of restrictions and policies they want to apply to that."

"Our view is it's our job to provide the weapons and the warlords can tell us what kind of restrictions and policies they want to apply to that." Where's the difference?

Re:Completely Moot

[node 3]

So Microsoft could choose to go a more flexible route with DRM. That might change the market. But I think we all know that's not going to happen.

When I buy a song from iTunes, I know *exactly* the rights and restrictions applied. Everything in my iTunes library has exactly one of two restrictions: the FairPlay DRM set and none.

With Windows Media Player, I have no fracking clue. Will this track self-destruct in 3 plays? Will this track play indefinitely? Can that track only be used while my subscription is active? Can this one be burnt to a CD?

MS's approach to DRM is the same as their approach to Windows PC technology and is the exact reason their ecosystem, while vast in scope, is also vastly inferior. It's precisely this issue that has led MS to go with the more vertical approach with the Xbox and Zune. It's interesting to note that these two markets where MS is the underdog, where they must woo the consumer with a superior experience if they are to have any hope of success, they take the more controlled, limited approach (the type of approach, in fact, that they deride Apple for taking with their PC hardware and their iPod).

Re:Completely Moot

[VertigoAce]

If they're targetting Apple, you can look forward to a version of iTunes that doesn't work with iTMS and an iPod that is incapable of playing any DRM-protected songs. Apple does not have the right to remove DRM from the songs it sells. The real target should be the companies that license the songs, since they are the only ones that can control the terms of distribution for their content.

Re:Open letter to Steve Jobs

[aristotle-dude]

Many of us bought their first iPod long before iTMS came out let alone available the the country we live in. Canada did not get iTMS until December of 2004. I had bought a 2nd generation iPod in 2002. How did I manage to get music? I bought CD's and tried out eMusic for a bit.

I see that TPM has been mentioned. While my MBP has a TPM module, there are no drivers for it and the updated MBPs do not come with TPM.

Consider this, DRM costs Apple money to implement and update whenever someone cracks it. They are under contract to update it whenever it is bypassed. The DRM is added by iTunes once the download is complete because the RIAA demanded it.

Now consider why MSFT loves DRM and has implemented it deep within the OS to the point of disabling hardware functionality with the protected media path. MSFT makes money on DRM through licensing fees and it also enforces lock in for the windows OS.

Re:Completely Moot

[kosmosik]

> It has already been established that DRM is bad.

It is somekind misleading for me. DRM itself is not bad per se - it is only a product, a technology. Same as with knifes - knifes are not bad. It is bad to kill somebody with knife but not bad to prepare delicious meal using knife.

So using DRM to take their rights from users is bad. Not DRM per se. DRM as a way to control information is neutral. It would me nice to have The Good DRM in your use. F.e. in organisations that proces confidential data - to control how/where and by whom the file can be opened would be Good Thing to have.

So it is not DRM that is bad. What is bad is the notion to use DRM to take away our rights.

Re:Completely Moot

[killjoe]

Gates and Jobs are not essentially doing the same thing. One is telling the music companies to drop DRM the other is saying "whatever you want we will give it to you". I think most people can tell the difference between those two positions.

Word games and red herrings

[argent]

Look, I used to refer to myself as a "hacker". By that, I meant that I was really good at programming. That's what most people who used the word meant. Then people started talking about guys who broke into computers as "hackers" and pretty soon I had to give up using the word the way I was used to.

What Steve was talking about was content protection technologies - restricting the ability of the user through technical means. That's what people mean when they say DRM. Anything you have to say about Steve's letter that doesn't have
to do with that face of DRM is, well, it's got nothing to do with Steve's letter.

Yep, a DRM system that didn't restrict a user's abilities wouldn't get any pushback, Steve wouldn't be writing about it like this, it'd be great, but it also wouldn't exist. The only reason to statically encrypt a published document, song, or movie is to restrict the abilities of the person who buys it. Without region coding, there would be no CSS. Without the restrictions in iTunes music, there would be no Fairplay.

GSM is a red herring. GSM is a communications mechanism. It's not using a broadcast model, the call is point-to-point. Using encryption for authentication and privacy has nothing to do with anything the music industry wants out of DRM. Take out the restrictons on the end user, and there's no point to it.

Fraud.

[Belial6]

Um, if you keep paying a manufacturer for the same product they produced and sold to you already, you haven't bought it, you have rented it. If I buy a laptop, car, or hamburger, I can do as I wish with it and never pay the manufacturer again. If they want me to pay them again, they have to make me a new one. If I go home and manufacture my own burger, no matter how similar to a Big Mac it might be, I do not feel that I have deprived anyone of a way of making a living.

In fact, I believe that most media companies are committing fraud as a standard part of their business. They keep "Selling" products to customers, and then after the sale, they claim that you did not buy the Music/Movie/TV show, but instead only paid a licensing fee to view it under specific conditions. As far as I understand the term fraud, knowingly entering into a financial transaction that you intend not to fulfill the terms of is it.

Heck, just last night, I saw an ad that specifically said "Buy an episode of Battlestar Galactica". Now, I highly doubt that they are actually selling the episode. I believe that what they are doing is trying to trick the public into thinking they are buying something, but will tell them later that they don't REALLY own it. They only 'licensed' the right to view it. If that is not fraud, I don't know what is.

Re:What should we believe?

[dangitman]

No, the owner has complete control of what to listen to. The owner of the Musak owns the property where it is being played. You have got the wrong "you" here. The customer in a store is not the licensee or customer of the music. the owner of the store is, and they are free to play what they want. You are free not to go to those places. Or you could stick your fingers in your ears, I guess.

We must hurry...

[IBitOBear]

"We must hurry to create the prison cell we think is comfortable for fear that someone else will create a prison cell we don't."

This is a false dichotomy, as in both cases we end up prisoners.

Instead of "rushing" to create or accept a single form of Illegal Prior Restraint (often misspelled "DRM") we need to rush to prevent any such Illegal Prior Restraint.

A side effect of this Prior Restraint is that, when combined with the DMCA (in the U.S. and its puppet regimes), is that even as we speak "technologists" can create untested, arbitrary technologies which, at them moment of their initiation have the force of law. That is, if you read the law it basically says "anything created within [these bounds] immediately functions to create a new body of criminal estate, and in so doing may immediately and retroactively reclassify existing technologies and inventions as illegal."

Consider, I produce a tool that does stenographic analysis on images; this tool specifically analyzes an arbitrary image to identify the best ways that the picture _can_ _be_ used to store hidden information. (That is, it identifies the best places and means to encode information. e.g. it tells you that you _could_ fit 2kbits in the sky-part, while you could put 8kbits in the ocean part of a given image before the image is degraded enough to start showing visible signs of manipulation.) This application is completely legal. Then some guy produces an "effective content protection mechanism" that uses the "album cover" image as a Illegal Public Restraint key vector. When he does that, my existing program is "automagically" reclassified as a criminal-grade circumvention tool. It's legal magic!

So, again, here we are being encouraged in a race to the bottom, fueled by technologists who think that just because a thing can be done (half-assed-ly at best) it really ought to be done.

Just say NO to Illegal Prior Restraint and any technology that is being sold to you as a "kinder, gentler" IPR.

Whenever someone proposes something outlandish they are just hoping you will fight them back to "a reasonable compromise", which will seem "not so bad" but which if you mentally went back to before the whole debacle you would see for what it was. A Really Bad Idea.

Enough Already. The continuous questions of the "what if we make it shaped like a bird? What if we make it taste like pancakes?" form are just telling them how to focus their marketing while lulling you into a sense that there _simply_ _must_ be a configuration that you could live with. It's emotional manipulation. You begin to feel unreasonable because you don't want IPR "even if" thy go to the trouble to make it strawberry shortcake IPR with medical care attached lovingly by your grandmother.

You don't want it. You really don't. No matter how palatable they try to make it.

How bout this? I'll cut off your leg and use it to beat your children to death. But I'll give you ice cream... how about that?

IPR is just as self defeating.

The ONLY REASONABLE ANSWER is NO Illegal Prior Restraint.
 

Re:Completely Moot

[killjoe]

"OK, you tell me which one you think is Jobs and which you think is Gates here."

You honestly don't know? You didn't read the recent open letter by jobs? You should.

Re:They are scared.

[mehgul]

Yes exactly!
And frankly, as a Mac user, Steve Jobs has done a much better job for me than any consumer rights group: he has allowed for Mac users to be able to buy music online, something they could not do if there wasn't an iTunes Store. Because almost everything else is under a Microsoft format unreadable on a Mac.
And I say this as someone who never bought anything on the iTunes Store. But at least I have the option. Something Norwegian Mac users won't have in a few months when Apple is forced to close the Norwegian iTunes Store.
Besides those stupid European consumer rights groups would never have opened their big mouths if 'everybody' used PlaysForSure, that is everybody except the few that use Macs or Linux.
Everybody seems to join the Apple/Steve Jobs bashing these days. What they completely forget is that if the iTunes Store didn't exist, nobody would ask for music without DRM. Simply because 95% of music players would only play DRM'd WMA, and everything would 'interoperate' under Microsoft's God given right to monopolize whatever they touch.

Re:Completely Moot

[senatorpjt]

Advertisers are the customers. Viewers are the product.

Not so *simple* after all

[Skalibre]

~ Er, .. what exactly was so 'simple' about Leonardo's way to "skin the DRM cat"? While he supplies clear definitions of exisiting systems and issues, he still doesn't address how the issue can be *solved*. And, in my opinion, the DRM of the GSM system is not quite the same apple as an MP3. Artists and Record Co.'s stand to lose if people distribute music freely. User experience cannot be closely monitored and people will complain if, for instance, they bought a perfectly encoded mp3 (m4a) from the iTunes Store but listened to it on a Zune or a Creative Zen player! How often are customers complaining about GSM because their cellphone reception quality is bad? They'd either blame the network provider or the handset manufacturer not the underlying DRM/ software!! A closer comparison, in this case perhaps, would be the 'Visa' / 'Mastercard' systems. (Note that sometimes customers still do have troubles when they shop at a store that only accepts one system). So in the end the "innovativeness" or the extent of services offered and the friendliness is going to determine what DRM system will prevail and Apple does have a stronger culture for offering a much more friendly User Experience and technology. Ultimately though, if DRM is totally done away with, as Jobs suggests, the iTunes/ iPod market will expand itself to accommodate those Users who want to shop on iTunes Store but use other mp3 players [than the iPod] and further to customers who want to own an iPod but not necessairly shop on iTunes Store. The user base of iPod/iTunes will remain fairly steady (because,let's face it, it IS a superior product/ service experience). None others, in the industry, have come close to offering such a clean experience. Steve Jobs is probably right in suggesting that abolition of DRM should not affect the Records Companies adversely and that it may, in practice, stand to improve sales and customer satisfaction. In my [humble and not-so-business savvy] opinion though, it may only improve the sales only marginally but i do think it will be a positive trend for all. ~

Re:Completely Moot

[Kadin2048]

Yes, the limit is on the playlist, not on the songs themselves. So if you make a mix CD and burn it 5 times (or 10 times, whatever), it will stop you. But you can delete that playlist, and make a new one that's different, but which could contain some of the same songs, and burn it another x times.

I'm not sure how closely it tracks the contents of the playlist; you might be able to recreate the same playlist with trivial differences (song ordering, adding a 1s blank track, etc.) and keep churning them out.

All it does is stop you from mass producing the same mix CD over and over. It's one of those restrictions that I'm sure were insisted on by the record companies, because it has almost no effect whatsoever on reality.

If you really did want to churn out copies of a mix CD, you can just make one copy, quit iTunes, put the disc in, and copy it using Toast or Apple's Disk Utility. (Oh, crap, I probably violated the DMCA there. Ignore everything I just said, even though anyone with a Mac and an IQ above room temperature could figure it out.)

This, I understand, is different from WMA's restrictions, where the software actually keeps track of how many times you've burned a track, and will cut you off. Furthermore, many WMA based systems have restrictions that make certain tracks "unburnable," so you can make up a playlist, only to have it fail because certain songs are playable (and event transferrable to a Fauxpod, but not burnable to a Red Book CD).

The simplicity of FairPlay's restrictions is definitely part of its success.