Monday, February 6, 2012

How DRM/Copy Protection Do Not Stop Piracy but Hurt Honest Consumers

Sometime ago in a futile attempt to control the content consumers purchased, companies pressured by the Motion Picture Association of America (MPAA), Recording Industry Association of America (RIAA) and others began including something new with their purchases. They called it Digital Rights Management (DRM). Often this was software that consumers would have to install on their computers with no choice, in order to play the purchased content.

Very often this software is badly written, so bad, in fact that consumers who are not tech savvy are simply unable to use the product they have legally purchased. In some cases, like the famous Sony DRM rootkit debacle, DRM was installed on consumers computers that was essentially malware. It was a a copy protection scheme that could not be seen or removed and made it much harder to play the music people had legally purchased. And because it was a rootkit, it could be exploited quite easily allowing nefarious users the ability to install malware and hide it within the rootkit, creating a security nightmare. If not for the efforts of Mark Russinovich we may have never even known about it.

I remember when Spore came out, I had seen a demo of it and thought it looked like the game I would be most likely to play when I wanted to waste loads of time. So when it came out, I like most people went right to Amazon and reserved my copy of it. When it arrived, I installed it and like most games it had a product key, and I not only expect that but accept it as part of the business of buying games and software now.

These types of anti-piracy tools most people generally accept and have no problem with just entering the code and installing it. So I entered my code, installed the game, signed up for an account and played the game. It was fantastic, to this day, still one of the best games I have ever played. Now for me, I had purchased it for my mac, but immediately I noticed it ran just "ok" on the mac, so I figured screw it I'll install it on my windows machine and see if it plays better. So I entered the code again, installed the game signed in and played.

It played loads better on the windows machine and I was fine with that. But then I realized I wanted to have it on my laptop as well as my desktop so I could use it anytime I really wanted to play, so I decided to install it there too. Now some people will say well you shouldn't be able to install the game on so many computers, and I say why not? I purchased the game legally and I only ever played it on one machine at a time, and no one else ever used my machines so there was no chance anyone else could ever play Spore using my account at the same time I wanted to play it, nor did I even think it was possible, after all they required you to login.

So later when my desktop died I needed to reinstall everything, this of course included my games and so I installed all my games including spore, only when I tried to install Spore this time it complained, saying I had already installed it the maximum number of times. WTF? That made no sense how can you restrict the number of times I can install something I legally paid for, you don't have that right. Well apparently Electronic Arts (EA), the company that distributed Spore, believed they did. Without the knowledge of anyone who purchased the game, EA had created a DRM schemed that prevented a person from installing the product code more than three times.

Well I was pissed off and actually I wasn't the only one, many consumers called, emailed, wrote letters and flooded forums with posts all griping about this draconian scheme of protection that, while designed to protect EA from mass piracy had backfired preventing consumers the legal right to install something they had purchased. After all, hard drives go bad, systems crash, and computers change. Should we be locked into a scheme that makes us spend $50 on software that is only good for three uses and then stops functioning? I mean seriously where in society would that be acceptable?

You purchase a new car, and after three trips to the Starbucks it stops running. Your new TV stops showing you a picture after three days of usage and you are expected to buy a new one? No that kind of shit would never fly in the real world. So needless to say I was able to install Spore on my new windows install. How you may ask or maybe you already know. Like the tens of thousands or more who purchased the game and wanted to actually play it, I checked my favorite bittorrent site for a software crack or some other tool that allowed me to play Spore and found a way to circumvent the technology. Under the law of the Digital Millennium Copyright Act (DMCA) I had just committed a crime. Do I feel bad, absolutely not, well at least not for EA. I feel bad for the millions of consumers who had no clue how to do this and needed to purchase a new copy of Spore or worse just throw the old one in the trash.

Now through the years, I've purchased a lot of games, music and software, and anyone who has seen my living room can attest to the hundreds if not thousands of DVDs and blu-rays I currently own. I would say that at least 95% of the stuff I purchased included some kind of anti-piracy technology whether it be copy protection, product keys, DRM, or some other funky way of sticking it to the consumer. Years ago, way back when, games even came with a very clever way to prevent piracy where by when the game started up a question would be posed to the user.

The question would be something like "What is the first word of the second paragraph on page 14 of the user manual?" and you'd have to grab the manual that came with the game and look up the answer and type it in. Slightly annoying, but generally these games had no other source of anti-piracy technology in them, so answer a question and then play. I can tell you in all the years of legally purchasing games, software, music and movies, not a single anti-piracy measure has ever stopped me from copying, sharing, uploading, editing, playing, or otherwise using my purchased content. Now the companies that make this kind of shitware will say its a testament to how great their technology is that it never caused me any problems. Well I didn't say that, I just said it never stopped me from using the content as I intended not the way they intended it be used. In fact it often caused me problems.

I stopped purchasing music cds because when record labels starting making these enhanced cds it really pissed me off. Anyone who has purchased one of these feels this way, you put the cd in your computer and it won't let you play the cd. It pops up a dialog box instructing you to install some fucking player you don't want or need to play this cd. Since I can remember, computers have always had built in software that allowed music cds to be played without the need of third-party software to be installed.

In the old days before hard drives ballooned to the disks sizes they are now, space was a precious commodity and you didn't waste it installing software you didn't need. So the idea that I would need some kind of software player from this record label to play my legally purchased cd was a joke. So knowing this wasn't a requirement and knowing it used the autorun function of my windows installation, I held down shift everytime I put the cd in the drive and this allowed me to play my cd. Let me tell you this gets old after you do it a few times.

I stopped buying cds before Napster became huge, and my library already had a nice collection of digital music. I ripped the cds I had and tossed them in the trash and from that point on never purchased a cd again. I currently have a library of something like 60GB of music, but I've seen people with libraries that approached the hundreds of GBs of music. I guess it all depends on how you like to listen to your music, me I don't mind mp3s, they are not lossless but I'm losing my hearing anyway so I don't give a shit how they really sound.

I really stopped purchasing computer games after the Spore incident, not that I've stopped playing them. I do purchase games for the xbox and ps3 not because they can't be hacked, but rather because although theses systems do have anti-piracy schemes, they do not annoy the consumer with product keys, or third-party installations or any of the other shitware that these companies try to force on consumers.

When it comes to movies I flat out won't purchase them online, the MPAA has made it so annoying to purchase film and television content online that its just not worth your time and its certainly not worth your money. Do yourself a favor and buy the dvd or blu-ray. You'll always be able to play it in your home dvd or blu-ray player or your computer without restriction. The tools exist to allow you to rip the content from the disk and take it anywhere. The same cannot be said of online content which is often wrapped in a piece of DRM and has some pretty ridiculous restrictions with it.

Very often when you purchase a movie online you must play it using the player provided to you by the content provider and there is a restriction on how often you can play it, the number of times you can play it and where you can play it. And you'd think with these kinds of restrictions these movies would cost something equivalent to a movie rental from your local video store, but you'd be wrong. These guys expect you to pay usually the same amount of money you'd have to pay for the movie on dvd or blu-ray or give you a small discount of only a few dollars. You only have to do the math to know if you intent on playing this movie ever again, you want the hard copy.

As far as software goes, do yourself a favor and look into the open source market, you will find alternatives to everything you currently use or want to purchase at either no cost or very often a donation of as little as a dollar. Many people have been convinced or convince themselves that somehow using open source software opens themselves up to a security nightmare, and thats just pure bullshit. Open source software is almost 100% more secure than its closed source counterpart. Why you may ask? In the open source community that take it upon themselves to insure the software they are releasing is secure, because doing the contrary would hurt the product.

It's open source, that means anyone and everyone can see how this software is written, finding its holes, its flaws and its just badly written code. And the best part is when users come together in projects to work on these problems, together they create solutions that benefit everyone. This kind of action ensures the integrity of the work by adding checks and balances in the form of users who work with the code. In a closed source situation what motivation do the programmers have to ensure this level of security?

They don't, since they are of the opinion that the less people know about how something works the less likely they will be able to find a flaw. There is no incentive to make better software that protects consumers since no one knows of its defects until they have already been exploited. These kinds of attacks are called 0-day because the first anyone knows of the exploit is the day that it is used. I believe strongly that companies that continue to close their source code should be held responsible when a security flaw is exposed that causes a major loss of data. It is because they close their source to the public, that it is incumbent upon them to ensure such flaws should never happen.

It's a fact that piracy exists here, there and everywhere. It's been here since the first person had something someone else wanted. It will be here long after everyone alive right now is dead and long, long after that. There is simply nothing you can do to stop it, you just need to accept it and get on with living. Companies like the MPAA and RIAA assume they lose revenue because of piracy and its flat out not true. People who pirate things do so because they do not want to buy it. It's really not hard to understand.

If I am not going to purchase your movie ever, then you have nothing to lose from me stealing it since you had nothing to gain in the first place. This isn't rocket science, people. Digital media is not tangible. I'm not suggesting you go out and steal a DVD, although doing so wouldn't hurt the movie studio or cost anyone working on that movie to lose their job, the store that sells the DVD would take the loss. There is no difference between one copy of a movie and ten thousand copies of a movie. If the movie studios wanted to assert some kind of loss they could only assert loss for the original since it was the only tangible copy actually lost.

Before I go nuts again on copyright, I'll just say these kinds of DRM and copy protection schemes do not hurt pirates, it does not stop them and it doesn't stop piracy. What it does do is piss of consumers who spend their money on a product and expect it to work. Now the industry is lucky that most consumers are less tech savvy and just eat the shit these companies are feeding them. Thats going to change as the kids of today get older and become those consumers, they won't be forced to use your DRM shitware and will take only so much of it before they look for an alternative.

In effect you are creating the very culture of people you are trying to protect yourself from. You really think its the little old ladies who are pirating your shit? The youth of today are way more tech savvy than previous generations and that will continue to happen. How long do you really think you can force this kind of shit on people before they find ways around it.



Pages - Menu