The Coming Storm
Bruce Bell, June 3, 2000

Introduction: Paranoia strikes deep

Every now and then, I meet somebody with a particular take on the concept of free software -- call it the conspiracy theory perspective. It goes like this:
"Free software is a great idea, but it's too radical for The Man. If it ever starts to catch on, the Powers That Be will buy it out. They'll make it illegal. They'll do whatever it takes to kill it."

I'm not a big fan of conspiracy theories. Delusions of persecution are the easy way out; they give us something simple to blame in a complicated world. Spinning theories is easy, hacking reality is hard. But we all have to make sense out of the noise somehow, I guess.

Anyway, free software has caught on. What's The Man gonna do about it?

In all rationality, I think we should worry. The current assaults by the recording and movie industries against MP3 and DeCSS are just the tip of the iceberg; there are bad times ahead for the Open Source community, and for cyberliberties in general.

There's no conspiracy. Nobody has a master plan to keep us from having fun. But there is a basic and irreconcilable conflict of interest between those who see computers as user-programmable devices and those who see them solely as devices for delivering their content to their consumers.

We have a fundamental paradigm shift on our hands, and it's going to get us into trouble. Since computers are user-programmable devices, trying to treat them like just another consumer-electronics device is a recipe for disaster.

The media industries facing the prospect of convergence don't see this conflict yet. They'll find their way to it eventually, though -- by sheer instinct, by trial and error, by brute force and ignorance. We have some time, but the Open Source community needs to prepare now to control the damage to come.

Brave GNU world

Richard M. Stallman (RMS), the free software movement's prophet crying in the wilderness, isn't above speculation; check out his right-to-read story. I don't always agree with RMS, but he's got something important here.

"The Right to Read" is a worst-case scenario in which established commercial interests have instituted comprehensive and Draconian hardware-enforced copy protection for all possible forms of intellectual property. "If this goes on" is a long tradition in science fiction, and the usual hope is that following a trend to its logical conclusion in fiction will help us avoid the problems it would cause in reality.

However, the established interests in question would certainly consider the regulatory regime in the story to be the best case, and dismiss RMS's dystopian presentation as blatant propaganda from a bearded revolutionary.

Not everyone will follow why this worst case is supposed to be so bad, or how we might get there from here. It's hard to explain why without a better example.

Enter The Man

Today, my favorite examples of established interests out to screw us all over are the recording industry and the movie industry.

The players in both industries are old-media cartels, whose members dominate production and distribution in their respective markets. These cartels are wealthy, organized, and thuggish, and have the motive and the means to do real damage. They have a lot of practice screwing people over.

These industries routinely herd national legislatures to do their bidding. The recording industry has managed to tax consumers and funnel the money directly to their companies. When originally faced with the prospect of digital audio, they killed digital audio tape (DAT) as a consumer medium in the US, and they don't see why computers should be any different.

Those nasty technical issues

The crack of Microsoft's Windows Media Audio format (WMA) demonstrates some of the problems awaiting old-media interests in their quest to protect their copyrights. Rather than try to figure out how WMA is encoded, "unfuck.exe" just saves the output of the decoder before it's sent to the sound card.

For any audio format, the media player has to decode the data to plain, uncompressed digital audio before sending it to the sound card, so this attack will work on any proprietary decoder program.

The more recent crack of DVD's Content Scrambling System (CSS) demonstrates the more general problem. A loose association of programmers reverse-engineered a commercial software DVD decoder, re-implemented the decryption algorithm, and broke the lame 40-bit code used by CSS. Jon Johansen, a 15 year old from Norway, wrote the simple playback-enabling utility "DeCSS".

The technical reality is that any software-based copy protection is just security by obscurity, subject to reverse engineering. Any player popular enough to make the effort worthwhile will be reverse-engineered.

If it's not practical to stop individual users from copying media over the net, it won't be any easier to stop distribution of "enabling technology" -- software used for unauthorized conversion, distribution, and performance of digital media. If the Soviet Union couldn't stamp out samizdat when all the underground had was typewriters, what chance do American corporate interests have against networked computers?

It isn't even practical for old-media to ignore computers altogether. Even if computers didn't already have CD and DVD drives, the ever-decreasing cost of hardware is driving convergence of media, communications, and conventional computer functions into general-purpose appliances. If old-media companies want to stay in business in the new millennium, they will deal with computers.

It seems the position of the old-media cartels is to accept computers as media players only if the computers act like other consumer media players, with barriers against unlimited copying and transmission of digital media content. Only then will they be able to protect their legal rights from being violated.

Unfortunately for them, the basic function of computers is to transmit, copy, and process digital data. As long as computers are user-programmable, there will be no effective barrier to copying digital media. It doesn't matter what old-media is willing to accept if their legal rights are unenforceable.

Let me be clear: I do not advocate breaking copyrights just because we can. Although the recording and movie industries don't have much room to talk about economic justice, they raise a moral point that those who create music and movies deserve compensation for their efforts.

However, regardless of what anyone advocates, people will copy anyway, because they can. And trying to enforce the unenforceable is not just futile, it's destructive.

Who are these guys?

The recording and movie industries aren't the only old-media groups with an interest in computers, but they're important because they're the first to make a serious attempt at imposing their will on the Net. Future battles will rely on the precedent, both legal and practical, set by these conflicts.

Who makes the decisions for these industries, and what do they want?

They want money, of course -- but more than that, they want control. The old-media cartels are accustomed to controlling their markets, which lets them extract more money.

The RIAA, the MPAA, and their associated ancillary organizations are directed by the head executives of the cartel corporations. To achieve their position, executives in the movie and recording industries must instinctively seek and maintain a position of power. Expect ego to be as important as money in their decisions; it's an adaptive trait in their environment.

These people are not naturally inclined to compromise. It's their way or the highway; you will sign their contract or you'll go begging.

In addition, it seems clear that the people running the cartels aren't technically inclined. In a sense, most of them don't really understand what a computer is. For instance, even if they use MS Office every day, they probably don't distinguish between the application, the OS, and the hardware it runs on. In all fairness, that's not their job -- or hasn't been, until recently.

As long as the old-media moguls don't understand the terrain, they'll be incapable of coming up with workable plans, unable to comprehend why their plans won't work, and unlikely to agree to a workable accommodation with computer technology.

The people who run the legal machinery (legislators, enforcers and judges alike) aren't any more technically oriented than old-media execs. They're likely to be sympathetic to outraged complaints about established legal rights and claims of billions in lost revenue.

If current laws and enforcement aren't sufficient to ensure these legal rights, we'll get more enforcement, in the spirit of the "hacker" raids of the past, and more laws to enable such enforcement.

If enforcement continues to fail, the enforcers (both government and industry agencies) may continue to gain more legal and institutional powers for enforcement. The principle here: if it doesn't work, do it more and harder.

Trust and security

In conjunction with legal enforcement, old-media will reach for the technical fix. Every time new technology threatens old-media control, the instinctive reaction of old-media is to "put something" in the technology to stop it. Media execs may not be technically inclined, but there's no shortage of technical companies eager to sell them solutions to their problems.

Software copy protection may be unworkable, but hardware that refuses to transfer copyrighted plaintext in unauthorized ways -- what some call "trusted client" devices -- is possible. (Of course, this kind of device is exactly what RMS is concerned about in "The Right to Read".)

In the jargon of trusted-client, "trusted" doesn't mean the owner can trust his hardware, it means the manufacturer trusts that it has the exclusive authority to program the device. Also, "security" doesn't mean security for the user, it means security from the user.

The integration of trusted-client copy protection with computers would not benefit the consumers who use them; the constraints on general-purpose copying and processing make trusted-client computers less useful than normal computers. More importantly, it would shift the balance of power completely, from the user to the industries that control the devices. In either case, why would people buy crippled hardware when un-crippled hardware is available?

To be successful at all, trusted-client computers will have to appear first as small, cheap embedded systems, like converged portable cellphone/PDA/media players, or gaming consoles whose functions grow to encompass those of low-end desktop computers. These devices tend to have proprietary hardware and software anyway, and are cheap enough to get away with being crippled.

Vertically integrated conglomerates like Sony, with a finger in every pie, are likely to be the first to try to market trusted-client computers. Although the Playstation is only useful for playing games and CDs, the next generation of game consoles will include Internet access and other capabilities associated with general-purpose computers. Sony is well-placed to make the whole distribution chain proprietary, including music and movie production, consumer-electronics players, computers, and physical storage.

Electronics giant Intel is also well-placed to institute trusted-client hardware. Intel has the capacity to integrate processor, graphics, and support hardware on one chip, stick it on a board, and sell it cheap. While their processor-ID feature recently went down in flames due to consumer protests (and was in itself comparatively innocuous), their publicly declared intentions were directly aimed at instituting a trusted-client regime. In other words, they're working on it, and there is no doubt they can integrate all the necessary features whenever they think they might succeed.

On the whole, though, the computer industry should be our allies. Most manufacturers don't want to redesign their hardware or their software to accommodate trusted-client copy protection. Even in new products, trusted-client systems increase cost and complexity, while decreasing utility. Wherever competition exists, trusted-client systems will be at a disadvantage.

Enforcement and control

The cartels are raising these legal and technical enforcement issues in terms of traditional copyright practice. The ideal seems to be to force computers to make digital data act like physical objects such as CDs, DVDs, and books. Old-media will accept this behavior because they're used to it, and the legal system will enforce it because that's what existing law and precedent are set up to enforce.

However, the cartels also have an inexhaustible appetite for control. If new technology threatens their current dominance, it also gives them an opportunity to extend it.

If technical and legal tools can make your data act like a physical thing, they can enforce other behaviors also. They can control how you play it, and set any kind of pricing scheme. Limited play, pay-per-play, and DIVX-like schemes are some of the possibilities.

In fact, there seems to be no legal limit on the conditions that can be imposed as requirements to view or perform media products. They could require you to stand on your head during the performance, and if your player could detect and enforce those conditions, you'd have to obey or forego the experience.

If you managed to circumvent the enforcement of these conditions, you'd be breaking the DMCA.

Although the current DVD/DeCSS cases are being carefully couched in terms of piracy, the real issue is control. If computer users can write their own DVD player, they can ignore region codes, skip over ads regardless of the commands encoded on the DVD, and in general exert their own control over how they view their DVD collection.

Truth and consequences

This is all is very alarming from a cyberliberties point of view, but what does it have to do with Open Source?

As a current example, the DeCSS mess will make it harder to develop an Open Source DVD player. At best, development will take longer, as the developers deal with lawsuits and uncertainty. If the industry's arguments aren't soundly refuted in court, it will be impossible to distribute a finished player as a standard package in Open Source operating systems.

Other Open Source projects are on the block also. If DeCSS can be banned, CD ripping programs will be easy to outlaw as "primarily for illegal use". Once they intimidate Napster into submission, Gnutella, Freenet, and other distributed file-sharing programs will be targeted for termination.

Most importantly, if computers with trusted-client copy protection become prevalent in the future, they will be deadly to Open Source. Microsoft may be able to get Windows certified to run on trusted-client hardware, but how will you get approval to run your custom-patched Linux kernel?

For now, the recording and movie industries seem to be taking their threats as they find them. Eventually, though, they may learn to know and loathe Open Source in general.

For one thing, once the corporate legal battles are settled, all that's left will be the Open Source offenders. Open Source projects may well be harder to squash; at any rate, they won't react in ways old-media is prepared to understand or accept.

More generally, Open Source products shift the balance of power back towards the user by providing practical alternatives to crippled products. As long as Open Source systems are widely used, they will blunt old-media copy protection schemes indirectly, in ways they can't legally contest.

So, what do we do now?

Given the nature of the participants, I don't think we can avoid this conflict. No matter how much restraint the free software community shows, I doubt the old-media cartels will change their dedication to having it their way. If they need a legal provocation to act, somebody will provide it. The only course left is to prepare for the storm.

If we act now, we can deny the old-media cartels the opportunity to impose onerous copy-protection on us. We can blunt and eventually repeal the DMCA before it can be used in a truly destructive manner. We can make our side of the story heard in the halls of power, and educate our representatives on the consequences of their actions.

We must do these things because the alternative is to dig in and prepare to be driven underground.

Some things you can do to help:


Many thanks to Dan, Jacques, and others on Gale, Jen, Phil, Dan, and the rest at Kaldi's, plus Gavin and everyone else.

Bruce Bell <> first wrote about this topic in a debate a few years back on Computer Underground Digest, a cyberliberties newsletter. In issue 9.77, Wade Riddick published a copy of an open letter to the chairman of the House Telecommunications Subcommittee, advocating a universal copyright protection scheme for computers. Bruce argued against the practicality and desirability of such a system; the result is in issues 9.82, 9.83, and 9.85. He currently works as a sysadmin for Caltech (whose views he does not represent, etc.).