Kevin Marks recently posted an argument against Digital Rights Management
on his weblog and apparently has submitted it to a working group in the British House of Parliament. When I read his argument, I was astounded. The entire argument is founded on an error, a miscomprehension of a fundamental theorem of Computer Science.
I could summarize Marks' statement into two basic arguments:
1. DRM is futile, it can always be broken.
2. DRM is a perversion of justice.
Marks opens his argument with a huge misstatement of facts:
Firstly, the Church-Turing thesis, one of the basic tenets of Computer Science, which states that any general purpose computing device can solve the same problems as any other. The practical consequences of this are key - it means that a computer can emulate any other computer, so a program has no way of knowing what it is really running on. This is not theory, but something we all use every day, whether it is Java virtual machines, or Pentiums emulating older processors for software compatibility.
How does this apply to DRM? It means that any protection can be removed. For a concrete example, consider MAME - the Multi Arcade Machine Emulator - which will run almost any video game from the last 30 years. It's hard to imagine a more complete DRM solution than custom hardware with a coin slot on the front, yet in MAME you just have to press the 5 key to tell it you have paid.
Unfortunately, Marks has completely misstated the Church-Turing Thesis. It is a general misconception that the Church-Turing Thesis states that any computer program can be emulated by any other computer. This fallacy has come to be known as "
The Turing Myth." This is a rather abstract matter, there is a short
mathematical paper (PDF file) that fully debunks the misstatement Marks uses as the fundamental basis of his argument.
To cut to the core of The Turing Myth, there has come to be a widespread misunderstanding that The Turing Thesis means that any sufficiently powerful computer can emulate any other computer. The Turing Thesis is much narrower, in brief, it states that any computable algorithm can be executed by a Turing Machine. This in no way implies that any computer can emulate any other computer. Perhaps Turing inadvertently started this misunderstanding by a bad choice of nomenclature; he labeled his hypothetical computer a "Universal Machine," which we now call a "Turing Machine." However, a Turing Machine is not a universal device except in regards to a limited spectrum of computing functions.
One joker restated the Turing Thesis as "a computer is defined as a device that can run computer programs." This may seem obvious now, but in Turing's day, computers were in their infancy and the applications (and limitations) of computers were not obvious. As one example of these limits, there is a widespread category of "incomputable algorithms" that cannot be computed by any computer, let alone a Turing Machine. For example, a computer cannot algorithmically produce a true random number, it can only calculate pseudo-random numbers. This fundamental application of The Turing Thesis has founded a whole field of quantum cryptography, encoding methods based on incomputable physical processes, such as random decay of atomic particles. Quantum cryptographic DRM would be unbreakable, no matter how much computer power could be applied to breaking it.
I contacted Marks to inform him of the Turing Myth, in the hopes that he might amend his argument, since it all springs forth from a fallacy. He responded briefly by emphasizing the case of emulating MAME, and cited Moore's Law. Apparently Marks is arguing that since computers are always increasing in power, any modern computer can break older DRM systems that are based on simpler computers. He also appears to argue that emulated computers can simulate the output device, and incorporate a device to convert it on the fly to an unencrypted format, for recording.
Unfortunately, Marks chose a terrible example. The original game systems that are emulated by MAME had no DRM whatsoever. It was inconceivable to the game manufacturers that anyone would go to the trouble and expense to reverse-engineer their devices. The code inside these game systems was designed to run on a specific hardware set, any identical hardware set (or emulated hardware set) could run the unprotected code. At best, these devices used "security by obscurity," which any computer scientist will tell you is no security whatsoever.
Ultimately, DRM systems must not be so cumbersome as to be a nuisance to the intended user. This has lead to a variety of weaker DRM systems that were easily broken, for example, the CSS encryption in DVDs. However, this is no proof that truly unbreakable DRM is impossible or unworkable. As computer power and mathematical research advances, truly unbreakable DRM will become widespread.
Having dispensed with Marks' first premise, let us move on to the second, that DRM is a "perversion of justice." I cannot speak to British Law, as does Marks, however it seems to me that his arguments invoke the aura of British heroes like Turing and Queen Anne, to pander to unsophisticated British Parliamentarians. While his remarks are addressed to Parliament, he has attempted to argue from "mathematical truth" that DRM is futile. I would have expected that his legal argument would have attempted to base itself on more universal international copyright agreements, such as the
Berne Convention. But I will not quibble over the scope of the argument, and instead attempt to deal with the argument itself. Marks states:
The second principle is the core one of jurisprudence - that due process is a requirement before punishment. I know the Prime Minister has defended devolving summary justice to police constables, but the DRM proponents want to devolve it to computers. The fine details of copyright law have been debated and redefined for centuries, yet the DRM advocates assert that the same computers you wouldn't trust to check your grammar can somehow substitute for the entire legal system in determining and enforcing copyright law.
It appears that Marks' fundamental complaint with DRM is that it puts restrictions in place that prevents infringement
before it occurs. Current copyright laws only allow the valid copyright-holders to sue for damages after infringement occurs. Marks asserts this prior restraint is a violation of due process. However, he is mistaken, the DRM end-user has already waived his rights. When a user purchases a product with DRM, he is entering into a private contract with the seller, he explicitly accepts these restraints. If the user does not wish to subject himself to these restrictions, he merely needs to reject the product and not purchase it, and not enter into that contract with the seller.
I can find no legal basis that would prohibit the use of prior restraint in private contracts. It would seem to me that this would be a common occurence. For example, I might sign a Nondisclosure Agreement when dealing with a private company, agreeing that I would not disclose their secrets. A company might even distribute encrypted private documents to NDA signatories.
Ultimately, Marks' arguments do not hold up to scrutiny. They are based on false premises, and thus cannot lead to valid conclusions. Let me close by following Marks' answers to the questions posed by Parliament:
Whether DRM distorts traditional tradeoffs in copyright law. I submit that it does not. It merely changes the timing of the protection afforded by copyright law. It merely prevents infringement before it occurs, rather than forcing the copyright-holder to pursue legal remedies
after the infringement occurs.
Whether new types of content sharing license (such as Creative Commons or Copyleft) need legislation changes to be effective. Current copyright laws are effective in protecting individual artists as well as corporate interests. Amendments to private distribution contracts such as CC or Copyleft are unproven in court. There is no compelling reason to change current copyright laws.
How copyright deposit libraries should deal with DRM issues. Since all DRM-encumbered materials originated as unprotected source material, it is up to the owner to archive this material as they see fit. Certainly the creators and owners have no reason to lock up all existing versions of their source material, this would impede any future repurposing of their content. Since a public archive of copyrighted material has no impact on the continued existence of original source material, it is up to the libraries to establish their own methods for preservation of DRM playback systems.
How consumers should be protected when DRM systems are discontinued. How were consumers protected when non-DRM systems were discontinued? They were not. I cannot play back Edison Cylinder recordings with modern equipment, yet I could continue to play them back on original Edison Phonographs. Vendors can not be required to insure their formats continue forever, this would stifle innovation.
To what extent DRM systems should be forced to make exceptions for the partially sighted and people with other disabilities. Disabilities are as varied as the multitude of people who have them, no DRM system could possibly accommodate all disabled persons. Some accomodations make no sense, for example, an exhibit of paintings or photography will always be inaccessible to the blind. "Accessibility" is a slippery slope, there will always be someone who complains they need further exceptions. Forcing owners to provide exceptions for disabilities will only lead to increasingly costly demands for accommodations upon content providers, which would stifle their ability to provide products for mass audiences.
What legal protections DRM systems should have from those who wish to circumvent them. DRM systems should be afforded protections available under whatever private contracts they license their work, just as the law exists today. End-users who are entitled to Fair Use already have the ability to request source material from the owners.
Whether DRM systems can have unintended consequences on computer functionality. This is a design issue, not a legal or political issue. Nobody can doubt that
any computer program can have unintended consequences.
The role of the UK Parliament... I abstain. Parliament is not my bailiwick.
In summary, I believe that Marks' argument is based on two fallacies, and that his conclusions are based on a political wish, not a legal or technical argument. DRM is a compromise, some people (even me) may consider it a poor compromise, but I cannot see any technical or legal reason to burden content providers with even more ill-conceived compromises.