EFF Asks FTC To Demand 'Truth In Labeling' For DRM

from the that's-a-strategy dept

Interesting move by Cory Doctorow and the EFF in sending some letters to the FTC making a strong case that DRM requires some "truth in labeling" details in order to make sure people know what they're buying. We've been pointing out for years, that DRM often means that you don't really own what you think you bought. The argument is pretty straightforward:
The legal force behind DRM makes the issue of advance notice especially pressing. It’s bad enough to when a product is designed to prevent its owner from engaging in lawful, legitimate, desirable conduct -- but when the owner is legally prohibited from reconfiguring the product to enable that conduct, it’s vital that they be informed of this restriction before they make a purchase, so that they might make an informed decision.

Though many companies sell products with DRM encumbrances, few provide notice of these encumbrances. Of those that do, fewer still enumerate the restrictions in plain, prominent language. Of the few who do so, none mention the ability of the manufacturer to change the rules of the game after the fact, by updating the DRM through non-negotiable updates that remove functionality that was present at the time of purchase.
The letter also includes numerous examples of people being stymied from actually using products they had purchased, thanks to unclear DRM restrictions. Here's an example from the music world:
Adam J installed Microsoft’s Groove and it automatically imported his iTunes and Amazon libraries, and automatically -- and erroneously -- flagged 30% of his collection as being DRMencumbered. It then added Groove’s own DRM to these tracks, and they will no longer play unless he buys a premium connection and even then, only when he is connected to the Internet.
And here's one from the hardware world:
John F bought a 27” Sony Wega HD flat-screen TV from a Best Buy store in 2004, believing that the set’s HDMI port would accommodate his PC, allowing him to use it as both a TV and a computer monitor. However, Sony had deployed DRM code to prevent this use, significantly reducing the value of his $2,100 purchase. There was no notice of this DRM, and store personnel were not aware of it.
There are a lot more like that. In a separate letter from EFF, along with a number of other consumer interest groups, but also content creators like Baen Books, Humble Bundle and McSweeney's, they suggest some ways that a labeling notice might work.

This is an interesting approach to dealing with DRM. I'm always a little wary of the need to go running to the government for help without other alternatives being exhausted first, but the letters do make a strong case that this is a longstanding problem that has not been solved through the marketplace. Of course, it might be nice if retailers simply adopted this directly first, rather than it getting to the point where the FTC needs to step in.



Reader Comments

The First Word

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 8 Aug 2016 @ 7:13am

    That TV is just defective. I'd have brought it back for a refund. Although I certainly wouldn't have purchased anything from Sony in the first place.

    reply to this | link to this | view in chronology ]

  • icon
    Inwoods (profile), 8 Aug 2016 @ 7:25am

    "Adam J installed Microsoft’s Groove"

    Bullshit. No one in the history of the internet has ever done that.

    reply to this | link to this | view in chronology ]

  • identicon
    Christenson, 8 Aug 2016 @ 7:31am

    DRM -- digital rights mismanagement

    Remember the sony rootkit???

    And what about my internet-connected CAR, where remote hacking is now a possibility? Not to mention a police search that turns up the entire driving history of the vehicle, including my speed just before I killed someone in an accident?

    And, for my own case, I have an 8051 emulator from NoHau. This was big...in 1996... to run it today, I have to run it in a Windows XP virtual machine with the date no later than June, 2012 -- due to an accident (a bug) in the DRM programming.

    Yup, FTC: We need *much* better disclosure. Does it have to be connected? What can it store? What are the actual rights I have purchased? and if it breaks?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Aug 2016 @ 7:37am

    I was acquainted with an elderly woman years ago who downloaded Enya's Time from iTunes, boy was she PO'd when she found out she could only listen to it on her computer. Later that month it seems one of her bank accounts was drained dry. I often wonder if that was when hackers got her financial info, when she purchase that overprice mp3 file from Apple.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Aug 2016 @ 11:05am

      Re:

      That's a strange anecdote: back when iTunes sported DRM, the option was to play it in iTunes or burn it to CD. Once on a CD, it was completely free of DRM.

      As for wondering about financial info via Apple: there has been no disclosed data breach of AppleIDs since the AppleID program went online, so you can stop wondering :)

      There's enough bad DRM-related stuff going on that we don't need to drag speculative hearsay into the mix.

      Sticking with Apple, currently I have to digitally sign my software once a week if I want to keep it running on my devices, otherwise I have to pay Apple $99 for an annual certificate for the same privilege. Why not just set it up so I can sign my device AND the software with the same key that lasts for more than a week??? It would cover most of the same security issues, but I'd get to run the software I not only own but created, without having to go back to Apple again and again for permission.

      reply to this | link to this | view in chronology ]

  • icon
    Mason Wheeler (profile), 8 Aug 2016 @ 7:40am

    This is an interesting approach to dealing with DRM. I'm always a little wary of the need to go running to the government for help without other alternatives being exhausted first, but the letters do make a strong case that this is a longstanding problem that has not been solved through the marketplace.

    Of course we need government to solve this problem; government created it! Bear in mind that, if you strip away the legal context and look purely at what DRM actually does, what you see is a hacking tool. If it were not for the DMCA specifically giving it legal validation and protection, deploying DRM would be a criminal act. (And those legal protections and validations being repealed would be an unambiguously good thing, but that's another matter...)

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Aug 2016 @ 8:14am

      Re:

      Of course we need government to solve this problem; government created it!

      Created by...

      We The People!

      Next time be sure to put the blame where it properly lay!

      reply to this | link to this | view in chronology ]

      • identicon
        Agena, 8 Aug 2016 @ 8:54am

        Re: Re:

        Next time be sure to put the blame where it properly lay!

        Oh, so you take personal responsibility for everything the government does? Please post your personal address and contact information. There are a few things that some people might want to come "talk" to you about.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 8 Aug 2016 @ 10:18am

          Re: Re: Re:

          We voted for the assholes that create these laws.

          This means "we" are the root of the problem.

          Go ahead, see if you can even get any meaningful number of people to go and march on Congress for these problems.

          None of our Founding Fathers would be voted into Office Today. The American Citizen is the problem! Completely ignorant of how their own government works and will do and say anything to avoid responsibility for their own actions, even when caught red handed!

          America is a Nation full of lying, backstabbing, ignorant, and corrupt individuals. The worse part is the juvenile denial about how far this Nation has fallen.

          Sure there maybe many decent people here, but they are clearly in the minority!

          reply to this | link to this | view in chronology ]

          • icon
            John Fenderson (profile), 8 Aug 2016 @ 10:24am

            Re: Re: Re: Re:

            So what is your proposed solution, aside from discouraging people from getting more involved by insulting them?

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 8 Aug 2016 @ 11:02am

            Re: Re: Re: Re:

            Still waiting for your personal contact info.

            reply to this | link to this | view in chronology ]

          • icon
            That One Guy (profile), 8 Aug 2016 @ 11:18am

            Re: Re: Re: Re:

            So I'm curious, exactly how much blame do you place on the politicians? You know, the ones actually writing up(sometimes) and voting on the laws.

            Do they have any responsibility for their actions, such that it's right to blame them when they do something contrary to public wishes or wants, are they basically puppets for the public such that any and all blame is to be placed on the public (somehow) pulling their strings, or is it somewhere in the middle?

            Judging by your repeating insistence that the public is the one to blame I can't help but think that you place very little responsibility and blame on the politicians themselves, shifting it instead to the public for not... voting better or something?

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 8 Aug 2016 @ 11:21am

            Re: Re: Re: Re:

            > We voted for the assholes that create these laws.

            It's hard for me to tell, are you talking about the government or the MPAA here? You don't have to wait 4 years to stop "voting for" the MPAA.

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 8 Aug 2016 @ 12:14pm

            Re: Re: Re: Re:

            So where is you link to suitable candidates to solve the political problems that exist?
            It is easy to complain about the political system, but much much harder to actually achieve significant political change.

            reply to this | link to this | view in chronology ]

      • identicon
        David, 8 Aug 2016 @ 9:37am

        Re: Re:


        [government]
        Created by...

        We The People!

        Next time be sure to put the blame where it properly lay!

        If I order crème brûlée in a restaurant and the cook burns down the kitchen, should I blame myself for the incompetency of the cook?

        The lawmakers draw a salary that is a heck more than that of a cook. Passing something as braindead as the DMCA on cue of the industry is akin to a cook with five star price tag buying frozen prepared food from the supermarket and being too stupid to microwave it to serving temperature.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 8 Aug 2016 @ 11:49am

          Re: Re: Re:

          Actually, it's more like a 5 star chef being told by the owner that they are no longer able to afford a kitchen staff, while at the same time McDonald's tells the chef "hey - we've got the same items on our menu, and we'll deliver to you for free; just place your orders and we'll take care of the rest!"

          The staffers employed to research and write bills for Congress and the Senate were removed around the turn of the century -- around the same time that laws on lobbying were relaxed.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 9 Aug 2016 @ 6:12am

            Re: Re: Re: Re:

            Sigh. That is the problem with analogies. They are never perfect (and, by definition, can't be), and people nit pick them to death.

            reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 8 Aug 2016 @ 9:46am

        Re: Re:

        Funny, I don't remember when "we the people" were ever consulted on anything related to IP law. In fact the government seems to be going out of its way to avoid consulting "we the people" on that very topic.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 8 Aug 2016 @ 10:19am

          Re: Re: Re:

          That's right! You are not responsible for the people you vote into power!

          You can't be responsible for anything can you?

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 8 Aug 2016 @ 10:58am

            Re: Re: Re: Re:

            Please stop with this silly bullshit, someone might actually think you are serious.

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 8 Aug 2016 @ 11:04am

            Re: Re: Re: Re:

            You can't either, apparently. Contact info, please.

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 8 Aug 2016 @ 10:41pm

            Re: Re: Re: Re:

            No, I guess I can't. How are you working off your part in responsibility for the current state of IP law? Are you submitting yourself to the abusive standards of information and data anti-retention?

            Or is blaming everyone else what you have determined to be the next logical step since you obviously can't blame the government? All right then. Check in again a couple months and we'll see how superior in the ways of productivity your methodology has proven to be.

            reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Aug 2016 @ 8:37am

      Re:

      Bear in mind that, if you strip away the legal context and look purely at what DRM actually does, what you see is a hacking tool.
      That may be true in some cases, but not all. Consider the pre-Internet DRM for games: intentionally ill-formed floppy disks, and later intentionally ill-formed CDs, where the presence of the ill-formed data acted as a flag that this was a copy from the manufacturer, rather than a duplicate made by the end user. Copying tools tended either to fail to copy (because they expected a well-formed input) or to produce cleaned copies, both of which then tripped the game into reporting that it was not being run with original media. Many games had DRM like this, but the extent of failing the DRM check was that the game would not play.

      This is obnoxious, qualifies as DRM in the context of the law, and may qualify as a defective product in some jurisdictions, but I cannot see how that would qualify as a hacking tool. I will grant that some of the newer more invasive DRM techniques are so nasty that they either are hacking tools or leave the system dangerously exposed to them, but it is overstating to say that all DRM are also hacking tools.

      Now that "everyone has an always-on Internet connection" (a product manager meme that I despise), games have switched to using the affirmative response of an Internet-accessible license server instead of checking for a manufacturer-issued CD. Again, this effectively impedes access to the work, both for illegitimate users and for any customers unfortunate enough to incorrectly fail the check (including customers whose only failure is wanting to use the work after the vendor decommissioned the license server). However, as with the CD-as-a-dongle approach, that alone is not enough to be useful as a hacking tool.

      With regard to solving it in the market: if not for the DMCA's anti-circumvention rules, there would be a ready market for DRM-stripping products and services. This is not theory. We saw this with CD ripping and CD emulation software in the mid-to-late 1990s, when customers resorted to ever more elaborate ways of convincing the DRM-encumbered games that launching was permitted. Among other legitimate uses, this was popular with people who regularly played more DRM-encumbered games than they had CD drives available, so it was not possible to keep all the game CDs in the system concurrently. Copying the CD to the hard drive, then mounting a virtual image of it would, if the emulation was good enough, satisfy the DRM's CD check without requiring the CD to be loaded. Yes, this could be abused by gifting/selling the CD after ripping, but it was also used to avoid the wear and tear of constantly shifting CDs in and out of the system. I think I once played with someone who claimed to have used the rip+emulate approach because his CD drive was noisy when spinning (so he wanted it to spin down whenever practical) and tended to spin down when unused, causing the game to stall at awkward points when it accessed the CD again, requiring a multiple second spin-up phase. Accessing the virtual CD on the hard drive was always fast and did not add to noise. The DMCA's anti-circumvention rules prohibit bypassing DRM even for non-infringing uses, so CD emulation for the purpose of bypassing a DRM check is now illegal, as is marketing software to assist in that purpose.

      Remove the anti-circumvention rules and the market would return to solving problems like that. As long as those rules stand, we need pro-customer rules to protect against DRM.

      reply to this | link to this | view in chronology ]

  • identicon
    Quiet Lurcker, 8 Aug 2016 @ 8:01am

    Another Possible Solution

    Force vendors to take one of four choices:

    1. State clearly and unambiguously what the user can and cannot do.
    2. Not restrict, encumber, or otherwise interfere in the lawful and productive use of the product for as long as the product exists, irrespective of ownership. This includes not preventing reconfiguration necessary to such use.
    3. In the case of products which end users cannot reconfigure them for legitimate purposes without falling afoul of DRM, reconfigure the products for the end-users at no cost to the end user for as long as the product exists.
    4. Not sell or rent; offer for sale or rent; refer to or develop the device in question.

    And finally, under no circumstances whatsoever, can the vendor alter the terms of any license agreement covering a product after the product has been sold, without the written agreement and consent of the current owner of the device.

    reply to this | link to this | view in chronology ]

    • icon
      Roger Strong (profile), 8 Aug 2016 @ 8:28am

      Re: Another Possible Solution

      Alas, there are plenty of ways around that wording.

      Like when Google bricked Revolv devices by shutting down the servers - just months into people's "Lifetime Subscriptions." They'd met any "for as long as the product exists" condition, because the moment they shut down the server the product effectively no longer existed.

      The same goes for Microsoft PlaysForSure - so-named to reassure people that this wouldn't happen after they abandoned previous DRM schemes - when it was shut down and replaced by the Zune marketplace. (Which was later shut down and replaced.)

      Companies can also use the age-old maneuver for getting rid of an inconvenient responsibility: Spin it off as a separate company, and let that company go under.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 8 Aug 2016 @ 8:31am

        Re: Re: Another Possible Solution

        Any "lifetime" anything can only ever be correctly interpreted as "for the lifetime of the product or service".

        reply to this | link to this | view in chronology ]

        • identicon
          Agena, 8 Aug 2016 @ 9:00am

          Re: Re: Re: Another Possible Solution

          Any "lifetime" anything can only ever be correctly interpreted as "for the lifetime of the product or service".

          I bought an automobile headlight bulb with a "lifetime warranty" from one of the big national auto parts chain stores. When it failed I took it back and was told that the warranty was for the "lifetime" of the bulb and had expired because the bulb had obviously died.

          reply to this | link to this | view in chronology ]

          • icon
            Roger Strong (profile), 8 Aug 2016 @ 9:40am

            Re: Re: Re: Re: Another Possible Solution

            I wonder if any politicians are promising a "lifetime warranty" on their integrity or campaign promises.

            reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    sara heil, 8 Aug 2016 @ 8:16am

    reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 8 Aug 2016 @ 8:24am

    Malware Superhighway

    It's time the companies making these products be held liable for the gaping holes their products create in peoples networks. If they force us to use their servers for the product to work, then they need to be held accountable.

    reply to this | link to this | view in chronology ]

  • identicon
    Maxwell, 8 Aug 2016 @ 8:37am

    Software should get the same treatment as cigarette packaging rules. I wonder how ugly Uplay would be if we could take a picture of it to put on the package like lung cancer !

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Aug 2016 @ 9:54am

    "John F" and HDMI

    Does anyone know more about this case?:
    John F bought a 27” Sony Wega HD flat-screen TV from a Best Buy store in 2004, believing that the set’s HDMI port would accommodate his PC, allowing him to use it as both a TV and a computer monitor. However, Sony had deployed DRM code to prevent this use
    Why would a TV refuse to display a signal? Is that a real thing now, or just a misunderstanding of what's happening? I know that DRM on computers/players may refuse to show things if the TV doesn't support the right DRM features (HDCP), but I've never heard of the TV refusing.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 8 Aug 2016 @ 11:01am

      Re: "John F" and HDMI

      Yes, the TV can refuse. Usually the only time this happens is when something's screwed up. The way HDCP is supposed to work is that the HDCP-compliant player asks the TV if it's HDCP compliant. If it is, then it presents credentials to the TV. The TV won't display the image if it fails to validate the player's credentials.

      reply to this | link to this | view in chronology ]

    • icon
      Roger Strong (profile), 8 Aug 2016 @ 12:12pm

      Re: "John F" and HDMI

      With a DVD your player (or DVD player software) decrypts the data and send the unencrypted video to your monitor.

      With HD-DVD, Blu-Ray your player or player software sends the data to your monitor still encrypted. The monitor itself decrypts the data. Your monitor and video card must both be High-bandwidth Digital Content Protection (HDCP) compliant for it to work.

      A TV from 2004 would not be HDCP compliant. They nailed down the HDTV standards, released the first wave of HDTVs and monitors to the market AND THEN introduced HDCP.

      For a while the major video card makers charged a premium for HDCP-compliant video cards. Then the first HDCP-encumbered content was released, and many of those cards didn't work with it. The chipsets were compliant, but not the rest of the card.)

      HDCP 2.1 became the standard for 4K content. It's a totally different standard so your old HDCP-compliant HDTVs and monitors won't work with it. But 2.1 had some security flaws, so it's being replaced by 2.2. Which is not bound to backward compatibility to 2.1, so don't count on early 4K TVs to work with new content.

      reply to this | link to this | view in chronology ]

      • identicon
        Chort, 8 Aug 2016 @ 12:16pm

        Re: Re: "John F" and HDMI

        With a DVD your player (or DVD player software) decrypts the data and send the unencrypted video to your monitor.

        No, the decryption is performed in the monitor, after the player sends it the decryption key.

        reply to this | link to this | view in chronology ]

        • icon
          Roger Strong (profile), 8 Aug 2016 @ 12:55pm

          Re: Re: Re: "John F" and HDMI

          Nope. That's how it works for Blu-Ray and HD-DVD. (And some satellite systems like Shaw Direct in Canada, and some streaming standards.)

          With DVD the decryption is done in the player or player software.

          reply to this | link to this | view in chronology ]

          • identicon
            Chort, 8 Aug 2016 @ 1:17pm

            Re: Re: Re: Re: "John F" and HDMI

            With DVD the decryption is done in the player or player software.

            That's not HDCP. We're talking about HDCP. With HDCP the data is encrypted as travels over the wire to prevent the program from being captured by simply tapping into the wire. It isn't decrypted until it gets inside the display/output/receiver device.

            reply to this | link to this | view in chronology ]

            • icon
              Roger Strong (profile), 8 Aug 2016 @ 1:55pm

              Re: Re: Re: Re: Re: "John F" and HDMI

              Well, yes. I stated that in my posts above. The original poster asked a question, a proper answer meant describing the difference between DVD and Blu-Ray/HD-DVD.

              reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 9 Aug 2016 @ 6:15am

            Re: Re: Re: Re: "John F" and HDMI

            Blu-ray HD-DVD decryption is NOT done by the monitor!

            reply to this | link to this | view in chronology ]

            • icon
              Roger Strong (profile), 9 Aug 2016 @ 8:42am

              Re: Re: Re: Re: Re: "John F" and HDMI

              All too often that's the case, yes.

              But when the monitor is HDCP compliant and you don't have HDCP handshake problems and you're not trying to display HDCP 2.2 protected content on an "older" HDCP 2.0 compliant 4K monitor, then the decryption is done by the monitor.

              reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 8 Aug 2016 @ 12:23pm

        Re: Re: "John F" and HDMI

        The question is why would the TV not display unencrypted data from a computer, as the desktop and program outputs do not need or benefit from encryption.
        While from a DRM point of view it makes sense for players to refuse to output to a display that cannot handle the decryption, it makes no sense for the display to refuse unencrypted data,

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 8 Aug 2016 @ 12:59pm

          Re: Re: Re: "John F" and HDMI

          While from a DRM point of view it makes sense for players to refuse to output to a display that cannot handle the decryption, it makes no sense for the display to refuse unencrypted data
          Well, for mass-produced Blu-ray discs, encryption (AACS) is required whether the producer wants it or not. Presumably because some people were making their DVDs more attractive by not using encryption or region coding. If people realize all the shitty parts of their technology are optional, it won't take them long to figure out it's Universal and Disney and the other MPAA member choosing to screw them.

          "Advanced Access Content System (AACS) is required on all Blu-Ray projects, unless you are producing a ROM-only product. Any Blu-ray disc (BD-25 or BD-50) with any video content, be it for commercial or non-profit purposes must pay the AACS fees. ... AACS is required on all Blu-ray discs and costs $1,585 per title plus $0.05/disc"

          That's probably illegal under anti-trust laws, but if the government doesn't care it doesn't really matter.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 8 Aug 2016 @ 2:59pm

            Re: Re: Re: Re: "John F" and HDMI

            In other words it is a back-door method of gate-keeping, if two many people are publishing, just modify the standard and ramp up the costs.

            reply to this | link to this | view in chronology ]

            • icon
              Roger Strong (profile), 8 Aug 2016 @ 3:47pm

              Re: Re: Re: Re: Re: "John F" and HDMI

              It's worse than that. The per-title and per-disc costs are insignificant compared to the initial legal and technical costs to license AACS and HDCP and get started publishing.

              Occasionally the big publishers demand that the hardware makers sell devices that play *ONLY* DRM-encumbered content. If you can't stop self-publishers from distributing their music without you, you can make sure no-one's devices will play it.

              reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 8 Aug 2016 @ 12:24pm

        Re: Re: "John F" and HDMI

        If that's what it is, the EFF shouldn't be blaming a TV manufacturer for *not* implementing DRM. It was the ethical thing to do. They should be blaming whoever made the software that's refusing to display things when there's no HDCP.

        (But if the TV manufacturer did implement some form of HDCP, and it became outdated, they should take some blame: they participated in a system that they knew would be obsolete at the whim of a third party, and didn't warn people.)

        reply to this | link to this | view in chronology ]

        • icon
          Roger Strong (profile), 8 Aug 2016 @ 1:52pm

          Re: Re: Re: "John F" and HDMI

          No, in your first case the software (or hardware player) is working properly. The Blu-Ray/HDCP standard DICTATES no display when there's no HDCP. A better solution is that the media itself warn that an HDCP-compliant player and monitor is required. (I suspect that Blu-Ray discs have this warning, but I don't have one to check. I've avoided the standard.)

          Er, make that warning require a TV that hasn't had its keys revoked...

          Say someone reverse-engineers a Sony TV and extracts its model-specific keys. The DCP LLC authority - which licenses the keys - revokes them. "Compromised" keys are included in a black-list on all Blu-Rays produced from then on. (And presumably through HD cable.) That model of TV - whoever owns them - and likely other models - will simply refuse to play new content.

          So who do you demand redress from? Not the TV manufacturer; they're doing what they're required to do, and in any case it's the player refusing to send the data to the TV. Not the player manufacturer or Blu-Ray publisher or cable company; they're doing what they're required to do. Not DCP LLC; their key revocation requirement was part of the licence the manufacturers and distributors agreed to. Everyone can claim that they're not to blame.

          Fortunately the master key for HDCP 1.x was found and released in 2010, making revocation useless. 2.x has been breached. Dunno if it was the master key, but we'll see if anyone's 4K monitors stop working.

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 9 Aug 2016 @ 7:41am

            Re: Re: Re: Re: "John F" and HDMI

            > Fortunately the master key for HDCP 1.x was found and released in 2010, making revocation useless.

            Not actually. Revocation will still make stuff stop working. With the keys, technically knowledgeable people can work around the problem. Regular people will have to order obscure parts from shady foreign companies, if they know about it at all—and if any companies are willing to take the risks (remember Lik Sang?).

            reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 9 Aug 2016 @ 9:55am

            Re: Re: Re: Re: "John F" and HDMI

            So who do you demand redress from? Not the TV manufacturer; they're doing what they're required to do, and in any case it's the player refusing to send the data to the TV. Not the player manufacturer or Blu-Ray publisher or cable company; they're doing what they're required to do. Not DCP LLC; their key revocation requirement was part of the licence the manufacturers and distributors agreed to. Everyone can claim that they're not to blame.
            Demand redress from the party or parties most able to return innocent consumers to a working state. If multiple parties are equally capable, prefer the one whose actions or inactions are most immediately responsible for the consumer's workflow becoming broken. Since your example posits that the TV key was revoked, the simplest answer would be that the customer can demand that the TV manufacturer provide a way to update the TV to non-revoked keys so that the player will talk to it. (Yes, this creates a vicious cycle where the evil reverse engineers will demand a working TV, then proceed to crack it too, thus resetting the loop. This is not the fault of the innocent purchaser, so it should not be used as a reason not to do this.)

            The only other solution I can see, which is far worse since it still burdens innocent consumers, is that there be a process by which the consumer can demand a full refund for the new content upon demonstration that the consumer's device is on the blacklist. (Yes, this is also exploitable if you're willing to keep on hand both a good TV and a blacklisted TV, then pull out proof of the blacklisted TV whenever you want to return a disc. DRM is broken by design. I like ideas where that brokenness boomerangs back to hurt the entities that force it on everyone, rather than where that brokenness hurts the customer.) This forces the consumer to abstain from any new content, but at least protects them from the situation that they buy an instance of encrypted content that they cannot use. Along this line, it would be in the producer's best interest to make sure that the disclaimers on the packaging make very clear which models of TV will not be permitted to show the disc.

            reply to this | link to this | view in chronology ]

            • icon
              Roger Strong (profile), 9 Aug 2016 @ 10:46am

              Re: Re: Re: Re: Re: "John F" and HDMI

              > Since your example posits that the TV key was revoked, the simplest answer would be that the customer can demand that the TV manufacturer provide a way to update the TV to non-revoked keys so that the player will talk to it.

              The manufacturer would respond by saying that the TV isn't defective. It still plays all the content available when it was sold. The decision to revoke the keys on later media was entirely out of their hands. Nor are they responsible for the Blu-Ray distributors including the keys in their discs' blacklists.

              It's all set up so that in the event of a lawsuit, everyone can point the blame at someone else.

              Now we have new 4K TVs that shipped with HDCP 2.0. Except that 2.0 got broken, and was replaced with 2.2. The 2.0 4K TVs won't work with 2.2 content, and it can't be fixed with a firmware update.

              reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 9 Aug 2016 @ 2:45pm

                HDMI / HDCP / key revocation

                My understanding is that you are incorrect. Once the unfortunate user tries to play a recent BluRay disc, his player will load a blacklist from that disc and declare the TV key to be irreparably banned from ever again working with this player. If the blacklists were not contagious, there would be no need for them to be digitally signed, since a non-contagious blacklist would apply only to the media on which it was stored, not to all players which subsequently read that media. Wikipedia says that blacklists are signed "to keep malicious users from revoking legitimate devices." If my understanding is correct, then the TV is made defective by letting the player read the revocation disc: it becomes unable to play content it played before the revocation disc was loaded into the player. Additionally, if the television vendor advertised the television as being able to play HDCP-protected content (more precisely, "capable of convincing an HDCP-encumbered player device to provide content in a form that the television can render"), then the revocation makes it unable to do so, which would make it unable to perform its advertised features, through no fault of the owner. To me, the customer is now harmed. Under the current legal regime, that customer is without meaningful recourse. Under a pro-customer law, there would be a recourse appropriate to the harm done.

                I understand that the involved parties have spent quite a lot of effort setting up legal fictions to deflect blame away from each other. I accept that, under the current legal regime, they would likely win a lawsuit that tried to hold them to account for their anti-customer actions. I contend that a pro-customer law would be written in such a way that somebody can be held liable in a way that makes the customer whole, whether that be by providing them a product that works as originally advertised or by providing a refund for that product.

                reply to this | link to this | view in chronology ]

    • identicon
      hGriff, 9 Aug 2016 @ 3:47am

      Re: "John F" and HDMI

      It's possible to deny certain inputs on HDMI ports. Sony included that because you might try to watch a not-so-legal copy of something from your computer.

      reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 8 Aug 2016 @ 9:59am

    Alternatively...

    Since DRM means you never actually own the product it's infecting require that it be made clear up-front that you are not buying anything beyond a licence, one that can be changed at whim in the future.

    Prohibit the use of words such as 'purchase' or 'buy' for anything infected by DRM, instead replacing them with 'licence', from the tags on the floor all the way up to the register.

    I imagine if people really knew how little they actually owned the reaction would be interesting, to say the least.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Aug 2016 @ 10:36am

      Re: Alternatively...

      The benchmark of Ownership.

      1. Do you still maintain full possession of item without paying another dime? Taxes, Contracts, or Subscriptions apply here. If you still have to give someone money for it to remain in your physical possession or you lose it, then you do not own it. Examples of NO are your home, things you lease like vehicles, or are paying to own or rent like furniture from Rent-A-Center. Technically government owns ALL land. Stop paying taxes, you will find out who owns it soon enough.

      2. Does the item still fully function without paying another dime? If you must purchase a Contract, Support Agreement, or Subscription for the product to be fully functional then you do not own it. Examples of NO are Cell Phones, Current generation consoles, and OnStar for your vehicle.

      3. Do you have power to block any other 3rd party out of the system directly preventing them from altering your product in any way? Examples of NO are PC's now stocked with Windows 10 where Microsoft prevents you ability to natively stop them from doing things to your Computer.

      People own very very little despite falsely believing that they own much. You just get to have a say in things as long as you pay societies cost of having a say in things.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 8 Aug 2016 @ 12:10pm

        Re: Re: Alternatively...

        You're mostly correct -- but cell phones aren't a good example of #2 -- you can buy an unlocked cellphone, and it's yours. You then rent network access (via SIM card) that allows your phone to talk to other phones and have a number associated.

        You can use the phone over WiFi with no issues (Google Voice will even give you a phone number to send/receive calls!)

        The real problem we're seeing here is bundling. Many companies bundle services and products, and make them near-impossible to separate. The end result is that DRM in the service can make the purchased product useless. You still own it, but it won't perform its intended function.

        Kind of like owning a house, but someone else owns the land and won't let you gain access to the house.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 9 Aug 2016 @ 12:06am

          Re: Re: Re: Alternatively...

          Kind of like owning a house, but someone else owns the land and won't let you gain access to the house.
          Here, if you build on someone else's land, they own the building your paid for, unless you have a prior legal agreement in place.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Aug 2016 @ 10:09am

    It is fraud to not disclose any hidden terms in a purchase agreement ahead of time. Imagine if you signed a contract and, after the fact, the other party arbitrarily decided to throw another stack of pages in the contract that wasn't part of the original agreement and wasn't discussed or mentioned ahead of time. No indication that they could even do this. It doesn't work that way in contract agreements. How could they make you agree to a contract before even letting you read the contract beforehand and without even telling you that there is a hidden contract that you must agree to upon purchasing the product. Fraud I tell you. But in tge United States the government actively protects corporate fraud.

    reply to this | link to this | view in chronology ]

  • identicon
    DRMNotTheSolution, 8 Aug 2016 @ 10:32am

    How about Full Refunds, in writing, always

    Older DRM story
    Bought a bluray player when bluray first hit the market. The Bluray was so new it didn't update drm from the discs, thus it wouldn't play newer bluray's as they cam out, nothing from Disney worked on the player, nothing from Disney, ever, worked...

    I went to my state attorney general's website, filled out a form, 6 months later I received a call from the manufacturer who was willing to provide a newer model. I instead chose a full refund and no longer buy products from them. THEY LOST MY BUSINESS BECAUSE OF DRM.

    DRM sucks, especially when the those implementing it don't even know how to correctly implement it.

    I could provide a list of software products from now defunct companies or companies that refuse to support previous versions which have basically disabled play or use of software that I legally purchased.

    Because I lost a dongle or can't reinstall on an updated or in my case repaired computer DRM has cost me time, money and extreme frustration.

    Worse, some of the many DRM implementations according to reports out there, are vectors for malware. i.e.

    Malware uses Apple's FairPlay DRM to attack iOS users

    Techdirt: Virus Writers Take Advantage Of Sony's Rootkit

    reply to this | link to this | view in chronology ]

    • identicon
      Alya, 8 Aug 2016 @ 11:08am

      Re: How about Full Refunds, in writing, always

      I went to my state attorney general's website, filled out a form, 6 months later I received a call from the manufacturer who was willing to provide a newer model.

      Did the AG also punish them? Or was more like it's OK to rob a bank so long as you offer to give the money back if you get caught?

      reply to this | link to this | view in chronology ]

    • icon
      Ninja (profile), 8 Aug 2016 @ 11:11am

      Re: How about Full Refunds, in writing, always

      Sometimes there are quite simple solutions. For digital content you have file sharing so it's less of an issue. The problem lies when it's a DRM enforced in the hardware level. This shit is rapidly taking over computers and other electronics in general that were relatively ok just a few years ago. We'll see mobos, CPUs and the like ship with goddamned DRM chips sooner or later. Heck, even vehicles for harvesting come with this shit.

      If this is what the future looks like I think I will call myself a Luddite and skip it as much as I can. Or at the very least actively work not to buy these things.

      reply to this | link to this | view in chronology ]

      • icon
        That One Guy (profile), 8 Aug 2016 @ 11:20am

        Re: Re: How about Full Refunds, in writing, always

        Sometimes there are quite simple solutions. For digital content you have file sharing so it's less of an issue.

        Simple perhaps, but the fact that you have to break the law to get a working product is a pretty good indicator that something has gone seriously wrong at one or more places.

        reply to this | link to this | view in chronology ]

        • icon
          Ninja (profile), 8 Aug 2016 @ 11:24am

          Re: Re: Re: How about Full Refunds, in writing, always

          Absolutely. You shouldn't have to be an expert to work around such restrictions just to actually own what you bought. And it's even worse when there are anti-circumvention clauses active. Still, considering what we have now, I'd say that hardware imposed DRM is the worst of DRM faces and the one we should absolutely focus the fight against.

          reply to this | link to this | view in chronology ]

          • icon
            That One Guy (profile), 8 Aug 2016 @ 11:32am

            Re: Re: Re: Re: How about Full Refunds, in writing, always

            True enough, software based DRM can be worked around, even if the methods to do so are illegal, whereas hardware based is not so easily bypassed, giving it a much higher impact and importance.

            reply to this | link to this | view in chronology ]

  • identicon
    Shilling, 8 Aug 2016 @ 11:14am

    Congratulations on purchasing your product.

    This product contains DRM which allow us to control how you use the product. We may alter it however we like at your risk. You may need to connect a camera and film yourself naked before we install basic features but if you are ugly don't bother as we will refuse to install these features anyways.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 Aug 2016 @ 2:52pm

    If TPP passes in the 2016 lame duck session,

    DRM will be "baked in" for the all the countries of the TPP, which means that Congress *can't fix it* later, even if they so desired.

    The whole point of the TPP IP section is to remove Congressional ability to weaken IP laws, DRM included.

    reply to this | link to this | view in chronology ]

  • icon
    Groaker (profile), 8 Aug 2016 @ 7:07pm

    Corporations have demonstrated their ability to utilize the legal system. With new laws that ostensibly remediate anti-consumer legislation, the corporations always seem to end up with more power, control, and profits.

    The only solution is to stop buying anything that is controlled by these organizations. A month of greatly diminished sales will bring about change.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.