Creative Commons for Music: What’s the Point? January 22, 2012
Posted by Bill Rosenblatt in Law, Music, Rights Licensing, Services, Standards.20 comments
I recently came across a music startup called Airborne Music, which touts two features: a business model based on “subscribing to an artist” for US $1/month, and music distributed under Creative Commons licenses. Like other music services that use Creative Commons, Airborne Music appeals primarily to indie artists who are looking to get exposure for their work. This got me thinking about how — or whether — Creative Commons has any real economic value for creative artists.
I have been fascinated by a dichotomy of indie vs. major-label music: indie musicians value promotion over immediate revenue, while for major-label artists it’s the other way around. (Same for book authors with respect to the Big 6 trade publishers, photographers with respect to Getty and Corbis, etc.) Back when the major labels were only allowing digital downloads with DRM — a technology intended to preserve revenue at the expense of promotion — I wondered if those few indie artists who landed major-label deals were getting the optimal promotion-versus-revenue tradeoffs, or if this issue even figured into major-label thinking about licensing terms and rights technologies.
When I looked at Airborne Music, it dawned on me that Creative Commons is interesting for indie artists who want to promote their works while preserving the right (if not the ability) to make money from them later. The Creative Commons website lists ten existing sites that enable musicians to distribute their music under CC, including big ones like the bulge-bracket-funded startup SoundCloud and the commercially-oriented BandCamp.
This is an eminently practical application of Creative Commons’s motto: “Some rights reserved.” Many CC-licensing services use the BY-SA (Attribution-Share-Alike) Creative Commons license, which gives you the right to copy and distribute the artist’s music as long as you attribute it to the artist and redistribute (i.e. share) it under the same terms. That’s exactly what indie artists want: to get their content distributed as widely as possible but to make sure that everyone knows it’s their work. Some use BY-SA-NC (Attribution-Share-Alike-Noncommercial), which adds the condition that you can’t sell the content, meaning that the artist is preserving her ability to make money from it.
It sounds great in theory. It’s just too bad that there isn’t a way to make sure that those rights are actually respected. There is a rights expression language for Creative Commons (CC REL), which makes it possible for content rendering or editing software to read the license (in XML RDFa) and act accordingly. As a technology, the REL concept originated with Mark Stefik at Xerox PARC in the mid-1990s; the eminent MIT computer scientist Hal Abelson created CC REL in 2008. Since then, the Creative Commons organization has maintained something of an arms-length relationship with CC REL: it describes the language and offers links to information about it, but it doesn’t (for example) include CC REL code in the actual licenses it offers.
More to the point, while there are code libraries for generating CC REL code, I have yet to hear of a working system that actually reads CC REL license terms and acts on them. (Yes, this would be extraordinarily difficult to achieve with any completeness, e.g., taking Fair Use into account.)
Without a real enforcement mechanism, CC licenses are all little more than labels, like the garment care hieroglyphics mandated by the Federal Trade Commission in the United States. For example, some BY-SA-licensed music tracks may end up in mashups. How many of those mashups will attribute the sources’ artists properly? Not many, I would guess. Conversely, what really prevents someone who gets music licensed under ND (No Derivative Works) terms from remixing or excerpting in ways that aren’t considered Fair Use? Are these people really afraid of being sued? I hardly think so.
This trap door into the legal system, as I have called it, makes Creative Commons licensing of more theoretical than practical interest. The practical value of CC seems to be concentrated in business-to-business content licensing agreements, where corporations need to take more responsibility for observing licensing terms and CC’s ready-made licenses make it easy for them to do so. The music site Jamendo is a good example of this: it licenses its members’ music content for commercial sync rights to movie and TV producers while making it free to the public.
Free culture advocates like to tell content creators that they should give up control over their content in the digital age. As far as I’m concerned, anyone who claims to welcome the end of control and also supports Creative Commons is talking through both sides of his mouth. If you use a Creative Commons license, you express a desire for control, even if you don’t actually get very much of it. What you really get is a badge that describes your intentions — a badge that a large and increasing number of web-savvy people recognize. Yet as a practical matter, a Creative Commons logo on your site is tantamount to a statement to the average user that the content is free for the taking.
The truth is that sometimes artists benefit most from lack of control over their content, while other times they benefit from more control. The copyright system is supposed to make sure that the public’s and creators’ benefits from creative works are balanced in order to optimize creative output. Creative Commons purports to provide simple means of redressing what its designers believe is a lack of balance in the current copyright law. But to be attractive to artists, CC needs to offer them ways to determine their levels of control in ways that the copyright system does not support.
In the end, Creative Commons is a burglar alarm sign on your lawn without the actual alarm system. You can easily buy fake alarm signs for a few dollars, whereas real alarm systems cost thousands. It’s the same with digital content. At least Creative Commons, like almost all of the content licensed with it, is free.
(I should add that I wear the badge myself. My whitepapers and this blog are licensed under Creative Commons BY-NC-ND (Attribution-Noncommercial-No Derivative Works) terms. I would at least rather have the copyright-savvy people who read this know my intentions.)
UltraViolet Gets Two Lifelines January 12, 2012
Posted by Bill Rosenblatt in Economics, Fingerprinting, Services, Standards, Video.add a comment
A panel at this week’s CES show in Las Vegas yielded two pieces of positive news for the DECE/UltraViolet standard, after a launch several months ago with Warner Bros. and its Flixster subsidiary that could charitably be called “premature.” Of the two news items, one is a nice to have, but the other is a game-changer.
Let’s get to the game-changer first: Amazon announced that a major Hollywood studio is licensing its content for UltraViolet distribution through the online retail giant. The Amazon executive didn’t name the studio, though many assume it’s Warner Bros. Even if it’s a single studio, the importance of this announcement to the likelihood of UltraViolet’s success in the market cannot be overstated.
Leaving aside UltraViolet’s initial technical glitches and shortage of available titles, the problem with UltraViolet from a market perspective had always been a lukewarm interest from online retailers. As I’ll explain, this hasn’t been a surprise, but Amazon’s new interest in UltraViolet could make all the difference.
UltraViolet is the “brand name” of a standard from a group called the Digital Entertainment Content Ecosystem (DECE), headed by Sony Pictures executive Mitch Singer. It implements a so-called rights locker for digital movies and other video content. Users can establish UltraViolet accounts for themselves and family members. Then they can obtain movies in one format (say, Blu-ray) and be entitled to get it in other formats for other devices (say, Windows Media file download for PCs). They can also stream the content to a web browser anywhere. The rights locker, managed by Neustar Inc., tracks each user’s purchases.
In other words, UltraViolet promises users format independence and a hedge against format obsolescence, while providing some protection for the content by requiring it to be packaged in several approved DRM and stream encryption schemes. It includes a few limitations on the number of devices and family members that can be associated with a single UltraViolet account, but in general UltraViolet is designed to make video content more portable and interoperable than, say, DVDs or iTunes downloads.
Five of the six major Hollywood studios (all but Disney*), plus the “major indie” Lionsgate, are participating in UltraViolet.
One of the design goals of UltraViolet was to ensure that no single retailer could attain a market share large enough to be able to control downstream economics — in other words, to avoid a replay of Apple’s dominance of digital music downloads (and possibly Amazon’s dominance of e-books). To do this, the DECE studios pushed for ways to thwart consumer lock-in by online retailers that would sell UltraViolet content.
The most important example of this is rights locker portability: users can access their rights lockers from any participating retailer. UltraViolet retailers must compete with each other through value-added features.
Amazon’s Kindle e-book scheme offers a good illustration of platform lock-in and how it differs from other features that a retailer can build or offer. If you buy an e-book on Amazon, you can download and read it on a wide variety of devices: not just Kindle e-readers but also iPads, iPhones, Android devices, BlackBerrys, PCs, and Macs — in other words, pretty much everything but other e-reader devices. You get e-book portability — it will even remember where you last left off if you resume reading an e-book on another device — but you are still tied to Amazon as a retailer. If you want to read the same e-book on a Nook, for example, you have to buy it separately from Barnes & Noble (and then you can read that e-book on your PC, Mac, iPhone, Android, etc.).
This lock-in gives Amazon power in the market as a retailer; it had 58% market share as of February 2011 (by comparison, Apple has over 70% of the music download market). UltraViolet wants to make it as difficult as possible for a single digital video retailer to assert such market power.
The downside of that policy has been a lack of enthusiasm among retailers to sell UltraViolet-licensed content — which entails significant development investment and operational expenses. A good shorthand way to evaluate the potential impact of a standards initiative is to look at the list of participants: what points in the value chain are represented, how many of the top companies in each category, and so on. In DECE’s case, members have included most of the major movie studios, plenty of consumer device makers, lots of DRM and conditional access technology vendors, and so on, but few big-name retailers… one of which (Best Buy) already had a different system for delivering digital video content via Sonic Solutions.
Warner Bros. tried to jump-start the UltraViolet ecosystem by acquiring Flixster, a movie-oriented social networking startup, adding digital video e-commerce capability, and using it as an UltraViolet retailer for a handful of Warner titles. This has been little more than a proof-of-concept test, which was plagued by some technical glitches and suboptimal user experience — all of which, according to Singer, have been fixed.
It would be unworkable for Hollywood to pin its hopes for its next big digital format on a small unknown retailer owned by one of the studios. It has been vitally necessary to attract a big-name retailer to both validate the concept and provide the necessary marketing and infrastructure footprints. There had been talk of Wal-Mart entering the UltraViolet ecosystem, although it already has its own video delivery scheme through VUDU. But otherwise, the membership list had been short on major retailers.
Of course, Amazon is the major-est online retailer of them all. And it so happens that Amazon’s digital video strategy is a good fit to UltraViolet in two ways. First, Amazon currently runs a streaming service (Amazon Instant Video), whereas UltraViolet is primarily focused on downloads, a/k/a Electronic Sell Through (EST): the idea of UltraViolet is to buy a download and only then be able to view it via streaming.
Second, Amazon Instant Video does not look particularly successful. Of course, Amazon does not reveal user numbers, but it is telling that Amazon included Instant Video Unlimited as a perk in its US $79/year Amazon Prime program… and that when people extol the virtues of Amazon Prime, they tend to emphasize the free overnight shipping but rarely the streaming video.
The biggest winner thus far in the paid online video sweepstakes is Netflix, with about 24 million subscribers as of mid-2011. Netflix’s subscription-on-demand model is most likely far more popular than Amazon Instant Video’s pay-per-view (except for Amazon Prime members) model. Thus Amazon may be looking for ways to improve its market position in video without having to hack away at the Netflix streaming juggernaut.
The video download market is in comparative infancy. It has no runaway market leader a la Netflix, or Apple in music. If this situation persists long enough, and if Amazon’s trial run with UltraViolet is successful, then other retailers might see UltraViolet as a viable format as well… precisely because it will make them better able to compete with the Online Retailing Gorilla.
Yet the other dimension of UltraViolet that is currently lacking is availability of titles. And that’s where the other CES announcement comes in. Samsung announced a “Disc to Digital” feature that it will incorporate into new Blu-ray players later this year. With this feature, users can slide in their Blu-ray discs or DVDs, and if the content is “eligible,” they can choose to have that content available in their UltraViolet rights lockers for delivery in any UltraViolet-compliant format.
The Disc to Digital feature is a collaboration between Flixster (i.e. Warner Bros.) as online retailer and Rovi as technology supplier. It works in a manner that is analogous to “scan and match” services for music such as Apple iTunes Match: it scans your DVD or Blu-ray disc, identifies the movie, and if the movie is available in the UltraViolet library of licensed content, gives you an UltraViolet rights locker entry for that movie. Rovi’s content identification technology and metadata library are undoubtedly at the heart of this scheme.
There are two catches: first, users will have to pay a “nominal” fee per disc for this service, which is even larger (and as yet unspecified) if they want it in high definition; second, it is limited to “eligible” content, and no one has offered a definition of “eligible” yet (beyond the fact that the content must come from one of the DECE participating studios). But surely the “eligible” catalog will exceed the current list (19 titles) by orders of magnitude, or the service will not be worth launching.
Nevertheless, these developments are very positive news for DECE/UltraViolet after months of embarrassments and bad press. DECE still has lots of work to do to make UltraViolet successful enough to be the major studios’ designated successor to Blu-ray, but at last it’s on track.
*Yes, I’m aware of the irony of using a tag line from “Who Wants to Be a Millionare” in the title of this article: Disney owns the home entertainment distribution rights to that hit TV game show.
The Future of Music: From Blanket Licensing to Registries October 10, 2011
Posted by Bill Rosenblatt in Law, Music, Rights Licensing, Standards.4 comments
The Future of Music Coalition Policy Summit, which took place last week, has been a fixture in Washington, DC for a decade now. For those interested in how copyright has to find its way in the ever-changing world of digital music, this is a wonderful place to spend a couple of days. The FMC Policy Summit is a great event — and an inspiration for our own Copyright and Technology Conference — because it gathers many different types of people and forces them into a single room to get to know one another. As an organization, FMC represents the interests of independent musicians and songwriters, but the subject matter discussed at its Policy Summit should be of interest to anyone contemplating the future of music.
The panels at the FMC Policy Summit cover a range of topics beyond copyright. But last week’s conference had two panels on copyright arcana that were linked implicitly if not explicitly: on the first day, a panel on blanket licensing; on the second, a panel on music copyright registries. Perhaps the most remarkable aspect of these two panels was that digital music expert/ideologue Jim Griffin was on the latter panel, not the former.
Let me take a couple of steps back to explain why this is remarkable.
The treatment of music copyrights most countries is a horrible mess. It is so complex as to be virtually incomprehensible to content creators — the people who need to understand them the most.
If you make a music recording, you have two sets of copyrights: one for the underlying composition (which could be someone else’s if you didn’t write the music), and another for the recorded performance of it. Each of those rights needs to be owned by, granted by law to, or licensed by entities such as record labels, distributors, service providers, and end-users. These rights are handled in various different ways in the United States. Some are implicit copyright rights; some come from so-called statutory licenses that have been added to the copyright law; some result from ad-hoc license agreements; and some come through collecting societies (a/k/a PROs or Performing Rights Organizations) like ASCAP and BMI, which represent only those rights holders who sign up with them.
If you’re already confused, welcome to a very large club.
A few panelists at the FMC Summit — mainly law-professor types who habitually think in terms of concepts and idealism instead of practicalities and the real world — contemplated blowing up the entire system and starting from scratch. Others, such as the new Register of Copyrights, Maria Pallante, settled for “Sure it’s bad here in the US, but it’s worse elsewhere” arguments. Her predecessor, Marybeth Peters, was an advocate of streamlining the entire music licensing process so that content creators can come closer to “one-stop shopping,” as countries such as the UK have attempted.
There are two schools of thought on how to improve a system that, in the words of Gary Greenstein of the law firm Wilson Sonsini (who will also speak at Copyright and Technology 2011), exists primarily to preserve the many jobs that would be eliminated under a more streamlined system. One is to move to a comprehensive system of blanket licensing, i.e. forming entities that represent all music rights holders and license their works under fixed terms. Another is to use technology to measure all usages of copyrighted works and compensate rights holders accordingly.
These two schools of thought are not mutually exclusive. Automated measurement and compensation can work in a blanket or statutory licensing regime if the technology is pervasive and accurate enough. Yet blanket licensing usually works with compensation schemes derived from sampling (e.g., BMI requires radio stations to log the music they play for a couple of weeks each year) or levies (“copyright taxes” collected from makers of consumer electronics or blank recording media). These are blunt-instrument approaches which all but guarantee that “long tail” content creators will not be compensated fairly and that abuses will creep in.
The blunt-instrument school of thought has persisted for quite a while as a lowest common denominator that is at least practicable, even if it has outlived its usefulness. Yet recent developments have proved two important things: first, the blunt-instrument approach has serious limitations in the digital world, given the Byzantine nature of the underlying system; second, better alternatives not only exist but are exposing the inherent inadequacies of the blunt-instrument approach.
The better alternative that has emerged here in the States, according to the views of most FMC Policy Summit attendees, is SoundExchange. SoundExchange came in to being in the early 2000s as the result of laws enacted in the late 90s that established “performance rights in sound recordings”; this meant that online music services had to pay royalties for playing recordings, not just for the underlying compositions. The latter royalties are administered by composers’ collecting societies like ASCAP and BMI. As the result of the new laws, online music services would have to pay performance royalties, though terrestrial broadcast radio would not. (See, I told you this was a confusing mess.)
SoundExchange requires online music services to collect data on the music they play, report the data, and pay royalties accordingly. (Small noncommercial webcasters are exempt from this process and only pay a small flat annual fee.) SoundExchange negotiates royalty rates for various types of digital music services (webcasters, on-demand streaming services, satellite radio, etc.) through periodic rate-setting proceedings before panels of judges in Washington.
FMC Policy Summit attendees — who tend to be musicians, songwriters, or indie label people — see SoundExchange as a beacon of light in the darkness, an organization that gets musicians paid and does it with relative transparency and low overhead, at least compared to older organizations like ASCAP and BMI.
While SoundExchange has shown that automated, data-driven royalty compensation can be done, advocates of blanket licensing have run into a major snag: if you’re going to offer an online music service a blanket license to music, you have to offer it for “all music,” not just some of it, otherwise what you’re offering is not going to be very helpful to the online music service. The problem is that offering a license to “all music” is just plain impossible, at least without an act of Congress like that which produced SoundExchange.
With this insight, naive and idealistic notions such as charging all ISP subscribers a monthly “music tax” that gets (somehow) distributed to rights holders go straight out the window. This is where we finally get back to Jim Griffin: blanket-licensing schemes such as Choruss, the business that Jim Griffin ran for Warner Music Group, are revealed to be the impossibilities they are.
Griffin, a battle-scarred veteran of the early days of digital music, had been an articulate blanket-licensing ideologue for years when WMG CEO Edgar Bronfman asked him to set up a blanket licensing business, which they called Choruss. Choruss failed about a year ago; as I explained at that time, the primary reason for its failure was that it couldn’t get licenses to anywhere near “all music.”
So Griffin has acknowledged the impossibility and moved on. He has turned his attention to an underlying problem that is even more complex and fundamental: the lack of a global registry of all music rights information that would be required to support any kind of comprehensive and fair licensing scheme. At the FMC Policy Summit, Griffin was on a panel on music rights data; he was talking about the International Music Registry (IMR), a project led by the World Intellectual Property Organization (WIPO). Griffin is one of over two dozen people from around the world working on the IMR.
IMR is adopting a federated approach to rights registries that acknowledges and leverages the existences of various “island” registries throughout the world and attempts to build a unifying layer on top of them. (One of these “islands” is the so-called Global Repertoire Database, which is initially focused on Europe.) This approach is analogous to the Digital Object Identifier (DOI) standard that I helped define in the publishing industry in the late 1990s: we wanted a copyright work identifier and registry that could coexist peacefully with various existing standards and registries such as ISBN for books, ISSN for journals, PII for other journals, URL for online resources, and so on. On the other hand, it differs from the Book Rights Registry contemplated in Google’s settlement with book publishers and authors, which would have been a single über-registry for all book content, at least in the United States.
So that’s a long way of explaining what Jim Griffin was doing on the music registry panel instead of the blanket licensing panel at the FMC Policy Summit, and why that’s important. The rights registry problem is the right (no pun intended) one to be working on. If it can be solved, it would get us away from blunt-instrument schemes that encourage systemic abuses and favor big-name artists over the long tail, and it would facilitate content creators actually getting paid according to how much their music is played. It’s a problem that’s worth the monumental effort it will take to solve… if it’s even solvable at all. It will take years to find out one way or another, but it’s worth the journey.
DECE Releases Spec… But It’s a Secret June 15, 2011
Posted by Bill Rosenblatt in Standards.2 comments
I got an email message last week from the Digital Entertainment Content Ecosystem trumpeting the release of the “finalized” version 1.0 DECE/UltraViolet specs.
Under normal circumstances, I would take the time to read the specs and summarize and comment on them here — as I have done with Marlin, Coral, XrML, DMP IDP, hNews, the RIAA watermark payload spec, and various others over the years. But I can’t do that, because DECE is demanding that anyone who wants to download the specs sign a nondisclosure agreement – which they say is non-negotiable.
Releasing a purported digital media standard under NDA (let alone a non-negotiable one) is unheard-of nowadays. Every recent consortium or standards body in this field makes its specs publicly available; at the outside, they require filling out a form with contact information.
If DECE wants to attract positive early press in the run-up to its planned summer launch, this is exactly the wrong the way to start. It’s hard not to draw a conclusion that DECE is using secrecy of the spec to bolster its security scheme; and if that’s the case, security experts will draw the conclusion that it can’t be much of a security scheme. Even the secrecy of crypto algorithms went out of fashion several years ago, dismissed by experts as “security by obscurity.”
Others will immediately assume that this is a sign of yet another paranoid Hollywood cabal and write it off. DECE has not exactly been lavishly forthcoming with information over the past couple of years anyway. Ars Technica had even used largely positive language in describing DECE, but I wouldn’t expect such relative goodwill to continue.
OK, Nate Anderson, Mike Masnick, Cory Doctorow, Slashdot denizens, etc. … all yours, go to it!
On to other matters. I’ve closed the poll I ran last week on Apple’s iTunes Match feature, which enables users to get legitimate versions of non-iTunes music tracks from Apple’s iCloud for a fee of $25 per year. Apple was ambiguous about whether this music would be offered as streams from the iCloud servers or as downloads to iTunes devices — so ambiguous that different journalists and commentators made different assumptions, while others hedged their bets.
By a factor of more than two to one (65% to 30%), the Copyright and Technology readership expects Apple to offer streaming of iTunes Match tracks instead of downloads, and moreover, streaming that only works with iTunes devices — that is, connected iOS devices (iPhones, iPod Touches, and iPads) and PCs and Macs running iTunes software. A tiny 6% of voters expect that Apple will offer streaming to any Internet-connected device, as Amazon and Google do with their cloud music offerings.
I suspect that Apple is ambiguous about iTunes Match because the stream-vs.-download issue is still a point of contention with the record companies and music publishers. Apple undoubtedly prefers downloads for a number of reasons: no need to run streaming servers; lots of downloads to consumer devices promotes purchases of bigger, more expensive devices (as Nick Bilton of the New York Times pointed out). The only disadvantage of downloads to Apple is higher royalty payments, though this may be part of the ongoing negotiations.
The record companies, on the other hand, presumably see high potential for abuse from downloads. For $25 per year, you could download up to 25,000 illegal tracks from your favorite file-sharing site (or rip them from your friends’ CDs), exchange them for legal, high-quality AAC files, and delete the illegal ones. That’s a tenth of a cent per track! Such a deal!
We’ll see who’s right in the fall when Apple launches iTunes Match.
Meanwhile, some of you wondered where I got the phrase “iCloud Cuckoo Land” as the headline for last week’s article. Here’s the answer: search for “Cloud Cuckoo Land” (without the “i”) and you’ll find that it’s a reference to Aristophanes’ satirical comedy The Birds. Cloud Cuckoo Land is an imaginary (and unattainable) idealistic city in the air where everything is perfect. I thought the reference was apt.
Book Industry Bodies Consider DRM… Again May 26, 2011
Posted by Bill Rosenblatt in DRM, Publishing, Standards.2 comments
This week at Book Expo America in New York, the Book Industry Study Group (BISG) and the International Digital Publishing forum (IDPF) held an open meeting to discuss what the two industry bodies should do about DRM standardization.
Although this meeting wasn’t all that well attended — it was hampered by a hard-to-find location in the remote reaches of the cavernous Javits Center — it did provide good insight into book publishers’ attitudes about DRM, now that e-books have a much bigger impact on the industry than they did a few years ago.
Angela Bole of BISG kicked off the meeting by explaining the research and standards body’s role in the process. She emphasized that the reason for BISG’s interest in DRM standardization was to “take friction out of the supply chain” for publishers, retailers, and users. BISG has been successful in promoting other supply-chain-oriented initiatives, such as the ONIX standard for book product metadata.
Then Bill McCoy, Executive Director of the IDPF (and former e-publishing executive at Adobe), laid out a few possible choices for direction that the IDPF could help facilitate, and discussed their pros and cons (mostly the latter):
- Rely on e-books migrating to browser-based delivery on connected devices, meaning that users will no longer need to download e-books, making file-based DRM unnecessary (instead relying on what I call “screenshot DRM,” as currently practiced by Google Editions and Amazon’s “Look Inside” feature). This option isn’t practical because the technology won’t be in place for years, and people still want to own their e-books permanently.
- Go DRM-free. One of the advocates of this approach, Andrew Savikas from O’Reilly & Associates, argued for DRM-free and cited his company’s research to prove that “piracy helps sales” [see note below]. But few major publishers are interested in giving up DRM at this time.
- Gravitate towards a single-vendor solution, as the music industry effectively did with Apple and iTunes. This would improve the user experience, but it would result in a single entity with a stranglehold on supply chain economics; publishers would lose.
- Advance an interoperable DRM standard. By process of elimination, McCoy expressed interest in pushing this model.
The IDPF, and its predecessor organization the Open e-Book Forum (OeBF), have muffed the DRM issue twice already over the past decade. When it developed the highly successful EPUB format, IDPF opted not to include DRM in the specification. This happened primarily because the technology vendors that hold sway at the IDPF did not want a DRM standard: they either wanted to do without DRM entirely or to stick with their proprietary DRM; adopting a standard DRM would be an expense and hassle they would rather do without.
Before that, around 2003, the OeBF tried to define a standard rights expression language (REL) that publishers and retailers could use to express rights that they wanted to grant to consumers as part of a DRM system. The MPEG standards body adopted an REL standard (MPEG-REL) as part of its MPEG-21 suite of standards for digital multimedia. The OeBF decided to create an e-book-specific version of MPEG-REL. (I participated in this effort on behalf of the Association of American Publishers.) MPEG-REL has had negligible impact on the market, and the OeBF’s e-book REL effort went nowhere.
The current state of the e-book market makes any DRM standardization strategy challenging. There are now three dominant platform vendors, each with their own DRM: Amazon, Apple, and Adobe (used in virtually all other e-readers, including the Barnes & Noble Nooks and Sony and Kobo Readers). Any DRM standard would have to either promote interoperability among these or replace them. But the major players are already well established and therefore have little incentive to cooperate. Contrast this with Hollywood, where the market for digital video downloads is arguably less mature.
With that in mind, McCoy posited three possible approaches to interoperable DRM:
- Standardize on a single DRM, the way Hollywood did with AACS for Blu-ray (and HD-DVD).
- Instead of using file encryption, use a type of technique that McCoy has dubbed “Social DRM”: insert watermarks into e-books that contain personal information related to the user, such as a credit card number.
- Adopt a rights locker approach similar to that of Hollywood’s DECE (a/k/a UltraViolet), in which users pay for the right to download a title to one or more e-reading devices of their choice, as long as each device supports one of the approved DRMs.
The first of these options is a virtual impossibility with three platform vendors already established in the market. The “social DRM” technique has been tried in both e-books (by Microsoft in the previous decade) and music, with little success. Furthermore, it’s unclear how such a system would work with the EPUB text-markup format: for one thing, I don’t see how to avoid simple tools for stripping the watermark data from EPUB files without reverting to “regular” DRM.
That leaves the third option, which was the subject of some discussion at the meeting at BEA. The advantage of a DECE-type model for e-books is that it makes it unlikely that any of the platform vendors would need to scrap and replace their existing DRMs. DECE-approved DRMs must merely share certain basic technical characteristics, such as using the same crypto algorithm, so that the central rights locker can store encryption keys that work with all compliant DRMs.
But I don’t see how adopting DECE would be particularly helpful in reducing the number of e-book platforms or promoting interoperability. Of the three major platform providers, at least two (Apple and Amazon) have no history of cooperating with others. The latest market share statistics for e-book retailers, from Goldman Sachs in February, gives Amazon 58% of the market, Barnes & Noble 27%, and Apple’s iBooks 9%. If we assume that the remaining 6% consists of other retailers that use the Adobe platform (such as Sony), then we have Amazon and Adobe fighting it out at a reasonably competitive 58% vs. 33%.
Market forces alone may well reduce the number of dominant platforms to two, by marginalizing Apple as a DRM platform provider for e-books. Both Amazon and B&N have apps that run on popular mobile devices. So one way to achieve “interoperability” is simply to use an iPad, iPhone, Android, or BlackBerry (not to mention Windows or Mac) with both Kindle and Nook apps, and live with two e-bookstores. Apple’s iBooks, which only runs on Apple iOS devices, will isolate itself into irrelevance. And its dependence on the iTunes retail infrastructure hampers Apple from doing the previously unthinkable and switching iBooks to Adobe’s DRM (thereby joining B&N and others to weaken Amazon).
If the book industry really wants to achieve e-book interoperability among dedicated e-readers, then a fourth alternative, beyond those that Bill McCoy suggested, may be worth investigating: Coral. Coral was a consortium led by Intertrust that had developed a framework for actual interoperation among DRMs through trusted intermediary services. This approach makes it possible for a user to call a service to “translate” content from one DRM to another while maintaining security.
Coral still technically exists but has been quiescent over the last several years as Hollywood rejected it in favor of the DECE multi-DRM approach. DECE depends on online retailers building infrastructure to support all compliant DRMs — currently five of them — and agreeing to let users migrate from one retailer to another like GSM mobile subscribers do with their SIM cards. This is unlikely to fly with Amazon or Barnes & Noble.
Instead, Coral would enable users to use their e-books on other devices while letting retailers retain control of their users’ purchase information. This alternative seems more palatable to e-book retailers than the DECE approach, and it would help users.
Technical and licensing issues must be investigated in order to determine whether Coral might be suitable for current e-book platforms. As various participants stated at the BEA meeting, book publishers are far more likely to be successful in pushing for DRM interoperability through industry-wide vehicles than one publisher at a time. The major e-book retailers need incentives to adopt interoperability that will enhance the user experience and help the market grow faster. Publishers can push for such incentives in licensing deals. As long as their actions fall on the correct side of antitrust law, the IDPF has a way forward.
*O’Reilly commissioned my colleague Brian O’Leary to do a study on piracy’s effect on sales in 2008. O’Leary’s findings encouraged O’Reilly to stay away from DRM. When I asked Savikas what the study measured, he stressed that it was a limited study that was only relevant to the way O’Reilly sells and markets its content.
As the author of books published by O’Reilly myself, I would like to assert that O’Reilly is an outlier, and the research results should not be taken as representative of the book industry as a whole. I maintain that both piracy’s effect on sales and DRM’s effect on piracy (or sales) have yet to be measured with any degree of confidence for book publishing (or any other media industry segment) — and perhaps never will.
Here’s why O’Reilly is atypical: first, it is much more active and sophisticated than other book publishers at using online techniques to market and distribute content, thereby making it easier for O’Reilly to monetize content online. Second, this redounds doubly to O’Reilly’s benefit because of the tech-savvy of O’Reilly’s core audience of IT professionals. Finally, O’Reilly’s content attracts an open-source-oriented crowd that has a particular antipathy towards DRM, making a backlash more likely than for other publishers if O’Reilly were to implement it. O’Reilly & Associates is a superb publisher, but its study on piracy and DRM has limited meaning for the industry at large.
DECE Announces UltraViolet Roadmap and Usage Rules January 10, 2011
Posted by Bill Rosenblatt in Devices, Services, Standards, Video.4 comments
The Digital Entertainment Content Ecosystem (DECE) issued a press release in conjunction with last week’s massive CES trade show in Las Vegas. The verbiage in the press release proclaimed “series of milestones in the development and availability of UltraViolet™,” the latter being the brand name attached to DECE-compliant products and services.
So what, for those of us who have been following DECE’s progress over the past couple of years, are those milestones? The most interesting actual accomplishment is one that, unfortunately, I can’t tell you much about: DECE has completed a technical specification. I filled out a web form to request one, hoping that I could have read and written about it by now, but I haven’t gotten it yet.
There are two possible reasons for this: first, the folks at DECE are too busy with CES-related business and haven’t gotten around to it; second, they have decided to make DECE a closed club and not reveal any details without a paid-up evaluation license and/or a nondisclosure agreement. I’ll reserve judgment until a little later on, but let’s just say (once again) that the latter would be a bad idea.
Apart from the spec, the press releases discloses a few items of interest. One is that DECE has set usage rules for UltraViolet accounts. Recall that the heart of UltraViolet is a so-called rights locker service, which is run by the company Neustar. If you buy a movie or other piece of content, Neustar makes a record of your purchase in the central rights locker. This gives you the right to download that content onto any of your UltraViolet-compliant devices, to obtain a physical copy (e.g. on Blu-ray), and to stream it to virtually any web browser through your UltraViolet account.
Now we know that there will be limits to the number of users who and devices that can share content from a single UltraViolet account: 6 and 12 respectively. This is meant to represent the size of a family and its devices. In other words, DECE has decided that the only reasonable way to define what is known as a domain — a group of users and devices, such as all those in a family — is to put limits on users and devices. Other possible techniques include allowing devices within geographic proximity of one another to be in the same domain, but that doesn’t allow for portable or automotive use.
One presumes that those numbers represent a consensus of the content licensors involved in DECE, which include all major movie studios except Disney. But expect those numbers to be points of contention in the future. We’ve seen this before regarding such scenarios as the number of devices that can play content from an iTunes account (five) or the number of devices that can read an e-book in Adobe’s DRM (six, though the number has varied over the years).
Another interesting tidbit from the press release is that the voice of DECE is no longer Mitch Singer, CTO of Sony Pictures and DECE President; it is now Mark Teitell, DECE General Manager. This is evidence that the backers of DECE are investing in resources to make it happen, a good sign.
Otherwise, the CES press release is primarily a series of pre-announcements, a roadmap:
- By the middle of this year, the rights locker infrastructure will be up and running, and the first UltraViolet-based retail services will launch.
- By the end of this year, software updates to PCs and other devices will become available, enabling them to become UltraViolet-compatible. This means, among other things, to be able to read the DECE Common File Format and to interoperate it with one of the five DECE-approved DRMs.
- By early next year (presumably by CES 2012), the first UltraViolet-compatible devices will hit the market.
We’ll see how well DECE fares in meeting those milestones with a critical mass of retail service providers and (eventually) devices. But for now, I’d settle for a copy of that spec.
UltraViolet to Offer White Label Service September 29, 2010
Posted by Bill Rosenblatt in Standards, Uncategorized, Video.add a comment
I recently sat down with Mitch Singer, the Sony Pictures executive who runs the UltraViolet consortium (a/k/a DECE). He showed me something that I hadn’t seen from this type of organization before: a demo.
What I saw resembled a preview of a new media format more than it did the output of a standards initiative. It had the Hollywood-style bombast of, say, the Blu-ray previews several years ago. But beyond that, I saw a mockup of a website that Singer said would be delivered as part of some future release of UltraViolet – not the first release. The demo showed a user interface for a family rights locker, where all of the family’s purchased digital video can be searched, browsed, and called up for viewing. The content is segregated by family member, with the example that kids can’t watch the R-rated material.
Singer explained that UltraViolet will be offering this type of website on a “white label” basis for retailers, which can then simply put their branding on it and sell content. Neustar Inc. will provide back-end services such as identity management and device registration and authentication. In other words, this demo resembles what OverDrive provides for e-book retail sites, what Omnifone provides for mobile music retailers, and what the Associated Press provides for local newspapers’ websites.
This is a huge step forward from what we have seen from similar initiatives in the past, such as Coral, where the standards initiative would hand prospective implementers… a spec. (At least the Digital Media Project offered a reference implementation called Chillout.) It also represents a vast improvement in what we industry folks call marcomm.
It’s too bad that the UltraViolet demo is only viewable from a few laptops (including Mitch Singer’s) and not publicly. And indeed, specs serve a purpose even from the marcomm standpoint: they give everyone something substantive to evaluate. UltraViolet’s “brand launch” a couple of months ago was a failure from a marketing standpoint: because it came with neither a spec nor a technical whitepaper, it was easy for the techblogocracy to dismiss as yet another Hollywood cabal and to misrepresent through not-very-educated guesses about how the system will actually work.
White label services are usually of more interest to smaller retailers than to large ones. The number of major retailers actually participating in UltraViolet is small: among US retailers, Amazon, Wal-Mart, and Target are missing (as is Apple, of course); Best Buy and Netflix are involved but also doing their own things. The major entity that hopes to benefit from UltraViolet is Neustar, which stands to make revenue from every authentication that happens in the UltraViolet scheme.
We’ll have to wait until next year to see the first UltraViolet based services. But in the meantime, I have to wonder: will UltraViolet be dependent on small video stores to succeed?
Assessing the HDCP Hack September 19, 2010
Posted by Bill Rosenblatt in DRM, Standards, Technologies, Video.7 comments
Intel confirmed last Thursday that a hack to its High Definition Content Protection (HDCP) link protection scheme for high-def video had been discovered and published online. HDCP is used in Blu-ray players, DVD players, set-top boxes, and other devices to protect high-definition content when it is transferred to other devices, such as TV monitors. After several days of conjecture and dubiously informed blog posts, some facts have become clear that enable us to assess both the nature and impact of this hack.
First, given that Intel designed HDCP in the first place, we can take its word as authoritative. Second, someone either leaked or discovered the master key* that is used within the “root of trust” for the HDCP system, which is the Intel subsidiary Digital Content Protection LLC (DCP). They also figured out a way to use that master key to generate the unique private keys that DCP normally generates per device, which enable HDCP-compliant devices to encrypt and decrypt content.
There are two big differences between the nature of this hack and that of the CSS encryption scheme for DVDs, to which DRM hacks are often compared. First, CSS was so weakly designed that all the hackers had to do was discover a single set of keys which are present on all DVD players; in contrast, HDCP does not actually store its master key on user devices. Hollywood has at least learned that lesson about key management. In contrast, the HDCP hack depends on computing device private keys on a per-device basis.
Second, not only is computing device keys harder to do, but it can’t be done in software; it has to be done in silicon. We’ll talk more about this shortly when we discuss the impact of the hack.
HDCP is designed to be able to revoke devices with compromised keys. The hack, once someone actually implements it, makes this task essentially useless. An HDCP ripper would keep generating new device private keys, which the overall HDCP scheme would have to revoke by constantly updating lists of revoked devices that are embedded into HDCP-encrypted content, such as Blu-ray discs. It would be both inordinately expensive and ultimately futile to do this.
Worse, it’s only possible to revoke HDCP device keys, not renew them, as is possible in DRM schemes that take advantage of device connectivity, such as Marlin. This design decision results from the fact that many current HDCP-compliant devices are unconnected devices such as Blu-ray players, and it’s only practical to renew keys over a network (just ask makers of SmartCard-based conditional access systems for cable TV, which have to physically ship new SmartCards if old ones are compromised).
The master key for HDCP, like that of other DRMs, was only supposed to be known to a “root of trust” (central security authority) — in this case DCP. Either the key was leaked or it was discovered.
Researchers in 2001 had found a hack for discovery of the HDCP master key that involves collecting 40 different HDCP-compliant devices and working backwards from their private keys to calculate the master key. The number 40 is a function of the configuration of the cryptographic algorithm that HDCP uses: Blom’s scheme, invented in the early 1980s. It determines a data matrix that would have to be kept in memory, the size of which increases geometrically with the size of the number. So, the choice of 40 was a compromise — inevitable in all DRMs — between security and implementation cost.
The eminent cryptographer Paul Kocher — one of the brains behind the BD+ protection scheme for Blu-ray discs — says that the hack resulted from poor design. But it’s also possible that a DCP insider leaked the key. Even if the latter was the case, the system was designed with the weakness that knowing the master key makes it possible to use it outside of the root of trust environment to create device private keys. This was another choice made in the interest of low implementation cost rather than security.
Now let’s talk about the practical impact of the hack. It is just as wrong to suggest, as some have, that the HDCP hack has the same impact on high-definition video as the CSS hack has had on DVDs. Part of the assessment of the strength of the security of a DRM system is that of the fallout when the system is inevitably cracked.
First of all, the impact of the HDCP hack is such that it would be necessary to create chips that implement it. As some have pointed out, a fabrication facility somewhere in China may well be working on just such a chip as I write this, and soon Blu-ray players and other devices with the chip, or standalone HDCP ripper devices, could appear on the black market or outside the United States.
This is a “hardware speed bump” in the sense that someone has to manufacture the devices and sell them, presumably at a profit. Such devices would be illegal in the US and various other countries under anticircumvention law. People would have to find, buy, and use the devices; and the devices would require real-time playback of the video to make the decrypted content available.
In contrast, the CSS hack led to software DVD rippers that anyone could download over the Internet, and the odds of detecting such (also illegal) activity are virtually nil. Furthermore, so-called DeCSS rippers work almost instantaneously and do not require real-time playback. With movies, this is a big difference.
Intel’s stance on the HDCP hack is that it won’t affect their business. You’d expect Intel to say that, but in this case it’s basically true. Unencrypted, uncompressed movies appear on BitTorrent sites now; this process will become somewhat easier for dedicated rippers to do once HDCP rippers become available, but the average BitTorrent user won’t experience much difference.
Let me say this one more time: just because there’s a hack to a DRM scheme does not necessarily mean that every piece of content encrypted with that DRM scheme is suddenly in the clear.
Here is the analogy I like to use to explain this; it is not terribly accurate but illustrative anyway. Let’s say I develop a technique for picking a certain popular brand of combination locks and publish it on a web page. That does not mean that every school locker using that lock is suddenly open and millions of backpacks, sweatshirts and textbooks are stolen. Even leaving aside the fact that a lock-picker has to physically go to each lock and operate on it, taking advantage of the hack may require special skills, special tools, and time to work.
I have not in recent years met anyone in the media industry who believes that any DRM is hackproof. Furthermore, studios treat HDCP and other DRMs as just a few of many tools for keeping consumers buying their content and not infringing their copyrights. Thus, this hack is unlikely to affect the attitudes that Hollywood studios have towards DRM.
*I made a comment on a popular tech blog that there wasn’t a single master key. My comment was incorrect. At the time, I did not properly understand the nature of the hack, and I did not make the distinction between master keys that are actually present on client devices by design (a la DVDs and CSS) versus those that are designed to exist only within the confines of the root-of-trust facility (DCP in the cast of HDCP). However, the author of this blog piece also failed to make that distinction and generally under-researched and mischaracterized the hack, in his usual fashion. For that reason, I won’t name the blog or author.
DECE Is Now “UltraViolet” July 21, 2010
Posted by Bill Rosenblatt in Standards, Video.2 comments
The Digital Entertainment Content Ecosystem (DECE) consortium has announced its consumer brand name: UltraViolet. This is the name that will be used for all DECE-compliant products and services. The company’s press release from Tuesday says that technology specs and licensing agreements are to be available by the end of this year.
The basic idea of DECE/UltraViolet is to offer consumers a way to buy media products — download or streaming — that can be accessed from or stored in a variety of formats and devices. A rights locker tracks users’ purchases and makes their content available in additional formats when users need them, presumably at no extra cost. The rights locker is a central resource to be run by Neustar Inc.; online content retailers will integrate with Neustar’s rights locker. DECE-compliant media files will need to protect content in one of several (currently five) approved DRMs.
The slow pace of DECE progress over the past couple of years has not done wonders for its image in the press, which has been almost entirely skeptical. This week, the launch of the consumer brand without any further technical information has resulted in another wave of press coverage, most of which has been ridden with misinformation, dismissive of “yet another DRM from Hollywood,” or both. Further, the development of DECE has taken place amid a backdrop of major companies launching their own “rights locker” type initiatives, including Best Buy (partnering with Sonic Solutions) and Amazon — as well as Disney offering a putative competing standard called KeyChest whose reality as more than a FUD generator against DECE many are beginning to question.
Standards and consortia are hardly ideal vehicles in which to get things done. They are sometimes necessary because of antitrust constraints placed on entities such as media companies and technology vendors, and they are fundamentally challenged by having to operating in a fast-changing industry landscape. Obviously many companies are attracted to the value proposition for content owners and technology vendors: over 50 such companies are now signed up as DECE members, although only three retailers are on board. But as we say here in America, that’s a lot of cats to herd.
The lack of solid public information about DECE — not even a technical white paper — has not helped matters. The group has released very little substantive information about the technology since I last reported on it back in January. The new UltraViolet website at least attempts to show the consumer value proposition and roadmap for the technology. That’s a step in the right direction. But as UltraViolet’s own roadmap web page shows, it’s a step on a long journey.
(By the way, I have to admit that UltraViolet is a rather clever name: it connotes both “beyond Blu-ray” and “invisible,” both positive associations; although some wags have also mentioned “skin cancer.” I suppose that’s no worse than the biological connotations that some have suggested about the Apple iPad.)
New IEEE Standards Initiative Aims at “Digital Personal Property” July 2, 2010
Posted by Bill Rosenblatt in DRM, Standards, Technologies.8 comments
The IEEE Standards Association has approved the formation of a new working group, P1817, the Standard for Consumer-Ownable Digital Personal Property. Chairing the working group is Paul Sweazey, an engineer who has been working on this idea for some time. A draft spec of P1817 is available, and the first working group meeting of the initiative will be in Silicon Valley on July 14.
The basic idea of P1817 is as old as the first generation of DRM implementations: to approximate important characteristics of physical media products in the digital world, so that physical-world business models can migrate online. But P1817 follows a different approach to this goal than DRM systems have done so far. Briefly, it binds a “playkey” tightly to an encrypted content file, so that you have to possess the playkey in order to play the content (or more accurately, to decrypt a content key which unlocks the content). So far, so typical; but here’s the difference: a key identification and management scheme sits in the background and ensures that only one user can possess a given playkey at a time.
Contrast this with DRM schemes that incorporate licenses that are bound to devices, such as those used for mobile handsets, like OMA DRM v.1. In this type of scheme, it’s not normally possible for a user to pass the content and the license to another user. In other schemes, licenses cover a set number of devices, such as Apple FairPlay’s limit on the number of PCs, Macs, or iPods that can play an encypted iTunes file.
With P1817, it is supposed to be easy for users to pass playkeys to others. Owners of content (e.g., those who purchase it online) also get a second playkey, which sits in what amounts to an online rights locker and allows the user to access the content over the Internet from any connected device.
The purpose of this standard is to make it so that purchasers of digital products get rights that are more similar to those embodied in physical products than has been the case with previous DRMs. You can play the content (on a player that supports this scheme) without connecting to a server for license issuance or authentication. You can give your key out to others whom you trust to give it back to you, just as if you would lend or rent out content; the key is tied to the user’s identity so that rights resembling First Sale in copyright law (a/k/a Exhaustion in most countries outside the US) are ensured.
Sweazey positions P1817 as being different from DRM. He says that DRM is good for models like streaming and subscriptions, which preclude consumer ownership of content, while P1817 is explicitly about ownership.
But let’s face it: P1817 is a form of DRM. In effect, it’s a further extension of a theme pioneered around 2001-2 by Microsoft for its e-book DRM (Digital Asset Server): a publisher could select a level of protection whereby the e-book’s cover page contained some valuable personal information, such as the credit card number used to buy the e-book. The idea was that the user would only feel comfortable giving a copy of the e-book to someone whom she trusted with her credit card number. Later schemes, like Light Weight DRM (2003) and Bitmunk (2004), took this a step further by embedding watermarks into the content with personal information.
Yet in none of those cases was the content encrypted, meaning that users could still make copies and give them to people they trust. Paul Sweazy’s scheme encrypts content and thus does not allow this. His idea is to create an environment where content is protected from rampant unauthorized copying and yet consumers feel that they have bought something that they actually own, and are not “licensing” or “renting” or subjecting themselves to periodic “phone-homes” or license checks or renewals.
Nate Anderson of Ars Technica has raised thoughtful objections to the P1817 scheme. One of them was that because it seeks to emulate the physical world, it’s retrograde. But let’s remember that Apple succeeded with the iTunes Music Stores by emulating the “retrograde” model of a record store online. People understand record stores; they didn’t understand the other online music models of that era (around 2003), which were as confusing and opaque as early cell-phone usage plans. If “retrograde” means that consumers are more likely to accept it, then it may be a good thing.
Anderson also objected to P1817 because it’s a content encryption system and thus is inevitably going to be hacked — and then what happens? My view is that this isn’t all that important. Just as DRMs can be hacked, so can analog products be copied… potentially with some time, trouble, and cost on both sides. I have never agreed with the copyleft truism that DRMs become worthless (from a security standpoint) if they are hacked.
To me, there are more fundamental questions about this scheme that must be addressed. If you’ve followed my writings closely for a while, you can probably guess the first question I’d ask: who would pay for this? I.e., what type of entity would be motivated to pay for the technology necessary to implement P1817 - which relies on hardware and software in consumer devices as well as servers and authentication infrastructure?
Consumer device and software vendors might be interested in adopting such technology if they are confident that media companies will issue their most important content under this scheme. So let’s start answering the question by looking at different media markets.
The music industry? No. They’ve abandoned DRM for permanent Internet downloads and are distributing individual tracks in unprotected MP3 format; and there’s a trend toward file-sharing rules in music services that still use DRM which are already more liberal than those implied in P1817. Music companies would not see a need for this scheme.
Not Hollywood, either: many movie studios are eager not to enable First Sale (Section 109 of the US copyright law) for digital downloads because they believe it means lost revenue from potential incremental purchases. Fox, for example, is even careful to avoid using the otherwise common term “electronic sell through” (EST) to describe schemes like iTunes movie sales; instead they prefer the term “electronic license,” because it implies that the transfer of content to the user is not a sale of a copyrighted work — a question that is unsettled under current law.
If there is a market for P1817, it has got to be book publishing. With a few minor exceptions, book publishers have only implemented digital business models that emulate physical books. There are no analogs to “streaming” in book publishing, unless you count browser-based platforms such as Google Editions or Amazon Pages (which display page images in web browsers). There are only a couple of subscription e-book services in niche markets: only Safari Books Online (O’Reilly and Pearson) for IT professionals and Disney Digital Books for children come to mind.
A DRM system for e-books that emulates First Sale might actually satisfy publishers. After all, book publishers have lived with First Sale – i.e., with public libraries and used bookstores — for decades or centuries longer than record labels or film studios. They don’t like First Sale in certain market segments, such as textbooks, but otherwise most publishers understand that support of First Sale is key to consumer acceptance of e-books.
The objections people raise to e-book DRM generally fall into two categories: you can’t share e-books, and you can only read them on certain devices. P1817, if done right, solves the first of these problems. But it only solves the second if every device implements it. That isn’t going to happen without economic incentive, i.e., subsidy. And even then it’s a challenge.
Open standards in DRM only stand a chance of success if they have financial backing. The only truly successful open DRM standard is OMA DRM v1, which probably has an installed base of a billion units worldwide by now and has been backed by major handset makers. No DRM has ever been financially supported by content owners.
So, there’s the answer to the fundamental question that should determine the success of Consumer-Ownable Digital Personal Property. To grow and succeed, the e-book market has to navigate between the Scylla of platform monopoly (e.g., by Amazon or Apple) and the Charybdis of platform fragmentation (leading to lack of consumer interest). If book publishers are concerned enough about this — as they should be – then they might just be motivated to find a way of subsidizing implementations of P1817 that doesn’t run afoul of antitrust law.
If Paul Sweazey and his IEEE P1817 compatriots believe this line of reasoning, then their market development task is well-defined — albeit difficult to pull off. As with other standards initiatives, P1817TM’s success depends crucially on the types of companies that participate. (Hello, Adobe? Overdrive? Random House? And dare we say it: Amazon? Apple?) We’ll get a clue to this after the July 14 working group meeting. If they do succeed, it would truly be a meaningful new development in DRM technology.
Bill Rosenblatt
Azita Arvani
Bill Jones
Niels Thorwirth
