The Federal Trade Commission, the US regulatory body that handles consumer protection and disclosure issues, held a “town hall” conference on DRM in Seattle today, on the campus of the University of Washington. The FTC held the conference to help inform their officials about DRM so that they can determine whether and how to impose regulations requiring consumer disclosure of DRM features in digital media products and services.
The FTC did a nice job in soliciting input from a wide range of people. Yet it would have helped if they had set some ground rules – such as describing to attendees just what the FTC does, and more important, what it is unable to do. Without such ground rules, the input – from presenters as well as from questioners in the audience and online – went all over the map.
And there were many presenters: an assortment of people from trade associations, advocacy groups, technology vendors, academia, and consultancies. Each presenter had a modest eight minutes to make his or her case. The conference was streamed live; audio, slides, and transcripts are available.
Much of the discussion was not about consumer disclosure; instead, it was about the DMCA, DRM interoperability, piracy prevention, privacy, malware (viruses, spyware, rootkits, etc.), the rights of content creators to get paid, “three strikes” rules for ISPs, etc., etc., etc. Yet the level of knowledge about DRM among most of the presenters was impressive, the highest I’ve seen in this type of gathering.
Of course, the anti-DRM crowd expressed support for strong disclosure requirements, often adding that they did not go far enough. The more interesting nuances came from industry trade association representatives, the type of people who usually try to discourage government regulation. These included Fritz Attaway from MPAA (representing the movie studios), Patrick Ross from the Copyright Alliance (content creators), Lee Knife from the Digital Media Association (online content service providers), Bo Anderson from the Entertainment Merchants Association (media retailers), and Matt Schruers from the Computer & Communications Industry Association. None of them rejected the idea of mandatory disclosure. This probably means that they don’t believe they can prevent it.
Many speakers complained about the length and unreadability of end user license agreements (EULA), and that EULAs are only accessible after a user has purchased a product. The problem is that if digital content providers were required to disclose everything on every conference presenter’s wish list, they’d end up with disclosure statements that dwarf those EULAs.
I called for the FTC to keep disclosure requirements tractable, mainly by sticking to features that are unique to DRM and of interest to users, such as content usage rules, methods of authentication, and so on. Other speakers wanted to pull in issues of privacy, control over device resources, security risks and other issues that are not only conceptual and subject to values-based interpretation but are also issues found in many different types of software. (There was some disagreement about whether these issues are really unique to DRM; Alex Halderman, the respected Princeton researcher who is now a professor at the University of Michigan, took the other side of this point.)
There were some enlightening moments at the conference about the differences among DRM that people don’t notice because it’s unobtrusive, DRM that does things that are detrimental to users without notifying them, and digital products that outright misrepresent what their DRMs do. Everyone agreed that deceptive marketing is a bad idea on ethical grounds and that going against consumer expectations is a bad idea because it will likely put you out of business. Everyone also agreed that consumer education on an issue as complex and ever-changing as DRM is a tall order.
Requiring digital content providers to disclose DRM-related features is undoubtedly a good idea in principle; whether the FTC can come up with a scheme that is useful to consumers on an ongoing basis is another matter. Thanks to this workshop, they ought to have more than enough input to get started.