Digital Watermarking vs. DRM On Music Downloads
I ran across this discussion on Slashdot today.
For people who aren’t familiar with DRM, it’s a kind of copy-protection technology that limits how you can use something you buy. Apple’s iTunes Music Store uses DRM (mostly) for music downloads; if you download a DRM’ed song from iTunes, you can transfer it to your iPod no-hassle, but if you want to use it on another device, you can’t without first jumping through some hoops- like burning the music to a CD (where the DRM can’t follow) and ripping the music back, which degrades the quality of the audio.
The attitude behind DRM is offensive, to say the least. DRM, in general, is based on the assumption that the customer is a thief and must be sandboxed, for the protection of the music industry as opposed to the interests of the user.
Watermarking, on the other hand, is a technology to mark the music file in a unique way that (ideally) is inaudible. Apple recently introduced watermarked, un-DRM’ed audio and there’s talk from other companies about adopting watermarked audio.
I think that the introduction of watermarking over DRM has the power to be a good thing. When a person downloads a watermarked song from iTMS, it’s tagged with their user information and nothing else. It makes no assumptions that the user is a thief and must be sandboxed to prevent them from stealing, but rather assumes that most of their users will probably use the music legitimately, but that some will probably share it, and that, therefore, they should include a way to track it back to the original customer.
Naturally, watermarking is only a first step in the direction of sanity. The way that RIAA and MPAA assert their copyright after first getting a name is still insane. For instance, when RIAA or MPAA sue someone, they generally get that person’s name by collecting the IP addresses of computers that are illicitly sharing files and subpoenaing the names of the accounts attached to the IP address at the time of sharing from the ISP the address came from.
The problem with this line of reasoning should be obvious: there is no guarantee that the owner of the account illicitly shared the file. Computers are used by multiple people. People who haven’t touched a computer in their lives have been sued over songs they could not have possibly shared because of this kind of reasoning.
In order for watermarking to be a positive step, however, the assumption that whomever the watermark (or, for that matter, IP address) leads RIAA to is necessarily the original sharer must also die. What if my iPod full of legitimate, watermarked music is stolen and the files shared? Unless I had good documentation that could prove I could not have uploaded the music (such as evidence that the first upload occurred after it was stolen), then there’s no demonstrable way to counter the watermark’s significance in court.
Or, what if someone hops on my computer, grabs a few songs without my knowledge, and shares them? People share songs to and from computers at schools all the time. Just one watermarked song that later gets into someone’s Limewire share and the original buyer could get screwed.
Naturally, the latter situation is harder to guard against, especially if the end user is unaware that the file is watermarked. The former can be protected against by reporting the theft.
Cease-and-desist letters are poor protection against the latter, of course. Of course if the file is copied without the knowledge of the owner the owner only bears responsibility insofar as they didn’t secure their computer against it.
There are, of course, other problems with watermarking. Removing the watermark is usually trivial (though I’ve heard of some watermarking systems where it’s supposedly impossible to strip the watermarks). I know that for Apple’s iTMS, it took only days before the watermark was discovered and a tool released to zero out all the user information.
I’ve also heard accusations that watermarking could be used to frame people by the RIAA- ie, they watermark a file to you, they release it to Limewire or wherever, and you get sued to kingdom come. I’m not too concerned about this right now. Most of the shady things RIAA does relate to poor methodology and reasoning, not to outright corruption.
I honestly believe that, sooner or later, the AA’s will realize the unsustainability of treating paying customers like crooks and suing them accordingly for offenses that they may or may not have committed. They are, after all, businesses, not ogres.
