Information Wants to Be Free
By Seth Ross
It's one of the most compelling paradoxes of the digital age: Information
wants to be free, because it has become so cheap to distribute and
copy. It also wants to be expensive, because owners often derive
great economic value from it. This is the heart of many of the current
debates and lawsuits about intellectual property.
Many intellectual property owners benefit or wish to benefit from
the cost effectiveness of digital delivery. Record companies, for
example, embraced the compact disk and have reaped generous profits
from this low-cost, high-fidelity format. Book publishers are evaluating
various "e-book" formats with the idea of converting their book-bound
property into freely moving bits.
Unfortunately, for entities like record companies, the same ease
of copying and distribution that built the CD audio industry now
enables widespread copying and easy re-distribution of any electronic
media. The tendency of these bits to move freely enables the kind
of piracy encouraged by Napster. To some extent, intellectual property
(IP) companies in the record, book, and other media businesses want
it both ways: easy and cheap distribution of their bits, without
any easy and cheap re-distribution.
This simply isn't possible. The idea that one can widely distribute
bits without widely distributing bits is absurd. Sure, one can use
strong encryption to protect information. But if you want others
- including paying customers - to be able to access it, then you
have to provide the key. Once you provide the key, that key becomes
another set of bits that can be readily copied and re-distributed
along with the protected data.
Enter the Digital Millennium Copyright Act (DMCA) of 1998. Section
1201 of this US law makes it illegal to create any technology or
device which is "primarily designed or produced for the purpose
of circumventing a technological measure" that protects copyrighted
material. The IP companies pushed hard for this bit of legal paradox.
Information may want to be free, but the DMCA simply makes it illegal
for anyone to actually devise ways to free it.
Computer security in general - and encryption, access control,
and copy protection in particular - is very difficult to get right.
Rather than recognizing this, the DMCA provides legal protection
for all kinds of weak, second-rate, snake-oil encryption schemes.
Rather than investing in strong cryptosystems and authentication
systems, companies have discovered that they can bypass challenging
scientific questions by releasing crappy protection schemes and
then suing whoever has sufficient curiosity or scientific integrity
to call them on it.
Case in point: Hollywood's Content Scrambling System (CSS) is designed
to control access to movies recorded on Digital Versatile Discs
(DVDs). CSS encrypts data with a weak 40-bit key stored in every
DVD player and in DVD playback software for Windows and Macintosh.
It took a Norwegian teenager a long weekend to defeat the system
and develop software called DeCSS that allows DVD movies to be played
back on computers that run the Linux OS.
Using the DCMA, the motion picture industry has sued or threatened
to sue a variety of publishers and web sites for merely linking
to the offending code. This has inspired hackers and academics alike
to devise even more flexible and efficient ways for Linux users
and others to watch the DVDs they've paid for. See Dr. David S.
Touretzky's Gallery of CSS Descramblers at http://almond.srv.cs.cmu.edu/~dst/DeCSS/Gallery/index.html
Note that CSS does not protect against the kind of professional
piracy that is the true source of economic damage to the movie industry.
Nothing in CSS prevents mass duplication of DVDs. Its main impact
is on legitimate DVD owners who want or need to play their DVDs
on unapproved devices like Linux computers.
Second case in point: Adobe's eBook Reader, which allows electronic
book publishers to prevent customers from copying or printing the
electronic books they buy. Adobe's protection measures are weak.
Dmitri Sklyarov, a Russian programmer, found an easy line of attack
and developed a tool that can strip away Adobe's controls and allow
eBook customers to regain beneficial and fair use of the products
While the development of such a tool is perfectly legal in Sklyarov's
home country, he made the mistake earlier this month of presenting
his work at a conference in the US. He was arrested by the FBI on
the basis of a purported criminal violation of DCMA Section 1201.
Sklyarov remains in jail even though Adobe subsequently withdrew
its support for the criminal complaint. You can find out more about
his case and the resulting protests at http://freesklyarov.org/
Hollywood and Adobe are fighting losing battles. It's unlikely
that they'll ever be able to successfully criminalize and suppress
technologies that circumvent other technologies. Information wants
to be free, and the very existence of a technology that provides
protection implies the possibility of a technology that defeats
that protection. Even as their access control schemes get stronger,
they won't be able to defeat professional pirates, who will always
be able to capture an analog signal and then duplicate at will.
Legislating against disruptive technologies is no more productive
than legislating that the sun will rise in the west tomorrow, or
that the value of pi is 3.1, or that evolution hasn't occurred.
If you need to protect data, you're going to have to spend time
or money to develop strong crypto-based security. If you need to
protect data and publish it widely, you're out of luck. It's possible
that someone will develop a new technology or method for simultaneously
protecting data and publishing it freely. For now, content companies
must develop realistic business strategies and models that acknowledge
the current technological reality. The laws of science will always
win out against legislation and litigation.