We at Public Knowledge along with many others in the public interest community have always said that content owners have abused DRM to harm consumers. So when the FTC announced its decision to hold a hearing on the issue, we expected that at least some consumer protection measures would finally emerge. Our expectations might have been too high, because towards the end of the hearing it seemed like the agency might not do much in this area. The hearing was held in Seattle, went from 8:30 in the morning till about 5 in the evening, and the FTC heard from a number of experts about both the benefit and the harm from DRM, as well as what could be done to address the harm. A consensus seemed to emerge that a notice of DRM to consumers would be a way to address some consumer harm. Before I talk about how a notice might solve these concerns, let me discuss what was said about the benefit or harm from DRM.
True to form, content owner representatives extolled the virtues of DRM arguing that it actually increases consumer access to content. How? By protecting content, DRM encourages owners to make more content available. In addition, it permits business models such as online rentals and subscriptions to flourish.
Of course, it fell upon consumer interest representatives to point out the many harms DRM has caused to consumers: inability to make back up copies, inability to excerpt from movies or songs to create their own content, devices that do not work with each other, harm to the security of devices, inability to access content if authentication servers go down, …. the list goes on. So what could the FTC do to address these harms? Several speakers, including me, suggested that providing notice of DRM to the consumers before purchase would be one way to reduce some of these harms. The idea is that a notice would allow consumers to make informed choices about products they purchase and lead them to reject unfair DRM. For example, think of how nutritional labels influence what food products you buy.
So what harm would a notice system address? That would depend on what’s in the notice. Many suggested that notice should at least inform the consumers of security vulnerabilities that DRM might expose their devices to. Mattew Schruers, Senior Counsel for Litigation and Legislative Affairs at the Computer and Communications Industry Association (CCIA) and I recommended the most detailed form of notice including requirements that the notice inform consumers of the presence of DRM, that their devices might not operate with other devices, and that certain limitations may be placed on their use. Schruers went further and recommended that the notice should inform consumers about their rights under the law.
Assuming a notice would be this extensive (there was a lot of push back on this from content owner representatives who questioned the need for a notice in the first place), would it address all consumer concerns? I think not. For example, if DRM exposes a user’s computer to security vulnerabilities like, Sony’s Rootkit did, notice would be insufficient to solve the problem. Also where DRM prevents effective competition among devices by creating lock-in (lock-in may occur when a devices’ ability to interact with complementary devices is artificially crippled using DRM), the presence of notice does nothing to help the consumer. For example, where Lexmark used DRM to ensure that only its toners worked with its printers, notice would merely ensure that consumers knew to purchase only Lexmark toners for their Lexmark printers. It would not help promote competition in the after market for toners.
So for all its beneficial effects, a notice regime alone would not help consumers or competition. Yet it would be an important step in reducing the harmful effects of DRM first, by preventing consumers from buying products that would be harmful or useless and second by preventing companies from employing harmful DRM in the first place. After all, what company, would acknowledge that because of DRM its product is not safe or useful for the consumer to purchase? Thus, while the FTC should institute an effective notice regime, as an agency charged with protecting consumers and preserving competition, it should also do more to contain the harmful effects of DRM.
We need a system in place to punish those who deploy harmful DRM on consumer devices. In the Sony Rootkit case, the FTC entered into a settlement with Sony requiring it to pay up to $150 to each consumer to help repair damage to her computer. It also required the company to provide consumers with reasonable means to uninstall the DRM. While, the decision was good in providing relief to consumers, it did not prevent other companies from deploying similarly harmful DRM on their products. In order to protect consumers effectively, the FTC should use its rulemaking authority to institute rules for dealing with those who install harmful software in the name of protecting content.
In cases of lock-in the FTC should investigate whether such practices harm competition and if necessary institute a policy of treating them as unfair trade practices.
Mary K. Engle, Acting Deputy Director of the Bureau of Consumer Protection at the FTC opened the hearing by explaining that the FTC understands that consumers are affected by DRM and need to be educated and informed about its use. On the last panel of the day, we heard from FTC staff who answered questions from the audience. The staff seemed unsure about how the FTC would proceed now that they had had this hearing. In fact, Engle explained that although the FTC has rulemaking authority, the agency did not exercise that authority unless Congress told them to. This left me wondering what the purpose of holding the hearing was. After hearing about consumer harm caused by DRM for a whole day, the agency should realize that it has both the power and the obligation to act. If the agency does not act on its own accord, let us also hope that Congress prevails upon the FTC to act.
DRM will never work when the
DRM will never work when the DRM holder can throw a switch at anytime and turn the use of a product off. (Luaces V. Directv 1997 Miami) Simply put, Directv can and has turned off the paid for Television programming of consumers. Then, while holding the consumers programming hostage, demanded more money be paid to get the programming back. For those who used counter measures to stop that theft, Directv successfully sued them in Federal court asserting DRM rights. Laws have got to be in place to protect the consumer from DRM theft. In Luaces V Directv, 31 states attorney generals fined directv 11 million as settlement. The DRM holder’s right cannot extend first to that of theft and then have courts make awards to the DRM holder because consumers tried to prevent that same theft. Constitutional protections support one’s right to protect there property from theft of any kind. When a DRM holder decides to steal, courts have decided to ignore the constitutional protections to protect your property from theft.
“While, the [FTC] decision
“While, the [FTC] decision [against the Sony rootkit] was good in providing relief to consumers, it did not prevent other companies from deploying similarly harmful DRM on their products.” Setting aside PK’s view on consumer rights and fair use and focusing on true technological harms, what other DRM is their proof has been “similarly harmful?” (And I’m not talking about rumor and innuendo but real evidence of similar harm.) At least be fair in your analysis. The FTC decision in the Sony rootkit case DID set precedent for others and there have been no fiascos like that in 4 years. That’s why that was the only serious example of security breaches any of the panelists could point to during the meeting.
Quote: We need a system in
Quote: We need a system in place to punish those who “deploy harmful DRM” on consumer devices.
I think the key word here is “harm.” I have a sony DVD player which will not play several DVD’s. I have a Phillips DVD player which plays many DVD’s. Is Sony’s DVD player harmful? Yes, it did harm me because had they disclosed up front the limitations they imposed in it, I would not have purchased it and would have first purchased the Phillips player.
When the DRM holder deploys harmful DRM, they are taking away something from the product the consumer purchases. The article above speaks about having a system in place to punish those who use there DRM in such a way. In Luaces V. Directv, the suit stated that Directv had planned in advance that when they signed all these people up in the one year agreement, take the money up front, that come April 10th, they would take the movie package away in an attempt to get even mpore money.
As a victim of this myself, I have to say that having paid in advance for my movie channels, I felt very helpless when Directv made a choice using DRM to turn off the movie channels I had purchased. This was a deployment of DRM which harmed me. To further compound the matter, because there are no laws to protect from this, I had to agree not to use “any” device should they employ harmful DRM in the future.
Once I paid for the product, I owned access to that which I paid for. Then, when Directv deployed there DRM and blocked my access, it became a theft of programming belonging to me. But there DRM rights laws provided them the permission to carry out this theft. There DRM rights permitted them to now require me not to protect my programming should they do this again.
In the end, the DRM holder can take one’s money for goods or services with the intent to later use those DRM rights to take away what was paid for. (profit) Then should you attempt to interrupt the unlawful use of DRM to protect your purchase, they then can profit in a suit for your having taking measures to stop them. The next problem is that you cannot defend such suits because litigation costs so then you settle. (profit again) I have dubbed the process the civil recovery fraud, a fraud that the courts or justice system fails to recognize.
DRM is used every day in ways which are harmful. DRM should never be used to steal a product from it’s owner (consumer) and no one should have to sign away rights, liberties, to protect what they have purchased.