Everybody knows that the digital locks of DRM on the digital media you own is a big problem. If you’ve bought a digital book, album, or movie, you should be able to do what you want with it—whether that’s enjoying it wherever you want to, or making it more accessible by changing the font size or adding subtitles, or loaning or giving it to a friend when you’re done. We intuitively recognize that digital media should be more flexible than its analog forebears, not less, and that DRM shouldn’t take away rights that copyright was never intended to restrict.
But while it may not be as intuitive yet, DRM on digital media that you don’t own is also a major threat. Whether it’s books from the public library, streaming songs from Spotify, or TV shows from Netflix, wrapping media in DRM software—especially when it brings with it a cloud of legal uncertainty—is not just a bad way to enforce license contracts; it’s also a danger to our rights and our security.
That’s because DRM in any form requires us to give up control over our own devices to the companies distributing the media. That proposition ranges from unpalatable on a gaming console, to repulsive on laptops and phones loaded with sensors and personal info, to truly alarming when those computers are embedded in machines we trust with our safety.
These aren’t speculative possibilities, either; in the most recent round of rulemaking on DRM-enforcement laws, EFF requested (and was granted) an exemption for security research on the computers in cars. Just last month we filed a complaint with the FDA about DRM restrictions in medical devices. The threat of a DRM “lockdown” of our critical devices, forcing us to give up ownership of our technology in the misguided pursuit of limiting copies or enforcing contractual limitations, is very real, and only getting more so.
Those problems are fundamental to DRM and the legal and technical structures that support it. They are just as pronounced when the DRM is designed to enforce unacceptable limitations on ownership as when they hew closely to agreed-upon restrictions. Even if we never encounter the device that won’t play our music or the video game that stops working when the DRM servers shut down, we still give up something crucially important when we allow media to come wrapped in unaccountable software.
What’s more, DRM on these sorts of licensed media doesn’t work and isn’t needed. It’s easy to see how it doesn’t work: every bit of media that is “exclusive” to DRM-encumbered formats shows up, every single time, unlocked on file-sharing networks and torrent sites. More than a decade ago this was dubbed the “smart cow problem”—as soon as one smart cow figures out how to open even the most complicated latch, it doesn’t matter how high the fence is.
The fact that such exclusive content keeps getting made is a pretty good indicator that the DRM it comes wrapped in isn’t necessary. But it’s even clearer when looking at the success of people who’ve chosen to address “piracy as a service problem.” For years, businesses and creators across the Web have shown it is perfectly possible to compete with free, and consumers have shown that they’re willing to pay a premium for reliable and timely access.
It would take some major industry shifts to move the Netflixes, Spotifys, and Amazons of the world away from wrapping the media they distribute in DRM that hurts their consumers. For one thing, a locked-in DRM ecosystem makes it harder for new competitors to emerge, which might tend to dampen their motivation. For another, many of the publishers, labels, and studios likely require DRM in their contracts.
But it’s not impossible. The shift in downloadable music from proprietary and locked formats to mp3s that play anywhere shows a good path forward. And with the stakes this high, it’s a change we need to make.
This post marks the 10th anniversary of International Day Against DRM, an effort EFF proudly supports.