On DRM and Watermarking

by M. David Peterson

PLEASE: Before anyone and/or everyone gets bent out of shape in regards to the reported news that Apple is placing unencrypted watermarks in the form of your name and email address inside of the DRM-free tracks, please remember how big of a battle we all just won...

Apple criticized for embedding names, e-mails in songs | Tech News on ZDNet

"Watermarking does not treat the consumer like a criminal," Goodman said. "DRM is also restrictive, telling you how many times you can play a song or which device it can be played on. Watermarking works on the assumption that a consumer is innocent but provides the industry an opportunity to catch someone that breaks the law."


... and then let it be. EMI is only the first of the majors to go DRM free. Let's not scare the others away by taking things to the extreme.

Thanks in advance for your considerations!

13 Comments

Steve R.
2007-06-02 06:22:47
Agree. Selling non-DRM music is trusting the customer to 'do right' with purchased files. It is hardly unreasonable that they would mark the merchandise to look for unauthorized use. I purchase online .PDF manuals, unencrypted, from vendors frequently - those *all* have my name watermarked on them, to prevent redistribution. This does not in any way impair the value of the information. Neither does the user data recorded by most applications installed on home computers. I submit that restricting redistribution via passive watermarking is absolutely reasonable - you are buying the file and the right to use it as you see fit. Nothing in this policy interferes with full and fair use. I have been and will continue to support Apples' policy with my wallet.
M. David Peterson
2007-06-02 07:32:20
@Steve,


Absolutely 100% agree! The "war" on DRM is about giving consumers back both the rights and respect they deserve -- as *paying* customers. It has nothing to do with making the illegal transfer of media files from one person to the next both legal and/or encouraged.


That said, I do understand the concerns associated with why they chose to use clear text meta-data instead of encrypted meta-data, but I can also understand that encrypting the meta-data would have set off alarm bells with questions of "What is Apple trying to hide?". It seems to me that leaving things in clear text provides the ability for Apple to show exactly what it is they have embedded into the tracks meta-data, and then leaves the door open for them to answer calls to encrypt that data at a later date using an update to iTunes (if its not already built in to the latest 7.2 release.) No veil of secrecy. Everyone wins.


Of course, I could be completely off base in regards to why they chose to leave the info unencrypted, but it seems logical enough to suggest it as a possibility. And even if the information is left unencrypted, the only valid argument I have heard so far is from the same article referenced above: If an iPod or *other device* that contains one of these tracks gets stolen, that information could be extracted. But at the same article points out, this info isn't exactly your credit card number, social security number, phone number, and/or home address. And to be honest, if people really want to gain access to your name and email address, there are a lot easier ways to obtain it than stealing mobile devices and extracting the meta-data. ;-)


Thanks for your input, Steve!

Steve R.
2007-06-02 10:28:28
@Peter follow on:


I believe they left it clear-text because 1. You can't encrypt something like that well enough to keep someone on /. from figuring out what you put there, especially since they'd be able to guess the content pretty easily ("Hmmm... what would Apple put in MY file?...") and 2. after #1 was complete, they would be pilloried by the community they court. I would be annoyed if they encrypted the information, and I agree with the policy.


In short - they have learned the lesson so many other organizations don't get - security through obscurity is a horrible model.


Thanks for the blog, BTW. I enjoy reading it.

M. David Peterson
2007-06-02 12:41:01
@Steve,


That makes a ton of sense, and I completely agree.


Thanks for the follow-up, and in particular for reading my blog! I enjoying writing it, so it's gravy when I discover those who enjoy reading it :)

Brianary
2007-06-02 16:54:40
"Bookplates" over DRM is any easy choice.
Brianary
2007-06-02 17:00:56
s/we all just one/we all just won/
M. David Peterson
2007-06-02 18:32:26
@Brianary,


> "Bookplates" over DRM is any easy choice.


Yup! :)


> s/we all just one/we all just won/


Doh! Nice catch :) Thanks, and Fixed.

Steve R.
2007-06-03 07:49:49
@Brianary


Your repurposing of 'Bookplates' is very clever - 'hey, what can we call something required that people *may* not like, to make it sound like something desirable...'


If you aren't in marketing, you should be - no offense intended. :)


SR

M. David Peterson
2007-06-03 08:41:34
@Steve,


That Brianary, I tell ya... I've been aware of his master marketing skills for quite some time now. ;-)


Actually, truth-be-told, Brianary is one of those folks who always forces me to think, re-think, and then re-re-think my points of view, as his arguments tend to provide an interesting outlook/perspective that in many ways would have never even occurred to me. Of course, this is true about a lot of folks, but Brianary definitely has a way with pushing the envelope of "huh, I hadn't thought of it like that before."

Tom
2007-06-06 05:45:23
Watermark doesn't affect the legal downloaded at all unless he distributes it. Think of it as callerID. Personally, I don't care about the watermark. I get my stuff of CDs I buy. If I do download from iTunes, the only place those files will be is on my computer(s) or my iPod. So what do I care about a watermark?


I also have TiVos. I regularly download shows to my PC(s) and burn them to DVD. I'm *sure* they have my TiVo MAK embedded in the stream, watermarking it. Again, what do I care? I'm not distributing.

rmeister0
2007-06-06 09:12:20
The only danger with the watermarking would be in a scenario like this: rmeister0's laptop is stolen. Thief finds unprotected aac files. Thief uploads files to a file sharing network. RIAA agents find uploaded files. RIAA calls lawyers who slap a lawsuit on rmeister0 for distributing copyrighted material. How does rmeister0 prove he didn't do it, and even if he can prove he didn't do it, can he prove it before the lawsuit bankrupts him?


Data gets stolen. You can make it hard, but you can't prevent it entirely. Copyright infringement needs to remain a civil rather than a criminal matter, and the penalties for infringement need to be comensurate with the actual scope of the crime. Should stealing $15 worth of a CDs music really incurr a fine of hundreds or thousands of dollars?

M. David Peterson
2007-06-06 10:19:27
@Tom,


Nicely stated! Completely agree :)

M. David Peterson
2007-06-06 10:42:12
@rmeister0,


The only danger with the watermarking would be in a scenario like this: rmeister0's laptop is stolen. Thief finds unprotected aac files. Thief uploads files to a file sharing network. RIAA agents find uploaded files. RIAA calls lawyers who slap a lawsuit on rmeister0 for distributing copyrighted material. How does rmeister0 prove he didn't do it, and even if he can prove he didn't do it, can he prove it before the lawsuit bankrupts him?


A filed police report dated within a reasonable amount of time from the date the laptop was stolen ensures you have proper defense, and therefore protection. It's also extremely easy to showcase the fact that the location the files were uploaded from is different than where you normally access the internet. Of course, all of this is a pain-in-the-a$$, but there is something you are not accounting for,



Data gets stolen. You can make it hard, but you can't prevent it entirely. Copyright infringement needs to remain a civil rather than a criminal matter, and the penalties for infringement need to be comensurate with the actual scope of the crime. Should stealing $15 worth of a CDs music really incurr a fine of hundreds or thousands of dollars?


At present time the RIAA doesn't even need to prove you are the person they claim you to be when they take a screenshot of Peer2Peer software that contains any given login name and the files they claim infringe on their copyrights. This is a problem with the legal system, not with the practice of watermarking files. They _don't need_ the files themselves, and they don't even need to prove that you are "<fill_in_screen_name>" to slap with you a law suit. At this stage of the game it is *YOUR* problem to prove either a) you are not this person, or b) those file names represent something other than what their title suggests them to be. Of course, the cost to prove this goes *WELL* beyond the ~$4k "settlement" that the RIAA is "willing" to offer you, and the fact that it's possible you could be held liable for 100's of 1000's to millions if for some reason you lose your fight means that people are settling left, right, and center. Even those who _don't even own computers_ are settling because they are advised by their legal council that the cost to fight it is well above and beyond the cost of settling.


In short: The problem *IS NOT* watermarking. In fact, the problem isn't even with the labels themselves. The problem is the legal system, and the RIAA.