[E-Lang] OpenCola's digital rights management

[hal@finney.org]

I've been reading the material on OpenCola's web site after the recent
announcements here.  Seems like they have some interesting ideas, but
I have questions about their digital rights management plans, described
at http://www.opencola.com/colalounge/polemics/pleasing.html.

   When a copyright-holder chooses to place a piece of media on the
   network, he encapsulates an enforceable licensing scheme with that
   media. Licenses specify how much of the media is viewable, under
   what circumstances, and for how long. For example, "Allow 30 second
   previews of this MP3 unless $0.50 is paid, in which case, allow this
   MP3 to be played without restriction on this device."

This sounded OK until the last three words, "on this device".  It's
hard to see how that can be enforced.  The document describes their
enforcement mechanism:

   When a user pays for a license to use a piece of media, he is issued an
   electronic "deed" to that media, a proof-of-payment that establishes
   a legitimate claim to use of that media. These deeds are issued by
   software on the copyright-holder's machine or by a trusted third
   party, and are auditable through automatic processes.

Probably the deed would be machine- or user-specific.

   Auditing of deeds is an automatic process, one that is undertaken by
   "audit-bots" spawned by the copyright-holder or their proxy. Such
   audit-bots crawl the network looking for media, then checking the
   deed for legitimate title. Users with unlicensed media are informed of
   their violation by the bots, and are given a set time to put their
   affairs in order.

Similar in spirit to what Metallica did to Napster users.

   For persistent violators, OpenCola provides a powerful, coercive tool
   to enforce compliance without resorting to expensive and
   time-consuming legal action: ostracization.

Perhaps "persuasive" would be better than "coercive"...

   Since every neighborhood on the network is auditable -- that is, one
   can determine which robots are neighbors -- audit-bots can build
   and maintain blacklists of rogue neighborhoods, sub-networks where
   some or all of the content was contributed by users who possess
   media for which they hold no deeds. Copyright holders can subscribe
   to the blacklist and refuse to do business with any user who fails to
   do the same. In other words, OpenCola can build a complete and
   exhaustive list of all pirate users on the network, and refuse to do
   business with them or their friends.

Here is where they lose me.  How can the audit bot tell, in an trustworthy
way, whether a given user subscribes to the blacklist?  Couldn't the
user lie and claim to honor the blacklist of pirates when the audit
bot comes checking, then as soon as it leaves he goes back and starts
communicating with them again?

They're trying to divide the world into legal and illegal halves, and
to set up a dividing line between the two so that from one side you can't
access any information on the other side.

   What this means is that users make conscious decisions to opt out of
   pirate networks, or they are locked out of legitimate networks. A user
   who has truck with blacklisted peers is denied access to *any*
   legitimate media, even if that media is free, such as a Web page.
   OpenCola prevents piracy by marginalizing pirates, reducing their
   quality of service and forcing them onto the fringes of the network.

This further emphasizes the absolute nature of the boundary they are
hoping to establish.  They go on to discuss flaws in conventional DRM
approaches, which analysis also doesn't seem quite right to me:

   This is a radical departure from Digital Rights Management (DRM) as
   it is practiced today. Current DRM relies on cryptographic measures to
   keep media secure, so that a piece of media is only rendered
   viewable if a code-key is supplied by the media's owner. Such
   measures are necessarily perishable: as computational power doubles
   and redoubles, yesterday's "unbreakable" encryption is today's open
   book. The young DRM industry is littered with the corpses of failed
   encryption schemes, most recently the copy-protection on DVD was
   cracked by a teenager in an afternoon, and Microsoft's Media Player
   encoding was cracked even before the final release of the product
   was available.

The increase in computing power has little bearing on the fact that
the encryption in recent DRM schemes has been broken.  Rather, this
has been due to technical flaws, or even due to conceptual errors in
the DRM scheme that just make it fundamentally unworkable (as when you
put DVD keys into software players such that if any one key leaks your
whole scheme is broken).  But it seems that the OpenCola DRM has similar
conceptual problems, that what they are trying to do is just fundamentally
impossible.  Dividing the world between white hats and black hats isn't
going to work, because they can't stop people fraternizing with the enemy.

   OpenCola sidesteps such fallible schemes entirely, decoupling
   possession from ownership: you may possess a piece of media
   without owning it, but if you're caught, that's the last piece of media
   that the network will ever offer to you.

A draconian punishment if it were actually enforceable, but I don't see
how it could be.

Will their associate with Mark Miller and their plans to move to a
capability based system make them rethink their approach to DRM?

Hal