[E-Lang] OpenCola's digital rights management
Wed, 24 Jan 2001 17:53:29 -0800
I've been reading the material on OpenCola's web site after the recent
announcements here. Seems like they have some interesting ideas, but
I have questions about their digital rights management plans, described
When a copyright-holder chooses to place a piece of media on the
network, he encapsulates an enforceable licensing scheme with that
media. Licenses specify how much of the media is viewable, under
what circumstances, and for how long. For example, "Allow 30 second
previews of this MP3 unless $0.50 is paid, in which case, allow this
MP3 to be played without restriction on this device."
This sounded OK until the last three words, "on this device". It's
hard to see how that can be enforced. The document describes their
When a user pays for a license to use a piece of media, he is issued an
electronic "deed" to that media, a proof-of-payment that establishes
a legitimate claim to use of that media. These deeds are issued by
software on the copyright-holder's machine or by a trusted third
party, and are auditable through automatic processes.
Probably the deed would be machine- or user-specific.
Auditing of deeds is an automatic process, one that is undertaken by
"audit-bots" spawned by the copyright-holder or their proxy. Such
audit-bots crawl the network looking for media, then checking the
deed for legitimate title. Users with unlicensed media are informed of
their violation by the bots, and are given a set time to put their
affairs in order.
Similar in spirit to what Metallica did to Napster users.
For persistent violators, OpenCola provides a powerful, coercive tool
to enforce compliance without resorting to expensive and
time-consuming legal action: ostracization.
Perhaps "persuasive" would be better than "coercive"...
Since every neighborhood on the network is auditable -- that is, one
can determine which robots are neighbors -- audit-bots can build
and maintain blacklists of rogue neighborhoods, sub-networks where
some or all of the content was contributed by users who possess
media for which they hold no deeds. Copyright holders can subscribe
to the blacklist and refuse to do business with any user who fails to
do the same. In other words, OpenCola can build a complete and
exhaustive list of all pirate users on the network, and refuse to do
business with them or their friends.
Here is where they lose me. How can the audit bot tell, in an trustworthy
way, whether a given user subscribes to the blacklist? Couldn't the
user lie and claim to honor the blacklist of pirates when the audit
bot comes checking, then as soon as it leaves he goes back and starts
communicating with them again?
They're trying to divide the world into legal and illegal halves, and
to set up a dividing line between the two so that from one side you can't
access any information on the other side.
What this means is that users make conscious decisions to opt out of
pirate networks, or they are locked out of legitimate networks. A user
who has truck with blacklisted peers is denied access to *any*
legitimate media, even if that media is free, such as a Web page.
OpenCola prevents piracy by marginalizing pirates, reducing their
quality of service and forcing them onto the fringes of the network.
This further emphasizes the absolute nature of the boundary they are
hoping to establish. They go on to discuss flaws in conventional DRM
approaches, which analysis also doesn't seem quite right to me:
This is a radical departure from Digital Rights Management (DRM) as
it is practiced today. Current DRM relies on cryptographic measures to
keep media secure, so that a piece of media is only rendered
viewable if a code-key is supplied by the media's owner. Such
measures are necessarily perishable: as computational power doubles
and redoubles, yesterday's "unbreakable" encryption is today's open
book. The young DRM industry is littered with the corpses of failed
encryption schemes, most recently the copy-protection on DVD was
cracked by a teenager in an afternoon, and Microsoft's Media Player
encoding was cracked even before the final release of the product
The increase in computing power has little bearing on the fact that
the encryption in recent DRM schemes has been broken. Rather, this
has been due to technical flaws, or even due to conceptual errors in
the DRM scheme that just make it fundamentally unworkable (as when you
put DVD keys into software players such that if any one key leaks your
whole scheme is broken). But it seems that the OpenCola DRM has similar
conceptual problems, that what they are trying to do is just fundamentally
impossible. Dividing the world between white hats and black hats isn't
going to work, because they can't stop people fraternizing with the enemy.
OpenCola sidesteps such fallible schemes entirely, decoupling
possession from ownership: you may possess a piece of media
without owning it, but if you're caught, that's the last piece of media
that the network will ever offer to you.
A draconian punishment if it were actually enforceable, but I don't see
how it could be.
Will their associate with Mark Miller and their plans to move to a
capability based system make them rethink their approach to DRM?