DRM will not be legislated

Wed Jul 17 16:26:09 PDT 2002

David Wagner wrote:
> You argue that it would be irrational for content companies to push to
> have DRM mandated.  This is something we could debate at length, but we
> don't need to: rational or not, we already have evidence that content
> companies have pushed, and *are* pushing, for some kind of mandated DRM.
>
> The Hollings bill was interesting not for its success or failure, but
> for what it reveals the content companies' agenda.  It seems plausible
> that its supporters will be back next year with a "compromise" bill --
> plausible enough that we'd better be prepared for such a circumstance.

The CBDTPA, available in text form at
http://www.politechbot.com/docs/cbdtpa/hollings.s2048.032102.html,
does not explicitly call for legislating DRM.  In fact the bill is not
very clear about what exactly it does require.  Generally it calls for
standards that satisfy subsections (d) and (e) of section 3.  But (d) is
just a list of generic good features: "(A) reliable; (B) renewable; (C)
resistant to attack; (D) readily implemented; (E) modular; (F) applicable
in multiple technology platforms; (G) extensible; (H) upgradable; (I)
not cost prohibitive; and (2) any software portion of such standards is
based on open source code."

There's nothing in there about DRM or the analog hole specifically.
In fact the only phrase in this list which would not be applicable to any
generic software project is "resistant to attack".  And (e) (misprinted
as (c) in the document) is a consumer protection provision, calling
for support of fair use and home taping of over the air broadcasts.
Neither (d) nor (e) describes what exactly the CBDTPA is supposed to do.

To understand what the technical standards are supposed to protect we
have to look at section 2 of the bill, "Findings", which lays out the
piracy problem as Hollings sees it and calls for government regulation
and mandates for solutions.  But even here, the wording is ambiguous
and does not clearly call for mandating DRM.

The structure of this section consists of a list of statements, followed
by the phrase, "A solution to this problem is technologically feasible
but will require government action, including a mandate to ensure its
swift and ubiquitous adoption."  This phrase appears at points 12,
15 and 19.

The points leading up to #12 refer to the problems of over the air
broadcasts being unencrypted, in contrast with pay cable and satellite
systems.  The points leading up to #15 talk about closing the analog hole.
And the points leading up to #19 discuss file sharing and piracy.

DRM is mentioned in point 5, in terms of it not working well, then
the concept is discussed again in points 20-23, which are the last.
None of these comments are followed by the magic phrase about requiring
a government mandate.

So if you look closely at how these points are laid out, and which ones
get the call for government action, it appears that the main concerns
which the CBDTPA is intended to address are (1) over the air broadcasts
(via the BPDG standard); (2) closing the analog hole (via HDCP and
similar); and (3) piracy via file sharing and P2P systems, which the
media companies would undoubtedly like to see shut down but where they
are unlikely to succeed.  Although DRM is mentioned, there is no clear
call to mandate support for DRM technology, particularly anything similar
to Palladium or the TCPA, which is what we have been discussing.

As pointed out earlier, this is logical, as legislating the TCPA would
be both massively infeasible and also ultimately unhelpful to the goals
of the content companies.  They know they won't be able to use TCPA to
shut down file sharing.  The only way they could approach it using such
a tool would be to have a law requiring a government stamp of approval
on every piece of software that runs.  Surely it will be clear to all
reasonable men what a a non-starter that idea is.