Terminally Incoherent

Let’s talk more about digital distribution. I don’t know why but I suddenly have a lot to say about these things. We already established that distributing data online can be profitable if you approach it the right way. We also know that so far very few industries have learned how to do it. Even book publishers who have a built in advantage (most modern e-book readers suck) are very uneasy about electronic distribution. No one can really figure out how to deal with this internet debacle. And I think part of the problem stems from the big dissonance between what customers desire, and what distributors are willing to provide.

It’s actually really easy to figure out what consumers want. As with any other product that is easy to find, high quality affordable, accessible and easy to consume. What does that mean? Let’s say that Joe Public wants to buy a song he heard on the radio. He should be able to find it in his favorite music store by searching by title, band or lyrics. He should be able to buy that song for an iTunes range price or lower (this stuff should be competitive) and download it immediately without jumping through any hoops. Just pay with paypal/credit card, and download.

The music should be accessible and easy to consume. This means that Joe should be able to click on the song and have it open in the music player of his choice. He should not need to use some bloated, proprietary player. He should not need to activate it, wait for it to fetch a license from the online store, or provide login or license number information. All Joe really wants is to take that song, play it on his computer, then put it on his ipod/iphone, his laptop, an his work computer. In this day and age it is not uncommon for people to own and use several different machines on a daily basis like that.

Is it really that much to ask? All we really want is a file that is in some standard format can be played on any device and any operating system without any major hassle, or need for internet access. But to music industry this is an outrageous. If I pitched this idea to the RIAA folks they would probably call me a raving lunatic who tries to ruin them and then phone for security and have me escorted out of the building.

Here is a pitch that would make them cream their pants on the spot:

First, music should only be sold via a single online store. It needs to be withdrawn from iTunes and all other online distributors. This will help increase the artificial scarcity of the song, and also add another revenue stream as the store will be able to serve advertising to the shoppers. Next, we remove all the search boxes from the online store. Instead we have a list of categories, and alphabetized list of performers. To find the song he wants, Joe Public will need to drill down 6 or 7 levels into that category tree generating page views for our banners, and popup advertising.

Then, before Joe can place the order and download his song we make him click through 10 to 20 special offers from “our affiliates”. Once the credit card payment is in, we make Joe install a custom downloader software that will fetch the song from our server for him. Naturally the software comes bundled with more special offers and addware. Once he installs the software, he will be able to download the song, which will be in proprietary format that can only be played by our custom music player (with more addware).

The song will naturally be tied to the hardware signature of Joes computer as soon as it is downloaded (long before he even tries to play it). To listen to it, Joe must use the cutom player, provide his login information, and the license code for the song that was sent to him in his email. The player will then call home and confirm the license and increment the play counter by one. Joes card will be charged some nominal sum for each play. It’s probably a good time to note that the custom player has no pause button or any way to fast forward or rewind the song. Ever time you play it, you get charged. The song will expire after 24 plays or 24 hours whichever comes first. After this time Joe will be able to re-purchase it for the full price.

Naturally, even the slowest, least progressive RIAA members realize that such an atrocious, anti-customer model would fail miserably. No one in their right mind would ever agree to a pay-for-play scheme - especially not when iTunes provides a much more user friendly and affordable, while still locked down service. This is why most studios hates iTunes with a passion - because they made digital distribution work without really squeezing the customers that much. Let’s face it, once you subtract bandwidth costs and maintenance of the online store, any profits on top of that are essentially free money.

So there is this huge gap between expectations on each side. Customers just want an affordable product they could use. Copyright holders want an unusable product which forces the customers to hand over large sums of money to them. It’s obvious that some sort of compromise must be worked out. If your digital distribution model is to restrictive or unfriendly, the customers will just happily continue pirating your content. If it is to lenient, you will probably get fired because your boss will not be able to sleep for months, thinking about the millions of dollars he probably lost because your scheme allowed someone to play the song on 3 computers instead of just one.

This is entirely silly since all you need to do to make profit is to capitalize on some of Kevin Kelly’s generatives. You can sell un-protected, un-encrypted mp3’s and still turn profit. Apple actually gets it and the reason why they are so successful is that they are really exploiting these things. First, they heavily rely on the brand. Their music store is closely associated with their flagship product - the iPod. Apple is a trustworthy brand with a carefully cultivated image. This is one intrinsic value that cannot be digitized and downloaded from a torrent site. People trust Apple more than they trust the “Pirate Bay” or other strangely named site like that. Second, the iTunes store really capitalizes on several of the generatives. It has an impressive searchable index, keeps track of your music and makes it accessible to you wherever. Naturally they also compromised and have that DRM of theirs which doesn’t really do anything other than annoy customers. But in the current climate it is necessary - no DRM, no content is the mantra of the entertainment industry.

Theoretically, if someone came along with a similarly sized catalog of content, but offered lower prices and no DRM they could blow iTunes out of the water. There are two problems though - iTunes is an entrenched brand, and it would be hard for a no-name service to compete, at least initially. They’d really have to provide a better service - and not just slightly - they would have to catch the eye of the public. The second problem is that without DRM they would have real trouble getting licenses for distributing content. They’d probably get enough content to be attractive to some, but not enough to threaten iTunes using their music catalog.

So we are really at an impasse. The copyright holders desperately try to shift the market towards a model that is more restrictive, and more prone to milking than iTunes. Customers just want something that works, and doesn’t cost an arm and a leg. Unless the copyright holder mindset doesn’t change, we will continue getting shafted with horrible deals, atrocious DRM and business models that just can’t work.

We will probably continue arguing over this for years to come, but I think customers will win in the end. It’s already slowly changing for the better as new DRM-less schemes are popping up now and again. People are starting to realize that customer lockdown is a dead end. It will get better, eventually…

I said it before, and I’ll say it again: downloading copyrighted content without author’s consent is not theft. It’s copyright infringement! It doesn’t make it any less illegal, but it is a very different crime. Please get it right, otherwise any discussion about copyright is impossible!

Claiming that infringing copyright can be equated to theft is essentially building up a straw man argument. After all, everyone knows that theft is a relatively serious crime and one that affects the victim in a very real way. Infringement is very different crime which really requires a different set of laws and a different mindset. If you try to convince people that file sharing is harmful while basing your argument on claiming it is “like theft” you are simply doing it wrong. You are simply building a straw man, and toppling it with impeccable logic but none of that applies to copyright. Unless we change the law to treat intellectual property the same way we treat physical property, your argument is flawed.

It is really simple to explain, but most people on the other side of the fence (pro copyright) just don’t get it. When you download copyrighted content you are simply violating someone else’s exclusive distribution right. There are many real world examples people use to illustrate how infringement works, but I like this one:

Imagine there is a big game in the local ball park. Bunch of local kids decide to watch the game by climbing a tree growing on public property right outside the fence. They get caught. Should they be charged for theft? Do you think their crime is equal to for example that of a pickpocket who swiped game tickets from an unsuspecting sports fan?

They were able to watch the game because the tree was there to provide them with a good viewing platform. If it wasn’t there, would all of them buy tickets? Could you with any degree of confidence estimate how much money each of them would spend on tickets, hot dogs and refreshments?

If you haven’t figured this analogy yet, let me break it down for you. The ball park is the official distribution channel for the multimedia content. The ballpark owner is RIAA, MPAA and etc. The sports team playing inside are the artists. The kids are “the pirates”, and the tree symbolizes the internet. Downloading movies and music is like climbing that tree and watching the game for free. It’s not right naturally. You ought to buy a ticket to watch the game - so it can be said that the owner didn’t earn any money on you. But it can’t be said he actually lost any money because no one can prove whether or not you would actually buy a ticket if the tree was not there.

Infringement has nothing to do with steeling. This is why the MPAA’s “You Wouldn’t Steal a Car” campaign is nothing more than muddying the waters. It’s propaganda - a calculated distraction. Entertainment industry does not want to discuss the real issue here because it is not in their best interest. What they want to do is to sow fear, uncertainty and doubt. And it’s not that they do not have an argument to begin with. The law is on their side. But we have to agree that infringement is much lesser crime than theft.

Then again, you have to wonder what good is a law that is virtually unenforceable. When I meet new people the topic of file sharing invariably comes up sooner or later. I have to say that I have yet to meet a person below 40 who can honestly say they never downloaded a song or a movie from the internet. It is simply unheard of. I’m counting both males and females of all races, creeds and education levels. In fact, many times I was honestly surprised to find out that a given person engages in this activity. No one respects the copyright law. Copying is as natural as breathing to us. This is what computers and internet were designed for.

And there is no way to stop it. Technological means to curb copying (DRM) don’t work. And statistically chances of getting caught are close to zero. Only a very small percentage of people will ever get sued by RIAA and MPAA.

Who what is the point of un-enforceable law that everyone breaks without even thinking about it? Protecting revenue streams of distributors might be a reason here, but there is something wrong with this picture. Let’s step back and think about it for a second.

I just said that I don’t know a single person below 40 who doesn’t do at least a little bit file sharing. This means that a huge chunk of population is involved here. And yet, I haven’t heard about a single movie or music studio closing it’s doors because of losses incurred due to “piracy”. Movies, music and software keeps getting made so the alleged losses cannot be that significant. Entertainment industry can talk all they want about “lost sales” and projections of lost revenue but most of us know these are just wild guesses that cannot be substantiated with any concrete data. There is just no evidence to support them.

If this was theft, we would see real very tangible evidence of loss. But we have no such evidence - just fuzzy, optimistic estimates. And this is the gist of the problem that the pro RIAA and pro MPAA advocates try to avoid discussing.

So please, next time you get into this discussion, get it right. Otherwise you are just regurgitating a flawed argument that has no basis in reality.

Have you noticed that while book scans are as abundant on file sharing networks as other media, people in publishing industry are not really crying that much about piracy? Ok, I take that back - they do cry about it, but only when we bring up the subject of E-books or book scanning projects (like Google Books for example). Then they get as silly as movie and music distributors. I’m not sure why though.

At the moment the Book publishing industry is in the comfy area where their product is “tastiest” in it’s papery, physical analog form. Frankly speaking, e-books suck. There are many reasons for this - and only some are technology related.

For example, what is the best e-book file format out there? It seems that everyone has their own proprietary one tied to a single platform with some custom DRM attached to it. Some people distribute things in PDF format but they usually don’t bother to format the text for screen reading. Most PDF’s are designed for printing, and thus use letter sized pages which force you to scroll up and down. Personally I’m partial towards the Microsoft LIT format used by the Microsoft Reader. The format is designed for screen reading (no scrolling or zooming necessary), has built in bookmarks, highlighting and notes features. It re-pages your book based on screen size, so it still looks good on a PDA. And the files are relatively small. But the format is proprietary and only supported by Microsoft which means you wouldn’t be able to use it on your iPhone or a non-windows based reader.

Second problem is that no one really knows how to use e-books which is more of a behavioral issue. When do people usually read? In most cases it’s not when they are sitting at their computer desk. They read in their bed, in a bathtub, on the toilet, on a train/bus, on the beach, in the park, on their lunch break in the cafeteria and etc.. And it so happens that these places are actually less than perfect environments for a laptop or an electronic reader. Who is going to take their $400 Kindle or a $200 PDA into bathtub with them? Or on the beach? Until we get a reader that is very robust, very portable and very cheap, the paper books will be immensely more practical.

Besides, ask any bibliophile what he thinks about e-books and he will start waxing poetic about the sublime textile experience of actually holding a book. People enjoy silly things like the feel and smell of the book - the way you crack open a brand new volume, or the way the very old book bears marks left by previous owners. Without knowing it publishers have been capitalizing on one of Kevin Kelly’s 8 generatives: the embodiment factor.

Scanned books are abundant on file sharing networks, but despite that fact people keep buying paper versions because they are just better, more practical and nicer to handle. Personally I have several scanned in books in pDF format sitting on my hard drive - most of them are old RPG rulebooks that are long out of print now. I hardly read any of them because the are just so impractical. I also have bunch of novels downloaded from bunch of places on the internet. I don’t think I have read any of them in the digital format though. I had bunch of stuff by Cory Doctorow but I ended up buying most of it mostly because I wanted to support the guy (patronage is btw, another one of the 8 generatives). I had Card’s Ender’s Game and Starship Troopers by Heinlen in LIT format on my PDA back in the day, but at one point I just gave up and went and bought the books. Reading from my crappy DELL Axim was not a great experience.

A paper book (be it hardcover or paperback) simply provides the average customer with more value than an e-book. This is just how it is for now. This is precisely how you make money in the digital era - you provide your customer with tangible added value on top of the easily digitized data. E-books may be easy to copy, but they are not a real threat to the publishing industry, and they won’t be one for quite some time yet.

The old hacker motto used to be “information wants to be free”. This was the driving philosophy of the 80’s and the 90’s when the Internet was going through it’s awkward onset of puberty, and turbulent teenage years. We currently live at a peculiar junction in history where information is truly free. And it’s all thanks to advances in communication technology, ubiquitous broadband access and ever growing transfer speeds. Information is no longer scarce - it is a commodity much like water, or electricity. It’s obviously not worthless, but it’s relatively cheap in the grand scheme of things and it’s plentiful. For a modest monthly fee you have unlimited access to all the water and electricity you want.

In the very same way for a flat monthly fee you get unlimited access to the Internet which contains most of the information you will ever need. Every song, every movie, every book or piece of software ever made is out there for the taking. All you need is a torrent client and a little patience. Sure it’s not entirely legal but the odds of getting caught are incredibly small - not much bigger than the odds of winning the lottery. And there is just nothing that can be done about it right now. Neither the lawsuits and aggressive take downs of p2p networks nor the copy protection and ever more restrictive DRM have put any dent in the overall p2p traffic. Anything that is in digital format can be copied - no exceptions. Anything that can be copied will end up on the internet. Anything that is not in digital format, but can be digitized, will also end up on the internet. For free. And unless we completely change the fundamental rules of electronic communication this trend will only escalate.

Naturally the cost to produce these digital goods (movies, songs and software) is nonzero. It is actually quite expensive make them - both in terms of investment capital, and labor. But thanks to internet, their effective market price approaches zero. You either sell yourself cheep, and loose money or sell high, and put up really tough competition from p2p. This competitor is different though - he cannot be thwarted, legislated away, sued into oblivion or absorbed via hostile takeover. You are competing with the basic human nature. There is nothing - and I repeat, NOTHING that can be done against this. Unless of course you can figure out a way to turn back the clocks, and cripple the internet to where it reverts to it’s slow and non-threatening form you remember from the 80’s. For better of for worse, you are stuck with broadband internet as the most efficient distribution system, and the fiercest competitor you will ever encounter.

How do you compete with free? Obviously you can’t cut the price, unless of course you are willing to pay your customers to use your product. The only thing you can really do is to add value to your product. Believe it or not, but people are always willing to pay for a superior quality. Think about this next time you are shopping for a new cell phone. You provider probably offers a fully functional free phone with the service, but a lot of people opt for the sleek looking $200-$300 alternative which has extra features, bells and whistles. You have to do the same - you have to add bells and whistles to your product - and once you do, people will eagerly hand over their money to you, even if a free version is available.

The only problem here is that you can’t add value to information by combining it with more information. Adding bonus tracks, or blooper reel to your album or dvd doesn’t do anything because these things will end up on the internet as well. You need to add something that cannot be easily digitized and sent over a wire.

Kevin Kelly in his excellent article Better than Free identifies 8 value adding features you can use to make your digital product more desirable to customers. I highly recommend reading his piece in it’s entirety but if you are to lazy here are the 8 things he proposes:

1. Immediacy - ie. the ability to ship the product to the customer before 0-day crack comes out
2. Personalization - tailoring your product to customers specific needs
3. Interpretation - lifetime support, warranty, 24 hour helpline, etc..
4. Authenticity - genuine article is bound to have highest bit rate, sharpest picture and no embedded trojans
5. Accessibility - pay once, download from anywhere and in any format
6. Embodiment - no mp3 can beat a live concert, and no ebook is as nice as a beautifully bound hard cover edition
7. Patronage - fans usually buy original cd because they want to support their favorite musician - not because they can’t find the mp3’s of the songs it contains
8. Findability - iTunes are more user friendly than bittorrent - even with the DRM - you can capitalize on that sort of thing

So there you have it. Kevin goes into much more detail there, but I don’t want to steal his thunder. Read the article and see if you agree. All you need to do to make money on the seemingly free data, is to implement one or two things from this list above. And most digital content producers are already halfway there. They are just to set in their old ways to develop their strengths and capitalize on them. They still think it terms of distribution and scarcity. But this is a dead end.

Internet is the most efficient distribution channel you can imagine. You can’t get your data faster to your customer than over a high bandwidth fios connection. And if you try to use a slower channel or introduce artificial scarcity, into the equation to drive the price up the consumers will simply pick the free (illegal) alternative. If you concentrate on adding value in one of the 8 ways listed above however you can easily rise prices without scaring away or alienating the customer.

The funny thing however is that information is not the only thing that is becoming a free ubiquitous commodity. Even the physical products that were once scarce are heading that was as the technology improves and the prices fall due to normal market mechanics. Just go and read Kevin’s Technology Wants to be Free essay. I don’t think I can explain this concept any better than he does. But he is right - and his vision of future is certainly bright for us as consumers.

I realized something today - we are in the wrong industry guys! We should all be writing DRM software! I mean, at least in theory. I would never do it because I find the idea of DRM morally reprehensible and intrinsically flawed. In fact, I think most self respecting programmers think the same way and stay away from that sector of the market. But it must be a fucking cash cow!

Ok, you don’t see it yet. Let me explain. Imagine doing highly abstract cryptography for people who are so technologically inept that they can’t even spell the word cryptography. Imagine working on products that no one actually expects to work. Let’s face it, even the big fat movie studio executive that just paid few mill to some shifty software company is expecting their DRM to actually prevent the final product from hitting usenet and torrent boards. And best yet - you don’t even have to do much quality assurance because your client doesn’t really give a fuck how this software will affect the machines of their clients. Even if you fuck up, and write something that actually can damage end-users optical drives (hi there Starforce!) you still get paid. It’s your client, not you will need to deal with the customer support, the bad PR, refunds and etc.. Hell, maybe they will even hire you back to write another DRM scheme for them.

What was the last big DRM thing? BioShock? Yes, it’s old news but I don’t recall anything more recent - I haven’t been paying much attention. That one however generated so much buzz it actually registered on my radar (few things do these days). Personally I haven’t used it, but I hear that the game has not only a built in rootkit, but also multi-step online activation process, and that it calls home all the time. In fact I hear that most people who bought it just downloaded a crack to get rid of that garbage.

If you were to slow, I will repeat it for you slowly:

In fact I hear that most people who bought it just downloaded a crack to get rid of that garbage.

Yes, DRM is such a pain that legit customers are cracking their own legally purchased copies (invariably breaking the DMCA) because the copy protection is such a pain. Can you see the irony here? The copy protection which was supposed to maintain the integrity of the package and prevent this sort of thing from happening is being easily removed by a widely available patch that appeared a week after the release of the game.

I guess we can’t forget about ACS and they lovely t-shirt I bought that has their super-sekrit encryption key printed on it. DRM is really a joke - and not particularly funny one at that.

Remember Bob, Alice and Eve from your cryptography lessons? Bob and Alice always try to communicate, while Eve is listening. Most cryptographic problems involve securely passing information between Bob and Alice while protecting it from Eve. DRM poses a peculiar problem because it does not follow this model. When you work with DRM you want to send messages between Bob and Alice while protecting them from… Alice. After all, Alice can’t be trusted as she might share them with Eve. You can probably see why serious security researchers don’t actually bother working on one of these problems - it’s stupid, and unsolvable. If Alice can read and comprehend the message, she can pass it to Eve. Period. Entertainment industry calls this “The Analog Hole” while the rest of us refers to it as “The Reality”. The problem with this supposed hole is that it can’t be closed with software. That’s just how it works - you have to use hardware. Can you see where this is going?

Nah, you don’t see it. I didn’t see it at first either so let me tell you. Who do you blame when your DRM gets cracked? Anyone? Anyone? The hardware vendor of course. You thought I’m gonna say “the previous developer” but no - that’s who you blame at a real software shop. At a DRM shop you blame the hardware vendor for dropping the ball, and not making their shit impeccable, and impervious to everything including a voltmeter and a soldering iron attack. At some point the data must be analog, unless they figure out a way to directly stream content into a wetware DRM chip implanted into your head. So really, this is all a matter of where do you patch into the electronic system to recover the data.

Hardware folks know it, but they must play ball or they will be locked out of the content. What good is a next-gen DVD player if it can’t play any of the next-gen DVD’s? So you end up with a system that has two broken components: software that doesn’t work, and hardware that is intentionally slow, complex and expensive which doesn’t work either.

Since plugging the analog hole is an engineering task on par with building perpetum mobile, hardware people will always struggle with implementation. If you are behind the schedule, give the hardware folks a half assed incomplete spec to work from and then change it 3 or 4 times. Oh, and remember to revert to a previous spec at least once in that process to get them totally confused. Then you can blame them on delays. If the client asks why the spec is so shitty, or why you change it so often tell them details leaked out on the internet and you have to do this to keep implementation details secret. Sigh… I wish we all could play this game, but out in the real world developers are actually expected to deliver software which works, is on schedule and doesn’t mess up your system. Only DRM makers can churn out some piece of garbage that doesn’t really do anything beyond making your machine unstable, and still get paid.

But let’s get back to Bob and Alice again. There is a second part to this equation that few people talk about. Bob actually doesn’t send the message himself. He dictates the message to Eve who then encrypts it and hand delivers it to Alice. Confused? Think about it - I’m talking about the human element. How do you get a zero day scene release?

Ok, there is more than one way - I’ll grant you that. But more often than not you get a zero-day by having a supplier close to the source. Usually there are thousands of people involved a movie production, post production, publishing and distribution. They all have internet access and most of them probably have been known to download stuff without paying for it. Any one who touches the source can leak it and tracing such a leak is extremely difficult because copying digital data usually leaves no evidence. The only way you can work is backwards - if you nab the uploader you may or may not be able to work your way back to the supplier.

This is what I mean by Eve encrypting and delivering the message to Alice. Most movies get leaked onto the interwebs long before they get the DRM treatment. So you are really building software to protect something that is already available out there.

Let’s summarize:

1. you build cryptography software for a client that doesn’t understand cryptography
2. you are working on a problem that is known to be unsolvable
3. your client does not expect your software to actually work
4. stability of end-user’s machine is not an issue
5. compatibility with hardware/software on end-users’s machine is not an issue
6. ethics are not an issue - your client doesn’t care if you use a rootkit or a trojan
7. support is mostly not an issue - at most you might just need to provide an un-installer for the rootkit
8. if all else fails you can blame the hardware vendor for delays

All you are really expected to do is to cripple user experience to the point where they will just go and download illegal copy. So you make a shitty piece of software cobbled together any which way, make it do some hard-core math to facilitate your half-assed encryption, then charge the gullible but unreasonably wealthy client an arm and a leg and move on to the next victim. Pure profit.

Naturally, I bet the DRM industry does have some honest, hard working people who take pride in their work. They will probably come here and yell at me for talking shit. I’m not knocking you guys - I admit, cryptography is a fascinating subject. I’m sure that the software you build uses very cool ideas, and is actually very effective. I’m really happy that you get to work on those hard and challenging issues - I really am. In fact, I will think about all the hard work you did next time I’m watching (or playing) a pirate copy of the movie (or a game) that your software was supposed to protect.