Who holds your keys?
DRM makes a mash of security and privacy.
Put your books, movies, and music on a gleaming shelf. Close the door to keep the dust off. Lock the door, so no one can take it, and hand me the key. I’ll let you have the key when you need it, if you promise not to share these with anyone else.
I might keep track of when you borrow the keys, and what you check in and out. You understand, of course, that it’s just data I need to collect and aggregate to keep my costs down, right? I wouldn’t want to have to charge you very much for my key-keeping service.
It’s the Deal of the Century!
Or at least it will be if some kinds of content publishers and distributors get their way. Terrified by the sudden collapse in the cost of duplication and distribution, locking everyone’s shelves down seems like the only way to maintain their balance (sheets). Worse, products from beyond publishing are appearing with the new key-management practices built in, including cars, coffee, and of course printer cartridges.
Sometimes keys are built into devices, with legal and cultural norms driving adoption of techniques like the Content Scramble System (CSS) across an industry. Sometimes the keys run across networks, allowing access to content if and only if other conditions are met: presence on a network, clear identification, and often a payment mechanism. More and more, the media seems to live on someone else’s shelf, for occasional rent to us, with horrifically misnamed Digital Rights Management (DRM) tools as the enforcer.
Even as the “shelf” moves further away from the consumer, proponents of locked content worry that there are, after all, other ways to share material. They can’t easily make people who really want to share their own content lock it down, yet. The web remains dangerous to purveyors of scarcity, an alternate channel that constantly reminds its users that there might be another way. The next step, of course, is to make the web a safe and welcoming place for DRM. The W3C seems to have caved, agreeing with its control-obsessed members that the mechanisms for locking shelves need to be built into the fabric of the web.
Can we stop DRM here, “fight tooth and nail to keep DRM out of web browsers… [as] a quarantine measure?“, as Jeremy Keith suggests? Can we hit the pause button on efforts to lock down everything that might ever be for sale? Or will we find out just how toxic DRM can be when it’s far too late?