Pay To Live

There was a time when the cost of leisure was only the opportunity cost (the income forgone by not working) and the cost of your entertainment. But times have changed. The cost of entertainment is ever increasing, but not to worry, Hollywood has new ways to keep your entertainment affordable. All it’ll cost you is a little more of your precious leisure time.

The mechanism I’m talking about: CSS, the DVD Content Scrambling System. As part of the mechanism for protecting DVDs, the Copyright Control Authority added functionality to the DVD specification that would prevent users from skipping sections of playback. Typically, this is used at the beginning of the DVD to force users to watch the FBI copyright infringement warning. However, various DVD titles have started to use this feature for another purpose, a practice which I predict will only flourish: forced advertisement.

Anyone who’s gone to a movie theatre and paid for a movie knows the frustration of having to sit through advertisements for cars, Coke, and any number of other products. What a rub. I pay $12 for the movie, $10 for the popcorn, and now I have to watch advertisements in addition to the “Coming Attractions” before the movie starts?!? Welcome to the world of “consumer lock-in”. You’re a captive market, ready to be exploited. Now imagine when this intrusion comes home.

You’ve bought a DVD, hence you have the right to watch it again and again. Yet now, you’ll have to sit through the advertisements at the beginning of the DVD each and every time you want to watch the movie. Will you see the price of DVDs decrease? No. In fact, more than likely you’ll see the emergence of a new market: DVDs without advertisements. And they’re going to cost you more.

The DVD standard has refined this technology to state of the art. Not only can they force you to watch segments of the DVD, the CCA can also force you to buy a DVD title multiple times in multiple regions. Embedded in each DVD is a region code that specifies where a DVD can be played. DVD players enforce this region encoding. So, for example, a DVD you purchased in Europe can’t be played in North America. Even though you possess a valid license for the media, you can’t play the media on any North American DVD player. This technology enables media creators to practice price discrimination between regions.

Imagine if this trend extended outside the world of digital entertainment. Imagine if the manufacturers of eyeglasses decided to leverage their captive audience and embed partially transparent advertisements into the lenses of glasses they manufactured. Want a pair without the ads? It’ll cost you. The possibilities are endless. Everywhere you look or listen is another opportunity for advertisers to invade your attention. Think spam is annoying? Think again.

Just be glad this hasn’t happened to books. Yet.

Software Wars

Last week Hewlett-Packard attempted to use the Digital Millennium Copyright Act (DMCA) to crush security research company SNOsoft for revealing a particular nasty exploit allowing a remote attacker to access to machines running HP’s Tru64 Unix operating system. While this is not the first attempt to disrupt legitimate security research using the DMCA (see earlier attempts by the RIAA against Dr. Ed Felten), this represents a true departure from previous attempts: to a casual observer, SNOsoft didn’t even violate the DMCA!

The DMCA, as its name suggests, is about protecting copyright in the age of technology that enables perfect digital copies of copyrighted materials. Part of the act outlines terms that make it a crime to circumvent copyright controls or distribute tools for that purpose. What’s interesting is that the “technology” distributed by SNOsoft had nothing to do with copyright protection technology, it only really enabled a malicious user to access a system running Tru64 without proper authorization. Is that wrong? Undoubtedly a person using the exploit against a third-party’s system would be breaking the law, but they, not SNOsoft, would be prosecutable under US federal computer fraud statutes, not the DMCA.

Did HP honestly expect it would be able to sue SNOsoft for damages resulting from the release of the exploit, despite the fact that the problem was a direct result of HP’s own faulty software? Most software today is distributed under an End User License Agreement (such as this example Microsoft EULA) that stipulates the software is provided “as is”, under no warranty, and not even guaranteed to be suitable for any purpose! If HP is not liable to its own customers for faults in its Tru64 Unix, how can it contend that SNOsoft should be liable for any damages that result from an exploit that someone other than SNOsoft used to breach a Tru64 system?

Perhaps recognizing the possibility of setting a software-liability precedent, HP hastily recanted its legal threats.

Software companies want to be able to sell a product, but they don’t want to be liable for any damage their product might inflict. They want to sell something, but a person who purchases their product doesn’t actually own it, they only own a “license” which can be revoked by the manufacturer at any time. They want to be able to access a user’s machine without their knowledge. They want. They want. They want.

How about what we, the users, want?

It’s time that software development companies realized that they’re just regular companies and, like every other company (recent examples notwithstanding), they have to follow the rules. Play time is over. Grow up or go home.