Skip to main content

Hill-Climbing Our Way to Defeating DRM

DEEPLINKS BLOG
September 18, 2018

Hill-Climbing Our Way to Defeating DRM

Computer science has long grappled with the problem of unknowable terrain: how do you route a packet from A to E when B, C, and D are nodes that keep coming up and going down as they get flooded by traffic from other sources? How do you shard a database when uncontrollable third parties are shoving records into it all the time? What's the best way to sort some data when spammers are always coming up with new tactics for re-sorting it in ways that suit them, but not you or your users?

One way to address the problem is the very useful notion of "hill-climbing." Hill-climbing is modeled on a metaphor of a many-legged insect, like an ant. The ant has forward-facing eyes and can't look up to scout the terrain and spot the high ground, but it can still ascend towards a peak by checking to see which foot is highest and taking a step in that direction. Once it's situated in that new place, it can repeat the process, climbing stepwise toward the highest peak that is available to it (of course, that might not be the highest peak on the terrain, so sometimes we ask our metaphorical ant to descend and try a different direction, to see if it gets somewhere higher).

This metaphor is not just applicable to computer science: it's also an important way to think about big, ambitious, fraught policy fights, like the ones we fight at EFF. Our Apollo 1201 Project aims to kill all the DRM in the world inside of a decade, but we don't have an elaborate roadmap showing all the directions we'll take on the way.

There's a good reason for that. Not only is the terrain complex to the point of unknowability; it's also adversarial: other, powerful entities are rearranging the landscape as we go, trying to head us off. As the old saying goes, "The first casualty of any battle is the plan of attack."

Instead of figuring out the whole route from A to Z, we deploy heuristics: rules of thumb that help us chart a course along this complex, adversarial terrain as we traverse it.

Like the ant climbing its hill, we're feeling around for degrees of freedom where we can move, ascending towards our goal. There are four axes we check as we ascend:

1. Law: What is legal? What is illegal? What chances are there to change the law? For example, we're suing the US government to invalidate Section 1201 of the Digital Millennium Copyright Act (DMCA), the abetting legislation that imposes penalties for bans breaking DRM, even for legal reasons.  If it was legal to break DRM for a legal purpose, the market would be full of products that let you unlock more value in the products you own, and companies would eventually give up on trying to restrict legal conduct.

We're also petitioning the US Copyright Office to grant more exemptions to DMCA 1201, despite the fact that those exemptions are limited in practice (e.g., "use" exemptions that let you jailbreak a device, but not "tools" exemptions that let you explain to someone how to jailbreak their device or give them a tool to do so).

Why bother petitioning the Copyright Office if they can only make changes that barely rise above the level of cosmetic? Glad you asked.

2. Norms: What is socially acceptable? A law that is widely viewed as unreasonable is easier to change than a law that is viewed as perfectly understandable. Copyright law is complicated and boring, and overshadowed by emotive appeals to save wretched "creators" (like me—my full-time job is as a novelist, and I work part-time for EFF as an activist because sitting on the sidelines while technology was perverted to control and oppress people was unbearable).

But in the twenty-first century, a tragic category error (using copyright, a body of law intended to regulate the entertainment industry's supply chain, to regulate the Internet, which is the nervous system of the entire digital world) has led to disastrous and nonsensical results. Thanks to copyright law, computer companies and car companies and tractor companies and voting machine companies and medical implant companies and any other company whose product has a computer in it can use copyright to make it a crime to thwart their commercial plans—to sell you expensive ink, or to earn a commission on every app, or to monopolize the repair market.

From long experience, I can tell you that the vast majority of people do not and will never care about copyright or DRM. But they do care about the idea that vast corporations have bootstrapped copyright and DRM into a doctrine that amounts to "felony contempt of business model." They care when their mechanic can't fix their car any longer, or the insulin for their artificial pancreas goes up 1000 percent, or when security experts announce that they can't audit their state's voting machines.

The Copyright Office proceedings can carve out some important freedoms, but more importantly, they are a powerful normative force, an official recognition from the branch of the US government charged with crafting and regulating copyright that DRM is messed up and getting in the way of legitimate activity.

3. Code: What is technically possible? DRM is rarely technologically effective. For the most part, DRM does not survive contact with the real world, where technologists take it apart, see how it works, find its weak spots, and figure out how to switch it off. Unfortunately, laws like DMCA 1201 make developing anti-DRM code legally perilous, and people who try face both civil and criminal jeopardy. But despite the risks, we still see technical interventions like papers at security conferences on the weaknesses in DRM or tools for bypassing and jailbreaking DRM. EFF's Coders' Rights project stands up for the right of developers to create these legitimate technologies, and our intake desk can help coders find legal representation when they're threatened.

4. Markets: What's profitable? When a policy goal intersects with someone else's business model, you get an automatic power-up. People who want to sell jailbreaking tools, third-party inkjet cartridges, and other consumables, independent repair services, apps and games for locked platforms are all natural opponents of DRM, even if they're not particularly worried about DRM itself, and only care about the parts of it that get in the way of earning their own living.

There are many very successful products that were born with DRM—like iPhones—and where no competing commercial interests were ever able to develop. It's a long battle to convince app makers that competition in app stores would result in their being able to keep more of that 30 percent commission they currently pay to Apple.

But in other domains, like the independent repair sector, there are huge independent commercial markets that are thwarted by DRM. Independent repair shops create local, middle-class jobs (no one sends a phone or a car overseas for service!) and they rely on manufacturers for third-party replacement parts and diagnostic tools. Farmers are a particularly staunch ally in the repair fight, grossly affronted at the idea of having to pay John Deere a service charge to unlock the parts they swap into their own tractors (and even more furious at having to wait days for a John Deere service technician to put in an appearance in order to enter the unlock code).

Law, Norms, Code, and Markets: these are the four forces that former EFF Board member Lawrence Lessig first identified in his 1999 masterpiece Code and Other Laws of Cyberspace, the forces that regulate all our policy outcomes. The fight to rescue the world from DRM needs all four.

When we're hill-climbing, we're always looking for chances to invoke one of these four forces, or better yet, to combine them. Is there a business that's getting shafted by DRM who will get their customers to write to the Copyright Office? Is there a country that hasn't yet signed a trade agreement banning DRM-breaking, and if so, are they making code that might help the rest of us get around our DRM? Is there a story to tell about a ripoff in DRM (like the time HP pushed a fake security update to millions of printers in order to insert DRM that prevented third-party ink) and if so, can we complain to the FTC or a state Attorney-General to punish them? Can that be brought to a legislature considering a Right to Repair bill?

On the way, we expect more setbacks than victories, because we're going up against commercial entities who are waxing rich and powerful by using DRM as an illegitimate means to cement monopolies, silence critics, and rake in high rents.

But even defeats are useful: as painful as it is to lose a crucial battle, such a loss can galvanize popular opposition, convincing apathetic or distracted sideliners that there's a real danger that the things they value will be forever lost if they don't join in (that would be a "normative" step towards victory).

As we've said before, the fight to keep technology free, fair and open isn't a destination, it's a journey. Every day, there are new reasons that otherwise reasonable people will find to break the tech we use in increasingly vital and intimate ways—and every day, there will be new people who are awoken to the need to fight against this temptation.

These new allies may get involved because they care about Net Neutrality, or surveillance, or monopolies. But these are all part of the same information ecology: what would it gain us to have a neutral internet if all the devices we connect to it use DRM to control us to the benefit of distant corporations? How can we end surveillance if our devices are designed to treat us as their enemies, and thus able to run surveillance code that, by design, we're not supposed to be able to see or stop? How can we fight monopolies if corporations get to use DRM to decide who can compete with them—or even criticize the security defects in their products?

On this Day Against DRM, in a year of terrible tech setbacks and disasters, it could be easy to despair. But despair never got the job done: when life gives you SARS, you make sarsaparilla. Every crisis and catastrophe bring new converts to the cause. And if the terrain seems impassible, just look for a single step that will take you to higher ground. Hill-climbing algorithms may not be the most direct route to higher ground, but as every programmer knows, it's still the best way to traverse unknowable terrain.

What step will you take today?

(Image: Jacob_Eckert, Creative Commons Attribution 3.0 Unported)

Related Issues

Back to top

JavaScript license information