How The Copyright Industry Made Your Computer Less Safe

from the welcome-to-the-world-of-drm dept

The entertainment industry calls DRM "security" software, because it makes them secure from their customers. Security is not a matter of abstract absolutes, it requires a context. You can't be "secure," generally -- you can only be secure from some risk. For example, having food makes you secure from hunger, but puts you at risk from obesity-related illness.



DRM is designed on the presumption that users don't want it, and if they could turn it off, they would. You only need DRM to stop users from doing things they're trying to do and want to do. If the thing the DRM restricts is something no one wants to do anyway, you don't need the DRM. You don't need a lock on a door that no one ever wants to open.



DRM assumes that the computer's owner is its adversary.

Here is where DRM and your security work at cross-purposes. The DMCA's injunction against publishing weaknesses in DRM means that its vulnerabilities remain unpatched for longer than in comparable systems that are not covered by the DMCA. That means that any system with DRM will on average be more dangerous for its users than one without DRM.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

I've already written one piece about Cory Doctorow's incredible column at the Guardian concerning digital rights management and anti-circumvention , in which I focused on how the combination of DRM and anti-circumvention laws allows companies to make up their own copyright laws in a way that removes the rights of the public. Those rights are fairly important, and the reason we have them encoded within our copyright laws is to make sure that copyright isn't abused to stifle speech. But, anti-circumvention laws combined with DRM allow the industry to route around that entirely.But there's a second important point in Doctorow's piece that is equally worth highlighting, and it's that the combination of DRM and anti-circumvention laws. For this to make sense, you need to understand that DRM is really a form of security software.But, to understand security, you have to recognize that it's an ever-evolving situation. Doctorow quotes Bruce Schneier in pointing out that security is a process, not a product. Another way of thinking about it is that you're only secure until you're not -- and that point is going to come eventually. As Doctorow notes, every security system relies on people probing it and. That allowsof security to keep moving forward. As vulnerabilities are found and understood, new defenses can be built and the security gets better. But anti-circumvention laws make that almost impossible with DRM, meaning that the process of making security better stops -- while the process of breaking it doesn't.And that leads to very real vulnerabilities. The most famous, of course, is the case of the Sony rootkit . As Doctorow notes, multiple security companies were aware of the nefarious nature of that rootkit, which not only hid itself on your computer and was difficult to delete, but also opened up a massive vulnerability for malware to piggyback on -- something malware writers took advantage of . And yet, the security companies did nothing, because explaining how to remove the rootkit would violate the DMCA.Given the post-Snowden world we live in today, people are suddenly taking computer security and privacy more seriously than they have in the past -- and that, as Doctorow notes, represents another opportunity to start rethinking the ridiculousness of anti-circumvention laws combined with DRM. Unfortunately, politicians who are way behind on this stuff still don't get it. Recent trade agreements like the TPP and ACTA continue to push anti-circumvention clauses, and require them around the globe, therebycomputer security.This isn't just an issue for the "usual copyright people." This is about actually making sure the computers we use are as secure and safe as they can be. Yet, in a world with anti-circumvention provisions, that's just not possible. It's time to fix that.

Filed Under: anti-circumvention, copyright, cory doctorow, dmca, drm, security, sony rootkit