Say no to locked-down devices that limit our freedom to install apps and switch operating systems. Say yes to device neutrality, which ensures that we control our own hardware! Your device, your choice! Support our demand for the right to install any software on our devices.

Transcript of SFP#1 on Day Against DRM with Cory Doctorow

Back to the episode SFP#1

This is a transcript created with the Free Software tool Whisper. For more information and feedback reach out to podcast@fsfe.org

WEBVTT

00:00.000 --> 00:18.280
Welcome to the first episode of the Software Freedom Podcast.

00:18.280 --> 00:21.920
Starting with this episode, we will talk once a month with people who have inspiring

00:21.920 --> 00:23.960
ideas about software freedom.

00:23.960 --> 00:27.080
This podcast is presented to you by the Free Software Foundation Europe.

00:27.080 --> 00:30.800
We are a charity that empowers users to control technology.

00:30.800 --> 00:34.200
My name is Matthias Kirschner, and I'm the president of the FSFE.

00:34.200 --> 00:35.720
And my name is Katharina Okun.

00:35.720 --> 00:39.880
I am a writer and digital rights activist, bass, and Berlin.

00:39.880 --> 00:44.840
When we were planning the first episode, we exchanged some ideas for possible guests.

00:44.840 --> 00:49.400
And when I heard that the day against DRM will this year take place in October, I directly

00:49.400 --> 00:54.160
thought we have to get Cory Doctoro as our first guest, and we have to talk with him

00:54.160 --> 00:56.400
about digital restriction management.

00:56.400 --> 01:01.180
I think they are just very few people that inspired so many people from our community like

01:01.180 --> 01:02.180
Cory did.

01:02.180 --> 01:07.200
For those listeners who don't know him, Cory Doctoro is a British-Canadian writer and

01:07.200 --> 01:11.800
political activist, and he is the co-editor of Boeing Boeing Net.

01:11.800 --> 01:17.000
He is a prominent supporter of the idea of software freedom, and he is fighting for a less restrictive

01:17.000 --> 01:18.560
copyright law.

01:18.560 --> 01:22.480
His books are published under Creative Commons licenses.

01:22.480 --> 01:27.240
These science fiction novels of Cory are all strongly connected to the debates on technology

01:27.240 --> 01:28.680
and regulation.

01:28.680 --> 01:32.880
What I like about his books is that they address complex issues such as software freedom,

01:32.880 --> 01:38.000
copyright, digital restriction management, or privacy in an unconventional way.

01:38.000 --> 01:43.720
So even someone who has never thought about these topics before, they can follow him.

01:43.720 --> 01:47.680
And at the same time as someone who is active in those fields for a long time, you always

01:47.680 --> 01:51.720
find interesting ways how to explain these topics better to others.

01:51.720 --> 01:55.960
As a privacy activist, my favorite book of Cory is, of course, Little Brother.

01:55.960 --> 02:02.320
The book was published in 2008 and tells the story of four teenagers from San Francisco

02:02.320 --> 02:07.400
who experience how society is more and more transformed into a surveillance state after

02:07.400 --> 02:09.200
a terrorist attack.

02:09.200 --> 02:14.200
Together with our friends, these teenagers start an underground campaign for defending

02:14.200 --> 02:17.880
civil liberties against the Department of Homeland Security.

02:17.880 --> 02:23.440
I don't want to spoil you, but I like the end very much.

02:23.440 --> 02:26.480
What do you like most about the book?

02:26.480 --> 02:31.440
Definitely the way how Cory described how the protagonists of a story circumvent surveillance

02:31.440 --> 02:34.360
technology were very simple hacks.

02:34.360 --> 02:38.760
For example, right in the beginning, there is a passage where they explain how to trick

02:38.760 --> 02:45.040
an intelligent surveillance camera that can recognize people based on how they walk.

02:45.040 --> 02:49.880
They simply put small stones in their shoes in order to change their walking patterns.

02:49.880 --> 02:54.280
And by the way, did you know that at what's known, had a copy of Little Brother prominently

02:54.280 --> 02:59.400
placed in his hotel room in Hong Kong when he did his first interviews for the documentary

02:59.400 --> 03:00.800
Citizen Four?

03:00.800 --> 03:04.160
I guess this was his way of telling the world.

03:04.160 --> 03:07.840
If you want to understand why I did this, please read this book.

03:07.840 --> 03:10.560
And you definitely should read this book if you haven't read it already.

03:10.560 --> 03:12.600
It's a fantastic book.

03:12.600 --> 03:13.600
What's your favorite book?

03:13.600 --> 03:14.600
I like Little Brother.

03:14.600 --> 03:19.360
I like Homeland, but at the moment, it's unauthorized spread his new book.

03:19.360 --> 03:25.280
And in this book, Salima, who's a refugee, she lives in the U.S. and she's in the situation

03:25.280 --> 03:30.520
that her toaster refuses to toast her bread for her one morning.

03:30.520 --> 03:35.520
She finds out that the company, the manufacturer of the toaster, they went bankrupt and their

03:35.520 --> 03:37.040
servers are down.

03:37.040 --> 03:42.680
So the toaster, which before always checked if you can toast this bread or not, which is

03:42.680 --> 03:45.520
authorized or not, those others aren't there anymore.

03:45.520 --> 03:51.280
So she's not able to toast the bread, which is authorized as well as any other toast.

03:51.280 --> 03:54.280
Oh my God.

03:54.280 --> 03:55.280
She doesn't stop there.

03:55.280 --> 04:00.200
So she continues to investigate and finds out that there are others with the same problem

04:00.200 --> 04:05.620
and that they fleshed other software on those toasters and then they could toast any

04:05.620 --> 04:06.920
bread they want.

04:06.920 --> 04:10.680
So she also does that and enjoys this new freedom.

04:10.680 --> 04:16.160
And she helps other people in this building and shows them how they can modify their devices

04:16.160 --> 04:21.480
and they all enjoy buying bread they want or baking bread and toasting it.

04:21.480 --> 04:25.440
So she's very happy about this development, how she can help others around her to also

04:25.440 --> 04:27.880
benefit from modifications there.

04:27.880 --> 04:31.760
Later, it turns out that well, what she did was illegal.

04:31.760 --> 04:35.920
They are not allowed to make changes to the software there on those devices in the building

04:35.920 --> 04:38.080
and there are legal threats about this.

04:38.080 --> 04:39.840
And I don't want to spoil you too much.

04:39.840 --> 04:46.360
So read the book, but this part it reminded me about when we at the FSFE helped others

04:46.360 --> 04:51.840
in our free Android campaign to flesh software on their mobile phones.

04:51.840 --> 04:56.000
So use free software there and get rid of some restrictions they had on their mobile phones

04:56.000 --> 04:57.000
before.

04:57.000 --> 05:02.120
Seeing how people react towards that and how happy they are with those devices, but on

05:02.120 --> 05:08.120
the same hand also seeing that modifying software on devices is getting harder and harder

05:08.120 --> 05:10.200
in some areas.

05:10.200 --> 05:14.360
What do you think makes Corrie's story so special?

05:14.360 --> 05:19.880
For me, it's that he has those role models in his books like in Little Brother, you have

05:19.880 --> 05:24.160
Marcus and Angela who don't accept that technology just restricts them.

05:24.160 --> 05:30.120
They get active themselves and they make changes to technology and defend civil liberties.

05:30.120 --> 05:36.160
And now with an authorized bread, the special part there is that Salima is a refugee.

05:36.160 --> 05:39.560
She's in a bad situation there, but she doesn't accept that.

05:39.560 --> 05:44.960
She changes things and tries to improve her situation for herself and for others.

05:44.960 --> 05:50.640
It's very important that you have such role models for younger people in our society,

05:50.640 --> 05:53.000
for underprivileged people in our societies.

05:53.000 --> 05:56.400
So that's why I like this book a lot and the characters in there.

05:56.400 --> 06:02.520
So I hope you all understand now why we instantly agreed on Corrie Dockro as the perfect guest

06:02.520 --> 06:05.760
for the first episode of the software freedom podcast.

06:05.760 --> 06:10.360
We are very excited to have them with us today and talk with them about this new book

06:10.360 --> 06:14.000
and digital restriction management.

06:14.000 --> 06:15.000
Welcome, Corrie.

06:15.000 --> 06:17.360
Thank you very much for being with us today.

06:17.360 --> 06:23.200
So you want said that the idea for your book, an authorized bread was based on an article

06:23.200 --> 06:27.480
you wrote back in 2015 for the Guardian.

06:27.480 --> 06:31.160
The title was, if dishwasher were iPhones.

06:31.160 --> 06:35.120
Can you explain what this article was about?

06:35.160 --> 06:41.000
For many years, I'd heard from people to say that it was no real imposition for Apple

06:41.000 --> 06:47.400
to have created this world garden business model where in order to use a device they sold

06:47.400 --> 06:51.200
you, you had to also let them decide which software you could use.

06:51.200 --> 06:53.840
And they made all kinds of arguments about why this was legitimate.

06:53.840 --> 06:55.600
They said it kept you safe.

06:55.600 --> 07:00.440
They said it protected software authors from copyright infringement.

07:00.480 --> 07:05.480
They said that it simplified the paradox of choice and so on.

07:05.480 --> 07:10.120
And it seemed to me that if all of that was actually true, then they could have just

07:10.120 --> 07:15.480
had a little tick box that said, actually, I'd prefer to choose my own software rather

07:15.480 --> 07:19.480
than relying on Apple to make that choice for me.

07:19.480 --> 07:24.760
And it also seemed to be belied by the fact that Apple had tightened the screws many

07:24.760 --> 07:25.760
times.

07:25.760 --> 07:28.800
They had changed the guidelines about what kind of apps you could have.

07:28.800 --> 07:34.960
So they had unilaterally decided that some software authors expression was not lawful

07:34.960 --> 07:37.560
for inclusion in the app store.

07:37.560 --> 07:43.280
We had most notoriously someone who'd made an app that kept track of drone strikes that

07:43.280 --> 07:49.400
the US government launched and specifically the civilian death count from those drone strikes.

07:49.400 --> 07:53.080
And Apple had repeatedly excluded that from the app store.

07:53.080 --> 07:57.080
And so it seemed to me that if this was something people really liked, they would have just

07:57.080 --> 07:58.080
opted for it.

07:58.080 --> 08:02.120
But instead, you know, between the drone strikes and the people who kept trying to create

08:02.120 --> 08:06.120
independent software stores and the users who kept trying to drill jailbreak their phones,

08:06.120 --> 08:13.000
it was pretty clear that actually software vendors and software authors and iPhone owners

08:13.000 --> 08:16.760
were many of them not very happy with this at all.

08:16.760 --> 08:20.760
And the common rejoinder was, well, then why are they in the iPhone ecosystem?

08:20.760 --> 08:23.960
They should be choosing a different platform.

08:23.960 --> 08:26.600
And that argument all seemed very inadequate to me.

08:26.600 --> 08:30.240
And so I thought, you know, there are plenty of other appliances that you could make this

08:30.240 --> 08:31.480
argument about.

08:31.480 --> 08:37.080
And specifically, dishwashers are a really good example because the most dangerous thing

08:37.080 --> 08:40.280
you can do really is eat bad food.

08:40.280 --> 08:44.520
Foodborne illness has killed more people than anything else in the history of the world.

08:44.520 --> 08:48.400
And certainly there's a lot of people who make their living from coming up with independent

08:48.400 --> 08:53.960
dishware designs who then have to contend with copycats who clone their dishes and so

08:53.960 --> 08:54.960
on.

08:54.960 --> 08:58.800
And I thought every one of these arguments would apply equally well to dishwashers.

08:58.800 --> 09:05.880
And so I wrote this little fake letter from Steve Jobs like CEO to his customers explaining

09:05.880 --> 09:11.880
why they should stop trying to put non authorized dishes in their special fancy dishwashers.

09:11.880 --> 09:17.040
And how these special fancy dishwashers had been exquisitely calibrated to reduce water

09:17.040 --> 09:23.520
wastage and ensure that foodborne illnesses were eliminated and to reward people who made

09:23.520 --> 09:29.960
dishes and to give them, you know, the incentives they needed to continue to innovate in flatware

09:29.960 --> 09:31.640
and dishes and so on.

09:31.640 --> 09:37.200
And I wrote this essay and what was interesting to me about it at the in the moment was just

09:37.200 --> 09:44.480
how many iOS users failed to get the joke and instead acted like an affronted religious

09:44.480 --> 09:49.280
minority whose sacred texts had just been mocked.

09:49.280 --> 09:54.760
And then subsequently, how close that rhetoric ended up hewing to internet of things device

09:54.760 --> 09:55.760
companies.

09:55.760 --> 10:00.200
So, you know, if you listen to the rhetoric from the likes of the, you know, the founder

10:00.200 --> 10:06.040
of juice, Sarah, which is the company that made the juice squeezers that use DRM to fruit

10:06.040 --> 10:11.360
or the rhetoric from other IoT companies, you know, they all made essentially those arguments.

10:11.360 --> 10:17.320
You know, this is pose law that satire is indistinguishable from reality and in undermodern

10:17.320 --> 10:18.520
conditions.

10:18.520 --> 10:23.960
And so, you know, that turned into unauthorized bread or at least the proximate instigation

10:23.960 --> 10:25.360
for writing unauthorized bread.

10:25.360 --> 10:30.480
This idea that there really wasn't any reason given the internet of things not to turn

10:30.480 --> 10:36.480
everything into an iOS style app store for the clothes that a wash in your washing machine

10:36.480 --> 10:41.880
and the dishes that a wash in your dishwasher and the bread that will toast in your toaster.

10:41.880 --> 10:46.000
This month's stay against the RM focuses on ebooks.

10:46.000 --> 10:50.320
What does the difference between a book and an ebook with DRM?

10:50.320 --> 10:55.240
Well, a book is something that actually has a somewhat nebulous definition.

10:55.240 --> 11:00.320
If you think back on the history of books, all of the things that we might say would be,

11:00.320 --> 11:07.360
you know, critical to defining a book actually are not present in some pretty important examples.

11:07.360 --> 11:10.960
So for example, we might say that a book has to have a spine.

11:10.960 --> 11:15.480
It has to be a codex that is to say shaped like a book as we know it today.

11:15.480 --> 11:19.360
But you know, the Torah, which is one of the first and most widely published books in the

11:19.360 --> 11:24.240
history of the world, originally was a scroll that didn't have a spine and we still call

11:24.240 --> 11:25.240
it a book.

11:25.240 --> 11:29.120
Or we might say that a book needs to have writing or pictures in it, but we have blank

11:29.120 --> 11:30.120
books.

11:30.120 --> 11:34.720
So we might say that a book has to cost something, but you know, the most widely available

11:34.720 --> 11:39.040
books in the world are free, you know, Bibles and copies of the little red book and so on.

11:39.040 --> 11:41.200
So book is a pretty expansive category.

11:41.200 --> 11:45.640
Certainly electronically, we've expanded the definition of books by blowing up some

11:45.640 --> 11:49.680
of the physical constraints that were associated with them, you know, Wikipedia I think qualifies

11:49.680 --> 11:51.320
as an electronic book.

11:51.320 --> 11:57.480
And so do, you know, I just downloaded a PDF last week for Dungeons and Dragons, Game Masters

11:57.480 --> 12:01.800
who want to ensure that they have consent from their players for situations that might

12:01.800 --> 12:03.920
be emotionally difficult for them.

12:03.920 --> 12:06.280
And that book was eight pages long.

12:06.280 --> 12:09.480
And it's hard to imagine a printed book that's eight pages long.

12:09.480 --> 12:14.200
And so we've eliminated the length constraints, we've eliminated some of the media constraints,

12:14.200 --> 12:17.080
we have books with moving images and audio and so on.

12:17.080 --> 12:22.920
But once you add DRM, something really changes, because although books are very ancient

12:22.920 --> 12:28.560
and although books are seriously something that is part of our cultural heritage and how

12:28.560 --> 12:33.240
we identify as a culture, you know, when when you want to show a civilization that's

12:33.240 --> 12:37.400
falling apart, you just show pictures of books on fire, you know, anytime someone piles

12:37.480 --> 12:41.560
up a bunch of books and sets them on fire, you can be pretty sure that nothing good is

12:41.560 --> 12:42.960
going to come of that.

12:42.960 --> 12:49.800
But a lot of that covenant that goes around books, that is that is critical to what we think

12:49.800 --> 12:53.440
of when we think of a book, is not present in an ebook.

12:53.440 --> 12:57.760
So books are older than copyright and they're also older than commerce.

12:57.760 --> 13:01.120
And they're certainly older than the idea of the unitary author.

13:01.120 --> 13:07.080
The first books were conglomerates of text by multiple authors bound up together.

13:07.080 --> 13:11.640
And the way that you would contribute to authorship was by, you know, copying out some of those

13:11.640 --> 13:15.640
passages and then adding some of your own or finding other passages that seem relevant

13:15.640 --> 13:17.120
to you and so on.

13:17.120 --> 13:23.920
All of those things are part of the ancient compact that makes books so valuable, so important,

13:23.920 --> 13:25.760
so so enduring.

13:25.760 --> 13:30.640
But once you add DRM to a book, those things that were historically part of the natural

13:30.640 --> 13:34.560
life of a book, whether that's having the book read aloud or being able to give away

13:34.560 --> 13:40.000
the book or being able to lend the book or being able to tear passages out of a book

13:40.000 --> 13:43.400
that offend you, all of those things just disappear.

13:43.400 --> 13:49.120
And instead, what you end up with is a book that is regulated first by legal code, usually

13:49.120 --> 13:54.000
by a license agreement that sometimes even longer than the book itself, especially when

13:54.000 --> 13:58.000
you factor in the sub license agreements associated with the e-reader and the operating

13:58.000 --> 14:02.280
system and so on, you might end up with 100,000 words of legal use that you're expected

14:02.280 --> 14:07.160
to understand in order to operate the book within the confines of the law.

14:07.160 --> 14:11.320
And then you have technical strictures that actually prevent you from deciding which

14:11.320 --> 14:14.920
e-reader you're going to read the book on, from deciding whether or not you're going

14:14.920 --> 14:20.600
to transfer the ownership of that book to your children or give it away to a local school.

14:20.600 --> 14:25.240
All of those things that are part of the bargain of the book just go up in smoke as soon

14:25.240 --> 14:27.680
as you add DRM to the book.

14:27.760 --> 14:32.560
My feeling is that people would often never accept the same restrictions, they accept

14:32.560 --> 14:36.960
with their e-books for their normal books. Why do you think this is the case?

14:37.760 --> 14:42.960
That was kind of the point of the, if dishwasher's were iPhones and an authorized bread,

14:42.960 --> 14:49.840
that we have been put in very slowly boiling water, like the analogy of the frogs and boiling

14:49.840 --> 14:56.000
water. And we haven't noticed, it's kind of crept up on us that the rights that we value

14:56.080 --> 15:00.320
in our books have been taken away from us one at a time very slowly.

15:00.320 --> 15:06.560
And you know, this isn't just because we weren't paying attention, it's also because a lot of

15:06.560 --> 15:11.760
these problems are a long way away, right? Like what you do with the book at the end of your life

15:11.760 --> 15:18.640
is for the average book owner a long way off. And it's also hard to learn from that lesson

15:18.640 --> 15:25.760
once you're dead. And so you kind of have to witness say your beloved parents beautifully,

15:25.760 --> 15:31.840
curated library being vanished in a puff of smoke, thanks to a license agreement,

15:31.840 --> 15:37.680
or because the company that made the DRM server for it decided to take that server down

15:37.680 --> 15:42.160
in order for you to learn the lesson and revisit your own choices about what you buy.

15:42.160 --> 15:48.560
And you know, in general, we rely not on people learning lessons the hard way, a long way off.

15:48.560 --> 15:53.760
In order to keep us safe, we often ask states to intervene by say declaring certain business

15:53.760 --> 15:59.520
practices illegal or certain contractual terms to be unenforceable. And neither of those are

15:59.520 --> 16:04.960
on our horizon at the moment when it comes to DRM. When Microsoft closed their bookstore,

16:04.960 --> 16:10.000
users could not access the books anymore they had bought. Do you know other examples?

16:11.280 --> 16:16.480
Yeah, well Walmart did the same thing I think in 2007, but the Federal Trade Commission actually

16:16.480 --> 16:21.280
intervened at that point and ordered them to keep the DRM servers running. I don't know if they're

16:21.360 --> 16:28.160
still up and going, but you know, Amazon is what, 20 years old. And I'm literally sitting next to

16:28.160 --> 16:33.200
a bookshelf full of books that are four, five, and six times older than that. So the idea that we're

16:33.200 --> 16:40.240
going to just rely on Amazon to never get bored of running its DRM servers or never be say financially

16:40.240 --> 16:45.280
engineered into bankruptcy as so many companies have in recent years, including companies that are

16:45.280 --> 16:53.520
hundreds of years old, seems completely unrealistic. I mean, one of the arguments is often that

16:53.520 --> 16:59.760
artists cannot make any money with our digital restriction management. Now as an author yourself,

16:59.760 --> 17:06.160
what do we say about this argument? Well, it's very hard to parse that argument out. So one of the

17:06.160 --> 17:13.040
things that makes DRM so pernicious is that it's protected under the law in the EU article 6 of the

17:13.040 --> 17:21.120
2001 copyright directive. And in the US section 1201 of the 1998 Digital Millennium Copyright Act,

17:21.120 --> 17:28.480
both prohibit bypassing DRM even for a lawful purpose. And whenever, you know, I've been in

17:28.480 --> 17:36.640
policy forums, whether that's at Weipo or in Brussels or in Washington, DC or in standards bodies

17:36.640 --> 17:42.960
like DVBCPCM or the broadcast flag body, the broadcast protection discussion group. And I've

17:42.960 --> 17:52.560
proposed that we make it lawful to bypass DRM for lawful purposes. The answer has been that if we

17:52.560 --> 18:00.640
don't maintain the illegality of bypassing DRM, that DRM will be defeated by users. And then I say,

18:00.640 --> 18:06.240
but isn't DRM the technical countermeasure that stops people from copying it? And when you dig

18:06.240 --> 18:12.080
into it, what you find out is that nobody who makes DRM believes that DRM stops users from

18:12.080 --> 18:20.080
making copies. What they think is that it allows firms to invoke the law to prohibit otherwise

18:20.080 --> 18:26.480
lawful conduct, right? It doesn't stop pirates in other words, but it stops competitors. You know,

18:26.480 --> 18:33.040
if you want to pirate DVDs and watch them on your computer, it's not hard to rip them. But if you

18:33.040 --> 18:39.600
want to make a gadget that allows you to say, watch out of region DVDs or to rip them to put them

18:39.600 --> 18:44.080
on your computer and you want to sell them in a store, right? If you want to sell a product that

18:44.080 --> 18:51.120
does lawful things, the fact that you have to bypass the DRM to do it allows the company to invoke

18:51.120 --> 18:57.840
the law to shut you down. So if you're an author and you think that what DRM is going to do is stop

18:57.920 --> 19:03.600
the people who don't want to pay from your books from getting copies them for free, the very people

19:03.600 --> 19:08.640
who make the DRM for those books will tell you that it has no connection with doing that. If you

19:08.640 --> 19:13.040
kind of pin them down, you have to wrestle them for a bit. But then they'll admit it. And sometimes,

19:13.040 --> 19:19.040
you know, they'll fall back on this argument that, oh, well, it's a speed bump. But nobody pretends

19:19.040 --> 19:25.520
that speed bumps stop racers, boy racers from racing down the street. Or they'll say that it keeps

19:25.680 --> 19:31.200
the honest users honest that when you encounter the DRM and it tells you, I'm sorry, you're not allowed

19:31.200 --> 19:37.040
to do that. That if you're honest, you'll go, oh, well, I didn't realize that that was prohibited.

19:37.040 --> 19:44.480
But of course, if you're honest, doing things that are lawful is not dishonest, you know, buying a DVD

19:44.480 --> 19:50.000
or an ebook from one supplier and then watching it on a device made by another supplier is neither

19:50.000 --> 19:55.200
dishonest nor unlawful. It's just bypassing the DRM that's unlawful. So this is how Ed Felton,

19:55.200 --> 19:59.600
who's now, I believe with the Federal Trade Commission, used to be a Princeton came to coin the

19:59.600 --> 20:05.360
memorable phrase that keeping an honest user honest is like keeping a tall user tall. That what

20:05.360 --> 20:10.640
the honest user is doing is by definition honest. That's what makes them an honest user. And so if your

20:10.640 --> 20:16.640
DRM gets in their way, you are prohibiting them from doing something honest. So really, what it ends

20:16.640 --> 20:25.280
up doing is it ends up locking you the rights holder, the creator, into the platform of the company.

20:25.280 --> 20:30.320
And the company is not on your side, right? Amazon does not exist to enrich creators. Amazon's

20:30.320 --> 20:37.280
goal is to minimize its costs everywhere that it's possible to do so and maximize its profits.

20:37.280 --> 20:43.360
And you see them doing this relentlessly in every business that they enter. And so while it may be

20:43.360 --> 20:49.040
true that Amazon offers some kind of teaser rate for you to do a Kindle original or to allow them

20:49.040 --> 20:54.880
to put Kindle DRM on your books or to go into Audible, which is their audiobook platform, which controls

20:54.880 --> 21:00.240
90% of the market and doesn't allow you to opt out of their DRM. That once they have control over

21:00.240 --> 21:04.240
that market, they're going to do what every other firm does when they gain control over their

21:04.240 --> 21:09.760
suppliers. They're going to squeeze the supplier. And that's you. And so, you know, if you decide

21:09.760 --> 21:14.000
later on that you don't want to be an audible author because someone else like Google Play or

21:14.000 --> 21:23.120
Libro.fm or downpour is offering you a better price. You have to not only pull your books from Amazon.

21:24.080 --> 21:32.560
You also have to bet that your listeners or your readers will throw away the books that they've bought

21:32.560 --> 21:41.120
and buy them again on the new platform or maintain two separate non-interoperable libraries of books.

21:41.120 --> 21:46.320
So you effectively increase the switching costs for your customers to follow you to any platform

21:46.320 --> 21:52.160
that offers you a better deal. So, you know, it's like if you were a musician and you released all

21:52.160 --> 21:57.600
of your records in a format that only Sony devices could play. And then later on Universal offered

21:57.600 --> 22:02.560
you a better deal, you would have to trust that your listeners were willing to throw away all the

22:02.560 --> 22:07.760
records you sold them. Well, that is not a good bet. And not many musicians would be in a position

22:07.760 --> 22:13.280
to make that demand on their customers. And so, over time, you're just making yourself more and more

22:13.280 --> 22:20.240
indebted to these big, rapacious corporations that only everyone to figure out how to get more

22:20.240 --> 22:26.800
money for themselves and less money for you from the creative labor that you do. You know, if someone,

22:26.800 --> 22:31.760
as I've said before, someone puts a lock on something that belongs to you and then won't give you

22:31.760 --> 22:38.800
the key, that lock is not there for you. That lock is there for them. And you know, if you go to

22:38.800 --> 22:45.520
Amazon and say, I don't want to sell my audiobooks with your DRM anymore, they'll say go find someone

22:45.520 --> 22:52.080
else to carry your audiobooks because we only sell audiobooks that are locked to our platform

22:52.160 --> 22:56.240
so that every customer that you bring to us becomes our customer instead of yours.

22:56.880 --> 23:01.840
I mean, this sounds really absurd. If you build DRM systems, you have to treat your customer

23:01.840 --> 23:07.760
as a potential attacker of your system. What is the impact of DRM on the security of our devices?

23:08.560 --> 23:14.560
Yeah, so this is the other issue here. One of the things that arises from this law,

23:14.560 --> 23:23.200
Article 6 of the EUCD and Section 121 of the DMCA, is that because they make it both a civil

23:23.200 --> 23:32.640
and potentially criminal offense to help people bypass a DRM system, they also have the side

23:32.640 --> 23:41.040
effect of making it illegal to publish full security analyses of these products. If you find a

23:41.120 --> 23:48.720
defect in a system with DRM in it and in order to do your proof of concept code and describe the

23:48.720 --> 23:55.360
defect so thoroughly that the manufacturer can't deny it because manufacturers are very, very prone

23:55.360 --> 24:00.960
to simply denying it or minimizing it when they're called out on their security mistakes because

24:00.960 --> 24:06.000
they don't want to be embarrassed in public and they don't want their products, reputations to suffer.

24:06.000 --> 24:12.480
So if you want to publish the industry standard for a security report, which is to

24:13.280 --> 24:18.480
enumerate the defect and provide proof of concept code so that other people can replicate your work,

24:19.040 --> 24:26.160
then you potentially face both criminal and civil liability for revealing those defects.

24:26.160 --> 24:33.120
So effectively, although DRM starts off as a means to control customers' behavior by controlling

24:33.120 --> 24:40.000
what products competitors can manufacture, it becomes a means for controlling critics as well,

24:40.000 --> 24:46.080
for controlling people who discover mistakes that you made in implementing your technology

24:46.080 --> 24:51.840
and who want to warn your customers that the device that they have, which inevitably does more

24:51.840 --> 24:58.160
than entertain them, inevitably it has sensors and it has lots of personal identifying information

24:58.960 --> 25:03.840
and it has ways to access your local network and the other devices on it and so on,

25:04.640 --> 25:09.600
that if you want to warn people about the defects in that device, you have to be willing to brave

25:10.480 --> 25:15.920
retribution, legal retribution from the company whose products you are criticizing.

25:16.480 --> 25:22.000
And you know, I am enough of a free speech purist to think that telling the truth about defects in

25:22.000 --> 25:27.680
products should always be legal, but even if you disagree with me and you think that there might be

25:27.680 --> 25:33.040
some legitimate restrictions on when defects in products can be revealed so that manufacturers can

25:34.400 --> 25:40.320
patch the bugs before the bugs are made public say. I think most reasonable people would agree

25:40.320 --> 25:47.120
that companies that stand to lose from true reports of defects in their products

25:47.120 --> 25:54.080
are not good custodians of that bad news. And one of the things that's happened as a consequence

25:54.560 --> 26:01.200
of the expansion of DRM and to other devices, which is itself a consequence of the expansion

26:01.200 --> 26:05.440
of software and to other devices. Once you have software and a device, you can add DRM to it.

26:05.440 --> 26:10.160
Once you add DRM to it, the log gives you the right to stop your competitors from removing that

26:10.160 --> 26:15.760
DRM or tampering with that DRM to let your customers get more out of their lawfully acquired property

26:15.760 --> 26:20.960
is that the constellation of devices that are also off limits to full security audits keeps on

26:20.960 --> 26:28.320
growing keeps getting bigger and bigger. And that means that we are at an ever greater risk

26:28.880 --> 26:36.000
of the security defects festering in these devices until they're so widely exploited that finally

26:36.800 --> 26:41.760
the manufacturer can no longer pretend that they don't exist by which point it's far too late.

26:41.760 --> 26:47.520
So we've already seen this happen. The most notorious example was in 2005 when Sony BMG music

26:48.160 --> 26:56.640
6 million CDs comprising 51 audio titles that had a secret DRM system on them that maliciously

26:56.640 --> 27:02.800
and covertly changed your operating system so that it could no longer see certain programs

27:02.800 --> 27:08.080
and could no longer terminate them when they were running any program that had the string dollar

27:08.080 --> 27:13.520
sign sys dollar sign at the start of its file name would be invisible to both the file and process

27:13.520 --> 27:19.600
managers. And then what they did was they wrote anti CD ripping programs to your computer that would

27:19.600 --> 27:24.960
start automatically at start up time that started with the string dollar sign sys dollar sign so

27:24.960 --> 27:30.480
that you couldn't run CD ripping programs. The thing is that as soon as this was discovered in the

27:30.480 --> 27:35.120
wild but before it was reported to the general public as soon as as independent researchers started

27:35.120 --> 27:40.000
to discover this including independent researchers who made malicious software malicious software

27:40.000 --> 27:45.520
started to emerge that had the same string at the beginning of a dollar sign sys dollar sign.

27:46.560 --> 27:53.040
And so now we had malicious software running on computers that couldn't be detected or shut down

27:53.040 --> 27:58.880
by anti virus software and by the time the researchers who discovered this finally came forward

27:58.880 --> 28:03.600
because there was a three month delay between the initial discovery and then coming forward by the

28:03.600 --> 28:09.280
time they finally came forward this malicious software was present on 200,000 government and

28:09.280 --> 28:14.240
military networks in the U.S. alone. And so all of those computers had been exposed to this risk.

28:15.200 --> 28:21.680
And all of those use those paid for being attacked. Yeah I mean talk about adding insult to injury.

28:21.680 --> 28:28.160
I mean we sometimes hear this this cry that you can't compete with free and so you know how can

28:28.160 --> 28:34.160
a legitimate product compete with the pirate edition. And I think the reality is that however hard

28:34.160 --> 28:38.800
it might be to compete with free it's much harder to compete with free if your product is much

28:38.800 --> 28:44.720
worse than the free product. After all when you pirate your ebooks or movies or games you get

28:44.720 --> 28:49.440
exactly the same game you just don't get the restrictions. And so that is always going to be a

28:49.440 --> 28:55.600
better product than the product that comes with the DRM on it. And some years of rich vacuum cleaner

28:55.600 --> 29:01.520
and coffee machine might be connected to the internet. What rules do we need for the so-called

29:01.520 --> 29:06.560
internet of things to make sure that technology will empower us instead of restricting us?

29:07.280 --> 29:12.960
You know I think we can define this problem as being in two parts. So the first one is

29:12.960 --> 29:20.320
what do we need to get rid of to help people, companies, cooperatives, researchers and others

29:20.320 --> 29:25.920
solve the problem. And the other is what rules should we have so that the problems don't come up.

29:25.920 --> 29:31.360
And the rules that we should have they're kind of hard to pin down because these devices will

29:31.360 --> 29:36.000
have a wide variety of characteristics and a wide variety of use cases and models.

29:36.000 --> 29:41.840
But what we shouldn't do is actually a lot easier and also easier to agree on more broadly

29:41.840 --> 29:47.440
and therefore easier to implement because you know it should be much easier to get consensus on them.

29:47.440 --> 29:53.520
So I think at like a bare minimum we should say that it should always be lawful to report defects

29:53.520 --> 30:00.080
in devices under every circumstance. That telling the truth revealing true facts about defects

30:00.080 --> 30:05.760
in devices or services should 100% of the time be lawful. I think the second one

30:05.760 --> 30:10.880
is that it should always be lawful or that there should be an absolute defense in law

30:11.680 --> 30:19.680
for interoperability and for repair which is a subcategory of interoperability. So in other words

30:19.680 --> 30:25.840
you should be able to defend yourself against any legal claim by showing that you are making a new

30:25.840 --> 30:30.720
product or service that connected to the old product or service to allow the users of that

30:30.720 --> 30:36.880
product or service to get more value out of them. So if someone brings a patent claim or

30:36.880 --> 30:42.320
a terms of service claim or a cybersecurity claim or a torsious interference contractual claim

30:42.320 --> 30:49.040
against you you should be able to say I made a product that improved the lives of the people who

30:49.040 --> 30:55.600
used this a grief parties product. I should therefore be immunized from any legal liability and

30:55.600 --> 31:01.360
courts should be able to assess that defense and if it is a bona fide defense should dismiss

31:01.360 --> 31:08.080
any case against you civil or criminal. I think that's really really important because it allows

31:08.080 --> 31:15.520
us to imagine a device that has the positive features of a DRM device and whose negative features

31:15.520 --> 31:22.480
or whose anti features get removed by users or by the experts that the users nominate to act on

31:22.480 --> 31:29.760
their behalf whether that's a competing company or an open or free software project or cooperative

31:29.760 --> 31:36.240
or just a repair shop or a neighbor who reconfigures their device for them. So in other words the problem

31:36.240 --> 31:40.560
with Facebook for example is not that everyone you know has been made easy to find so that you can

31:40.560 --> 31:46.560
have a conversation with them. The problem is that Facebook has hostages not users and so if we

31:46.640 --> 31:52.640
made it legal to make a new service that went and got all the messages waiting for you on Facebook

31:53.200 --> 31:58.400
and filled them in into this new service so that you could reply to them there without having to

31:58.400 --> 32:03.200
be a Facebook user so you could stay in touch with all your old friends and we immunized you against

32:03.200 --> 32:07.840
all the claims that Facebook might bring against you under patent or terms of service or contractual

32:07.840 --> 32:14.000
interference or torsious interference or what have you then the people who were on Facebook because

32:14.000 --> 32:18.080
they liked it could stay there and the people who are on Facebook because the people they wanted to

32:18.080 --> 32:23.040
talk to were stuck there could leave and still stay in touch with their friends. We wouldn't necessarily

32:23.040 --> 32:27.200
have to mandate that Facebook follows some kind of interoperability standard although that might be

32:27.200 --> 32:34.000
good too we could in addition to whatever floor we put on Facebook's interoperability make sure that

32:34.000 --> 32:38.240
Facebook wasn't allowed to put a ceiling on that interoperability make sure that Facebook wasn't allowed

32:38.240 --> 32:43.760
to say well you know we're adhering to this interoperability standard we let these three companies that

32:43.760 --> 32:48.880
we don't think of as competitors interoperate with us in ways that we don't view as harmful to our

32:48.880 --> 32:54.400
bottom line therefore we are interoperable instead you could you could have an unlimited ceiling

32:54.400 --> 33:00.720
for interoperability provided that it was in the service of helping users get more out of their

33:00.720 --> 33:06.480
experience and you know this is something that we call adversarial interoperability not just interoperability

33:06.480 --> 33:13.520
with cooperation from an existing firm or service but interoperability despite the objections

33:13.520 --> 33:20.080
and bypassing the countermeasures of an existing product or service so adversarial interoperability

33:20.080 --> 33:25.760
and an absolute defense for adversarial interoperability are both really important as is being able

33:25.760 --> 33:31.120
to tell the truth about defects now in terms of what rules we might impose on firms there's been a lot

33:31.760 --> 33:37.120
work around this you know we've seen things like right to repair legislation we've seen rules

33:37.120 --> 33:45.040
that require firms to hand over clear texts of files for people of disabilities or people who work

33:45.040 --> 33:51.280
in archival or educational context in order to allow them to make lawful uses that are enshrined

33:51.280 --> 33:56.240
in copyright law to avail themselves the limitations and exceptions of copyright law and I think

33:56.240 --> 34:01.680
those are important too I just think that in very concentrated industries that it's likely that

34:01.680 --> 34:06.480
they will figure out ways to game that and so we have to make sure that these affirmative rights

34:06.480 --> 34:12.800
that we grant to people to have certain interoperability standards in the products that they use or

34:12.800 --> 34:17.680
consumer rights in the products that they use not become the the maximum but instead that they

34:17.680 --> 34:24.240
remain the minimum that companies are required to do one question I had this your few about if you

34:24.240 --> 34:30.080
think that DRM is mainly a problem for poor people you know I think with every technological idea

34:30.080 --> 34:35.920
with every bad technological idea you can't just roll it out all at once because some people when

34:35.920 --> 34:42.480
they complain they get listened to right some people's complaints have real social currency so you

34:42.480 --> 34:48.640
know things that you do to rich powerful people are harder to get away with than things that you do

34:48.640 --> 34:53.920
to poor people or people who lack power and so when we have a terrible technological idea one of the

34:53.920 --> 34:59.840
ways that we normalize it and also that we figure out how to make it more palatable to people is we

34:59.840 --> 35:05.760
start by imposing it on people who don't have social power so we start by imposing it on refugees

35:05.760 --> 35:13.680
children poor people prisoners mental patients immigrants students blue collar workers gig economy

35:13.680 --> 35:19.760
workers and then once it's been normalized and once the roughest edges have been sanded down

35:19.760 --> 35:25.280
then we roll it out to everybody I call it the bad technology adoption curve and you know you

35:25.280 --> 35:30.720
can see it at work for example with with home automation so you know 20 years ago if you were

35:30.720 --> 35:35.760
eating your dinner and there was a camera over the table watching you eat it was because you were

35:35.760 --> 35:40.640
in a super max prison but today it's because you bought Google Home or Apple Home or Amazon

35:40.640 --> 35:47.520
home automation systems and so we've gone from the most powerless people in our society to the

35:47.520 --> 35:52.080
most powerful people in our society in less than a generation and so I don't think science

35:52.080 --> 35:55.280
fiction is a great predictive literature I think science fiction is a great way to understand

35:55.280 --> 36:00.640
the present but not the future but if you do want to get a glimpse at what the future likely holds

36:00.640 --> 36:06.160
for you should everything else go on in terms of your technology use just look at what we're doing

36:06.160 --> 36:12.960
to poor people and then that's what we're going to do to you in 10 or 15 years science fiction literature

36:13.040 --> 36:20.080
always had a strong impact on how society sees technology yet the most successful science fiction

36:20.080 --> 36:26.640
books that connect to present developments are dystopian stories do we maybe need more positive

36:26.640 --> 36:33.360
stories about how technology could improve our lives you know I am neither a dystopian nor a

36:33.360 --> 36:40.320
utopian I'm which is to say I'm neither a pessimist nor an optimist I think that in the words of

36:40.320 --> 36:46.960
Michael Weinberger when he wrote this classic white paper on copyrights patents and 3D printing

36:46.960 --> 36:52.000
this will all be so great if we don't screw it up I often say that that's what I want written

36:52.000 --> 36:58.400
on my tombstone you know although my wife and I have actually secretly agreed that my tombstone

36:58.400 --> 37:04.480
is going to say if a man lies six feet underground rotting and dead and his wife isn't there to tell

37:04.480 --> 37:10.240
him he's doing it wrong is he still wrong and her tombstone is going to say yes he is but but

37:10.240 --> 37:16.240
failing that my tombstone is going to say this will all be so great if we don't screw it up and I

37:16.240 --> 37:22.800
think that it is important in science fiction to write about how terrible it will be if we screw it

37:22.800 --> 37:27.920
up and it's also important to write about how great it can be if we if we seize the means of

37:27.920 --> 37:33.440
computation so you know you ask me about my my new book radicalize which has the story on authorized

37:33.440 --> 37:41.040
bread in it and you know those are stories for the most part not just about the dystopian notion

37:41.040 --> 37:48.960
of having your technology do to you instead of doing for you but they're also about the real

37:48.960 --> 37:54.800
marveling glory of being in charge of your own technology of being able to decide what the

37:54.800 --> 38:01.920
technology does of being able to reconfigure it to do what you want when you want it to and you know

38:02.000 --> 38:07.440
I think that both of those are really important and I think that it's a mistake to say that just

38:07.440 --> 38:15.760
because just because a story has dystopian themes or depicts the dystopian nature of having the

38:15.760 --> 38:21.440
technology work against you instead of on your behalf that therefore the story is dystopian what

38:21.440 --> 38:27.200
really matters is what the characters do in the face of that if they go on to seize control then

38:27.200 --> 38:33.360
that's rather a utopian story and so I I'm of the view that there's nothing wrong with having a

38:33.360 --> 38:40.160
story who's starting premise is that the technology's control is taken away from us particularly if

38:40.160 --> 38:47.200
it's also a story about how wonderful it is once you reverse that situation thank you very much

38:47.200 --> 38:54.320
Corey for being with us today for this first episode okay thank you feeling drunk give my

38:54.320 --> 39:01.200
love to everybody there thanks for the work you're doing thank you for your time all right bye bye

39:02.400 --> 39:07.120
if you want to get active on this topic you can support the day against DRM which takes place

39:07.120 --> 39:12.080
every year this campaign is organized by the free software foundation or assist organization

39:12.080 --> 39:18.480
based in the US if you want to receive more information please visit defectivebydesign.org

39:18.480 --> 39:23.840
on this website you'll also find a list of DRM free platforms for books videos and audio files

39:24.720 --> 39:30.560
this was the first episode of the software freedom podcast if you like this episode please

39:30.560 --> 39:34.720
recommend it to your friends and subscribe to make sure you also get the next episode

39:35.760 --> 39:40.320
this podcast is presented to you by the free software foundation job we have a charity that

39:40.320 --> 39:44.800
works on promoting software freedom if you like our work please consider supporting us with

39:44.800 --> 39:51.920
the nation you find more information on my.fsfe.org slash donate thanks for listening to the software

39:51.920 --> 39:57.040
freedom podcast looking forward to next month bye bye

Back to the episode SFP#1