"DMA's interoperability is against fundamental rights" claims Apple. The FSFE disagrees. If you also think interoperability is key for software freedom, support us!

Transcript of SFP#1 on Day Against DRM with Cory Doctorow

Back to the episode SFP#1

This is a transcript created with the Free Software tool Whisper. For more information and feedback reach out to podcast@fsfe.org

WEBVTT

00:00.000 --> 00:18.280
Welcome to the first episode of the Software Freedom Podcast.

00:18.280 --> 00:21.920
Starting with this episode, we will talk once a month with people who have inspiring

00:21.920 --> 00:23.960
ideas about software freedom.

00:23.960 --> 00:27.080
This podcast is presented to you by the Free Software Foundation Europe.

00:27.080 --> 00:30.800
We are a charity that empowers users to control technology.

00:30.800 --> 00:34.200
My name is Matthias Kirschner, and I'm the president of the FSFE.

00:34.200 --> 00:35.720
And my name is Katharina Okun.

00:35.720 --> 00:39.880
I am a writer and digital rights activist, bass, and Berlin.

00:39.880 --> 00:44.840
When we were planning the first episode, we exchanged some ideas for possible guests.

00:44.840 --> 00:49.400
And when I heard that the day against DRM will this year take place in October, I directly

00:49.400 --> 00:54.160
thought we have to get Cory Doctoro as our first guest, and we have to talk with him

00:54.160 --> 00:56.400
about digital restriction management.

00:56.400 --> 01:01.180
I think they are just very few people that inspired so many people from our community like

01:01.180 --> 01:02.180
Cory did.

01:02.180 --> 01:07.200
For those listeners who don't know him, Cory Doctoro is a British-Canadian writer and

01:07.200 --> 01:11.800
political activist, and he is the co-editor of Boeing Boeing Net.

01:11.800 --> 01:17.000
He is a prominent supporter of the idea of software freedom, and he is fighting for a less restrictive

01:17.000 --> 01:18.560
copyright law.

01:18.560 --> 01:22.480
His books are published under Creative Commons licenses.

01:22.480 --> 01:27.240
These science fiction novels of Cory are all strongly connected to the debates on technology

01:27.240 --> 01:28.680
and regulation.

01:28.680 --> 01:32.880
What I like about his books is that they address complex issues such as software freedom,

01:32.880 --> 01:38.000
copyright, digital restriction management, or privacy in an unconventional way.

01:38.000 --> 01:43.720
So even someone who has never thought about these topics before, they can follow him.

01:43.720 --> 01:47.680
And at the same time as someone who is active in those fields for a long time, you always

01:47.680 --> 01:51.720
find interesting ways how to explain these topics better to others.

01:51.720 --> 01:55.960
As a privacy activist, my favorite book of Cory is, of course, Little Brother.

01:55.960 --> 02:02.320
The book was published in 2008 and tells the story of four teenagers from San Francisco

02:02.320 --> 02:07.400
who experience how society is more and more transformed into a surveillance state after

02:07.400 --> 02:09.200
a terrorist attack.

02:09.200 --> 02:14.200
Together with our friends, these teenagers start an underground campaign for defending

02:14.200 --> 02:17.880
civil liberties against the Department of Homeland Security.

02:17.880 --> 02:23.440
I don't want to spoil you, but I like the end very much.

02:23.440 --> 02:26.480
What do you like most about the book?

02:26.480 --> 02:31.440
Definitely the way how Cory described how the protagonists of a story circumvent surveillance

02:31.440 --> 02:34.360
technology were very simple hacks.

02:34.360 --> 02:38.760
For example, right in the beginning, there is a passage where they explain how to trick

02:38.760 --> 02:45.040
an intelligent surveillance camera that can recognize people based on how they walk.

02:45.040 --> 02:49.880
They simply put small stones in their shoes in order to change their walking patterns.

02:49.880 --> 02:54.280
And by the way, did you know that at what's known, had a copy of Little Brother prominently

02:54.280 --> 02:59.400
placed in his hotel room in Hong Kong when he did his first interviews for the documentary

02:59.400 --> 03:00.800
Citizen Four?

03:00.800 --> 03:04.160
I guess this was his way of telling the world.

03:04.160 --> 03:07.840
If you want to understand why I did this, please read this book.

03:07.840 --> 03:10.560
And you definitely should read this book if you haven't read it already.

03:10.560 --> 03:12.600
It's a fantastic book.

03:12.600 --> 03:13.600
What's your favorite book?

03:13.600 --> 03:14.600
I like Little Brother.

03:14.600 --> 03:19.360
I like Homeland, but at the moment, it's unauthorized spread his new book.

03:19.360 --> 03:25.280
And in this book, Salima, who's a refugee, she lives in the U.S. and she's in the situation

03:25.280 --> 03:30.520
that her toaster refuses to toast her bread for her one morning.

03:30.520 --> 03:35.520
She finds out that the company, the manufacturer of the toaster, they went bankrupt and their

03:35.520 --> 03:37.040
servers are down.

03:37.040 --> 03:42.680
So the toaster, which before always checked if you can toast this bread or not, which is

03:42.680 --> 03:45.520
authorized or not, those others aren't there anymore.

03:45.520 --> 03:51.280
So she's not able to toast the bread, which is authorized as well as any other toast.

03:51.280 --> 03:54.280
Oh my God.

03:54.280 --> 03:55.280
She doesn't stop there.

03:55.280 --> 04:00.200
So she continues to investigate and finds out that there are others with the same problem

04:00.200 --> 04:05.620
and that they fleshed other software on those toasters and then they could toast any

04:05.620 --> 04:06.920
bread they want.

04:06.920 --> 04:10.680
So she also does that and enjoys this new freedom.

04:10.680 --> 04:16.160
And she helps other people in this building and shows them how they can modify their devices

04:16.160 --> 04:21.480
and they all enjoy buying bread they want or baking bread and toasting it.

04:21.480 --> 04:25.440
So she's very happy about this development, how she can help others around her to also

04:25.440 --> 04:27.880
benefit from modifications there.

04:27.880 --> 04:31.760
Later, it turns out that well, what she did was illegal.

04:31.760 --> 04:35.920
They are not allowed to make changes to the software there on those devices in the building

04:35.920 --> 04:38.080
and there are legal threats about this.

04:38.080 --> 04:39.840
And I don't want to spoil you too much.

04:39.840 --> 04:46.360
So read the book, but this part it reminded me about when we at the FSFE helped others

04:46.360 --> 04:51.840
in our free Android campaign to flesh software on their mobile phones.

04:51.840 --> 04:56.000
So use free software there and get rid of some restrictions they had on their mobile phones

04:56.000 --> 04:57.000
before.

04:57.000 --> 05:02.120
Seeing how people react towards that and how happy they are with those devices, but on

05:02.120 --> 05:08.120
the same hand also seeing that modifying software on devices is getting harder and harder

05:08.120 --> 05:10.200
in some areas.

05:10.200 --> 05:14.360
What do you think makes Corrie's story so special?

05:14.360 --> 05:19.880
For me, it's that he has those role models in his books like in Little Brother, you have

05:19.880 --> 05:24.160
Marcus and Angela who don't accept that technology just restricts them.

05:24.160 --> 05:30.120
They get active themselves and they make changes to technology and defend civil liberties.

05:30.120 --> 05:36.160
And now with an authorized bread, the special part there is that Salima is a refugee.

05:36.160 --> 05:39.560
She's in a bad situation there, but she doesn't accept that.

05:39.560 --> 05:44.960
She changes things and tries to improve her situation for herself and for others.

05:44.960 --> 05:50.640
It's very important that you have such role models for younger people in our society,

05:50.640 --> 05:53.000
for underprivileged people in our societies.

05:53.000 --> 05:56.400
So that's why I like this book a lot and the characters in there.

05:56.400 --> 06:02.520
So I hope you all understand now why we instantly agreed on Corrie Dockro as the perfect guest

06:02.520 --> 06:05.760
for the first episode of the software freedom podcast.

06:05.760 --> 06:10.360
We are very excited to have them with us today and talk with them about this new book

06:10.360 --> 06:14.000
and digital restriction management.

06:14.000 --> 06:15.000
Welcome, Corrie.

06:15.000 --> 06:17.360
Thank you very much for being with us today.

06:17.360 --> 06:23.200
So you want said that the idea for your book, an authorized bread was based on an article

06:23.200 --> 06:27.480
you wrote back in 2015 for the Guardian.

06:27.480 --> 06:31.160
The title was, if dishwasher were iPhones.

06:31.160 --> 06:35.120
Can you explain what this article was about?

06:35.160 --> 06:41.000
For many years, I'd heard from people to say that it was no real imposition for Apple

06:41.000 --> 06:47.400
to have created this world garden business model where in order to use a device they sold

06:47.400 --> 06:51.200
you, you had to also let them decide which software you could use.

06:51.200 --> 06:53.840
And they made all kinds of arguments about why this was legitimate.

06:53.840 --> 06:55.600
They said it kept you safe.

06:55.600 --> 07:00.440
They said it protected software authors from copyright infringement.

07:00.480 --> 07:05.480
They said that it simplified the paradox of choice and so on.

07:05.480 --> 07:10.120
And it seemed to me that if all of that was actually true, then they could have just

07:10.120 --> 07:15.480
had a little tick box that said, actually, I'd prefer to choose my own software rather

07:15.480 --> 07:19.480
than relying on Apple to make that choice for me.

07:19.480 --> 07:24.760
And it also seemed to be belied by the fact that Apple had tightened the screws many

07:24.760 --> 07:25.760
times.

07:25.760 --> 07:28.800
They had changed the guidelines about what kind of apps you could have.

07:28.800 --> 07:34.960
So they had unilaterally decided that some software authors expression was not lawful

07:34.960 --> 07:37.560
for inclusion in the app store.

07:37.560 --> 07:43.280
We had most notoriously someone who'd made an app that kept track of drone strikes that

07:43.280 --> 07:49.400
the US government launched and specifically the civilian death count from those drone strikes.

07:49.400 --> 07:53.080
And Apple had repeatedly excluded that from the app store.

07:53.080 --> 07:57.080
And so it seemed to me that if this was something people really liked, they would have just

07:57.080 --> 07:58.080
opted for it.

07:58.080 --> 08:02.120
But instead, you know, between the drone strikes and the people who kept trying to create

08:02.120 --> 08:06.120
independent software stores and the users who kept trying to drill jailbreak their phones,

08:06.120 --> 08:13.000
it was pretty clear that actually software vendors and software authors and iPhone owners

08:13.000 --> 08:16.760
were many of them not very happy with this at all.

08:16.760 --> 08:20.760
And the common rejoinder was, well, then why are they in the iPhone ecosystem?

08:20.760 --> 08:23.960
They should be choosing a different platform.

08:23.960 --> 08:26.600
And that argument all seemed very inadequate to me.

08:26.600 --> 08:30.240
And so I thought, you know, there are plenty of other appliances that you could make this

08:30.240 --> 08:31.480
argument about.

08:31.480 --> 08:37.080
And specifically, dishwashers are a really good example because the most dangerous thing

08:37.080 --> 08:40.280
you can do really is eat bad food.

08:40.280 --> 08:44.520
Foodborne illness has killed more people than anything else in the history of the world.

08:44.520 --> 08:48.400
And certainly there's a lot of people who make their living from coming up with independent

08:48.400 --> 08:53.960
dishware designs who then have to contend with copycats who clone their dishes and so

08:53.960 --> 08:54.960
on.

08:54.960 --> 08:58.800
And I thought every one of these arguments would apply equally well to dishwashers.

08:58.800 --> 09:05.880
And so I wrote this little fake letter from Steve Jobs like CEO to his customers explaining

09:05.880 --> 09:11.880
why they should stop trying to put non authorized dishes in their special fancy dishwashers.

09:11.880 --> 09:17.040
And how these special fancy dishwashers had been exquisitely calibrated to reduce water

09:17.040 --> 09:23.520
wastage and ensure that foodborne illnesses were eliminated and to reward people who made

09:23.520 --> 09:29.960
dishes and to give them, you know, the incentives they needed to continue to innovate in flatware

09:29.960 --> 09:31.640
and dishes and so on.

09:31.640 --> 09:37.200
And I wrote this essay and what was interesting to me about it at the in the moment was just

09:37.200 --> 09:44.480
how many iOS users failed to get the joke and instead acted like an affronted religious

09:44.480 --> 09:49.280
minority whose sacred texts had just been mocked.

09:49.280 --> 09:54.760
And then subsequently, how close that rhetoric ended up hewing to internet of things device

09:54.760 --> 09:55.760
companies.

09:55.760 --> 10:00.200
So, you know, if you listen to the rhetoric from the likes of the, you know, the founder

10:00.200 --> 10:06.040
of juice, Sarah, which is the company that made the juice squeezers that use DRM to fruit

10:06.040 --> 10:11.360
or the rhetoric from other IoT companies, you know, they all made essentially those arguments.

10:11.360 --> 10:17.320
You know, this is pose law that satire is indistinguishable from reality and in undermodern

10:17.320 --> 10:18.520
conditions.

10:18.520 --> 10:23.960
And so, you know, that turned into unauthorized bread or at least the proximate instigation

10:23.960 --> 10:25.360
for writing unauthorized bread.

10:25.360 --> 10:30.480
This idea that there really wasn't any reason given the internet of things not to turn

10:30.480 --> 10:36.480
everything into an iOS style app store for the clothes that a wash in your washing machine

10:36.480 --> 10:41.880
and the dishes that a wash in your dishwasher and the bread that will toast in your toaster.

10:41.880 --> 10:46.000
This month's stay against the RM focuses on ebooks.

10:46.000 --> 10:50.320
What does the difference between a book and an ebook with DRM?

10:50.320 --> 10:55.240
Well, a book is something that actually has a somewhat nebulous definition.

10:55.240 --> 11:00.320
If you think back on the history of books, all of the things that we might say would be,

11:00.320 --> 11:07.360
you know, critical to defining a book actually are not present in some pretty important examples.

11:07.360 --> 11:10.960
So for example, we might say that a book has to have a spine.

11:10.960 --> 11:15.480
It has to be a codex that is to say shaped like a book as we know it today.

11:15.480 --> 11:19.360
But you know, the Torah, which is one of the first and most widely published books in the

11:19.360 --> 11:24.240
history of the world, originally was a scroll that didn't have a spine and we still call

11:24.240 --> 11:25.240
it a book.

11:25.240 --> 11:29.120
Or we might say that a book needs to have writing or pictures in it, but we have blank

11:29.120 --> 11:30.120
books.

11:30.120 --> 11:34.720
So we might say that a book has to cost something, but you know, the most widely available

11:34.720 --> 11:39.040
books in the world are free, you know, Bibles and copies of the little red book and so on.

11:39.040 --> 11:41.200
So book is a pretty expansive category.

11:41.200 --> 11:45.640
Certainly electronically, we've expanded the definition of books by blowing up some

11:45.640 --> 11:49.680
of the physical constraints that were associated with them, you know, Wikipedia I think qualifies

11:49.680 --> 11:51.320
as an electronic book.

11:51.320 --> 11:57.480
And so do, you know, I just downloaded a PDF last week for Dungeons and Dragons, Game Masters

11:57.480 --> 12:01.800
who want to ensure that they have consent from their players for situations that might

12:01.800 --> 12:03.920
be emotionally difficult for them.

12:03.920 --> 12:06.280
And that book was eight pages long.

12:06.280 --> 12:09.480
And it's hard to imagine a printed book that's eight pages long.

12:09.480 --> 12:14.200
And so we've eliminated the length constraints, we've eliminated some of the media constraints,

12:14.200 --> 12:17.080
we have books with moving images and audio and so on.

12:17.080 --> 12:22.920
But once you add DRM, something really changes, because although books are very ancient

12:22.920 --> 12:28.560
and although books are seriously something that is part of our cultural heritage and how

12:28.560 --> 12:33.240
we identify as a culture, you know, when when you want to show a civilization that's

12:33.240 --> 12:37.400
falling apart, you just show pictures of books on fire, you know, anytime someone piles

12:37.480 --> 12:41.560
up a bunch of books and sets them on fire, you can be pretty sure that nothing good is

12:41.560 --> 12:42.960
going to come of that.

12:42.960 --> 12:49.800
But a lot of that covenant that goes around books, that is that is critical to what we think

12:49.800 --> 12:53.440
of when we think of a book, is not present in an ebook.

12:53.440 --> 12:57.760
So books are older than copyright and they're also older than commerce.

12:57.760 --> 13:01.120
And they're certainly older than the idea of the unitary author.

13:01.120 --> 13:07.080
The first books were conglomerates of text by multiple authors bound up together.

13:07.080 --> 13:11.640
And the way that you would contribute to authorship was by, you know, copying out some of those

13:11.640 --> 13:15.640
passages and then adding some of your own or finding other passages that seem relevant

13:15.640 --> 13:17.120
to you and so on.

13:17.120 --> 13:23.920
All of those things are part of the ancient compact that makes books so valuable, so important,

13:23.920 --> 13:25.760
so so enduring.

13:25.760 --> 13:30.640
But once you add DRM to a book, those things that were historically part of the natural

13:30.640 --> 13:34.560
life of a book, whether that's having the book read aloud or being able to give away

13:34.560 --> 13:40.000
the book or being able to lend the book or being able to tear passages out of a book

13:40.000 --> 13:43.400
that offend you, all of those things just disappear.

13:43.400 --> 13:49.120
And instead, what you end up with is a book that is regulated first by legal code, usually

13:49.120 --> 13:54.000
by a license agreement that sometimes even longer than the book itself, especially when

13:54.000 --> 13:58.000
you factor in the sub license agreements associated with the e-reader and the operating

13:58.000 --> 14:02.280
system and so on, you might end up with 100,000 words of legal use that you're expected

14:02.280 --> 14:07.160
to understand in order to operate the book within the confines of the law.

14:07.160 --> 14:11.320
And then you have technical strictures that actually prevent you from deciding which

14:11.320 --> 14:14.920
e-reader you're going to read the book on, from deciding whether or not you're going

14:14.920 --> 14:20.600
to transfer the ownership of that book to your children or give it away to a local school.

14:20.600 --> 14:25.240
All of those things that are part of the bargain of the book just go up in smoke as soon

14:25.240 --> 14:27.680
as you add DRM to the book.

14:27.760 --> 14:32.560
My feeling is that people would often never accept the same restrictions, they accept

14:32.560 --> 14:36.960
with their e-books for their normal books. Why do you think this is the case?

14:37.760 --> 14:42.960
That was kind of the point of the, if dishwasher's were iPhones and an authorized bread,

14:42.960 --> 14:49.840
that we have been put in very slowly boiling water, like the analogy of the frogs and boiling

14:49.840 --> 14:56.000
water. And we haven't noticed, it's kind of crept up on us that the rights that we value

14:56.080 --> 15:00.320
in our books have been taken away from us one at a time very slowly.

15:00.320 --> 15:06.560
And you know, this isn't just because we weren't paying attention, it's also because a lot of

15:06.560 --> 15:11.760
these problems are a long way away, right? Like what you do with the book at the end of your life

15:11.760 --> 15:18.640
is for the average book owner a long way off. And it's also hard to learn from that lesson

15:18.640 --> 15:25.760
once you're dead. And so you kind of have to witness say your beloved parents beautifully,

15:25.760 --> 15:31.840
curated library being vanished in a puff of smoke, thanks to a license agreement,

15:31.840 --> 15:37.680
or because the company that made the DRM server for it decided to take that server down

15:37.680 --> 15:42.160
in order for you to learn the lesson and revisit your own choices about what you buy.

15:42.160 --> 15:48.560
And you know, in general, we rely not on people learning lessons the hard way, a long way off.

15:48.560 --> 15:53.760
In order to keep us safe, we often ask states to intervene by say declaring certain business

15:53.760 --> 15:59.520
practices illegal or certain contractual terms to be unenforceable. And neither of those are

15:59.520 --> 16:04.960
on our horizon at the moment when it comes to DRM. When Microsoft closed their bookstore,

16:04.960 --> 16:10.000
users could not access the books anymore they had bought. Do you know other examples?

16:11.280 --> 16:16.480
Yeah, well Walmart did the same thing I think in 2007, but the Federal Trade Commission actually

16:16.480 --> 16:21.280
intervened at that point and ordered them to keep the DRM servers running. I don't know if they're

16:21.360 --> 16:28.160
still up and going, but you know, Amazon is what, 20 years old. And I'm literally sitting next to

16:28.160 --> 16:33.200
a bookshelf full of books that are four, five, and six times older than that. So the idea that we're

16:33.200 --> 16:40.240
going to just rely on Amazon to never get bored of running its DRM servers or never be say financially

16:40.240 --> 16:45.280
engineered into bankruptcy as so many companies have in recent years, including companies that are

16:45.280 --> 16:53.520
hundreds of years old, seems completely unrealistic. I mean, one of the arguments is often that

16:53.520 --> 16:59.760
artists cannot make any money with our digital restriction management. Now as an author yourself,

16:59.760 --> 17:06.160
what do we say about this argument? Well, it's very hard to parse that argument out. So one of the

17:06.160 --> 17:13.040
things that makes DRM so pernicious is that it's protected under the law in the EU article 6 of the

17:13.040 --> 17:21.120
2001 copyright directive. And in the US section 1201 of the 1998 Digital Millennium Copyright Act,

17:21.120 --> 17:28.480
both prohibit bypassing DRM even for a lawful purpose. And whenever, you know, I've been in

17:28.480 --> 17:36.640
policy forums, whether that's at Weipo or in Brussels or in Washington, DC or in standards bodies

17:36.640 --> 17:42.960
like DVBCPCM or the broadcast flag body, the broadcast protection discussion group. And I've

17:42.960 --> 17:52.560
proposed that we make it lawful to bypass DRM for lawful purposes. The answer has been that if we

17:52.560 --> 18:00.640
don't maintain the illegality of bypassing DRM, that DRM will be defeated by users. And then I say,

18:00.640 --> 18:06.240
but isn't DRM the technical countermeasure that stops people from copying it? And when you dig

18:06.240 --> 18:12.080
into it, what you find out is that nobody who makes DRM believes that DRM stops users from

18:12.080 --> 18:20.080
making copies. What they think is that it allows firms to invoke the law to prohibit otherwise

18:20.080 --> 18:26.480
lawful conduct, right? It doesn't stop pirates in other words, but it stops competitors. You know,

18:26.480 --> 18:33.040
if you want to pirate DVDs and watch them on your computer, it's not hard to rip them. But if you

18:33.040 --> 18:39.600
want to make a gadget that allows you to say, watch out of region DVDs or to rip them to put them

18:39.600 --> 18:44.080
on your computer and you want to sell them in a store, right? If you want to sell a product that

18:44.080 --> 18:51.120
does lawful things, the fact that you have to bypass the DRM to do it allows the company to invoke

18:51.120 --> 18:57.840
the law to shut you down. So if you're an author and you think that what DRM is going to do is stop

18:57.920 --> 19:03.600
the people who don't want to pay from your books from getting copies them for free, the very people

19:03.600 --> 19:08.640
who make the DRM for those books will tell you that it has no connection with doing that. If you

19:08.640 --> 19:13.040
kind of pin them down, you have to wrestle them for a bit. But then they'll admit it. And sometimes,

19:13.040 --> 19:19.040
you know, they'll fall back on this argument that, oh, well, it's a speed bump. But nobody pretends

19:19.040 --> 19:25.520
that speed bumps stop racers, boy racers from racing down the street. Or they'll say that it keeps

19:25.680 --> 19:31.200
the honest users honest that when you encounter the DRM and it tells you, I'm sorry, you're not allowed

19:31.200 --> 19:37.040
to do that. That if you're honest, you'll go, oh, well, I didn't realize that that was prohibited.

19:37.040 --> 19:44.480
But of course, if you're honest, doing things that are lawful is not dishonest, you know, buying a DVD

19:44.480 --> 19:50.000
or an ebook from one supplier and then watching it on a device made by another supplier is neither

19:50.000 --> 19:55.200
dishonest nor unlawful. It's just bypassing the DRM that's unlawful. So this is how Ed Felton,

19:55.200 --> 19:59.600
who's now, I believe with the Federal Trade Commission, used to be a Princeton came to coin the

19:59.600 --> 20:05.360
memorable phrase that keeping an honest user honest is like keeping a tall user tall. That what

20:05.360 --> 20:10.640
the honest user is doing is by definition honest. That's what makes them an honest user. And so if your

20:10.640 --> 20:16.640
DRM gets in their way, you are prohibiting them from doing something honest. So really, what it ends

20:16.640 --> 20:25.280
up doing is it ends up locking you the rights holder, the creator, into the platform of the company.

20:25.280 --> 20:30.320
And the company is not on your side, right? Amazon does not exist to enrich creators. Amazon's

20:30.320 --> 20:37.280
goal is to minimize its costs everywhere that it's possible to do so and maximize its profits.

20:37.280 --> 20:43.360
And you see them doing this relentlessly in every business that they enter. And so while it may be

20:43.360 --> 20:49.040
true that Amazon offers some kind of teaser rate for you to do a Kindle original or to allow them

20:49.040 --> 20:54.880
to put Kindle DRM on your books or to go into Audible, which is their audiobook platform, which controls

20:54.880 --> 21:00.240
90% of the market and doesn't allow you to opt out of their DRM. That once they have control over

21:00.240 --> 21:04.240
that market, they're going to do what every other firm does when they gain control over their

21:04.240 --> 21:09.760
suppliers. They're going to squeeze the supplier. And that's you. And so, you know, if you decide

21:09.760 --> 21:14.000
later on that you don't want to be an audible author because someone else like Google Play or

21:14.000 --> 21:23.120
Libro.fm or downpour is offering you a better price. You have to not only pull your books from Amazon.

21:24.080 --> 21:32.560
You also have to bet that your listeners or your readers will throw away the books that they've bought

21:32.560 --> 21:41.120
and buy them again on the new platform or maintain two separate non-interoperable libraries of books.

21:41.120 --> 21:46.320
So you effectively increase the switching costs for your customers to follow you to any platform

21:46.320 --> 21:52.160
that offers you a better deal. So, you know, it's like if you were a musician and you released all

21:52.160 --> 21:57.600
of your records in a format that only Sony devices could play. And then later on Universal offered

21:57.600 --> 22:02.560
you a better deal, you would have to trust that your listeners were willing to throw away all the

22:02.560 --> 22:07.760
records you sold them. Well, that is not a good bet. And not many musicians would be in a position

22:07.760 --> 22:13.280
to make that demand on their customers. And so, over time, you're just making yourself more and more

22:13.280 --> 22:20.240
indebted to these big, rapacious corporations that only everyone to figure out how to get more

22:20.240 --> 22:26.800
money for themselves and less money for you from the creative labor that you do. You know, if someone,

22:26.800 --> 22:31.760
as I've said before, someone puts a lock on something that belongs to you and then won't give you

22:31.760 --> 22:38.800
the key, that lock is not there for you. That lock is there for them. And you know, if you go to

22:38.800 --> 22:45.520
Amazon and say, I don't want to sell my audiobooks with your DRM anymore, they'll say go find someone

22:45.520 --> 22:52.080
else to carry your audiobooks because we only sell audiobooks that are locked to our platform

22:52.160 --> 22:56.240
so that every customer that you bring to us becomes our customer instead of yours.

22:56.880 --> 23:01.840
I mean, this sounds really absurd. If you build DRM systems, you have to treat your customer

23:01.840 --> 23:07.760
as a potential attacker of your system. What is the impact of DRM on the security of our devices?

23:08.560 --> 23:14.560
Yeah, so this is the other issue here. One of the things that arises from this law,

23:14.560 --> 23:23.200
Article 6 of the EUCD and Section 121 of the DMCA, is that because they make it both a civil

23:23.200 --> 23:32.640
and potentially criminal offense to help people bypass a DRM system, they also have the side

23:32.640 --> 23:41.040
effect of making it illegal to publish full security analyses of these products. If you find a

23:41.120 --> 23:48.720
defect in a system with DRM in it and in order to do your proof of concept code and describe the

23:48.720 --> 23:55.360
defect so thoroughly that the manufacturer can't deny it because manufacturers are very, very prone

23:55.360 --> 24:00.960
to simply denying it or minimizing it when they're called out on their security mistakes because

24:00.960 --> 24:06.000
they don't want to be embarrassed in public and they don't want their products, reputations to suffer.

24:06.000 --> 24:12.480
So if you want to publish the industry standard for a security report, which is to

24:13.280 --> 24:18.480
enumerate the defect and provide proof of concept code so that other people can replicate your work,

24:19.040 --> 24:26.160
then you potentially face both criminal and civil liability for revealing those defects.

24:26.160 --> 24:33.120
So effectively, although DRM starts off as a means to control customers' behavior by controlling

24:33.120 --> 24:40.000
what products competitors can manufacture, it becomes a means for controlling critics as well,

24:40.000 --> 24:46.080
for controlling people who discover mistakes that you made in implementing your technology

24:46.080 --> 24:51.840
and who want to warn your customers that the device that they have, which inevitably does more

24:51.840 --> 24:58.160
than entertain them, inevitably it has sensors and it has lots of personal identifying information

24:58.960 --> 25:03.840
and it has ways to access your local network and the other devices on it and so on,

25:04.640 --> 25:09.600
that if you want to warn people about the defects in that device, you have to be willing to brave

25:10.480 --> 25:15.920
retribution, legal retribution from the company whose products you are criticizing.

25:16.480 --> 25:22.000
And you know, I am enough of a free speech purist to think that telling the truth about defects in

25:22.000 --> 25:27.680
products should always be legal, but even if you disagree with me and you think that there might be

25:27.680 --> 25:33.040
some legitimate restrictions on when defects in products can be revealed so that manufacturers can

25:34.400 --> 25:40.320
patch the bugs before the bugs are made public say. I think most reasonable people would agree

25:40.320 --> 25:47.120
that companies that stand to lose from true reports of defects in their products

25:47.120 --> 25:54.080
are not good custodians of that bad news. And one of the things that's happened as a consequence

25:54.560 --> 26:01.200
of the expansion of DRM and to other devices, which is itself a consequence of the expansion

26:01.200 --> 26:05.440
of software and to other devices. Once you have software and a device, you can add DRM to it.

26:05.440 --> 26:10.160
Once you add DRM to it, the log gives you the right to stop your competitors from removing that

26:10.160 --> 26:15.760
DRM or tampering with that DRM to let your customers get more out of their lawfully acquired property

26:15.760 --> 26:20.960
is that the constellation of devices that are also off limits to full security audits keeps on

26:20.960 --> 26:28.320
growing keeps getting bigger and bigger. And that means that we are at an ever greater risk

26:28.880 --> 26:36.000
of the security defects festering in these devices until they're so widely exploited that finally

26:36.800 --> 26:41.760
the manufacturer can no longer pretend that they don't exist by which point it's far too late.

26:41.760 --> 26:47.520
So we've already seen this happen. The most notorious example was in 2005 when Sony BMG music

26:48.160 --> 26:56.640
6 million CDs comprising 51 audio titles that had a secret DRM system on them that maliciously

26:56.640 --> 27:02.800
and covertly changed your operating system so that it could no longer see certain programs

27:02.800 --> 27:08.080
and could no longer terminate them when they were running any program that had the string dollar

27:08.080 --> 27:13.520
sign sys dollar sign at the start of its file name would be invisible to both the file and process

27:13.520 --> 27:19.600
managers. And then what they did was they wrote anti CD ripping programs to your computer that would

27:19.600 --> 27:24.960
start automatically at start up time that started with the string dollar sign sys dollar sign so

27:24.960 --> 27:30.480
that you couldn't run CD ripping programs. The thing is that as soon as this was discovered in the

27:30.480 --> 27:35.120
wild but before it was reported to the general public as soon as as independent researchers started

27:35.120 --> 27:40.000
to discover this including independent researchers who made malicious software malicious software

27:40.000 --> 27:45.520
started to emerge that had the same string at the beginning of a dollar sign sys dollar sign.

27:46.560 --> 27:53.040
And so now we had malicious software running on computers that couldn't be detected or shut down

27:53.040 --> 27:58.880
by anti virus software and by the time the researchers who discovered this finally came forward

27:58.880 --> 28:03.600
because there was a three month delay between the initial discovery and then coming forward by the

28:03.600 --> 28:09.280
time they finally came forward this malicious software was present on 200,000 government and

28:09.280 --> 28:14.240
military networks in the U.S. alone. And so all of those computers had been exposed to this risk.

28:15.200 --> 28:21.680
And all of those use those paid for being attacked. Yeah I mean talk about adding insult to injury.

28:21.680 --> 28:28.160
I mean we sometimes hear this this cry that you can't compete with free and so you know how can

28:28.160 --> 28:34.160
a legitimate product compete with the pirate edition. And I think the reality is that however hard

28:34.160 --> 28:38.800
it might be to compete with free it's much harder to compete with free if your product is much

28:38.800 --> 28:44.720
worse than the free product. After all when you pirate your ebooks or movies or games you get

28:44.720 --> 28:49.440
exactly the same game you just don't get the restrictions. And so that is always going to be a

28:49.440 --> 28:55.600
better product than the product that comes with the DRM on it. And some years of rich vacuum cleaner

28:55.600 --> 29:01.520
and coffee machine might be connected to the internet. What rules do we need for the so-called

29:01.520 --> 29:06.560
internet of things to make sure that technology will empower us instead of restricting us?

29:07.280 --> 29:12.960
You know I think we can define this problem as being in two parts. So the first one is

29:12.960 --> 29:20.320
what do we need to get rid of to help people, companies, cooperatives, researchers and others

29:20.320 --> 29:25.920
solve the problem. And the other is what rules should we have so that the problems don't come up.

29:25.920 --> 29:31.360
And the rules that we should have they're kind of hard to pin down because these devices will

29:31.360 --> 29:36.000
have a wide variety of characteristics and a wide variety of use cases and models.

29:36.000 --> 29:41.840
But what we shouldn't do is actually a lot easier and also easier to agree on more broadly

29:41.840 --> 29:47.440
and therefore easier to implement because you know it should be much easier to get consensus on them.

29:47.440 --> 29:53.520
So I think at like a bare minimum we should say that it should always be lawful to report defects

29:53.520 --> 30:00.080
in devices under every circumstance. That telling the truth revealing true facts about defects

30:00.080 --> 30:05.760
in devices or services should 100% of the time be lawful. I think the second one

30:05.760 --> 30:10.880
is that it should always be lawful or that there should be an absolute defense in law

30:11.680 --> 30:19.680
for interoperability and for repair which is a subcategory of interoperability. So in other words

30:19.680 --> 30:25.840
you should be able to defend yourself against any legal claim by showing that you are making a new

30:25.840 --> 30:30.720
product or service that connected to the old product or service to allow the users of that

30:30.720 --> 30:36.880
product or service to get more value out of them. So if someone brings a patent claim or

30:36.880 --> 30:42.320
a terms of service claim or a cybersecurity claim or a torsious interference contractual claim

30:42.320 --> 30:49.040
against you you should be able to say I made a product that improved the lives of the people who

30:49.040 --> 30:55.600
used this a grief parties product. I should therefore be immunized from any legal liability and

30:55.600 --> 31:01.360
courts should be able to assess that defense and if it is a bona fide defense should dismiss

31:01.360 --> 31:08.080
any case against you civil or criminal. I think that's really really important because it allows

31:08.080 --> 31:15.520
us to imagine a device that has the positive features of a DRM device and whose negative features

31:15.520 --> 31:22.480
or whose anti features get removed by users or by the experts that the users nominate to act on

31:22.480 --> 31:29.760
their behalf whether that's a competing company or an open or free software project or cooperative

31:29.760 --> 31:36.240
or just a repair shop or a neighbor who reconfigures their device for them. So in other words the problem

31:36.240 --> 31:40.560
with Facebook for example is not that everyone you know has been made easy to find so that you can

31:40.560 --> 31:46.560
have a conversation with them. The problem is that Facebook has hostages not users and so if we

31:46.640 --> 31:52.640
made it legal to make a new service that went and got all the messages waiting for you on Facebook

31:53.200 --> 31:58.400
and filled them in into this new service so that you could reply to them there without having to

31:58.400 --> 32:03.200
be a Facebook user so you could stay in touch with all your old friends and we immunized you against

32:03.200 --> 32:07.840
all the claims that Facebook might bring against you under patent or terms of service or contractual

32:07.840 --> 32:14.000
interference or torsious interference or what have you then the people who were on Facebook because

32:14.000 --> 32:18.080
they liked it could stay there and the people who are on Facebook because the people they wanted to

32:18.080 --> 32:23.040
talk to were stuck there could leave and still stay in touch with their friends. We wouldn't necessarily

32:23.040 --> 32:27.200
have to mandate that Facebook follows some kind of interoperability standard although that might be

32:27.200 --> 32:34.000
good too we could in addition to whatever floor we put on Facebook's interoperability make sure that

32:34.000 --> 32:38.240
Facebook wasn't allowed to put a ceiling on that interoperability make sure that Facebook wasn't allowed

32:38.240 --> 32:43.760
to say well you know we're adhering to this interoperability standard we let these three companies that

32:43.760 --> 32:48.880
we don't think of as competitors interoperate with us in ways that we don't view as harmful to our

32:48.880 --> 32:54.400
bottom line therefore we are interoperable instead you could you could have an unlimited ceiling

32:54.400 --> 33:00.720
for interoperability provided that it was in the service of helping users get more out of their

33:00.720 --> 33:06.480
experience and you know this is something that we call adversarial interoperability not just interoperability

33:06.480 --> 33:13.520
with cooperation from an existing firm or service but interoperability despite the objections

33:13.520 --> 33:20.080
and bypassing the countermeasures of an existing product or service so adversarial interoperability

33:20.080 --> 33:25.760
and an absolute defense for adversarial interoperability are both really important as is being able

33:25.760 --> 33:31.120
to tell the truth about defects now in terms of what rules we might impose on firms there's been a lot

33:31.760 --> 33:37.120
work around this you know we've seen things like right to repair legislation we've seen rules

33:37.120 --> 33:45.040
that require firms to hand over clear texts of files for people of disabilities or people who work

33:45.040 --> 33:51.280
in archival or educational context in order to allow them to make lawful uses that are enshrined

33:51.280 --> 33:56.240
in copyright law to avail themselves the limitations and exceptions of copyright law and I think

33:56.240 --> 34:01.680
those are important too I just think that in very concentrated industries that it's likely that

34:01.680 --> 34:06.480
they will figure out ways to game that and so we have to make sure that these affirmative rights

34:06.480 --> 34:12.800
that we grant to people to have certain interoperability standards in the products that they use or

34:12.800 --> 34:17.680
consumer rights in the products that they use not become the the maximum but instead that they

34:17.680 --> 34:24.240
remain the minimum that companies are required to do one question I had this your few about if you

34:24.240 --> 34:30.080
think that DRM is mainly a problem for poor people you know I think with every technological idea

34:30.080 --> 34:35.920
with every bad technological idea you can't just roll it out all at once because some people when

34:35.920 --> 34:42.480
they complain they get listened to right some people's complaints have real social currency so you

34:42.480 --> 34:48.640
know things that you do to rich powerful people are harder to get away with than things that you do

34:48.640 --> 34:53.920
to poor people or people who lack power and so when we have a terrible technological idea one of the

34:53.920 --> 34:59.840
ways that we normalize it and also that we figure out how to make it more palatable to people is we

34:59.840 --> 35:05.760
start by imposing it on people who don't have social power so we start by imposing it on refugees

35:05.760 --> 35:13.680
children poor people prisoners mental patients immigrants students blue collar workers gig economy

35:13.680 --> 35:19.760
workers and then once it's been normalized and once the roughest edges have been sanded down

35:19.760 --> 35:25.280
then we roll it out to everybody I call it the bad technology adoption curve and you know you

35:25.280 --> 35:30.720
can see it at work for example with with home automation so you know 20 years ago if you were

35:30.720 --> 35:35.760
eating your dinner and there was a camera over the table watching you eat it was because you were

35:35.760 --> 35:40.640
in a super max prison but today it's because you bought Google Home or Apple Home or Amazon

35:40.640 --> 35:47.520
home automation systems and so we've gone from the most powerless people in our society to the

35:47.520 --> 35:52.080
most powerful people in our society in less than a generation and so I don't think science

35:52.080 --> 35:55.280
fiction is a great predictive literature I think science fiction is a great way to understand

35:55.280 --> 36:00.640
the present but not the future but if you do want to get a glimpse at what the future likely holds

36:00.640 --> 36:06.160
for you should everything else go on in terms of your technology use just look at what we're doing

36:06.160 --> 36:12.960
to poor people and then that's what we're going to do to you in 10 or 15 years science fiction literature

36:13.040 --> 36:20.080
always had a strong impact on how society sees technology yet the most successful science fiction

36:20.080 --> 36:26.640
books that connect to present developments are dystopian stories do we maybe need more positive

36:26.640 --> 36:33.360
stories about how technology could improve our lives you know I am neither a dystopian nor a

36:33.360 --> 36:40.320
utopian I'm which is to say I'm neither a pessimist nor an optimist I think that in the words of

36:40.320 --> 36:46.960
Michael Weinberger when he wrote this classic white paper on copyrights patents and 3D printing

36:46.960 --> 36:52.000
this will all be so great if we don't screw it up I often say that that's what I want written

36:52.000 --> 36:58.400
on my tombstone you know although my wife and I have actually secretly agreed that my tombstone

36:58.400 --> 37:04.480
is going to say if a man lies six feet underground rotting and dead and his wife isn't there to tell

37:04.480 --> 37:10.240
him he's doing it wrong is he still wrong and her tombstone is going to say yes he is but but

37:10.240 --> 37:16.240
failing that my tombstone is going to say this will all be so great if we don't screw it up and I

37:16.240 --> 37:22.800
think that it is important in science fiction to write about how terrible it will be if we screw it

37:22.800 --> 37:27.920
up and it's also important to write about how great it can be if we if we seize the means of

37:27.920 --> 37:33.440
computation so you know you ask me about my my new book radicalize which has the story on authorized

37:33.440 --> 37:41.040
bread in it and you know those are stories for the most part not just about the dystopian notion

37:41.040 --> 37:48.960
of having your technology do to you instead of doing for you but they're also about the real

37:48.960 --> 37:54.800
marveling glory of being in charge of your own technology of being able to decide what the

37:54.800 --> 38:01.920
technology does of being able to reconfigure it to do what you want when you want it to and you know

38:02.000 --> 38:07.440
I think that both of those are really important and I think that it's a mistake to say that just

38:07.440 --> 38:15.760
because just because a story has dystopian themes or depicts the dystopian nature of having the

38:15.760 --> 38:21.440
technology work against you instead of on your behalf that therefore the story is dystopian what

38:21.440 --> 38:27.200
really matters is what the characters do in the face of that if they go on to seize control then

38:27.200 --> 38:33.360
that's rather a utopian story and so I I'm of the view that there's nothing wrong with having a

38:33.360 --> 38:40.160
story who's starting premise is that the technology's control is taken away from us particularly if

38:40.160 --> 38:47.200
it's also a story about how wonderful it is once you reverse that situation thank you very much

38:47.200 --> 38:54.320
Corey for being with us today for this first episode okay thank you feeling drunk give my

38:54.320 --> 39:01.200
love to everybody there thanks for the work you're doing thank you for your time all right bye bye

39:02.400 --> 39:07.120
if you want to get active on this topic you can support the day against DRM which takes place

39:07.120 --> 39:12.080
every year this campaign is organized by the free software foundation or assist organization

39:12.080 --> 39:18.480
based in the US if you want to receive more information please visit defectivebydesign.org

39:18.480 --> 39:23.840
on this website you'll also find a list of DRM free platforms for books videos and audio files

39:24.720 --> 39:30.560
this was the first episode of the software freedom podcast if you like this episode please

39:30.560 --> 39:34.720
recommend it to your friends and subscribe to make sure you also get the next episode

39:35.760 --> 39:40.320
this podcast is presented to you by the free software foundation job we have a charity that

39:40.320 --> 39:44.800
works on promoting software freedom if you like our work please consider supporting us with

39:44.800 --> 39:51.920
the nation you find more information on my.fsfe.org slash donate thanks for listening to the software

39:51.920 --> 39:57.040
freedom podcast looking forward to next month bye bye

Back to the episode SFP#1