Unfortunately, most of Stephen’s analogies are wrong, or at best irrelevant to the copyright debate.  Here is a detailed analysis:

After waking up, I unlocked the back door of my house to let the dogs out.

A lock on your house (if it is your house), is your lock on your property. When you purchase a house, you get some rights:

• keys to these locks must be turned over to you in the sale,
• you have the right to have full access to your house,
• you are free to remove the locks on your house,
• you are free to have the locks rekeyed on your house,
• you are free to install additional new locks on your house, and
• the vendor of the house ceases to have any of those rights at the time of sale.

If you are renting your house, your landlord will usually insist on reserving most of the above rights–you won’t get all the keys, you will have to ask permission to rekey the locks, you will have to supply keys for changed locks or new locks you might install, you will not be allowed to remove all the locks (making the building insecure), and the landlord will have access to your house as long as they follow some legal requirements for privacy and notice.

If you’re renovating the house, this distinction becomes important. If you’re buying a house, you can rebuild the kitchen. If you’re renting, you’ll need the landlord’s permission first.  And the landlord can say no.

The distinction between buying and renting is important for the digital lock debate. When you purchase a portable music player, are you buying it, or renting it? If you’re renting it, you need to ask the owner for permission before you make any modifications. If you’re buying it, you can improve the software embedded within it–because it’s your property, and you can smash your way through all the digital locks that get in your way. When the device is “improved” it might not even play music any more (in the same way that you might turn your kitchen into an office, you might turn a digital music player into a robot controller or a digital photo frame, for instance).

Then I logged into my password-protected home computer…I locked my house and unlocked the garage and my car…

If it’s your computer, house, or car, you can put any locks you want on it.  You can encounter difficulties with the car if you want service and your locks are in the way (I used to have a car with locked wheel nuts–the people accepting my keys did not communicate with the people rotating the tires, causing delays when getting it serviced).

The car automatically locks at 20 km/h

This is a feature of the software in the car. Can you modify that software, for example, to set the threshold to 60 km/h, or to disable the auto-locking feature entirely? It’s all too easy to find yourself outside of the car while your keys are on the inside, and this feature can even kill you, if you’re unconscious in a car wreck, the car is on fire, and would-be rescuers can’t open your locked doors to retrieve you.

If you can’t change the software, who can, who else can’t, and why? If you find that none of your mechanic friends can do it, but your car dealer can, there’s a digital lock in your way.

and entered a series of passwords to check the morning news and to do some online banking.

These examples of digital authentication are similar to physical combination locks. This is why it’s so easy for people to steal them by phishing!

Here you are accessing a server owned by someone else to direct that someone to do something with your property, such as:

• give several thousand dollars of your money to someone you owe money to,
• exchange some of the money you’ve previously paid for access to recent news, or
• use your identity to comment on news articles.

In these cases there is no conflict of interest between the server owner and the user. Banks don’t want you to lose all your money, and you don’t want other people to spend your money, so it’s in both your interest and the bank’s to keep your password keys secure, and prosecute people who gain access to them without authorization. These kinds of digital locks are not discussed in the copyright debate.

The car…is pre-tuned to password-protected satellite radio where I listened to various authorized stations

This digital lock is similar to a vending machine. In exchange for a subscription fee, your radio is sent keys from time to time that allow you to decrypt the radio stations that are already present in your car as encrypted radio waves. When you stop paying for the service, you stop getting new keys. If you were to obtain your own key, and give your key to someone else, they’ll get only the same service you do (in theory–in practice, in the past there was one key for all users, so “cracking” encrypted radio services used to be much easier than it is now).

Even without the copyright act, users of satellite radio are bound by the terms of their contract as well as several specific regulations that prohibit unauthorized access to these services, including sharing authorized access with non-subscribers. The digital lock copyright debate is irrelevant here, as this topic is well covered by traditional copyright and other laws already.

along the 407 toll highway, which tracks vehicles via secure transponder signals.

I don’t have details on the proprietary encryption used here; however, it is important to be aware that there may not be a lock at all in this case. Theoretically it is possible to make the transponder client authentication system secure (so other people can’t copy your transponder) and to make the MTO server authentication system secure (so people can’t make you believe you’ve paid one toll rate while you are actually charged another); however, the industry track record on proprietary security protocols is so abysmally bad that it’s safest to assume there’s no lock present in this example at all.

For the sake of argument, let’s assume that digital locks are present and the locks are used to protect user identification–to prevent someone from impersonating you on the highway by observing radio transmissions from your car (note that theives can still steal your transponder like any other physical object you can carry in your car). Like the online banking case, even if a user has access to the keys inside the transponder, they have no interest in sharing them with anyone else because they’ll be charged for the usage of others. There is no technical reason why users can’t simply build their own transponders–provided that they register the ID with the MTO and pay the fees, a home-built transponder would work exactly the same way the official ones do.

This has nothing to do with the digital lock copyright debate–in fact, it’s a bit of a stretch to call this example a lock at all, since it does exactly the same thing the license plate on your car does.

At work, I used a card key to enter the garage, unlocked the main office, then the door to my personal office

Depending on who owns the building, these might be someone else’s keys for someone else’s locks. In such cases, there will be various contractual conditions imposed on your use, distribution, duplication, and disposal of those keys, as well as the contents of whatever is locked. Since these conditions are imposed on you by a contract, you are doubtless aware of them.

attached the combination lock to my notebook computer.

A physical combination lock. The physical analogue to a digital password.

I logged on with a Windows password, checked phone voice mail by entering a password while waiting for the computer to boot up, and logged into the secure company network. Then, using another password, I logged on to a secure site to review one of our productions.

These are more examples of digital password combination-lock, this time applied to servers you or your company owns.  As long as you act as an employee or agent of your company, there is no conflict of rights, ownership, or locks here–the owner of the keys is the same (possibly corporate) entity as the user.

None of these are relevant to the digital lock copyright debate.

Before 9 a.m., I had made my way through more than 15 physical and digital locks without questioning, let alone even thinking about it.

The fact is that we routinely accept the need to protect property, whether digital or physical. How many people would want their bank account to be openly accessible by others? How many people would leave their car or home unlocked, at least in a big city?

Well, of course you haven’t thought about it! So far in these examples, nobody has attempted to assert their property rights over your own. That all changes when digital locks come into the picture.

How many people question access restrictions to their employer’s secure network?

I do! A career or two ago, employers paid me to question access restrictions to their secure networks (questions like “why do you allow so much access” and “why are there no protections in place against employee fraud or network barriers to malware propagation?”). I eventually stopped doing that work, because it became evident that most employers are not really interested in doing the work to secure their networks. These days I will take several preventative steps to secure my machine before connecting it to an employer’s “secure” network.

Now here we do have a valid digital lock question, but Stephen either missed it, or got the wrong answer: What happens when a digital lock forces me to use someone else’s secure network? On my cell phone, it means my contacts’ private email addresses fall into the hands of spammers. I know this because I made up some fake addresses to see if spammers would steal them, and some did. This would be a trivial problem to fix if my cell phone didn’t have a digital lock preventing me from switching to my own email server instead of the one at Rogers, or replacing the mail client with one that is more secure–but it does, so fixing this is quite difficult.

The very first thing I expect to be able to do with an electronic device after I have purchased it is secure it–back up the factory installed data, remove unnecessary software that may adversely affect performance, privacy, or security, change the encryption keys, set new passwords, install my applications, maybe replace all of the software on the device outright if I have reason to suspect the vendor did not do a good job or it was a used device with a previous owner I did not know.  I can’t do any of that if there is a digital lock on the device designed to prevent me from doing these first, most basic acts of ownership.

So why all the fuss over digital locks? Why shouldn’t TV producers, filmmakers, software developers and others have the right to protect content that costs more to create than the assets I lock and unlock just to get to work on an average morning?

Here, Stephen gets the economics of the situation dead wrong.

The value of a single copy of a copyright protected work is not the same as the value of the right to produce copies of that work. If you have the right to sell digital copies of a TV show, it’s potentially worth millions. If you have a digital copy of a show you bought for $3, it’s worth $3 if–and only if–you can find someone who will give you $3 for it and you have a legal right to sell it (or at least don’t get caught doing it). Production cost is irrelevant–that’s your liability, not your value.

If you want to talk about value, I might have $5000 worth of TV shows in my tablet device–and data from projects I’m working on worth a hundred times that once the lawyers are done. Clearly, if anyone should be protecting anything from anyone, it’s me who should be protecting myself from any attempt to dictate what software I run on my device.

TPM on communication devices is an especially absurd balance of protections. Imagine if, when you rented a DVD, the employees of the rental store could use a secret key to legally enter and search your house to ensure that you have not modified your DVD player to make copies, or to modify your DVD player so it cannot play pirated DVDs. Imagine what happens if they fail to lock the door behind them when they leave!

Digital locks are applied to the content as well as devices that consume the content. When the keys and the devices are owned by different people, there is a problem, because the owner is locked out of a device they own, while another person may still have access to the device. This is a violation of basic property ownership rights, and when it occurs in a communication device or a device with audio or video sensors, it is also a potential violation of privacy and security rights.

Conflict between physical and intellectual property rights has always been an important part of the history of copyright legislation, but it’s even more relevant when digital locks extend copyright rights into the physical world.

The theft of that content through digital piracy comes at a cost of many millions of dollars in lost revenues and thousands of jobs in Canada.

This assertion may be unsupported by facts. It is possible (though not necessarily easy) to make a living in music without the big 4 record labels and without infringing copyright.

TPMs are often the only protection against piracy.

TPMs do not protect against piracy any more than writing a letter on paper in French prevents an English speaker from photocopying it. This is common knowledge among technical people.  Some TPMs are so ineffective against piracy that it is possible to make perfect, copyright-infringing copies, without breaking a digital lock, or even being aware of the lock’s existence.

Consumers benefit from TPMs as well. TPMs enable a legitimate market, making it possible for Canadian productions to generate revenues that are reinvested in more Canadian shows.

This is simply incorrect. TPMs do not enable anything when they are used in copyright-related contexts. A TPM is a mechanism by which a device does less than what it is technically capable of, and is intentionally designed to not be easily repaired or improved by its owner. The only market that is created is a market to charge fees for selectively removing the restrictions that were engineered purposefully into the device before it was sold to the consumer. It is not a market we should be trying to enable–in fact, we should be considering action to penalize those who insist on exploiting TPM against consumers.

What enables legitimate markets is an easy payment system. TPM has nothing to do with successful e-commerce–in fact, TPM often acts as a barrier to prevent successful e-commerce.

There are legitimate markets that don’t use any TPM, even including Canadian TV shows.

Speaking of legitimacy, why does TPM seem to run afoul of anti-competition law everywhere it goes? And why do Canadians seem to get the short end of the stick when it comes to legitimate online content, even when TPMs are used?

TPMs make it possible for record labels to offer millions of songs through subscription services at a fraction of the price of purchasing the music

TPMs made it possible for Apple to achieve 90% market share on a fully TPM-encumbered media player platform, then unilaterally reduce the retail price of music, change consumer buying patterns to reduce music industry revenue, and drop the TPM that the industry asked for. I’m baffled by the notion that iTunes is somehow helping the music industry, when Apple is pouring billions of dollars into exerting huge negative price pressure against, well, everyone, while at the same time cornering the consumer retail market. Apple–like Microsoft, Google, and the other big TPM players–is throwing the Big 4 labels a bone while it waits for them to die, or at least shrink to a more manageable size.

The TPM provisions in Bill C-32 are important and, especially in light of our universal and everyday use of so many locks, are fair and reasonable to consumers.

This is incorrect in every respect except one: the TPM provisions are very important. Everything else in that sentence is dead wrong.

Consumers would never consider it fair and reasonable to be sold a house with a garage door opener, and then told after the purchase that their garage door opener has a digital lock that will only allow certain models of car entry to the garage. Consumers would never consider it fair and reasonable to be legally prohibited from removing the garage door opener, or replacing it, or modifying it to permit any model of car to be parked in the garage. Why would consumers consider it fair and reasonable to have similar restrictions placed on their cell phones, music players, tablets, laptops, or any other device with a TPM?

The TPM provisions in Bill C-32 give content owners strong influence–if not direct control–over consumer devices which interact with digital data streams that may be protected by copyright. On the one hand, the content owners can negotiate a license for access to content with the device manufacturers which requires the device manager to put a digital lock on the device and retain the key before selling it to the consumer. On the other, content owners will be able to lock down all digital content sold in Canada so that device manufacturers who do not have license agreements with the content owners will not be able to access any content, even if the content was legitimately purchased by the consumer. C-32 is quite clear on this–copying data from media onto a player device is an illegal act under Bill C-32 when such copying requires circumvention of a TPM, with minimum fines and everything.

TPMs are a new and different kind of lock that is used in an unfair and unreasonable way that is entirely different from the other locks consumers deal with every day.

Does anyone remember xload?  I do.

xload is a resource monitor from the Bad Old Days of Unix, when 16 MB was “all the RAM you had” (as opposed to “how much data you can write to disk in 1/10th of a second, if you have slow disks”).  xload shows you a graph of how many processes are stuck waiting for disk or CPU, averaged over one-minute intervals.  The red lines are increments of 1.0, so if you see the white histogram with two red bars through it, you know the load is somewhere between 2 and 3 processes stuck on some non-network resource.

Unlike modern load graph applications, which show you how much of your scarcest resources you’re using, xload doesn’t stop at 100%.  It shows you runnable task queue length, or how many processes are trying to run—not how much you have left over, but how much you need when you next upgrade your system.  So xload can show you when you have 30 jobs more than you can run instead of just 3.  Other resource monitors will tell you how much time your disks are busy (on a scale of 0-100%) but won’t tell you how many processes are sitting around waiting for those 100% busy disks.  The other nice thing about xload is that it shows you data over a long time–ten seconds per horizontal pixel, so you can look at an entire work day’s worth of data at a glance.

Now that we all know what xload is, let’s take a look at xload from one of my machines earlier today:

Anyone remember xload? xload is awesome.

OK, so what happened here?  Well, there I was, trying to build a new embedded project.  Everything is fine for most of the day, up to here:

then some script somewhere calls ‘sync()’.

sync()?

You know, sync, the program that Unix users of old were taught to execute three times before removing a floppy.  A harmless system call that doesn’t require root privileges to execute–after all, it only flushes dirty cache pages to disk, right?  They would have been written at some point anyway, sync() just makes it happen immediately.

Some people (including Linus Torvalds, in the Makefiles for the Linux kernel) were in the habit of calling sync from scripts that they wrote in the 1990′s, because that would ensure that Important Data Got Written To Disk.  Nowadays, this is considered ridiculous for at least two reasons:  one, filesystems are supposed to implement the IDGWTD algorithm without hints from userspace; and two, there are new system calls fsync(2) and fdatasync(2) which are designed for programs where data really is important (like email and database servers) to more precisely specify which data to write to disk.  There’s also a third reason–sync is slow, and can be slower than rebuilding the kernel from source on some machines.  No point in waiting for data to be flushed to disk if you can recreate the data faster than the disk can write it.

But we still have sync() today in 2010.  That’s OK, syncs are slow, but they’re harmless, right?

Well, no.

sync does this:

Now, if it’s not obvious from the graph, the system gets slow when there are more than half a dozen processes waiting for the disks.  It gets glacially slow when there are 20, and apparently somewhere over 40 processes the xload application itself stops recording data (the sharp peak at the top of the graph, which covers several minutes that are in fact missing from the graph).  There are 27 minutes in the above graph, during which the only thing the system could do was update the graph–everything else required doing disk I/O, and thanks to sync, the disk subsystem in Linux was busy and not accepting new requests.

Let’s take a look at what sync does:

NAME
sync(2) – commit buffer cache to disk

SYNOPSIS
#include <unistd.h>

void sync(void);

DESCRIPTION
sync() first commits inodes to buffers, and then buffers to disk.

ERRORS
This function is always successful.

CONFORMING TO
SVr4, 4.3BSD, POSIX.1-2001.

BUGS
According to the standard specification (e.g., POSIX.1-2001), sync() schedules the writes, but may  return  before
the actual writing is done.  However, since version 1.3.20 Linux does actually wait.  (This still does not guaran‐
tee data integrity: modern disks have large caches.)

SEE ALSO
bdflush(2), fdatasync(2), fsync(2), sync(8), update(8)

What the above doesn’t tell you is that unlike fdatasync(2) and fsync(2), sync(2) affects all buffers on all filesystems, everywhere on the machine that you run it on–even filesystems you don’t have access to as an unprivileged user.  For this system, that’s a half-dozen gigabytes of data scattered across seven terabytes on six disks that incidentally has to be written in order.  If any new data is written while that’s happening, that new I/O becomes synchronous and gets added to what is queued up by sync().  Writes that are normally asynchronous for performance reasons suddenly become synchronous and get forced to the front of the I/O queues.  Processes that are aware of their own disk bandwidth get into nasty feedback loops.  Processes whose I/O priorities are configured with ionice experience priority inversion.  Watchdog timers expire and risk spuriously rebooting the system.  Network clients time out because the system stops responding.  It takes half an hour for a sync to finish, turning a medium-sized but workable load into a disastrous, unworkable one that stops processing dead until it works its way through the system.  And anyone can run sync.

In Linux, sync(2) available to everyone is a feature.  Anywhere else, this sort of thing would be called a denial of service attack. And as far as I know, there’s no easy way to turn sync(2) off or restrict it to root short of patching your Linux kernel.

[Intel] are selling processors that have had some of their capabilities crippled (some of the cache and the hyperthreading support are switched off). For $50, they’ll sell you a code that will unlock these capabilities.

Are you a good witch, or a bad witch?

I’m of two minds over this:

On the one hand, modern microprocessor engineering requires an unimaginably large amount of money to compete with the top end of Intel’s product line–the kind of money required to open a tourist resort on the Moon, if you don’t happen to have the experience and knowledge gained from producing the previous generation of Intel’s products handy.  The resulting processor parts are extremely cheap–mere pennies worth of raw materials and energy–and Intel puts much of the sale price into designing the next technological generation.  A grossly oversimplified and inaccurate summary is “all Intel CPU’s cost 50 cents to make, except the first one, which cost three billion dollars.”

On the other hand, the steepness of Intel’s pricing curve is legendary.  If you want half the performance of the latest Intel chips, you pay seven times less.  There is clearly room for the prices to come down, and competitors (well, competitor, singular, really) like AMD eagerly sell more or less the same product for less money.  This pricing scheme not only allows Intel to optimize for maximum revenue, but it also allows Intel to delay the performance depreciation curve, by offering “free” upgrades to old unsold processors that will, after they are fully upgraded, still be marketable alternatives to the crippled processors sold in later years.

There’s a problem, though:  if you don’t have a de facto monopoly manipulating pricing to maximize profit, you don’t get that huge Intel R&D budget, or the Intel marketing budget that forces the market to conform to the thousands of trivial technical decisions that somebody, somewhere, has to make for computers to work with a common set of software creative works.  To see what that kind of world would look like, we only have to look at the horror that is ARM.  There are hundreds of companies building ARM cores into devices, and thousands of companies building computer systems out of those devices.  They’re all different, and mostly incompatible with each other, and no company is willing or able to spend the cash and political influence required to fix either problem.  If the PC market ever went the way of ARM, it would look like the smartphone market, and nobody wants that to happen.

The other alternative is to do what Intel does already–guess who wants how much of each performance level, and build permanently crippled chips in about those numbers.  The difference between the software upgrade scheme and the existing hardware one is that it will be possible to remove the crippling on the new chips, which is somewhat less wasteful of material.

One TPM to rule them all

This is another object lesson in what can happen when TPMs are protected by law.  Any behavior–or in this case, non-behavior–of any device that is controlled by software can–in the absence of a clear consumer right to run any software they legally obtain on any device they legally own–be sold by whoever controls the TPM for any price the market will bear.

There is no doubt that Intel’s CPU upgrade scheme is a Technical Protection Measure, or TPM, as described in recent proposed revisions to copyright and intellectual property laws such as ACTA or the Canadian Bill C-32.  It uses all the same technology that is used to protect copyrights on digital media.  You run an application supplied by Intel on your computer, which builds a secure-against-you data channel between Intel’s corporate servers and the most intimate parts of property you bought, paid for, and own, and twiddles some inaccessible-to-you data storage in a way that would offend Intel if you did it yourself.

From the hardware’s point of view, there is absolutely no difference between this TPM and the TPMs that lock cell phones to specific carriers–except in the US cell phones have a DMCA anti-circumvention exception for the next three years (and a permanent exception proposed in bill C-32 in Canada), while Intel CPUs don’t.

When you purchase a pre-recorded CD, you are purchasing that specific copy of the music—you have not purchased the rights to the music.  By introducing the private copying levy on blank media, the government reassured Canadians that they could listen to their music when they wanted where they wanted, but they also made sure artists and producers were compensated and getting revenues to keep making music.

Instead of building on this win-win-win solution, our current government has decided to legalize format-shifting without putting anything in place to compensate creators. Even worse, by not extending the private copying levy to devices Canadians use in 2010 to copy music, they are in effect killing it, and taking millions out of artists’ pockets.

Where do I begin to criticize the idea of private copying levies?

Compensation is included in the original CD’s retail sale price.

Let’s start with the last part:  the idea that millions are being taken out of artists’ pockets.  This would only be true if the original materials that were copied privately were not compensated; however, this is clearly not the case.  Unauthorized distribution of copyright works is still illegal under Bill C-32–in fact, C-32 doesn’t change those parts of copyright law at all.  To make a private copy, someone had to pay a retailer who paid someone who paid someone else who eventually paid an artist–otherwise, it’s not a private copy, it’s copyright infringement.

It’s possible to argue that every single copy that media player devices make of music as it moves from original CD media through a PC into an embedded processor and eventually into your ears (a process which can involve dozens of temporary, private copies) should be separately licensed.  It’s possible to set up collectives to charge levies and redistribute the wealth–but there’s no productive value in doing all that extra administrative work, especially given the huge variety of devices in the field and processes by which music travels from original media to human ears.

It’s much simpler to write a statute that says “in Canada the prices of private copies are to be included in the retail price of the CD that contained the music, and that price is to be paid by the consumer at the time they purchase the CD.”  Despite its sometimes serious flaws, this is one thing bill C-32 gets right (except for CD media, where C-32 fails to repeal the existing levy).  Artists who sell CD’s in Canada are free to set their prices according to how many private copies they believe their audience will make, just like they’re free to set their prices according to how durable their CD’s are, how attractively they are packaged, or any other criterion they choose.

Bits do not have value except in narrow special cases.

In the case of the 1997 CD levy, there was only one digital audio format used widely by consumers (Compact Disc Digital Audio, also known as CDDA, or 44.1kHz 2-channel LPCM-16) and it came on only one digital storage device (recordable compact discs, which could hold between 63 and 80 minutes of audio recorded in this format).

It’s easy to quantify the value of a bit on a CD:  each one represents roughly 708 nanoseconds of a sound recording.  Put a three million bits together, and you’ve got two seconds of a song.  Assuming we are somehow able to translate “seconds of a song” into “dollars to be paid,” it’s easy to implement a CD levy.  At $0.75 per CD-R, the levy works out to somewhere around 83 million bits per penny.

Times have changed since 1997.  These days my car stereo plays sound recordings on CD’s in MP3 format, where each bit represents somewhere between 4464 and 15625 nanoseconds of sound recording.  In effect, each bit is “worth” more than ten times as much on average; however, I’m still using the same CD-R storage media in my car stereo that I used in 1997.  The ratio of bits to song has changed, yet the levy on the CD-R is the same, so it’s now 8.3 million bits per penny.

This is clearly wrong, because there are now two very different prices for the same thing.  Either I should be paying 10 times as much levy for the same blank CD-R (because it can now hold copies of 10 CD’s), or I should be paying 10 times less levy for the blank CD-R (because it’s possible to store copies of 10 CD’s on one CD-R, but I might to choose a format that makes only one copy possible), or I should be paying some value in between (but which value?  The arithmetic mean?  The geometric mean?  Some arbitrary value decided by politicians?  Maybe we should add a question to the census long form!).

The levy is also wrong because I might store many other things on a CD-R:  up to 80 minutes of video, a few thousand photographs, a several thousand books, a software program that is worth hundreds of thousands of dollars, or my own creative work.  Many of these media types are administered by a copyright collective agency in Canada, but not the same one.

Which copyright collective should get this levy, and how should they distribute it given that they have no idea what media–let alone which artist–the media is being used for?  How do I, as a content creator, prevent the CD-R levy from being used to finance my competitors?

So far we’ve been talking about a single storage medium.  If the CD-R levy was applied at the same rates to digital storage in my desktop computer, a 2TB hard disk in 2010 would have a $20,000 levy at the 8.3 million bits per penny rate.  The same disc would only contain a few hundred ripped Blu-Ray movies (which are illegal under C-32, but that’s a topic for another post), or billions of eBooks.  What should the levy for this device be?

So we have two unsolvable problems that have to be solved before a levy could work on digital storage media in 2010:  we have to figure out who to pay the levy fees to (which arguably isn’t even a solved problem in the CD-R case), and we have to figure out the value of a bit of storage to apply the levy against (which is different depending on what the bit is used for).

Consider the TPMs used in DVDs.  DVDs have several restrictive features of interest:

1. The contents of the DVD are encrypted.  There are many different possible keys to decrypt the DVD data.  As far as digital locks go, these are sort of like the tiny locks you get for suitcases–you can cut them open with a pair of dull digital scissors.  DVD’s digital locks are still technically–and after bill C-32, also legally–locks.
2. One of the bits in the DVD data stream specifies the author’s request that the fast-forward button be disabled (this is typically used for advertisements and other content that the DVD’s lawful owner might not want to see).
3. One of the bits in the DVD data stream specifies the author’s request that the video outputs of the DVD player have a signal added to them which disrupts VCR recording from the DVD player.
4. Navigation through the DVD content is strictly controlled using data structures (menus) encoded into the media.

OK, so how do all of the above restrictions fall under copyright law, especially since none of them are related to rights protected by copyright?  And, more to the point, how are these restrictions protected in a free and fair marketplace, where competing device manufacturers normally try to add functionality to their products over time?

The first feature–encrypted content–is used to control the others.  If you can’t decrypt the content, you can’t play the DVD.  Note that you can still copy the DVD, simply by copying the encrypted data onto another disc.  DVD pirates do exactly this.  So this digital lock doesn’t prevent illegal copying at all–it prevents only legal copying (under C-32) and fair dealing.

To build a DVD player, you have to get a decryption key from the DVD CCA, as well as some technology covered by patents (for the sake of argument, we’ll assume you’re writing the software yourself, so you don’t have to license any copyrights to build a DVD player).  To get the decryption key and the patents–the minimum you need to build a DVD player–you have to agree to a contract which compels you to implement all of the features and more:

1. Your DVD player must use only specific DVD decryption keys.  These keys depend on where your DVD player is sold–for example, if you are selling in North America, your player can only use the “Region 1″ set of DVD keys.  As a compromise, some computer DVD drives can select which keys are active–but the drive must also include a lifetime limit on the number of times this is changed.
2. Your DVD player must pretend the fast-forward button doesn’t work when the DVD says it should.  Note there is no technical reason why you’d ever not be able to fast-forward through DVD video content, so this is really the absence of a feature.
3. Your DVD player must enable the signal that disrupts VCR recording when the DVD indicates the signal should be enabled.  If you’re wondering why VCRs have never been made to filter that signal, it’s because one company owns a patent on the signal-filtering technology and several other patents required for VCRs, and simply refuses to license the signal-filtering technology patent to anyone who makes VCRs.  VCR manufacturers agree to this because they can’t build competitive VCRs without the other patents this company owns.
4. Your DVD player must not provide direct access to the video content–it can only navigate through the data structures on the media.  This is where DVD easter eggs come from–if you were to interpret the DVD contents as a single, large, linear data stream and watch it like a VHS tape, the easter eggs would be obvious.  It also prevents viewers from bypassing sections of the disc with the no-fast-forward tags, and it can be used to prevent some region-free DVD players from working, by making parts of the DVD menu conditional on region (and then diverting any player for the wrong region into some back corner of the DVD disc, never to return).
5. Your DVD player must protect itself against modification or inspection.  Your DVD player contains keys for digital locks now, so it must itself be digitally locked.  After bill C-32, failure to keep digital keys secret will make your product into an illegal circumvention device.  For stand-alone DVD players this isn’t such a big deal, but modern DVD players are often connected to the Internet and have many other capabilities.  This creates security concerns that the owner of your DVD player will be legally prohibited from addressing or even understanding.
6. Your license terms will specify which video outputs your DVD player will be allowed to produce.  This can, among other things, result in refusal of a license if your DVD player can output video files suitable for playing in some other device.

This is how TPMs are used to rewrite copyright law:  by building a digital lock around some critical component of a complex system, one can effectively create a monopoly around that component that can be extended to the entire system.  Since one can license patents and copyrights using any arbitrary terms one chooses, you can dictate the behavior of anyone who builds around your components.  It’s a monopolist’s dream:  you can dictate your competitor’s and customer’s behavior by contract.  Lawmakers are currently reluctant to try to enforce anti-trust law in copyright contexts, so one can even get away with it.  In a strange perversion of economics, it becomes possible to sell the absence of features in a particular kind of technology to some third party, such as the lack of working fast-forward in DVD players to advertisers, or the presence of intentionally disruptive signals in video outputs, because one can control the market well enough to prevent anyone from offering the features one has promised no one will implement and to prevent anyone from removing the bugs one has promised everyone will implement.

So far, digital lock law in Canada is fair, because there isn’t one (well, there is one protecting devices like cable TV descramblers and satellite receivers, but it’s a telecommunications law, not copyright, and it only covers access to protected content by non-subscribers, not lawful use of content by subscribers).  Producers can choose to use digital locks or not, and consumers can choose to live within them or go to the effort to circumvent them as long as they aren’t infringing copyright or property law.

On the consumer side:  Favorite DVD movie not available on iTunes?  Rip it from your DVD and put it on your iPod.  Don’t like sitting through ads on DVDs you own, over and over again?  Modify your DVD player’s software so that it won’t pretend your fast-forward button doesn’t work, or make a backup copy of the DVD that has the ads removed and watch that instead.  Don’t have the technical savvy to do any of that?  Buy products or services that can do those things from someone else.  Worried about bugs in your DVD player’s software?  Go ahead and fix them.

On the producer side:  People keep breaking your digital locks?  At the moment, you are free to try to make a better one, without a whole lot of anti-trust scrutiny.  In fact, please do–there’s an eager market for devices that won’t give up their data to people who have stolen them, no matter how much technology the thieves throw at circumventing security features.

As long as you aren’t infringing someone else’s copyright, fair dealing, competition, or property rights, all is fair, even when digital locks aren’t even mentioned in copyright law.

When C-32 makes digital lock breaking illegal, the contracts surrounding digital locks will have the full force of criminal law.  It will be a criminal act to work around anticompetitive contract agreements between third parties by breaking the digital locks on a device you own, eliminating all of the consumers’ power to work against collusion in the market.  That means that it will be illegal to make a DVD player that can fast-forward through ads, even if you built it yourself.  There are some exceptions in C-32, but they’re available only to people who are able to modify their own DVD player software (as opposed to obtaining the modifications from other people), and it’s possible to interpret C-32 in ways that require all DVD players to be approved by the DVD CCA.

Another important consideration is that under C-32 digital locks do not have an expiration date (making them very different from patents and copyrights), so you can make the contracts surrounding digital locks last forever (or at least until legislatures come to their senses and add an expiration date).  Currently, digital locks effectively expire as quickly as the circumvention technology catches up with them, which maintains some balance in the market.  Some digital locking systems have never been broken, because nobody has cared enough about the works protected by the locks to bother, while other locks have been broken within days, by a concerted effort to end the loss of fair dealing rights for millions of users.

Bill C-32 has an exception for breaking digital locks where those locks tie a cell phone to a specific cell carrier.  The NDP has also proposed a separate act which would grant cell phone owners the right to demand that carriers release any locks on cell phones that prevent them from being used with other carriers (subject to some contract restrictions).

These are too-little, too-late measures, because the companies that manufacture cell phones are busily implementing their own digital locks on the phones that bind customers to the phone manufacturer as well as the cell carrier.  C-32′s exception for switching cell carriers does not help consumers who also want the freedom to choose who provides the software on their phones, nor does it help consumers with any future digital lock technologies that might be invented (and their digital lock keymasters who would exploit their captive audiences) in the future.

Even worse, the tools which break the carrier locks on cell phones are restricted from breaking any other digital locks that might exist on the phone.  Since cell phone locks tend to be implemented by a single piece of technology, any tool that can break the carrier lock can also theoretically break all the other digital locks–so the carrier unlocking tools themselves must implement their own digital locks to protect the unlocking tools from cell phone owners, or the tool vendors can find themselves on the wrong end of a criminal investigation.  This is like trying to extinguish fire with kerosene–it replaces one problem with two worse problems.

In the US, court decisions have now widened the cell phone locking exception to allow cell phone owners to break locks that bind a cell phone to a specific phone manufacturer as well.  Even then, the decision still doesn’t allow the manufacture or sale of devices that users can use to take advantage of the exception, so the US still has a lot of progress to make toward fairness in copyright law.

Another exception that our neighbors to the south can now enjoy is “circumvention of access controls of e-books where all available e-book editions contain restrictions of the read-aloud function.”  While that’s a small step in the right direction, it still falls far short of the mark, because of the lack of any right to make the circumvention tools available, and because the exception is far too limited in scope for what it cost to obtain.

Canada has an opportunity to get copyright legislation right, without forcing individual consumers to go through decades of court battles to re-establish their rights under copyright law for each and every single use case. All private, non-infringing copies and transformations of lawfully obtained data in devices users lawfully own should fall under a single, inclusive, legally protected right in any modern copyright legislation, and that right must include the right to make and distribute the tools required to exercise the right.  Anything less is simply not worth the order paper it’s written on.

In summary, the desired outcome looks like this:

1. Record some music
2. Indiscriminately distribute some or all of this music to a small number of strangers
3. Prepare music for sale (on plastic discs and web sites)
4. Profit

except that the reality is like this:

1. Record some music
2. Indiscriminately distribute some or all of this music to a small number of strangers
3. Whoa, one or more of those strangers exercised their constitutional rights and sold my promo CD on eBay!
4. All our fans want our music and we’re not even finished the cover artwork yet!  By the time we are ready, everyone will be bored with our album!
5. No profit for us

Now, I’m not a professional musician, so to me the solution seems obvious:

1. Record some music
2. Prepare music for sale (on web sites at least, if not plastic discs)
3. Profit (or at least have some faint hope of profit, by making sure people can buy what you have to sell before you start advertising to create demand for it)
4. Indiscriminately distribute some or all of this music to a small number of strangers

This example comes up over and over again when people talk about copyright, especially when it involves digitally encoded creative works distributed on physical media (that special case, which covers CDs DVDs and Blu-Ray, is a special kind of silliness in and of itself, which I’ll discuss in more depth some other time).

Lately it seems like the music industry is going out of its way to fail to sell product.  All I want is to purchase digitally encoded audio files from a retailer without binding myself to any restrictions beyond what copyright law requires–and for some reason, in 2010, after almost 20 years of widely deployed technology that is capable of carrying out this kind of transaction, it’s still remarkably difficult to do in many cases.  When the music industry persists in doing silly things like this, I find it hard to be sympathetic.  It’s one thing to accidentally shoot yourself in the foot, but it’s quite another to keep reloading the gun.

To see why promoting a product prior to its availability for retail sale is a silly idea, let’s listen in on this conversation between a musician and a fan:

Musician:  “Hey, I have a new song!  Let me play it for you!”

Fan:  “I like it.  It is an awesome song.”

Musician:  “Want to buy it?”

Fan:  “Oh yes please!”

Musician:  “OK, come back in a few months, when we start selling it.”

Fan:  “WTF?”

Musician:  “This is a promo.  We’re not ready to sell the album yet.”

Fan:  “I don’t care about the album.  Sell me that wonderful song!”

Musician:  “I’m sorry, we don’t have a product for sale yet.”

Fan:  “Then why the hell did you ask?”

Musician:  “We want to increase demand for our product by advertising, so our sales curve has a nice high peak on the left side.”

Fan:  “Wait, what?  You’ve got a good recording of the song in an easily replicable format.  I know you do, because you just played a copy of the song to me.  You could put it on your web site for paid download tomorrow–or you could have done that yesterday, so I could buy it today.  I have money.  I want to give it to you in exchange for that song.  My demand for your product is already at its peak.  You’ll never make an easier sale in your life than the act of selling your product to me at this very instant in time.  All you have to do is take my money and give me a single music file.  We could do this by PayPal and email if you’d like.  I’d even be willing to pay much more than I normally do for this kind of thing, just because you seem all new and shiny.”

Musician:  “But CD retailers need a well-shaped sales curve, or they’ll lose money on inventory and transport costs!”

Fan:  “Dude, I haven’t owned a CD player since 1998.  I use my computer to copy music from CDs onto my MP3 player and cell phone, from which I upload them to my car.  Sell me music on a USB storage device or the web, right now, or GTFO.”

Musician:  “Well–wait, what?”

Fan:  “Each second that you fail to sell music to me exponentially reduces my desire to do business with you.”

Musician:  “But our artwork isn’t done!”

Fan:  “Never mind.  If it’s this painful to buy just one song from you, there’s no way I’m going to go through the ordeal of buying an entire album of them.  You should look into Mininova.  They know how to use 21st century technology to distribute music without being annoying.”

Musician:  “F–king bastard fans!!”

Fan:  “F–king moron musicians!!”

Now, if you think that particular sales pitch went badly, imagine how well the variation that has the musician saying “We have our music for sale–but not in your country!” goes.

Writer Steven Beattie:  “I think it’s high time more people spoke on behalf of content creators.”: http://bit.ly/97z4yB

I’m a content creator, and I speak on behalf of myself.  Does that count?

I haven’t spoken very much in terms of creators rights because I think we creators have plenty of rights already.  Creators have the right to unilaterally and more or less arbitrarily dictate the terms under which their work can be copied, distributed, and even presented to the public for more than half a century after the end of their lives (more or less, depending on a series of complicated rules of historical origin).  Anyone who doesn’t play along can be dragged into court and given the choice between compliance and bankruptcy.  People who both infringe and commercially exploit protected works on a large scale get criminal charges with investigation and prosecution costs paid by taxpayers.  Creators are not obligated to make themselves accessible for licensing inquiries from the public, nor do they lose their rights if they do nothing constructive to maintain them.  Creators get rights if they do nothing at all (OK, it’s a whole lot easier to assert your rights if your work is registered somewhere, but not impossible).  Seriously, what more rights do we need?  How much is enough?

C-32 does give away some rights creators used to have; however, this can hardly be surprising, since creators have all possible rights by default in copyright law.  Every time copyright law gets changed, consumers and creators gain a few rights here and lose a few there.  We treat some creators differently from others, because musicians, authors, photographers, and filmmakers have traditionally had very different businesses and interacted with their consumers in very different ways.  This is a point of contention for digital media because computers treat music, books, pictures and video in exactly the same way, and the digital media people would like to have one set of rules to follow instead of four (or however many there are).

Now, I don’t really care if digital media has four sets of rules, or six, or 20, or just one.  When push comes to shove, neither does anyone else–it’s annoying to have to build more rules into business systems, but not impossible, nor are copyright rules especially difficult to follow (difficult to exploit commercially, maybe, but in copyright that difficulty is often intentional).  What I do care about is digital media people replacing all of the rules with new ones that supercede copyright law entirely.

Digital locks as written in C-32 are hugely dangerous things.  They create a class of software that gets to do whatever it wants with no legal oversight, and its actions are protected by the full force of criminal law.  We have other laws and rights that aren’t related to copyright (contract, property, privacy, commerce) which get trumped by the software that also implements digital locks.  Note the “also” in that sentence–it’s important.  Technology that implements digital locks protects all of the software in a device, not just the parts that are covered by C-32, so all kinds of consumer abuses can be protected by copyright law simply because one digital lock protected by copyright law is sufficient to lock down all the software in a device.  We’ve seen huge security and privacy problems arising from the software that implement digital locks already.  These aren’t abstract concepts–they’re concrete, physical realities, like the Sony BMG rootkit that infected millions of computers and gave attackers instant total control over them.

We need to encourage as much independent scrutiny of the technology around us as possible, and making it illegal to do so is a huge step in the wrong direction.  There’s a clever set of exceptions in C-32 which allow people who lawfully break copy protection for a living to continue to do so–but it prevents them from selling their services or tools to anyone else.  That means the people who are going to be watching what the digital lock software is doing are corporations (who can do it themselves) and criminals (who don’t care whether what they’re doing is legal or not).  Right now, some concerned citizens and academic researchers are doing this kind of work too, but we can expect that public service to stop once it becomes illegal.  This is a huge problem when the devices with the digital locks in them are important parts of consumers’ lives, like cell phones.

I’m not sure how any creator can support the digital lock provisions in bill C-32 (with one single exception:  technology companies who operate media distribution networks and consumer devices that consume from them).  Whether it’s intentional or not, the lock provisions in C-32 will be very good at creating media distribution monopolies tied to consumer devices which in turn will be tied back to the media distribution company (so you won’t be able to load your own content onto the devices without the permission of the company that sold the device to you, because the device makers won’t provide that feature in their software, and it will be illegal to break the digital lock to install different software).  That will in turn mean fewer distribution options for creators, with market power placed in the hands of the distributors (assuming they can keep criminals who are attracted by the prospect of large-scale exploitation of defenseless consumers off their distribution networks).  You can be sure that once the distributors have control, they’ll use that control to dictate prices to both creators and consumers.  Again, we have concrete examples of this–look at what iTunes has done to the music industry so far, or the exponentially growing number of security breaches exposing consumer private data that are occurring on iPhones these days.

The question is:  which side?  Was Tony showing support for a Canadian business success story, or was he there to send a different message:  that no Canadian company will ever follow Electronic Arts’s path to success?

Let’s take a look at the history of Electronic Arts.  From page 3:

Leverage

While EA was focusing most of its efforts on personal computer publishing, the flat-lined console business was being systematically revived by the determined efforts of Nintendo. By 1989, Nintendo’s sales had grown to almost $2 billion, and EA could no longer afford to treat consoles as a sideline. Other companies were also eyeing the market and later that year Sega brought the 16-bit Genesis to America.

Like many third party publishers, EA was leery of the console business. “Nobody liked paying high royalties under restrictive licenses, and what made it even worse was having to build ROM cartridges at great cost and inventory risk,” Hawkins explained. However, with the arrival of the Genesis, he saw an opportunity to once again rewrite the rules of publishing.

“The Genesis appealed to me for many reasons, but a big one was that it had an MC 68000 processor,” he said. This chip was key because EA had years of experience with the processor, which was also used in the Macintosh, Amiga, and Atari ST computers. Electronic Arts was able to quickly reverse engineer the Genesis and develop software that would run on it without Sega’s help.

Using this knowledge as leverage in his negotiations with Sega, Hawkins threatened to release games for the Genesis without a license unless Sega agreed to more favorable terms for EA. It was a very risky move that could have had expensive legal consequences.

So in other words, EA and Sega were negotiating a license agreement about distributing video games, and EA used the threat of circumventing Sega’s TPM as a bargaining tool to negotiate favorable terms–an act that wasn’t illegal in 1989, but is now illegal in the United States under the DMCA, and would be illegal in Canada if bill C-32 in its present form is passed.

Sure enough, on page 4:

Transition

Things move quickly in the publishing business, and Hawkins was already looking ahead. “After scoring a massively favorable license with Sega, I knew I had a big bull’s-eye drawn on my chest, because the console guys would make sure I could never repeat what I had done with the Genesis. And on the PC side, nothing was going on that would advance the cause of the gamers and the game industry,” he recalled.

The “console guys” did indeed make sure that nobody could repeat EA’s success on the Genesis–they passed the DMCA in the United States in 1998 to make sure it would never happen again.  The DMCA passed unanimously, and at the time politicians didn’t have any clue what the DMCA was meant to be used for: locking software developers out of access to hardware platforms to run their creative works.

To add to the already generous pile of irony, it turns out that after some failed experiments with DRM, EA itself has decided not to use TPM in its own products, instead using a non-TPM approach to dealing with software piracy.  In a nutshell, EA doesn’t give you parts of the game if you didn’t pay for them.  Unlike TPMs, this is a simple, effective anti-piracy method, and no private citizens lose any constitutional rights for the scheme to work.

So bill C-32 really contains nothing EA wants, at least in terms of TPM.  That makes me wonder why EA even let Tony use their offices.

Similarly, a library that allows me to crack CSS on a DVD would be legal if provided for the purpose of making a media player interoperable with the closed-source variants, as long as I don’t infringe any copyrights while developing my media player.

Well, no, not really.

C-32 has an exception for making interoperable computer programs.  It looks a bit like this:

41.12 (1) Paragraph 41.1(1)(a) does not apply to a person who owns a computer program or a copy of one, or has a licence to use the program or copy, and who circumvents a technological protection measure that protects that program or copy for the sole purpose of obtaining information that would allow the person to make the program and any other computer program interoperable.

The exception applies only to the act of circumvention, only to computer software, and only to programs that interoperate with a program you have a license for, and it goes away if you infringe copyright or violate any other law.  That means you can make an open-source DVD encoder if you have a license for a DVD player.  If you want to build an open-source DVD player, but you don’t have a licensed DVD encoder, then you first have to build a DVD encoder, then make the player interoperate with it.  This was easy to do with DVDs since the TPMs they use are based on symmetric encryption.

It’s not possible to do this with any format or device that uses a TPM based on asymmetric encryption, unless you can lawfully acquire a private key without signing a contract that removes your rights to release an open-source player program.  You can’t just pull the private key out of a player because that’s not making your open-source player program interoperate with the player program you have a license for, and you don’t have a license for the encoder so you can’t claim to be making your player program interoperate with the encoder.

Even then, you can make the DVD player program, but you can’t give the program to anyone else for the purpose of watching DVDs because the DVD player program may itself be a prohibited TPM circumvention device.  Maybe you can get around that by making the open-source player program respect the DRM rules encoded in the media, but you could get into trouble for enabling infringement if you make it too easy to modify the program.  “Easy” is a relative term, but publishing the full source for your program and instructions to build it on any computer certainly qualifies when you compare it to binary firmware embedded in typical commercial DVD player devices.

You could argue that DVDs are computer programs, but you’d have to argue that in court as the defendant in an infringement lawsuit, and you’d probably have to argue that separately for each media type as well.  DVD and Blu-Ray are clearly computer programs (the DVD menu system runs in a virtual machine with registers), so you might prevail for those.  PDF is borderline (PDFs can contain JavaScript, but don’t have to).  mp4 video, mp3 audio, text, and JPEGs probably don’t meet any definition of computer programs.  You can’t use the exception to make a computer program compatible with a data format if that format is not also a computer program.

Thanks to public-key cryptography, there is no information you could retrieve from your lawfully purchased iPhone that would allow you to create interoperable programs with unmodified iPhone firmware.  Anyone can write open-source software for an iPhone; however, such programs are at a huge disadvantage for distribution since the only mass distribution that iPhones support is iTunes, and Apple as a matter of policy requires all apps available through iTunes to be closed source applications.  A few have escaped the notice of Apple’s reviewers, but Apple will pull the applications out of the App Store if they discover their developer agreement has been violated.