In the USA, the First Amendment of the Constitution gives broad protection to free expression, and prohibits government from making laws that abridge Americans’ free speech rights.
DRM isn’t the right to prevent piracy: it’s the right to make up your own copyright laws. The right to invent things that people aren’t allowed to do – even though the law permits it — and to embed these prohibitions in code that is illegal to violate. DRM is the right to suppress speech: the right to stop people from uttering code or keys or other expressions if there is some chance that these utterances will interfere with your made-up copyright laws.
The technical and commercial forces that gave us phone unlocking and cartridge refilling are the same forces that would make DRM a total non-starter, except for a pesky law.
The only reason to use DRM is because your customers want to do something and you don’t want them to do it.
A good analogue to this is inkjet cartridges. Printer companies make a lot more money when you buy your ink from them, because they can mark it up like crazy (millilitre for millilitre, HP ink costs more than vintage Champagne). So they do a bunch of stuff to stop you from refilling your cartridges and putting them in your printer. Nevertheless, you can easily and legally buy cheap, refilled and third-party cartridges for your printer. Same for phone unlocking: obviously phone companies keep you as a customer longer and make more money if you have to throw away your phone when you change carriers, so they try to lock the phone you buy with your plan to their networks. But phone unlocking is legal in the UK, so practically every newsagent and dry cleaner in my neighbourhood will unlock your phone for a fiver (you can also download free programs from the net to do this if you are willing to trade hassle for money).
The technical and commercial forces that gave us phone unlocking and cartridge refilling are the same forces that would make DRM a total non-starter, except for a pesky law.
Back in 1995, Bill Clinton’s copyright tsar Bruce Lehman – a copyright lawyer, late of Microsoft – wrote a white paper proposing a new regulatory framework for the internet. It was bonkers. Under Lehman’s plan, every copy of every work would have to be explicitly permitted and a license fee collected. That means that your computer would have to check for permission and pay a tiny royalty when it copied a file from the modem’s buffer into memory, and from memory into the graphics card.
Lehman submitted his paper to then-Vice President Al Gore, who was holding hearings on the demilitarisation of the internet – the National Information Infrastructure (NII) or “information superhighway” hearings. To his credit, Al Gore rejected the Lehman plan and sent him packing.
Lehman’s next stop was Geneva, where he convinced the UN’s World Intellectual Property Organisation (WIPO) to enact key measures from his plan in international treaties (the WIPO Copyright Treaty and WIPO Performances and Phonograms Treaty). Then he got the US Congress to pass a law to comply with the treaty – the Digital Millennium Copyright Act (DMCA) – that snuck much of the stuff that Gore had rejected into US law.
The DMCA is a long and complex instrument, but what I’m talking about here is section 1201: the notorious “anti-circumvention” provisions. They make it illegal to circumvent an “effective means of access control” that restricts a copyrighted work. The companies that make DRM and the courts have interpreted this very broadly, enjoining people from publishing information about vulnerabilities in DRM, from publishing the secret keys hidden in the DRM, from publishing instructions for getting around the DRM – basically, anything that could conceivably give aid and comfort to someone who wanted to do something that the manufacturer or the copyright holder forbade.
Significantly, in 2000, a US appeals court found (in Universal City Studios, Inc v Reimerdes) that breaking DRM was illegal, even if you were trying to do something that would otherwise be legal. In other words, if your ebook has a restriction that stops you reading it on Wednesdays, you can’t break that restriction, even if it would be otherwise legal to read the book on Wednesdays.
In 1997’s Bernstein v United States, another US appeals court found that code was protected expression. Bernstein was a turning point in the history of computers and the law: it concerned itself with a UC Berkeley mathematician named Daniel Bernstein who challenged the American prohibition on producing cryptographic tools that could scramble messages with such efficiency that the police could not unscramble them. The US National Security Agency (NSA) called such programs “munitions” and severely restricted their use and publication. Bernstein published his encryption programs on the internet, and successfully defended his right to do so by citing the First Amendment. When the appellate court agreed, the NSA’s ability to control civilian use of strong cryptography was destroyed. Ever since, our computers have had the power to keep secrets that none may extract except with our permission – that’s why the NSA and GCHQ’s secret anti-security initiatives, Bullrun and Edgehill, targetted vulnerabilities in operating systems, programs, and hardware. They couldn’t defeat the maths (they also tried to subvert the maths, getting the US National Institute for Standards in Technology to adopt a weak algorithm for producing random numbers).