A "Speed Bump" vs. Music Copying
JANUARY 9, 2002
NEWSMAKER Q&A
Master cryptographer -- and code cracker -- Edward Felten says
technology isn't the answer to digital copyright violations
Edward W. Felten doesn't look like the type to court controversy
-- or to be at the center of it. But the soft-spoken Princeton
University computer-science professor unwittingly became a key
figure in the discussion about the future of the digital-music
industry. In 1999, the Secure Digital Music Initiative, a
music-industry consortium, held a contest to see if computer
hackers could successfully break four digital-music
copy-protection schemes, called watermarks.
Felten, a celebrated cryptographer, and several students took up
the challenge and soon they had cracked all four watermarks. But
instead of claiming the prize, Felten decided to publish a paper --
for research purposes -- explaining how his team had broke the
code.
Here the story gets interesting: When he prepared to publish his
paper six months later, in April, 2000, Felten received an
intimidating letter from the Recording Industry of America
Association (RIAA). In it, Matthew Oppenheim, an RIAA senior
vice-president, warned of legal action if Felten published his
results. According to the trade group, his paper, if published,
would violate the much-maligned Digital Millennium Copyright
Act (DMCA), which forbids the publication or dissemination of
copy-protection circumvention technologies.
At first, Felten went along. But two months later, backed by the
Electronic Frontier Foundation, he sued the RIAA, claiming that
the threat was an attempt to clamp down on free speech. In
November, the case was settled after the RIAA decided not to pursue legal action and Felten had
successfully presented his paper in August. Nevertheless, the case transformed this quiet
code-breaker into a folk hero of sorts, both for free-speech advocates and for those who hope to
revolutionize the music establishment.
On Jan. 7, Felten sat down with BusinessWeek Online technology reporter Jane Black at the
Future of Music conference in Washington, D.C., to discuss his views on the role copy-protection
technology will play in the burgeoning digital-music industry. Following are edited excerpts from
their conversation:
Q: Can any technology completely prevent the unauthorized copying of music?
A: None of them prevent unauthorized distribution. All they do, at best, is make it more difficult,
more time-consuming to copy things. [A good analogy is a] speed bump. You're not putting up a
barrier to prevent copying but a speed bump that will frustrate people who want to copy illegally.
Q: Which type of copy-protection technology is the best speed bump?
A: Each of the technologies lend themselves to different uses. Some try to prevent copying in the
first place. Some try to detect it after the fact. Some technologies are not good at knowing who
copied something but can track how many copies have been distributed.
For the right answer, you have to look at the whole system. Not just the copy-protection
technology but what business model it is embedded in. Given that you'll never be able to prevent
copying, the question is, what can you do to minimize it? What can you do to make consumers
happy enough with legitimate use of the system that they'll be willing to pay for it?
Q: And what might that business model look like? Can you point to any successful
examples where companies are striking the right balance?
A: It's easier to point to failures than success stories. Take this recent development of
copy-protected CDs that are supposed to play in regular CD players but not be copyable. It's not
that the CDs can't be copied. It's that they are designed not to work in the players that are deemed
most likely to be used by pirates.
The problem -- when you cast your net that wide -- is you inevitably catch something you don't
want to catch. And so you hear stories about customers buying one of these CDs, popping it into
their car [player] and finding it doesn't work. At best, you make some customers angry. At worst,
you fail to stop the bad guys from copying, and you succeed at making your honest customers'
experience worse.
No one knows how to give customers [in the digital world] what they want without the copyright
holders being stolen blind. The solution to the problem of illegal copying of music is mostly not a
technology problem. I think there will be a movement toward offering different kinds of services.
Interactive applications that help you find music you like, help you index and search, give you
additional information about the artist you're listening to.
The technology has to evolve to something that is more like an environment for experiencing music
rather than just a way to get a song. I find it difficult to point to a particular technology that is
going to be pivotal. I think we'll see some use of encryption in the material and some distribution
of encryption keys. Overall, the trend will be less emphasis on copy protection and more
emphasis on technologies that make music more compelling for the legitimate user.
Q: Could more legal restrictions be the answer?
A: It's already illegal for people to rip their CDs and post them on the Net. And further legal
restrictions that have been made have not been effective: They do a lot of collateral damage
without actually preventing people from breaking the law. Vigorous enforcement of copyrights
themselves is an important part of the picture. But I don't think that expanding the legal definition
of copyright outside of actual copyright infringement is the right move.
Q: Which brings us to the DMCA, a law you believe hurts the public without preventing
illegal copying. What's your objection?
A: It's the anticircumvention parts of the law that concern me the most. It goes beyond protecting
copyrights. It goes beyond prohibiting copyright infringement -- which of course was already
illegal before we had the DMCA -- by outlawing certain technologies and certain kinds of
discussions.
For someone like me -- I do computer-security research -- I now have this complicated, vague law
in my head all the time. Whenever I'm going to open my mouth to talk about technology, I have to
think if it's safe, or do I have to call my lawyer. At the very least, it scares people away from
topics that most need to be discussed.
I think we all benefit from knowing how well copy-protection technologies work, when they
work, when they don't, and what kind of approaches to building them make sense. Whether you
are a customer, an investor, or a songwriter who has been told this is a safe way to release music,
it's important to talk about this technology and know whether it's going to do what it says it will.
The real danger in the DMCA is a chill of that discussion.
Q: But you ended up publishing your paper. Has the chill really been that severe?
A: I think it does have a detrimental effect. We're in a situation where the solutions that we have
are not good enough. The way to improve anything is to have a discussion about its flaws. To
understand what the one or two or three things are about it that would help fix it. The DMCA
makes it dangerous to have that conversation.
Q: Do you think we'll see changes to the law in 2002?
A: Intellectual-property law changes very slowly. I don't think it's likely to change very soon.
Edited by Patricia O'Connell
