Tarleton Gillespie is an assistant professor in the Department of Communication at Cornell University and a fellow at the Center for Internet and Society at Stanford Law School. His recent book, Wired Shut: copyright and the shape of digital culture (MIT Press, 2007) may appeal more to students of media and communications, historians, legal scholars, and to sociologists of culture and technology than to technologists and entrepreneurs. Nonetheless, those with an interest in copyright, Digital Rights Management (DRM) and related topics should welcome Gillespie’s book as a timely and useful contribution to the field.
Although Wired Shut is an important analysis of copyright and DRM, I find two problems with Gillespie's arguments: one involving copyright and contract law, Fair Use, and business models; the other involving the role of encryption in DRM.
First, what is Digital Rights Management? I define DRM as “the association of rules governing use and use consequences (e.g., payment, audit information, etc.) with digital information of all kinds and the enforcement of these rules at a distance in time and space.” I’ll return to this definition.
Gillespie's basic argument is that attempts to impose controls on the use and/or distribution of copyrighted works through technical means are contrary to the societal goals of protecting creators and their works while at the same time fostering innovation and creativity.
In pursuing this argument, Gillespie reviews the basics of copyright law and practice and then presents case studies, including chapters on the role of the M.P.A.A. and Jack Valenti in lobbying for legislation that reinforces technical means (Ch. 4), the failure of the Secure Digital Music Initiative (Ch. 5), the weak and failed efforts to protect the first generation DVDs using technical means (Ch. 6), and failed attempts to impose the Broadcast Flag on television signals (Ch. 7).
As noted, Gillespie points out that copyright is an attempt to define one balance of interests among three parties: the creators of copyrighted works (and subsequent rightsholders in the works), the users or consumers of copyrighted works, and society at large. I say “one balance of interest” because balance points have been articulated and implemented other than the one Gillespie might prefer.
Under copyright law, there is a societal interest in providing for a finite period of time an economic incentive for creating and controlling new works. There are also societal interests in enabling consumers and other creators to make use of copyrighted works, or portions thereof under certain circumstances, for education and other non-commercial uses, for example.
Gillespie rightly notes (pgs. 27-30) that copyright law may be in conflict with First Amendment guarantees of free speech. For example, if permission was always required to use some or all of a copyrighted work, then rightsholders might not grant permission to quote excerpts for use in an unfavorable review. The Fair Use provisions of copyright law exist in part to help strike a balance among rightsholders, users of the works, and societal interests. Quoting short passages for the purpose of a review probably falls within Fair Use. I say “probably” because there may be constraints on the proportion or length of a quote to fall within Fair Use. So far, so good.
Neither Fair Use nor copyright are absolutes. Gillespie acknowledges in passing that Fair Use is what lawyers call an “affirmative defense,” which means that you first have to admit using the work in a way that would be held to be infringing except that the use meets one or more relevant Fair Use criteria. However, it feels to me that Gillespie hasn’t really taken this to heart, and writes most of the time as if Fair Use is an absolute right not to be abridged by changes in statutes, by technical means, or by contract.
Both in the digital and non-digital realms, contract law has been used effectively by rightsholders to abridge and at times contradict Fair Use and other provisions of copyright law. No one should be surprised, then, if rightsholders want to transfer these long established practices to the digital realm using technical means.
Note that my earlier definition of DRM is explicitly about rules and implicitly about business models. There is nothing there about encryption or system security, although both may be required for effective rule determination and enforcement.
In Chapter 9, Gillespie’s badgering of encryption and related technical means of rule enforcement seems to be a misplaced, if not wasted effort. The DRM debate is largely about business models: those who wish to monetize and control digital assets vs. those who either deny that digital works are property, or who believe that once acquired, consumers should be free to do whatever they want with their property. I have little sympathy for those who assert that intangibles are not property. However, rational arguments can be made that once sold, the owner has an absolute right to do as she or he likes, although I disagree.
A short aside: I also believe that a lot of DRM—rootkits come quickly to mind—has annoyed and inconvenienced consumers, to the clear detriment of content distributors. Any reasonable balance between rightsholders and consumers has to minimize, if not eliminate, the adverse aspects of technical means for rule enforcement. Period. Full stop.
But these contentious relationships between producers and consumers of digital works do not occur in a business vacuum. For instance, even though they saw it coming more than a decade ago, the record business is today in dire straits. Because anyone can rip CDs and produce compressed audio of sufficient quality, the efforts of the R.I.A.A. must fail. The cold chilling effect of litigation only goes so far, if at all, in protecting the interests of the major labels.
As others have pointed out, the problems of the record industry stem from a failing business model. If the major labels cannot identify and obtain additional revenue streams, then their fortunes will continue to sink. Neither litigation nor encryption will save the day for the major labels given their current business model.
Encryption is simply one of several means to an end, the goal being to assert use rules defined by rightsholders. Even if encryption were not required to ensure rule enforcement, I believe that Gillespie would still have the same negative opinions of the rules and provisions under contract law that rightsholders seek to enforce in the digital realm.
The recent shift toward DRM-free downloads is one example of market forces having consequence in the digital realm. Another is the rootkit brouhaha. CDs with rootkit technologies were withdrawn and consumers partially compensated. Market forces will shape, if not define, business models in the digital realm. Encryption is largely irrelevant.
Nit 1: Gillespie overstates the case that it is impossible to realize the Fair Use exemptions when DRM is used (although note 122 on page 300 addresses privacy issues that I believe would be resolved by market forces). Take the educational use exemption. Rightsholders could issue digital certificates to colleges, schools, and students that could be interpreted as signaling an educational context. Any reasonably sophisticated DRM rules system could look for such a certificate and apply a different set of rules if found. Such an approach has overhead to be sure. And participants would have to do a cost / benefit analysis. Even if cost effective, rightsholders might not want to implement such a system believing that they want to minimize the loss of revenue. Here again, the issue is one of business models, and not of technology per se.
Nit 2: Wired Shut is a terrific piece of scholarship. The bibliography and notes are almost worth the price of the book. However, I continue to find strange that Gillespie and many other authors fail to consult and refer to patents. Although it’s a personal bias, perhaps, there are portions of some patents that make for interesting reading. For example, although he cites Mark Stefik's well-known paper, Letting Loose the Light, Gillespie doesn't mention Stefik's early Xerox patents (now owned by ContentGuard), for example 5,629,980, 5,634,012, and 5,715,403.
While he mentions InterTrust with respect to the SDMI, he fails to note several of the InterTrust patents that describe not only technical means, but that extensively address business model issues as well. 5,910,987 is one of many examples. InterTrust founder Victor Shear and the original team (Karl Ginter, Frank Spahn, and David Van Wie) got the business issues right and did so well ahead of the curve.