What If the Kindle Succeeds?

The news recently has been full of reports that Amazon's e-book reader, the Kindle, is doing better than expected. Analyst Mark Mahaney from Citibank says Amazon is on track to sell about 380,000 Kindles this year, and says the Kindle "is becoming the iPod of the book world," with sales expected to hit $1 billion by 2010.

For it's part, Amazon remains coy about releasing the actual numbers, so it might be best to take these predictions with a grain of salt — and sales of the Kindle haven't come close to the numbers for the iPod. But Amazon has reported that, of titles carried in both paper and electronic form, the e-books comprise 10% of sales, a percentage that is likely to grow.

Steve Jobs said recently that the whole idea of e-book readers was flawed since "people don't read anymore". But for those of us who do read, the e-book elicits skepticism for different reasons. For us, the look and feel, even the smell, of a physical book is part of the joy of reading. Will anyone actually want to curl up with an electronic device for an evening of literary comfort?

But the success of the Kindle suggests that some people will. And digital books bring some advantages that suggest the trend won't disappear any time soon:

• Ease of access: We have become accustomed to the fact that we can access millions of songs and albums instantaneously online, with a single click. The same is now increasingly possible with books.
• Ease of sharing: Everyone loves to share a good book with friends. Digital books can be shared as easily as sending an email — and you don't need to give up your copy in order to do so! (Publishers may try to restrict copying with DRM copy protection, but as we saw with MP3 files, this strategy will fail.)
• Ease of carrying: A single Kindle device can carry at least 200 books. As the technology improves, you will soon be able to carry a copy of your entire library in your bag (and have a back-up at home), just as you now carry your music collection in your pocket.
• Price: As more people use digital books and as competition increases, the price of digital books will come down, reflecting the real costs of production — no expensive printing, no shipping across country or storing in warehouses.

Skeptics should remember that it wasn't long ago that many predicted that CDs would never replace vinyl, and later that MP3s would never replace CDs. You can still find great record stores that specialize in vinyl, but the trend towards digital music has been steady and unstoppable. And the music industry has paid a huge price for their failure to embrace the new technology. After first ignoring new technologies, they then proceeded to try to sue innovators, restrict users with DRM copy protection and then punish fans with indiscriminate lawsuits, none of which did a thing to stop online sharing of music. Sales are down, illegal filesharing is up, and no one has found a way to unite the industry around monetizing the sharing of digital music (though EFF has suggested a Better Way Forward).

Will the same thing happen to the publishing industry as books become digital? If the trend continues, with better devices promising longer battery life and better screen resolution, digital books will become a force to be reckoned with. Are we doomed to watch the publishing industry run through the same gamut of bad decisions that have plagued the recording industry for the last few years?

Here are some questions the book industry should be asking itself.

[Read the entire post]

DRM for Streaming Music Dies a Quiet Death

Yet another nail has been driven into DRM's coffin, this time for streaming audio (PCPro has a nice overview of the state of DRM for digital music).

Two of the leading on-demand streaming music sites, iMeem and LaLa, are not using DRM on their audio streams, instead sending the music as MP3s dusted with a dash of obfuscation. This is significant because both sites have been licensed by all the major record labels -- the very same record labels that were just last year pushing Congress to require DRM on all noninteractive webcasts. So it looks like the RIAA companies have changed their minds, dropping DRM requirements for the on-demand streaming music services.

This should put an end to legislation to mandate DRM on noninteractive webcasters. After all, why should these webcasters be in a worse position than the free, on-demand music services like LaLa and iMeem?

This also undermines the argument that DRM for music is necessary for subscription services. If the major labels have given up DRM for free, ad-supported (correction: iMeem is ad-supported, LaLa is free for a first listen of a track, 10 cents for repeat listening), on-demand streaming services like LaLa and iMeem, there's no plausible reason to insist on DRM for paid subscription services like Rhapsody and Napster 2.0. After all, there's no reason to think that those who prefer commercial-free subscriptions like Rhapsody are more likely to "pirate" streams than those who prefer ad-supported services like LaLa iMeem.

LaLa and iMeem each take slightly different approaches to streaming music. LaLa uses HTTP to download each requested song as an MP3 to your browser, but relies on aggressive "no-cache" headers and pre-expired date stamps to suggest that your browser not make a copy of the file on your hard drive. Using a packet sniffer to capture the entire HTTP session, however, easily reveals the complete MP3 embedded right after the HTTP headers.

iMeem also downloads and caches each requested song, but sends the MP3 as the audio track of a Flash Video file. This FLV file is typically saved (cached) on your hard drive as an obscurely named temporary file, which is overwritten when you request your next song (we mentioned iMeem's approach back in January, and it's essentially unchanged). Copy this temp file, however, and you can easily extract the audio track from the Flash video, saving it as a stand-alone MP3 file.

(The location of this TemporaryItems folder, and its equivalent on other operating systems, varies significantly depending on operating system and version. On some operating systems it's buried deep within the directory hierarchy, but it can be found automatically with standard tools.)

While the light obfuscation used by iMeem and LaLa might create a "speed bump" of inconvenience for users who want to keep the MP3 files, it doesn't rise to the level of a "technical protection measure" protected by the DMCA. In short, this is yet another example of why there is no legitimate business case for DRM on music -- it doesn't prevent piracy and it's not necessary to enable "new business models" like subscription or ad-supported music. (Of course, as the movie industry has demonstrated, DRM can still be valuable for impeding competition and putting the brakes on disruptive innovation. But it's hard to see how the law should protect those goals.)

[Permalink]

In Memoriam: Ed Foster, 1949-2008

Ed Foster, the journalist and consumer advocate behind InfoWorld's GripeLine column and GripeLog blog, died of a heart attack this weekend. He was 59.

It's no exaggeration to say that Ed was one of the preeminent consumer rights activists of the digital age. During his more than 20 years as a "reader advocate" at InfoWorld, he was far ahead of his time, recognizing that in a world increasingly dominated by software and online services, the digital consumer needed a champion when squaring off against the likes of Microsoft, Adobe or AutoDesk. Following in the traditions of the best consumer reporters before him, Ed exposed software vendors and online service providers that treated their customers shabbily.

But it was in his tireless work against "sneakwraps" -- those "end user license agreements" (EULAs) and "terms of service" (TOS) that require our "agreement" -- that Ed was without peer. You may not be reading all those "agreements" before you click thru, but Ed was. He recognized earlier than most that sneakwraps were going to be the digital consumer's worst nemesis, the mechanism that stripped consumers of the legal protections they enjoy when buying a book, a chair, or an automobile. Long before most consumer groups were thinking about sneakwraps, Ed was covering and participating in efforts to block UCITA, a package of state laws pushed by large software vendors that would have stripped consumers of valuable protections under contract law (UCITA was ultimately adopted by only two states, VA and MD, and has since been abandoned). Ed also contributed his insights on DRM, product activation, and reverse engineering to groups like AFFECT (Americans For Fair Electronic Tranactions) and EFF, making sure we knew what consumers were dealing with in the trenches.

Ed will be sorely missed, both professionally and personally, by all who benefited from his wisdom. Here are a few of my personal favorites from among his remarkable output of columns and posts:

Embroidering on a Copyright Shakedown Theme -- casting the spotlight on the "Embroidery Software Protection Coalition" (ESPC) after it sent settlement demand letters to grandmothers who bought embroidery software on eBay. Based on Ed's tip, EFF stepped in to protect the interests of innocent purchasers.

Sneakwrap Files: McAfee Automatic Renewals -- a consumer advocate's classic, wherein Ed confronts McAfee over the "automatic renewal" provision buried in the fine print of their EULA. McAfee backs down and coughs up a refund.

The Lexmark Car -- an April Fool's post explaining what the world would be like if a car manufacturer tried to get away with the kinds of shenanigans practiced by Lexmark in connection with their laser toner cartridges.

Into the DMCA Groove -- in 2003, an eBay seller gets into hot water after trying to auction a promo CD given away at The Gap. Ed cries foul, predicting 5 years in advance the exact outcome of EFF's UMG v. Augusto case, where a court found that "promo use only" labels can't trump the first sale doctrine.

[Permalink]

Yahoo! Offers Refunds to Customers Who Bought DRM-Crippled Tunes

Last week, Yahoo! faced a predictable backlash when they announced that they would be ending support for the DRM that came with music sold through its Yahoo Music service. EFF and others criticized the decision, saying Yahoo should either continue to support the DRM or compensate their customers with refunds and/or replacement mp3s. Now, Yahoo has happily chosen to do right by their customers and provide full refunds for any music sold through Yahoo Music that came wrapped in what is soon-to-be obsolete copy protection.

As many commentators have noted, this is not the first such DRM kerfuffle, and it won't be the last. DRM creates headaches, not just for the customers who find their use of their music restricted, but also for the companies that sell it, since they are required to ensure the DRM will continue to work under each new operating system change as time goes on. When companies try to phase out their DRM support — as MSN Music tried to do a few months ago — they face outraged customers who find the music they paid for will no longer play the next time they upgrade. (MSN decided to delay the decision by continuing support for DRM until 2011.)

Small wonder that so many online music retailers continue to move away from DRM and towards more user-friendly formats like MP3s. But this problem will continue to dog the companies that sold DRM music to customers in the past. Online music retailers like Yahoo, MSN Music, and Apple's iTunes have sold millions of tracks burdened with copyright protection that will require continued support if customers are to receive what they thought they paid for. Those customers handed over their hard-earned cash for music that they expect to be able to continue to enjoy now and in the future — just as we continue to enjoy the vinyl records and even 8-track tapes that were sold decades ago. Companies like Yahoo have an obligation to ensure that expectation is met.

Yahoo's decision sets a good precedent for when this problem inevitably arises again. Vendors that sold DRM-crippled music must either continue supporting tech that no one likes — as MSN Music chose to do — or take Yahoo's path and fairly compensate consumers with refunds. It's the right thing to do.

[Permalink]

Here We Go Again: Yahoo! Music Throws Away the DRM Keys

Just over a month after consumer backlash caused MSN Music to rescind its decision to deactivate the digital rights management ("DRM") servers that allowed MSN Music purchasers to "reauthorize" music files after upgrading operating systems or buying new computers, Yahoo! Music has decided to deactivate its own DRM servers.

The ironically named Yahoo! Music Unlimited Store will shut its virtual doors in September, and, as of October 1, will no longer provide license keys for music purchased from the store, nor will it authorize song playback on additional computers. That means Yahoo! Music customers will not be able to transfer songs to “unauthorized computers” or access the songs after changing operating systems. Yahoo! advises customers to back up their music to a CD if they want to be able to access it in the future. In other words, Yahoo! wants its customers to invest more time, labor and money in order to continue to enjoy the music for which they have already paid. In fact, the more music they bought, the more work they'll have to do. What is worse, this suggestion could put customers at legal risk, as they may not have documentation of purchase. Furthermore, there is no certainty that all relevant copyright owners would agree that making such backup copies without permission is lawful.

We’ve warned music fans for years that they could lose their DRM-wrapped music if vendors decided to withdraw support for it. Nonetheless, we hoped that the experience of MSN Music would encourage other vendors to think twice before making their customers pay the price for the vendors’ own faulty business decisions.

If Yahoo! wants to make things right, it should do the following:

• Issue a full public apology to your Yahoo! Music customers.
• Offer to refund the purchase price of the affected downloads or, at the customer's option, provide replacements from an online store that offers the same tracks in a DRM-free format.
• Ensure that all Yahoo! Music buyers have (or have permanent access to) receipts identifying dates, amounts, and titles purchased, so they have proofs of purchase. Or, better yet, offer to cover their legal costs if they are hit with a copyright infringement claim based on a song purchased through Yahoo! Music.
• Widely publicize the above measures so that Yahoo! customers know their options. That publicity should include, at a minimum, advertising in major music magazines and newspapers in every major U.S. city, as well as targeted keyword advertising.

At the very least, this announcement is further evidence (if such evidence were needed) that DRM is just bad business. It's bad for the consumers who don't actually own the music they pay for; it's bad for the rightsholders who lose out when legal copies of their songs are worth less than illegally obtained copies; and it's bad for the companies that must choose between maintaining technology that is defective by design or violating the trust of their customers.

[Permalink]

MSN Music Debacle Highlights EULA Dangers

When Microsoft announced that it will no longer support former MSN Music customers who want to play their DRM disabled music on new computers, DRM-hating consumer advocates justifiably cried out, “I told you so!” But this debacle is not just another example of the dangers of DRM: its also a reminder of the danger of overreaching end user license agreements, or EULAs

Just as DRM allows unprecedented corporate control over music and movies, the EULAs that Microsoft and other content vendors force users to click through before downloading songs, shows or films help enforce and expand that control. For example, EULAs usually claim that whatever happens, you can't sue the company--even for problems that are entirely of the company’s own making. And EULAs are often used to try to limit a company’s obligation to live up to its apparent promises.

What this means is that buying music (or software) on line is quite different from making your purchase at the store. When you buy a regular CD, you own it. You're allowed to do anything with it you like, so long as you don't violate one of the exclusive rights reserved to the copyright owner. So you can play the CD at your next dinner party (copyright owners get no rights over private performances), you can loan it to a friend or make a copy for use on your iPod. Every use that falls outside the limited exclusive rights of the copyright owner belongs to you, the owner of the CD. And if it won’t play, you get to bring it back and get a refund. Both technology and custom give vendors a lot more power when selling digital goods. Unlike the CD purchase, when I download from Microsoft Music, I don't just get the music, I get the “Service Agreement” as well. And if the Service Agreement tells me that there just might not be any Service, then I could be stuck with the digital version of an empty jewel box.

MSN Music’s EULA is a case in point. When active, MSN Music's webpage touted that customers could “choose their device and know its going to work”.

But when customers went to purchase songs, they were shown legalese that stated the download service and the content provided were sold without warrantee. In other words, Microsoft doesn't promise you that the service or the music will work, or that you will always have access to music you bought. The flashy advertising promised your music, your way, but the fine print said, our way or the highway.

Microsoft isn't alone. Many other DRMed music services also make false promises to customers including Apple iTunes, RealNetworks and Napster 2.0.

Which applies, the marketing promises or the fine print?

[Read the entire post]

MSN Music Pulls the Plug on Customers

Last week, Microsoft announced that it was leaving the paying customers of its MSN Music store out in the cold. Rob Bennett, the head of MSN Entertainment and Video Services, told customers in an email that “[a]s of August 31, 2008, we will no longer be able to support the retrieval of license keys for the songs you purchased from MSN Music or the authorization of additional computers."

In other words, the DRM copy protection that Microsoft and the major record labels insisted customers put up with has now drastically devalued that music -- at least for consumers who like to regularly upgrade their PCs. Come August 31st, if you buy a new computer, or even upgrade your OS, you’ll have to give up your MSN Music.

Bennett says the burden of managing its DRM servers and updating its code with every OS change created problems that were unmanageable. “We really feel, in the long term, what’s best for people who want to buy music from Microsoft is to move to Zune,” Bennett told CNET.

If Bennett is truly concerned with “what’s best for people,” he can start with ensuring that his customers can enjoy their legally purchased digital content on whatever machines they choose to use, on whatever OS or devices they have in the future. Indeed, if Microsoft doesn’t take immediate steps to provide that assurance, it’s hard to imagine why anyone would want to move to Zune and risk having their their digital content damaged the next time Microsoft decides its business interests require shutting down a music service.

“No one ever foresaw being in this situation,” Bennett told CNET. But if Microsoft had listened to consumer advocates and digital rights proponents, it might not have been so surprised to find that DRM is bound to cause problems. EFF Fellow Cory Doctorow gave a speech at Microsoft in 2004 in which he told executives:

There is no market demand for this "feature." None of your customers want you to make expensive modifications to your products that make backing up and restoring even harder. And there is no moment when your customers will be less forgiving than the moment that they are recovering from catastrophic technology failures.

EFF predicted that DRM-laden music could be rendered useless when companies stop supporting it in our paper “The Customer Is Always Wrong: A User’s Guide to DRM in Online Music”: “If the time comes that stores and devices no longer support your DRM, you're entirely out of luck.”

Among the many problems with DRM, its threat to musical longevity is one of the most insidious. Vinyl records created decades ago continue to play just fine, on whatever brand of player the music listener desires, thus insuring that our musical heritage is preserved for future generations. By making digital music rely on a license controlled by Microsoft or some other corporation, DRM makes it harder for us to share and preserve our history.

Of course, Microsoft is not entirely insensitive to the desire of its customers to hold on to their music. That’s why they’ve suggested that MSN Music customers strip the DRM from their music by burning it to CD, then re-importing it. The odd thing about this suggestion is that the more music you bought from Microsoft -- the more of a loyal customer you were -- the more time you are expected to spend sitting in front of your computer, burning discs and then re-importing them (degrading the sound quality in the process).

EFF is calling on Microsoft to do the right thing and ensure that their customers maintain their ability to enjoy the content they paid for. We’ve written an open letter to Microsoft demanding that they take steps to make things right with their customers, including issuing an apology, compensating MSN Music customers, and publicly committing to keeping Zune customers from being stuck in the same boat.

We’ll be watching to see how Microsoft responds. And meanwhile, we’ll continue to argue against DRM and other forms of content restriction that limit the rights of the public to access and control content they own.

[Permalink]

Adobe Pushes DRM for Flash

The immense popularity of sites like YouTube has unexpectedly turned Flash Video (FLV) into one of the de facto standards for Internet video. The proliferation of sites using FLV has been a boon for remix culture, as creators made their own versions of posted videos. And thus far there has been no widespread DRM standard for Flash or Flash Video formats; indeed, most sites that use these formats simply serve standalone, unencrypted files via ordinary web servers.

Now Adobe, which controls Flash and Flash Video, is trying to change that with the introduction of DRM restrictions in version 9 of its Flash Player and version 3 of its Flash Media Server software. Instead of an ordinary web download, these programs can use a proprietary, secret Adobe protocol to talk to each other, encrypting the communication and locking out non-Adobe software players and video tools. We imagine that Adobe has no illusions that this will stop copyright infringement -- any more than dozens of other DRM systems have done so -- but the introduction of encryption does give Adobe and its customers a powerful new legal weapon against competitors and ordinary users through the Digital Millennium Copyright Act (DMCA).

Recall that the DMCA sets out a blanket ban on tools that help "circumvent" any DRM system (as well as the act of circumvention itself). When Flash Video files are simply hosted on a web site with no encryption, it's unlikely that tools to download, edit, or remix them are illegal. But when encryption enters the picture, entertainment companies argue that fair use is no excuse; Adobe, or customers using Flash Media Server 3, can try to shut down users who break the encryption without having to prove that the users are doing anything copyright-infringing. Even if users aren't targeted directly, technology developers may be threatened and the technologies the users need driven underground.

Users may also have to upgrade their Flash Player software (and open source alternatives like Gnash, which has been making rapid progress, may be unable to play the encrypted streams at all). Third-party software that can download Flash Video, like the most recent RealPlayer, will also break. But Adobe now has an incentive to push the use of DRM: it's only available to sites that use Flash Media Server 3 software, which starts at over $4,000 (with extra fees depending on the number of simultaneous streams).

Furthermore, the prospect of widespread adoption of DRM restrictions on Flash threatens to squash a growing tradition of expressive fair use of online video -- a practice effectively in its infancy that, left unfettered, would be a dynamic solution to our failing effort to teach media literacy. Before we understand how to read media messages, we must first learn how to speak their language -- and we learn that language by playing with and remixing the efforts of others. DRM, by restricting the remixing of Flash videos, stands to bankrupt a rich store of educational value by foreclosing the ability of students and teachers to "echo others" by remixing videos posted online.

Take the example of "A Vision of Students Today" vs. "(Re)Visions of Students Today". The first "Vision" YouTube video is an artful critique of higher education's failure to come up with new models of instruction that engage the modern student; the second "(Re)Vision" YouTube video is an incisive observation of higher education's crisis in diversity (summarily expressed by the lack of diversity in the original "Vision" video). The original and the remix support each other to instruct with an influence above and beyond the power of either video alone.

Outside the halls of academia, we can see that the ability to openly download and remix video is part of a new ecosystem of amateur entertainment -- watch Drama Prairie Dog and its countless responses:

• "Dramatic Prairie Dog vs. Kung Fu Baby (Best Remix Ever)"
• "Hollywood Zombies Dramatic Prarire Dog"
• "Dramatic Look Bond Remix"
• Drama Prairie Dog - Zoolander
• "Drama Prairie Dog -- Kill Bill"
• (an obligatory Star Wars-related remix) "Darthmatic Chipmunk"

As we noted above, remixers who find and use tools that break the Flash Video encryption could be sued, even if their transformative creations would otherwise have been fair use.

Finally, there's a classic suite of arguments against DRM that will be as true for online video as they were for music. DRM doesn't move additional product. DRM is grief for honest end-users. And there's no reason to imagine that new DRM systems will stop copyright infringement any more effectively than previous systems.

[Permalink]

Last Major Label Gives Up DRM

Back in December 2005, we announced the beginning of the end for DRM on music. Well, two years later, we're getting close to the end of the end, with Sony-BMG announcing that it, too, will be giving up on DRM for music downloads (at least for some of its catalog). Sony-BMG is the last of the four major labels to take this step.

It's about time. As online music retailers have been pointing out for years, DRM has only held back the authorized downloading services in their efforts to compete against the unauthorized world of P2P file sharing.

This isn't quite the end of DRM on digital music, however. The last hold out is DRM on subscription services like Rhapsody and Napster. Some have argued that DRM is necessary for the subscription business model, an argument that I think doesn't hold up under scrutiny. After all, anyone with any motivation can convert their Rhapsody "streams" into downloads, DRM notwithstanding. So it's not the DRM that keeps people paying their monthly subscription bills -- it's convenience, inventory, and other features that add value to the experience (DRM, on the other hand, is about subtracting value from the fan's experience).

But there is also evidence suggesting that DRM on streams may be dying, as well. Leading next-generation streaming music services, like iMeem, are using FLV (a streaming format with no DRM) for their music offerings. And iMeem is licensed by all of the major labels, so it appears that DRM is no longer a requirement for authorized music streaming, either.

Next step (and I hear that at least one major label is considering it) will be a blanket license for music fans -- pay a small monthly fee, and download whatever you like, from wherever you like, in whatever format you like. This is the inevitable end-game in a world where file sharing remains hugely popular and the labels want to prevent new retailers (like iTunes) from controlling distribution.

[Permalink]

2008: DRM continues to punish paying customers

Just three days into the new year, we have another example of DRM punishing paying customers, rather than "pirates." Netflix subscriber Davis Freeberg ran headlong into an incompatibility between Microsoft DRM and ... Microsoft DRM.

The trouble all started when Freeberg bought a new monitor for his Vista computer. When he decided to watch streaming movies from Netflix, Netflix documentation warned him that the recommended means of fixing a problem with DRM-restricted Netflix programming "may remove licenses to other content using Microsoft DRM" -- including, in particular, restricted programming he had already purchased through Amazon Unbox. Trying to resolve this problem just got Freeberg a tech-support runaround, with each company involved pointing the finger at another.

Tech support problems are not unfamiliar to PC users, but where did this problem come from? Freeberg was just trying to use a new monitor with his computer; his reward, apparently, was broken DRM software, which couldn't be sure the new monitor met movie studios' arbitrary requirements (or perhaps just couldn't be sure whether it could be sure). Furthermore, the DRM industry -- which has already spent countless engineer-hours making "approved" and "licensed" products (seemingly at the expense of "compatible" and "interoperable" devices) -- couldn't even offer Freeberg a clear path out of this jam.

Is this mess stopping copyright infringement? Nope -- it's still easy to copy media and easy to find unauthorized copies. In fact, one commenter points out that the easiest "fix" for Freeberg's trouble appears to be downloading the movie from an unauthorized torrent tracker.

Freeberg's conundrum is likely the product of the Protected Media Path (PMP) (mis)features that have been added to Microsoft's Vista operating system. Thanks to PMP, Vista computers can now "audit" the video outputs, supposedly to ensure that only "authorized" (aka DRM-laden) video boards and monitors can receive Hollywood content. Unfortunately, these kinds of (mis)features generally (1) don't stop pirates and (2) result in compatibility headaches for paying customers.

[Permalink]