By Mark Frauenfelder, Wed Feb 14 00:00:00 GMT 2001
Don't look now, but you're about to lose control of your wireless device. Soon, you won't be able to copy, store or send certain copyrighted files, such as music, video, photographs, or text to other devices without the permission of the copyright holder. Update: IBM pulls out of the project.
This summer, digital music players will be sold with a built in anti-piracy feature called CPRM (Content Protection for Recordable Media). This technology encrypts files as they are downloaded to the device. (Encryption is a way of scrambling digital content, making it unusable unless it is unscrambled by that device's unique key).
Developed by the 4C Entity - consisting of IBM, Intel, Matsushita, and Toshiba - CPRM will show up in all kinds of devices that use microdrives or flash memory. It may even be used on hard drives in desktop and laptop computers. And it will be impossible to erase the CPRM software that resides on your disk or memory module. You'll be stuck with it.
CPRM works by giving every storage device a unique serial number. When a data file is downloaded to the device, it will be encrypted using a key generated by the serial number.
Let's say you own a mobile phone that has the ability to download and play MP3 files. And say you want to be able to store a lot of songs on your phone, so you buy a flash memory module that plugs into your phone. If you go to a web site that sells digital music and download a song, it will be encrypted so that only your device can play it. If you try to transfer the song over to one of your other devices, it will be unplayable. And if the copyright holder decides that it doesn't want to allow you to make a backup of the song, then you won't be able to do anything about it.
At first glance, CPRM seems like a fairly effective way to protect copyright holders from piracy. After all, it isn't fair (or legal) for people to make copies of other people's artistic work and sell them without permission. Unfortunately, CPRM goes beyond stopping piracy. It also halts the fair trading and copying of digital audio, photos, video, and text, too.
The CPRM scheme flies in the face of the Audio Home Recording Act, which was passed in the United States in 1992, and allows consumers to record music for private, noncommercial use. The law was a hard one for record companies to swallow, because they want you to pay once for a CD, and once again for the same album on cassette tape. Until recently, they couldn't prevent you from making copies. And today, they still can't legally prevent you from doing so. But now, thanks to CPRM, they can use technology to lock files onto your device's memory, forcing you to pay money to unlock them and exercise your right to make a personal copy.
There are other problems with CPRM. For example, what happens if the memory module becomes damaged, and you need to copy the files over to a new module or hard drive? Tough luck. Under CPRM's scheme, each hard drive or flash memory module has a unique encryption key, as individual as a fingerprint. Even if you were able to transfer your files over to a new memory device, you couldn't unlock the files because the new key wouldn't fit.
Also, the fact that each memory device will have a unique encryption key associated with it has many privacy advocates worried. It's not hard to imagine how third parties could end up using this to identify people and monitor track Internet use, or check their devices for unregistered software.
An ongoing issue
CPRM is the latest salvo in a ceaseless battle between entertainment companies and consumers. Ever since the first tape recorders and VCRs were sold, people have enjoyed the ability to "time shift" and "space shift" the entertainment they consume. They are able to record TV shows so they can watch them whenever they want to, and record songs so they can listen to them at home, in their car, or outdoors.
But entertainment companies don't like technology that allows time-shifting and space-shifting. Besides cutting out the revenue from redundant sales, they're afraid that people will use recording technology to steal music and videos. They tried legal methods to stop cassette tapes and VCRs, and they lost. Now, they are going to use technology, and not the law, to prevent the consumer from gaining control over new digital forms of entertainment.
CPRM represents a deal between the entertainment companies and hardware manufacturers to actually cripple the functionality of digital recording and storage devices, making it nearly impossible for people to time-shift or space-shift copyrighted digital content.
Historically, consumers have avoided copy-protected media. There's a chance that consumers will refuse to put up with the CPRM scheme because it adds complexity and limits options to an otherwise simple process. In some ways, CPRM is reminiscent of DIVX, a DVD format that required users to attach a phone line to their DVD players so that the movie companies could charge them every time they re-viewed a DVD that they had already bought.
DIVX died a quick death because consumers overwhelmingly opted to buy full-strength DVDs and DVD players, even if the up front cost was greater. But consumers may not have a choice with CPRM. The entertainment companies and the hardware manufacturers might have jumped in early enough to prevent consumers from making a choice between protected and unprotected media. For now, music files that you find on Napster and other file-swapping services will not be affected by CPRM. But once entertainment publishers begin tagging their songs and videos with CPRM data, you could lose your ability to choose how, when, where you watch and listen to digital entertainment.
Naturally, Net activists aren't going to let CPRM roll over them without a fight. Recently, John Gilmore, the co-founder of The Electronic Frontier Foundation (a non-profit organization dedicated to protecting the rights and promoting freedom on the Internet) has asked others to join him in a boycott of vendors who manufacture devices equipped with CPRM.
In his call for a boycott, Gilmore wrote: "No copy protection should exist ANYWHERE in generic computer hardware! It's up to the BUYER to determine what to use their product for. It's not up to the vendors of generic hardware, and certainly not up to a record company that's shadily influencing those vendors in back-room meetings."
In response to Gilmore's declarations, the consortium responsible for CPRM has announced that hard disk drives for desktop and laptop computers will be equipped with an option to switch CPRM on or off. But that doesn't stop Hollywood from using it, making it impossible to view or listen to CPRM encrypted content unless you leave the option turned on. And there has been no offer to give handheld device users the option to disable the technology.
For now, it looks like we'll be stuck with it.
Mark Frauenfelder is a writer and illustrator from Los Angeles.