DRM: failure by presumption of guilt

Since the launch of the Apple Music Store, I have used filesharing software maybe twice. I simply haven’t found the need, and when I want a song, I’m happy to pay $1 for it. I was never super happy about the DRM, but Apple’s DRM didn’t ever prevent me from going about my usual dealings. I authorized my wife’s computer and my sister’s computer with my account, and that’s about as widely as I need to share my music. Even after a hard crash of my older Mac, I was easily able to “deauthorize all machines,” and manually reenable each one.

Now, though I’m evidently not a huge anti-DRM activist, I think DRM is a particularly poor business and technical choice. In a DRM-enabled world, every appliance has to implement the prescribed constraints and treat every user action with great suspicion. In other words, with DRM, paying customers are guilty until proven innocent. DRM is the only technology which is entirely dedicated to disabling features for the primary user of the application. How weird that we’re spending brain and computer cycles on forcefully removing features?

So last week, I bring up iTunes to play some music for my last stretch of thesis writing. Two songs into my writing frenzy, iTunes stops playing. I click play, and the authorization dialog appears, claiming that my entire machine isn’t authorized. Weird, but whatever. I type in my password. Random unexplained failure. My machine won’t authorize. My songs won’t play.

By the next day, the music store was fixed, my songs played again, and I’d received a serious reality check about the consequences of DRM. What if I hadn’t had network connectivity? What if Apple hadn’t fixed the bug quickly? What if Apple changes business model altogether in the future? Who owns the right to play my songs? Is it revocable in some way?

In theory, I knew about these issues, and I’ve written about them before. But it’s a completely different thing to have this happen to you personally, right when you really want to listen to that song. It’s this uncomfortable feeling, much like when a police car pulls up behind you, you get a rush of adrenaline, check your speed, breathe a sigh of relief because you’re safely under the limit, then wonder defiantly “why the heck is this police car on my tail?” It’s a violation of your privacy, as if the music store owns you and has some kind of veto power over what you do.

These failures are bound to happen more and more. As more appliances support DRM, as more content is DRM’ed, the proper operation of the DRM backend is now on everyone’s everyday critical path. And that’s really the question we should be asking: what happens when the system fails? What happens to honest consumers? With DRM, the answer will always be “unauthorized by default.”

That’s why, starting today, I will be decrypting and backing up all of my songs. That’s why everyone will do the same over time. And why consumer protection laws, much like those being debated in Europe right now, will eventually become more commonplace. And that’s why DRM will fail.