Social DRM in practice?

I know DR doesn’t agree with me here… but the problem with social DRM is, as a security measure, it has no teeth. It depends on the perpetrator being targeted for prosecution after the fact (if anyone thinks it’s worth bothering about), and by that time, all the illegally-distributed copies are already out there, and no way to determine how many of them are out there… you’re locking the barn door after some indeterminate number of the horses have run off.

The only thing security is good for is preventing the material from being stolen in the first place. Anything else is essentially a psychology exercise.

Although I happen to think the fingerprint is the right idea, I think it should be used as a more secure method of file opening, required to buy the file, and to open it on subsequent occasions of its use. Of course, we have the tech for that, but it is not yet in use on all electronic devices, so for right now, it’s a not-ready-for-primetime idea.

And in the meantime, social DRM can be effectively replaced by reasonably-priced quality media, which discourages bootlegging and illegal sharing.

This is the start of a duscussion I’ve waited a long time to see. I really think social marking is the way to go.

The only example I’ve seen, that seems to be working, is downloadable articles from the American Chemical Society journals. Utah State Higher Education has purchased access to all ACS articles. State Universities can download .PDFs to our readers and desktops directly from pubs.acs.org. That server uses our IP address to see if we are part of a contract, then places, in the left margin of every page, a statement that the article was “downloaded by [my school] on [todays date]” and lists the print publication date and the doi. So if we send it to a colleague, they’ll know it was not meant for general distribution, and our school was responsible for opening the cage door.

I don’t know if someone with the full version of Acrobat can strip that out, or if there are silent or hidden distribution mechanisms in place to prevent distribution. I opened it in Acrobat, but couldn’t do anything to the source statement–but then, I’m an Acrobat newb.

All I know is I haven’t sent an article to a colleague since they added the social tag.

I think the point of the social drm is that it doesn’t have any form of prevention. Otherwise it is just the same as before. In the paper world, if somebody bothers to copy and sell thousands of your books you have the same problem, you don’t know till after the fact. Whether it was digital or in paper the same problem could occur, but people are still allowed to buy their paper books free of any limitations on access even if the copy problem may occur. The only real barrier is how convenient it to make said copies. Plus if it is a popular title, their are fans who may make it happen anyway. The Harry Potter series has been out in digital forms for quite some time regardless of whether it was ever released in that format. Plus no DRM will ever be effective, it just makes the barrier to entry slightly higher. If a person wishes to get the information out, there are many methods to strip the DRM or just plain type it in if all else fails. The Harry Potter series again being an example where if a certain language wasn’t available, fans just translated it on their own and put it out. DRM never would slow that kind of thing down at all. Social DRM treats the customers with respect with their being consequences if they misbehave same as in the p-book world. An example site that uses social DRM that seems to be doing well is drivethrustuff.com which sells comic books and rpg gaming books. They have many watermarked titles with no additional restrictions and seem to be doing okay. (I believe they have been in business for at least a couple of years but I can’t swear to that). So with all due respect Mr Jordan, no DRM will ever stop a copy from being made, just slow it down at the most.

In the early days of e-books, (in a universe far, far away-in Seattle), at Alexandria Digital Literature, in the 90’s and 2000’s, we published around 1,000 e-book fiction titles. There was no DRM technology used through our e-book store (alexlit). What we applied was social DRM. On the copyright page, we included a statement explaining that this was the author’s property and livelihood, and should not be shared with others. We appealed to their honesty and trusted the customer to be trustworthy.

Additionally, our proprietary XML-based technology was applied at point of sale, by adding the customer’s name on the title page of each downloaded e-book file. It was their own personal copy of the book. You wonder how that worked out? We had almost no theft. In fact our patrons looked out for our interests, by informing us of any abuse. Authors agreed that e-books are a marketing vehicle that build up readership and promotes the sale of all editions. Ultimately, they were ok if a few copies were pirated.

Trust goes a long way. Will that work for high value non-fiction, not likely. Hope this history is useful to those trying to figure out current business models and technology solutions.

So if we send it to a colleague, they’ll know it was not meant for general distribution, and our school was responsible for opening the cage door.

That doesn’t stop you from sending it, or telling your friend to “keep it between us,” allowing the copy to be distributed. And unless the authorities happen to go specifically to that friend’s computer and check it for illicit copies, no one will know you illegally sent anything out.

How secure is that?

Basically, this method prevents you from wanting to send the file to people you don’t trust not to turn you in and get you in trouble. That’s all. And since it has no real security on it, you could probably argue that someone might have broken into your PC and stolen the file… unless it could be proven that no one else uses your PC, or someone saw you send it, you could escape liability.

Making the file incapable of being sent to (or opened by) someone else removes all that ambiguousness.

And as for effectiveness, I haven’t sent a file to anyone, with or without a social DRM tag.

Sorry, Steve Jordan, but you do not necessarily have any special right to absolute security when it comes to selling and distributing digital media.

Until recently, copyright was perceived as a trade-off between the rights of creators and the rights of society as a whole. In return for a LIMITED monopoly on sale and distribution creators would, after a reasonable time, turn their creation over to the public to become a contributing part of the cultural commons.

But, under the eternal pressure of big money interests, copyright has been warped to the point where it 100% favors the owners of so-called “intellectual property” which are primarily large corporation. Instead of an author’s work returning to the commons from which it was created after 14 or 28 years we have media corporations holding down copyright locks for 100 years or more. It’s obscene that works created long before I was born may not enter the public domain until long after I’m dead (if ever).

Under the current e-book DRM systems the purchaser has NO real ownership whatsoever. If Amazon were to go out of business and shut down their servers the ebooks I bought for my Kindle would cease to exist. I can’t transfer them to another device. I can’t read them on my computer. All I could do would be to read them on my existing Kindle and when it died I would lose them forever. That’s a pretty raw deal for somebody who thinks they are “buying” e-books and possibly spending a LOT of money in the process.

As the worlds print media digitizes something has to give. DRM can’t continue to be used as it is now. Rights can’t be locked down 100% in favor of media owners. Personally I’ve resolved to NEVER buy another e-book until DRM is relaxed and I have reasonable control over my purchases. You may think that DRM is protecting your sales, but if you keep tightening the DRM screws you may someday find that you hardly have any sales at all.

Just as it is impossible to stop pirates from breaking DRM encryption, so it is impossible to stop pirates from breaking whatever device is used to watermark books in unencrypted “social DRM.” I definitely think this approach is worth considering and would very much like to have a cost-effective way of applying social DRM to experiment with, but I don’t see it being an effective solution to the problem of high-volume pirating.

Rob Preece
Publisher

@Ted: That’s exactly what I was hoping would happen!

@Steve: If you want to prevent all copying then clearly social DRM isn’t for you. We’re talking about a situation where we don’t want to take extreme measures to prevent copying full stop, because of the collateral damage they cause; but we still want to discourage the kind of mass broadcasting that destroys a business model. So if friends give odd copies to their friends then it doesn’t matter. And the weapon is not really prosecution, but shaming. Shame, not fear of prosecution, is what stops most people from (for instance) forging car park tickets to give them more parking time.

@Bruce: This is tricky because we’re getting into the “high-value non-fiction” field, where the reader doesn’t necessarily feel the same solidarity with the writer. The “million-selling fiction” field is another, where the reader may think “the author is rich and I am poor, so it is only right that I should not pay”.

As for Acrobat: my ideal DRM system would be one where the markings weren’t impossible to remove, but where removing them was something that no honest person had any reason to do. Remarkably few people will intentionally perform a dishonest act without using some excuse to justify it to themselves.

I need to start with stating a simple truth; any defense will almost
always require far more effort and expense than an attack designed to
get past said defense. Regardless of whether we are talking about
traditional DRM, social DRM or some sort of hybrid DRM (As Steve Jordan
seems to advocate), it simply will not stop or even discourage file
sharing. Indeed, it might even encourage file sharers to work harder to
share the files than they might otherwise.

In some respects, social DRM is even more objectionable than traditional
DRM. Lets consider the following basic ideas made by the original
poster. It will not in any way shape or form discourage the purchaser
of a book from sharing it with friends and/or family. At the same time,
if the book somehow makes it onto file sharing sites, the social DRM can
be used to prosecute the the original purchaser of the book. The
problem here is the following; social DRM can only tell you who bought
the book, not who is responsible for actually sharing the file
illicitly.

Lets consider the following: My ebook library is stored on my laptop and
on an SD card that I use in my ebook reader and I store some of it on my
iPod Touch. If any of them were misplaced (the SD card would be
particularly easy to misplace) or stolen, the library could fall into
the hands of a file sharer. A publisher comes along and sees that a
bunch of books I bought from them have ended up on the torrent sites and
next thing you know, I am getting sued by the publisher — even if I
have not willing shared a file with anyone. Lets remember, since the
file sharer can’t be traced via the DRM, he has no incentive to remove
the DRM.

Any sort of DRM is going to do very little to impede those who want to
share files. As we have seen, traditional DRM is easily circumvented
and social DRM will be even easier to circumvent and what is worse,
could simply turn publishers into a very ineffective Big Brother.

I think the point of the social drm is that it doesn’t have any form of prevention. Otherwise it is just the same as before. In the paper world, if somebody bothers to copy and sell thousands of your books you have the same problem, you don’t know till after the fact. Whether it was digital or in paper the same problem could occur, but people are still allowed to buy their paper books free of any limitations on access even if the copy problem may occur. The only real barrier is how convenient it to make said copies. Plus if it is a popular title, their are fans who may make it happen anyway. The Harry Potter series has been out in digital forms for quite some time regardless of whether it was ever released in that format. Plus no DRM will ever be effective, it just makes the barrier to entry slightly higher. If a person wishes to get the information out, there are many methods to strip the DRM or just plain type it in if all else fails. The Harry Potter series again being an example where if a certain language wasn’t available, fans just translated it on their own and put it out. DRM never would slow that kind of thing down at all. Social DRM treats the customers with respect with their being consequences if they misbehave same as in the p-book world. An example site that uses social DRM that seems to be doing well is drivethrustuff which sells comic books and rpg gaming books. They have many watermarked titles with no additional restrictions and seem to be doing okay. (I believe they have been in business for at least a couple of years but I can’t swear to that). So with all due respect Mr Jordan, no DRM will ever stop a copy from being made, just slow it down at the most.

I used to be a Mobipocket fan, because, when I had a VGA Pocket PC, the Mobipocket Reader provided me with the best reading experience. Then, when I changed devices, I had to redownload all of my books with the new device PID. Eventually, I bought an iRex iLiad and read my Mobipocket books on it (after downloading them again with a new PID). Since then, iRex has discontinued supporting the softare on the device and I purchased an iPhone.

I won’t be buying Mobipocket ebooks anymore. I’ve switched to the eReader format, which, as I understand it, is really just encrypted social DRM. The key is the credit card I used to purchase the book. As long as I have the credit card number, I can put the book on any device with eReader or Stanza support. I think the credit card number is a good way to insure people won’t share the ebooks. I would have to give out my credit card number along with a copy of the ebook.

I have no problem with this kind of DRM. Most of the shackles which Mobipocket’s DRM placed on their ebooks don’t exist with the eReader format. Now, if eReader goes away, then I’ve got a problem…

I have been buying social DRMed role playing game books for a couple of years from http://www.drivethrurpg.com. That was what first got me really excited about ebooks and ereaders, being able to show up for a game session or game convention with all of the books I might need in my ereader, rather then carry 60 pounds of books. Drivethrurpg.com uses a watermark on the pages of most of their downloads and I have never given copies of any of the works I have purchased to any of my friends. I have printed 5 to 10 pages for them to refer to during a game, which seems well within the bounds of fair use, but with such a niche industry I am well aware that piracy would be a severe threat to most of the publishers that sell their material there.

In fact there was a case of one company pulling their material from the site. Earlier this year Wizards of the Coast, publisher of Dungeons & Dragons, pulled all of their catalog, current and back, when they discovered a few cases of piracy. They also filed lawsuits against the handful of people who had posted their material on the darknet. Now they also forgo scads of income from honest readers like myself. I had planned to purchase many items from their back catalog, items I already have hard copies of, but now I can’t. I can probably scan personal copies for myself, but I would much rather pay them for it and avoid the hassle. I am an underserved consumer!

Safari Books Online (O’Reilly + Pearson) uses a form of social DRM for any books/chapters you download as pdf’s. Each page of the downloaded pdf has your Safari user id, name, and e-mail address in the footer.

Not sure if that discourages piracy.

MS Reader, level 3 DRM. It never conquered the world.

Basically, social DRM discourages casual theft by tolerably honest people. Organized theft simply strips out the identifiers and makes a million copies to sell. If a book is readily available at a fair price, most people are tolerably honest and will pay for it. It doesn’t matter what form it’s in.

It’s the same problem as with illegal drugs. If you attack the wrong end of the supply/demand equation, you just make criminals rich.

Regards,
Jack Tingle

What if I give a book as a gift and the giftee uploads it on all the torrent sites? Am I responsible? What if my computer breaks and the Best buy geek squad steals all my media and uploads all my files?

Honestly, all DRM is breakable eventually. And it only takes one person to break it and put it out there and it is available to everyone. There isn’t going to be a technological magic bullet that is going to solve this problem.

I’m not sure how a reasonable business model can be made on top of any type of DRM. We all know that all DRM can be broken, and it only has to be broken once to be broken for anyone who might come across it. So really, all you’re doing is taking content and making it less valuable for your honest customers.

You’re telling them, “Hey, come buy my book”, but what you’re really doing is leasing it to them under non-negotiable terms. They can’t resell it. You say you won’t go after the people loaning it to friends, but what if they “loan” it to all 20,000 readers of their blog? Where do you draw the line?

I am not aware of any business that takes a perfectly reasonable product, makes it less valuable, and then tries to sell it. And this is what is done with DRMed content. There is absolutely no value added for the consumer.

People have shown, time and again, that they are willing to support the artists that they appreciate. But you have to give them something that meets their needs, is convenient, and is reasonably priced (iTunes is certainly a good example).

If all we’re doing is asking the buyer to act “fairly and reasonably”, why should we sell them something that assumes they won’t comply?

That’s true: We don’t need a “magic bullet,” nor do we need “social DRM.” History teaches us that although security is never 100% perfect, a combination of desirable product and acceptable pricing/services allows the application of just enough security to make circumventing it more trouble than simply buying the product.

What we need then is an e-book product and selling system that the majority of the world accepts as fair, so they can ignore the temptation to steal, or to accept stolen goods from others. As we have exactly that in place for many other products and services, there’s no reason to think we can’t accomplish the same thing with e-books.

If we can’t accomplish that, no social DRM is going to save us.

I have never distributed a copyrighted book I have no right to distribute because my moral code tells me I would not respect myself very much if I did. I don’t need my credit card number encoded into the file to stop me.

There are people who’s morals tell them to steal other people’s work. Some of these same people have the technical knowledge required to get around and remove the credit card encryption and thus distribute the files without sharing anyone’s private information.

There are people in between.

I tend to agree that the best way to decrease piracy is to make ebooks available to everyone at a fair price. Make them so they can be read on multiple devices freely.

There will always be pirates, but a lot of the in-between people will lose interest if they can get a good product fairly.

I’m not against some type of drm, if you can come up with a way for it to not infringe on my consumer rights, or as I keep saying, charge me a small rental fee instead of a high purchase fee. But I don’t know what you’re going to come up with that somebody else can’t get around. So it’s all just wasting time and effort and money while irritating the valuable honest customers.

Uhm, such “social DRM” is also known as “watermarking”. It seems to be an option for audiobooks DRMing some sellers said to be using.

“Can we build a consensus that fingerprinting is honest and respectable, and persuade toolmakers to preserve it on file conversion and not to supply tools for removing it?”
Definately, watermarking is honest and doesn’t say: “Hi, I’m publisher and I think you, consumer, buy this eBook to make illegal copies! I don’t trust you, thief!” as it is now with regular DRM systems. You can always think you’ve got unique, signed copy 🙂

The obsession with prosecution in the comments suggests that all the commenters must be Americans!

I want to make sure that all theft of copyright material is deliberate. I want to make sure that everyone who makes illicit copies is doing so with evil intent.

This can be done by making honest people completely free to deal honestly with the material: they know better than anyone what it is right and wrong to do with it. They need no threats of prosecution to make them behave – the possibility of embarrassment is the only encouragement they need.

But… leaving aside all the philosophical arguments… does any e-book distributor support social DRM (for publishers who want it), or do publishers have to roll their own?

The only issue I have had with eReader format is that it is not readable on my Sony. In such a case, where I have legally bought the book, plan to read it myself and am not a ‘pirate’ and want to read it on my Sony, I have no problems with removing the DRM—social or otherwise—to do so. If eReader was a universal format like MP3 is and readable on any device I might buy, I probably would not be bothered to remove the DRM. My incentive in removing it is to get it onto my chosen device, not to share it.

This can be done by making honest people completely free to deal honestly with the material: they know better than anyone what it is right and wrong to do with it. They need no threats of prosecution to make them behave – the possibility of embarrassment is the only encouragement they need.

That’s great… for the honest people. What about the dishonest ones, who knowingly (and often gleefully) share files illegally, between themselves, under the authority’s nose? Or is the idea to create a bunch of Brute Squads to randomly break down doors looking for illegal content? Because that’s what you’ll need to do to find the people who like being dishonest.

To answer the question: As a self-publisher and e-book distributor, I would not use social DRM, because selling fairly to your customers accomplishes the same thing: It minimizes theft.

Just out of curiosity, Martin, where are you from? And what’s different about the law and morals there compared to the U.S.?

Embarassement will not ultimately work to discourage many file sharers;
many of them believe that books and indeed all information should be
free. They seem to believe that authors should write for nothing more
than an inner urge to write. In fact, many of them are very honest
about sharing files.

Ultimately, we need to keep in mind that modern digital technology makes
it almost as easy to scan a paper book onto a computer and convert it
into an ebook as it is to download an ebook.

To put it in simple terms, no DRM is going to stop the illegal file
sharers. Nor are cheap prices (people shoplift at dollar stores every
day) going to stop them.

On the flip side however, DRM and/or high prices will provide incentives
for honest people to break the law. If you treat people like criminals,
some are going to start acting like criminals. If people feel ebooks
are too expensive for what they are getting, they will turn to cheaper
sources.

So what is the solution? To a certain extent, publishers just have to
accept that a certain amount of file sharing is going to happen. They
can and should crack down on the major sites, but they have to accept
that they probably will never get all of them. Meanwhile, they should
concentrate on making sure that the 90% of people who are honest are not
given a reason to become dishonest and they should work on convincing
the next generation that there are good reasons to pay for books, music
and movies.

I have several documents with my name embedded in it. I also am one of those people who have not given away any books that were not legally free in the first place.

I think a simple social DRM is a good compromise between protecting the rights of the author/publisher and the consumer. I used to work for a friend of mine who owned his own small business where he sold his own handiwork. One night as I fussed with the locks and windows on the shop to make sure that every one was as secure as possible he stopped me and said, “Locks are for honest thieves, if someone wants to steal from me they are going to do it one way or another.”.

@Josh: Your friend was right, but taking the wrong attitude about it.

The purpose of locks is not to keep absolutely everyone out… but to keep most everyone out. In other words, you want more people to think it’s more trouble to break that lock than to just buy the product. If loss is mitigated by the lock, it is considered effective. If you have more loss, install a better lock. If the amount you spend on the lock is less than the acceptable profit you’re making on your product, you win.

Most people who consider doing dishonest deeds do not worry about “embarrassment” as a deterrent. In this society, they shrug, say they’re sorry, and go on with their lives… no harm, no foul.

No: They worry about concrete things like fines and jailtime, loss of income, loss of rights, and loss of property. Social DRM threatens none of these things, so I don’t see any chance of it being effective.

@Steve: I’m going to have to disagree with you.

My friend could have spend twice what all of his stock was worth on the fanciest, strongest lock available, but if someone was determined to steal it they could drive a truck through the wall or cut a hole in the roof, etc. Any way you can think of to defeat thieves, thieves will find a way to defeat it. By buying bigger and better locks you may win some of the battles, but you will still lose the war. You can DRM all you like but in the end those who are determined to pirate it will do so.

@Steve: Also I believe the social DRM that drivethrurpg.com employs was one of the way that Wizards of the Coast tracked the pirates to their dens.

@Josh: Sure, thieves could drive a truck through the wall and steal your friend’s goods. My point was: How many of them did that?

If the locks were enough to keep them from stealing, and they did not resort to driving through the wall… your friend won. The trick is to figure out how much security you need, versus how popular your product is, so people who want it will stop short of throwing the truck in gear and backing it into your storefront at speed.

About the WotC issue: For that to have happened, someone had to turn in a bootlegged copy, or make a bootlegged copy available for someone to find who was interested in turning them in. It will serve to catch a pirate, assuming someone does turn them in (and assuming a pirate stoopid enough to have bootlegged copies with their own fingerprint IDs stamped into them). It does not recover the stolen goods already out there, and which can be bootlegged even further (and thereafter, point back to the original pirates only, not the most recent generation of them).

This also raises the question of someone having a copy of an e-book stolen and bootlegged: Though the purchaser was a law-abiding citizen, the thief gets away with no way to identify him, and the stolen goods are still out there.

Social DRM has too many holes in it to be effective in most cases.

Social DRM is a good name for your scheme but maybe Social Rights Information Management would be better. The rights should be ‘managed’ by the primary rights holder and the users should just handle information about these rights.

Social DRM needs to make it clear that the purchaser of a work has certain rights that others don’t. For example, the purchaser needs to be able to make copies to access the work when and where they want but, in turn, they can’t transfer this right to others. This is, in my view, the fundamental difference between copyright in the analogue world and the digital world; the purchaser needs a ‘ right to copy’ but they should not have the ‘first sale’ right to transfer all their rights to someone else with the transfer of a copy.

One of the objections raised in the comments here is that the person who’s fingerprint was initially on the work could be held responsible for sharing by others who happened to get hold of a copy. To correct this, it must be emphasized that it is the ‘act’ of copying by non purchasers that is illegal not that the purchaser failed to protect the copy. I believe that the work should not be identified with a fingerprint of the purchaser (or anything that directly identifies the purchaser) but with a contract identification that defines who are the rights holders and hence who is entitled to make copies.