Yesterday Alex wrote about how SonyBMG’s XCP CD copy protection software includes a feature – apparently built on illegally copied open-source code – to translate music files into the FairPlay format used by Apple’s iTunes and iPod, but the feature was not exposed to users. The details are interesting. But equally interesting, I think, is the question of how this situation came about. Why would Apple make compatibility so difficult? Why would First4Internet go to the trouble to make its software compatible? Why would First4Internet and/or SonyBMG then turn off this already-working feature? And why would SonyBMG then blame Apple for the difficulty of moving XCP files into iTunes and iPods?
Today I’ll try to answer these questions. My answers will be speculative, as I’m not privy to any special information about the companies’ plans. But the story I’ll tell should be plausible, at least, and it will shed some light on how companies use DRM (copy protection) as a weapon in struggling for market supremacy.
Let’s start by reviewing why Apple makes it hard for others to encode files in the Apple FairPlay format that is used by iTunes and the iPod. Apple could easily facilitate such encoding if it wanted to; but it doesn’t. Instead, Apple seems to be trying to ensure that customers are locked in to a particular DRM scheme. This is the strategy we would expect from a company with high market share – customers try to avoid lock-in, but if they must be locked in they typically choose to be locked in to the dominant vendor. So the dominant vendor – Apple in this market – often tries to foster market structures with lock-in.
Recall that when RealNetworks, an Apple rival, created its Harmony software, which could translate Real-format files into FairPlay, Apple cried foul. Apple hung the dreaded “hacker†label on RealNetworks and threatened to sue on some vague DMCA theory. When Real didn’t back down, Apple just changed the FairPlay format, rendering Real’s software incompatible once again. Apple was willing to use both legal threats and technical changes to frustrate compatibility.
First4Internet (F4I), in developing its XCP copy protection software, started out with no market share. F4I knew that customers wouldn’t want its software, because the main effect of the software is to stop customers from doing things they want to do. F4I wanted to reduce the unpleasantness of using its software, and one way to do that was to give customers a way to transfer XCP music files into iTunes or an iPod. And that meant translating the files into FairPlay format. To do this, F4I could have reverse-engineered iTunes and written code to do the translation. Instead, it apparently just swiped some open-source code called DRMS (written by Sam Hocevar and DVD-Jon), in violation of the DRMS license. Using this code, F4I built a working translate-to-FairPlay function as part of its software.
At some point, F4I licensed its software to SonyBMG. F4I would surely have told SonyBMG about the FairPlay compatibility feature. But when SonyBMG CDs shipped with F4I’s XCP software on them, the compatibility feature was disabled and hidden from users. Somebody must have decided to disable the feature, and it’s hard to believe it was anybody but SonyBMG. SonyBMG was F4I’s first major customer. SonyBMG was putting its name on the CDs. And SonyBMG would have been the main target for hacking accusations and/or lawsuits from Apple. So we have to conclude that SonyBMG chose not to make the software on its CDs FairPlay-compatible.
Why would SonyBMG do this? It would have been easier to retain compatibility, and SonyBMG’s customers would have benefited. So SonyBMG must have thought compatibility would hurt it, somehow. How might that happen? Perhaps SonyBMG was afraid Apple could bring a successful lawsuit against it; but that seems unlikely given the apparent weakness of Apple’s legal claims. Two other theories seem more likely.
The first theory is that SonyBMG wanted to avoid the public spectacle of two DRM companies fighting with each other. DRM advocates like to argue (against the evidence) that the only impact of DRM is to prevent infringement. When DRM companies fight over compatibility, this just emphasizes the role of DRM as a strategic tool companies use to lock other companies out of markets, and that sets back the cause of DRM. Much better from SonyBMG’s viewpoint, perhaps, to maintain the fiction of one big happy DRM family, even if customers suffer.
The second theory is that SonyBMG was trying to fragment the world of music-file formats, in order to reduce Apple’s negotiating power. Record companies have been complaining lately that Apple, as the biggest seller of Internet-delivered music, has too much market power. Apple’s market power helps it drive a hard bargain with record companies in negotiating the price and terms of Apple’s online music sales. SonyBMG, as a record company, would like to see Apple’s market power shrink.
Whichever explanation is right, it certainly appears that SonyBMG decided that XCP shouldn’t be compatible with FairPlay.
What SonyBMG did next showed a particular sort of genius. It blamed Apple for the incompatibility. Indeed, SonyBMG went so far as to ask its customers to petition Apple to solve the problem. Here’s SonyBMG’s web site:
Sony BMG wants music to be easily transferable to any device that supports secure music. Currently, music from our protected CDs may be transferred to hundreds of such devices, as both Microsoft and Sony have assisted to make the user experience on our discs as seamless as possible with their secure formats.
Unfortunately, in order to directly and smoothly rip content into iTunes it requires the assistance of Apple. To date, Apple has not been willing to cooperate with our protection vendors to make ripping to iTunes and to the iPod a simple experience.
If you believe that you should be able to easily move tracks from your protected CD to your iPod then we encourage you to use the following link to contact Apple directly and tell them so. http://www.apple.com/feedback/ipod.html
If you were SonyBMG, and you were clever but not overly concerned with telling the truth in public, this is exactly what you would say in this situation. Why pass up a chance to paint Apple as the bad guys?
Running through this whole convoluted tale are two consistent threads. DRM is used as a weapon not against infringers but against market rivals. And when companies use DRM to undermine compatibility, law-abiding customers lose.
Anonymous,
The answer to your query is pretty simple, I think. Coral and the other systems you mention are basically vaporware.
Interoperable DRM is a contradiction in terms, as I explain in a previous post.
Sony is a founding member of the Coral Consortium a group working towards DRM interoperbility .
http://www.coral-interop.org/
They also own Intertust with Phillips who is creating trusted computing inititatives and the framework for Coral will be Built with intertrusts technology in the form of Nemo and Octopus.
“NEMO, or Networked Environment for Media Orchestration, is Intertrust’s reference technology environment for interoperability between different DRM systems. As people build diverse proprietary DRM functionality into devices and services, the problem of transferring content from one to the other becomes significant. DRM systems are typically very protective of their content, and resist transferring that content to other DRM systems.
Traditional approaches to DRM interoperability have either required universal use of the same DRM system or for DRM systems to be connected to each other in a bilateral agreement. The former eliminates freedom of choice and creates dependencies on a single platform that can limit device and service performance. The latter does not scale and again limits the market to a small number of options. NEMO resolves the issue of incompatible DRM technologies by leveraging service-oriented architectures (SOAs) to create a secure medium through which DRM systems can communicate dynamically. In this sense, NEMO is to DRM systems what TCP/IP is to computers – a way of networking processors to exchange information. Of course, with DRM systems, secure networking is essential, and NEMO offers ways to achieve this. Using SOAs, NEMO provides proprietary DRM services with a way in which to communicate and request each other’s operations, without needing to know anything about the proprietary workings of the services. ”
“Octopus is a toolkit for building DRM engines. In a market where true DRM interoperability is present, people will be free to build their own DRM systems for a given application. Unlike traditional DRM technologies, it is, by design, an open specification for enabling implementers to DRM-enhance their systems, applications, and devices without giving up control of their platforms. By being an open specification rather than a black-box implementation, Octopus leaves the choice of cryptography, operating system, software vendor, implementation, and business model in the hands of the adopters.
Octopus is made up of a simple and powerful architecture consisting of basic building blocks. These basic building blocks provide ways of protecting digital content, expressing usage rules for the content, evaluating usage rules, and binding content, encryption and usage rules with a variety of models.
When combined with other technologies (i.e., cryptographic ciphers, multimedia file formats and codecs, application user interfaces, and web services) developers can design and implement complete DRM systems rapidly.
Octopus initially targets the protection and consumption of digital multimedia, but can be used for any type of digital content. Octopus was designed to be implemented in systems as small as smartcards and as large as enterprise servers that power e-commerce back-end systems. Octopus runs on a variety of different operating systems and a wide range of hardware platforms.”
http://www.intertrust.com/main/research/reference.html
Then theres the Marlin Joint Development Asssociation to Make all these things work
http://www.intertrust.com/main/news/2003_2005/050119_marlin.html
Somthing is fishy(pun) here why would Sony contract a comany like First4Internet when they own thier own DRM company with Phillips and why has the Coral Consortium been so slow to get a framework released ,is it they want other DRM systems to fail including Playfair so they can Roll out NEMO ,Coral and Octupus and state they are using an industry aproved interoperable standard ………..Stay Tuned.
Scott,
If Apple refuses to license its DRM format, then how can SunnComm claim to be already compatible with it? Or are you saying, “If Apple opens up the iPod to accept the MS DRM format audio, then we will be compatible with it”? Saying such a thing is intellectually dishonest. That’s kind of like saying, “If my neighbor’s car used a different lock, I could his car with my key.”
[quote]SunnComm’s CEO, Peter Jacobs, has claimed that MediaMax is backward compatible with Apple’s iPod. I can’t remember when it was originally stated. Maybe at their last Shareholder Meeting. But it has been repeated by many posters on various SunnComm message boards.
Has anyone checked to see if they have that same code too that XCP uses[/quote]
A1) yes.
A2) it most definately does not. it’s pure microsoft DRM.
q) why do you think the true IPOD solution (to encode on the fly to their format) is such an issue for MediaMax?
a) because sunncomm went the high road with trying to sort out a solution that was compatible for all, users included.
Conspiracy theories are fun, aren’t they. But I think that Ed modified by the investor post have got it. XCP wanted to provide a Mac compatible version, but tried to develop it without telling Apple, so went for the existing open source code. But since they didn’t have Apple approval, when they shipped v5 to Sony, they left the code switched off. Sony probably didn’t even know. But they are learning the hard way the perils of being a software distributor the hard way.
Ed, thanks for the correction. But as you say, the point still holds — I really doubt this code was there because of an impending deal with Apple.
CTO1:
Your theory makes some sense, but it’s hard to reconcile with F4I’s use of the DRMS code. If Apple were on board, the code to interoperate would have come from Apple, or would have been written by F4I based on technical information from Apple. And the code wouldn’t have shipped in the product (even if disabled or hidden) until an agreement was reached with Apple. It seems to me that F4I would only have used the DRMS code if they were developing this feature on their own.
Sony are Members of the Interoperable DRM Framework – Coral Consortium and they own Intertrust with Phillips so They are working towards a interoperble DRM already and once a Interoperable DRM framework is workable I predict that Apple will either join or be left as the only company left trying to create a old world monoploy with Fairplay.
http://www.intertrust.com/
http://www.coral-interop.org/index.html
The Jacobs comment could be just hype that he wrote to the investor. Its typical of him. The “we’re on track for beating the 145,000,000 cds for the year” is utter garbage. Actual shipments this year look like being under 30M based on extrapolations of reported revenue and the SunnComm shills are calling the 145M projection over-exuberance (they actually called the 145M a conservative forecast at the time).
In November 2003 (6 weeks before year end) he forecast $1M in revenue for the year in an e-mail to an investor. Actual revenue was less than $10K. Remember, when he made the forecast, all CDs to be copy protected would have already gone to manufacturing so forecasting should have been a no brainer. By comparison, FY04 revenue was just $106K and FY05 looks like being less than $150K.
And to put all this in perspective, he “supposedly” walked away from a $20M deal in 2000, with Will-Shown Technology of Taiwan – a deal that was signed, sealed and delivered, because they decided to concentrate on the domestic market instead. Proof of what many have already stated – that the deal was a fabrication because Will-Shown doesn’t exist. No one has ever found any reference to the company other than in relation to the SunnComm PR, yet they called it a Major Pacific Rim CD Manufacturer.
Excuse the OT comment, but what he says in e-mails to investors should not be taken seriously.
Sunncomm/Mediamax shill:
“Apple is about to agree to join their successful DRM structure to Sunncomm’s unlabeled malware that secretly installs and runs on their computers whether they agree or not!”
Apple rep:
“Security? We’ve got a situation at the front desk… Yes, bring the dogs.”
If it weren’t for the Peter Jacobs email, I would have said it’s *possible* that Sony disabled the (L)GPL code because they were sort-of aware of the licensing issue.
They should have deleted it from the product in that case, so it would still be incompetence, but the Peter Jacobs email does tend to discount that theory.
Cheers,
Wol
the only thing running rampant is the idiocy of drm shills like you.
SunnComm Makes Security Update Available To Address Recently Discovered Vulnerability On Its MediaMax Version 5 Content Protection Software, Which Is Included On Certain SONY BMG CDs
December 6, 2005 – San Francisco, CA and New York, NY. The Electronic Frontier Foundation (EFF) and SONY BMG Music Entertainment (SONY BMG) said today that SunnComm is making available a software update to address a security vulnerability with its MediaMax Version 5 content protection software on certain SONY BMG compact discs (CDs). The vulnerability was discovered by the security firm iSEC Partners after EFF requested an examination of the SunnComm software.
“We’re pleased that SONY BMG responded quickly and responsibly when we drew their attention to this security problem,†said EFF staff attorney Kurt Opsahl. “Consumers should take immediate steps to protect their computers.â€
“We’re grateful to EFF and iSEC for bringing this to our attention,†said Thomas Hesse, president, Global Digital Business, SONY BMG. “We believe that the availability of the update coupled with our campaign to notify customers will appropriately address the CDs with MediaMax Version 5 in the market.â€
SunnComm as well as independent software security firm NGS Software have determined that the security vulnerability is fully addressed by the update. NGS Director Robert Horton said, “After carefully researching the security vulnerability presented to us by SONY BMG, we have determined that it is not uncommon and, importantly, it is easily fixed by applying a software update.â€
The security vulnerability on SunnComm MediaMax Version 5 software differs from that reported in early November on First4Internet XCP software contained on certain SONY BMG CDs. A full list of the 27 U.S. SunnComm MediaMax Version 5 titles is included in the link below. Consumers can download the software update that is designed to address this security vulnerability from SunnComm’s and Sony BMG’s websites at http://www.sunncomm.com/support/updates/update.asp and http://www.sonybmg.com/mediamax.
The security issue involves a file folder installed on users’ computers by the MediaMax software that could allow malicious third parties who have localized, lower-privilege access to gain control over a consumer’s computer running the Windows operating system.
SONY BMG will notify consumers about this vulnerability and the update through the banner functionality included on the player, as well as through an internet-based advertising campaign. The update is also being provided to major software and Internet security companies. EFF and SONY BMG urge all consumers who receive notice to download and install the patch immediately.
In accordance with standard information security practices, EFF and iSEC delayed public disclosure of the details of the exploit to provide SunnComm the opportunity to develop an update.
Full list of titles affected:
http://www.sonybmg.com/mediamax/titles.html
Links to update:
http://www.sunncomm.com/support/updates/update.asp
http://www.sonybmg.com/mediamax
iSEC Partners Report on the Vulnerability:
http://www.eff.org/IP/DRM/Sony-BMG/MediaMaxVulnerabilityReport.pdf
iSEC Partners:
http://www.isecpartners.com/
NGS:
http://www.ngssoftware.com
About EFF
The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression and privacy online. EFF is a member-supported organization and maintains one of the most linked-to websites in the world at http://www.eff.org/
About SONY BMG MUSIC ENTERTAINMENT
SONY BMG MUSIC ENTERTAINMENT is a global recorded music joint venture with a roster of current artists that includes a broad array of both local artists and international superstars, as well as a vast catalog that comprises some of the most important recordings in history. SONY BMG is 50% owned by Bertelsmann A.G. and 50% owned by Sony Corporation of America.
# # #
Contacts:
John McKay
SONY BMG
212.833.5520
Cory Shields
SONY BMG
212.833.4647
Kurt Opsahl
Staff Attorney
Electronic Frontier Foundation
415.436.9333 x106
http://sonybmg.com/mediamax/statement.html
Conspiracy Theory #3:
Apple has a secret deal with Sony/BMG to license FairPlay to them in the near future. This is why FairPlay was already implemented in the software.
Because of careful timing and precise marketing, the deal has not yet been made public.
I have found the source of that comment from Peter Jacobs. It was in an e-mail sent to an investor in May this year. The investor later reproduced it on the Investorshub message board for SunnComm
http://www.investorshub.com/boards/read_msg.asp?message_id=8279268
The revenues will continue to build….we’re on track for beating the 145,000,000 cds for the year and we’re moving as fast as our people can move toward finishing the merger. Our Apple/iPod interface is complete and, although Apple hasn’t given us the word yet, every MediaMax V.5 going off the assembly line is backward compatible with iPod so we’re more than ready. I’d like things to move faster and am doing everything I know how to keep all those involved extremely focused. Sorry it’s taking as long as it is, but I absolutely believe we’ll win the race. There will be a time soon that no one will be able to keep our pps down. I hate getting jerked around as much as you, but this is OUR year and we will have the last laugh.
More to come.
Thanks for your support.
pj
I agree with Anonymous
“How about if Apple and Sony were in negotiations for compatibility and Sony included the software to be activated once the negotiations were complete. ”
SunnComm’s CEO, Peter Jacobs, has claimed that MediaMax is backward compatible with Apple’s iPod. I can’t remember when it was originally stated. Maybe at their last Shareholder Meeting. But it has been repeated by many posters on various SunnComm message boards.
Has anyone checked to see if they have that same code too that XCP uses.
Steve R. writes: “For example, I was personally surprised when I download the Serenity movie trailer, a free product, only to find that the trailer would not play with Nero but would play with Windows Media Player.”
Rather than another example of malicious DRM at work, it is much more likely that the movie trailer uses newer codecs. These may have been added to Windows Media Player through the Windows Update process, but have not been added to the Nero media player.
However, that all by itself is a good argument for open standards. Proprietary codecs may not be considered DRM, but they’re every bit as inconvenient for the user.
–Beneficent Bob.
One thing not mentioned in the article is that non-DRM music will play fine on iPods (ie Mp3 files) If any company wants to be compatible with iPods all they have to do is sell mp3 files without DRM. This is the workaround that Sony suggests on their website – make unprotected Mp3 files. This adds weight to Ed’s assertion that DRM is primarily used to block competition and enhance market share, and the most common secondary effect is harm to consumers. Of course Sony’s incompetance means that they have failed to enhance their market share this time…
One can only hope they see sense and don’t try again!
I posted the following below on http://www.gripe2ed.com/scoop/ a few weeks ago.
We have been focusing on the immediate outrage of the Sony rootkit debacle infecting our computers with malware. For those of us who are paranoid, there is an underlying question concerning the use of DRM that has not been adequately explored. Do any of the companies using DRM, use it in a malicious manner? For example, to disable a competitors product. The simple fact that Sony used a stealth technology to trespass onto and gain control of your computer implies that a degree of paranoia is justified.
Briefly, this discussion can be divided into two parts. First is the use of DRM to “lock” the user into a proprietary technology that will only work with a particular product. For example, I was personally surprised when I download the Serenity movie trailer, a free product, only to find that the trailer would not play with Nero but would play with Windows Media Player. One poster that I ran across said that he had trouble transferring files from his Hi MD walkman to his computer. These are examples of were the media content has been “locked” so that it will only work with a particular vendor’s product. By way of the yea olde automobile analogy, your car refuses to start when it detects that you installed a Ford oil filter on your old Chevy.
Second, the focus of this post and a much more serious issue, concerns whether a DRM technology has actually been used to disable a competitors product. For example, I have heard indications that one of Sony’s DRM implementations may disable iTunes from working on your computer. By way of the yea olde automobile analogy, your car fries your ignition system to disable your car when it detects that a Ford oil filter was installed on your old Chevy.
These are serious concerns based on the trend for corporations to control how we use what they assert is their content. The discovery of the Sony rootkit was an accident waiting to happen and it took a while, just over a year, for it to be uncovered and exposed. Sony, it appears, introduced the rootkit technology in mid-2004. Mark Russinovich uncovered the rootkit problem in late October 2005. Now there are an untold number of computers that have been severally comprised and may not work correctly. DRM technologies may be doing things we have yet to uncover. Uncovering what they are doing requires extensive engineering knowledge. Because these programs are hidden, we usually only find out about them when they fail, which leaves the proverbial smoking gun. Fortunately, forums such as Gripelog provide us with a means of raising these issues and exposing malware. Does anyone know whether companies have been or are using DRM to actually disable a competitor’s product?????????????
Dave,
At the time it was released (and for some time thereafter), it worked with the then-current version of FairPlay.
I agree with Justin Kerk: I figure Sony wanted to avoid the poor user experience that would result from having their songs kinda sorta sometimes work on consumers’ iPods. It’s not very professional to have to scramble to re-release your software every time Apple releases an iTunes update (a la JHymn/Harmony)–it’s better that it just not work at all.
Except for the fact that the Sony code worked only for an older version of FairPlay. So what good would activating it to “allow iPod compatibility as soon as possible” do? Nice try to make Sony look less stupid/evil, but no go.
How about if Apple and Sony were in negotiations for compatibility and Sony included the software to be activated once the negotiations were complete. Then Sony’s motivation would have been to allow for iPod compatibility as soon as possible – helping the consumers enjoy their CD while attempting to curb illegal copying activity, which is currently running rampant.
There’s another possible motivation too. If Sony enabled this iTunes compatibility feature, presumably Apple would quickly change their system again to defeat it like they did with RealNetworks. Then Sony would have the support nightmare of large numbers of users finding that the iTunes compatibility software they had been using (or were just trying to use for the first time) fails for no obvious reason. It’s harder to blame Apple for the problem if the software has been shipped but just doesn’t work, even if it really is Apple’s fault (“Wasn’t it working when you shipped it? How come you were able to do it before but not now?”).
Even open source requires the protections provided by copyright. This is not a blanket approval of current copyright, but is instead a caution not to throw the baby out with the bathwater.
The fact that Sony will assist its customers in circumventing XCP in order to copy their music to an iPod betrays their true motive for using DRM.
Ed, I think your guesses are spot-on. I’ve been inside companies that use intellectual property not to add value for the customer, but to lock out competitors. My experience tells me that there’s more than just a kernel of truth in your speculations. I love my Mac, and I do buy some music from iTMS, but I am convinced of the evil of DRM, and indeed, of the government-granted monopoly of copyright generally. The FOSS movement has proven the viability of production without the inducement of government-granted monopoly. Now, it’s time for public policy makers in this country to recognize how unbalanced IP protections have become.
Dialog box of the future…
Example.com ExampleWare is not allowed to perform the action “cut”. This action is blocked by other software installed on this system. If you would like to enable this action, you will need to obtain permission from the vendor of the other software.
Software vendor name: Apple Computer, Inc.
Software vendor toll-free contact number: 1-800-275-2273