While the online music industry is shifting away from utilizing DRM, or digital rights management, the video game industry continues to employ restrictive DRM technologies. Although these two industries are certainly not identical, video game companies may have some important lessons to learn from recent changes made by the major music labels.
Over the past couple of years, the major music labels have agreed to do away with DRM restrictions of digital songs sold through online music stores such as iTunes. DRM has proven to be an unsuccessful strategy for the online music industry, failing to stop the piracy of songs while driving away honest consumers who were frustrated by the lack of control they had over purchased music content. The subsequent decision to eliminate DRM restrictions was applauded by consumers, who are now purchasing online music more than ever. The lesson was a simple one: making your consumers happy is a good business move.
This concept, however, seems to have slipped passed some of the leading companies of the video game industry. Three recently released, high-profile games, Assassins Creed 2, Command and Conquer 4, and Silent Hunter 5 have a new form of DRM protection called “always-online DRM” that is frustrating even the most loyal fans of these franchises.
Always-online DRM requires a user to be online at all times in order for the game to run. On the one hand, this allows video game companies to combat piracy by periodically checking that a user is a valid one. On the other, this can create a truly dissatisfying gaming experience for those consumers who have legitimately purchased a gaming title.
For example, if a user is playing EA’s Command & Conquer 4 in single player mode, which does not require an internet connection, they can be booted from the game and lose the progress they’ve made on their mission if their internet connection happens to go out. One reviewer of the game complained that even without losing the connection, “the spectre of catastrophe hung over [his] head like a razor sharp guillotine.” Even worse, if a user happens to be somewhere that lacks internet service, he simply cannot play the game at all.
While always-online DRM might make sense in some future world in which an internet connection is available everywhere with constant reliability, this is clearly not the case today. Instead, always-online DRM punishes the very consumers who are keeping video game companies in business, those who have legally purchased the games. This approach to DRM, which holds combatting privacy above the gameplay experience of consumers, has proven to be incredibly damaging in the past. For example, another EA game, Spore, was released in late-2008 with DRM restrictions that prevented users from installing the game on more than three machines. In addition, Spore required users to verify that their copy was legitimate each and every time they went online. Users became so frustrated with this highly restrictive DRM system that piracy became rampant, landing Spore at the top of the list of most pirated games for 2008.
The lesson here is that video game companies must be sure that they don’t employ DRM technologies that are so restrictive that they end up alienating the very consumers upon which their businesses depend. While doing away with DRM protection entirely may not make sense for the video game industry, keeping consumers satisfied must be prioritized above and beyond keeping pirates at bay. Otherwise, once-loyal customers may end up joining the pirates in droves.
Harassment is no new phenomenon on the Internet. As astutely stated by Penny Arcade, normal person + anonymity + audience = Total ****wad. (Don’t click if cursing offends!) But for websites that present a platform for user-generated content, harassment has presented interesting new problems. Are these websites liable for user content? Are they simply providers of the platform on which users place content or are they themselves content providers?
Two years ago a Twitter user was harassing a woman named Ariel Waldman over the social networking website. After submitting a complaint to Twitter, an administrator removed the tweets from the public time line. However, when Waldman asked that the user be banned, she received a reply that the comments were not illegal, simply malicious, despite the fact that Twitter explicitly lists harassment as a violation of the Terms of Service, and reserve their right to remove content and users in violation of their Terms of Service (though are not obligated to). Twitter promised to revise its Terms of Service to clarify its enforcement policies, but would do nothing further, for fear of a lawsuit. Jason Goldman, the product manager for Twitter, stated in a post at getsatisfaction.com that “As a communication utility, Twitter does not get involved in disputes between users over issues of content except in very specific situations. Twitter is a provider of information, not a mediator.” In the same post, Goldman also stated that the company was working on improving its blocking feature, which could solve the problem of harassment. Problem solved. The issue was only with Twitter’s ToS, its enforcement of it, and their insufficient blocking tool. Not quite.
John Dozier Jr., an expert in Internet law, says that Twitter may have surrendered its safe harbor under the Communications Decency Act when it edited the user’s page, which it did when it removed it from the public feed. “If they’ve edited content based on their subjective perspective, they put their immunity at risk and virtually their entire online business, because then they’d be liable to defamation claims or anything else that a publisher would,” Dozier says. What if a website had knowledge of the harassment – had seen it, had watched it continue, and were fully aware of the problems it was causing – but did not take any action? Could this lack of action, this implicit approval (or at least lack of disapproval) of the content entangle them in the same liabilities that publishers face? Madeline Rodriguez takes this a step further in her article “Reexamining Section 230 of the CDA and Online Anonymous Speech: Defamation on the Internet and the Websites That Facilitate It.” She says, “if an ICP [internet content provider], and certainly an ICF [internet content facilitator], has reason to know, or anticipate, that at least some of the postings on their website are defamatory, false, anonymous, annoying, or harassing in nature, then they will be considered a co-author of the defamatory, false, anonymous, annoying, or harassing postings, and just as liable as the original poster, losing their CDA 230 immunity completely, and be subject to full monetary, legal, and equitable damages by an aggrieved party.” This seems to suggest that Twitter is co-author of the harassing posts, and as a creator, could be at risk of a lawsuit.
Malcolm Coles, a UK blogger who believes that Italy made the right decision in deciding against Google, argues that these Google executives are absolutely responsible for the content published on their website, because they are responsible for the systems that police that content. While the problem that Madeline Rodriguez presents only seems relevant to cases in which the website owners have actual knowledge of illegal activity, Coles suggests that Google indeed should be able to have actual knowledge of every incidence of illegal activity on their website. He blames Google for not having an adequate policing system, since the video was taken down two months after it was posted (though only two hours after an official request by the Italian police). Coles claims that Google facilitated the posting of the content through its negligence, and that it “has ongoing control over that platform” which involves it in content publishing in a way it does not a “camera-maker or tissue-box manufacturer.”
Harassment presents a new problem for user-driven content websites. It is difficult to find, unlike copyright infringements, often ambiguous, and is obviously a sensitive subject. It also involves publishing original opinions and user-generated content in a way that infringement does not. While I certainly don’t think that websites such as Google, YouTube, Twitter, or the New York Times (for its comments sections) should be held liable for what others post, it is interesting to look at the fine line between facilitator and provider that these sites are walking in the case of harassment.
Last week, Google and bloggers all over had a fit about this ruling, a ruling in which three Google executives were convicted and sentenced to a 6 month suspended sentence (which is apparently legalese for “you’re wrong, we’re right, still feel free to tour our country”) for violation of Italian privacy laws as a result of a video uploaded onto Youtube that depicted a Down Syndrome Autism (apparently the media got this confused. The media getting something wrong? Could this be a trend?) teenager being taunted and beaten up. Why were people so upset with a ruling like this? Clearly if these people at Google allowed for such an atrocious video to be uploaded, they’re evil individuals who need to be put in jail… right? Well, sure. If they were involved and responsible. However, the uproar stems from just how little involvement these convicted “felons” had. They collectively had no idea the video was uploaded until after it was taken down, no involvement with the uploading process of the video (it’s completely automated on Youtube), and no involvement in the creation of said video.
Are they really at fault? Common sense says no. In fact, common sense questions the legitimacy of the Italian court system after such a ruling.
But wait. A group of individuals convicted for something they had no control over, worked with police to remove specific material, and really were too busy to know of everything that was on their website? Let’s take a look at The Pirate Bay.
When The Pirate Bay Trial took place a year ago, one of The Pirate Bay’s (TPB) stronger legal claims was that they provided a service similar to Google: they indexed the existence of so-called .torrents as a search engine and that the content indexed was unknown to the website’s owners.
An aside: My buddy Mike mentioned that there’s definitely a contingency of people who don’t believe Google and thePirateBay to serve the same function. If you’re in that contingency (or if you’re not, but feel the need to click on URLs anyway), check out thePirateGoogle.com (EDIT#2: Seems as though part of the website’s Google script functionality goes down once in a while. Wonder why. If you want to try the same functionality of thePirateGoogle, preface your search keywords with the phrase “filetype:Torrent”).
Because if thePirateBay had just changed their name we wouldn't have any problems...
Additionally, TPB had no involvement in the creation of said files (legal or illegal), no involvement in the uploading of said .torrent file (it’s automated as well), and cooperated with the police when asked to take down explicitly illegal material for which they had proof of (Sweedish Police + Child Porn + Pirate Bay The Tagline is right. It’s really much a do about nothing).
Sounds a lot like what Google is having fits about. So when Matt Sucherman, Vice President and Deputy Legal Counsel for Google says, “Common sense dictates that only the person who films and uploads a video to a hosting platform could take the steps necessary to protect the privacy and obtain the consent of the people they are filming,” doesn’t it indicate that common sense dictates that only the person who films and indexes their illegal movie recording on an search engine platform could take the steps necessary to protect the privacy and obtain the consent of the movie producers who made the original film? I contend common sense does indicate that.
So why then does the public view Google so favorably, yet view services such as thePirateBay as demonic?
Misinformation: The Prosecution’s Strongest Argument
In October of 2007, Alan Ellis, a 24-year-old man from Middlesbrough in the United Kingdom was arrested, his computers seized, and then questioned for many hours. This man was the creator of OiNK, which according to the BBC was an “extremely lucrative” website that:
“The site allowed the uploading and downloading of pre-release music and media to thousands of members.”
An IFPI spokesman said: “Once an album had been posted on the OiNK website, the users that download that music then passed the content to other websites, forums and blogs, where multiple copies were made.
“Within a few hours of a popular pre-release track being posted on the OiNK site, hundreds of copies can be found further down the illegal online supply chain.”
Oh Oink... You're still missed by music lovers everywhere
Now I love the BBC, almost as much as I love NPR (seriously. Great, rather unbiased news sources). But I jumped out of my chair when I read this in class during my junior year in high school. I knew then what others know today: All that stuff is wrong.
Let’s go down the list of things wrong with that IFPI statement:
OiNK was extremely lucrative.
By far one of the funniest claims. OiNK wasn’t making any money. In fact, for most months, it was losing money (not losing a lot of money, but definitely losing money). There were no ads on the website, so you couldn’t make the argument that he received ad revenue. So the only real “income” source that OiNK had was that pink donate button in the upper right hand corner. If someone has a business plan that’s rooted in an unintrusive donate button (that’s about 400 pixels in size and found on only some pages of a website in the upper right hand corner) that’ll be extremely lucrative, please e-mail me. I’d love to start a business with you.
2. OiNK uploaded pre-released tracks and distributed it them to hundreds of websites.
So funny thing about this claim. OiNK actually had a strict terms policy that demanded high quality music found in album form only. Note a couple of things. A) High Quality and B) album form only. The problems with that claim about the pre-release track is three-fold: For anyone who rips music into MP3, it’s hard getting a high quality rip unless you have the actual medium (IE the CD). Second, because of the stipulation for high quality music, pre-released music that comes from a non-traditional medium (IE leaked by an insider), would not have received the final remastering that most music goes through, thus would not meet the quality standards of OiNK. Lastly, if OiNK stipulates that only Album torrents be shown on the website, how would single pre-release tracks be blamed on OiNK?
These two things are among many facts that spread to the general public by IFPI through legitimate new sources, but were grossly inaccurate. So inaccurate that Alan Ellis was A) released from prison after hours of testimony on how his software worked and B) found unanimously innocent by the courts on January 15, 2010, 2 years after the IFPI heralded a great triumph for the music industry.
In the OiNK story, you find a tactic the music and movie industry used by the industry: Corporate propaganda. Whatever, you call it, this misinformation severely hurts potentially innocent case-law, especially in a jury trial. For laws involving such technologically sophisticated mechanisms such as BitTorrent, how would any even-minded, yet unbiased individual differentiate between the facts and the lies?
They don’t. Or rather, it’s very hard to. This same misrepresentation of technology information happened during The Pirate Bay trial as well. The evidence presented by the prosecution during day 5, in which evidenced previously unshared with the defense that depicted inaccuracies in the sharing of files (they had a screenshot of a client, yet no information that explicitly links the material to thePirateBay among other things), exemplifies this discrepancy. If the jury/judge doesn’t understand how tracker information works, how would the defense respond correctly? It becomes increasingly difficult to. Thus, the prosecution gains the advantage for doing such a thing.
When cases such as Alan Ellis are broadcasted as a triumph of good vs. evil, but hold factual inaccuracies, what’s the file sharing website to do? When the court doesn’t understand how magnet linking through bittorrent clients don’t involve the tracker host (FYI, they don’t), how do bittorrent trackers claim safe haven? OiNK is dead and it won’t be back despite the fact Ellis was found innocent. When organizations such as the IFPI gain such an advantage to misrepresent specific facts or to simply tackle cases knowing individuals lack technological knowledge, we all lose.
What the future holds:
“Experts” from all over will tell you that the death of MiniNova means this for P2P and that the verdict of thePirateBay case will mean that for file-sharing, but in reality, nobody’s really sure. P2P is a magnificent tool for sharing information. Clearly, too much information for many music and movie industry advocates. However, through all of this some facts remain clear: Peer to Peer networks provide a valuable resource in terms of crowd-sourcing bandwidth consumption. Gaming companies such as Blizzard have been doing this for years now (Case in point: If you have millions of people trying to update their World of Warcraft clients with a file that’s a few hundred megabytes, you’d use a form of bittorrent too). Twitter has also turned to Bittorrent as a method of managing their bandwidth.
I’m of the personal opinion that legal methods always seem to pre-empt illegal concerns. As the Sony vs. Universal Case showed with VCRs, generally positive uses out shadow the negative ones. Sure, business structures change, but that’s all part of how the world works.
Last week, the Federal Trade Commission (FTC) notified close to 100 companies that their employees have been sharing sensitive customer and employee data on P2P file-sharing networks. The FTC did not release the list to the public, but FTC chairman Jon Leibowitz stated that “companies and institutions of all sizes are vulnerable to serious P2P-related breaches, placing consumers’ sensitive information at risk,” so it is quite possible that some bigger companies were affected, especially those who have many employees who all use computers.
In recent years, with more companies distributing laptops instead of desktops to employees, the problem has grown worse. Users can now take their work home with them, and are therefore more likely to mix their business and personal lives on the same computer, installing file-sharing programs to download their favorite songs, for example. After installing these programs, users are asked what folders they would like to share, and it’s easy for a casual user to breeze through this dialogue, accidentally selecting their documents folder containing all of their (and the company’s) sensitive files.
LimeWire share folder selection
This problem has actually become so common that there are “cybercrime gangs” that are dedicated to searching P2P sites to obtain sensitive documents. In their investigation, the FTC reported that they easily found everything from financial records to social security numbers, perfect for use in an identity theft. To test this, I fired up LimeWire, clicked on “documents” (in the search categories) and typed in “taxreturn.pdf.” Sure enough, after only a few seconds, I was able to download someone’s electronic tax return (completed in TurboTax), complete with financial information and social security number! After my experiment, I had no doubts in the FTC’s claims.
Searching LimeWire for taxreturn.pdfThe downloaded tax return (redacted by me)
The FTC has been pushing for tighter regulation of P2P software for years. They are in favor of legislation that requires P2P file-sharing programs to provide clearer notice about what files are being shared, and make sure that consent is obtained to share those files. Many industry watchers see P2P traffic growing exponentially (by some estimates, up to 400%) in the next few years, so the problem will only get worse. To address this, the government has finally acted—H.R. 1319, or the “Informed P2P User Act,” has been passed by the House and is currently being reviewed by a Senate committee. It would let the FTC place civil penalties on the P2P program distributors who do not meet a certain standard of providing “clear and conspicuous notice, in advance” to users about what specific files and folders the P2P program will share, and obtaining consent from the users before sharing those files on the public P2P network. There is also another bill being reviewed by Senate committee, H.R. 4098, or the “Secure Federal File Sharing Act,” which would require the government to issue rules regarding the use of P2P software by government employees, the people who are likely to have confidential information on their computers.
The issue of accidentally sharing confidential files via P2P has existed for a long time, probably since the advent of Napster. Yet, over ten years later, the Senate is only now considering legislation to make P2P programs safer. Why the delay? It seems like the government ignored the problem for a long time due to the illegal nature of P2P. Perhaps they felt that by creating legislation regarding P2P file sharing, they would be legitimatizing these programs. At this point, however, it is clear that P2P file sharing is not going anywhere anytime soon, and it has become mostly accepted in our society. Therefore, I’m glad that the government is taking steps to make P2P software more secure, rather than just shoving the problem under the rug and hoping that it goes away.
**Note: For my blog post, I will focus on music in P2P, although P2P technologies are also used to share books, software, and personal files.
There was an era just a few years ago when P2P was the way to get music for cheap. P2P, which is a network architecture system through which users are both consumers and suppliers, filed into the mainstream with the advent of music sharing. Back in 1999, Napster up-ended the way music could be perceived as a “private” good when it became easy and free to obtain music. Over the last decade, P2P technology has grown to enable the mainstream public (the more the better) to obtain music for free. As music is increasingly more characterized as a public good (that is, the only real “price” of obtaining music is the small amount of bandwidth necessary to download), will there be a tragedy of the digital commons? [the link provides background info], and how does anyone prepare for it?
The landscape of P2P has changed. Interestingly, The NPD Group research company announced that in 2009, there was a 25 percent decrease in illegal file d
ownloading in the U.S. on P2P web
sites. Interestingly, NPD reported that despite the decrease in file downloading and move toward ad-supported music web sites, the “musical industry saw 24 million fewer legal
music buyers in 2009,” which included, “1 million fewer buyers of music downloads” (CNET). This trend means that not only are music industries losing money, but the file sharing rates (including, but not limited to music) have fallen as well. With falling levels of use of legitimate forms and illegal forms, is there a winner? How can there be a winner? Is there a better way to balance social surplus (the pleasure of having music) with the surplus of a company (revenues)? The grave question is: will there be a point at which neither music producers nor users will be incentivized to keep producing music for consumption?
This could mean several things: 1)discouraged by the now “expensive” costs of official music, consumers opt out of buying; 2)accumulated files from P2P sharing means there are fewer reasons to purchase music; and 3)consumers have found superior options. Undoubtedly, the trends seem to suggest that there is a move away from ownership of music, whether it’s legitimate or pirated.
In our readings, we discovered that the battle over the ownership of media is not new. In fact, during radio broadcasts were treated similarly until collective licenses were distributed. Without a way to eliminate such illegal web sites, music producers/distributors are forced to come up with new ways to bring up revenues. The models today for how music can be distributed generally fall into three areas (please refer to Fingertip for specifics), which include free music, a fee for music (access), and a monthly “bill” for music.
The model that Matt brings in seems to suggest there is some sort of equilibrium through which, the resources that we have now charged at a fair price will create an effective sharing of music that somehow maintains quality, profits, and demands. If NPD’s numbers are correct and the trends will continue to demonstrate that p2p utilization is falling along with music industry revenues, that means that “choosing the right package” may not be as feasible (or a stable solution). As distribution rates fall with musical industry revenues, any “model” to fit does not appropriately predict for future environment for music sharing. Even if music industries were able to obtain collective licenses to create such pricing models, I question whether there is truly a stable state where the profits of these companies will be able to large enough to compensate for falling demand.
A comparison of battery consumption between two individuals.
Peer-to-peer networks have come under a lot of fire over the past few years. Some of them have been able to slide under the radar by being very selective about their members, others have faced serious litigation, and a few have won their battles by squirming into the light of the DMCA’s safe harbor. One thing that hasn’t changed, however, is the technology. BitTorrent clients are freely available for download, and can be found easily with just minimal effort. P2P use scales beautifully: the more people using the service, the faster the downloads. And ever so slowly, its beginning to catch on as more and more legitimate means for distribution. Twitter is launching a new service based on BitTorrent technology to help lower the downtime on their central servers; instead of sending out updates to their various servers world-wide and rely on a lengthy direct download process, they will be using their servers as seeds in their own private swarm (it should also be noted that this project is named Murder for the flock of crows, not premeditated homicide). While this doesn’t involve the public as direct seeders, it still is a very valuable look at the legitimacy of P2P downloads. Another example, and indeed one of my favorites, is that of World of Warcraft, which has been using P2P technology to deliver its content for years. Granted the system isn’t ideal (it only seeds while downloading to avoid posing any undue bandwidth issues during play) and trying to deliver half a gigabyte of information to over 13 million people (or whatever the current number is) simultaneously without dedicated seeders upon completion isn’t the ideal system, but it improves download speeds regardless.
Society will find a way to fill its needs.
Now lets talk about piracy a little bit. Piracy has been intimately connected with P2P ever since it strolled out into the daylight. Lots of people with the same idea in mind using software that connects them, with the added benefit that the more connected they are, the faster their downloads? A match made in heaven. But P2P and its use for file-sharing runs into some moral boundaries and arguments. Is file-sharing a new distribution method or just plain stealing? Is it fighting the powerful ‘evil’ corporate machine or killing music and creativity? Then the economics arguments come in. Music can’t work this way, it will never happen! Or, music is a cultural phenomenon, it won’t respond to market forces. But this isn’t true. Economics works as it always does.
Digitalizing creates an ‘infinite supply’ (perhaps limited only by your bandwidth) and drives costs of production to near zero (or in terms of bandwidth, rent-sharing occurs when downloaders provide the bandwidth through seeding), then the price at which individuals are willing to purchase it becomes zero. Economics says free music is the way to go, its just an ugly/frightening answer for some. I agree that free music can’t work, or at least completely free music. People talk about Pandora (which I consequently love) and Last.fm, but until a reliable wireless network can stream it to me wherever I want, then this cannot be a replacement. The best approach I have seen thus far is the EFF’s. In a nutshell, utilize the technology that is already here, utilize the systems that are already in place, and charge an amount that people are willing to pay. Society will fill its needs in whatever way necessary, even if its illegal. To avoid piracy, simply provide that same service at a reasonable price. Legalize a system, and then constrain it to fit a model. Use P2P for distribution and hosting, allow members to upload what they want, and use share ratios for ‘benefits’ or some small form of currency. Monthly fees will be paid to copyright holders based on their files’ popularity over the payment period, making it a merit based system. People may scoff or freak out, but this is the same system we have for cable television. Or internet subscriptions. Or satellite radio. Or libraries (well, mostly). It isn’t revolutionary, its a natural progression. The music industry (artists, etc) will be outsourcing its hosting efforts to its consumers, and be getting paid for it. Consumers can pick the right package for them, maybe they want infinite downloads at a higher price, or a set amount of data. There are plenty of ways to make the system work well, but no one wants to take a chance.
P2P technology isn’t running away, and neither are the music industry’s problems. Piracy is a natural approach to filling society’s unmet needs. Fill the needs with a system that cuts production costs, turns your consumers into producers and distributors, and gain back a significant market share.
Just when pirates thought that leaving the open sea meant safety.
Yale Law Tech 
