By EFF Deeplinks Blog
The Apollo 1201 project is dedicated to ending all the DRM in the world, in all its forms, in our lifetime. The DRM parade of horribles has been going strong since the Clinton administration stuck America with Section 1201 of the Digital Millennium Copyright Act (“DMCA”) in 1998. That law gave DRM special, hazardous legal protection: under that law, you’re not allowed to remove DRM, even for a lawful purpose, without risking legal penalties that can include jailtime and even six-figure fines for a first offense.
That’s a powerful legal weapon to dangle in front of the corporations of the world, who’ve figured out if they add a thin scrim of DRM to their products, they can make it a literal felony to use their products in ways that they don’t approve of — including creative uses, repair, tinkering and security research. (There’s an exemption process, but it’s burdensome and inadequate to protect many otherwise legal activities.
EFF is committed to halting that parade of horribles, but it hasn’t been easy. Here are seven of the DRM low-points from 2017, and two bright spots that give us hope for the year to come.
- The World Wide Web Consortium published its standard for browser-based DRM. We fought this from its inception, and even conceived of a compromise that would allow the corporate members of the W3C to get DRM in browser, but limit their ability to leverage the DRM to inhibit security research; stop a11ies from making their products accessible for people with disabilities; thwart archiving by libraries; and control who got to compete with them. The corporate members refused and the W3C caved, publishing the Encrypted Media Extensions standard without the consensus that the organization has prided itself on for 25 years. Three billion web users now have browsers with new attack-surfaces and new risks to their financial, familial, educational, personal and professional life.
- Sony revives the DRM-encumbered robot pet. It’s been 15 years since Sony used Section 1201 of the DMCA to shut down the community that had sprung up to extend the functionality of its Aibo robot dogs, threatening people with lawsuits and jailtime for modifying their dogs’ operating systems. Now, Sony has brought back the Aibo and with it, revived its view that you can never truly own a product you buy from the company. The new, $1700 Aibo has a mandatory $26/month subscription fee, tethering it permanently to a Sony server. I will bet you anything that anyone releasing a mod that allows the Aibo to run as a standalone will get both a DMCA 1201 (circumventing DRM) and CFAA (violating terms of service) threat. Just your latest reminder that in the 21st century, we are increasingly relegated to the status of digital tenants, renting our gadgets on terms unilaterally set by their manufacturers.
- The most powerful DRM in the video games industry is cracked within hours of release. Denuvo is billed as the video game industry’s “best in class” DRM, charging games publishers a premium to prevent people from playing their games without paying for them. In years gone by, Denuvo DRM would remain intact for as long as a month before cracks were widely disseminated. But the latest crop of Denuvo-restricted games were all publicly cracked within 24 hours. It’s almost as though hiding secrets in code you give to your adversary was a fool’s errand.
- Someone made a $400 kettle that only took DRM tea-leaves, and irony died forever.Did you buy a useless $400 “smart” juicer and now feel the need to accessorize it with more extrusions from the DRM dystopia timeline? Then The Leaf from Teaforia is just the thing: it was a tea-maker that used DRM-locked tea-pods to brew tea in your kitchen so you don’t have to endure the hassle of having the freedom to decide whose tea you brew in your tea-brewing apparatus, and so that you can contribute to the impending environmental apocalypse by generating e-waste every time you make a cup of tea. If you were unfortunate enough to shell out $400 for this thing, you got played, because they went bankrupt in October.
- All the virtual rabbits in Second Life faced starvation because of DRM virtual rabbit-food. Every Ozimal digirabbit in the venerable virtual world Second Life faced terminal starvation (well, permanent hibernation) this year because a legal threat has shut down their food-server, and the virtual pets are designed so that they can only eat DRM-locked food, so the official food server’s shutdown has doomed them all. Ozimals LLC, the company that created the digipets, shut down last year, and Malkavyn Eldritch, a volunteer, kept their food-server online. Edward Distelhurst and Akimeta Ltd say that Ozimals shut down owing him a lot of money. The case has dragged out at great length, with court orders and reported bad faith from the owners of Ozimals. Edward Distelhurst and Akimeta Ltd sent a cease-and-desist to Eldritch, demanding that he “cease all use of Ozimals intellectual property.” This means that he’s shut down the server, which immediately killed every virtual puffin in Second Life — the virtual rabbits will take longer to die, because they can retain some virtual, DRM-locked food in their bellies before they starve to death.
- North Korea unveiled a DRM-encrusted surveillance tablet. The Ullim Tablet is the latest mobile device from North Korea to be subjected to independent analysis, and it takes the surveilling, creepy nature of the country’s notoriously surveillant Android devices to new heights of badness. The Ullim analysis was conducted by researchers from Heidelberg’s Enno Rey Netzwerke and presented at last year’s Chaos Communications Congress in Hamburg. The Ullim tablet was made by installing a custom Android 4.4.2 version on a Chinese Z100 tablet that has had its network interfaces removed — you get it online by attached a tightly-controlled network dongle that does wifi, Ethernet and dial-up. The Ullim Android customization removes many of the stock Google apps (such as Gmail) and adds in several apps designed to spy on the tablet’s users. These include Red Flag, a background app that takes a screenshot every time an app is opened, logs browser history and reports on any attempts to tamper with the OS; and Trace Viewer, an app that for examining the forensic data created by Red Flag. Any logged in user can launch and use Trace Viewer, providing a reminder that everything you do with the tablet is being watched. The Ullim also watermarks all the files generated by the OS, linking them to the device’s unique serial number, locks out any app not on a whitelist, and refuses to play back any media files that are not on a nationally maintained whitelist of approved programs.
- Oh, John Deere. Don’t ever change. Meaning please, please change. John Deere claims that fixing your own tractor violates its copyright, because of DRM. So American farmers are installing bootleg Ukrainian firmware in their tractors, just to get the harvest in. Canadian farmers are braving Big Ag’s wrath, too, and American farmers are coming up with Made in America ways to seize the means of production and make hay while the sun shines.
And now, a couple of most welcome bright spots:
- Portugal passes the world’s first reasonable DRM law: Last June, Portugal enacted Law No. 36/2017 which bans putting DRM on public domain media or government works, and allows the public to break DRM that interferes with their rights in copyright, including private copying, accessibility adaptation, archiving, reporting and commentary and more. Regrettably, the law doesn’t go so far as to authorize the creation of tools to break DRM that has been improperly used, so the public is forced to hunt around online for semi-legal tools with anonymous authors of unknown quality. (cough Ukrainian tractor firmware cough).
- Behold! The paleohistory of DRM, revealed! Redditor Vadermeer was in a local Goodwill Outlet and happened on a trove of files from Apple engineer Jack MacDonald from 1979-80, when he was manager of system software for the Apple II and ///. MacDonald’s files include more than 100 pages of printed and handwritten notes for a scheme to create DRM for the Apple /// (then called the Sara) and the Lisa, a failed precursor to the Mac. These constitute a fascinating, candid and intimate history of the creation of a DRM scheme, a kind of microcosm for all the problems we see with DRM today, in which a platform tries to offer products to its sellers that it knows its customers will hate, and also be able to break. ne of the most amusing back-and-forths is the tick-tock between Randy Wigginton and Steve “Woz” Wozniak, who propose and then demolish rival DRM schemes, while also tearing apart successive versions of Visicalc DRM, which was then the state of the art. New managers come in and write memos saying, basically, “Are you nuts? You’ve proposed a grotesquely expensive hardware dongle that’s going to eat one of the four expansion slots on this computer, that will stop working if the user upgrades their OS, that will require them to bring corrupt floppies back to the store to get a backup to work, and that we think people will be able to break in an hour — let’s go back to the drawing board, shall we?”