Wednesday, February 10, 2010

The DRM Bill of Rights

This is an article I originally posted about a year ago after EA first announced it's "five installs only" limit for the upcoming release of Spore. Backlash from that announcement has made EA wary of such heavy-handed copy-protection, but -as evidenced by Ubisoft's recent announcement- not all publishers seem to have learned the lesson. 
DRM is all in the news now, what with EA's bungled handling of Spore and general gamer dissatisfaction with its SecuRom copy-protection. Okay, maybe the mainstream media hasn't picked it up, but it got mentioned on MTV so its obviously gone beyond something just the geeks and hard-code gamer crowd care about.

Now, I generally try to stay out of DRM conversations but the following idea has been percolating in the back of my head for a few days so I thought I'd share it. Brad Wardell, CEO of Stardock, recently suggested a "Gamer Bill of Rights" that beautifully constructed an perfect world where paying customers weren't treated  like dirt . This is a very wide-ranging list of some very good -but hard to  implement- ideas. My idea is related, but a bit more limited in scope.

I want a DRM Bill of Rights, an agreement between Publishers and End-Users about what their DRM software can and cannot do. It needs to be palatable to both the Publishers - who want to protect their copyright and investment in the software - and to the users, who want to be able to use software they paid for not only today but in the future.

Let me be straight on this subject: I hate DRM and especially online  activations. I think DRM is invasive, anti-consumer, bad for the culture, and ultimately an expensive, useless waste. It doesn't work and all it does is interfere with paying customers while the people it hopes to stop -the pirates- don't have to deal with it at all. But, like it or not, it's here to stay. At best we can hope to mitigate the damage it causes.

So, below, I present the first draft of the DRM Bill of Rights. I offer it to the newsgroup for discussion, amendment and dissemination. I encourage you to pass it on to your favorite web-forums and post it on your 'blogs. You don't have to use it verbatim; you don't even have to attribute it to me (although it'd be nice if you mentioned me as the originator of the idea). You may disagree with certain ideas I have below, or think certain concepts need strengthening. Feel free to add to or subtract from the list. But the idea is to hammer out  something both parties -t he publishers and the users - can agree to rather than just create a bitch-list of things we hate about DRM. The publishers spent a lot of time and money developing the software; it is understandable that they want to protect the investment. We need to provide them a way to do that without going so far as to interfere with our own rights.

So, here it is. Take it away, gamers.

A Balanced Agreement of Rights Between Publisher and Customer
I. The Right of Free Use: If you limit number of installations, the Publisher MUST provide a "revoke" tool.

What it entails for the Publisher
The Publisher is allowed to limit the software's installation to one or more computers based on their hardware configuration and registered online ("Activation"). They must provide a free stand-alone tool, preferably on the same distribution medium, that the User can use to de-authorize previously activated computers ("De-activation"). The total number of  Activations and De-activations must be unlimited in number, but can be  limited as to number of uses in a particular time period.
How It Would Work
When you install a game, the software must be activated online as is  the standard practice today. However, what this Right provides is a method for the User to deactivate an installation so the software can be transferred to another computer, either due to hardware failure,  upgrade or resale. This tool needs to be provided free to the User, preferably on the CD/DVD or other install medium provided at purchase (or downloaded if the game is purchased through digital distribution) and must be stand-alone. Deactivation would require proof of ownership (the CD in the drive and the CD-key should be enough), and would display a list of all computers authorized to run that software. The User could then select  the computers to be de-activated. Note that this tool does NOT have to be run on the Authorized computer, or require the Authorized software to be installed. In order to prevent misuse of this tool, the Publisher can allow only a certain amount of Activations / De-activations per day/week/month, but cannot limit the total amount of De-activations.
One of the biggest worries I hear about online Activations is the worry about how to De-activate the software. Some users wonder about  being able to replay the game many years -and many computer upgrades-  down the line, others fear that unexpected computer failure might lock  them out of a game they paid for, and still others wonder about how activations might effect resale value. This Right provides a fair balance between the Publisher's need to limit the number of people using a game at anyone time while still providing the Users the flexibility they desire.

II. The Right of Activation: If the Publisher requires Activation, they must provide some assurance of method to bypass this should the method of Activation no longer be available.

What it entails for the Publisher
The Publisher is allowed to require the User to Activate their software through the method of their choice. But if that method should no longer be available (be it due to technical or financial reasons), they must ensure that the User can continue to use the software they paid for even although the Activation service is no longer running. This assurance can take many forms; a legal promise to release a patch should the Activation Servers be taken down;  a waiving of the Publisher's rights to take legal action of any third-party who rights software to allow the same; or a universal "key" that is held in escrow, to be released only should the Activation servers go down, that allows installation and use of the Software without Activation.
How It Would Work
Basically, the Publisher needs to provide the User with a "back-door" -either legal or technical- that they can use to bypass the Activation requirement should the Publisher chose to no longer allow Activations, either because it is costing the Publisher too much money to maintain the activation servers or because they are no longer in business. The best way for the User is if the Publisher has a patch or some sort of universal serial number that allows the User to bypass Activation; this patch/key is held in escrow until the Activation Servers go down and is then released to the general public. Of course, this may dramatically compromise the usefulness of the DRM, so other methods can be used, for example: providing source-code and funds that can be released to pay a programming team to successfully develop a patch after the fact. Alternately (but least palatable to the User) the Publisher can simply promise to release code and not prosecute should a third-party (e.g., a "cracker") want to develop some method to bypass the Activation (but, note, they must provide enough code to make this a possibility).
The second biggest worry I hear about Activation is this: what if I want to play the game in ten years and I can't Activate it because the Publisher dropped the servers, or went out of business? This Right provides for that eventuality, by legally binding the Publisher to allowing some sort of method so the User can keep using the software should the Publisher no longer want to support it.

III. The Right to Privacy: Any data-collection from these activation services will be opt-out (except as what is required for Activation), will not be matched to any personally identifiable information and it absolutely, positively will not be shared with anyone.

What it entails for the Publisher 
The Publisher is allowed to collect information from the User's computer solely for the purpose of identifying him for Activation so that the software can only be used by Authorized computers. However, any information collected for this purpose, no matter how seemingly innocuous, cannot be used for any other purpose beyond Activation. On De-Activation, this information -no longer useful- will be purged. The Publisher can run other data-mining operations, but this data-collection cannot be a requirement of the Activation.
How It Would Work 
When the software is Activated, the Publisher needs to gather certain information from the User. At the very least, a snapshot of the computer configuration will be required; the Publisher might also gather other information. If the software is run on some other computer, that configuration is matched to the one on file and the Publisher can allow or deny the software to run as they desire (with, of course, the stipulation of Right I: The Right of Free Use given above, that computers can be De-activated by the User at will). But any information the Publisher collects for this purpose can only be used for this purpose: it can't be used for any sort of data-mining, it can't be shared with the marketing department or partners. If the Publisher wants to gather this sort of information, they can do so, but they can't make it a requirement to install the software; it has to be an opt-in program separate from the Software.
The right of privacy is not something many people care about, but I do and I think it's worth defending. We get that the Publisher may need to collect information about our hardware so that only that the software is activated to only one computer, but beyond that the information cannot be used by them. Publishers MAY offer to opt-in to sharing this information, but this offer must be completely separate from the install (and not at all a requirement for activation) and must be in clear concise language, preferably with some advantage to the Gamer (so hiding it in the EULA is right out)

IV.  The Right of Resources: Copy-Protection mechanisms must be self-contained software that leave no lingering traces on the computer.

What it entails for the Publisher
If the Publisher requires DRM software to protect their copyright, this software must be self-contained and non-invasive. The DRM should only run when the Software runs, and stop running when the Software runs. It cannot install any drivers or background processes that linger in the background when the User is not using the Software. While the DRM can refuse to let the Software run should it find other programs in memory, it should not interfere with the use of those other programs when the Publisher's software is not in use. Finally, the DRM must be fully uninstalled when the Publisher's software is uninstalled.
How It Would Work
DRM software needs to be limited in its scope. Currently, it runs roughshod on the User's computer, installing ring-0 drivers and potentially installing root-kits and backdoors. It interferes with other software, such as disc-emulation programs EVEN WHEN THE GAME IT IS PROTECTING IS NOT RUNNING and does not uninstall cleanly. All this needs to change. The software will need to be rewritten and, potentially, this will make it less effective. However, DRM is not particularly effective now, so this is no big loss. The Publisher can still restrict what programs run concurrently with its own Software (both to prevent piracy and in-game cheating) but only when the Software is running.
Once I'm done with a game, I don't want some crudware sitting in the background stealing resources. And I when I say "done", I don't just mean "uninstalled"; I mean "done playing this session". When I quit Bioshock, I want any and all processes associated with it - including copy-protection mechanisms- uninstalled from memory as well. Think of a way of protecting your IP without ring-zero drivers that potentially compromise my machine. And while I grant you the right to refuse to run a game should I have potentially interfering programs running (such as Alcohol 120%), the DRM better let me play the game once I kill that process, even if the software itself is still installed (and if the game isn't running, I should be able to use Alcohol 120% as much as I damn well please)

V. The Right to Support: All problems with copy protection mechanisms must be handled by the Publisher (or their agent) free of charge

What it Entails for the Publisher
The Publisher must provide, either on their own or through an agent, free support solely to handle problems that result from its copy-protection software. This support must be both timely and knowledgeable, and if it cannot help the User with their problem, must offer them the right of return. Toll-free numbers wherever the game is sold and/or e-mail support with same-day turn-around must be offered. This support must exist for the lifetime of the product.

How It Would Work
The Publisher needs to provide some method of support resulting from problems caused by the DRM. This support needs to be separate from regular support issues, and it needs to be free and timely. The best method is to have the company that developed the DRM software handle this for you. This support needs to be knowledgeable but, should they be unable to solve the problem, they must offer - should they determine the problem to be caused by the DRM - to let the User return the software and get a refund.

If your obnoxious copy protection is keeping me from installing a game I paid for, don't make me pay for the call to correct the problem. Set up a toll-free number and staff it with people who can correct the problem. E-mail works too, but a timely response is a must. Too expensive? Get the developers of the copy-protection to do it for you; make it a requirement of the contract. Maybe if SecuRom had to handle all the calls they'd start to write decent software. Ultimately, of course, all these costs will be passed on to the consumer, but if this raises the price of the software too far beyond what its competitors are charging, the Publisher will be encouraged to use other methods of copy protection that do not cost them as much in support.

1 comment:

  1. Really it is a nice blog, I would like to tell you that you have given me much knowledge about it. Thanks for everything.