Biometric DRM? You're kidding, right?

Letters A couple of weeks ago Andrew Orlowski reported on the RIAA's suggestion that music players ought to be biometrically locked. Orlowski asked if you thought the idea would catch on.

We've taken some time sifting through the letters, for there were many, (many, many), and the consensus of opinion can be summed up roughly as: "Erm, no. Do they think we are stupid?".

You're kidding right? So now if someone mugs me for my iPod they may cut off my finger as well? Well isn't that just f*cking wonderful. I wonder if they thought of that? Of course I'm sure they didn't because the RIAA doesn't listen to music for two reasons; 1, anyone who here's the shit they turn out now a days knows there's no one at the steering wheel, and 2, being devoid of a soul they can gain no pleasure or enjoyment from music or the arts in general. -Chris Myers

Hello:

But of course it won't catch on. There are currently a myriad alternatives to getting your music that do not involve subjecting any part of your body to the RIAA. If these type of Orwellian "solutions" are implemented, the alternatives will continue to exist until a critical mass of adoption is achieved -- which will then never happen while the alternatives exist. The only way they could actually implement this with some degree of success would be by pure force, i.e. legislation. But, I wouldn't really expect any elected official to be stupid enough to propose such an onerous, desperate, and controversial measure, which has only a particularly obvious benefactor.

-dZ.

From: Mike Crosland

All it takes now is that these devices be shipped with earphones that only biometrically recognise their owner's ears, and the destruction of music as a shared activity will be complete..

Subject: Biometric DRM

So when you get mugged for your fingerprint enabled Personal Player, the crims are going to cut off your fingers as well?

Who can tell where this will go? Before genetically modified seed was first sold, who spotted that it was infected with 'Intellectual Property'? Or that a Canadian Farmer [google: "Percy Schmeiser"] would find his seedstock involuntarily contaminated with Monsanto's 'Intellectual Property' - and that Monsanto would sue, claiming rights which transcend Schmeiser's undisputed Property Rights in the seedstock?

On the RIAA's fingerprint proposal, I forsee a huge market in Joke Shop fake cut off fingers, with decent fingerprints - and commercial competition to be the company which owns the 'Intellectual Property' rights to the joke finger which unlocks the most music on the web. Or some totally innocent model for Joke fingers being sued for billions by the RIAA, having effectively become victim of global identity theft. Or the RIAA claiming that all fingerprints are their 'Intellectual Property'.

The RIAA will probably wise up to this quickly and get into controlling Joke Shops. There must be some synergy in there somewhere. Digital Millenium Joke Shop Act perhaps?

Vince Littler

Bit of a no brainer really, the choice between an mp3 player that plays tunes, and an mp3 player that records biometric information and restricts my ability to transfer mp3s between devices. I see no better way of ensuring that a media device won't sell apart from smearing with excrement before packing it. - Tim Everson

Now, I'm assuming that amounts to encryption using some type of hash generated from the fingerprint as a key. But, that would merely stop me from copying the "files" from whatever storage media is used inside. What's to stop me from tearing my iVue apart, ripping out the speaker, soldering some wires from a cheap pair of headphones to those contacts, and plugging that into my sound card? From there, any time I listen to music, I can record it on my hard drive in whatever form I want, and it no longer has any of the "anti-piracy" mechanisms in place. Actually, it probably wouldn't be that hard, especially considering the chance that the iVue will have a headphone jack, in which case I don't need any special materials or skill, I can go to a local store and buy a mini2mini (1/8" phone to 1/8" phono, male connectors on both ends) for about $4 and use that instead. And how does the fingerprint scanner stop me from doing this?

The RIAA needs to realize that in order for it to use closed media, it has to have a monopoly on a market that doesn't ask questions. The only problem is that the market they're selling to doesn't care what form the music comes in as long as they can listen to it, preferably without having to spend any money on it. How are you supposed to sell closed products to a market that wants open products and has the means to convert a closed product to an open product. The RIAA has three options here:

A) Take over the world, once they own everything, closed media will work B) Go to open products, use online media stores, sell CDs for those that collect the real albums C) Die off because once they sell a single copy of a closed product, everyone will get the open version

Picture the scene:

Undertakers office.

UNDERTAKER: Madam, I'm truly sorry about the loss of your husband. Is there anything we can do to make his passing more comforting?

BEREAVED WIFE: Any chance of you cutting off his finger before you bury him? I haven't been able to listen to any of his music since he dropped dead.

Honestly, if they can guarantee I will have access to the music I purchase "forever" and will be able to listen to put it on CDs, play it on a portable flash/HD player, and can play it on my computer (my music jukebox) after successive upgrades and OS reinstalls, it isn't too biometric authenticaion isn't onerous to dealwith, and I can still rip my CDs and play that music wherever I want, then I am fine with their 'biometric drm'. The problem arises when I can only only play the music on 3 computers ever (a different computer including a new OS installation) or I can only only play 'authorized' music using this DRM. I have no interest in 'sharing' music I buy other than playing it for friends.

Jeremy Silver

Your article on the iVue fingerprint-controlled media player intrigues me. I am particularly keen to know how it is able to discern how the unit's analogue audio output is not connected to any kind of recording apparatus -- such as a tape recorder, or the line-in connection of a sound card?

It is surely a prerequisite of any successful audio copy prevention scheme that throughout playback, the device is aware that nothing save a loudspeaker lies downstream of the analogue outputs, and that no microphone is trained upon that loudspeaker.

AJS.

How can it work?

I press my finger against the player, and it plays one track.. Then I have to run back to it, to press my finger against the player, because the second track is locked..

Or do I just put in all 4000 songs that I own, (bought on cd) and press my finger once, authorize the whole lot, and give the player to someone else?!

It all makes no sense...

It is absolutely absurd that anyone would allow themselves to be subjected to such treatment for the sole purpose of listening to an album THAT HAS ALREADY BEEN PAID FOR!!!!

Personally, I'd rather stop listening to music that to be TREATED AS A THIEF FOR PURCHASING MUSIC!

What will they think of next?

Sincerely, Matt H

WHAT IF I DON’T HAVE AN EYE OR AN ARM OR EVEN A THUMB OR INDEX FINGER ? What if I was in NAM ? Keith

Personally I suspect it's about as likely to catch on as Shrub is to endorse the setting up of muslim commercial flight training schools in New York State.

Andrew,

When will you see the light? Sacrificing an index finger to the RIAA is a great bargain--didn't they want my firstborn just a few months ago? I'd give my left testicle for another opportunity like this.

Ted

Part of me would like to believe that things like this will strike a chord within us all, making us rise up and say "NO, we will not have it!". But then I remember that it's humans we're dealing with and the eejits will queue up to buy these things without understanding what it is they are doing.

Richard Asbridge

You know how muggers pick out marks by their iPod headphones? Now we can all pick out retards by their iVue headphones!

Isn't there a rather fundamental flaw in this system? How does the magic little device know that it is a fingerprint reading that it has taken? What if I used something that is easily replicatable like a really smooth glove. Oh no! Suddenly the whole biometric thang is rendered into high quality snake oil. What are the RIAA going to do? March us all down to Pigopolist Towers so that they can witness that it was indeed a fingerprint used as biometric? Would the queue even make it round the block?

Richard Smith

Say for example you have lost all of your fingers (some sort of freak piano accident maybe), does this mean that you will never be able to purchase or listen to music again?

Perhaps this quote from the http://www.hmso.gov.uk/acts/acts1995/95050--c.htm Disability Discrimination Act 1995, detailing "Discrimination in relation to goods, facilities and services" may fit here?

Note: the definition of "services" includes the provision of any goods or facilities

"Section 21 - Part 2

(2) Where a physical feature makes it impossible or unreasonably difficult for disabled persons to make use of such a service, it is the duty of the provider of that service to take such steps as it is reasonable, in all the circumstances of the case, for him to have to take in order to-

(a) remove the feature;

(b) alter it so that it no longer has that effect;

(c) provide a reasonable means of avoiding the feature; or

(d) provide a reasonable alternative method of making the service in question available to disabled persons."

I doubt the RIAA care much about what us eccentric little Brits have to say on accessibility, but surely there must be some sort of equivalent in US law.

Just a thought.

Richard Vivash

We'll give the final word to a man who managed to sum up nearly everything above with a brevity that, after trawling this particular postbag, we found quite refreshing:

Subject: Biometric DRM

Bollocks.

Andy

®