Thursday, January 22, 2009

Privacy Controls vs. Digital Rights Management

("Locked away" from t3mujin)

Fantastic blogger Anil Dash asked an astute question the other day about digital rights management. To quote him,

"[H]ow are privacy settings on social networks different than DRM restrictions placed on media content files from companies? Is it because I'm not a corporation? Is it because the DRM technology is provided by Flickr or Facebook instead of by Apple's iTunes or Microsoft's WIndows Media? Is it because I only (theoretically) grant permissions to dozens or hundreds of people, instead of millions?"

Superficially, the two electronic control methods are similar. Both involve code controls on the dissemination of information. But there are clear differences as well, and it isn't, as Dash suggests, based on the size of the corporation or the size of the excluded population. In fact, it's more fundamental: the set of rights protected by DRM is drastically different from the set of rights protected by social network privacy controls.

DRM is traditionally a way of controlling property rights. So to compare social network privacy to digital rights management, you'd have to characterize people viewing your profile on Facebook as a transfer of property rights, with a need to control the consequences of that transfer. Sharing information is never a distribution of property; it is a bedrock principle of copyright that one cannot have personal property rights in information, only in expression.

As a counterexample, flickr does offer a transfer of property rights, in that someone can take a copy of your photo off of flickr and make it their own. Your expression through photography creates a property right for you in that expression, and it is therefore easy to see why you want to protect that property. Flickr does have privacy controls, as described in Dash's post, but it doesn't have DRM; if it did, there'd be a way to control who can download a copy of your photo, not just who can view it.

In other words, to compare the two is to compare you controlling your private information to someone controlling how you can use your property. It's like comparing someone reading your mail to someone stealing your empty mailbox.

While DRM and privacy controls are clearly in service of different legal interests and rights, Dash mentions the more key distinction: people don't like DRM, but people do like privacy controls. DRM traditionally takes money, apparatus, and architecture to implement. Those are things that big media companies tend to have, while private consumers tend not to. So, as a collective of private consumers, we, the people, are against it. It's something "big business" is doing to us, whereas privacy controls are something we are doing for ourselves.

And that is the heart of the DRM issue. As I've said a few times, giving creators the ability to control how the fruits of their creative labor are sold (i.e. how they are rewarded for expressing themselves) is in service of a real, fundamental, even constitutional concept: we want people to want to keep creating. Anyone can get behind that concept. But people feel cheated when they are deprived, as a group, of some right by a company, even in service of this noble goal. By contrast, people feel empowered when they do the depriving in a privacy context.

The only way to get past this creativity-incentive / corporate-animus dichotomy is to make DRM look a little more flawless, a little more elegant, but we are nowhere near doing that. Take, for instance, that ever present Spore case. A class of spurned Spore purchasers has initiated a suit against the company behind the game, on theories of interference with their computers via un-asked-for DRM applications.

As long as DRM looks more like a malformed fence interfering with our property and less like an amicable, neighborly border defining our media ownership, no one is going to accept it. It's not the existence of DRM that people are fighting, it's the architecture.

No comments:

Post a Comment