FTC Town Hall to Address Digital Rights Management Technologies - Event Takes Place Wednesday, March 25, 2009, in Seattle #539814-00357

Submission Number:
Brian Paulus
Initiative Name:
FTC Town Hall to Address Digital Rights Management Technologies - Event Takes Place Wednesday, March 25, 2009, in Seattle

As a consumer that has been affected negatively by DRM technologies, specifically the "SecuROM" brand of DRM protection included in many recent computer games, I have some comments on this issue. DRM programs such as SecuROM are fraught with peril for ordinary consumers. Such programs are usually installed in such a way that the program runs with special privileges that should be afforded to only the most trusted programs, such as the operating system or device drivers necessary to support system hardware. There is no legitimate reason that modern game software needs such elevated privileges in order to run properly. In addition, these programs have been known to use behaviors often exploited by malicious programs (malware) in order to hide themselves on a consumer's computer system. Sony BMG's XCP (Extended Copy Protection) software, which was included on several of that company's audio CDs in 2005, is well-known example of a DRM program that exhibits this behavior. Both issues I've pointed out pose very serious security concerns for consumer computer systems. Privileged code can be exploited in order for hackers to inject their own code, which in turn is run as privileged code. Malware-like behaviors can be piggybacked by hackers in order to hide their wrongdoings alongside the offending DRM technology. In many cases, owners of computers are unaware that such exploitable programs are being installed on their systems, often, there is no trace of such a program that is detectable by the lay computer user. In addition to these already serious problems, these DRM technologies often hijack access to certain subsystems of the computer, most often hijacking access to the CD or DVD drives of the computer system. In these cases, all requests to access the CD or DVD drive are routed through the DRM technology, often for the purpose of determining whether the user has the original disk for the program in the drive. This hijacking of subsystems can often cause incompatibilities resulting in the failure of other legitimate programs on the computer, or in extreme cases, system crashes or operating system failure. Removal of the DRM technology to fix any problems caused is often difficult or impossible, as uninstall tools for various DRM technologies are not easily found, if they are available at all. As for how DRM technologies have personally affected me negatively, I offer this anecdote: Some time ago, I purchased the PC game "Star Wars: Empire At War", published by Lucas Arts. When I attempted to install the game on my computer, my antivirus software warned me that the installer was attempting to install a device driver. Finding it to be unacceptable that a game wanted to install privileged device driver code when the game included no hardware of its own, I canceled the installation. After some research, I found that the "device driver" to be installed was the SecuROM DRM technology. The game was unreturnable to the store, since it was clearly bought under a "no returns" policy, so I attempted to contact the publisher for a refund, since I considered the device driver issue to be a fatal design flaw of the product. Lucas Arts flatly refused to provide a refund, despite providing a warranty. The game still sits on a shelf, unplayable without compromising my personal computer security policy. Since that incident, I have been careful not to purchase a single PC game that employs such DRM technologies. This means that I've missed out on many games that I would have otherwise looked forward to - many Star Wars PC games, Spore, and SimCity Societies, to name a few. Instead, I now hope for an age where companies acknowledge that I am the sole administrator of my own computer, that their programs exist on my computer solely by my grace, and that it is not OK to compromise my computer's security for their paranoid intellectial property protection regimes. I ask the FTC to help my hopes become reality. Truly Yours, Brian Paulus