FTC Town Hall to Address Digital Rights Management Technologies - Event Takes Place Wednesday, March 25, 2009, in Seattle
Digital rights management is by its nature a contentious issue. As Dr. Lawrence Lessig said, "Code is law." DRM implementations define a de facto legal system (how it can and cannot be used) surrounding a protected application. This system may not relate back to any existing copyright law instead resting on contract law. Therein lays the problem. The terms of the contract are generally not available for view until the application is installed. Further, the contract is not normally available to individuals for negotiation, it's a take-it-or-leave-it proposition. The end result is that by combining DRM and contract law, what should be a relatively balanced transaction (consumers as a group vs manufacturer/distributor) get slanted severely in favor of the vendors. At the very least is seems that a few DRM related issues could be addressed to help equalize the situation: 1.) The full text of the license agreement should be available on product packaging (for physical distribution) and prominently linked to on the product's web page. 2.) The license agreement should not be subject to change without notice. If the vendor wants to be able to change the agreement, the software should require registration (to facilitate the communication) and the customer should be able to reject the changes a reasonable level of refund due. 3.) When DRM software is used, its technical limitations (those that it enforces and any software or hardware incompatibilities) need to be documented with the application. Undocumented, unfixed incompatibilities need to be grounds for a refund. 4.) Uninstalling the protected application must completely remove the DRM software. 5.) Some DRM checks for authorization with a central server before allowing an application to launch or access to a protected data file. We have already seen cases where these servers are taken off-line when the vendor abandons the application or service. In these cases, the manufacturer/service-provider (or their successors) must provide a mechanism to remove DRM from installed version of the software. 6.) DRM circumvention tools should not be illegal to research or possess. They should be explicitly legal to use in the case of abandoned software (such as #5). If the FTP were to enforce these six policies, the most egregious DRM problems would be avoided while still allowing companies to use such code to restrict access to their wares.