Dongle

Digital control round-up by Dan Lockton

An 'Apple' dongle Mac as a giant dongle

At Coding Horror, Jeff Atwood makes an interesting point about Apple's lock-in business model:

It's almost first party only-- about as close as you can get to a console platform and still call yourself a computer... when you buy a new Mac, you're buying a giant hardware dongle that allows you to run OS X software. ... There's nothing harder to copy than an entire MacBook. When the dongle -- or, if you prefer, the "Apple Mac" -- is present, OS X and Apple software runs. It's a remarkably pretty, well-designed machine, to be sure. But let's not kid ourselves: it's also one hell of a dongle.

If the above sounds disapproving in tone, perhaps it is. There's something distasteful to me about dongles, no matter how cool they may be.

Of course, as with other dongles, there are plenty of people who've got round the Mac hardware 'dongle' requirement. Is it true to say (à la John Gilmore) that technical people interpret lock-ins (/other constraints) as damage and route around them?

Screenshot of Mukurtu archive website

Social status-based DRM

The BBC has a story about the Mukurtu Wumpurrarni-kari Archive, a digital photo archive developed by/for the Warumungu community in Australia's Northern Territory. Because of cultural constraints, social status, gender and community background have been used to determine whether or not users can search for and view certain images:

It asks every person who logs in for their name, age, sex and standing within their community. This information then restricts what they can search for in the archive, offering a new take on DRM. ... For example, men cannot view women's rituals, and people from one community cannot view material from another without first seeking permission. Meanwhile images of the deceased cannot be viewed by their families.

It's not completely clear whether it's intended to help users perform self-censorship (i.e. they 'know' they 'shouldn't' look at certain images, and the restrictions are helping them achieve that) or whether it's intended to stop users seeing things they 'shouldn't', even if they want to. I think it's probably the former, since there's nothing to stop someone putting in false details (but that does assume that the idea of putting in false details would be obvious to someone not experienced with computer login procedures; it may not).

While from my western point of view, this kind of social status-based discrimination DRM seems complete anathema - an entirely arbitrary restriction on knowledge dissemination - I can see that it offers something aside from our common understanding of censorship, and if that's 'appropriate' in this context, then I guess it's up to them. It's certainly interesting.

Neverthless, imagining for a moment that there were a Warumungu community living in the EU, would DRM (or any other kind of access restriction) based on a) gender or b) social status not be illegal under European Human Rights legislation?

Disabled buttonsDisabling buttons

From Clientcopia:

Client: We don't want the visitor to leave our site. Please leave the navigation buttons, but remove the links so that they don't go anywhere if you click them.

It's funny because the suggestion is such a crude way of implementing it, but it's not actually that unlikely - a 2005 patent by Brian Shuster details a "program [that] interacts with the browser software to modify or control one or more of the browser functions, such that the user computer is further directed to a predesignated site or page... instead of accessing the site or page typically associated with the selected browser function" - and we've looked before at websites deliberately designed to break in certain browers and disabling right-click menus for arbitrary purposes.

Ed Felten: DRM Wars, and 'Property Rights Management' by Dan Lockton

RFID Velcro? At Freedom to Tinker, Ed Felten has posted a summary of a talk he gave at the Usenix Security Symposium, called "DRM Wars: The Next Generation". The two installments so far (Part 1, Part 2) trace a possible trend in the (stated) intentions of DRM's proponents, from it being largely promoted as a tool to help enforce copyright law (and defeat 'illegal pirates') to the current stirrings of DRM's being explicitly acknowledged as a tool to facilitate discrimination and lock-in — and the apparent 'benefits of this':

"First, they argue that DRM enables price discrimination — business models that charge different customers different prices for a product — and that price discrimination benefits society, at least sometimes. Second, they argue that DRM helps platform developers lock in their customers, as Apple has done with its iPod/iTunes products, and that lock-in increases the incentive to develop platforms. Interestingly, these new arguments have little or nothing to do with copyright. The maker of almost any product would like to price discriminate, or to lock customers in to its product. Accordingly, we can expect the debate over DRM policy to come unmoored from copyright, with people on both sides making arguments unrelated to copyright and its goals."

As noted by some of the commenters, that unmooring also unmoors the DRM debate from being presented as an 'honest content providers vs illegal pirating freeloaders' one. Price-fixing, lock-ins and so on are difficult to defend, and I find it hard to think of convincing examples where "price discrimination benefits society" or "lock-in increases the incentive to develop platforms". If customers are locked in to a platform, there is no incentive to innovate for the locker-in, and much higher barriers for competitors to draw them away. Path dependency is rarely good for companies, and rarely good for society, and lock-ins would seem to be a major contributor to path dependency. The argument that "Apple wouldn't have developed the iPod (and the record companies wouldn't have let Apple develop iTunes) if DRM didn't exist to lock customers in" is specious: there were plenty of portable music players before they came on the scene, and surely most 40GB music iPods were always intended to be largely filled with music acquired from somewhere other than iTunes.

Ed goes on to talk about the trend "toward the use of DRM-like technologies on traditional physical products." (Long-term followers - if any! - of my research might remember this is very similar to the phrase "Architectures of control: DRM in hardware" which Cory Doctorow used to link to my original web-page on the subject), and uses the example of printer cartridge lock-ins (see also here):

"A good example is the use of cryptographic lockout codes in computer printers and their toner cartridges. Printer manufacturers want to sell printers at a low price and compensate by charging more for toner cartridges. To do this, they want to stop consumers from buying cheap third-party toner cartridges. So some printer makers have their printers do a cryptographic handshake with a chip in their cartridges, and they lock out third-party cartridges by programming the printers not to operate with cartridges that can’t do the secret handshake.

Doing this requires having some minimal level of computing functionality in both devices (e.g., the printer and cartridge). Moore’s Law is driving the size and price of that functionality to zero, so it will become economical to put secret-handshake functions into more and more products. Just as traditional DRM operates by limiting and controlling interoperation (i.e., compatibility) between digital products, these technologies will limit and control interoperation between ordinary products. We can call this Property Rights Management, or PRM."

Not too sure about that term myself, as I feel the affordances the technology is controlling are moving further and further away from actual 'rights'. DRM is bad enough as a catch-all term for technology which in many cases is denying users rights they may legally hold in some countries (e.g. fair use or backup copies). I think "technology lock-ins" or "technology razor-blade models" might be a more descriptive label than 'PRM'. (Or 'architectures of control', of course, but my definition of these is much broader than simply lock-ins).

Ed gives three examples of possible future extensions of technology lock-ins, none of which seem at all unlikely; in fact they're all easily possible right now:

"(1) A pen may refuse to dispense ink unless it’s being used with licensed paper. The pen would handshake with the paper by short-range RFID or through physical contact.

(2) A shoe may refuse to provide some features, such as high-tech cushioning of the sole, unless used with licensed shoelaces. Again, this could be done by short-range RFID or physical contact.

(3) The scratchy side of a velcro connector may refuse to stick to the fuzzy size unless the fuzzy side is licensed. The scratchy side of velcro has little hooks to grab loops on the fuzzy side; the hooks may refuse to function unless the license is in order [hence my photo at the top of this post! - Dan] For example, Apple could put PRMed scratchy-velcro onto the iPod, in the hope of extracting license fees from companies that make fuzzy-velcro for the iPod to stick to.

Will these things actually happen? I can’t say for sure. I chose these examples to illustrate how far PRM might go. The examples will be feasible to implement, eventually. Whether PRM gets used in these particular markets depends on market conditions and business decisions by the vendors. What we can say, I think, is that as PRM becomes practical in more product areas, its use will widen and we’ll face policy decisions about how to treat it."

The comments on both posts (Part 1 | Part 2) go into some extremely interesting discussion of the ideas and examples, with the 'pen/licensed paper' one being conclusively noted as 'baked' with Bill Higgins explaining the Anoto* technology.

(*And no, I don't think the "www.anotofunctionality.com" of that link is deliberately in the same league as "www.powergenitalia.com," "www.expertsexchange.com," etc, but it's still oddly apposite given the "no to functionality" with which so many lock-ins shed users when they're fed up with paying over the odds for replacement parts.)

I look forward to the third part of Ed's talk summary: this is a fascinating area of discussion which is central to much of the 'architectures of control' phenomenon.

Friend or foe: Battery-authentication ICs? by Dan Lockton

Lithium battery from Motorola V220Via MAKE, an article from Electrical Design News looking at lithium battery authentication chips in products such as phones and laptops, designed to prevent users fitting 'non-genuine' batteries. Now, the immediate response of most of us is probably "razor blade model!" or even "stifling democratic innovation!" (as Hal Varian or Eric von Hippel might put it), and indeed that was probably my own instinctive reaction.

It's not clear, though, that this is a standard architectures-of-control-enforced-razor-blade-model of the kind we've seen with printer cartridges. Most phone owners surely don't ever replace their batteries during the life of the phone, so I can't believe that selling owners batteries can be a major part of the business plan for a new phone. I've never bought new batteries for any phone I've owned. A friend did, though by that time his phone was six or seven years old and he had to resort to eBay to find the correct type.

No, the promulgators of battery authentication claim that battery authentication is all about ensuring consumer safety:

"Battery-pack authentication is necessary because the lithium-ion cells that are the building blocks of all such packs are changing, and, although they still may have the same physical dimension, their input charging voltage and required charging rates are changing and fragmenting across markets. If the cells charge at the wrong voltage or too quickly, they may explode."

My reaction, as a design engineer, would be: Why not standardise those characteristics, then? Standards don't "fragment across markets" without someone causing that fragmentation. (It is true, though, that advancing battery technology does make charging patterns much more important to the life of the battery.)

"Vendors can ship their products with the proper battery pack, only to find that customers go the after-market route to replace or back up battery packs because after-market packs are easy to find and usually cheaper. Counterfeit battery packs pose a threat to user safety."

Make the 'proper' packs cheaper and easier to find, then. Surely that's cheaper and easier than developing a 64-bit key code battery authentication system, and keeping "its secret key in an 8×8-ft vault with 3-ft-thick walls, [with] only two people in the company hav[ing] vault keys," as described in the EDN article?

Also, quit using the term 'counterfeit' to mean 'all non-manufacturer-approved parts'. That's a slippery slope to Newspeak. If I buy Fujifilm for a Kodak camera, is that film 'counterfeit'? Of course not. It would be if it were being passed off as Kodak film, but that only seems to be the case with some of the batteries mentioned in the article (the Kyocera and LG ones near the start). If that's the real problem - counterfeit batteries with the manufacturer's logo on them - then be honest about it.

Greater, cheaper availability of the correct, manufacturer-approved batteries would be beneficial for the manufacturer in terms of aftermarket sales. If it means selling them with reduced margins in order to drive other manufacturers out of the market, then so be it. If the other manufacturers really are counterfeiters, passing off their products with the phone manufacturers' logos, and the batteries really are dangerous as claimed, then there's (potentially) a lot of brand damage going on.

The problem of exploding lithium batteries clearly isn't insignificant - the following images are from a US Army/Naval Surface Warfare Center presentation [PDF] linked in the MAKE post:

From http://proceedings.ndia.org/5670/Lithium_Battery-Winchester.pdf Images from http://proceedings.ndia.org/5670/Lithium_Battery-Winchester.pdf

But, as commenter 'unterhausen' points out on the MAKE post:

"The risk of Li-poly batteries is independent of the manufacturer to a large degree. The problems come when they are damaged, shorted, overheated, or overcharged... Any Li-poly of the current generation will have the same problems... The chips are anti-competitive nonsense."

This is an interesting area of debate, and likely only to become more prevalent as energy storage technology becomes more advanced. Will fuel cells for vehicles have authentication ICs built in? You bet.

How will 'they' do it with hydrogen fuelling stations, though? Will the pumps/dispensers themselves have a chip which 'handshakes' with the vehicle? Will you have to use 'Toyota' branded hydrogen for your Toyota to start?

The opportunity's there, in a way that it never was for standard batteries, petrol, etc, in the past. Few people were naïve enough to buy solely Duracell batteries for their Duracell-branded torch (flashlight) because they thought it 'would work better', but when it comes to a device which only works when the manufacturer's own branded batteries are used

It does make me wonder, though, why Henry Ford never got into the gas station business - was it just antitrust legislation that would have prevented it? General Motors and Standard Oil apparently colluded, and GM also co-owned the Ethyl Gasoline Corporation that held patents for the tetra-ethyl lead added to fuels from the 1920s onwards - which surely provided a large degree of economic lock-in (more GM cars sold = more TEL sold = even more money for GM) - but there was no technological lock-in.

Today we have technology that does allow technological lock-in, and it's becoming cheaper and cheaper to deploy.