JD on EP

And if the user wants to use the document offline?
Don't want to install policy server extensions?
(or can't because they aren't on windows?)
Want to use a document reader that isn't adobe's presently-overbloated acrobat?
Or with open-office instead of MS-office?

The drm tradeoff has to balance the (initial and ongoing) inconvenience placed on legitimate users against the risk (and cost) posed by illegitimate users. The more ability the author has to decide where that balance lies for themselves, the better.

It'll be interesting to see where this goes -- and how swf / flv formats will fit in eventually.

Good point, thanks. Consumer rights need to meet creator rights, or else the two won't be able to communicate together.

We see the same thing in the HTML-vs-RSS debates... some readers want the content to appear according to their conventions; some creators want the content to appear as they originally designed it. I think both sets of needs are valid, and the difficulty is in learning how to balance these needs.

(The free Adobe Reader is actually a collaborative tool... if you're just seeking to read simple PDF then the preview Adobe Digital Editions on Labs emphasizes the reading experience itself. The extensions mentioned in the press release are for those creating documents in Microsoft Office and who wish to keep a connection with their documents via LiveCycle hosting.)

"The more ability the author has to decide where that balance lies for themselves, the better." I'd agree with this, if we add the reader into the equation too. Both parties have needs, agreed...?

tx, jd

You ... can ensure all readers are using the current version of the document... can make sure your data is not used in ways you do not approve.

Until you can embed a Neuralizer with the document, that's not going to happen.

Cameras, notepaper, etc. were around a long time before these attempts to keep secrets. The bottom line really hasn't changed since Benjamin Franklin's day: three people can keep a secret if two of them are dead.

The devil is certainly in the details.

Yes, there is content/code people do not distribute because of fear of theft/misuse - businesses have always guarded process tech and information.

Then there are also new and unique problems with publicity/entertainment content. A friend posted a cache saved .swf file on their business server several months ago for the sales guys to play with. Then two weeks ago some blog found it and they ran 200gigs of bandwidth for a $700 overage in two weeks! (one million hits - Google ads cut them off)

The culprit.swf(265k) has no link to the creators, so they loose that much promo value. The business is out cash and might be liable legally if found out by the creators... but the creators published with no DRM because they wanted exposure from that cartoon... so the process of communicating is indeed bigger than it used to be.

Moral of story: Put a link in promo pieces.swf!

JD, I see the new LiveCycle functionality in PDF as more "digital status management" rather than DRM. I realise this is a semantic argument, but I feel it has some validity.
I've had conversations with several Australian Adobe staff over the LiveCycle capabilities here, and I think the approach most users are likely to take are more along the lines of document status management for issues such as release embargoes and version updates.
Personally, I think you'll see very few implementations of functionality such as no print, no copy, no circulate *except* in environments where such practices already exist. National security classified environments are such a place, and not unfamiliar in the company I work for.
Like DRM everywhere else, if document owners begin arbitrarily introducing restrictive practices on their works, users will rebel and find a way around the issue. Or simply find another source for their information.

It's true that people can take notes on a privileged document. But in this case they wouldn't be able to prove how they know what they say they know... they wouldn't be able to produce the source link.

Lots of people pass on rumors while retaining their credibility (New York Times, CBS, eg) but such blind trust in authority is slowly being eroded. Not being able to produce evidence will eventually cut down the spread of rumors.

Dave's story about the SWF with Sudden Popularity Syndrome hit a number of points... thanks, this is exactly the type of experience I was hoping to bring together here. We've got to think these situations through before we come to them. (uhm, that SWF wasn't two bankers crooning over an acoustic guitar, was it...? ;-)

Steve raises the essential point that deals need to be agreeable to all parties in order to work... if permissions are set too bizarrely then this makes the document too ineffective. With such new abilities we'll really need some realworld experience to see who uses it most... Dan Muse has an article today describing some small-group usages which already seem practical.

I guess I'm in the "all DRM is bad" camp... but here's my main reason why: you (in this case Adobe or the developer using this technology) are giving the client a false and --to anyone with technical knowledge-- misleading impression that it works. Either the DRM solution works or it doesn't. "Pretty good DRM" isn't good at all. You really are setting yourself up for failure when you promise the document can't be copied or printed. Of course you've heard of print-screen right? I'm not up on liveCycle enough to point out other flaws (provided this is a software only solution I'd say there are other holes).

[jd sez: Do you still lock your car door?]

Here's a likely scenario:
A developer knows the DRM isn't really 100% totally uncrackable. He implies (or just as bad, lets the client infer) that it's really secure. A breach occurs... many people are on the hook. Plus--and this is the killer for Adobe--the initial promise is revealed to be more of a deterrent than protection. In the end it backfires and gets written off as a joke. So, ultimately, Adobe needs to not only come up with a good balanced solution (say for DRM on .swf or .flv) but must be sure it's super clear what the protection can and can't do. Mark my words: you just need one huge failure to make the entire solution be forever avoided.

[jd sez: Agreed... privacy and security evolve over time, and are never absolute, in isolation.]

Certainly DRM and its ugly cousins like Region Control and 'UOP' do nothing but add value to the pirated content which is not encumbered by such things. (Q: Why do they put region control on older movies which have long since passed the product launch international whistle stop 'press junket' stage? Who does that serve, exactly? That's a good realworld example of the 'bizarre permissions' that jd mentions.)

I like Steve Collins' idea of 'digital status management' or 'lifecycle management', and I don't think it's just a semantic trick. There are different values at stake. Whatever turnpike systems are put in place, the question needs to be asked: How does this add value for the user? The 'warm fuzzy feeling' of 'doing the right thing' is clearly not strong enough motivation on its own, especially when these big organisations which claim to stand for 'the right thing' are obviously doing 'the wrong thing'.

If the cracked/pirated version is more generally useful, and more flexible in application than the official version, people will go for the former, even (in many cases) when they are legitimate customers.

Anti-piracy groups and copyright-owning organisations understand this on some level. They tend only to send the lawyers after the folks that post pre-release, zero-day or recently-released content. That's always struck me as a rational response, in spite of the irrational rhetoric those groups tend to spout to the press.

Consider advent calendars. Nobody is interested in getting an advent calendar with all the little doors pre-opened by a friendly pirate. It's the process of waiting and opening one little door per day over a period which makes advent calendars interesting. If that process can be harnessed somehow over the network, you've got something which adds value to the user and makes the pirated 'all-open' version less interesting. In that sense syndicated content (RSS) might well be the acceptable model for the future of the digital rights economy: You only pay for the latest content, and the latest content requires an internet connection and a credit card.

Classic albums and movies get re-released in new formats, and consumers are certainly disgruntled when they have to pay for the second and third time for the same chunk of copyrighted material.

...but what makes the re-releases really interesting is when they are updated with 'new' (aka 'previously unreleased) content. In other words if you're going to be in the process of delivering digital content, you may have to consider it as an incremental process which people subscribe to, and to have a lifecycle in mind. There's a new version of "Dark Side of the Moon"! (Download the 4.5.1 updater now!) etc.

This could also be rephrased as 'give away the old version for free' (or at least for cheap).

Yes, there's an issue with cannibalising sales, which will put pressure on content (and software) creators to keep innovating but people always want the latest and greatest, and if they're obliged to go to your server to get it, you can enforce certain controls there (e.g. who is connecting and what they've paid for, and so on).

It's far easier in software to control the updating process, than to control the use of the 'stuff' before or after the update.

The implication here is that the 'offline' version of a document (song/movie) would be by definition less valid, less authentic and less 'official' than the one you get when your network cable is plugged in. That's how a lot of HTML and SWF content already works!

With PDF it's more tricky because PDFs are mostly designed to be 'self-contained'. 'Portable'='Autonomous' (on some level) and what's being proposed here is to break that autonomy somehow. PDF's already have support for internet, javascript and all that, so it's not as if we need lots of new tech, just to change the way we're using the tech we've already got.

These documents would best need to degrade gracefully to the 'free version' when not online. It's no good if the document comes up blank or unreasonably crippled if you are offline, there has to be a useable baseline version. We simply need to find ways where network connectivity adds bankable value to an otherwise standalone 'digital media object'.

That would also be useful in many cases. Some documents really need to be as up to date as possible. (News stories during an unfolding crisis, for example). We might then even moot the possibility of 'rewinding' the document to an earlier version like in a WIKI history. Perhaps even this rewinding is something best taken care of by an official server rather than a pirate group, which means there are possibilities for the right people getting paid.

In other words when you pay for the 'official' version you're paying for automatic updates and rewinds. That's how an increasing amount of software works. (The Adobe and Macromedia suites both rely on 'authentication', and it's clear that Adobe doesn't enforce transgressions as much as they might).

If you want to read a PDF on the plane, you can do so in the knowledge that it's the standalone version, and you are necessarily missing any 'late breaking news'. 'Did you read the document'? 'Not the latest one, what am I missing?'

Of course, the other model which is discussed too little, especially by North Americans, is the flat fee model, which nearly became a reality in France recently - i.e. a license to do what the hell you want with any media you decide to consume, because it's already paid for (by you). That model has guaranteed unencumbered (=ad free!) access to high quality broadcast content in Europe and elsewhere for decades, and the only objections to it appear to be ideological rather than practical. There's a perception that 'Collection Societies' are a backdoor for Communism, when in fact commercial organisations like RIAA and MPAA - misleadingly - like to promote themselves as collection societies whenever it suits them.

This interview may be relevant here:
http://www.theregister.co.uk/2006/11/03/peter_jenner/

One interesting thing Jenner says is that even if the flat fee model has imperfections (which it does), it still meets the needs of content creators and consumers better than the model that we have now, and with considerably more respect and dignity on both sides. He also warns about technology which erases 'your' stuff if you don't keep up the payments or switch device. For this to work properly we have to be allowed to keep -and repurpose- what we've got 'so far'.

With the flat fee model, In one fell swoop, the professional pirates lose their cash cow, consumers get good quality stuff they can enjoy and mash-up as they please, and the content creators can be remunerated fairly for their efforts. The losers are the middle-men that have been profiting for a century from artificially constructed distribution bottlenecks, a construction which has had the side effect of generating a surfeit of fast-burn dross. Fortunately people have started 'staying away in droves', and there's a growing awareness within the entertainment industry that we need new business models.

Well it's a paradigm shift, and as Thomas Kuhn pointed out, paradigm shifts don't happen by conservatives and incumbents getting convinced by overwhelming evidence; They happen because the conservatives and incumbents ignore the evidence until they retire and/or die and are replaced by a new generation with a more up-to-date vision. Well the consumers can wait, and the pirates benefit from the current system.

I like the car door analogy. You could make a good case for why you should leave the door unlocked--at least then the theif might not damage the car taking whatever. Let's give a little respect to the hard working car stereo theives. In fact I do lock the car door. But, I never leave my computer in the car.

I understand people have sensitive documents. But, I'm not really sure where the need to be such control freaks comes from. I mean, if I don't trust my employee to not share a doc, then why am I letting them see it to begin with? I could just impose a digital watermark if I wanted to track them down later. I'm sure there's a use-case out there--but stepping two steps back here--how many times do you really need a "live" document. That sounds like fun: multiple people editing at the same time. The track-changes option in MS Word is quite useful... so probably there's some value I'm overlooking.
Bottom line: that Acrobat link you provided states unequivocally that "You decide who has access and what they can do- print, copy, view are all in your control." Not only is that quite a promise but I'd argue it only appeals to control freaks. Also to CYA types--but are they really doing their due-dillegence?

I love oxymorons! 'Good DRM' is one of my favourites.

I lock my car door - but the keyword here is not 'lock', it's 'my'. It's my property and I lock it the way I find appropriate.

The question is: will I buy a car with a remotely controlled lock, which may fail when there's no network connection, which may deny me access anytime for whatever reason, controlled by some software on a remote server? If something has a lock that is remotely controlled, then that thing isn't mine, it's more like renting (as opposed to buying). I won't even 'rent' under these conditions because the lock may fail when I'm having an emergency. (But if I know that I can bypass the lock if I wanted, then there may be a deal).

'Live Documents' may have their uses. But I won't be 'purchasing' a 'live' ebook in my lifetime.

"DRM adds value to pirated content", can't agree more to this.

DRM is a virus. Evil companies back DRM, because they are evil. They want everything DRMed, they don't want *any* free content available. That's why they are evil. They are not like 'OK, I have my DRM infected content here, consumers have a right of choice'. They want to control everything in their money making chain, including consumers - who they see as idiot sheeps, not as human beings with rights.

[jd sez: uhm, Burak, did I, ah, did *I* "DRM" there? I'm not sure if I'm evil or not, just want to check, y'understand.... :) ]

We human beings have many 'defects'. One of them is that we are prone to not see a change if it's slow enough. DRM, Trusted Computing etc. are slowly invading our world. It will be too late when you realize you are living in 'hell' on earth.

I think it's pretty clear that the "drm might be good!" campaign isn't looking at a big enough picture.

[jd sez: But do you like the idea of being able to know where your own private info goes? or do you think people should not be permitted to keep a server connection to the documents they produce?]

Best regards,
Burak

Hi JD,

I don't think you're evil at all, but I think you are missing the big picture about DRM. And in my reasoning that's the real danger: someone as qualified as you are, doesn't see it - average joe has no chance of seeing it. And it's a very dark picture indeed.

[jd sez: My problem is with the label "drm", because it can hide what people are really trying to talk about. When I say "sometimes it's good if you know where your documents go", but hear only "drm is evil" in reply, then I'm not sure what to ask next. I suspect you and I both agree on how we'd like to see the world change, but when I hear "drm is evil" I can't tell what you're really thinking of.]

In my dictionary DRM means 'pure evil'. There are mild DRM schemes around somewhat work, not always called DRM. They are not that 'evil' by themselves, because they are at their infancy. And that's how this works, slowly, one step at a time.

If you have time, try the Find It puzzle:
http://www.boingboing.net/2006/11/13/find_it_puzzle_is_ve.html

For most of the pictures, I had to take screenshots to compare.

>do you think people should not be permitted to keep a server connection to the documents they produce?

Frankly, I don't see the reason. Why not keep the documents on the server in the first place? To decrease the server load (as MS did with ActiveX)? I, for one, wouldn't trust any DRM to distribute sensitive documents, keeping them on server sounds more secure to me (in addition to any protection).

[jd sez: If someone wants to protect their own work, do you see any reason to prevent them from doing so? (Honest question on my part; if you see ways they're harming other people then I'd like to learn, thanks.)]

Best regards,
Burak

> If someone wants to protect their own work, do you see any reason to prevent them from doing so?

Not at all.

The real question is: If someone does NOT want to protect their own work, do you see any reason to prevent them from doing so?

For me the answer is the same: not at all. It's not the same for DRM-lovers. They don't want any content without DRM, they don't want any competition.

To enforce DRM they want to validate everything, to the point that the computer on your desk belongs more to them than to you. They don't care about your privacy or any inconvenience they cause to you. Additional inconvenience caused by false positives are just a figure on their reports for them.

Even the best DRM you can think of inconveniences the consumer. May be considered as a small price to pay but it doesn't stand a chance if there's free competition from non-DRM-infected content. So, their goal is to infect everything with DRM. (Send a non-infected file -maybe your own recording- to your friend with Zune, as far as I've read, the file expires in 3 days. Any sane reason for that?)

DRM is like some religions that don't respect other religions when they have the power. But they expect and accept the respect they receive when they are not in power.

Sony/BMG rootkit DRM virus harmed many people.

In summary, I don't care if someone uses some protection or not, as long as he honestly informs consumers about it beforehand. I just don't want non-DRM-infected competition killed by big, powerful and evil companies, which I see has started and is happening right now (albeit slowly).

For a big company, I may be a 'consumer' only. They don't care if I cook good or if my favourite color is 'blue' or if I love my wife (as long as it's not related to their marketing efforts). Heck, they don't care if I'm human or not. But I am, and I have my rights. Today we are human citizens of our countries. With DRM (and family), tomorrow we may be reduced to consumers of big companies and nothing more.

Best regards,
Burak

"It's not the same for DRM-lovers. They don't want any content without DRM, they don't want any competition. To enforce DRM they want to validate everything, to the point that the computer on your desk belongs more to them than to you. "

Thanks for that... yes, I agree with you, people who try to ban stuff usually just end up creating more problems.

I don't particularly like the Big5 music corporations, but I'm okay with them encrypting their CDs, just so long as they don't try to say "you can only buy the hardware we permit." We're agreed here, right...?

My big concern is that encryption and other privacy techniques are useful for all of us... I object more to the use of legal force to control others, than the use of encryption or "DRM" in itself. Does this seem reasonable to you, too...?

tx, jd

"My big concern is that encryption and other privacy techniques are useful for all of us."

Agreed. But let me try to explain my view in a different way:

DRM, in broad sense as you take it, is like the justice system or courts and judges. Good guys believe in 'innocent, until proven guilty'. Bad DRM guys want to change this to 'guilty, until proven innocent'. If they succeed this would bring a fundamental change to the society.

Nobody likes to go to a shop and be treated like a potential thief. But that's exactly what happens when you use, say Windows Vista with WGA embedded and with many call home features.

In order to prove you are innocent, you'll need to give up your privacy totally in the long run.

Windows XP activation (without WGA), or Flash 8 activation, are acceptable DRMs that work like a simple lock, helps keeping honest users honest, with minimum inconvenience. Take a step further (as in Vista) and there's a police in front of the door checking your picture ID every time. Take a few more steps and welcome to an environment worse than "1984".

Thanks(!) to technology this happens in a way that average Joe isn't aware of it.

Worst part of this story is that big companies have the power to do what they like. They act as if they are a single entity that has monopoly. They must be regulated, bad DRM must be restricted but what happens instead is laws like DMCA and patents that make everybody laugh but still enforced. Those companies really have the power as long as general public is not aware of the danger.

In order to fool the public they are taking their steps slowly, as I mentioned before, humans are prone to NOT seeing the changes if they happen slow enough.

So is this a standard double edged sword issue? In theory you might say that. "Have no DRM and you lose some tech that may help, have DRM and there'll be some bad implementations". No, sir! In reality it's already happening. It's not a double edged sword in ones hand waiting to be used, there's a real sneaky sword coming at us, right now! DRM, Trusted Computing and friends are coming to get us! It's no theory, it's the reality.

Governments and the public should understand that DRM is really a deadly virus (you can take this literally as poison), which must be handled with extreme care. Instead, what we have today is free playground for greedy corporations (and frankly, would you expect them care for the people, privacy rights, or profits?).

At this point, I belive that either DRM is doomed or we all are. DRM means 'evil' to me because it's the term evil companies use. (If you have a nice protection, call it 'activation', 'anti-piracy measure' etc. but if you call it DRM, some people, including myself will take it for 'evil').

> I'm okay with them encrypting their CDs,

Agreed, as long as they are not forcing their signed up artists for this (but they do!). There need to be free non-DRM-infected content to compete. They should let the artists, the real content creators, decide. Otherwise we are facing a non-regulated (and therefore evil) cartel (which may have acceptable DRM today - though what Sony/BMG did was not acceptable at all-, but when they have unacceptable DRM tomorrow, there won't be any non-DRM-infected content to choose instead).

The big picture I see has an evil plan going on. 'Managing rights' is just a cover used, and a good one at that.

Best regards,
Burak

Quoting myself:
'There need to be free non-DRM-infected content to compete.'

what I meant to write there was:

'There need to be non-DRM-infected content free to compete.'

Best regards,
Burak