On (Cryptographically) Shackling Bridge Trolls

I’ve been having a bit of an internal debate recently about the dreaded D-word (whispers “DRM”). I’m talking about Digital Rights Management, which is a fancy name for various different flavours of encrypting your digital words so people who get (buy, lease, borrow) copies can’t then go on to copy, print or otherwise redistribute them. Is this necessary or inherently evil? I’ve heard both sides of the debate.

Now, I’m a tech guy. Seriously, an actual tech guy. I worked as a Network Administrator back in Australia before moving to Poland and teaching business English. I’m Cisco certified and I have a decade of experience working in various IT departments it real, paying jobs. What this means is that, irrespective of my being an author, I actually, seriously know what I’m talking about with DRM. Why am I currently so vigorously pumping my ego? Because it’s useful for my (10) readers to know that what I’m about to say is the meandering thoughts of someone whose  meandering thoughts are worth listening to.

What is DRM?

Digital Rights Management, as I said above, is just encryption for your book (movie, song or any other digital copy). The goal is simple, to stop unauthorised copying, either digitally or onto paper or whatever.

How does it work? Let’s not go into details because every system works differently anyway. The methods are broadly the same and the goals are exactly the same.
The infrastructure provider (Amazon, Apple, Google, maybe Smashwords, etc) get the free text version of your masterpiece from you.

Note 1 – if you email a copy to anyone, all of your DRM is automatically dead. If you send a copy to the infrastructure provider over an unsecured network, all of your DRM is dead. If someone steals your laptop… you get the idea. The DRM only starts working after Amazon encrypts it. They still have an unencrypted copy too, so if someone hacks Amazon, you’re boned.

Now that Amazon (or whoever) have your text/images, they package and encrypt all of this. They’ll use some sort of public or shared key cryptography. Usually, they have an encryption algorithm which uses a master password to encrypt the document and it can only be decrypted with a second password – not their master password. They then put a copy of this second password in every device that needs to be able to display the book (or whatever).

Note 2 – If anyone ever disassembles even one of these devices and gets that password, every book is automatically completely unprotected. Amazon’s licensing terms state specifically that they provide no warranty about the integrity of their DRM system at all. i.e. Amazon says they don’t provide any security against theft or anything in their DRM. It’s all for show. Why? Because if anyone gets that key, everything’s up for grabs, and Amazon’s got millions of copies of that key on millions of devices all over the world. Now, realistically, each device type will have a different key, and possibly every model of every device, but that makes little difference.

So how does this prevent copying? Well, basically, only their devices and software have the password, so only their devices can display the content, and their devices don’t have copy and print buttons. It’s as simple as that.

Note 3 – There’s nothing to stop some weirdo who clearly needs a girlfriend from, instead, spending a month diligently transcribing your masterpiece into a new document by the age-old method of read, type, read, type. The content has to be unencrypted at some point, to be usable to the end user and at this point it can still be copied, if painfully slowly. This, BTW, is why DRM is doomed to fail for movies.

Should you use DRM?

The short answer, in my humble opinion, is yes.

There’s nothing to stop a determined copyright-infringer from getting their greasy mitts on your work and disseminating it for free, or charging other people directly. DRM will only ever stop what I’ll call casual infringement. This is where the average Joe has your book and simply makes a copy for his friends, because, you know, why not? These are the people who don’t specifically want to break the law or to profit from your work, but just don’t feel like their friends should buy your work after they had to. It’s the equivalent of lending a book/DVD to a friend, in their mind, but it’s not because the friend won’t ever give it back. If you want to make a living from your writing, you need to keep a lid on casual copying. If you want people to respect your copyright, etc, you need to actually do something to stop it. After that, you can only hope but to be so popular that the professionals try hard to get copies of your works.

What about fairness to readers?

My book is currently available on Amazon and I’ve setup these options:

  • Anyone who buys the paperback can have a Kindle edition for free.
  • Anyone subscribing to Kindle Unlimited (or whatever) can rent it for free.
  • I’ve already done 2 free giveaways.
  • I’m planning a 99c promo for sometime soon.
  • I use DRM.

I really do believe that more people reading my book is (for now at least) more important than my making money (in the short term) because it leads to more awareness (popularity) and will lead to more sales of book 2 or 3, etc. That doesn’t mean I should leave my book open to being abused however. If you want it, I applaud you and I’ll help you as much as I can (with the above list) but still do it the right way.

You respect my time and work and I’ll try hard to make it easy for you to access my book. You treat me badly and I’ll try to stop you from overly abusing my work. I don’t think it’s unethical to use DRM. I think it’s worse to charge $9.99 for the paperback and $8.99 for the Kindle edition. That’s just disrespecting the readers, DRM isn’t, as long as it doesn’t get in the way of the reading (like region encoding in DVDs).


2 thoughts on “On (Cryptographically) Shackling Bridge Trolls”

  1. I like the sounds of DRM, Raymond. Thanks for the explanation. I don’t like the idea of there being a possibility that someone will “steal” my written work and use it for their own profit, or, like you said, the concept of people losing credit that their due by “well-meaning” thieves trying to save their friends’ a buck or two. But a quick question: based on what you’ve seen, how often does it happen that a copyright infringer disassembles the device and bones you?


    1. I’m absolutely, nowhere near popular enough to have anyone even consider copying my works and republishing them for the world to download. That’s one of my main points about DRM though.

      Peter V. Brett, for example, just published his latest book this week. I know this because I’m seeing all the tweets about it from, well, everyone. It’s going to be a well-deserved success, and I guarantee someone’ll have good-quality scan of his hardcover online in .pdf format within a week. There’s nothing anyone can do about it. If he loses 10% of his sales due to those copies, he’ll be unhappy, but his book’ll still be a success.

      If I, on the other hand, lose 10% of my sales, I’m back to cheap rice and white bread for a month. It’s one of those things that disproportionately affects those who can disproportionately afford to be affected. That’s not an excuse to do it, not at all, but it’s true.

      I think it was the director of GoT who sort of slyly “didn’t” say that he doesn’t mind that GoT is the most commonly illegally downloaded TV series in the world, because it’s actually a compliment to the whole show that so many people want to steal copies. The difference being, he’s still making dump trucks full of money. I wouldn’t be.

      Now, as for your specific question about dissembling the device. Well, if we’re talking hardware, it’s not worth anyone’s time. Reverse engineer the software instead. That’s be far easier. How easy would it be to reverse engineer Amazon’s software? Not too easy, me thinks. I don’t know much about developing apps on Android or Apple OS, but they’re both designed as compiled Java byte-code sitting on top of a customised Linux installation, which seems to be optimised on the device (for Android at least, which means compiled locally). The master password that you’d need is sure to be separately encrypted. It’s always possible but Amazon no doubt pays a lot of very smart people to make it very difficult to reverse engineer these things.

      A quick google search shows that Google got smart as of Android v4.0 and added a built-in password manager (secure keychain API), but I’ve got the Kindle software on my crappy, old Android v2.3 phone, so no luck there. Frankly, I’m surprised Amazon’s private keys aren’t already online, put there by some 14yo moron with no girlfriend and a desperate need to prove himself. Probably, Amazon updates them every time the app updates itself.

      Sorry if that got too technical and annoying :p


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s