Felten, a celebrated cryptographer, and several students took up the challenge and soon they had cracked all four watermarks. But instead of claiming the prize, Felten decided to publish a paper -- for research purposes -- explaining how his team had broke the code.
Here the story gets interesting: When he prepared to publish his paper six months later, in April, 2000, Felten
received an intimidating letter from the Recording Industry of America Association (RIAA). In it, Matthew Oppenheim, an RIAA senior vice-president, warned of legal action if Felten published his results. According to the trade group, his paper, if published, would violate the much-maligned Digital Millennium Copyright Act (DMCA), which forbids the publication or dissemination of copy-protection circumvention technologies.
At first, Felten went along. But two months later, backed by the Electronic Frontier Foundation, he sued the RIAA, claiming that the threat was an attempt to clamp down on free speech. In November, the case was settled after the RIAA decided not to pursue legal action and Felten had successfully presented his paper in August. Nevertheless, the case transformed this quiet code-breaker into a folk hero of sorts, both for free-speech advocates and for those who hope to revolutionize the music establishment.
On Jan. 7, Felten sat down with BusinessWeek Online technology reporter Jane Black at the Future of Music conference in Washington, D.C., to discuss his views on the role copy-protection technology will play in the burgeoning digital-music industry. Following are edited excerpts from their conversation:
Q: Can any technology completely prevent the unauthorized copying of music?
A: None of them prevent unauthorized distribution. All they do, at best, is make it more difficult, more time-consuming to copy things. [A good analogy is a] speed bump. You're not putting up a barrier to prevent copying but a speed bump that will frustrate people who want to copy illegally.
Q: Which type of copy-protection technology is the best speed bump?
A: Each of the technologies lend themselves to different uses. Some try to prevent copying in the first place. Some try to detect it after the fact. Some technologies are not good at knowing who copied something but can track how many copies have been distributed.
For the right answer, you have to look at the whole system. Not just the copy-protection technology but what business model it is embedded in. Given that you'll never be able to prevent copying, the question is, what can you do to minimize it? What can you do to make consumers happy enough with legitimate use of the system that they'll be willing to pay for it?
Q: And what might that business model look like? Can you point to any successful examples where companies are striking the right balance?
A: It's easier to point to failures than success stories. Take this recent development of copy-protected CDs that are supposed to play in regular CD players but not be copyable. It's not that the CDs can't be copied. It's that they are designed not to work in the players that are deemed most likely to be used by pirates.
The problem -- when you cast your net that wide -- is you inevitably catch something you don't want to catch. And so you hear stories about customers buying one of these CDs, popping it into their car [player] and finding it doesn't work. At best, you make some customers angry. At worst, you fail to stop the bad guys from copying, and you succeed at making your honest customers' experience worse.
No one knows how to give customers [in the digital world] what they want without the copyright holders being stolen blind. The solution to the problem of illegal copying of music is mostly not a technology problem. I think there will be a movement toward offering different kinds of services. Interactive applications that help you find music you like, help you index and search, give you additional information about the artist you're listening to.
The technology has to evolve to something that is more like an environment for experiencing music rather than just a way to get a song. I find it difficult to point to a particular technology that is going to be pivotal. I think we'll see some use of encryption in the material and some distribution of encryption keys. Overall, the trend will be less emphasis on copy protection and more emphasis on technologies that make music more compelling for the legitimate user.
Q: Could more legal restrictions be the answer?
A: It's already illegal for people to rip their CDs and post them on the Net. And further legal restrictions that have been made have not been effective: They do a lot of collateral damage without actually preventing people from breaking the law. Vigorous enforcement of copyrights themselves is an important part of the picture. But I don't think that expanding the legal definition of copyright outside of actual copyright infringement is the right move.
Q: Which brings us to the DMCA, a law you believe hurts the public without preventing illegal copying. What's your objection?
A: It's the anticircumvention parts of the law that concern me the most. It goes beyond protecting copyrights. It goes beyond prohibiting copyright infringement -- which of course was already illegal before we had the DMCA -- by outlawing certain technologies and certain kinds of discussions.
For someone like me -- I do computer-security research -- I now have this complicated, vague law in my head all the time. Whenever I'm going to open my mouth to talk about technology, I have to think if it's safe, or do I have to call my lawyer. At the very least, it scares people away from topics that most need to be discussed.
I think we all benefit from knowing how well copy-protection technologies work, when they work, when they don't, and what kind of approaches to building them make sense. Whether you are a customer, an investor, or a songwriter who has been told this is a safe way to release music, it's important to talk about this technology and know whether it's going to do what it says it will. The real danger in the DMCA is a chill of that discussion.
Q: But you ended up publishing your paper. Has the chill really been that severe?
A: I think it does have a detrimental effect. We're in a situation where the solutions that we have are not good enough. The way to improve anything is to have a discussion about its flaws. To understand what the one or two or three things are about it that would help fix it. The DMCA makes it dangerous to have that conversation.
Q: Do you think we'll see changes to the law in 2002?
A: Intellectual-property law changes very slowly. I don't think it's likely to change very soon.