16.09.2007 How to do Open Source friendly “DRM”

Usually when it comes to releasing music or movies the answer of some of the companies that create the content appears to be: “its not possible to do this without resorting to proprietary formats, players and security by obscurity / trusted computing”. And lots of problems arise from that. I know several at least two developers working for some content provider and the amount of support you need to give even for the proprietary “solutions” seems to be massive. Worse, you lock out free software completely, and often lots of old devices, too. The whole idea is causing these problems. The more people you tell a secret, the weaker your protection gets.

My proposal would be this: the companies argue that DRM provides a way for the customer to track whether he owns music or not. It does so automatically, so if you’re a honest person, you can track whether files are owned by you, much in the same way you can now look which CDs are in your CD shelf. Also restrictions such as “you can listen to this file, but only until December 2007” can be added and tracked automatically by software. If this is what the customers want to do, then I propose shipping a media ownership file with each song/album purchased, looking somewhat like:

	Album:           [album name]
	Song:            [song title]
	File:            [foo.ogg]
	Size:            4820573
	SHA1:            [sha1 sum of the file]
	Owner:           [some content provider with some unique url]
        Restrictions:    [like: expires 20071231]
	Customer:        [your name]
	Customer Mail:   [your email adress]

To make the system work, this file should be signed by the owner (some company that produces music or movies), with a PGP/GPG signature or something equivalent. So then, whereever you go and whatever you do with your music, you and your software can validate that you own it. For the honest user, this should be great. Even if you copy the files to a friend by accident, the software will still be able to catch it, and tell your friend: “this is not really music you bought”.

So I think for honest customers this system will work, because it is based on the idea that you want to compensate artists, and DRM is only a convenient way for you to track that you do it. Its also not easy to attack the media ownership file idea, because if a content provider owns a piece of music, he and only he should sign such files. So by looking up first who owns the music/movie in a global database, and then verifying that the right signature from the right person for the right customer is there, its possible to effectively avoid that somebody else hands out media ownership files for music/movies he doesn’t own.

08.09.2007 A few thoughts on free music

By now, many people, especially those developing software, know the advantages of free software. But what about the music you listen to? Often, we’re used to listening to music that comes with lots of restrictions of what you can do with it. On the other hand, if we were used to listening to free music (which would be free to copy, modify, redistribute, perform, and so on), rather than music which comes with lots of restrictions,

* obtaining music would be easier (no DRM required anyway)
* studying music and reusing musical ideas would be easier, especially if artists started to publish the data files required to make the music along with the music (where possible)
* sharing music would no longer be illegal
* artists could base their work freely on the rich musical culture they live in, like it used to be some centuries ago, where nobody had invented non-free music yet

I bet that almost everybody who reads this blog entry can remember at least ten song titles of non-free music that they like. How many titles of free music do you know? If someone asks you about a great piece of rock music, pop music, electronic music, dance music or whatever you listen to, would you refer them to non-free music or free music?

So, if you like the idea of free music, here are two sites where you can start exploring some of it:
* Jamendo – provides music under various more or less free licenses, search by license is possible
* ccMixter – collaborative site where musicians share creative commons licensed songs and samples