DRM in reverse

Posted by on . Leave a comment.

A while ago I wrote a flamebaitish entry where I said that your privacy should never depend on the trustworthiness of another person or company. After thinking about it a little, it occured to me that in essence, what we’re looking for is DRM, but in reverse.

Privacy == DRM in reverse

Companies use DRM to control how we use the information we have. For example, with music, iTunes allows you to burn CDs and play music on your iPod and computers at home, but they won’t let you share it on a file-sharing site. Record companies, realizing that digital music is infinitely reproduceable, use these restrictions to make it more like a physical object which cannot be copied for free.

The motivation for personal privacy protection is different, but the need for DRM is the same. If we give companies our data, we only want them to use it when and where we say so. We may give Amazon our credit card information, but we don’t want them to buy things for us. We may want Google to record our past searches to improve the results we get, but we don’t want them to turn us over to the NSA for looking at the wrong websites.

Privacy by Law

I’m not trying to establish moral equivalency between our need for privacy and the needs of the RIAA to handcuff all music listeners. However, there is definitely a technical equivalency.

I wrote back in July that DRM was pretty much impossible to enforce without legal muscle. If the RIAA couldn’t sue you for using Kazaa, controlling access to music would be very difficult, because technically speaking, the RIAA wants to let you hear a song without having the data that makes that song play. [1]

Anyone who’s seeing the parallels here will also see the next step in this train of thought. Just like DRM, privacy protection is pretty much impossible to enforce without legal muscle.

Privacy by Profit

There are two needs that companies and people have when sharing information:

  1. The individual needs to enforce their rights to privacy by controlling who accesses their information.
  2. The company needs to turn a profit.

Companies that offer services for free make a profit by sharing our information with other companies and advertising. This means they must have access to the information; this means that in order to have privacy, we would have to let them use our information in certain ways without the privacy risk of their having our data to lose or get stolen. The same DRM difficulty applies.

This means that one of the competitive advantages of a service that charges is that they can offer a much greater of privacy protection than for-free services, laws or no laws. (It doesn’t mean that they will, but they can afford to, and people who want it can vote with their dollars.)

Reference:

[1]:DRM doesn’t work (talk at MS)

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>