ARCHIVED — Cory Doctorow
Archived Content
Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
COPYRIGHT REFORM PROCESS
SUBMISSIONS RECEIVED REGARDING THE CONSULTATION PAPERS
Documents received have been posted in the official language in which they were submitted. All are posted as received by the departments, however all address information has been removed.
Submission from Cory Doctorow received on September 9, 2001 via e-mail
Subject: Comments on CONSULTATION PAPER ON DIGITAL COPYRIGHT ISSUES
Folks, here's an essay I recently wrote on this subject that I'd like you to consider as you proceed in your deliberations. I'm a widely read Canadian science fiction writer who won the Campbell Award for Best New Writer at the Hugo Awards last year.
Science Fiction, Copyright, Natural Law, and You
Cory Doctorow
(email address removed)
"This may be the end of a 90-year window when it was possible to make money off recorded music."- William Gibson
Because of Mickey Mouse, copyright lasts, effectively, forever -- for sufficiently narrow definitions of "copyright" and sufficiently broad definitions of "forever."
You see, most English-language science fiction writers make most of their money with US publications, and in the US, copyright shows no sign of expiring.
Mickey Mouse. Copyright law was formulated as a limited monopoly granted to a creator over his or her works for a finite period, as a means of convincing creators to make more art and inventions. The idea is that after a while, your work enters the public domain, which means that anyone can reprint it, quote it, use the characters, whatever -- think of Mary Shelley, Poe, Twain, and so on.
Problem is, nothing since Mickey Mouse has entered the public domain. The legal eagles at Disney have gone to US Congress every twenty years or so and lobbied -- successfully -- for another twenty years tacked on to the duration of copyright.
This is actually pretty good news for writers, at least while we've got our business-hats on. Infinite copyright means that our descendents may still be earning royalties on our work while they strap on their jetpacks for a dive through the sun.
That it's pretty rotten news for writers as *writers* is the subject of a different essay, to be written at some later date. Let me just say that without the public domain, the intellectual commons from on which all writers may graze, books like Geoff Ryman's *Was* and Phillip Jose Farmer's Riverworld series would have had a nearly impossible time getting into print.
The publishing industry, to judge by new, non-geotiable contract clauses, is convinced that ebooks are going to be a very big deal in the not-so-distant future. But there's a problem: ebooks, like all digital media, can be infinitely reproduced.
That means that if I buy a copy of your ebook and put it on my harddrive, I can make exact copies for 1,000,000,000 of my friends without paying a nickle or breaking a sweat.
Traditionally, such a thing would be impossible. A physical artifact like a book costs *something* to reproduce, and typically difficulty increases with volume: I can run off ten photocopies of a short story without thinking too hard, but making 1,000,000,000 copies of a novel means renting trucks, warehouses, a bindery, etc. To say nothing of the legal risks I incur by setting up such a visible operation.
Even electronic reproduction at that volume used to be challenging. A home user, even one with a fast Internet connection, would be hard-pressed to serve up 1,000,000,000 copies of an ebook without providing such glacially slow performance that most downloaders gave up.
No more, of course. New peer-to-peer searching and trading tools make light work of such a challenge. Users can easily scour the Internet for other home users the world 'round who have the file they're looking for. Once located, downloading is simplicity itself: such software is smart enough to redirect incoming requests to other users who've previously downloaded (or are downloading) the file in question, meaning that the more popular one of your files is, the less work your computer has to do when someone else requests it.
Policing such a world is a near impossibility. Technologically and legally, going after millions of users in thousands of jurisdictions is a Herculean task. Socially, it's difficult to inspire customer loyalty when you're suing your customers by the millions.
The solution that most publishers and technologists are embracing is something euphemistically called "Digital Rights Management" (DRM), which is just a fancy way of saying "encryption." In a DRM world, you sell me an encrypted version of your ebook, one that I unlock with a key that you also give me. The key is tied, ideally, to something nonportable -- like my computer's serial number, my credit-card number, or something else that I'd be hard-pressed to transfer to my 1,000,000,000 closest friends. That way, I can make as many copies as I want, but none of the recipients can read the book without buying another license from you. In effect, I become a distributor and a promoter of your material.
So far, so good. Smart ebook advocates have even come up with clever schemes for leaving a teaser "in the clear" (readable without a key) so that when I send you a copy, you can read just enough to get you hooked before buying a key.
The problem, though, lies in the assumption that the cryptography used to protect the ebooks (or emusic, or emovies, or ewhatever) can be relied upon. There are two things I beleive to be true about cryptosystems. The first is that the only way to find out if a cryptosystem is really secure is to tell other people how it works and wait until someone comes up with a means of breaking it. The second is that, eventually, all systems are broken.
No amount of mathematical "proving" of a cryptosystem can really determine whether it has been implemented correctly. The possibilities for weakness, be they complex as bad random-number seeds or simple as allowing the user to take screenshots of the text as they read it, are nearly infinite. Someone out there is smarter than you. Bet on it. They're going to find a hole in your implementation, and you're going to have to fix it. Even if you're the smartest person in the world, don't discount the possibility that someone will "brute force" every possible key to your cryptosystem by enlisting millions of their pals' computers to participate: distributed.net does thousands of compute-years' worth of work every hour, work bent on exhausting the keyspace for a particularily nice encyphering scheme called RC5-64. At current rates, it'll take them less than seven years to produce every possible key to the system.
Crypto has been the standard means of securing secret material for centuries. Today, your bank uses it to store its customer records, to secure its transactions from eavesdroppers, and to store information on your ABM card. When a flaw in their crypto is exposed, they can upgrade -- re-cipher the records, change the software on the ABMs, etc. Not just banks, of course: ecommerce sites, the military, and criminal organizations are only as secure as their upgrade path.
No problem. You send me an ebook. Someone compromises the security around it. You re-encrypt the ebook, and send me the latest edition, and you're secure again, right?
Wrong. Here's the problem. I've bought and paid for my old copy of the ebook. It's on my hard drive. You can't compel me to erase it, and now that the tools for breaking it are publicly available -- they must be, otherwise, how would you know that your system has been made insecure? -- I can use them to make an unprotected copy of your ebook and recirculate it. To 1,000,000,000 of my closest friends. Or I can continue to circulate the protected text -- as you want me to, remember -- and the recipients can break the encryption.
The military, the banks, the criminals -- they understand this. They are very careful about who gets to hold onto copies of their data, whether in the clear or in ciphertext. None of them are producing information that is intended for widespread public distribution. No one has ever built a successful cryptosystem bent on distributing millions of enciphered copies to untrusted parties and keeping those copies locked up ad infinitum.
This makes the whole business of infinite duration of copyright a little silly. What does it matter if I have some wholly theoretical monopoly on my books if initial publication leads to the unfettered, broadscale underground redistribution of them?
Making money off of the sale of rights to publishers is the way that most professional, full-time writers have earned their living for some time. That way of living is not a natural law, however -- it only reflects the historical intersection of publishing, technology, and human law.
But the law can only accomplish reasonable ends. Making Pi equal three, regulating what people do in their bedrooms, or enforcing clean underwear is beyond the scope of what we, as a society, can reasonably expect of our laws.
Likewise, maintaining the security of publicly distributed ciphertexts of copyrighted works is a fool's errand. Laws that try to do it end up bent and schizoid. The US's Digital Millennium Copyright Act (DMCA), for example, makes it illegal to publicly discuss the means by which a copy-protection scheme might be compromised, to circulate tools for this purpose, or to link to places where people are doing these things.
This is meant to secure our works -- but it has the opposite effect. When our publishers' encyption schemes and their flaws remain secret, it means that we're entirely dependent on the word of our publishers' technologists when it comes to evaluating the security of the locks they intend to place on our works. For example, Adobe has long been touting a secure version of their Portable Document Format (PDF) as a means of applying DRM to written works.
On July 17, 2001, Dmitry Skylarov presented a paper at DefCon, a hacker conference in Las Vegas, in which he revealed how Adobe's protection worked. Or rather, didn't work. Adobe's DRM was built around two ciphers: the first, ROT13, has been around since the days of Augustus Caesar, and can be broken by a six year old (ROT13 simply adds 13 to every letter of the alphabet, so that "A" becomes "N", "B" becomes "O," and so on). The second, XOR, is the basis of many a good cryptosystem, but only when each operation uses a different, long key -- Adobe used the same key for every operation, a single word.
Dmitry was arrested, thrown in jail and held without bail for most of a month. If writers were sufficiently on the ball, we'd be organizing a legal defense fund for the guy -- after all, he just saved us all from entrusting our work to this brain-damaged system.
We can't depend on the law to keep cryptosystems from being compromised. Such laws only serve to permit bad cryptosystems from being undiscovered by the people who rely on them most: artists and their publishers.
Nor can we pretend that electronic circulation of our work can be prevented. Our readers are demanding it, and voting with their scanners. Usenet newsgroups like alt.binaries.e-books are filled with hundreds of electronic texts of copyrighted novels, produced by cutting the binding off a book, scanning it one page at a time, running the results through Optical Character Recognition software, and editing the results by hand -- a painfully time-consuming task that hundreds of readers have undertaken so that they can have the convenience and flexibillity that electronic text affords them (when I receive a book for review, I always request the electronic text, so that I can read it off the screen of my Handspring Visor, which saves me lugging 50 kg of books around on airplanes).
How, then, do we earn our living off of our work? When publishing inevitably includes an electronic edition, when unprotected copies of our work circulate freely, how do we compel readers to pay for our time and so keep a roof over our heads?
There are a couple possibilities: The first, of course, is that we can't. The world doesn't owe us a living. This may even serve copyright's goal -- the production of lots of creative material. After all, the vast majority of science fiction writers *don't* earn a living writing, but they do it anyway. Demanding recompense for your work when no one is willing to pay for it is rarely a productive strategy -- just ask a squeegee kid. It's possible that eliminating recompense for writing will barely affect the volume of material available: the fact that science fiction magzines are still
drowning in great story submissions while paying the same word rates they offered in the 1930s sure suggests this.
Another possibility: Begging. Instead of compelling my readers to pay me for my work before they get it, I can beg them for a donation after the fact. Lots of creative people see a real future here, and I concede the possibility, but I can't say I like it. Ask the same squeegee kid: Holding your hand out and asking passersby for some spare change is a miserable way to make a living.
A third possibility: Alternative revenue sources. Some writers make a hell of a living at speaking engagements, or with college professorships, appearances at workshops, bursaries, grants, awards, what have you. This is not a lot more attractive than begging, since the skills needed to secure such income are not necessarily correlated with the ability to create great fiction. More importantly, where do you find the time to write when you're on the lecture circuit, teaching, or working on a grant-proposal?
There are more possibiities, surely. The job of science fiction writers, as Gardner Dozois says, is to "consider the car and the movie and invent the drive-in." We've arrived at the future, and our traditional means of getting by has been made redundant. Stamping our feet and suing the universe for compensation hardly does us credit as a profession. The best that can get us is some kind of historical preservation, a science fiction writers' museum in which outmoded means of production are put on display so that kids can see what life was like in the dark days before the Internet changed the world.
As professional evaluators of possibilities, ponderers of "What if," "If only," and "If this goes on," no one is better suited than us to inventing the means by which we earn our living in the years to come.
Meanwhile, we need to take a stand. Researchers are being jailed, professors are being sued, and millions of dollars are being funneled from technology companies into publishing companies in the form of legal settlements -- all on *our* behalf. We need to speak up for ourselves, whenever and however we can, speak up in favor of the future.
Acknowledgements: A number of first readers were indispensible to me as I wrote this. Thanks to Dan Moniz, Karl Schroeder, Cindy Cohn, and Pat York for advice and disagreement on matters legal, stylistic, ethical and technical.
-30-
--
Cory Doctorow
(Address removed)
- Date modified:
