When better is worse: a comment on DRM

I wrote a post for the Day Against DRM for Defective by Design. You can read it there (and should read others’ essays also!). Republishing here:

Everyone knows how to recognize cartoon villains. They twirl their mustaches as they kick puppies, delivering speeches about world domination for personal gain, and often let their arrogance lead to their undoing. People recognize this kind of evil immediately and rise up in protest, banding together to resist. In the real world, most evils are much harder to see coming: they look reasonable at first, perhaps taking just a little bit from many people to get to some unexpected end. Once the effect is widespread enough that most people notice, you have a systemic problem that’s hard to get rid of. The evil that’s easy to identify is easy to fight. The one that initially looks like something good can betray you, and that’s why when we recognize it, we need to speak out against it.

Digital Restrictions Management used to twirl its mustache and kick puppies, making our devices nearly unusable, and we saw it and tried to drive it out of town. But now it’s changed out of its costume and just wants you to sign a little agreement, really just a formality, nothing you’ll even notice. It seems reasonable enough… until we realize what the fine print was telling us we couldn’t do.

It became harder for everyone to avoid these traps when DRM started to work better. Now, people unknowingly let their own software work against their interest—because most of the time, for most people, everything works pretty well. You can happily use it in approved ways on approved devices and not even notice it is there. (And sometimes user interfaces make it unclear how you would copy anything even if DRM wasn’t there to stop you.) The clunky, broken DRM more common in earlier software was easy to see as something standing between you and your own media. But smooth, well-functioning, nearly-invisible DRM is just tricking you into not noticing, silently ready to betray you as soon as you try to do something “forbidden”.

Maybe you don’t think this is so bad. You didn’t want to do anything illegal in the first place, you say, and if someone didn’t give you the right to copy, you don’t want it. But you don’t have to be a scofflaw to run into the limitations imposed by DRM. You did get the right to copy: the many exceptions to copyright are so important that they’re written into law. DRM takes those exceptions away from you and gives you only what someone else decides you ought to have. It neutralizes your rights to quote, criticize, teach about, and archive.

Try to copy a song to use on a new device, read an ebook via text-to-speech, extract a video clip, and with DRM, you can find yourself thwarted by the devices you thought were your own. It might be a small inconvenience to you—but what about librarians and archivists, teachers, artists and documentarians, journalists, or anyone with different needs, all of whom depend on having media that they truly have control over? Fortunately, DRM doesn’t stop everyone… yet. But even if that remains true, do we want a society where the only people who can stand up for your rights are the ones willing to break anti-circumvention laws?

The software you use, for digital media and everything else, should serve your interests. It shouldn’t spy on you, nanny you, or make choices for you against your wishes. But DRM lets someone else choose what your device does. If you can’t change what it does or even see what it’s doing, it doesn’t respect your freedom; it only respects its owner. And that isn’t you.

If DRM doesn’t respect anyone’s rights, why does it stick around? The market is broken and can’t respond well—because DRM mostly works. When you buy encumbered media, you might only discover its problems long after you’ve made your purchase. As far as the industry is concerned, you’re just another happy customer. When you bought it, you told the market it was what you wanted. When you silently stop buying intentionally broken products, it’s obviously because you’ve discovered “piracy”, and the lost sales might be used to justify even more oppressive restrictions.

You can take action to stop DRM from taking away your freedoms! Defective by Design’s Actions page gives you several options, including cancelling services that depend on it and telling them why, and instead supporting media labeled as DRM-free. And tell others to do the same—those restricting your rights have wised up, and no longer make the mistakes of cartoon villains. We can only stop the damage if we all see it coming together.

Why Creative Commons uses CC0

My last blog post for Creative Commons just went up today: why CC uses its own CC0 legal tool to release the text of its licenses into the public domain. You can read it there.

(It’s something I’m happy to have worked on while there, as there was some discussion about other possibilities such as CC BY; I think CC0 was the right choice. And also I can’t help but chuckle at being a zombie lawyer, blogging from beyond the staff listing.)

What happens to the CC licenses if something happens to CC?

A thought prompt from a post to the Wikimedia mailing list: how likely is it that Creative Commons fails, and if so, what happens to Wikimedia? The Wikimedia projects use the Creative Commons licenses (most use BY-SA; a few use BY and the CC0 tool). So do many other projects in the free and open culture space, many of which use these licenses for easy compatibility with each other. They depend on these licenses to provide part of their legal infrastructure. So what needs to be true about Creative Commons to avoid endangering this?

CC has a wider mission than simply the maintenance of the licenses, of course, but much of it could be suspended in a dire situation; nothing would move forward, but the core of its mission would not fall apart. But stewarding the licenses is the core of its job—so what has to remain true for that to happen (in this case, for the license-using community to go on unaffected)? It’s perhaps a thought exercise anyone involved with an organization should take on, even if that worst case never happens—what needs to stick around even if nothing else does, and what does that worst case look like? Here are the thoughts I proposed to the list, edited and slightly expanded on here.

Only the barest sliver of the organization needs to exist for the licenses to exist: someone willing to carry on the name and core mission, even if the organization became unable to pay anyone’s salary to work on it full time. While much of the other work is more resource-intensive, the continued maintenance and stewarding of the canonical version of the licenses does not strictly need to be.

The vast majority of the time, this task is simply keeping the servers running so that they remain accessible: the URL that people use to refer to the text should always give the license text. This itself takes some limited amount of time and funds, someone willing to makes sure the site stays up and the hosting bill is paid. 1 On rare and what I hope are increasingly infrequent occasions, it means revision of the license suite. 2 The main resource this takes is the time of people with the necessary knowledge and commitment to do it, and not even necessarily their full-time efforts. This comes with tradeoffs: it is a long, drawn-out endeavor under the best of circumstances, and our scenario is far from it. (For that matter, deciding when it needs to be done is a drawn-out endeavor in itself.) But I don’t see an inability to find capable lawyers interested in working on such a project, even if in spare time. I was thrilled to be brought on to the team, but it was after I had sent several messages already picking apart the licenses 3, while others particularly from the affiliate network and fellow-traveler organizations contributed detailed comments from their time. The hardest part would be finding someone to lead and coordinate without an existing full-time General Counsel (though even where no staff existed before, it is possible someone could be hired for the task). It benefits from an organization that can support paying for full-time work on it, but does not strictly require it, and should be a process that won’t need to happen again for quite some time. 4

Do the licenses require the organization at all? Yes—but not necessarily the organization in its current form. Someone who has the trust of the license-using community needs to be the license steward, and that someone should also be the rightful user of the CC name. The license text itself is under CC0—anyone can take it and republish it or modify it. But the name is not: it’s a trademark held by the organization, licensed for limited purposes. There are many years of work behind the name and its recognition; attempting to rebrand would be difficult and confusing and harm adoption. Far better to have the holder of the mark and the license steward with community trust be one and the same. (It is of course possible even now to have competing forks of the licenses, and this is a bad idea for the same reason forks of many types of standards with network effects are a bad idea. 5) There doesn’t need to be much to the organization to hold the authority to use the name; anything that counts as a legal nonprofit entity is enough. 6

It’s hard to say what would be considered enough trust and goodwill to be a suitable license steward, but a few thoughts. One is that it should remain a neutral organization, not beholden to particular interests that would sway license interpretation and future versions toward its ends. The 4.0 and earlier texts are fixed, of course, but there is room to influence the 3.0 and 4.0 license communities through the compatibility mechanisms, and future versions could be altered to the benefit of a particular community of adopters at the expense of others; an organization controlled by someone with interests that aren’t in line with the interests of other adopters is more likely to introduce these changes. (I even think that CC should remain independent of other license-using organizations that share common goals—for example, it’s better for Wikimedia to be a user of the licenses than to take CC under its wing, simply because it would influence the license development toward its use cases more than already happens, where it would be better for a steward to not be tightly tied to one type of user.)

Another is that it should keep development in the open, and take input from its community. The licenses’ usefulness depends largely on their adoption by the community; that community is best placed to see both where revision is needed and where change cannot be tolerated. An organization putting out a new version would be foolish to simply toss a new version over the fence, without engaging with suggestions and criticisms and making an effort to reach out to a broad swath of license users to figure out where changes could violate expectations; abandoning the communities would be a fine reason for the communities to abandon the licenses.

Finally, while it’s difficult to get financial support for many kinds of work that don’t involve discrete, easily-quantified, shiny new projects (not the sort CC specializes in), the licenses are easier to make the case for, both with foundations and the public—even in the worst case, I don’t think it would be difficult to get support for the bare bones described here.

So I’m not worried about the projects that depend on CC licenses. But the worst case is a case worth considering.


  1. I’m excluding the tools surrounding the licenses, such as the license chooser, which is surprisingly complex. Even the deeds are built on a complex structure, though they could be adapted to be simpler (and easier to maintain) with some feature loss.
  2. I have joked that I will be happy to consult on the 5.0 revision from my retirement home, shaking my cane at the kids. This is about half a joke: I hope that by the time I am frail enough to need mobility aids there is something better available, like a robotic exoskeleton.
  3. Another joke: that it was easier for them to just hire me than to keep answering my email.
  4. The CC0 legal tool is another matter—that may come up again soon.
  5. Search for “license proliferation” for more argument here.
  6. A nonprofit’s assets, such as its trademarks, can generally be transferred only to another nonprofit.

Where to go from here

I’ve just recently had my last day at Creative Commons, where I worked as counsel for almost three years. I was hired early in the 4.0 drafting process (it is only half a joke that it was easier for them to simply hire me than to continue to answer my emails), staying to see it published and to support the translation and compatibility efforts. CC is a nonprofit organization, supported primarily by large foundation grants; for something that makes up a significant piece in building the open web, it’s more fragile than it perhaps should be, and in an effort to balance the budget many of the staff were let go. So here I am, using some of my newfound free time being to revive my dormant website. 1

Drafting a standard license is the sort of thing is it fantastic to do once. There simply shouldn’t be that many in the world, and they shouldn’t be revised often. And so despite the task being one I enjoy and am well suited to, I hope that I don’t do it again… at least, not for a long time. 2 But one of the other things I loved about the position is that when you mention what you do, you become a lightning rod for everyone with ideas about copyright licensing, and why it is or isn’t important. I had more good conversations with people who care about this topic than almost anyone else, and had to work through more unusual thought experiments (and actual problems!) than I would have in any other place. And, both because of the job and because I am the sort of person who wanted to do it, I’ve thought about and had conversations about several topics over again where I don’t think my position is the obvious one. I haven’t really written any of it down outside of mailing lists, if at all, and for someone who believes in openness, this is ridiculous.

Some one-line examples:

* The licenses are out, but CC’s work isn’t finished
* …but finishing a project and winding it down should be a sign of success, not failure
* “Pragmatic” vs. “ideological” is usually the wrong way to split up the debate
* You only find out what was wrong with your drafting choices when you ask people to translate them
* The post-copyright society is a myth, and pretending it isn’t doesn’t help
* Your legal terms should mean what they say and say what they mean
* No one knows how license compatibility works
* Nonprofits are the worst, except for most of the other things

I think I’ve spoken about all of these, but I am still terrible about writing in public, even for something as simple as posting to a mailing list. (I have a growing collection of thoughts, from bullet points to multi-paragraph fragments, in a text file where they do no one any good.)

A friend whose own writing I admire advised me to “lower the threshold of what’s postable”–so I will take that as my goal. Because I’d like to have these conversations with more people than just those I’ve met at conferences… and some less serious ones besides.


  1. I am still looking for what to do next; your thoughts and suggestions are welcomed.
  2. (This is better than patent drafting–which I learned in law school and found an enjoyable challenge, especially for trying to draft as broadly as possible within the bounds of what is truthful and lawful to claim. But the only field I’d really be qualified to do this in is software, and I would prefer not to create any software patents at all.)

CC and the real and false “sharing economy”

Adapted from a post written to Creative Commons staff, on strategy.

CC is a project with a grand mission, and one that good infrastructure is necessary to help create. While the licenses are the best-known part of that infrastructure, they are just a basic set of tools
toward an end, not an end in themselves. For the infrastructure we build to be useful, it has to be integrated with everything laying on top of it. While CC has been successful with several of the individual sets of tools, it should do better connecting them to the things everyone else already knows that they care about.

Building in support for sharing and openness through CC is similar to building in privacy, security, and many other features of good technological citizenship: the kind of design decision that becomes important in the long term, and often hard to make after the start, because the business model or the basic functionality relies on making one of these impossible. You’re not going to do it unless you decide that it is a feature you want from the beginning because it’s going to make you better than the others. We should be able to convince people that it will: that when people contribute content to be shared, it should be *really* shared, and that openness is a way to create the web and the world and even the business you want.

Most of the popular “sharing economy” involves services and content that are not really shared: one entity has control of a resource, releasing control for some purposes that they like, possibly for payment, without needing the most inefficient of the old platforms to do so. Some improvement, sure. But those points of control still exist, who may shut down or limit the thing being “shared”–and then whatever was built on top of it dies, often both a community and its content. CC should not want this to be the new definition of “sharing”. Single points of failure fail. CC materials and other truly shared resources don’t die this way. They may be stewarded by whoever cares about them, and have the potential to take on new and unexpected lives; the communities who get the most use from them can keep them alive even when no one else is interested. The difference between real and false sharing is that with truly shared materials, there isn’t a necessary disconnect between the interests of those with control of a resource and those who use it and depend on it.


You know how it is: you go to update your blog with a new post and notice something is slightly broken, and really you should update your WordPress installation more than once every few years. So you update–or try to, which requires some fiddling around with the settings of the server you’re using (from your web host; you’re not crazy enough to DIY). OK, *now* you update, and now everything has gone blank. You search for why this could be and the possible fixes and you try them and they don’t work, and you try things that no one has suggested and they also don’t work, and you feel slightly embarrassed about even describing the mess you have gotten yourself into.

And really you just wanted to quickly adapt an email with an idea that could stand alone into a blog post, and now it has been far more than the 15 minutes you planned, and you have something else to do, and you don’t blog again for 2 years because fixing the problem is still on your to-do list.

You know how it is, right?

So here is a new post, again (on a completely fresh install rather than an upgrade). Maybe I’ll even put up the thing I had intended to publish the first time. And some of the rest of the two years of backlog.

Access to research: sign the petition!

In case you’re in the very small population of people who is reading this and who hasn’t seen the White House petition to require that federally funded research be made publicly accessible, go look at it now and sign before June 19th. The Access2Research site has more context about why a petition, and a catalog of some of the press around the issue.

I could say here why I think open access is important, but instead I will just point you to the Wikimedia blog entry, which I contributed to as well:

Wikimedia Foundation endorses mandates for free access to publicly funded research

Dirty secrets

My dirty secret, as a musician, is that I enjoy listening to recordings more than going to concerts. Not because the quality is better–I’m often as happy to listen to a good student group as the symphony–but because I don’t have to watch the group performing without me.

Derek Sivers asks “what do you hate not doing?”

I hate not performing music. It’s one thing to listen to a recording, to know that the performance already happened. The actual performance is far enough separated from you that you can put the thought of participating aside and concentrate on the sounds.

It’s quite another to watch it in front of me, close enough to just run up onto the stage and join them. And especially hard to be in the audience for beautiful pieces I’m unlikely ever to play (works that need a large orchestra, for example)–knowing that the performers are in the middle of creating something beautiful and that I have to just watch. I hate not being part of it. Meanwhile, hearing someone perform something I can’t–a guitarist, for example, or a men’s choir–has nowhere near the same effect.

It’s nowhere near as compelling to play alone in my room; if it were perhaps I would practice more.

True names and other dangers

The “use real names” debate pops up everywhere. Usually the same boring back-and-forth: real names are/aren’t good for improving civil discourse online, anonymous speech is/isn’t. I rarely see anyone acknowledging that what it implies to use your real name is different for different people. But it’s because of this that real names are not the solution to bad behavior online.

I’m attached to my real name. I use it in most spaces because I don’t think of there being much separation between my online and offline identity; in some places I use “mindspillage” simply because it’s been my online handle for so long I’m attached. In some places I don’t feel the need for a consistent identity at all, leaving anonymous comments to be judged on their content alone. I’m civil there too, though not everyone is. Perhaps I’m more careful about what I say when it’s easy to be connected to the rest.

But some of the worst online behavior I’ve seen, the most threatening and the most hurtful, has been from people who are completely open about using their real names. And it’s had the most power to harm when directed to other people also using their real names. The biggest problem with real names isn’t about what kind of consistent identity you use. It’s about the imbalance of power involved with sharing that information.

The people behaving badly under their real names do so because they can. They lose nothing they care about by doing so. (Or very little, at least.) Attaching their bad behavior to their name doesn’t put them in a position to lose their livelihood or their safety. Maybe not even their reputation: imagine a “John Smith”, single, self-employed, seriously unhinged. John uses his real name everywhere, and takes pride in doing so. (Not afraid of being out in public, he says.) It would take a lot of effort to determine exactly which John he was. And if you did, so what? Maybe you expose him, and the thousands of other unfortunately-named John Smiths cringe when the tale shows up in search results, for fear someone thinks it was them. But our John is proud of being a first-class jerk. You can’t harm his reputation because he doesn’t care about it, which is at least partially because very little of the damage he does attaches to him anyway. (Getting a restraining order only works in the most extreme situations.) John can say whatever he wants.

Meanwhile, if you stand to lose a lot by being threatened–if others want to hurt you or your family, or if you will lose your livelihood if anyone so much as alleges anything horrible about you–then even when everyone else is using their real name, you are still at a disadvantage using yours. What happens when John calls the school where you teach (because you’re easy to track down by name), claiming that you’re a criminal? When John calls your parents and tells them lies about what you’ve been up to? Implies that he might hurt your children if you tell anyone he’s harassing you?

You don’t have to be hiding from an oppressive government to be affected by the imbalance of power when you expose your real identity. An oppressive government (or a mostly reasonable government, when it is being oppressive) does not hide itself either. It doesn’t need to. You are at great risk when you anger it; it is at nearly no risk when it angers you. On a smaller scale, it’s the same with you and John.

A consistent pseudonym, like a real name, is something to lose–you are hurt when its reputation takes a hit; you lose the value of time and effort you invested in it. But using one restores balance–you aren’t starting from such a massive disadvantage that you can’t even afford to join in.

We are the media, and so are you

It’s been a while since I’ve used this thing. But I’ve written in a few other places.

Here is my editorial with Jimmy Wales in the Washington Post after the SOPA blackouts, “We are the media, and so are you”.

This was written after the anti-SOPA blackouts to combat two terrible memes. One, that the “content industry” means only the members of the MPAA and RIAA. And two, that Wikimedia is just another tech company, aligned with the “tech industry” interests, making top-down decisions in isolated boardrooms.

It has almost completely failed at fighting those memes. But its other purpose was to give Wikimedia something positive to say that didn’t sink to simply countering the shots fired at us from the bills’ supporters. And at that I hope it was a success.