Let’s start with a little background. In college, it was considered “normal” to share music, movies, programs, and video games with your peers in the form of various digital files. None of this content was paid for. Let’s just call it for what it really is…stealing. Why did I do it if I knew it was wrong? I guess I was just like everyone else. I felt entitled. It was easy. It was accessible. The networks were fast, especially on the internal LAN. Most of all, it was free.
Fast-forward to today. Software piracy is an even bigger problem than it was 10 years ago. Networks are even faster. High-speed Internet is accessible to most households. There are numerous sites which list and host pirated software. New technology has been developed to help share these files with your peers.
As a result, software companies have implemented various measures to combat software piracy. A disturbing trend that is becoming more and more popular is the use of DRM or Digital Rights Management. Essentially, DRM is embedded into a product but the product will not run in its current form. Sometimes the data is encrypted. Other times, some code will be purposely left out. The only way for the product to work is to connect to some central source such as a server hosted by the software company to check the legitimacy of the product and then undo any protection mechanisms of the DRM.
In theory, DRM sounds like a great idea. You protect your product against the crackers and make your product more difficult to reverse engineer. The product still works for people who purchased it legally. The only problem is that DRM does not work! DRM may make it harder for a cracker to reverse engineer, but given enough time and the proper motivation, a skilled cracker can still undo the protection schemes. If DRM doesn’t effectively stop crackers, then DRM only hurts the paying customer. Here are some of the main complaints about DRM.
- DRM first started in music files (e.g., mp3s) and now has progressed to be included in PC video games. One problem with DRM is that it changes the definition of “ownership”. When you pay $.99 for a song, you do not own the song. You only own the “right” to play that song on an approved device. You cannot play that song on another music device in your household. You cannot play that song on another computer.
- Because you only play the purchased song on an approved device (e.g., iPod), DRM has been used to force a monopoly on certain devices. If you purchased your music files from iTunes, you are forced to use an Apple product to play to be able to play that file. You cannot play that same music file onto a competitor’s music playing device.
- Since DRM requires access to some central server to make the product or file work, if the server goes down, then the product or file becomes unusable. This has happened several times already (e.g., think Ubisoft with Splinter Cell and Assassin’s Creed 2). As consumer backlash rises, hackers will continue to target these DRM servers with denial of service (DoS) attacks to bring down these servers in protest. They may be voicing their displeasure with DRM, but the consumer is the one who is left with an unusable product.
- Some DRM implementations require constant Internet connections. Whenever the connection goes down, the game is unplayable. Often times, the progress through a game is not saved and the consumer has to start over at a previous save point. Not everyone has high speed Internet. Wireless networks used at homes sometimes have interference from other devices which could disrupt a connection. If you are away from home on your laptop, you may not be able to find a place with Internet access. The current infrastructure is not good enough to provide this level of service.
- If one day, the software company decided to stop supporting a certain product and takes down their DRM servers, the files that rely on those servers will stop working. It may take several years but it could be shorter. It stinks if a game that you bought today would suddenly stop working a few years from now because the company decided it was no longer profitable to maintain the servers.
- DRM usually requires some sort of extra overhead to decode or decrypt some block of code or data. This usually means that CPU cycles are wasted on repeatedly performing these tasks. Though the effect of this is often not negligible, programs and games would still perform marginally faster if they did not have to perform these tasks.
Software companies and game companies in particular make most of their money early on. Actually, movie companies are the same way. People spend the most money early on when the interest is highest. If someone could use a product for free on the first day that it is released, why would they spend the money for the product at a future date? DRM was meant to stop crackers from 0-day releases.
At the end of the day, software companies still deserve to get paid. Software piracy is stealing. Millions of dollars are spent on developing, advertising, and distributing their products. Their employees still have to do what they’re paid to do. Teams of people have worked hard to make the products that you use. If no one pays for their software, these companies won’t make any money. If they don’t make money, they can’t pay their employees. If there are no employees, then there is no one to create these new products and games that we all enjoy. If you want a product bad enough, then buy it. If you are an adult with an honest-day’s wage, you have no excuse to not legally pay for software.
However, if you do not agree with a company’s policy, you need to voice your displeasure in a legal way…with your wallet. Do not buy their game. Do not buy future games. Do not even play the pirated version of the game. Do not show any interest in their products until they get their acts together. Even if you have no intention of buying the game, simply playing the pirated version shows interest in the game. That negative buzz for the game still might generate enough interest for someone else to go buy the game.
Well, some people say that they WOULD buy software if these companies weren’t so greedy and actually reduced their prices. Well, to a certain extent I agree that software could be a little cheaper. I often take advantage of those limited-time deals where you can get software at discounted prices. However when prices are really low, people still install and use pirated software. The problem is that nothing is lower than FREE. Why would someone pay for software if you can get it for free?
It’s an endless cycle. Software companies will create products. Crackers will crack and distribute the products without licensing. People will download and use them. Software companies will create more ways to protect their products. Crackers will learn how to reverse those protection measures. Software companies will add more restrictive protection measures. This angers the consumer base which turn to pirated software. And so on…
So how do we stop software piracy? I think this is a complicated problem which requires a multifaceted approach:
Stop the "Supply"
First, measures must be taken to stop the supply of pirated software. If you cut off the source, there will be less pirated software available to download. What I consider the “source” has two parts: the crackers and the distributors. Crackers are the people who reverse engineer whatever licensing scheme is used by each game or software program. Once they figure out how the code works, they often apply some patch to bypass the licensing or write a program which generates licenses that appear valid. Once the software has been cracked, it ends up on various distribution channels such as bit torrent, IRC, or anonymous web-hosted sites. From here, casual users could search for and download the pirated software.
There must be a greater punishment for those who are caught pirating software and distributing it. There needs to be laws that carry mandatory sentences such as 5 years in prison. Whatever the punishments are, they need to be publicized to serve as a strong deterrent.
Stop the "Demand"
Attention needs to be paid in cracking down on downloaders of pirated software. Crackers/distributers serve as the “supply” of software piracy but downloads provide the “demand”. If there are no people downloading pirated software, there were be little reason for the crackers to continue to doing what they are doing.
So how do you stop people from downloading pirated software? Like crackers/distributers, there needs to be laws that punish people who are caught downloading/installing pirated software. Since the majority of people who download pirated software are young adults (e.g., college students), obviously the punishments have to be less severe.
I believe a “3-strike” policy would work. I propose that the punishment for the first offense be a $1,000 fine. That way, it is severe enough but won’t leave a permanent mark on your record if you continue to stay clean.
For the second offense, I would propose a $5,000 fine and a year’s probation. I think most college kids won’t have this kind of money lying around so I think they would need their parents to help them out. I also think that the probation will help scare the downloaders and it also does not remain on a person’s permanent record if they learned from their mistakes.
As for the third offense, I think the punishment should be a $10,000 fine and 2 years in prison. If anyone is stupid enough to continue downloading pirated software at this point, I think they deserve to have this stay on their permanent record. Things like this would serve as a huge red flag for companies who would potentially want to hire this type of individual.
Educate the Public
The next step in stopping software piracy is to educate the public about the dangers of downloading and installing pirated software. You don’t know what you are getting when you download pirated software. How do you know the video game or program that you downloaded doesn’t contain a backdoor in it? How do you know it’s not recording your keystrokes as you browse the web? Did you run it through a debugger and traced through the binary code?
The fact is that pirated software often will look like it works but can do some pretty nasty things in the background. I work at a software security company and I’ve seen firsthand some of the underhanded things that hackers can do if they can get their code to run on your system. By installing the unknown piece of pirated software on your system, you already have done the hard part for them. This is exactly how viruses are often spread. You run some program that a buddy gives you thinking that it’s safe and now you’re infected. Anyone else connected on your network is now potentially affected as well.
People need to learn to never download and install a program from an untrusted source. It is just not worth the risk of losing your files or exposing your financial information just to save $50 here or there. By buying software legally from reputable software companies, you know exactly what you are getting.
Dilute the Supply
Lastly, my final idea for stopping software piracy is for software publishers to use the distribution channels to their advantage. Instead of waiting for pirated versions of their software to appear on these channels, they should instead proactively create dummy versions of their programs which contain unique identifiers in them. When someone downloads and installs these dummy versions, these programs can collect some user info and phone home the data to some central location where it can be analyzed. This data could be used to pursue legal action against these downloaders as well. If every other download was a dummy program, downloaders would then realize that they could no longer reliably trust what they are downloading.
Wow. This has been a long post. I never knew how strongly I felt about the subject. So how can I summarize all this? Well, support the developers of the software that you use by paying for it. Encourage your friends to do the same. Regarding DRM, rage against the “machine”. Vote with your wallets and simply refuse to buy products that contain such restrictive DRM schemes.
No comments:
Post a Comment