I wanted to take a few moments to publically reply to Linden Lab’s recent changes to content management policy. I think overall it is a step in the right direction; however one subsection of the policy leaves me with grave reservations – the suggested standards for backup utilities. To quote from the original posting on this subject:

To those developing copying tools, we urge the simultaneous development of standard industry practices that protect against intellectual property infringement. For example, consider the following standard practices for tools copying content from Second Life:

1. Check that the user of the tool is the Second Life “creator” of the content;
2. Do not facilitate the export of an entire Second Life inventory; and
3. Preserve the Second Life “creator” name and information that the content was originally created in the Second Life virtual world.

To summarise in other words, “You may only export content you created, and only if you label them as something you created in Second Life first, with your second life avatar name; and you cannot back up your whole inventory at once – you must do so piecemeal.” – every single one of these restrictions eliminates a large swathe of legitimate users and uses. Let’s go into them in detail.

Check that the user of the tool is the Second Life “creator” of the content

You have now eliminated all the content that is explicitly marked as compatible off-grid; everything licensed under creative commons or Open Source licenses, everything in the public domain. While I concur with ‘Full Permission != Permission to Export’; there is no way right now of programmatically indicating whether you want to allow content to be exported — however there are ways of legally indicating it, such as license files, README notecards, et al.

While Full Permissions are not an ideal situation – the overlap between content allowed off-grid, and full permission freebies is significant enough that a full permission check is a acceptable compromise. I personally would say ‘Full Permission OR Creator’; as both indicate a high level of permissiveness with the content itself (and the creator should always be able to export their own content). It is worth noting that Second Inventory (the popular backup tool) has been using ‘Full Permission’ as its own metric for over a year now; with I believe mostly acceptable results (it is not used as an infringement tool – the infringement part is always done by a illegitimate tool first).

Do not facilitate the export of an entire Second Life inventory

Hello.

The only possible reasoning for this I imagine is simply to prevent competition – by allowing full inventory export; you make it easy to translate content you developed from Second Life, to the numerous third party grids. If someone high profile wants to leave for one of these, these tools definetely help streamline the process. With 50,000+ downloads of the OpenSimulator software since December – I suspect there is an alterior motive for this ’standard’ that is not related at all to helping content creators; infact I cannot see a reason at all where this helps Content Creators.

The unintentional targets of this are now people who perform inventory backups – the Second Life Inventory server is about 99.99% reliable – which means 1 in 10,000 users can expect to lose their whole inventory, and 1 in 10,000 items will mysteriously vanish over the course of a year. There are reasons why Second Inventory market themselves as a backup tool for the unreliable asset & inventory services – and it is distinctly related to deficiencies in the platform itself.

As far as I can tell, this rule makes backups harder – which hurts content creators, because legitimate backup tools are now out of the question. It’s also saying something about the supposed ‘You own your IP’ line Linden Lab has been stating for the last 7 years. If we own our IP, how can you state what we can do with it?

which brings us to…

Preserve the Second Life “creator” name and information that the content was originally created in the Second Life virtual world.

Many probably want to be able to do this optionally; but it is not a mandatory feature. Mandating this indicates that you do not have control over your IP – because Linden Lab is going to demand attribution to Second Life. We at DeepThink developed a whole bunch of content over the last 2 years for use in both Second Life and OpenSim – I dont want that attributed to our content creation account, I want that attributed to:

DeepThink Pty Ltd. <www.deepthinklabs.com> – Copyright©2008, See attached license for licensing information

and not…

Adam Zaius – Second Life

Forcing the latter is stupid, and less effective than the former. The latter does not hold any form of copyright, it does not imply any license – and it does not imply any contact information for the creator or copyright holding entity [especially if they leave SL]. The tools should include the capability to add attribution metadata, and maybe they can default to showing a Second Life name (eg ‘Adam Zaius inSL’) – but ultimately, *I* want freeform legal attribution – which carries a lot more weight in the real world, where copyright matters.

This personally reeks of an disingenous alterior motive – particularly the last bit (Created in SL) – I’m very skeptical that Linden Lab would be able to legally enforce this; Textures and other assets have no ‘creative’ input by Linden Lab. The procedural primitive modelling may have some effect, but since a process is not legally creative – I dont believe the procedural algorithms themselves contribute creatively to the final work significantly enough to give Linden Lab joint copyright — although a legal experts opinion is definetely required here.

Ultimately, I think this is a counterproductive effort.

While I think this came from a earnest and honest discussion internally at Linden Lab – I dont believe it has any real world capacity to solve any real problems. Second Life needs a permission system that is capable of indicating an export permission. It should be clearly marked ‘Allow Export’; and be tied hand-in-hand with full permissions (so you can only check ‘Allow Export’ on existing full permission content — this way people are under no pretenses)

It’s not an ideal solution to the permission model’s deficiencies – but it would be a much better start than the three listed above. Since permissions are implemented as a 32-bit bitflags on the backend, and 28 bits are currently unused, implementing this would require no significant database or architectural modifications to Linden Lab’s backend (if anything it is just a viewer modification.) – it would be a very simple modification to make.

As a administrator on the most popular alternate grid – I dont want content on the grid that doesn’t belong. Infact we do spend a great deal of time making sure that our freebie locations and newbie content is all legitimately licensed (tell us if you find something that isn’t!), and the original creator intended the content to be there; anything that simplifies that process has my wholehearted approval.

Illegitimate content is not just irritating to deal with, it is also a legal minefield – we do have a DMCA process for OSGrid, and we’ve got some pretty sophisticated ways of removing every instance of an asset off the core servers, but it is a painful and annoying process. DMCA takedowns require certain legal procedures to be followed to the letter – which makes things a liability if they are done wrong; and there are significant extra considerations for non-US residents and servers.

Speaking with four hats on – that of a Grid Admin, Software Developer, Copyright Holder and Consumer – my firm response to this proposal is ‘go back, and try again.’ – because it’s not satisfying the requirements; and won’t do squat to solve the problem of content piracy; infact it will likely have the opposite effect where legitimate tools are handcuffed, and users favour of ones of illegitimate design.

There are good solutions to this problem, and I’ve got a proposal of my own in the works (one that I have been working on for a number of weeks already) – but these ‘Standards and Practices’ are complete hogwash; and degrate creator rights by imposing restrictions on what creators can do with their own content.

So, in my previous few posts on this topic – I have somewhat neglected covering the practical alternatives. Things that can be made to work, and can be difficult if not impossible to break. I’ve made some mentions before on things that can be done, but I’m going to elaborate on them here.

The Good, the Bad, and the Ugly.

To begin with, we’re going to need to make a divide between ‘good’ and ‘bad’ consumers – good consumers are going to be defined as your standard consumers – the people who like to purchase legitimate content from the legitimate sellers – and like to know that they have bought legitimate content.

The second group are the group who dont really mind if they purchase pirated content (or get it for free), this group is somewhat of a lost cause. They dont tend to buy content today, and they probably wont change that habit in the future.

What you want to target is not minimising the size of the second group (all that will do is waste time and is unlikely to get you any kind of extra revenue), but preventing as many of the first group from slipping into the second group (intentionally or unintentionally)

Signing content

Just like a signed copy of a book is worth more than the plain hardcover, it’s possible to sign a purchase with a “To <buyer>, I <content creator here> can affirm this is a legitimate copy that was sold to you.”, there’s a few ways of doing this, number one:

Verifying purchases via a server

Have a registration server – anyone can see the signature of your item and confirm it against the server to see if the person who has it legitimately bought it. This does have the downside that you need to maintain your server ad-infinium if you want people to be able to verify your content.

Verifying purchases via cryptography

This is a niftier solution, and should work for all time as long as people have a copy of something called your “public key”. This means that when you sell the item to someone, you add a digital signature to the purchase with “XYZ bought this from me.” and then sign that message with something called your “private key”. As long as your public key is public – anyone can use it to verify it was you who really signed it.

Pros of Signing Content

• People can verify that a purchase they made came from the original creator legitimately.
• Other people can verify it too – lowering the social value of possessing fakes.
• Helps build up a brand

Cons of Signing Content

• Relies on people recognising content to be able to say it was a fake of designer X.
• You need to probably rely on a mix of both cryptographic signatures and verification services which will likely involve a cost – for a identity-verified cryptographic keypair (such as the ones Verisign provide), and the cost of hosting the service.

Fingerprinting (”Watermarking”)

It’s possible to take a digital asset, and produce a fingerprint of it – fingerprints, like their physical counterpart are very good signatures of someone, but they arent someone themselves. In digital terms this means producing a smaller version of the asset that is unique to it, and registering it so that if any “clone” shows up, it can be said to be derived from the original asset.

Services exist already for print media which register these fingerprints so that if they are ever used elsewhere, someone can verify who originally made the asset.

Pros of fingerprints

• You can verify a fingerprint with a third party to see the original creator of the item.
• Help when filing copyright infringement notices because you have the registration to act as a “I did this first”.

Cons of fingerprints

• Fingerprints cannot tell if something is or is not legitimate alone.
• Fingerprints can be “smudged” by tampering with the asset, the more “smudge-resistant” you make it, the higher chance false positives can occur.

Make it as easy to buy legitimate content, reward those who do.

This one is more of a business opportunity for some individual or group – but make it possible to buy your content on an amazon/iTunes equivilent which is quick and easy to purchase from, and guaruntees legitimate content.

If your content is a pain to purchase, the chances of someone getting frustrated and either nor purchasing, or getting via less-than-legitimate means increases. Reward the consumers who do purchase legitimate content with updates and other services that people getting the false one wont – as a side bonus this will instill some brand loyalty and likely get them buying more content from you in future.

None of these ideas are mutually exclusive – they work best together.

Fingerprinting is complemented nicely when you have signatures attached – in doing so, you can combine them to say “This is not a legitimate item, the original was created by XYZ who’s signature is missing”. By doing so, you can place social pressure on people to purchase the real thing.

While there will always be a group (mentioned above) who dont care – the majority (the good consumer group) will, and will likely try purchase legitimate whenever possible. If merchants present their digital signatures and a third-party verification as part of the purchase process, then it becomes signficiantly more difficult to buy a fake unintentionally.

One last thing

This list is not a total list – it’s what I thought of in five minutes. There’s plenty of other ideas which can be made to work, a lot of it requires third party verification from reputable services, but thankfully neither of these is a new thing. Digimarc provide watermark/fingerprinting services with registration already today for print/web media, and Verisign provide the cryptographic keys nessecary for signing content. (The algorithms for which are very well documented already having been invented at least thirty years ago)

There’s a very fundamental problem facing many content creators in Virtual Worlds these days (such as Second Life™, IMVU™ and others), and that is the problem of Piracy – where one unscrupulous individual takes content from a designer or developer, and then attempts to resell it as their own.

It’s a problem – no-one can deny that, but the solution to the problem is not ‘deep’ DRM. There are a few reasons for this, especially when it comes to content (scripts and backend programming are another matter entirely and something I will get to in a moment)

Three reasons why this wont work for visual content

First, the obvious one – content must be displayed on the users screen. This means it must be presented to the video card in an unencrypted form. I’ve heard a few silly ideas to prevent this one, such as encrypting the texture and using a shader to decrypt it on the video card (just run the shader in a virtual machine).

At a very fundamental level, the laws of mathematics do not allow you to say “This number cannot be copied.”, computers which are based on very high level mathematics are still subject to these immutable laws. There’s a parallel law here which states that you can always modify something – sure you can make it a house of cards that breaks if you make a change, but someone can always employ superglue to prevent that.

It’s technical, but it’s worth reading the examination of the Skype binary (PDF) done by a security analysis team, the Skype developers know their stuff, exactly how to use cryptography properly, how to try prevent debuggers from being run, etc. Every single one of their protections has been examined and detailed specifically in that document – no matter how clever you think you are, there are cleverer people out there and not all of them have good motivations.

Second reason why this wont work – You hand the legitimate user both the content and the key to decrypt it to display it – there’s no way to avoid this without disallowing the user to view the item (which defeats the purpose of content). There’s nothing stopping them from making a copy of both parts, and once the schema is broken, there’s no going back – it’s out there. You cant revise the encryption scheme after it’s been broken, your content is now available unencrypted.

This has been a big problem with things like DVD encryption, because to release a new encryption scheme you need to get every user to update, and titles released under the old scheme are still broken. DRM used in popular products tends to have a life somewhere between a week and three months – assuming point #1 doesn’t hold, this still means you have to assume all your content more than at most 3 months old is piratable – how many content producers produce enough content every month to make their old lines completely redundant from a sales perspective?

Third reason – DRM tends to annoy customers. Consider the possibility where you want to teleport your avatar around a hypothetical super-grid the size of the internet. You enter a sim which hasnt been authorised (and I’d say in the long term, most will fall into this class – similar to only how a small % of sites have SSL certificates), and bam, your avatar vanishes.

Well, what can you do? Not much – but you arent likely to buy avatars from this user again that’s for certain. There is likely going to be a commercial incentive towards content which after you buy is free to do what you want with. (With copyright law enforcing violators and pirates).

So – how the hell do you protect your revenue/sales in an environment where anything goes?

This question is the real question that should be asked, the answer hasnt yet been determined (market forces will likely be the ones to figure out which models work, and which dont)

• Custom Content – in a world where everything is mass produced and cloned, unique content that has been hand crafted for what you want is a drawcard. It’s unique, it’s yours, it’s $50.00/hour design fees.
• Keep on keeping on – The current model is unlikely to collapse, brands seem to matter and people like being able to say they have legitimate content. Systems will likely appear that allow you to verify whether someone has paid for a piece of content or not. Piracy goes on in virtual worlds today, but sellers seem to keep making sales (I’d like to know more from specific sellers how their sales have gone when a piece of content has been pirated significantly).
• Mark your intent - Tying in with the above point is the idea that you can mark your intent – this is ’shallow’ DRM – it’s nothing that cannot be removed, but it does signify what the creator wanted you to do with this content and has licensed you to do. If someone violates these terms, you can deal with them the same way copyright infringement is handled in the real world, courts. For all the complaints that go on about the DMCA, the act does provide a relatively sane way to deal with IP infringement from a content creator perspective (however beware, filing a false DMCA claim IS perjury).

So what about scripts?

Well, if your script is going to be transmitted from host to host – you have the same problems that commercial web scripts have – and all of the above applies. With sufficient bandwidth and processor time however, it is possible to run scripts on your servers for other peoples (the “hosted” model). OpenSim supports this hosted model via the ScriptEngine that can be run as a grid server – hopefully these kinds of things will become easier to setup and maintain, and perhaps a giant such as Akamai will take to the role for other people.