I've not done any history texts before, but I got to talking about this a while ago and decided to set down my memories of a time when the internet was changing the world towards a future not yet decided - and specifically the cultural and technological fight over the role of copyright in the digital era.
Now, this is not any serious historical document. It isn't full of dates and citations. It is very specifically my own memories, as I try to capture the personal experience of living through this turbulent time when the internet was transitioning from a hang-out of the nerd elite into a service used by everyone.
To understand this pivotal period of history, we need to return back to 1999, and to the environment in business and in technology that fostered it. So let us remember the nineties, reluctantly. Clinton was president, pop music dominated, and the media still refered to the internet as 'cyberspace' or the 'information superhighway.' This was a very different era - a time of technological transition from the age of analog to digital. But not a time of transition from physical to internet distribution - that would come in the following decade. Technology of the 90s just wasn't up to that, nor the business environment ready.
DVD-video was around. That had been around since 1996, but it was new and unfamiliar outside of Japan. It was only introduced in the US in 1997, and Europe in 1998. The early DVD players were very expensive, and so in the home market the VHS tape ruled - but the future was clear to see, and it came on shiny plastic discs. Video CD was vaguely a thing, but had failed to achieve great success, and likewise Laserdisc outside of Japan. For the typical home viewer, television came through broadcasts or through tapes. Those could be purchased, recorded off the air, or rented from the beloved Blockbuster store. There was very little high-definition content, and few homes had the equipment for it. It was still the domain of the early-adopter tech enthusiast, but already the consumer electronics industry was excited for it - not least because it promised a reason for everyone to buy all-new equipment.
There was no online legal digital media, at all, other than some uninteresting personal websites. That matters, because this is the environment that created the story soon to follow. There couldn't be for video, because the technology didn't exist - this was still the modem era, broadband was a rare luxury and video compression technology was far less sophisticated than today's. The technology did exist for music, barely, but the business environment didn't. Pirates were trading in songs using the new MP3 format, but there was no way to buy these legitimately.
Portable CD players were quite fashionable. If you were really cool you might be able to afford a minidisc player. If you weren't, you used your dad's old Walkman.
On the internet, these were still the frontier days. Uncivilised and chaotic. Law enforcement barely existed online. Hackers routinely defaced websites with impunity, and were even venerated as folk heroes for it. There was little social media as we would recognise it, but instead a thriving community of usenet and forum boards, AIM conversations and IRC servers. The internet was starting to become more commercial, but the intrusion of businesses in to this space was still regarded by some as a bit suspicious. Like a small town hearing of a new shopping center under construction and realising that the changes to come might be economically beneficial, but would erase their distinctive culture and community as well. This fostered an attitude of general distrust towards the intrusion of business in a space that had, until this time, been largely the domain of tech-enthusiasts and non-profits.
All together these made almost perfect conditions for piracy. No legal media supplier, a culture that didn't see the law as inherently right, and a community of people with technical skill. Almost perfect, but not quite, for the final factor was missing: Convenience.
Online piracy in the 90s was hard - it required knowing people who knew people. Access to the Scene was an elite privilege that few obtained - though I flirted with the fringes, I was never granted such esteem myself. Even knowledge of the Scene was rare. Even if one could obtain these MP3 files, they were of little use without further effort and equipment. The first portable MP3 player launched in 1997, CD burners were expensive, and dubbing to tape was a cumbersome process. It was usually cheaper and easier to just buy the CDs.
Piracy was poised to explode, in a way that looks obvious in retrospect - but these were different times, and the culture of media production and consumption was different as well. To say that the music industry was unprepared for what was to come would be a great understatement.
So let us imagine the life of a person in 1997, embarking on a quest. Our protagonist seeks music: Specifically the hot new album Nimrod, recently released by Green Day. Easily purchased, but this would require money that is not to be squanded on what can be had for free.
If our protagonist is fortunate he (and, this being the 90s internet, odds are we are talking of a male) may have a friend who can help - a contact at school, or at work. They may continue the traditition that spans generations of friends helpfully making a tape to share, or - if this friend is fortunate - copying a CD with the latest technology, a CD burner.
If our protagonist is less fortunate, and of a family wealthy enough to afford it, then they will have to venture online. Here there lurks a mysterious world: The Scene, spoken of in whispers and rumors, where it is said those in the know trade access to secret FTP servers with hundreds of gigabytes of games and music - some of it even pre-release. Alas our protagonist is not this well connected. He has though, in his wanderings, learned that there are places on IRC - chat rooms on such services as DALNet where bots can be found which might, with persuasion, dispense MP3 files. Or that these files might be teased from the world of Usenet, in pieces which must be painstakingly reassembled. It requires hours of work and knowing of the right places, but in time the sought-after files may be assembled and burned to a CD or written to tape. The very fortunate may even have a minidisc player.
My own first introduction to piracy was via the friends-with-contacts route: My father. A competent computer user of the era, but certainly no expert. He knew experts though, and would often bring home free games from his workplace. First in tapes for our Spectrum, to be copied using the ever-unreliable process of a dual casette deck. Later, floppy disks of games for our Atari ST, and finally games for the PC. I do not know where he got these, but these games would often open with an impressively animated launcher. I can only presume that, though he certainly was no member of the legendary Scene, one of his co-workers was, and this co-worker was happy to distribute free games around the workplace.
The music industry was certainly concerned about piracy. Movie studios were too. But it wasn't internet piracy that concerned them - that would come later, but in '99 the internet was still regarded as the hangout of nerds and not a serious business arena or threat. The fear back in '99 was physical media piracy, both organised and unorganised. The organised pirates were criminal gangs who would manufacture CDs and copy casettes - audio and VHS - to sell in street stalls and markets, a practice endemic in the less-economically-developed parts of the world. The unorganised pirates were the the casual copiers, people who would record a song off the radio, or run off a duplicate album on their dual-cassette deck, or wire two VHS players back-to-back so they could keep a copy of rented tapes, or give away copies to friends. Mix-tapes and the informal networks of copying found at schools and workplaces.
This wasn't new. The British Phonographic Industry association had been running the 'home taping is killing music' campaign since the eighties, trying to guilt people away from copying cassettes for friends or recording songs off of the radio. CBS Songs sued Amstrad Electronics in 1998, seeking to ban the sale of dual-cassette desks on the grounds that such a project would be heavily used for illegally duplicating retail cassettes - a British case which mirrored the more famous US case of Sony vs Betamax 1984, when Sony studios sought to ban home video recorders.
The situation can be viewed by looking at another important legal dispute, this one also in the US: RIAA vs Diamond Multimedia Sys, 1999. The RIAA - an industry association representing the collective music industry - took action against Diamond Multimedia, the producers of the first commercially successful MP3 player. Central to the RIAA's argument was that the media player would be used for personal use copying - that is, people would be copying their CDs on to it. That was actually allowed in the US, under the Audio Home Recording Act 1992, but only if royalties were paid for this infringement that Diamond were not paying. The background to this could be a story in itsself, with roots as far back as the 1980s and a conflict between consumer electronics and music labels regarding DAT decks. For this discussion though, the case should be noted for what was not said: Nothing within this case mentioned internet downloads. These were just not a major concern in 1999. Music downloading was the domain of the nerds, and not many of them.
So that's the late nineties as the new millenium loomed: Analog rules, piracy means copying tapes, and the internet is rapidly gaining popularity. The Pentium III has just come out, and those who can afford cutting edge can enjoy the first consumer processors to top one gigahertz. The tech world is discussing the first previews of the latest operating system, Windows ME, and giving it a generally negative reception.
And then Napster happened, and everything changed.
Before Napster, downloading music took time, skill and connections. After Napster, it was something anyone who could use a computer would be able to do in minutes - and they did. The growth was explosive. Within weeks of launch, Napster was comprising a sizable part of all internet traffic. This was nothing short of a revolution. Every piece of tech media covered it. Even mainstream news ran stories about this new program that could provide any song in minutes, without paying, and how it threatened to destroy the music industry - which only drove more people towards it. This all happened, not in years, but in mere months - catching the music industry utterly unprepared. They had plans for the future, but all those plans involved selling CDs or a possible future musical medium, and preventing people from copying whatever that may be.
What happened next was one of the first true 'culture wars' of the internet age. A clash of ideologies. It was not just technological change, but a re-evaluation of how culture and commerce may relate in a digital era.
Napster ushered in ten years that might be called a 'golden age of piracy.' A time when two forces did battle in the arenas of technology, law, business, and public opinion to decide the future of media and of the internet. For some, like myself, it was a glorious time: Infused with the rightousness of belief in our cause (however naive it seems when viewed through mature eyes) we took on the RIAA, the MPAA, and all their allies. We fought for a future of post-copyright, when all of human knowledge and culture would be shared freely. They fought for business and the values of markets and capitalism. Weapons were forged and broken on both sides: Pirates crafting ever-more-sophisticated forms of p2p file sharing only to see new legal tactics turned upon them, while The Man fought with new copy protection technology that was swiftly broken. In the end, neither side truly won: The internet that emerged was neither the utopia of free exchange envisioned by the pirates, nor the fully commercial space that entrenched interests desired where every piece of content would come with a price tag and all would serve the market.
To fight for a cause you truly believe in is an intoxicating experience, and while today I recognise that many of my teenage political views were half-formed and incoherent, it did not feel like that at the time.
Some years have passed now, and technology has marched on. Our pirate of the 90s is still at it, and the old hangouts are still here - but there are newer, easier options now. It is 2004, and today's quest is for a film: The mediocre sci-fi flop I, Robot. An excellent book throughly ruined in adaptation, which no fan of Asimov would wish to endorse with a cinema visit.
First stop for such a film is the popular file sharing site ShareReactor. There is a tremendous amount of data circulating the new p2p networks, but much of it is of poor quality. Mislabeled files, viruses, malware, pranks, defective data, and shoddy encodes. Sites such as ShareReactor help to filter this. For devoted fans of music there is Oink's Pink Palace, but for movies, there is ShareReactor.
With luck, the file is there - a simple search returns an ED2K link. When this link is pasted into the program eMule, the data begins to flow. Slowly, on a dial-up connection, but with a freephone provider it is possible to remain connected all night. Given time, the 700MB file - a gigantic amount - will arrive, ready for watching on PC or laptop. The quality is slightly less than that of a DVD, but only slightly, thanks to the latest XVid codec.
I have some very satisfying personal memories of similar experiences, and some of the fondest are regarding anime. This medium was not mainstream at the time - most people would recognise it only as 'that pokémon stuff' - but some friends and I were fans. I would download series - hack//SIGN, Serial Experiments Lain, Twelve Kingdoms, and so many others - and we would sneak in to an empty room at school used only for storage and staff training. There we would watch these fan-subbed files together in free study periods with a laptop. We never were caught by the teachers.
Not all piracy was so easy. For those seeking more obscure things, like eBooks, there was the Sea of Search Sewage: The 'find' feature in the p2p clients. Here lurked the greatest library of media ever assembled by mankind. If it existed online, it could be found with enough effort. So could an endless stream of toxic code, pornography and fake files. Some was easy to spot - a film in a file less than ten megabytes was clearly fake, or any file ending in .exe. Others less so. It may take many attempts and wasted time and downloads to obtain your target. My own first-choice client was eMule, but I also made use of WinMX, iMesh and the Gnutela network via Limewie. With persistance, the desired data could be fished out of the sea of malware and pornography.
Movies, music and books were relatively safe with some common sense about data safety. Downloading games or software was a much riskier proposition. Malware was rampant, especially in no-cd crack files. It became a common joke to talk of pirates and their virus-ridden computers. I came across a few myself, and more than one wipe-and-reinstall was needed to clear them.
Around this age I was a prolific reader, able to finish a sizable novel in a few days. Libraries provided some material, and the second hand book shops another, when my parents happened to be taking the family that way - but I could never have afforded to buy new books. Here, the internet provided. Between those p2p networks and the more specialised servers of DC++ I found all the reading material I could want. Copied on to a PDA for reading (A most nifty little device running Windows CE and capable of displaying four shades of green), these kept me in reading material through most of my school years. I also learned to contribute to the piracy community, by serving as a proof-reader and watching happily as my improved files appeared in the 'uploads' list.
Napster began the fight, but it was the RIAA who escalated it. Every great conflict needs a great villain, and we could not have asked better than the Recording Industry Association of America. This was an industry of young talent, old managers, and older executives - so out of touch with modern technology that they fumbled every potential PR moment to come their way. The image of them spread across internet culture with the subtlety of a villain from an 80's cartoon. They made themselves easy to hate, and so we hated them. Perhaps if the industry associations - principally the RIAA and MPAA - had not acted like such a cliché of corporate evil, they would not have inspired so many to oppose them.
The first battle came in the swift and inevitable response to Napster. The lawsuit was fast - in legal terms - and the outcome practically assured. Napster was clearly infringing upon the law in some manner, though exactly how was more difficult to say. Copyright law had never been written with that technology in mind, and Napster itself never actually copied anything - it only enabled others to commit infringement. It took four months to decide A&M Records inc vs Napster inc - despite the name, it was the RIAA that truly instigated the case. Napster was closed down after two years of operation, shutting off the flow of free music. After those two years, many internet users had become used to the idea that music could be - should be - free. After all, it had no distribution or reproduction cost now. The only investment was finding some talented artists, some instruments, and a mixing artist, and with computers reducing those costs many artists were willing to produce music for the love of their craft. When the RIAA took the free music away they made a lot of enemies.
After that, things got serious. A battle was fought in propaganda and technology.
The propaganda was laughable. The MPAA's "You wouldn't steal a car" spots became a subject of instant parody, attempting to equate downloading with theft in a way that anyone exposed to online culture would recognise as a false analogy. Other campaigns were less prominant, like the UK's "Knock-Off Nigel" advertisments. Another memory that survives well if of my friends and I in our secret hide-away at school watching the infamous "EZ Jackster" episode of The Proud Family to make fun of it - and being quite angered that Disney had chosen to use a cartoon for children to indoctrinate the audience with such a self-serving moral. We had downloaded the episode illegally, naturally.
Some of the enemies the RIAA and MPAA made were programmers, who launched a slew of new P2P programs. Some were remembered well, like Kazaa. Others were forgotten with time. Some were bizarre, like the OFF System, which used mathematical trickery to transmit copyrighted material while only ever transferring perfectly random blocks of data - an attempt to craft something so outlandish that the courts would struggle to identify any actual crime. All of these were expressly intended to be outside of the law, and they took over where Napster left off. Many of them were designed to be truly decentralised: With no legal entity running the network, there was no-one to sue. My personal memories focus upon eMule, which used both the ED2K and Kademlia networks, though when searching for obscure media I also used Kazaa, iMesh, WinMX and Gnutella.
One especially amusing example was WASTE - a p2p file sharing system designed to serve small networks of friends, making it easy to share media libraries in a manner that was encrypted, secure, and impossible to stop. WASTE was originally designed by programmers at Nullsoft, the company better known for their Winamp music playing software. When Nullsoft was aquired by AOL, AOL's management were unaware of the existence of the WASTE project - a situation that the responsible programmers were happy to let continue until the day of release. Within hours of the release announcement AOL ordered that the software be withdrawn from distribution and destroyed. The WASTE web page was replaced with a notice declaring that the release was unauthorised, all licences invalid, and anyone who used or distributed the software may be subject to legal action.
Naturally the WASTE source was swiftly leaked. Telling engineers that they must destroy something they created, something they believed in, was never going to go smoothly. This incident demonstrates the cultural disagreement between the 'nerdy' community of programmers and internet users and the more conservative minds of business management, and the level of cloak-and-dagger games that sometimes resulted.
At the same time these new P2P programs were competing for the top spot, another advancement in piracy was expanding: Video. Rapid advancement in video compression brought a hacked version of Microsoft's state-of-the-art codec into the pirate community, known mockingly as DivX ;-). This was soon replaced by a fully written-from-scartch DivX, and fork XviD. These improved codecs far outperformed the older MPEG1, MPEG2 and RealVideo. For the first time a DVD-quality movie could be crammed into the 700MB limit of a CD-R, or a few episodes of TV. This volume of data was cumbersome to download, but not impossible - even on 56k modem, many people remember spending all night waiting for a movie download, myself among them. The quality of these videos was poor by modern standards, but to an audience used to VHS tape it was still more than acceptable.
In response to this proliferation of p2p programs, the RIAA started suing individual downloaders in an attempted campaign of intimidation. Ordinary people found themselves in financial ruin. Teenagers, children, single parents and even grandparents were hit with lawsuits that cost tens of thousands of dollars - this being mostly an American matter - to defend against, and statutory damages for tens of thousands more. This may well have scared a few people away from piracy, but it also firmly cemented the RIAA as a figure of absolute hate within internet culture. People wrote songs about how much they hated the RIAA. Memes mocking and condemning them became commonplace. Meanwhile, technology advanced.
Today we might imagine that the media industry and technology would go together, but back in these early-2000s days that was not true at all: The established media industry was actively hostile to uncontrolled technological advancement and innovation. They regarded it - perhaps correctly - as a threat to their very existence as a business, a mentality that had existed through generations of executives. This mentality opened up another front of the war. After being caught off-guard, the RIAA, MPAA, their international counterparts, and more than a few consumer electronics companies got together and started discussing how they should handle this situation. Change was inevitable with the march of technology, but they could perhaps shape this: They could decide what technologies would survive with their blessing and which would fall to legal action, or simply fail for lack of supporters.
There was precedent for this. The internet came as a surprise, but physical media piracy had been a concern for a very long time and technological means to fight it had been used with some success. DAT and minidisc had been tamed through the forced use of a copy protection system known as CGMS, which was required - by licensing terms or by law - in all consumer DAT equipment. Macrovision was a great success - it had been successfully stopping people from copying rental tapes since 1985. These systems were crude by even 2000s standards, but they had sufficed before the internet. To bypass them required some esoteric knowledge and skill in electrical construction, or access to illegal devices. A small annoyance for organised tape copying criminal operations, but enough to deter the casual individual from duplicating a movie to give to friends.
For this to work going forwards, control would be needed: A veto power over new technologies. This would be the battle that truly defined the future of the internet, and everyone at the time knew how high the stakes were.
Two great forces collided in the 2000s.
The collective of businesses and their executives were motivated by more than simple self-interest: Like the pirates, they held in common a vision of the world as it should be. A world of economic growth, prosperity measured in financial returns, and the wealth that can only be generated by great businesses. For this world to survive, technology would have to be controlled. Some things, like P2P file sharing, were simply too dangerous to exist: They must be crushed by any means. Others must be contained so that they would not threaten to undermine the basis upon which business existed - built and sold only with restrictions built in to limit their use, safely protected behind tamper-proof defences. Unrestricted technology should be regarded as a danger that threatened societal fundamentals like the notion of private property. Something so dangerous should be banned banned by law, if need be.
This sort of restriction was anathema to internet culture of the time, which was composed largely of technology enthusiasts. Many were fierce proponents of open source, something that could not exist in the world envisioned by this new tech-entertainment alliance. This new online culture held the notion of free speech in highest regard, detested all forms of censorship, and was full of utopian visions of how global communications would bring limitless knowledge to all. Even world peace felt within grasp. This army of activists drew upon the cultural imagery of Cyberpunk, imaging themselves as revolutionaries fighting for freedom with their mastery of this new technology.
There were hints of the push for DRM even before Napster. Fear of piracy - of the physical media variety - had already been a source of trouble for the consumer electronics industry. They had tried to introduce new technologies such as DAT and VideoCD, but found their path to success blocked by a lack of media: Few labels or studios wanted to make their product available on a media that could be endlessly copied without degredation. Even digital television was being delayed. Studios refused to let their shows be shown on digital channels, where anyone with a powerful computer and the right hardware could record them in perfect digital quality - not unless there was some form of assurance that these channels would be impossible to record.
Forget about legal music downloads, that was right off the table. No label would even consider that - sell someone an MP3 file and they'd have it emailed to all their friends in five minutes.
These pre-Napster fears were still rooted in the era of physical media piracy. In 1999, still unaware of the world-changing technology to come, the consumer electronics sector together got to do something about this. Four technology companies - IBM, Panasonic, Intel and Toshiba - founded the 4C entity in 1999. These four plus Hitachi founded the 5C entity. Their collective aim was to introduce an industry-wide framework of copyright enforcing technology, the Content Protection System Architecture, and they made a determined effort. The intention was that with this new standardised DRM, it would be possible to give studios and labels the assurance that their precious works could not be copied, and that would give those studios the confidence to start accepting the exciting new world of online distribution, portable media, digital television, and a whole lot of new hardware sales. Everyone wins. Well, not everyone, but the people getting screwed over were small manufacturers who couldn't afford the licensing fees and individual users having to buy deliberately crippled and tamper-proofed hardware, so no-one in a position of power cared.
These companies recognised a core problem with earlier DRM technology: a single piece of technology couldn't solve the problem of copyright infringement. Inevitably it would be broken, and even if the break required a very high level of technical skill the unprotected media would be rapidly distributed. This was widely known in the technology sector from the impact of software piracy, where skilled cracking teams had been doing just that since the eighties. Sophisticated software DRM could only be broken by the most highly skilled and specialised of software crackers willing to spend countless hours reading through machine code, but once they had succeeded their efforts would be swiftly circulated in the internet underground. There existed a thriving scene of hobbyist piracy that originated in bulletin boards and quickly spread to the internet. No, to make their goal work, the two entities would need to come up with a whole family of DRM technologies - interconnected, interlocking, comprehensive, acting to reenforce and compliment each other. And, as an added bonus, they could kill off smaller manufacturers with prohibitive license fees and restrictions. This vision was the Content Protection System Architecture, and the aim was nothing less than industry domination.
The first and most important thing to understand about CPSA is that it was enforced on products through licence agreements, and those were required for the cryptographic technology. For example, let's say you run a company that wants to make a digital cable TV box. You get the specification for the cable TV signal, but there's a part missing - the data is encrypted, and you don't have the key. To get the keys you need to contact the 5C entity and request them, which they will provide only if you agree to their CPSA license agreement - this includes things like mandatory measures to keep the keys secure, and restricts what your device may do. It requires that if your box can record video, it must obey the DRM flag in the video stream - which will say either 'recording allowed' or 'recording forbidden' or 'you can record, but only one generation.' If your users were to press record while watching a pay-per-view event your product would have to show them a rude 'computer says no' error, while for regular TV it might be permitted to record but only to internal, non-removable storage which must also be encrypted. If you don't agree to this, you don't get a key.
(Incidentally, this agreement is also the one that tells DVD player manufacturers they have to obey the region codes and that they are not allowed to skip ahead in certain areas of a DVD. You can thank CPSA for those unskippable trailers. DVD-video predates the CPSA, but was made a part of it retroactively.)
The most important part of that licence though, the agreement also forbids any output from your device unless it also uses a CPSA-compliant form of protection. For SD analog video the old macrovision was allowed, but anything HD would have to be encrypted. And any device that was to play this would also have to be CPSA licensed, with all of the same conditions; the license forbids any device from taking an encrypted input and providing an unencrypted output. Except at the lowest quality levels, the CPSA becomes the roach motel of media: Once the content enters, it never leaves. For an HD-capable TV to connect to your cable box, the TV manufacturer must also licence the required keys, which prohibit any unencrypted outputs or recording.
That was the real vision of CPSA: An inescapable world of encryption! The content industries get the assurance they need that piracy is prevented, and make their library available to the new digital world, thus driving a generation of hardware sales and people replacing their old VHS tapes with the new HD-DVD. The big equipment manufacturers get a comfortable lock-in, where smaller players are forced out of business and even large rivals have to pay money in royalties to license all this technology. Everyone is happy! Except the ordinary users, who have to deal with the new DRM technology. Which really sucked.
DVD was part of this, using the CSS encryption scheme. For recordable media there was CPRM, and for prerecorded, CPPM - that's the one DVD-Audio used. Digital lossless video transmission got HDCP - first as an optional extension on DVI, and later as a mandatory capability of HDMI. DAT and Minidisc used the old SCMS flags. Analog video would use the Macrovision and CGMS-A. Video over firewire - back when firewire looked like the future of video - was encrypted with DTCP. If it had worked, it would have ended piracy. But it didn't work, not even close. It was completly useless at that aim, and you've probably not heard of it today.
A similar story happened with the Secure Digital Music Initiative. Much like CPSA, it had origins in the pre-Napster days - but unlike CPSA, it was crafted with the internet in mind, and the intention of one day enabling secure online music sales in a form that could not be copied.
The CPSA, SDMI, the 'Next Generation Secure Computing Base' of Microsoft - all of these were not just technologies. They represented a vision of the future of technology as something focused upon commerce, control, and corporate power structures. Media was to be a business, technology a vehicle for generating revenue, and 'freedom' meant the freedom to choose which business to spend your money at. Technologies which did not serve commerce had no place in this future. Open source software was a threat, a means by which copyright protection technologies might be subverted. Free access to knowledge had no place either, because nothing could be imagined to have worth if that worth was not quantified in dollars. This ran straight in to the idealism of early internet culture - a community which was staunchly anti-authority and increasingly upset at the intrusion of real-world businesses into our community. We imagined technology as the the great liberator, a tool which would bring all of human knowledge and culture before everyone with a connection. Abolishing borders, and bringing true equality in a world where anyone could leave their real identity behind.
In retrospect, this was naive. At the time, it did not feel so. We were intoxicated with zeal, and eager to fight for what we believed in. So piracy became a sort of political movement - a punk rebellion against the established order and their plans to corrupt our burgeoning utopia with the filth of real money.
People came to piracy for the free TV, and were welcomed to a community that believed all knowledge should be free and culture shared freely with anyone. Because it was a cause we believed in, we were willing to put in more effort than was remotely reasonable. I thought nothing of devoting as much bandwidth as I could spare, once I had broadband, to sharing files. I spent the time to join the ebook piracy community, proof-reading books people had scanned in. Others learned the highly skilled craft of cracking games, or preparing the perfect DVD rip. I was never a prolific releaser, though I contributed within my chosen niche.
The pirates reacted to these technologies by utterly destroying any and every form of copy protection technology introduced, with ease.
So why did the CPSA and SDMI fall apart? I can see a few reasons.
Part of it was ignoring the internet. It wasn't really a big thing in 1999, and the CPSA was heavily focused on the content industry as it existed at the time - peddling physical media. Take CPRM, for example - Content Protection for Removable Media. It was created with the assumption that music and movies, and books too, would soon be sold in digital form so that customers could move them between their devices - but they would still be sold in stores. You would go to the music store, pay your money, and buy yourself a memory card. You could put that into your portable music player or your car stereo and play it - but you wouldn't be able to copy the card. You might even be able to copy the file from the card into your home music library or portable player, but the device would render the media on the card unplayable in the process - so you can't lend it to all your friends and have them copy it for themselves unless you reverse the process and erase it from the music system. In essence, it turned a computer file into something like a physical object that could be moved from device to device but never duplicated. But that's not at all how the industry developed. CPSA never envisioned the smartphone, and acknowledged internet distribution only as a potential future opportunity. A mere footnote in the business plan, and that imagined as a service for selling music via dedicated portable players rather than general-purpose PCs.
A much bigger part was Napster, and the new age of piracy it brought about - with peer-to-peer technology, it only took a single person breaking the DRM for the whole world to have access to the media in unencrypted form. There was no way to foresee Napster; it appeared overnight and became an instant global sensation. Napster brought to media the same problem that plagued software anti-piracy, but many times more severe because Napster removed the skill barrier needed to access the world of pirated media. With Napster, even the most technologically inept could download the program and have all the music they could ever want available in minutes. CPSA was designed to stop you from buying a CD and copying it for your friend, and it could do that because the typical person didn't possess the skill to break a DRM technology - but with Napster and the successors, the typical person didn't need to. Napster turned the music industry upside-down, and while it was short-lived it spawned numerous successors and a period of rapid innovation in P2P technology that soon expanded to include video as well.
Then there was the backlash. Copyright was not a big subject of public concern at the time, and is barely any more a subject now, but the open source movement was growing - and this community saw all DRM technology, especially that endorsed by the CPSA, as repulsive. DRM and open source simply aren't compatible - for any DRM scheme to work it needs to be tamper-proof, it needs to rely on secret keys and on code that the user cannot alter or replace, and on hardware with mechanisms intended to detect alteration and self-destruct if modified. The CPSA might have had potential in consumer electronics, but it angered the internet. DRM may not have merited even a mention in mainstream news services, but it was big news to internet culture.
Some of the CPSA restrictions also grated heavily on customers. Even for non-pirates they proved to be inconvenient. A consumer DAT deck or camcorder - yes, they were called camcorders - by way of example, had to be incapable of recording media that didn't have the no-copy flag. You could record your band performance, but you wouldn't then be able to digitally copy that master to make more tapes to sell - even though it was your own work. If you wanted to do that you had to spring for professional equipment, which was deliberately priced high to keep it away from the mass market. You could record a program on the CPSA-compliant DVR, but only onto fixed media bound to the device - so you couldn't build an archive of TV to collect, or take your recording to watch as a friend's house short of transporting the entire DVR. Intentional limitations, of course - if people could record their own TV collection in perfect digital quality, it would hurt the market for box sets.
The final flaw was in the DRM components themselves. The CPSA architecture did make account for the inevitability that there would be cracks - these were technology companies, they'd been fighting digital pirates since commodore-64 users were exchanging five-and-a-quarter floppies at meets and sharing files on bulletin boards. To combat this all CPSA digital components included a revocation system, by which devices with known security flaws could be remotely rendered useless. This was only to be used in extreme cases because of the inevitable consumer backlash - customers are going to be angry if they learn their ten-thousand-dollar televison just had the self-destruct triggered. The draft plans even imagined a sort of viral revocation list - the revocation order could be issued on DVD which would update the DVD player, which would in turn transmit the order to the connected TV, which would send it on to your digital video recorder and to your hi-fi unit, so there was no way to keep 'insecure' devices functional short of unplugging all the antennas and only playing old media.
But that wasn't enough, because it wasn't just individual devices in CPSA that were cracked. Whole technologies were, in ways that could not be patched out. CSS was broken in 1999, the same year the CPSA consortiums were established - almost as soon as they endorsed it, CSS became ineffective and DVD copying became possible. HDCP was broken later, but to little point, as it was still easier to break the media encryption. The only components that didn't get cracked were the ones that no-one ever used, like CPRM. Some components pre-dated CPSA but were incorporated into it despite being already broken - SCMS being the main one. The security of these technologies depended not on encryption, but the practicality of getting the knowledge and hardware to break them. Before the internet you couldn't just go to the library and ask for a shady book of schematics to build a macrovision remover or a program for a PIC chip to remove SCMS, but now people could. Although they didn't need to, because Napster.
There was a final protection on CPSA and in SDMI alike though, a last-ditch defence against this situation that could have saved the whole scheme: Watermarking. As envisioned, all media published into the CPSA ecosystem would bear a watermark embedded in the audio and video - and if this watermark were detected by a CPSA-complient device on any digital input without encryption, the device would immediately cease functioning until the offending data was no longer detected. So even if you did decrypt CSS and copy a DVD, as soon as you put your unencrypted DVD into the DVD player the player would reject it. Even if you hooked your computer to your TV and played the video that way, the TV would detect the unencrypted watermark and turn off. You could rip a CD easily enough - but if you were to try to play the audio onto your CPSA-complient portable music player, it would lock up. You would only be able to play the copied music on old equipment.
Except, that never happened. That vital part, the watermark, was never introduced. The technology proved difficult to achieve - the Secure Digital Music Initiative released samples of four candidate watermarks to the public in 2000 as a contest, offering $10,000 to anyone who could find a way to remove a watermark without impacting the quality of the song - all four were defeated within days. The SDMI refused to pay any reward money and instead threatened legal action against anyone who publicly disclosed the hack, further tarnishing the music industry's reputation. Subsequent efforts proved no more fruitful, and the watermark was never completed and incorporated into the CPSA or SDMI framework. With this essential component missing the CPSA could never recover from the many, many cryptographic and practical flaws. The CPSA vision fell apart long before it could be perfected.
The CPSA dream of a totalitarian cryptographic ecosystem was hated by customers, cracked in countless ways, and rendered completely pointless within a few years by the internet anyway.
CPSA became almost a footnote in history, but not completely forgotten. The legacy still exists in a few small places. Some of the components of CPSA do survive today, but in isolation - not part of any grand plan as they once were. CSS remains on DVDs, HDMI ports are protected by HDCP. Even CRPM lives on in zombie form - it's a mandatory part of the Secure Digital card specification, and the part that the 'secure' refers to in the name. I don't think anyone has ever actually used it, but it's there. CPPM - the prerecorded media counterpart to CPRM - is used to encrypt DVD-audio disks. That one lasted longer than most - it wasn't cracked until 2005, probably because no-one actually used DVD-audio. The only part of CPSA to outlast it might be HDCP, which was cracked fully in 2010 - perhaps lasting so long because there was little reason to focus on breaking it when the encryption on the media was an easier target. HD-DVD lost the format war to blu-ray, though as the encryption of both was defeated that made little difference.
Now, I want to imagine a different future. How things could have played out a little differently.
The year is 2002. Napster is dead, and Kazaa is rocketing to popularity. In a boardroom at Sony's US headquarters, executives are meeting in a state of near-despair. They closed Napster, but they cannot hope to do the same for the successors - there will surely be hundreds, many launched by people around the world in countries that pay little respect to US law. A proposal is made to file lawsuits against individual users, but this is rejected - it will be ineffective, and turn public opinion against the industry. Instead everything is invested into a new lobbying campaign:. Favors are called in. Threats to withhold campaign contributions are made. And in an amazingly short time, president Bush signs the Internet Rights Protection Act: All p2p file sharing technology is now prohibited, and all US ISPs are required by law to block such technologies. Similar laws are passed in other countries. P2P is now dead. The industry won.
Without access to P2P, piracy remains part of the underground. It exists for those in the know, carried out on secret encrypted places, but never makes it to mass adoption again. The MP3 player craze fizzles out through lack of access to files to play - ripping from a CD is cumbersome, and offers no real advantage over a portable CD player. There is a great pent-up demand for music downloads, but no way to obtain them - legally or otherwise. As in our own timeline, it is Apple who break into this market - though their service looks different to that we saw. Without the threat of piracy, Apple's negotiating position is weakened greatly. Labels, fearing that their product will lose perceived value if it is ever sold cheaply, insist upon a minimum price little below physical retail and that albums must be sold only as albums, never single tracks.
A few hackers do find ways to work around the encryption - they use techniques like edited sound card drivers that have an added record function. That works up until 2007. Technology has advanced now: Broadband is common, and combined with the new h264 codec introduced in 2003, it is now possible to download movies over the internet. Apple wants in on this, and so does DVD-rental company Netflix. To succeed, they must win over the biggest of the movie and television giants: Disney, News Corporation, AOL Time Warner, and Comcast. If the music industry demands encryption, the video industry demands absolute protection: They will not tolerate a single leak into the underground. That can be done, but there is one non-negotiable term: Any viewing device must meet the same CPSA-mandated levels of tamper protection that apply within consumer electronics. The PC, as an open platform, cannot do this. The output port can be protected by HDCP, but what is to prevent someone from editing a driver file to disable it? To be approved by the studios, the platform must be secured from silicon upwards. Only one computer manufacturer is initially able to provide this: Apple. As they control the Mac from silicon to OS, only they can provide the level of tamper-protection required to meet CPSA standards. They work with the Trusted Computing group, and in 2008 the new Mac and Macbook launch. The firmware will load only signed bootloaders, which load only signed kernels, which will load only signed drivers. A component within the processor ensures this integrity, and will attest to it through cryptographic exchange, as well as providing a secure key storage accessible only when the component can determine a signed kernel is loaded. The greatest selling point of this new Mac is the ability to access the new iTunes movie store: For the first time, customers can download movies and television to watch on their computer, or on their desktop, or even upon the newly-launched iPhone.
While Apple is the first, Microsoft is not far behind. Their lack of top-to-bottom control is a delay to their efforts: The need to work not just with Intel, but also with manufacturers of sound and video interfaces. This coordination takes time, but makes for great success with the launch of the first fully CPSA- and SDMI-complient PC operating system: Windows 7, launched in 2009. iTunes is joined by Netflix, and soon many others: With the matter of platform security solved after many years, digital media has finally come to the PC - but only for OSX and Windows users running post-2009 hardware. This even comes with a convenient logo for customers: So long as they buy only computers with the music-note-and-green-tick symbol, they can be assured that their new computer will be compatible with digital media services.
Microsoft's DRM is the first to succeed in internet video streaming, and for a time causes great complaining: While some sites support only Apple DRM, others support only Microsoft DRM. This situation is never fully resolved. While non-commercial video streaming can simply operate without any DRM at all, commercial services are left with no choice but to either choose or support both.
A side effect of this, and one that makes Microsoft management very happy, is that linux on the desktop is eliminated as a threat. As an open-source kernel can never be part of the chain of trust system, no computer running linux - outside of certain server environments - can ever satisfy the need for assured tamper-proofing. So while linux exists, it can never access streaming services, or play music downloaded from a commercial store. Even YouTube, recently aquired by Google, will not work: The server will not transfer video without the required crypographic handshake. Linux remains the domain of enthusiasts, many of which have to make do without sound and only VGA-resolution output - the respective hardware will not enable such dangerous capabilities unless the official driver first confirms the computer is in a secure state. Even many websites do not work - the font industry is notoriously protective of their copyright, and will not allow for their files to be decrypted outside of a proven-unmodified web browser.
Pre-2009 video cards are prized collector items. Not only because they can display in full resolution on unconventional operating systems, but because they are invaluable for the remaining pirates: Only old hardware lacks the hardware-level watermark detector that will shut down the display if it detects a certain pattern of lights in the video or inaudible modulation in a song indicating that media should never be played unencrypted.
Meanwhile, the internet has developed very differently. Technologies that flourished in our timeline were crushed before maturity, deemed too dangerous by the US Committee for Internet Security - a committee in which six of the twelve members are former executives for either RIAA or MPAA member companies. Certain legacy technologies, such as e-mail, would never meet with approval, but remain permitted because they were too established to ban. Instant messengers are restricted: While the chat function is not a problem, file transfers are legally considered a form of P2P technology and prohibited. Most files are transferred by email, or through companies which exist to perform this specific service. Dropbox is quite popular for this.
Technologies which descended from P2P never existed - there is no bittorrent, but there is also no Seti- or Folding@home. Home internet connections, as a general rule, do not permit incoming TCP sessions at all - it is easier to simply blanket-prohibit for an ISP than to run the type of deep packet inspection needed to filter all protocols on the restricted list. This internet is a much more centralised place in every aspect. Even multiplayer games predominatly run on servers hosted by the publisher, with server software never released.
Piracy is never entirely defeated. But it is difficult, and rare enough that few people venture down that path. It takes access to equipment which is old, or modified, and you must know people who can pass on information about where the latest stashes can be found. It's a niche hobby, embraced by people nostalgic for the internet of old - back when there were more than two operating systems, and more than three browsers.
I think, overall, the failure of the CPSA was a good thing. It was the rampant, unrestrained piracy of the 2000's that drove the content industries to embrace the internet. If Napster hadn't both shown the possibility of internet distribution and the consequences of failing to adapt to the new online world, there may never have been an iTunes, or a Netflix, or a Spotify. If initiatives such as the CPSA and SDMI had not been thoroughly defeated in the battle between DRM engineers and pirates, technology today may be much more restrictive in nature - locked down, less able to innovate new technologies, the open source movement crushed, and this internet even more corporate-dominated than that of our own timeline. The pirates didn't entirely win, in the end, but they didn't entirely lose either. We shaped what the internet would be, and a little of what we valued can still be found within it.