BEYOND THE PANOPTICON: ARCHITECTURES OF POWER IN DRM
Musings on philosophy, law and technology
posted by:Alex Cameron // 11:24 PM // March 08, 2005 // ID TRAIL MIX
The plague-stricken town, traversed throughout with hierarchy, surveillance, observation, writing; the town immobilized by the functioning of an extensive power that bears in a distinct way over all individual bodies – this is the utopia of the perfectly governed city.
– Michel Foucault, Discipline and Punish: The Birth of the Prison
It is our most sincere desire to identify a technological solution to the plague of piracy. – Jack Valenti,
To the great dismay of copyright owners, a perceived “plague” of infringement has been thriving on the world’s digital networks. Digital rights management (DRM) technology is hailed as a cure for this modern plague. DRM technology promises copyright owners a utopia of perpetual, automated and near-perfect control over their works everywhere the works may go. To the extent DRM systems can deliver on this promise, they are poised to become the ubiquitous regulators of our ability to access and use copyright works and virtually any other type of information product. Much like approaches to controlling plagues of the past, DRM embodies an architecture of panoptic power. It also embodies much more.
Common foundations
At a most basic level, DRM and panopticism are similar because they share a similar underlying epistemologically-based understanding of power relationships. DRM and panopticism derive power from information and knowledge about their respective objects of surveillance.
In both DRM and the Panopticon, the objects of surveillance are denied privacy. As a condition of participation in the architectures (as if they had a choice), the objects are required to lay themselves and their activities bare before their supervisors. This requirement ensures that all information is available for the supervisors to see and use. This information is the root of the supervisor’s power and the more information there is, the greater their power.
Thus, DRM and panopticism both buy into a particular theory of knowledge about people. This theory of knowledge holds that the more data available about a person, and the better it can be processed and classified, the better a person can be known. However, this is not knowledge for the sake of knowledge – it is knowledge in the sense of a re-creation or reconstruction of the individual. Under this theory of knowledge, information leads to ‘data-mined-and-profiled’ truth, and to power.
Common operation
In terms of its operational mechanisms, DRM is analogous to the Panopticon because DRM systems contain technological components that track and report on the works that they protect. However, this tracking and reporting creates information not only about works but, more importantly, about the people that access or use works. The fundamental premise of DRM is one of authentication – i.e. managing who has permission to do what in relation to a work. DRM requires that users disclose personal information in order access or use works. This means that DRM systems can gather detailed information about the types of works that particular users access as well as fine-grained information about how particular users use works. DRM therefore has the capability to simultaneously ‘backlight’ the activities of every user of DRM-protected works so that they are all perfectly observed at an individual level.
Beyond these similarities between DRM and the Panopticon, there are a number of ways that DRM may go beyond the Panopticon in its power.
Differing scope of conformity
First, through DRM, users may be likely to conform their behaviour very closely to all of the self-serving expectations of copyright owners. In other words, under the DRM regime, copyright owners will largely define infringement for users and what copyright owners more generally consider appropriate behaviour in relation to works. For example, beyond the non-infringement expectation, we should expect that copyright owners might establish an expectation that they are entitled to be paid for every possible use of a work, no matter what the law says or how insignificant the use might be. Under the coercive force of DRM, users who access content may be likely to conform their behaviour to this expectation. To the extent that users want access to DRM-protected content, they will have no choice but to conform.
Second, the panoptic effect of DRM may affect user behaviour even in respect of non-DRM protected works, both with respect to non-infringement and other expectations that copyright owners may coerce. In other words, once copyright owners’ expectations are internalized in users through DRM, users may automatically conform their behaviour for all copyright works and other (non-copyright) works that are not protected by DRM. Rather than take on a risk of violating the coerced expectations, users may be likely to conform across the board. This effect may be dependent on the extent to which users can distinguish between works that are protected by DRM and ones that are not. Or perhaps more accurately, it may depend on the extent to which users will avoid risk by refusing to wager being watched or getting caught on their ability to distinguish between the two categories of works.
Third, like other forms of surveillance, DRM is likely to have a broad effect on the kinds of content that users choose to access as well as the uses of content they choose to make. For example, users may self-censor by choosing not to access particular controversial works out of fear that their actions are being watched and recorded and may be exposed. In this way, DRM fundamentally interferes with intellectual exploration. Importantly, in this example users are not strictly conforming their behaviour to the expectations of copyright owners; instead, they are conforming their behaviour to perceived broader social expectations. Because this seems to have little to do with copyright interests, it may be an unintended but nonetheless powerful consequence of panopticism in DRM.
Differing scope for autonomy
Although not typically the focus of analysis in the literature discussing panopticism, it is important to note that the Panopticon sets direct limits on the scope of its subjects’ autonomous behaviour. Those limits take the physical form of prison walls and prison bars. Thus, when it comes to a discussion of the internalization effect of surveillance, panopticism typically must reserve a zone for autonomous action. The Panopticon assumes that the prisoners have some room for autonomous action within the confines of their cells – for Foucault the prisoners are “actors” in “small theaters”. Even if these actors may know that they are being watched and that they will face punishment if their behaviour does not conform to the expectations of the supervisors, at a basic level they still have room to choose how to behave. If there were no scope for autonomous action (i.e. if the coercion took the form of absolute physical restraints), then there would no point in surveillance and there would also be no internalization effect. In fact, it is arguable that the more physical the constraint is, the less effective the panoptic effect would be.
DRM similarly imposes strict constraints on end-users. The architecture of DRM seems to be more about where the walls of the metaphorical prison cell are drawn rather than what goes on inside those walls. With DRM tightly controlling access and use of copyright works, there is little scope for users to choose how to behave. In this way, DRM may not principally rely on the panoptic internalization effect to coerce; instead DRM builds the prison cell a bit smaller.
When it comes to circumvention of DRM, however, the surveillance and internalization effect in DRM is probably more significant then direct coercion. On this issue, DRM does erect some direct constraints on behaviour because it is resistant to circumvention. However, it is arguable that even with a legal architecture of coercion, users have a greater scope for autonomy because they have the ability to choose whether to try to circumvent DRM or not. In this area, DRM panoptically coerces compliance with non-circumvention legislation because of its surveillance functionality – if DRM is always watching and can detect (and act) on circumvention attempts, then users are unlikely to even attempt to circumvent. The effects of this surveillance are internalized.
In all of these ways, the architecture of DRM is similar to but also different from and potentially superior to the Panopticon. In DRM the question for the user is not always whether the guards are in the tower, but rather whether there is a tower or guards at all, or whether there is something completely different. While this lack of visibility may suggest less of a panoptic effect, the opposite may actually be true. Consider the effect of the MPAA’s latest public warning, albeit in the context of copyright infringement: “You can click but you can’t hide”.
Comments
Stefan Brands has posted an interesting follow-up to this post describing how privacy-respecting DRM could be designed.
http://www.idcorner.org/wp-trackback.php/51
Posted by: Bentham at March 8, 2005 02:59 PM
You have missed an enormous philosophical distinction between DRM and the panopticon. DRM is entirely voluntary, while the panopticon is intended to be used against prisoners who have not consented.
When I say that DRM is voluntary, I mean that people purchase content knowing that it has DRM protections. And further, and equally importantly, no content creator is compelled to use DRM on his creations. Everyone is free to sell or license the goods they create under any terms they desire. Some will choose to use DRM, others will choose to give them away freely. And in the same way, every buyer can make a free choice about whether to acquire goods with technological limitations built-in, or others that are free of such limitations.
You can see this dynamic in action in the music market today. We have "DRM lite" systems like iTunes, which for most people lets them do what they want with the music they purchase. They can put it on their iPod or burn it to CD or share it with other computers on their local network. They can't give it away to other people, but most people understand and accept that this is a condition on their purchase.
If they are unhappy with even this relatively small limitation, there are any number of free sources for music on the net. Unsigned bands and independent labels often give away at least some of their music without conditions and without DRM. There are all kinds of choices available.
Any analysis of DRM has to recognize that it is fundamentally a matter of the free market balancing the interests of creators, distributors, and buyers. No one is forced to use DRM. But by the same token, no one is prevented from using it. Standard economic analysis demonstrates that by giving people the maximum set of options for their transactions, we optimize the net social good and social happiness.
This is the real justification for DRM. It makes people happier. It may seem paradoxical, but allowing people to freely choose and decide what restrictions to accept or impose in their transactions of digital goods is actually the optimal social policy. This is completely different from the panopticon, where prisoners have no say over whether they were observed or not. Freedom of choice is the reason for DRM. Those who would oppose it are ultimately trying to force their own views on people who would prefer to make their own decisions on how to live their lives.
Posted by: Cypherpunk at March 8, 2005 03:20 PM
Cypherpunk, makes a number of interesting points. I will endeavor to respond briefly to what I think are our main areas of disagreement.
Cypherpunk writes: “DRM is entirely voluntary, while the panopticon is intended to be used against prisoners who have not consented.”
This is worth fleshing out a bit more. First, with respect to the Panopticon, it is important of course to note the difference between Bentham’s building “The Panopticon” or “Inspection-House” and Foucault’s account of ‘panopticism’. Foucault recognized that the panoptic principle embodied in Bentham’s prison was a principle of power that had wide social application beyond Bentham’s specific artifact. In other words, it is not just about unconsenting prisoners but extends to all areas of society – it is a “mechanism of power reduced to its ideal form”.
Second, DRM is not voluntary. Below, I will respond to the relevance of the issue of choice that creators have with respect to whether they disseminate their works through DRM. For now, let me say only that DRM is not ‘voluntary’ in a couple of other senses:
First, DRM is not ‘voluntary’ within its regime – once consumers are brought under that regime (willingly or unwillingly), the panoptic or super-panoptic effects of DRM that are described in my initial post are achieved. In other words, even if consumers could be said to voluntarily submit themselves to DRM, it does not follow that the power facilitated by DRM is neutralized. Quite the opposite. It is helpful to remember Foucault’s reminder that while contract may underwrite the acceptance of discipline, panopticism is “the technique, universally widespread, of coercion”.
Second, DRM is not voluntary because consumers in fact do not purchase content knowing that it has DRM protections and thus in fact do not voluntarily submit themselves to the power exercised through DRM. Although we do now see some labeling on copy-protected CDs (which employ basic TPMs, not DRMs), content owners that deliver content through DRM are not exactly forthcoming when it comes to informing consumers of what monitoring is taking place. The EULAs might reference the monitoring, but do you know any consumer that reads those, let alone understands them? In this regard, I would point to a recent Berkeley study reviewing, among other things, the privacy implications of DRM-enabled content delivery services:
“The ways that information is collected and processed during use of the services examined is almost impenetrably complex. It is difficult to determine exactly what data a service collects, and merely discovering that separate monitoring entities sit behind the services requires a careful reading of the services’ privacy policies”. (http://www.sims.berkeley.edu/~john_han/docs/p029-mulligan.pdf)
Next, Cypherpunk writes: “And further, and equally importantly, no content creator is compelled to use DRM on his creations.”
This is true in many cases. However, it does not say anything about the power issues that were raised in my initial post in relation to the content that is distributed through DRM. Some copyright owners will choose to exercise power through DRM and some will choose not to use DRM.
Finally, Cypherpunk writes: “If [consumers] are unhappy with even this relatively small limitation, there are any number of free sources for music on the net.”
This comment relates back to the idea that consumers have a choice to voluntarily submit themselves to DRM and the power exercised therein. I have responded to that above. However, an additional point needs to be made here. Cypherpunk’s comment is a common response to criticisms of DRM. It says basically that the market will sort things out – if consumers don’t like DRM’s they won’t buy products with them and DRMs will be eradicated through market forces. This is potentially true to the extent that there are alternatives to DRM-delivered content. There certainly are choices now (although many of them are arguably illegal). However, if the major copyright industries have their way, we will find that our choices increasingly disappear. Copyright industries are already using DRM, anti-circumvention laws and contracts to tie content to devices. Through DRM, the laws that protect DRM, through increased use of surveillance of Internet-related activities, and through ubiquitous initiatives such as trusted computing and broadcast flags, our freedom to choose appears to be rapidly eroding. There will always be some degree of (theoretical) freedom to choose DRM-enabled vs. unrestricted content. However, to the extent that content is increasingly distributed through DRM, (to the extent DRM is effective) and to the extent that consumers want access to the content that is distributed in that manner, there is something unsatisfying in a ‘free-market’ response to the power-based implications of DRM raised in my initial post.
some links:
http://www.michaelgeist.ca/resc/html_bkup/mar72005.html
http://www.cippic.ca/en/faqs-resources/broadcast-flag/
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
http://www.eff.org/wp/eula.php
Posted by: Alex Cameron at March 10, 2005 03:52 PM
Hi Alex. Thanks for the very interesting post. One of the lessons I took from it was precisely that it's dangerous to overlook the troubling consequences of the apparently voluntary nature of DRM architectures.
Suppose we distinguish, for the sake of argument, between the panoptic society -- a society in which there are extreme imbalances of power due to ubiquitous surveillance, and for which Bentham's Panopticon serves as an apt metaphor -- and the society in which DRM architectures are prevalent. One might initially be inclined to think that there's a great gulf between these two societies, stemming from the fact that in the first freedom of choice is largely absent whereas in the second it is present. One way of reading what you're saying, however, seems to me to be this: the DRM architectures, for all their apparent freedom of choice, may simply amount to a bridge leading from a non-panoptic society to the panoptic one. The bridge is of course in one sense a voluntary path -- travelers only walk along it as a result of choosing to view the pleasant scenery it affords along the way. But the trouble is that they may not realize where the bridge is leading: the scenery is great, to be sure, but unknown to many is that they'll find themselves in prison once they step off the bridge at the other end -- a prison whose hallmarks are just those of the panoptic society.
Posted by: David Matheson at March 13, 2005 04:51 PM
Wonderful imagery!
Posted by: Alex Cameron at March 13, 2005 05:14 PM
My August 2004 paper, "Normal Discipline in the Age of Crisis", available via ssrn or http://www.law.georgetown.edu/faculty/jec/normaldiscipline.pdf, undertakes a detailed exploration of the parallels, and the divergences, between DRM and the crisis discipline/plague control modality identified by Foucault. Y'all should check it out, as it addresses the questions of power and voluntariness in considerable detail.
Posted by: Julie Cohen at April 18, 2005 04:54 PM
