Vista disables autorun by default, XCP and MediaMax will be inert on most Vista systems. Perhaps XCP
and MediaMax used autorun for safety reasons; but more likely, this choice was expedient for other reasons.
Another safety technique is to build in a sunset date, after which the software will make itself inert. A
sunset would improve safety but would have relatively little effect on record label revenue for most discs, as
we expect nearly all revenue from the disc to have been extracted from the customer in the first three years
after she buys the disc. If more copies of the disc were pressed, with updated DRM software, these could
have a later sunset.
9.2
Updating the Software
When a new version of DRM software is released, it can be shipped on newly pressed CDs, but existing
CDs cannot be modified retroactively. Updates for existing users can be delivered either by download or
on new CDs. Downloads are faster but require an Internet connection; CD delivery is slower but can reach
non-networked machines.
Users will generally cooperate with updates that help them, by improving safety, or otherwise making
the software more useful. But updates to retain the efficacy of the software's usage controls will not be
welcomed by users. Usage controls provide no value to individual user, but only reduce what the user can do
with music from a disc. Because usage controls typically control some uses that are allowed under copyright
law, even law-abiding users would prefer to avoid usage controls, and therefore would not welcome updates
that prolonged their efficacy.
Users have many ways to stop updates from downloading or installing, for example by write-protecting
the software's code so that it cannot be updated, or using a personal firewall to block network connections
to the vendor's download servers. System security tools, which are designed generally to stop unwanted
network connections, downloads, and code installation, can be set to treat CD DRM software as malware. If
users want to block updates, makers of system security tools will have an incentive to provide tools capable
of doing so.
A DRM vendor who wants to deliver unwanted updates has two options. First, the vendor can simply
offer updates and hope some users will not bother to block them. For the vendor and record label, this is
better than nothing. Alternatively, the vendor can try to force users to accept updates.
9.3
Forcing Updates
If a user has the ability to block DRM software updates, a vendor who wants an update must somehow
convince the user that updating is in her best interest. One approach is to make a non-updated system
painful to use.
Ruling out dangerous and legally risky tactics such as logic bombs that destroy the user's system or hold
her (unrelated) data hostage, the vendor's strongest tactic for forcing updates is to make the DRM software
block all access to protected CDs until the user accepts an update. The DRM software might check with
a network server, which would produce periodically a digitally signed and dated certificate listing allowed
versions of the DRM software. If the software on the user's system found that its version number was not
on the list (or if it could not get a recent list), it would block all access to protected discs. The user would
then have to update to a new version to get access to her protected CDs.
This approach would convince some users to update, and would thereby prolong the DRM's efficacy for
those users. But it has several drawbacks. If the computer is not networked, the software will eventually
lock down because it cannot get certificates. (If the software kept working in this case, users could avoid
updates by preventing the DRM software from making network connections.) A bug in the software could
cause an accidental but irreversible lockdown. The software could lock itself down if the vendor's Internet
site is shut down, for example if the vendor goes bankrupt.
24