Devin on Earth

Last year when I was traveling in Europe, I used Skype — and their SkypeOut feature — to keep in touch with home. At the time, SkypeOut was free when used to place calls to North America, so it was a perfect fit. Other than that one experiment, though, I tend to stick to my cell phone; I’m normally calling a set list of people, and my cell plan gives me more than enough minutes to handle the calls I need to make. I think maybe I’m glad, now.

It seems that recently Skype was caught using a Windows DRM framework that attempted to directly access the BIOS of the Windows machine it was running on — and they were caught because the 64-bit versions of Windows don’t allow this functionality.

Since that time, Skype’s Chief Security Officer has posted a wishy-washy explanation of why they’d included the DRM framework in Skype, and tried to downplay the privacy violation angle.

Now, I’m not one of these folks who thinks that DRM as a concept is inherently evil. There’s a time and a place for it, such as helping to protect confidential or sensitive data (think patient information in healthcare, or other data that falls under legally manadated protection regimes). There’s a place for DRM products such as the Windows Rights Management Server. I do, however, think that in many cases, the people who design and inmplement DRM schemes are guilty of poor thinking. No DRM scheme is going to be fool-proof; people are just too damn clever at finding ways around restrictions if they really want to.

The key for a DRM system, then, is to make a reasonable enough effort to protect the data so that it takes deliberate intent to circumvent the protection. It’s yet another application of the 90/10 rule — you’ll spend 90% of your work to address 10% of the threat. Someone who is sufficiently determined will break any DRM/copy-protection scheme, so at some point you need to draw a line and say, “This is sufficient to keep accidental exposures from happening.” It’s the equivalent of locks on a car door; you’re helping keep honest people honest. Any determined thief will simply break the window and jack your ride. Well, in any DRM scheme, there’s a way to break the window and jack the ride. The trick is to make it so that you can show that the person had to take sufficient steps to do so that you can demonstrate an intent to violate the DRM.

Tying this back to Skype, I think their mistake was in tying the DRM into the framework of the application, rather than embedding it in the specific plug-ins that require it. From what I’ve seen, the most effective DRM implementations are those that tie the protection to the data being protected. Put the protection in the wrong place, and you get into the hot water Skype is finding themselves in. All it takes is one moment to destroy your users’ trust, and in this industry, that’s often a killer blow. I know I’m far less likely to use Skype in the near future.

To some extent, a writer is a writer is a writer, regardless of what kind of work they produce. There are certain realities that every writer must grapple with (if you don’t write, you don’t make money; if you aren’t in front of the keyboard/typewriter/pad of paper, you can’t write; books/papers/copy/articles are written one word at a time) and certain techniques that every writer can benefit from to greater or lesser degree (outlining; how to break writer’s block; producing a complete draft before going back to revise).

Then there are the things that make each type of writing different. For example, if I were a published fiction author (not yet, but I’m working on remedying that), I’d be reasonably confident that if a publisher wanted to reprint my work in a new format or collection, I’d be getting notified about it before it happened. Maybe not always, but most of the time — especially if I owned the copyright to the work and hadn’t signed away the relevant rights. As a technical writer, though, I rarely retain copyright on the works I produce; most of the time, they’re either “to spec” or the contract with the client otherwise stipulates the work is “for-hire.” On the other hand, the book advances and per-word/page payment rates are generally much more generous in technical writing than they are in the fiction world, so you’re well-compensated for giving away your darlings. Not, I hasten to add, that technical writing is a way to get rich. If you are a good steady writer, are flexible in the kind of work you do, and are willing to put in the scramble to constantly line up new business, you can make a decent living as a freelance tech writer[1].

All of this is a roundabout way of saying that back last fall, I got a quick email from an editor at Windows IT Pro Magazine; she was excerpting a portion of the DCAR ebook that I did for them and wanted to know if her condensation was accurate. This excerpt was being put together as an article for the Exchange & Outlook Administrator newsletter. Other than that one email, I didn’t really have any input; I may have written the material, but they own all rights to it and can re-use it however pleases them. I didn’t even know they’d published it as a web exclusive article back in December until just now, thanks to a forwarded email that linked to the article down in the conversation thread.

That’s pretty cool, when you think about it.

[1] Before you ask, I don’t have any advice to offer. I work for 3Sharp as a full-time employee, so my other writing gigs are on the side and take up evenings and weekends. I don’t know how to survive as a full-time freelancer because I don’t want to know; I like my corporate overlords just fine, thank you.