State of the Web: DRM, ‘auto-delete’ and the wiped Amazon Kindle fiasco

state of the web kindle headerThe Web let out a collective “Oh, C’mon, Amazon!” on Monday after a blog post revealed that the online retail giant allegedly deleted a user’s entire Amazon account, completely wiped all contents of her Kindle e-reader, and then told her to bugger off when she asked “Why?”. The problem, said Amazon, was that the her account had been “directly related to another which has been previously closed for abuse in our policies.” What this corporate gibberish means, exactly, Amazon refused to say.

“As a long-term writer about technology, DRM, privacy and user rights, this Amazon example shows the very worst of DRM,” wrote Martin Bekkelund in the post outing Amazon’s heavy-handed ways. “If the retailer, in this case Amazon, thinks you’re a crook, they will throw you out and take away everything that you bought. And if you disagree, you’re totally outlawed. Not only is your account closed, all your books that you paid for are gone. With DRM, you don’t buy and own books, you merely rent them for as long as the retailer finds it convenient.”

Bekkelund’s reaction is a typical one: Web users have long written off DRM (digital rights management), a technology used by industries that rely on copyright to protect their intellectual property, as a cancer upon the digital consumer. And in some ways, it is. But DRM alone is merely a side note. The real story here is that we, as consumers and Web users, have next to zero control over the digital properties we think of as “ours” — and we never did.

Fight for control

People who argue that online piracy is somehow justified because it’s not technically “stealing” — making a copy of a song does not deprive the owner of that song — would likely say that if you “purchase” an e-book, you should be allowed to do whatever you like with that e-book because it’s yours. That’s how it works with physical books, right?

Wrong. The unauthorized recreation of any intellectual property — a book, an e-book, a vinyl record, an MP3 — is a violation of copyright law. Intellectual property’s transformation into all-digital formats, along with the distribution powers of the Internet, simply made this type of copyright violation far easier — so easy, anyone can do it for next to nothing.

Online piracy does not steal the thing itself, but the ability to control the distribution of that thing. If I upload Taken 2 to The Pirate Bay, I have not stolen Taken 2 from 20th Century Fox; I’ve stolen 20th Century Fox’s ability to control distribution of that film. And this is why we have things like DRM, a mechanism that allows copyright-reliant industries to regain a bit of the control that they had before they were sideswiped by technology.

The problem with DRM is when companies use it in ways that hamper consumer’ ability to do things that are perfectly within their right, such as blocking music fans from listening to albums they purchased on multiple devices, or on devices made from multiple manufacturers. But this is a problem of using DRM to impose too much control, which does not itself negate the rights of copyright owners to distribute their intellectual property as they see fit and to make money off of those works.

Where Amazon went wrong

This story of the wiped Kindle, if true, provides a perfect example of a company using DRM to assert too much control over users. As one commenter on Hacker News (where the story first gained prominence) exclaimed, “It absolutely should be illegal to delete files from a device that is currently rented or owned by another party unless they give explicit permission. It should be wire fraud, just like hacking a server and forcing it to act in a way the owner does not desire.”

Indeed. Problem is, all Kindle users apparently do give Amazon this permission — most just don’t know it.

As Amazon reportedly told “Linn” (the user whose Amazon existence was allegedly deleted), Amazon Kindle “Conditions of Use” state that “Amazon reserves the right to refuse service, terminate accounts, remove or edit content, or cancel orders in its sole discretion.” And now we know this means it has the right to remotely wipe any Kindle that might be linked to some nefarious activity.

This doesn’t stop with Amazon, however, which is far from the only company that maintains the right to delete you account anytime it sees fit. In fact, I would bet that a sizable chunk of the sites and services most of us use have this clause in their terms of service, in one form or another. Take Dropbox, for example: Its terms say that it reserves the right “to suspend or end the Services at any time, with or without cause, and with or without notice.” That’s right — without cause or notice.

We can quibble about the pros and cons of DRM all we like — but we should spend equal energy on killing this sneaky “auto-delete” provision, or at least castrating its most horrific bits. Companies need the ability to cut off fraud and other illegal activity on their systems, but that should not give them the right to access users’ devices anytime they like, or delete personal property, without at least providing a reason for doing so, and a way to undo the damage if the company happens to make a mistake.

The vast capabilities of the Internet have severely disrupted the balance of control between companies and consumers, in both directions. It’s a real problem that needs real answers. DRM is an imperfect answer. The “auto-deletion” clause hidden in the depths of so many terms of service is another — not just imperfect, but dangerous: a virtual bazooka that can come out of nowhere to obliterate the files you own (or “rent,” as the case may be).

Unfortunately for us consumers, “auto-delete” will live as long as we allow it to live. Unless we start abandoning the companies that include this weapon in their terms — and that means reading the terms before clicking “Agree” — it will remain, locked and loaded, until some secret assassin decides to pull the trigger.