Musing gently about complex adaptive systems and DRM

Take a complex adaptive system. Introduce network effects. Introduce artificial scarcity. Prepare for meltdown.

It’s one way of describing what happened during the New York Blackout. As the grid itself, along with the system for managing it, grew like Topsy, it became harder to see the wood for the trees, harder to make abundant resources look scarce, harder to protect against simple exogenous events.

It may be one way of describing the reasons for the current credit crunch. Capital markets are complex adaptive systems. For embedded leverage read network effects. For illiquidity read artificial scarcity, which, when combined with embedded leverage, increases opacity. It then gets hard, very hard, to protect against simple exogenous events. Might as well fart against thunder.

Enterprise architectures are already complex enough, a legacy of the proprietary architectures and walled gardens of vendor-dominated worlds; network effects are also much in evidence, as the number of connected people, devices and associated services increases exponentially. Adding artificial scarcity to this potent mixture is not advisable, it gets harder to protect against simple exogenous events.

DRM is artificial scarcity. Nothing more, nothing less. In general, all poorly thought out security policies are nothing more than attempts at implementing artificial scarcity.

For every artificial scarcity, there will be at least one equal and opposite artificial abundance. And that artificial abundance may be the exogenous event that tips the whole fragile environment into fibrillation.

Complex adaptive systems can be regulated, but not by head-in-sand post-facto regulation approaches. There’s a lot we could have learnt from the antivirus experience, a lot we can still learn. Unless, of course, we want history to repeat itself. Which we seem to be willing to do in capital markets, whatever’s left of them.

Poorly implemented firewalls and even more poorly implemented security policies to do with identity, authentication and permission already blight the landscape of enterprises. Consider very carefully the effects of adding path pollutants like DRM to such a toxin-laden environment.

[This post is heavily influenced by numerous conversations I’ve had over the years with Sean Park, Malcolm Dick and Michael Power.]

8 thoughts on “Musing gently about complex adaptive systems and DRM”

  1. Also, don’t forget that, where the whole of the data and the device with the smartness to render it, are both in a physical environment under the control of the user, rather than the control of the owner of the data, DRM is a provably impossible concept…

  2. It’s hard to consider DRM without its legal environment. Anticircumvention laws such as the DMCA in effect give DRM designers the power to legislate.

  3. The three of you make the points I was trying to make more succinctly than I did:

    1. DRM makes customers out to be criminals. This is not a sustainable moral or social position; with customers more and more in control, it will fail.

    2. DRM is getting harder and harder to do technically, as both data and device migrate out of central control into the hands of the user; as the trend increases, it will fail.

    3. DRM, like all other forms of IPR, is meaningless without the regulations that “empower” it. Since this regulation tends to be post-facto, it will fail.

    There was a larger, more general point I was also trying to make. As in the case of power, as in the case of markets, when DRM does fail there will be a meltdown.

  4. I certainly agree about the emergence of complex adaptive systems especially around IT in corporations. One interesting trend which you didn’t mention which is likely to make these systems even more complex concerns Cloud computing or the old SaaS (Software as a Service) model. Some companies will embrace the power of these hosted environments (because that’s what they really are when you take away the fancy marketing terms), other companies will try to embrace them and end up with even more complex environments than before they started.

    It will be interesting to see how it all plays out in the coming months and years.

  5. Kevin, you make an important point. Unless we are really careful with what we design, and unless we make some radical changes to our approach, “cloud computing” will get crushed under its own weight as we make it more and more complex. Not everyone will succeed.

    While I agree with you that both SaaS as well as cloud computing have hosted environments as their core, I think they represent a lot more than that. That’s where the complexity enters. That’s where the radical approaches are called for. That’s where success or failure will be courted.

Let me know what you think