Radiohead knows more than Microsoft about security

Music fans, recording artists, journalists, the RIAA, and digital rights activists have at least one thing in common right now. I'm speaking of the intense interests some people from each group have in the outcome of Radiohead's recent experiment in business models for musicians, of course.

There are people on every side of the issue of how the Internet affects content publishing industries making all kinds of wild claims about what is going to happen as more and more ease of duplication and distribution comes to the end user. There are those who point to examples of book authors who have gained a following and a foothold in the market by offering their books online, self-publishing essentially for free, and ended up making a tidy profit and attracting book deals from major New York publishing houses. There are those such as the RIAA, MPAA, and Microsoft who claim that copyright violation -- or "piracy", as they are so fond of calling it -- is materially damaging their business and is morally equivalent to theft, even if a court of law does not consider it equivalent. There are also those, such as the Free Software Foundation and the OpenBSD project, who see the Internet as the single most effective tool for improving the state of the art of software ever discovered.

Finally, there are those like Radiohead who see a tremendous opportunity for the actual content producers, the artists at the root of the entire music industry. By extension, what Radiohead is doing may have important implications for producers of every form of copyrightable material that can be distributed over the Internet. That includes software, both fiction and nonfiction prose, movies, music, and photography, among other things.

What Radiohead is doing is bold and -- at least at their level of prominence -- unprecedented. The critically acclaimed band's newest album, In Rainbows, can be ordered as an impressive collector's edition including lots of extras from the Website, of course -- and for the impressive (i.e. not cheap) price of forty British pounds. That comes out to about US$80 at the current exchange rate, give or take a few. It's being produced and sold without help or funding by any major RIAA record label, but that's not the controversial part of the deal.

What has everyone up in arms is the other purchase you can make at the In Rainbows website: a digital download of the album, in a simple compressed ZIP archive, with no DRM. The most surprising thing about it is the price, which is whatever you want to pay. No, really. Radiohead charges whatever you want to pay. If you want to download it for free, that's fine. If you want to pay thirty British pounds for it, great. Radiohead seems to be banking on the idea that saving all the RIAA marketing, distribution, and other overhead expenses, combined with what RIAA spokespeople would surely call unrealistic optimism, will lead to greater personal profits for the band than they could ever hope to achieve via the traditional recording industry business model.

How's it working out?

According to a report presenting statistics gathered by comScore, 38% of people worldwide who downloaded In Rainbows paid something for it, which leaves about 62% who "freeloaded". The numbers vary a bit based on location, of course: in the United States, the reported numbers are 40% and 60%, respectively, showing a slightly higher likelihood for US residents to pay than downloaders in the rest of the world.

Keep in mind that only Radiohead and its affiliates know for sure how many downloads there have been, how much money has been paid for them, and so on -- and Radiohead disputes the data, suggesting instead that most fans that have ordered the download chose to pay at least some money for it. Some estimates range higher than US$9,000,000 of revenue generated by In Rainbows for the month of October alone, but the band itself isn't talking. For the sake of argument, I'll just assume that comScore is working with a statistically significant sample, and has arrived at roughly accurate results. Any following statistics, as with those in the previous paragraph, are based on comScore's numbers.

Average payment per download, for all those "freeloaders" and paying customers, comes out to over two British pounds, with about a 52% higher average for US downloaders than those elsewhere in the world. Considering that it costs Radiohead effectively nothing per person who downloads it for free, every single dollar beyond the basic costs for producing the album and the infrastructure to offer it as downloads is pure profit. Of course, there are people, most of whom have a vested interest in maintaining the status quo in the record industry, who see this all as some inescapable portent of doom.

As quoted in the comScore report, the CEO of TAXI (one of the world's most prominent independent A&R companies) said "Radiohead has been bankrolled by their former label for the last 15 years. They've built a fan base in the millions with their label, and now they're able to cash in on that fan base with none of the income or profit going to the label this time around. That's great for the band and for fans who paid less than they would under the old school model. But at some point in the not too distant future, the music industry will run out of artists who have had major label support in helping them build a huge fan base. The question is: how will new artists be able to use this model in the future if they haven't built a fan base in the millions in the years leading up to the release of their album under the pay what you'd like model?"

Of course, the obvious answer to this is that artists will be able to build their fan base by doing exactly what Radiohead is doing -- and the more people value their music as it becomes more popular, the more money it will make for the band. It would at least in theory be an inexorable, organic growth of revenue for any band that is good enough or appealing enough to warrant increasing popularity and income. It's like a guaranteed raise every year, assuming you're actually worth the money you get when you receive your raise, but without the uncertainties of office politics getting in the way.

In theory, theory and practice are the same thing. In practice, things are rarely that simple. Only time will tell whose interpretation of events will hold true in the long run, whose hopes or fears will be most relevant to the future of the record industry. One thing is certain, however: the better Radiohead's business model experiment goes, the worse the implications for any corporations and industry associations whose business model prompts them to use measures like DRM software to centralize control over content distribution.

What does this have to do with security?

The entire rest of the article up to this point was, in effect, laying the ground work for a single, simple point. That point is that security is, among other things, a matter of picking your battles well. There are some things that just cannot be protected in the long run and ultimately, if your business model depends on protecting such things, either your business model will change or your business will fail. It's really that simple.

Radiohead is demonstrating a desire and ability to take chances on new business models when the band sees what appears to be the writing on the wall with regard to the demise of the record industry's traditional business model. Ironically, this fantastic new business model isn't new at all. It's more like a return to what may be the oldest musician's business model known to man, where the musician plays music and listeners who like what they hear drop money in his hat. Such a return to old form would make the RIAA's model a recent aberration based on duplication aspects of the technology temporarily leaping ahead of the distribution aspects. Reaching the point we see now, where duplication, distribution, and even playback have become almost indistinguishable applications of technology, we discover that centralized control of distribution of copyrightable works may fall into the category of things we just can't protect in the long run.

Microsoft is not the only content and software vendor in the world whose entire business model inherently depends on protecting centralized control of distribution. I could have as easily used Sony as my example, considering the faux pas Sony/BMG has made with DRM lately. I need to pick an example, however, to make a point, and I've chosen Microsoft.

Critically acclaimed, internationally successful band Radiohead has apparently learned the lesson that selling the product of the intellect as though it were a physical commodity that cannot be reproduced outside of the record industry is an unsustainable practice, a business model that cannot be protected for long, and has begun pursuing other means of making a living from the same process of creation. Meanwhile, internationally successful software vendor Microsoft has reacted to similar circumstances and lessons in the software industry by trying desperately to tighten control of its empire, including ever more DRM software with its offerings both for the protection of its own software's restricted distribution business model, as well as for software and content provided by its business partners.

Maybe Microsoft has a long term plan that involves ultimately changing its business model to leverage the market forces that exist regardless of centralized control of distribution, and its current protectionist tactics are only a holding action until the corporation can make the transition. Maybe almost every technologist with a meaningful understanding of the nature of bits, of the basics of information technology, is simply wrong about the ultimate impossibility of maintaining centralized control of distribution for any product of the intellect once it is recorded.

From what I can see, though, it looks more like Radiohead knows more than Microsoft about a fundamental principle of security -- that a necessity of successful security practice is recognizing the difference between what can be effectively protected and what can't. It's a principle that applies just as well to the security of your business model as to the integrity of your network.

What did I pay?

I've never been Radiohead's biggest fan, but in my opinion their music is far better than most of what I hear on the radio. I figured it was fair to pay about three British pounds.

It was worth every penny.


Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.


I'm going to listen to some of their other works and, if I like it, will pay for the download. It's important for all of us to support those who fight against DRM.


"Considering that it costs Radiohead effectively nothing per person who downloads it for free..." That is, of course, true. However that's not how recording industry executives do their accounting. In their eyes, each unpaid download is a *loss* equal to the retail price of the full-priced product - a displacement, or lost-opportunity cost. This is only true if everyone who downloaded for free would also have bought at full price if the free download weren't available. By the same logic, everyone who buys a CD from the remainder bin at less than RRP is also responsible for a loss to the recording industry. Additionally, every paid-for purchase would have to be accounted as a zero profit transaction, since it negates the non-purchase loss. Otherwise you're counting the same transaction twice!


. . . but RIAA members do one kind of accounting for purposes of encouraging hysteria over piracy and another kind for purposes of making board members feel good. It's a bit like having a mob accountant cook up two sets of books to avoid IRS attention.


If they had album cover downloads, or offered their own CDs. It isn't all that difficult or expensive to publish your own media anymore. One thing for sure - they are getting fantastic advertising for their concerts; which is where they used to make the real money anyway! [u]And the fans are gladly paying for it![/u] I agree with apotheon, everyone could learn a lesson from this in business security. I would sooner pay for a really well secured open OS that had good phone/chat/email support; than I would like to see the MS business model continue. I can always pray that something like Canonical would continue to an OS that was at least as usefull for newbies as Windows, and had good support. I've never used them yet so I will take anyone's report as fact as to how well they have fared using their services.


. . . but I'm more of a fan of PC-BSD for new users than Ubuntu.


has adopted the Open Source business Model. :D since you can get any open source os for free, by donaton to the project or, with very few exceptions, by purchasing a "boxed set". CentOS uses the nature of the open source model to make their free / donation version of RHEL. [ $80.00 US to $399.00 US for RHEL Workstation ] https://www.redhat.com/apps/store/desktop/ CentOS: CentOS is an Enterprise-class Linux Distribution derived from sources freely provided to the public by a prominent North American Enterprise Linux vendor. CentOS conforms fully with the upstream vendors redistribution policy and aims to be 100% binary compatible. (CentOS mainly changes packages to remove upstream vendor branding and artwork.) CentOS is free. CentOS is now accepting donations via PayPal http://centos.org/ Sounds like Radiohead is doing as Red Hat is, commercial version and free version. [ RHEL and RH-Fedora-Core ] edited for a missing R


At leat in the music industry, real good artist may actually benefit from it. It opens up opportunities for new sites dedicated to new artists, to discover them, there is also the new social network that can play a role. Take an artist that has a page in Facebook, My Spaces or similar site or someone or a friend mentions it on his page with a very good review, this artist can become well know faster than you can say Bit Torrent. The artists that are actually made up by the marketing power of the RIAA (? la Britney Spears or Mini Vanilli for exmaple) may suffer as they rely on the Big Machine to compensate for the too often, poor quality of the content. As for the other ones they are very often ignored by the RIAA because their music is not "commercial" enough. With the advent of the MP3 players, PC's, Music Capable Cell Phones, PDA etc a physical support is less and less required . It will be very interresting to see how the music world will evolve in the future.

Editor's Picks