I love Bioware don’t get me wrong. I’d work for them if given a chance. Inspite of that, I am taking a chance and writing this article. I don’t spend a lot of time on companies that I don’t care about. So it should tell Bioware how much I respect them and how much I want them to be successful.
Sooo… EA buys Bioware and the first casualty is the customer. The initial idea was to force the game to authenticate every 10 days. This is to ensure that any cracked keys are invalidated. This definitely reduces piracy, but wait a minute I don’t have an internet connection in India. So this means that I cannot buy the game. Sure I can buy it in South Korea and since I have a pretty good internet connection here. What happens, though, once I return to India? Or what happens when one of the cables to my ISP is severed? What happens if a ship drops it’s anchor on one of the fiber optic backbones? More importantly what happens when the Bioware/EA servers are drowned in a deluge of authentication requests and one of them crashes. Don’t tell me that “They will never crash”. I am a programmer and we cannot test for all bugs.
Bioware/EA finally decided to drop this 10 day authentication scheme. Thanks guys. However I am not happy yet because you have first of all taken away far too much of my freedom and “returned” a little of it. I don’t think I will get down on my knees and praise you as yet.
The sticky things are the “3 strike validation” nonsense. It essentially says that I can validate my game only three times and after that “further authorizations will be handled by EA customer support on a case-by-case basis”. What does this mean? I bought the game and why should I call up EA customer “inexistent” support and essentially beg for an authentication? It’s not like Windows is a robust OS. Windows SP3 has caused a lot of pain to people who’ve upgraded. Many people could not even boot their system up once they had installed the SP3. So does a case like this mean strike one? Think about it Bioware/EA, by saying “3 strike policy” you are actually inheriting all the bugs from various software vendors. Sure, you MIGHT disregard them. That is when you will get the second wave of backlash. What about the case when 5 years later, out of nostalgia I pick up an amazing game called “Mass Effect” and try to play only to receive the notification that I need to contact EA support to beg for a validation? What happens when EA decides that it was no longer “financially viable” to provide support for Mass Effect? The game I bought is essentially an S/390 binary on an OS/2 system. Completely useless. A great and awesome company like Bioware should have concentrated on making amazing games not getting into this mess.
Being a game developer myself I can probably guess WHY Bioware had to do this. I will not talk about it if it were indeed EA’s idea. I have seen far too many people take the “cheaper” route by just obtaining an unauthorised copy of the game instead of buying it. While not every one of these people will buy the game if forced to, some will definitely buy it. PC is a very good medium for gaming but unfortunately consoles provide a little better development path and sales path than the PC. I would just say one thing in this case – do not just think about revenues and profits. Instead think about the customer and don’t make it a painful experience for those who actually buy the game. In a very strange way I understand and to a certain degree agree with the SPIRIT behind the DRM – ensure that everyone who wants to play the game, buys it. However the current situation with DRM is that it goes too far and hurts the customer. The one that actually buys the game, you know. The one that applies the crack has it the easy way. I know that this is a point often repeated but I don’t understand why no one understands this.
What are the possible solutions? I’d take this whole DRM thing and turn it upside down. Customers are stupid if they think that they will keep getting good games if they do not buy them. Eventually game developers will be forced to adopt DRM schemes like these. If that were the case, then customers are JUST asking for someone to enter their houses and ensure that you buy the game to play it.
If someone can implement a tiny piece of authentication mechanism that is NOT buggy at all then it would be nice. I hope that this would be something that the whole of the games industry does together. Something of the lines of OpenGL. A standard for “copyright” protection. Let’s say, that everyone who wants to buy a game needs to just buy a cryptographic key that can be signed ONCE per game. If you could just plug this into the USB port, it would be just like GnuPG (GPG). It also means that the game developers need NOT worry about lost keys. Keys can be issued ONCE per purchase. If you want to sell your copy of the game away all you need to do is take the old USB key while paying for the game. You can, if you would like, download the game again and play it.
I am not a cryptography expert and sure as hell did not make this “proposal” after a lot of thought. It outright has loads of flaws. Instead of taking the narrow minded approach of taking the customer for granted, I want to make things as easy as possible for them. With the consoles you need the physical disc to be placed in the ODD to play the game. Sure, you can download the content and have the servers sign it for YOUR specific console or similar schemes. It cannot be a solution for the PC. My criteria for protection against unauthorised copying:
– Should be portable. By this I mean that I should be able to carry it around with me easily. Carrying a USB stick is NOT cumbersome. If you tell me that it is cumbersome the alternative is strict DRM. Go have fun with that. It should be no bigger than a CD. Even that is too big btw.
– Should be duplicatable to ensure that I do not need to contact “support” for lost keys. Should be re-issuable. Once re-issued though, the user MUST sign his game with this new key. The user LOST his key. What do you do when you lose the keys to your house? Get a duplicate key. If you’ve lost that too? You get a blacksmith and make another key. Yes it is cumbersome but that is the price you pay for being negligent.
– Should be cross platform. Lin/Win/Mac shouldn’t matter. Do I need to say more? This scheme should be implementable by anyone.
– Should be a standard (eliminates lock-ins). If it is a standard, theoretically anyone can implement it for any platform. Think of all the frontends to the various digital signature schemes.
– Should be able to acquire the keys from multiple media. Retailers, resellers, online…
– Physical medium should be available through offline retailers or online shopping malls.
– Low cost to create and sign the keys.
– Easy to acquire the keys. By this I mean that you should be able to acquire the key from a retailer or a re-seller or an online server. It would be best to keep this de-centralised much the same way that Debian repositories are.
– This key should be modifiable only by the authentication servers. It should be readable by anyone though. The only thing between the server AND the game is the key. This ensures that the game can be validated everytime it is launched.
– We can make an assumption that the user will get the physical medium authenticated once with a little effort (going to a retailer to get it signed).
Please keep in mind that these are MY thoughts and I just came up with them on the fly. By no means are they fool proof and by no means are they absolute. I have always had this feeling that when companies make DRM, they give very little thought to the long term implications for customers. Companies go bust. Does it mean that the customer is stuck with a piece of software that is useless? Will the company reimburse them for this game? Think like a customer AND a person who makes unauthorised copies. Slap the latter hug the former. Most DRM schemes do it the otherway. I thought about the above scheme with a single player game in mind.
Since I am also a game developer I can see it both ways. I am trying to be both a customer and a game developer. I AM thinking like a person who wants to get it the “easy” way – unauthorised copies.
Please leave your comments on my opinions. Flames will be redirected to /dev/null .