the beat of digital culture
home | archives | about us | feedback

Daily Relay

Tracking trends and developments in digital culture

Support Mindjack

search mindjack

Mindjack Release
Sign up to receive details of new issues

Event Calender
upcoming digital culture events

Also in this issue:

Two Degrees of Separation
by Sarah Granger



March 21, 2003 | The struggles over intellectual property (IP) are raging more vehemently than ever, with few signs of consensus or resolution in the offing. Battles rage across Congressional lawmaking, jurisprudence, media scholarship, corporate boardrooms, public libraries, and your laptop. Court rulings offer contradictory interpretations of what digital information is and how it should work. Lobbyists consume and spend hundreds of millions of dollars. An abyss widens between those who see IP as a semi-tangible object, whose uncontrolled usage is sheer stealing, and those considering IP as idea or speech, where questions come down to access and sharing. Political affiliations around IP shift and reform, failing to establish stable party or ideological linkages. Meanwhile, many users develop expectations about electronic media, and some are fined, or jailed, for certain usages.

Digital rights management (DRM) enters the fray as the most recent aspect of the conflict. DRM is any system that creates and limits a user’s ability to make use of digital content. T IP owners anxious to control usage of their commodities, DRM systems offers means of control. To those wishing to increase the digital commons, DRM looks like Lawrence Lessig’s enclosure and a weakening of the digital world, while digital rights expressions offer systems for levels of access. The entrenchment and investment of both sides (if asymmetrically balanced), combined with the increasing collaborative powers of digital media, suggest that DRM rollouts, scheduled for this year, will make some conflicted progress.

In February the Berkeley Center for Law and Technology held a conference to demonstrate and push the limits of DRM. For a sunny weekend in northern California, representatives of computer science, entertainment, media companies, Congress, the FTC, European copyright law, and the occasional cypherpunk, offered their versions of DRM, while holding each other’s notions up to fierce scrutiny. As is increasingly the case for cybercultural events, much of the conference was blogged live [see Dan Gillmor, Mindjack's own coverage], getting information out from Arthur Anderson Hall to the entire Web.

DRM: A Language In Your Computer

DRM is a late twist on an old paradigm. IP owners have negotiated different levels of user access for centuries, in analog formats. As a user, your right to videotape a TV show, for example, only exists in law because the United States Supreme Court ruled (5-4) that you did so often enough in a way not flagrantly illegal as to merit some impunity. Your right to record on digital audio tape (DAT), in contrast, is shaped by a “DAT tax” (more below) reflecting a larger assumption of piracy. In an older form, an IP holder owns what is called “first sale” rights over print publications – they can control nearly every detail of the first sale of one of their goods: timing, price, conditions. But, once sold, the IP holder cedes rights to the purchaser, who can do anything with that book: write in it, sell it, give it to a library. Watching a movie, you’ve bought the right to see it once – perhaps twice, if the theater doesn’t mind. (Digital Rights Management: Business and Technology, Rosenblatt, Trippe, Mooney)

Analog rights management systems, as it were, offered models for digital rights systems. While Tim Berners-Lee fought for an open Web of fully accessible digital content, others saw dangers in the new forms’ ease of transportation of perfect copies. Conceivably, a creator could sell one copy of a work, then never again be paid as perfect copies made their ways frictionlessly around the world. The old balance of copyright, inducement to create against public benefit, threatened, in this view, to skew wildly away from incentive. Controlling the usage of digital objects became an obvious alternative once the Web began to reach critical mass.

Berkely DRM Conference: Day One

The conference got underway with a one-day workshop that explained DRM in detail. Pam Samuelson introduced leading experts: Barbara Fox (Harvard/Microsoft), Drew Dean (Stanford Research Institute) and Brian LaMacchia (Microsoft software architect).

Fox sketched out the technological means that play roles in different DRM schemes. The core technologies – encryption, authentication, secure execution environments – must be able to cooperate with each other, especially as devices and software diverge, develop, and are called on to speak backwards through versions and aging applications. Different stops along the information production and consumption path offer places to anchor rights decisions. Content can store watermarking or fingerprinting, devices hold access codes, and even the user can carry biometric information for verification. Less sophisticated versions of DRM encrypt their content, aimed at a compliant device, while more advanced, permissions-based systems require a secure environment (what Princeton Computer Scientist Edward Felten calls a black box) to drive a license request system. Such permissions include the ability to play a tune a certain number of times, to copy an image, to print a document, or backup to a hard drive.

All of these systems mollify some IP holders’ anxieties to an extent, in that they create mechanisms for intermediation between themselves and their consumers. Yet threats remain, including hacks of service (a cloned device) and content theft (where the IP hits the Darknet [Word Document]). Worse yet, DRM-evading tools can hit the market, which amplify content access. Further, the technologies continue to develop in this direction, with peer-to-peer (P2P), ubiquitous computing, and broadband moving in from the horizon. DRM attracts as a defensive measure against this piratical onslaught.

Brian LaMacchia, project lead for Microsoft’s .NET project, developed DRM further by describing the system-formerly-known-as-Palladium. A markup language for this, a rights expression language (REL) called XrML 2.0 is available, supporting the interoperability (in theory) that Fox sought. But next-generation Secure Computing Base (unmemorably, SGSCB) goes further to offer the secure environment necessary to lock down licensing. This is because the key feature for this not-Palladium DRM plan is attestation: the ability of one machine to prove its licensing rights to another. Once attestation is in the mechanism, then followup IP affordances appear, like superdistribution (sharing to a third party, then a fourth, etc.) and conditional rights (Bob has access to document X once he reads document T). Attestation is considered trustworthy since a user can’t tamper with its core functioning, a parallel kernel capable of enabling application functions throughout a desktop. This parallel black box, the nexus, runs deep, designed to never interfere with normal application operations. It also owns a unique identification, which makes user authentication a bit easier.

Where LaMacchia’s presentation really struck new ground was when he described multiple attestations of grants. DRM assumes a closed world, in Brian’s view. But what about allowing many different grant authorities? For example, Congress could issue a fair use license – viewing 5% of any digital work, for example. A user could apply to an IP holder and Congress, so that the latter might open up more content to usage. A court could issue a grant to overrule a company misinterpreting the law. A library fires a license request at Sony to obtain access to a film, then beams an archiving request to the Library of Congress for permission to create a backup copy. At the same time, the operation of this DRM would make digital content publishers happier, and more likely to publish content, and therefore increasing the digital world, and the public good.

In contrast, Drew Dean offered a complex dissent, or “Contrarian’s View.” In his view, encryption was a red herring in this debate, since “DRM is different from classic Alice-Bob problem... Bob’s system must keep secrets from Bob.” The encrypting side contains a member (the user) who has no granular power over the coding loop, once he’s bought in. Moreover, with DRM being designed in secret (see Felten, below), the chances of a security hole increase; widespread adoption of a DRM system would further load the stake. On top of this, given the history of arms races or games between encryption and decryption, the more successful a DRM system (the stronger, the more widespread), the greater the energy devoted to cracking it. From the other side of the consumer spectrum came a different argument, namely, that DRM looks intrusive, a rude insertion of the middleman, a sort of invasive re-intermediation. Unless every digital device on the market runs DRM, why would a customer choose such a product? Antecedents to such an approach have often failed (for example, Sony’s Music Clip, which Wall Street Journal columnist Walter Mossberg says “treats ever user like a potential criminal.”) In short, DRM isn’t so much wrong or culturally dangerous, as unworkable; in short, “we don’t know how to solve the DRM problem today”.

Pam Samuelson then explored the legal terrain in rich detail, drawing out attention to DRM antecedents. The 1992 AHRA (Audio Home Recording Act), passed in response to fears of fine DAT copies, offered two unusual features. First, it mandated a hardware solution (an embedded SCMS chip). Second, AHRA created a “DAT tax”, a fee collected into a royalty pool for IP holders. This point suggests German copyright levies. Samuelson then raised a related question: will industrial consortia or governmental action impose DRM solutions? Different national governments have create varying solutions, from tool-banning to practical nonenforcement. Yet the broadcast flag initiative (creating an embedded signal for broadcasts, readable by digital tv tuners) is an industrial one, stemming from a group of major companies. A corporate group could also push for standards, like the SDMI (digital watermarks, failed), the CPTWG (Copy Protection Technical Working Group), the EBX (Electronic Book Exchange working group), and the OASIS Rights Language Technical Committee (which is checking XrML).

How would such collaborative (or enforced collaborations) fall under legal scrutiny? Samuelson offered several copulatives to think through. For instance, the law and DRM becomes copyright enforcement. The law or DRM suggests the latter as an alternative mechanism to copyright law, which requires thinking of computer code as effective code. An opposition of law “vs” DRM overrides other law (first sale, fair use, public domain). Also, DRM “vs” law can be used to control DRM (require privacy protection, for example).

Pushing the DRM Envelope

The second day of the Berkeley conference probed DRM further, with individual panels driving subtopics in depth. A series of reports have been blogged, which give a good sense of the unfolding sequence of events. Here we can isolate a series of topics that emerged for DRM, beyond the conference.

Ubiquity is a central problem for DRM. Lucky Green and Thomas Sander tackled this from both sides. Green caustically remarked that, once DRM becomes part of critical functions in life (work, bill-paying, school) it defeats the ability to be marketed out. While the public face of DRM is largely created by movie and music industries, Green argued that the real power of rights management lies in office software and file-sharing; as a result, one should look more closely at (say) Office 2003, which is to include DRM in this year’s release. The far-reaching presence of office software hints at how ubiquitous rights management could become.

Conversely, Sander saw the market producing consumer-friendly anti- or weak-DRM alteratives in the face of “draconian DRM.” The Recoding Industry Association of America (RIAA) representative refused to endorse a content industry-driven DRM, for antitrust reasons. David Reid suggested the FCC might be able to propose something, while Hal Abelson cautioned that science journals’ ferocious copyright policies are one bad model of industry collaboration. Alan Adler, representing print publishers, was more optimistic about industry solutions, as was Alex Alben from RealNetworks.

The argument of private benefits of DRM was raised steadily. The RIAA representative, unsurprisingly, urged rights management as a way of increasing published digital materials, and hence creating a richer world for listeners. John Manfredelli from Microsoft described individuals using DRM to protect intimate documents, such as family pictures. As David Farber observed, “things which increase the level of security are hard to turn down”. Anita Ramasastry paralleled, referring to customers thinking about markets as social, rather than economic places, and consequently investing their emotions and political thinking therein. Lessig’s presentation of the Creative Commons took up this energy, then repurposed it for the CC’s many possibilities, focusing away from those who would share most or all of their work. Curiously, few opposed the convenience of personal use to this personal argument (except the European Union).

As Carl Shapiro pointed out early in the sessions, echoed by Verizon’s Sarah Deutsch, any DRM implementation requires extensive surveillance and control. Even a successful post-Palladium black box exchange, locked below a user’s radar, will expand the information profile each user’s action creates. Julie Cohen returned to the right to read theme, showing that DRM standards would have to take great pains to allow that former untrackability in order to persuade a market’s attention. The more fine-grained the permissions regime, the thicker the dossier we build by following our interests. ISPs are faced with serious privacy challenges, as in the current Verizon case. As Deutsch argued, the “clerk of a court, without supervision of a judge, [could] rubberstamp requests for users’ information, based on information from someone, somewhere… [Since] every time you visit a site or send a message, your IP address is visible… armed only with that IP address and the assertion that someone is infringing your copyright...” It’s “private search warrant power… unconstitutional.” In terms of users’ computing devices, Lucky Green bitterly described trusted computing as “third parties can trust that your computer will disobey your wishes.” Ed Felten spoke along similar lines, showing that an untrustable (by the user) black box could become a security nightmare.

Underrepresented in the fair use and other discussions were the perspectives of educators and librarians. The doctrine of first sale (whereby the IP holder controls the conditions of a sale, then loses that control forever more), by which libraries can purchase and loan books, largely, wasn’t discussed enough, beyond Zoe Lofgren’s noting that the DMCA saps it. Does DRM treat IP as licensed material, or as objects to be owned? The distinction is critical, since the latter leads to fair use. Alan Adler argued for licensing, seeing libraries as otherwise engaged in becoming small publishers. Richard Epstein urged setting aside fair use, but for different reasons – the law should follow digital reality, not analog policy. On fair use, Fritz Attaway admitted its limitations under the DMCA, but believed that a necessary part of getting the law on the books so that movie studios could release DVDs (with CSS protection).

DRM: March 2003

DRM grows in complexity, as thinking and development progress in grappling with the enormity of the problem - which is, in short, to be able to create an information architecture which can address nearly every hardware device and software application humans are likely to use, and to keep this updated and working for the near future. Resistance to the very idea is also developing, if in a very broad, coalition-free fashion (so far). Meanwhile, Creative Commons continues to grow, develop, and position itself as an alternative, emphasizing user expression.

DRM is no longer theoretical, as solutions are rolling out. Euromoney Institutional Investor PLC is deploying the Copyright Clearance Center's DRM application. Most significantly of all, Microsoft is realizing rights management tools in Office 2003 and threedegrees.  Their EmpireDRM system is in demand.  While the threat to IP might be small and local, rather than world-beating like Naptster, but the MS model is a little of both. Core IP issues, like fair use, remain unsettled, or visionary, resting on their increasingly established retraction by the DMCA, the CTEA, and the content industries' escalating war on users. The two leading areas for DRM appear to be rich media files (music and movies), along with officeware. The latter’s appear is underappreciated, unless one thinks of a CEO or CIO considering how to distribute a document internally. The ability to set reading and commenting permissions by organizational status has a strong appeal, especially to organizations focusing on either information overload or data leakage. Media files’ DRM attraction, of course, stems from the sustained lobbying of film and music companies.

The context of IP struggle is critical to understanding DRM. We are no longer living in the times of the first White Paper (1995), when copyright lawyers first got traction in "colonizing cyberspace", in Jessica Litman's fine, ironic phrase. Years of practice have gone by, where netizens have acculturated certain expectations, and grown accustomed to the dynamics of collaboration, expression, and control. Bots routinely crawl through our digital world, now, in fact through our expressed aspirations and thoughts. We are routinely reminded that the open net is considered a danger by very powerful, inventive, and terrified people who haven't given up on their self-preservation. What may happen is another Darknet, not the network of networks of free sharers, but a disconnected series of closed-off spaces, where users can stash content and evade the IP spiders. Call it darknet2, or this year's first metaphorical use of "dark matter", but the technologies are out their to meet demands and shape practices: learning management systems, area-coded DVDs, and now DRM. It's safer all around to keep stuff off-line, out of sight, and shared only fitfully, appropriately, under steady supervision.

Bryan Alexander is an associate director of the Center for Educational Technology, and assistant professor of English at Centenary College. His specialties along these lines include digital writing, copyright, information literacy, and, especially, interdisciplinary collaboration.

advertise here
email for info







home | about us | feedback