| The struggles over intellectual property (IP) are raging
more vehemently than ever, with few signs of consensus or resolution
in the offing. Battles rage across Congressional lawmaking, jurisprudence,
media scholarship, corporate boardrooms, public libraries, and your
laptop. Court rulings offer contradictory interpretations of what
digital information is and how it should work. Lobbyists consume
and spend hundreds of millions of dollars. An abyss widens between
those who see IP as a semi-tangible object, whose uncontrolled usage
is sheer stealing, and those considering IP as idea or speech, where
questions come down to access and sharing. Political affiliations
around IP shift and reform, failing to establish stable party or
ideological linkages. Meanwhile, many users develop expectations
about electronic media, and some are fined, or jailed, for certain
Digital rights management (DRM)
enters the fray as the most recent aspect of the conflict. DRM is
any system that creates and limits a users ability to make
use of digital content. T IP owners anxious to control usage of
their commodities, DRM systems offers means of control. To those
wishing to increase the digital commons, DRM looks like Lawrence
Lessigs enclosure and a weakening of the digital world,
while digital rights expressions offer systems for levels of access.
The entrenchment and investment of both sides (if asymmetrically
balanced), combined with the increasing collaborative powers of
digital media, suggest that DRM rollouts, scheduled for this year,
will make some conflicted progress.
In February the Berkeley Center for Law and Technology held a conference
to demonstrate and push the limits of DRM. For a sunny weekend in
northern California, representatives of computer science, entertainment,
media companies, Congress, the FTC, European copyright law, and
the occasional cypherpunk, offered their versions of DRM, while
holding each others notions up to fierce scrutiny. As is increasingly
the case for cybercultural events, much of the conference was blogged
live [see Dan
own coverage], getting information out from Arthur Anderson
Hall to the entire Web.
A Language In Your Computer
DRM is a late twist on an old paradigm. IP owners have negotiated
different levels of user access for centuries, in analog formats.
As a user, your right to videotape a TV show, for example, only
exists in law because the United States Supreme Court ruled (5-4)
that you did so often enough in a way not flagrantly illegal as
to merit some impunity. Your right to record on digital audio tape
(DAT), in contrast, is shaped by a DAT tax (more below)
reflecting a larger assumption of piracy. In an older form, an IP
holder owns what is called first sale rights over print
publications they can control nearly every detail of the
first sale of one of their goods: timing, price, conditions. But,
once sold, the IP holder cedes rights to the purchaser, who can
do anything with that book: write in it, sell it, give it to a library.
Watching a movie, youve bought the right to see it once
perhaps twice, if the theater doesnt mind. (Digital Rights
Management: Business and Technology, Rosenblatt, Trippe, Mooney)
Analog rights management systems, as it were, offered models for
digital rights systems. While Tim Berners-Lee fought for an open
Web of fully accessible digital content, others saw dangers in the
new forms ease of transportation of perfect copies. Conceivably,
a creator could sell one copy of a work, then never again be paid
as perfect copies made their ways frictionlessly around the world.
The old balance of copyright, inducement to create against public
benefit, threatened, in this view, to skew wildly away from incentive.
Controlling the usage of digital objects became an obvious alternative
once the Web began to reach critical mass.
DRM Conference: Day One
The conference got underway with a one-day workshop that explained
DRM in detail. Pam Samuelson introduced leading experts: Barbara
Fox (Harvard/Microsoft), Drew Dean (Stanford Research Institute)
and Brian LaMacchia (Microsoft software architect).
Fox sketched out the technological means that play roles in different
DRM schemes. The core technologies encryption, authentication,
secure execution environments must be able to cooperate with
each other, especially as devices and software diverge, develop,
and are called on to speak backwards through versions and aging
applications. Different stops along the information production and
consumption path offer places to anchor rights decisions. Content
can store watermarking or fingerprinting, devices hold access codes,
and even the user can carry biometric information for verification.
Less sophisticated versions of DRM encrypt their content, aimed
at a compliant device, while more advanced, permissions-based systems
require a secure environment (what Princeton Computer Scientist
Edward Felten calls a black box) to drive a license request system.
Such permissions include the ability to play a tune a certain number
of times, to copy an image, to print a document, or backup to a
All of these systems mollify some IP holders anxieties to
an extent, in that they create mechanisms for intermediation between
themselves and their consumers. Yet threats remain, including hacks
of service (a cloned device) and content theft (where
the IP hits the Darknet [Word Document]). Worse yet, DRM-evading
tools can hit the market, which amplify content access. Further,
the technologies continue to develop in this direction, with peer-to-peer
(P2P), ubiquitous computing, and broadband moving in from the horizon.
DRM attracts as a defensive measure against this piratical onslaught.
Brian LaMacchia, project lead for Microsofts .NET project,
developed DRM further by describing the system-formerly-known-as-Palladium.
A markup language for this, a rights expression language (REL) called
XrML 2.0 is available, supporting
the interoperability (in theory) that Fox sought. But next-generation
Secure Computing Base (unmemorably, SGSCB) goes further to offer
the secure environment necessary to lock down licensing. This is
because the key feature for this not-Palladium DRM plan is attestation:
the ability of one machine to prove its licensing rights to another.
Once attestation is in the mechanism, then followup IP affordances
appear, like superdistribution (sharing to a third party, then a
fourth, etc.) and conditional rights (Bob has access to document
X once he reads document T). Attestation is considered trustworthy
since a user cant tamper with its core functioning, a parallel
kernel capable of enabling application functions throughout a desktop.
This parallel black box, the nexus, runs deep, designed to never
interfere with normal application operations. It also owns a unique
identification, which makes user authentication a bit easier.
Where LaMacchias presentation really struck new ground was
when he described multiple attestations of grants. DRM assumes a
closed world, in Brians view. But what about allowing many
different grant authorities? For example, Congress could issue a
fair use license viewing 5% of any digital work, for example.
A user could apply to an IP holder and Congress, so that the latter
might open up more content to usage. A court could issue a grant
to overrule a company misinterpreting the law. A library fires a
license request at Sony to obtain access to a film, then beams an
archiving request to the Library of Congress for permission to create
a backup copy. At the same time, the operation of this DRM would
make digital content publishers happier, and more likely to publish
content, and therefore increasing the digital world, and the public
In contrast, Drew
Dean offered a complex dissent, or Contrarians View.
In his view, encryption was a red herring in this debate, since
DRM is different from classic Alice-Bob problem... Bobs
system must keep secrets from Bob. The encrypting side contains
a member (the user) who has no granular power over the coding loop,
once hes bought in. Moreover, with DRM being designed in secret
(see Felten, below), the chances of a security hole increase; widespread
adoption of a DRM system would further load the stake. On top of
this, given the history of arms races or games between encryption
and decryption, the more successful a DRM system (the stronger,
the more widespread), the greater the energy devoted to cracking
it. From the other side of the consumer spectrum came a different
argument, namely, that DRM looks intrusive, a rude insertion of
the middleman, a sort of invasive re-intermediation. Unless every
digital device on the market runs DRM, why would a customer choose
such a product? Antecedents to such an approach have often failed
(for example, Sonys Music Clip, which Wall Street Journal
columnist Walter Mossberg says treats ever user like a potential
criminal.) In short, DRM isnt so much wrong or culturally
dangerous, as unworkable; in short, we dont know how
to solve the DRM problem today.
Pam Samuelson then explored the legal terrain in rich detail, drawing
out attention to DRM antecedents. The 1992 AHRA (Audio Home Recording
Act), passed in response to fears of fine DAT copies, offered two
unusual features. First, it mandated a hardware solution (an embedded
SCMS chip). Second, AHRA created a DAT tax, a fee collected
into a royalty pool for IP holders. This point suggests German copyright
levies. Samuelson then raised a related question: will industrial
consortia or governmental action impose DRM solutions? Different
national governments have create varying solutions, from tool-banning
to practical nonenforcement. Yet the broadcast flag initiative (creating
an embedded signal for broadcasts, readable by digital tv tuners)
is an industrial one, stemming from a group of major companies.
A corporate group could also push for standards, like the SDMI (digital
watermarks, failed), the CPTWG (Copy Protection Technical Working
Group), the EBX (Electronic Book Exchange working group), and the
OASIS Rights Language Technical Committee (which is checking XrML).
How would such collaborative (or enforced collaborations) fall
under legal scrutiny? Samuelson offered several copulatives to think
through. For instance, the law and DRM becomes copyright
enforcement. The law or DRM suggests the latter as an alternative
mechanism to copyright law, which requires thinking of computer
code as effective code. An opposition of law vs DRM
overrides other law (first sale, fair use, public domain). Also,
DRM vs law can be used to control DRM (require privacy
protection, for example).
the DRM Envelope
The second day of the Berkeley conference probed DRM further, with
individual panels driving subtopics in depth. A series of reports
have been blogged, which give a good sense of the unfolding sequence
of events. Here we can isolate a series of topics that emerged for
DRM, beyond the conference.
Ubiquity is a central problem for DRM. Lucky Green and Thomas Sander
tackled this from both sides. Green caustically remarked that, once
DRM becomes part of critical functions in life (work, bill-paying,
school) it defeats the ability to be marketed out. While the public
face of DRM is largely created by movie and music industries, Green
argued that the real power of rights management lies in office software
and file-sharing; as a result, one should look more closely at (say)
Office 2003, which is to include DRM in this years release.
The far-reaching presence of office software hints at how ubiquitous
rights management could become.
Conversely, Sander saw the market producing consumer-friendly anti-
or weak-DRM alteratives in the face of draconian DRM.
The Recoding Industry Association of America (RIAA) representative
refused to endorse a content industry-driven DRM, for antitrust
reasons. David Reid suggested the FCC might be able to propose something,
while Hal Abelson cautioned that science journals ferocious
copyright policies are one bad model of industry collaboration.
Alan Adler, representing print publishers, was more optimistic about
industry solutions, as was Alex Alben from RealNetworks.
The argument of private benefits of DRM was raised steadily. The
RIAA representative, unsurprisingly, urged rights management as
a way of increasing published digital materials, and hence creating
a richer world for listeners. John Manfredelli from Microsoft described
individuals using DRM to protect intimate documents, such as family
pictures. As David Farber observed, things which increase
the level of security are hard to turn down. Anita Ramasastry
paralleled, referring to customers thinking about markets as social,
rather than economic places, and consequently investing their emotions
and political thinking therein. Lessigs presentation of the
Creative Commons took up this energy, then repurposed it for the
CCs many possibilities, focusing away from those who would
share most or all of their work. Curiously, few opposed the convenience
of personal use to this personal argument (except
the European Union).
As Carl Shapiro pointed out early in the sessions, echoed by Verizons
Sarah Deutsch, any DRM implementation requires extensive surveillance
and control. Even a successful post-Palladium black box exchange,
locked below a users radar, will expand the information profile
each users action creates. Julie Cohen returned to the right
to read theme, showing that DRM standards would have to take great
pains to allow that former untrackability in order to persuade a
markets attention. The more fine-grained the permissions regime,
the thicker the dossier we build by following our interests. ISPs
are faced with serious privacy challenges, as in the current Verizon
case. As Deutsch argued, the clerk of a court, without supervision
of a judge, [could] rubberstamp requests for users information,
based on information from someone, somewhere
time you visit a site or send a message, your IP address is visible
armed only with that IP address and the assertion that someone is
infringing your copyright... Its private search
computing devices, Lucky Green bitterly described trusted computing
as third parties can trust that your computer will disobey
your wishes. Ed Felten spoke along similar lines, showing
that an untrustable (by the user) black box could become a security
Underrepresented in the fair use and other discussions were the
perspectives of educators and librarians. The doctrine of first
sale (whereby the IP holder controls the conditions of a sale, then
loses that control forever more), by which libraries can purchase
and loan books, largely, wasnt discussed enough, beyond Zoe
Lofgrens noting that the DMCA
saps it. Does DRM treat IP as licensed material, or as objects to
be owned? The distinction is critical, since the latter leads to
fair use. Alan Adler argued for licensing, seeing libraries as otherwise
engaged in becoming small publishers. Richard
Epstein urged setting aside fair use, but for different reasons
the law should follow digital reality, not analog policy.
On fair use, Fritz Attaway admitted its limitations under the DMCA,
but believed that a necessary part of getting the law on the books
so that movie studios could release DVDs (with
DRM: March 2003
DRM grows in complexity, as thinking and development progress in
grappling with the enormity of the problem - which is, in short,
to be able to create an information architecture which can address
nearly every hardware device and software application humans are
likely to use, and to keep this updated and working for the near
future. Resistance to the very idea is also developing, if
in a very broad, coalition-free fashion (so far). Meanwhile,
Creative Commons continues to grow, develop, and position itself
as an alternative, emphasizing user expression.
DRM is no longer theoretical, as solutions are rolling out. Euromoney
Institutional Investor PLC is deploying the Copyright
Clearance Center's DRM application. Most significantly
of all, Microsoft is realizing rights management tools in Office
2003 and threedegrees.
Their EmpireDRM system
demand. While the threat to IP might be small and
local, rather than world-beating like Naptster, but the MS model
little of both. Core IP issues, like fair use, remain unsettled,
or visionary, resting on their increasingly established retraction
by the DMCA, the CTEA, and the content industries' escalating war
on users. The two leading areas for DRM appear to be rich media
files (music and movies), along with officeware. The latterŐs appear
is underappreciated, unless one thinks of a CEO or CIO considering
how to distribute a document internally. The ability to set reading
and commenting permissions by organizational status has a strong
appeal, especially to organizations focusing on either information
overload or data leakage. Media filesŐ DRM attraction, of course,
stems from the sustained lobbying of film and music companies.
The context of IP struggle is critical to understanding DRM. We
are no longer living in the times of the first White Paper (1995),
when copyright lawyers first got traction in "colonizing cyberspace",
in Jessica Litman's fine, ironic phrase. Years of practice
have gone by, where netizens have acculturated certain expectations,
and grown accustomed to the dynamics of collaboration, expression,
and control. Bots routinely crawl through our digital world,
now, in fact through our expressed aspirations and thoughts. We
are routinely reminded that the open net is considered a danger
by very powerful, inventive, and terrified people who haven't given
up on their self-preservation. What may happen is another Darknet,
not the network of networks of free sharers, but a disconnected
series of closed-off spaces, where users can stash content and evade
the IP spiders. Call it darknet2, or this year's first metaphorical
use of "dark matter", but the technologies are out their
to meet demands and shape practices: learning management systems,
area-coded DVDs, and now DRM. It's safer all around to keep
stuff off-line, out of sight, and shared only fitfully, appropriately,
under steady supervision.
Alexander is an associate director of
the Center for Educational
Technology, and assistant
professor of English at Centenary College. His specialties
along these lines include digital writing, copyright, information
literacy, and, especially, interdisciplinary collaboration.
email for info