Digital rights management

Digital Millennium Copyright Act

The controversial Digital Millennium Copyright Act was passed in the United States in an effort to make the circumvention of such systems illegal. It was passed without debate, and without even token opposition, Congress being apparently under the impression that it was a "technical" enactment, without significant public policy implication. It has been widely imitated elsewhere by other governments.

Despite the passing of this law, which has since received substantial opposition on Constitutional grounds, it is still relatively easy to find DVD players which bypass the limitations the DVD Consortium sought to impose. John Hoy, president of the DVD Copy Control Association, in testimony to the Library of Congress in 2003 stated "furthermore, if a consumer in the United States desires to view a DVD disc that has been region coded only for Europe, then that consumer is free to purchase a DVD player (either hardware or software) that is coded to play European DVDs. No legal restrictions apply – either through the CSS license or otherwise – to the importation and use of non-U.S. region players in the United States". (reply comments, comment 28, page 4, PDF document).

There has been a widely publicized arrest and arraignment of a Russian programmer, Dmitry Sklyarov, for violation of the DMCA. He did the work cited for his employer, Elcomsoft, while in Russia, where it was and remains entirely legal. The product allowed those who were in possession of a password, presumably lawfully obtained along with the encrypted copy of the work, to make copies without encryption locking them to use on a single computer. Sklyarov was arrested on a criminal warrant during a lecture visit to the US, and spent several months in jail until a compromise was reached.
The ensuing criminal case against Elcomsoft (for whom Sklyarov did the work) resulted in acquittal. See Professor Edward Felten's freedom-to-tinker Web site [1] for some observations on the DMCA, its proposed successors, and their consequences, intended and unintended.

The DMCA is also causing a chill in the activities of fully legitimate computer scientists. Professor Felten, of Princeton, has had difficulty publishing papers he and his students have written; they were related to a contest sponsored by a security software company inviting investigation of a product design. (See Internet postings in Felten v. RIAA). Alan Cox, the Englishman who was Linus Torvalds' chief deputy throughout almost the entire first decade of the development of Linux, has resigned his position due to his concern that a criminal charge might be laid against him as a result of some code in the Linux kernel. He has even declined to post explanations of some changes made in the kernel (the changelog is fundamental to the project) because of his concern about his exposure to prosecution and penalty under the DMCA; such explanations might be seen as a DMCA "disclosure". He has also declined to attend US software conferences for similar reasons. Niels Ferguson, a Dutch cryptography expert and security consultant, discovered a flaw in an Intel security protocol, told Intel about it and was told that Intel had no objection to his publishing a paper about the problem. He has nevertheless decided not to publish due to concern about being arrested under the DMCA.

New and even more controversial DRM initiatives have been proposed in recent years which could prove more difficult to circumvent, including copy-prevention codes embedded in broadcast HDTV signals and the Palladium operating system. A wide variety of DRM systems have also been employed to restrict access to eBooks. See the TCPA/Palladium FAQ [1] maintained by Cambridge Professor Ross J. Anderson for a clear discussion of two prominent proposals.

Opponents of DRM, as envisioned and as currently implemented, note that by delegating control of computer access (or control of the ability to execute some programs, or to execute programs only with certain data) to anyone except the user and the machine's administrator(s), there is a very considerable risk of problems caused by such third party interference which go well beyond the enforcement of copyright.

For instance, due to a bug (or misdesign, or misadministration of an otherwise "reasonable" design) the control software (eg, in a trusted computing system) implementing the local part of a DRM scheme may prevent a computer user from using his computer at all, or from using programs (or using data as an input to a program) when such use is actually completely legitimate and not a violation of any copyright holders' rights. Or, for another example, a legally obtained copy of a DVD might be blocked because it is being used on equipment which doesn't include the DRM function permitting access to it, or which if included, doesn't interoperate correctly. Currently, DVDs legally purchased in some places are not playable in other places for exactly these reasons, although in this case it is marketing considerations, and not "security", which is the reason for the restriction. DRM provisions have already appeared in released versions of some Microsoft Windows operating system subsystems (e.g., Windows Media Player) and are scheduled in more as Palladium is implemented in currently planned, not yet released, versions of Windows.

Security protocols, software implementing security protocols, and cryptography have historically proven extremely difficult to design without vulnerabilities due to bugs or design mistakes. This has been true of designs from experienced and well respected professionals; the record is abysmally poor for those inexperienced in cryptography and security protocols.

Other copyright implications

While DRM systems are ostensibly designed to protect an author's right to control copying, this protection is only half of the bargain between the copyright holder and the state. The other half of the bargain is that after a statutorily-defined period of time the copyright work becomes part of the public domain for anyone to use freely. DRM systems currently employed are not time limited in this way, and although it would be possible to create such a system (under compulsory escrow agreements, for example), there is currently no mechanism to remove the copy control systems embedded into works once they enter the public domain, after the term of copyright expires.

Furthermore, copyright law does not restrict the resale of copyrighted works (provided those copies were made by or with the permission of the copyright holder), so it is perfectly legal to resell a copyrighted work provided a copy is not retained by the seller—a doctrine known as the first-sale doctrine in the US, which applies equally in most other countries under various names. Similarly, some forms of copying are permitted under copyright law, under the doctrine of fair use (US) or fair dealing (many other countries). DRM technology restricts or prevents the purchaser of copyrighted material from exercising their legal rights in these respects.

DRM has been used by organizations such as the British Library in its secure electronic delivery service to permit worldwide access to substantial numbers of rare (and in many cases unique) documents which, for legal reasons, were previously only available to authorized individuals actually visiting the Library's document centre at Boston Spa in England. This is an interesting case where DRM has actually increased public access to restricted material rather than diminished it.

DRM advocates

Some DRM advocates have taken the position, in essence, that DRM / security / cryptography design goals and operational contexts are sufficiently well understood, and software engineering is also sufficiently well understood and will be so practiced, that it is already possible to achieve the desired ends without causing unrelated problems for users, their computers, or those who depend on either. In essence, they claim that there is no technical, nor engineering competence problem foreseeable with such software.

Others have taken the position that creators of digital works should have the power to control the distribution or replication of copies of their works, and to assign limited control over such copies (e.g. creative commons license). Without the power to do these things, they argue, there will be a chilling effect on creative efforts in the digital space. DRM is one means by which they may gain such power.

Examples of existing "digital rights management" and "copy protection" systems:

DRM opponents

Many organizations and prominent individuals are opposed to DRM in its various currently proposed forms. Two notable opponents are John Walker in his article, The Digital Imprimatur: How big brother and big media can put the Internet genie back in the bottle, and Richard Stallman in his article/story The Right to Read. Professor Ross Anderson of Cambridge University heads a British organization which has been quite active in opposing DRM and similar efforts in the UK.

The Electronic Frontier Foundation and similar cyber civil rights organizations, including http://boycott-riaa.com, also hold positions which may be broadly characterized as opposed to DRM.

Techno-liberals such as FFII criticize DRM's impact as a trade barrier from a free market perspective.

The use of DRM is also likely to be a barrier to future historians, since technologies designed to permit data to be read only on particular machines may well make future Data Recovery impossible - see Digital Revolution.

The use of DRM is a key part of implementation of corporate compliance policies such as the Sarbanes-Oxley Act of 2002, protecting corporate documents from unauthorized tampering and creating an audit trail which can be used to determine liability at board level within corporations for misdemeanors. This level of control is obviously unwelcome at certain levels.

The presence of DRM affects private property rights. The DRM component takes control over the rest of the user's device (e.g. MP3 player) and restricts how it may act, regardless of the user's wishes (e.g. preventing the user from copying a song). All forms of DRM depend on the device imposing restrictions that cannot be disabled or modified by the user. In other words, the user has no choice.

Controversies about and consequences of deployed DRM

Several DRM schemes have now been implemented. DRM opponents have seen many of them as "abuse" of copyright; DRM proponents have seen them as a reasonable balance of consumer concerns and artist rights. Examples include:

• Digital imprimatur
• inclusion of commercials on the "unskippable track" on DVDs reserved for the copyright notice;
• using the DMCA to protect items that do not qualify for copyright prevention, such as garage door openers and printer ink cartridges;
• adding restrictions on reading books aloud in the EULA of Ebooks;
• using copy control schemes to thwart the existing exceptions to copyright (e.g. fair use);
• who shall hold the keys to ancient literature, music and other works which has always been part of, has passed over, or will pass over to the public domain this year or the year after that?
• if the most widespread recording and playback technology contains DRM it will be used uncritically by users who are unaware of the consequences.
• preventing academic publication and widespread distribution of hacks on computer security without permission of the creators of that technology
• silencing individuals who have found serious flaws in software used in electronic voting;
• restriction of medical records and personal financial information using DRM to protect consumer rights. Insurers, lawyers and loan companies have strongly objected to the use of these technologies to prevent patient, hospital and practitioner records being more freely accessible due to copy and forward restriction applied to patient or customer records.
  

  European dialogues on DRM concerns

References

• Lawrence Lessig, "Free Culture", Basic Books, 2004. A legal and social history of copyright, with an account by the man who argued one side of it of a recent landmark case on use of digital techniques re copyright. Lessig is a Professor of law at Stanford and writes clearly enough, in this instance, that a non-lawyer can follow the discussion. It is available for free download in PDF format. [1]

  See also

• Copyleft
• Copyright
• Copy prevention
• XrML
• eSlavery

  External links

• www.drmblog.org - DRM News Site
• www.drmnews.com - Digital Rights Management News and Privacy News
• DRM Blog and discussion site
• http://www.fourmilab.ch/documents/digital-imprimatur/
• http://www.gnu.org/philosophy/right-to-read.html
• http://www.mp3board.com/ - News site which aggregates DRM news (and other IP news).
• The World Wide Web Virtual Library: Digital Rights Management.
• DRM Blog with DRM News and DRM Circumvention, updated daily
• AegisDRM - Digital Rights Management Solutions

• World Intellectual Property Organisation (WIPO), Standing Committee on Copyright and Related Rights: Current Developments in the Field of Digital Rights Management. SCCR/10/2. August 2003. http://www.wipo.int/documents/en/meetings/2003/sccr/pdf/sccr_10_2.pdf .

• (a range of possible definitions for DRM from various stakeholders) CEN/ISSS (European Committee for Standardization / Information Society Standardization System): Digital Rights Management. Final Report, 30 September 2003. http://europa.eu.int/comm/enterprise/ict/policy/doc/drm.pdf .

• A list of companies currently involved in Digital Rights Management.

Lobbying organizations

• http://www.eicta.org/levies/technical_solutions/drm.html (see also EICTA)
• http://www.trustedcomputing.org