IP: Digital rights and wrongs

[Dave Farber <farber@cis.upenn.edu>]

The message sender can protect email using InvisiMail.
Visit http://www.invisimail.com for more details.
______________________________________________________


>Date: Tue, 3 Aug 1999 05:34:15 +0200 (CEST)
>From: Anonymous <nobody@replay.com>
>Subject: Digital rights and wrongs
>To: cypherpunks@toad.com
>Sender: owner-cypherpunks@toad.com
>
>  [This is from the 07/17/99 issue of The Economist magazine]
>
>          Digital rights and wrongs 
>
>   
>           
>          Computers were supposed to be threatening copyright. Instead, they may end up
>          making it stronger
>
>          Digital rights and wrongs 
>
>          INTELLECTUAL-PROPERTY law Òcannot be patched, retrofitted or expanded
>          to contain digitised expression,Ó wrote John Perry Barlow, co-founder of the
>          Electronic Frontier Foundation, an online lobbying group, in an influential essay.
>          ÒDigital technology is detaching information from the physical plane, where
>          property law of all sorts has always found definition...The bottle was protected,
>          not the wine.Ó 
>
>          It now looks as if he was wrong. A lot of people still want to protect their
>          electronic wine. More than a dozen companies are rolling out so-called
>          digital-rights-management systems to do just that. These systems are
>          complicated pieces of software that could, if widely deployed, not only establish
>          property rights in the digital domain, but also strengthen the power of publishers.
>
>          Some firms focus on only one form of intellectual content. AT&T , Liquid Audio
>          and Microsoft are offering protection for online music; NextPageÕs Folio and
>          XeroxÕs ContentGuard protect electronic documents. But other companies, such
>          as IBM, Intertrust Technologies, SoftLock and Wave Systems, have developed
>          systems designed to protect an even wider range of digital works. 
>
>          As a flavour of what is to come, on July 13th, the Secure Digital Music Initiative
>          ( SDMI ), a global coalition of more than 110 music, consumer-electronics and
>          computer firms, published its standard for future players of online music files.
>          Besides blocking the playing of illegal copies of newly released songs, these
>          devices are supposed to understand predetermined digital-usage rights. The
>          schemeÕs ÒdefaultÓ setting is that people should not be able to own more than
>          four copies of a piece of music for personal use without paying extra. Nor
>          should they be able to distribute them over the Internet. 
>
>          This is only the first step. Some time next year, SDMI hopes to settle on a
>          standard for a comprehensive digital-rights system. This would let music
>          publishers Òslice and diceÓ their copyright. They could decide, for example,
>          how often consumers would be allowed to play a song, how many copies they
>          could make of it and if they should be able to upload it on to an Internet server. 
>
>          It is easy to see why the recording industry, and owners of other types of
>          ÒcontentÓ, are keen on digital-rights-management systems. Besides ensuring
>          these owners were paid for their products, the technology would let them market
>          their digital wares in entirely new ways, such as so-called ÒsuperdistributionÓ.
>          This novel retailing tactic is meant to allow people to distribute copyright material
>          freely to others. But before those others can actually play or view it, it will
>          automatically Òphone homeÓ to a special Internet clearing-house to arrange for
>          the payment of a suitable fee. 
>
>          Mine, all mine 
>
>          Digital-rights-management systems are built around a concept that Mark Stefik,
>          principal scientist at XeroxÕs Palo Alto Research Centre, calls Òtrusted
>          systemsÓ. The term refers to computers that can be relied upon to follow rules
>          set by a publisher. If the copying of a digital work is not allowed, for instance,
>          such a device will refuse to make a duplicate. 
>
>          The best way to do this is to control both the software and the hardware.
>          Machine-readable ÒtagsÓ in the software are then used to represent particular
>          rightsÑsuch as the right to print something, or to transfer it to another
>          deviceÑthat the hardware can interpret. When a piece of content is loaded into a
>          trusted device, it checks the associated digital rules and acts accordingly. 
>
>          One primitive example of such an arrangement is the digital audio tape recorder,
>          which will not make copies from copies. Another is the pay-per-view digital
>          videodisc. Neither of these, however, has been a startling commercial success.
>          That is at least partly because many people do not want to buy specific bits of
>          hardware for particular applications. They would rather rely on a
>          general-purpose and, from a copyright holderÕs point of view, highly
>          untrustworthy device: the personal computer. 
>
>          Protection from PC s is what designers of digital-rights-management systems see
>          as the Òkiller applicationÓ for their technology. All attempts to do it make
>          extensive use of cryptographyÑcreating, to push Mr BarlowÕs analogy a stage
>          further, a virtual bottle for the digital wine. IBM calls this container a Cryptolope
>          (short for Òcryptographic envelopeÓ). Intertrust dubs it a DigiBox. These
>          containers work because, although you can examine their contents if you have
>          the right key, you cannot actually take the contents out to copy them. Instead,
>          you are restricted to whatever operations your key permits. 
>
>          Most systems for PC s require the installation of special software that acts as a
>          sort of electronic notary. It checks a userÕs identity, looks up his rights, contacts
>          a financial clearing-house to arrange payment and, if everything is in order,
>          decrypts the digital work. In some schemes, users also need a special viewer or
>          player program that is deemed to be secureÑmeaning, for example, that the
>          printing function is disabled if a particular userÕs rights do not include printing. 
>
>          There are other differences between the various systems on offer. Some require
>          users to be connected to the Internet while they are viewing a file that they have
>          purchased. Some keep files and rights separate, so that the latter can be updated
>          even after a product has been distributed. But the main difference is the degree of
>          choice that their rights-management offers. 
>
>          The most ambitious scheme so far is IntertrustÕs technology. It allows creators,
>          publishers and distributors to attach not just usage rights to their content, but
>          business rules such as tailored pricing. With a software tool called Commerce
>          Modeler, content creators can, for example, permit users to get discounts for a
>          song if they also buy tickets to a particular concert. 
>
>          All this technology creates plenty of opportunities for new sorts of
>          interactive-service provider. In particular, online clearing-houses will be needed
>          to record data on who is using what, and then to arrange suitable financial
>          transactions. One likely contender in this field is Reciprocal, a firm that already
>          has deals with several big record companies. Another is PublishOne, which
>          provides a similar service for electronic publishers of such things as business
>          reports. 
>
>          Indeed, PublishOneÕs business plan is a good example of how
>          digital-rights-management systems may work in practice. When a publisher
>          uploads its content on to one of the companyÕs computers, it sets the price and
>          defines, for example, whether the product can also be saved or printed by any
>          user who wants to buy the right to look at it. PublishOne then pops it in an
>          appropriate digital container and publishes it on one of its partner websites.
>          Buyers need to register with a financial clearing-house and download the
>          necessary software to open the container and reveal the goodies inside. 
>
>          All of which sounds excellent news for brain-workers who wish to sell the fruits
>          of their labours. Whether it will turn out that way, however, depends on two
>          groups: customers, who may have got used to the current, lax regime, and
>          techno-anarchists, who think all software should be free. 
>
>          Intellectual property is theft 
>
>          If rights-management software can truly be made secure, customers may have no
>          choice but to stump up. The issue will, in any case, be fought out in the
>          marketplace. But that security is by no means guaranteed. Hackers love a
>          challenge, and hacking into such software is just the sort of challenge that many
>          of them like best. And because of their belief in freedom-of-software, their
>          solutions will, no doubt, be made freely available. 
>
>          That, according to Dr Stefik, means that rights-management systems based
>          purely on software are, in the end, unlikely to be sufficient. He thinks extra
>          hardware will be needed, too. This will probably be built into future generations
>          of PC s in the form of a so-called copyright chip (©-chip) such as the one
>          developed by Wave Systems. This is a hard-wired, and therefore tamper-proof,
>          substitute for some of the software in more orthodox systems. But since the
>          ©-chip will not actually be a separate piece of kit, customer resistance should be
>          reduced. That, with luck, will eliminate the freeloaders. 
>
>          Even legitimate users, however, have some concerns. One of the most important
>          is privacy. Digital-rights management, particularly the sort that refers each
>          transaction to a third party, produces enormous amounts of Òinformation
>          exhaustÓ, as Intertrust puts it. The company sees this as a good thing. Its
>          products, it boasts, can track such Òusage data as the time when a customer plays
>          an interactive game, or even invokes specific modules in a game.Ó Many people,
>          however, will not regard that as such a great idea. They would rather keep their
>          games-playing habitsÑand other thingsÑsecret. 
>
>          Civil libertarians will not like the technology either, because it would create new
>          boundaries in cyberspace by restricting the flow of informationÑa feature that
>          many executives and politicians might, on the contrary, rather like. Companies
>          often want only a limited group of employees to have access to informationÑto
>          material that contains trade secrets, for instance. And many countries control
>          which categories of works, or ideas, can be sold. 
>
>          Legal experts are also wary of these systems. They fear that copyright holders
>          will be left with too much powerÑwhereas the rights of such consumers as
>          librarians and scientists to Òdeal fairlyÓ with intellectual property, will, in effect,
>          be abolished. Software code, warns Lawrence Lessig, a law professor at Harvard,
>          could replace legal code. 
>
>          After repeatedly strengthening the rights of copyright holders in the face of new
>          technology, therefore, governments may begin to think about protecting the
>          consumers of intellectual propertyÑperhaps by limiting what
>          digital-rights-management systems can do. Mr Lessig observes that the day may
>          soon dawn when students are taught not of ÒcopyrightÓ but ÒcopydutyÓÑthe
>          legal obligation of copyright holders to provide public access.