| Introduction | | | | through micro-payments mechanisms that would |
| | | | transfer their proportion due each time an |
| Most people have heard of software licensing | | | | aspect of their work was sold/licensed. This |
| and pay per view television, but possibly not | | | | was proposed so that owners would receive an |
| connected it with a development in technology | | | | accurate payment for use. |
| called Digital Rights Management (DRM). To | | | | |
| understand what DRM is trying to achieve you | | | | Did that make it work? |
| first of all need to understand intellectual | | | | |
| property. | | | | Well, this is where the detail gets a bit |
| | | | more complicated. |
| Intellectual property | | | | |
| | | | The only mechanism that computer systems have |
| To understand digital rights you need to | | | | for enforcing controls when the computer |
| remember that books, plays, pictures, films | | | | operating system is not in control (which is |
| and so on (including this paper) are subject | | | | almost all the time with the Internet) is |
| to copyright or intellectual property rights. | | | | encryption. If you don't encrypt (make |
| By international agreements such as the Berne | | | | secret) the thing you are trying to protect |
| Convention countries recognize these rights | | | | then your (lack of) protection mechanism will |
| and provide a framework that allows copyright | | | | soon be detected and either all the works you |
| holders to have uniform rights in different | | | | were trying to protect will suddenly become |
| countries and to be able to enforce them. | | | | freely available on the web (as happens more |
| Whenever you buy a book, hear a modern | | | | often than you might think) or they will be |
| recording played on television or see a film | | | | shared amongst private groups of users |
| a payment is being made to the copyright | | | | freely. |
| holders of the work. | | | | |
| | | | Now encryption requires a number of |
| You will find significantly more detail on | | | | disciplines if it is going to be successful. |
| intellectual property rights (IPR) on the web | | | | It also imposes quite an overhead on a |
| site The site provides a comprehensive | | | | system. For instance, whilst the user would |
| information resource about the work of the | | | | not worry about the time it takes to decrypt |
| World Intellectual Property Organization | | | | a file (say a document, spreadsheet, .pdf |
| (WIPO). | | | | file) because the amount of information is in |
| | | | reality quite small, but if they are waiting |
| Now intellectual property rights were | | | | for the decryption of streaming video or |
| important in the book and film trades, but | | | | voice the heavy encryption currently used can |
| television, DVD, computer software and | | | | harm performance. Certainly the average DVD |
| computer games have had such a significant | | | | would not perform well using a PC to decrypt |
| effect on world trade that the World Trade | | | | all its information using, say triple DES. |
| Organization (WTO) has a special section of | | | | |
| its activities devoted to dealing with | | | | Encryption also requires the control of |
| intellectual property rights called | | | | cryptographic keys. Some people who have |
| Trade-Related aspects of Intellectual | | | | installed or re-installed Microsoft Windows |
| Property Rights (TRIPS) and more information | | | | will have typed in a long series of letters |
| on the world negotiations are at | | | | and numbers (a.k.a. a cryptographic key). But |
| | | | DRM system often require you to be in contact |
| You can gather from this that several | | | | with a server that is monitoring user |
| industries consider intellectual property to | | | | requests and comparing them with dynamically |
| a very big deal indeed. | | | | imposed controls (such as continuing to |
| | | | subscribe to a service). |
| Demand for Digital Rights Management (DRM) | | | | |
| | | | Cryptography allows strong controls, but it |
| So now when we talk about digital rights | | | | also imposes overheads and technical |
| management we are talking about works of | | | | difficulties. |
| intellectual property that are processed by | | | | |
| digital computers (or even analogue ones). | | | | The early DRM systems failed simply because |
| | | | they were too expensive for the amount of |
| There are many many industries producing | | | | money they could reasonably collect. This |
| copyright works that are held on and | | | | idea of cost may sound rather strange, but |
| processed by computers. That includes | | | | the cost of mounting the servers, the |
| anything processing cassette tapes, VCR, | | | | processing overhead and the amount of |
| CD-ROM, DVD, flash cards and so on. There are | | | | connectivity required to operate those |
| even laws that create rights in databases as | | | | systems was simply too much compared to the |
| collections of information. | | | | amount of money they could realistically |
| | | | collect. |
| The copyright holders (owners) found that the | | | | |
| original computer systems, broadcast | | | | Can you make it work? |
| television and cassette tapes, records and | | | | |
| VCR machines made no attempt to stop people | | | | Cryptography can work effectively in a number |
| from copying their work and even selling it | | | | of situations. But at the moment, |
| on with the owner getting paid the royalty | | | | micro-payments simply isn't one of them. |
| that IPR law gave them. This started in the | | | | Using cryptography to control the actions of |
| late 1980's, and grew significantly with the | | | | a user who has paid a substantial amount of |
| introduction of music standards such as MP3 | | | | money for the product will work where |
| which did not prevent copying, but did make | | | | micro-payments will not. |
| mass market copying very easy. | | | | |
| | | | Cryptography will let you control a number of |
| Other owners selling 'expensive' works such | | | | events. But it depends upon how effective |
| as financial analyses of companies or markets | | | | your cryptography is. A number of disasters |
| found that people would purchase one copy and | | | | have already overtaken those who either chose |
| then make copies of it to pass on to their | | | | to implement poor algorithms or failed to |
| friends for free. When the reports were | | | | understand that you have to do something |
| printed they were photocopied, but making | | | | significantly better than password protection |
| them digital made the copying easier and | | | | if you are going to protect something that |
| faster. | | | | has significant value for your business. It |
| | | | is not necessary for this paper to do more |
| The IT industry saw a massive opportunity to | | | | than state that many of the 'industry |
| be able to make significant amounts of money | | | | standard' solutions failed to recognize the |
| if they could find one or more ways to | | | | real management issues of cryptography and |
| control what the person who had licensed a | | | | therefore failed to provide the protection |
| digital work (when you buy a book in theory | | | | that they seemed to claim. |
| you license it, and the same goes with a | | | | |
| picture or a photograph) did with it. | | | | Later solutions to DRM implementation have |
| | | | been more successful. Although it is fair to |
| DRM controls as against IT controls | | | | note that right owners need to think through |
| | | | what it is that they are licensing their |
| Obviously the things that you would want to | | | | customers for. And to make sure that their |
| control were any form of access and use, and | | | | licensing is consistent with current |
| particularly to prevent any attempt to remove | | | | international agreements. (Issues of |
| the controls. | | | | international rights are the subject of a |
| | | | separate paper.) |
| So controls often provided are: | | | | |
| | | | Moving forwards |
| - reading the item; | | | | |
| | | | Decoupling DRM from micro-payments has |
| - number of times; | | | | enabled a more effective control suite to be |
| | | | provided that on the one hand supports |
| - start and end dates for reading; | | | | industry objectives and on the other hand is |
| | | | acceptable to users. Users were not willing |
| - printing the item; | | | | to work on the basis of micro-payments, but |
| | | | are more willing to buy a service that is |
| - at all; | | | | delivered over a period of time. |
| | | | |
| - poor quality printing; | | | | It seems, from current market feedback, that |
| | | | whilst users do not like restrictions on |
| - number of copies; | | | | their ability to share information with |
| | | | others, and to have it locked down to a |
| - altering the item; | | | | specific computer, they will accept those |
| | | | kinds of limitations. What they are not happy |
| - changing information content; | | | | about are situations where they have to be |
| | | | online to remote servers before they are able |
| - removing copyright marks; | | | | to use information that, as far as they are |
| | | | concerned, they have purchased, and should be |
| - copying the item; | | | | able to access at any time, and for all time. |
| | | | |
| - making copies others can use; | | | | These requirements are at odds with the ideas |
| | | | of the 'pay per view' community from the |
| - copying parts of the work; | | | | record and film industries, who see a massive |
| | | | market opportunity if they can charge for |
| - taking screen dumps as copies; | | | | each and every use of an item as against |
| | | | having sold it to a customer for permanent |
| - running the item as a program; | | | | use. (In other words they may prefer the |
| | | | model of the DVD/Video shop to that of the |
| - running the item on one computer; | | | | customer buying a the item and being able to |
| | | | use it forever thereafter.) |
| - only allowing one user to run the item; | | | | |
| | | | Conclusion |
| - limiting the number of CPUs the item may | | | | |
| use. | | | | DRM offers industry information providers, |
| | | | which include the financial industries, |
| These controls are a long way from the | | | | analysts, consultants, programmers |
| original IT type controls on files which (for | | | | (applications, games) database owners and so |
| those not instantly familiar with them) still | | | | on, as well as the record and film |
| are: | | | | industries, with significant potential. DRM |
| | | | significantly extends the old IT controls and |
| - read; | | | | provides a much finer grained control over |
| | | | the ability of the user to make use of an |
| - write; | | | | item. |
| | | | |
| - append; | | | | Attempts to link finer grained control to |
| | | | micro-payments controls has not been |
| - delete; | | | | successful so far, and may prove to be |
| | | | unattainable in the longer term because the |
| - execute. | | | | cost of operating the mechanism exceeds the |
| | | | possible income per transaction. Speculation |
| Now as you can see, it's quite a different | | | | that web costs are zero may be correct for |
| list of controls with quite a significant | | | | the end user, but studies have demonstrated |
| impact. | | | | that information service providers actually |
| | | | pay to have their information made available |
| DRM and charging mechanisms | | | | on the web. |
| | | | |
| When DRM systems first came out there was a | | | | The correct mechanism to implement DRM will |
| strong move to be able to license significant | | | | vary significantly with the delivery |
| amounts of the information found on the | | | | requirement. Services that require high speed |
| Internet, and to charge for every conceivable | | | | decryption still need to be implemented in |
| use of an item, as well be able to pass on | | | | hardware if they are to work in an online |
| enforceable rights from one rights holder to | | | | situation. Realtime services can only be |
| another. | | | | delivered using dedicated hardware, and |
| | | | owners requiring this service should be aware |
| Original owners were also to be recompensed | | | | of this limitation. |