IP: Our take on DRM systems and their limitations

[Dave Farber <farber () cis upenn edu>]

Note Blue Spike is a vender in the field. djf


the bs- and buzzword-free journal of entertainment and technology
Digital Mogul Vol 3 Report 7

Page 7

Revolving Expert Series The Forum for Rotating Gurus / Where those who

know, tell you what they know.

"Will Fixation on Security Silence the Trumpets of Fame?"

by Scott Moskowitz and Peter Cassidy, Blue Spike, Inc.

Today, the entire culture is being forced to revisit questions of how
copyright is defined, applied, and enforced something it hasn't had to
do, with this scope, for hundreds of years. Way Back When in England,
the big deal was about the control of heretical texts and, later, the
suppression of Scots publishers. Now it's about control of
profit-making intellectual property and suppression of renegade online
distributors; gods, scripture and technologies come and go, but we
keep getting into the same squabbles.

What has delivered us to our latest evolutionary threshold of
copyright is the inherent democratization that market-chasing
technological advances engender. Ease of copying and distribution by
technical illiterates has never been greater, pitting content owners
against their own customers. In this advance of electronic
communications, established media conglomerates
have and won legislation in the Digital Millennium Copyright Act
(DMCA) that criminalizes the act of bypassing anti-copying systems.
Technologies have been perfected that would allow creators and
distributors to force compliance with usage rules in ways that can
circumvent fair use entitlements built into copyright law and may
outlast copyright itself, ensuring a sort of copy-control in
perpetuity.

What is novel about our moment is that the new laws and technical
solutions being developed can effectively pre-empt and eliminate
consumers' legitimate abilities to manipulate digital works that they
have purchased or licensed  before any breach of copyright has
transpired.

Strangely, but in context with our times, a military-intelligence
model of security has been applied to consumer goods, threatening the
flow of free samples that irrigates consumer markets. In a way, we may
well be reversing the gains made since modern copyright was born 300
years ago. We abhor piracy and appreciate the position of the media
companies. Without intellectual property, economies shrivel.

Yet, in the long-term, the new communications media will provide the
greatest boon to these established market makers, as has been the case
with radio, television and recordable media like VHS.  And Internet
technologies will do that in much the same way as older technologies
by allowing consumers' love to blow the trumpets of fame and generate
recognition and demand for artists' work. Sometimes that promotional
dynamic is expressed as friends on a stoop with a boom box and a case
of discount beer, sometimes as the loaning of records between
impoverished enthusiasts and sometimes as swapping of MP3 files among
friends via e-mail.  Who knows what else may be possible as the
technology evolves?

What we are faced with today, and this is the core of Blue Spike's
sense of trepidation, is the frantic development of technologies and
laws based on the a priori presumption that access restriction is the
only credible approach to securing copyright and protecting
intellectual property on the Internet. It is as if air transport
technologies were being built around the assumption that only
lighter-than- air vehicles can achieve flight.

Evolution of security and e-commerce instrumentation to mediate
legitimate trade in music and media objects are being severely
retarded, if not wholly precluded by this assumption, creating a
dysfunctional cycle. Content owners and technologists fixate on access
restriction and only access restriction technologies are considered.
They fail to meet consumers' expectations that have been acclimated by
decades of free access, sending them scampering off to the contraband
bazaars of the Web. This only proves the content owners' theory that
consumers are a pack of feral thieves whose larcenous appetites must
be arrested by black-box content protection systems.

The threat, however, is manifold, potentially impinging on the culture
and tradition of the public domain that has been so hard won  and
which has served our economies so well. It is worth reviewing how
media consumers' rights came to light and what benefits they have
bestowed before we run off and stock the shelves of our electronic
markets with black boxes. Copyright law never gave a hammerlock of
control to creators, nor did it give unlimited freedom of use to the
public or commercial sectors. In its baldest characterization,
copyright is an institutionalized compromise between copyright
holders' legal right to hold temporary monopolies on
information and the public's codified right to use that information
according to those prescriptions during and after the monopoly is in
force.

The concept of copyright in its modern manifestation cannot exist
outside of the context of public interest and its embodiment in the
legal entity called the "public domain."  Four hundred and fifty years
ago, in England, copyright laws were established for printers, in
large part to control the dissemination of heretical or dangerous
texts that could threaten the social order. In 1710, however, the
Statute of Anne established copyrights for creators that could be
maintained up to twenty-eight years, after which their works passed
into the public domain. Creators got protection to
reward them for their innovative expression and the public was
enriched with new ideas and knowledge. (The politics of the Statute of
Anne were complex, driven not entirely by unalloyed beneficence. A
large part of its motivation was to get control of "pirate" publishers
in Scotland  then only recently incorporated into the U.K. who were
exporting high-quality texts, undercutting crown-licensed
contemporaries in London.)

Yet the concepts this statute embodied inspired others in Europe and
the U.S., and sired a number of wonderful precipitates.  Among the
most important was a continuously invigorated consumer population
whose knowledge was indeed expanded and interests cultivated, not
incidentally creating markets for new works. Copyright's limitations
and leaks made consumers of people who might not have participated in
markets for literature, had books been locked away by permanent
monopolies or failed to achieve a diversity (inspired by copyright
protecting authors who could profit from their ingenuity) that could
satisfy all interests. In the context of making retail markets for
information goods, the public's grazing rights on the info-commons
engendered alert, informed and lusty consumer markets.

Since modern copyright laws have appeared, the success of new
technologies  from radio to VHS to RIO  have been secured by the rough

maintenance of the trade-offs prescribed in copyright law. Today, the
achievements of copyright and public domain hang in the balance.
Supra-legal solutions that bypass the fair use rights under copyright
laws could well reverse the enormous social and economic benefits they
have produced. Our sense is that the rush to secure copyrights with
black boxes to stave off the threats posed by new communications
technologies is actually an artifact of our times.

The Cold War, some of its technology (cryptography) and its binary
worldview, has been transferred to Internet and the markets forming on
it: Eastern Block bad; Western nations good. Napster bad; 1024-bit
key-secured crypto-vault good.

The consumer has been cast as the Evil Doer or as an accomplice whose
machinations must be met with technologically superior armament,
seething yuppie lawyers and a civil law-enforcement posture that would
make 1980's South Korea look snugglesome. (Hint: If the police ever
arrive to search your server with a water cannon, it is not time to
break out the soap-on-a-rope.) This approach has been enormously
expensive in the opportunities lost in the pursuit of black-box
security systems for media assets such as Digital Rights Management
(DRM) systems that restrict usage according to predetermined rules
scripted by content owners and distributors.They are impressive
technologies  but by design not appropriate for markets in which
consumers have to be lured and seduced. The guiding questions cast by
the media industries thus far have been focused around annihilating
the Napsters or MP3s of the world.

Our thinking about copyrights and the Web should, instead, be geared
to sculpting rational instrumentation for securing intellectual
property and mediating its honest trade in electronic markets. Part of
the solution may involve e-locks and e-keys but our sense is that the
total solution will be a lot more layered and nuanced, ultimately
defaulting toward easing consumers' usage burdens.

Technically speaking, the fixation with creating black boxes for media

assets has absorbed a lot of development time that could have been
applied to solutions that preserved the copyright balance that is in
place today and serve consumers' interests.  The Secure Digital Music
Initiative (SDMI) is a good example. Charged to find a solution to
online music piracy, the SDMI chose to use digital watermarking as an
instrument for a larger copy-control and playback-control mechanism.
SDMI's specification required a great deal of specialized knowledge in
signals processing and steganographic arts, disciplines that Blue
Spike first married in its patents around five years ago. Application
of all that technology in a machine-readable access control scheme has
produced systems that have all reportedly been hacked by the Princeton
group.

Sidestepping the issue of SDMI's design specification for open,
machine-readable watermarks and its  inherent exposures, we ask,
what advances could have been made had all the engineering
experience, expertise and research embodied by SDMI been
dedicated to alternative proposals? What if some of that knowledge of
signals processing and steganography were invested in a standard for
fingerprinting and authenticating songs that would be cleared through
subscription-based online catalogues to direct and mediate payment to
artists whose work is passed through the system.  Technically, the
pieces needed to assemble such a system are on the shelf today. Blue
Spike has been sitting on much of the techniques and technologies
required for such a scheme for years. Our contemporaries in the fields
of security, steganography and signals processing possess parts of the
technologies required for such a system as well. This is but one
example.

The bottom line is that a great many solutions with potential for
constructively animating authentic markets for digital media on the
Web are within reach, but can't get on the agenda because of the
institutionalized limitation of the technical imaginations being
brought to bear on the problem. Even if access control schemes can be
made to work or consumer expectations can be lowered or changed it may
not create a better world or bigger markets. Military-intelligence
style information security technologies applied for their own sake in
consumer media goods would eliminate the most useful promotional
aspect of Internet, limiting the ability for consumers to blow the
trumpets of fame that make headliners of aspirants and keep the stars
in the firmament.

Scott Moskowitz is CEO of Blue Spike, Inc., a media security company
that pioneered the development of key-based, secure digital watermarks
(scott () bluespike com); Peter Cassidy is Director of Communications at
Blue Spike (peter () bluespike com).