DRM technology and policy
Derek Atkins
derek at ihtfp.com
Mon Apr 21 17:07:16 EDT 2003
"John S. Denker" <jsd at monmouth.com> writes:
> Recent anti-DRM arguments on the cryptography list have
> cited examples suggesting that there are _some_ DRM
> problems that cannot be well solved by _certain_
> technologies.... And then they claim to have "proved"
> thereby that all DRM is futile. This is the height of
> illogic.
I'm not sure which comments you are referring.. My statement
was that you cannot perform DRM in a purely software solution;
you need some level of hardware assistance to get any level
of assurance as a content provider. The only proof that I
maintained was that you couldn't create a perfect DRM solution
using only software (which was our constraint at the time).
I don't see any illogic in that (except perhaps by some
readers who wanted to read more into it).
I agree that DRM is a good thing -- I'd love to use a DRM
system to protect my medical and financial information.
So, where do we go from here? You suggest....
> We need a system whereby inventors, authors, performers,
> and even publishers get paid for their work. SOMEBODY
> needs to bear the cost of this. We need a system
> whereby the costs are distributed reasonably.
>
> We need a system for assigning valuation, distributing
> the goods, collecting and distributing the fees, and
> penalizing thieves.
>
> There's work to be done. Let's stop fooling around.
Ok, let's start from the beginning. Let's be engineer here.
What are the requirements of such a system. Let's get DEEP
into details. What are the constraints? What is the threat model?
I don't think we've seen a good requirements document (from
either side) that details the issues, concerns, and wants
from a DRM system. They all start with the a priori solution
("DRM Good" or "DRM Bad") and work backwards. Let's work forwards
and see where it takes us, and let's leave the fear behind.
Fear is a powerful thing. The Big Guys are afraid of losing their
money/power; the little guys are afraid of losing their freedoms
(freedom to steal/copy? I'm not so sure). So, where is the
balance of protecting the rights of the content producers and
protecting the fair-use by the consumers?
Is this necessarily a problem that _can_ be solved with technology?
And if it can, is it necessarily one that should?
-derek
PS: Ok, who wants to pay me to think about this?? Or do you
feel entitled to get my ramblings for free? ;-)
--
Derek Atkins
Computer and Internet Security Consultant
derek at ihtfp.com www.ihtfp.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list