DRM technology and policy

Derek Atkins derek at ihtfp.com
Mon Apr 21 17:07:16 EDT 2003


"John S. Denker" <jsd at monmouth.com> writes:

> Recent anti-DRM arguments on the cryptography list have
> cited examples suggesting that there are _some_ DRM
> problems that cannot be well solved by _certain_
> technologies....  And then they claim to have "proved"
> thereby that all DRM is futile.  This is the height of
> illogic.

I'm not sure which comments you are referring..  My statement
was that you cannot perform DRM in a purely software solution;
you need some level of hardware assistance to get any level
of assurance as a content provider.  The only proof that I
maintained was that you couldn't create a perfect DRM solution
using only software (which was our constraint at the time).
I don't see any illogic in that (except perhaps by some
readers who wanted to read more into it).

I agree that DRM is a good thing -- I'd love to use a DRM
system to protect my medical and financial information.
So, where do we go from here?  You suggest....

> We need a system whereby inventors, authors, performers,
> and even publishers get paid for their work.  SOMEBODY
> needs to bear the cost of this.  We need a system
> whereby the costs are distributed reasonably.
> 
> We need a system for assigning valuation, distributing
> the goods, collecting and distributing the fees, and
> penalizing thieves.
> 
> There's work to be done.  Let's stop fooling around.

Ok, let's start from the beginning.  Let's be engineer here.
What are the requirements of such a system.  Let's get DEEP
into details.  What are the constraints?  What is the threat model?
I don't think we've seen a good requirements document (from
either side) that details the issues, concerns, and wants
from a DRM system.  They all start with the a priori solution
("DRM Good" or "DRM Bad") and work backwards.  Let's work forwards
and see where it takes us, and let's leave the fear behind.

Fear is a powerful thing.  The Big Guys are afraid of losing their
money/power; the little guys are afraid of losing their freedoms
(freedom to steal/copy?  I'm not so sure).  So, where is the
balance of protecting the rights of the content producers and
protecting the fair-use by the consumers?

Is this necessarily a problem that _can_ be solved with technology?
And if it can, is it necessarily one that should?

-derek

PS: Ok, who wants to pay me to think about this??  Or do you
feel entitled to get my ramblings for free?  ;-)

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek at ihtfp.com             www.ihtfp.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list