DRM technology and policy

Peter Clay pete at flatline.org.uk
Tue Apr 22 09:47:17 EDT 2003 

On 21 Apr 2003, Derek Atkins wrote:

> Ok, let's start from the beginning.  Let's be engineer here.
> What are the requirements of such a system.  Let's get DEEP
> into details.  What are the constraints?  What is the threat model?
> I don't think we've seen a good requirements document (from
> either side) that details the issues, concerns, and wants
> from a DRM system.  They all start with the a priori solution
> ("DRM Good" or "DRM Bad") and work backwards.  Let's work forwards
> and see where it takes us, and let's leave the fear behind.

CENORM (http://www.cenorm.be/isss/DRM/Draft_report.htm), a European
standards organsiation, are working on this issue. They don't appear to
have produced any sort of synthesis yet, just a catalogue of opinions as
to what a DRM system should be. If they do produce any concrete
requirements, they are likely to be written into European law eventually.

I think that there are deep philosophical problems which need to be
addressed before any coherent requirements can be produced. For example,
are copyright holders entitled to restrict which devices can be used to
playback their work? Are they entitled to engage in "tying", exclusive
deals (e.g. playback devices that can only play music distributed by one
of the Big Five), and other anticompetitve behaviour? Are they entitled to
ask for personal information?

What level of user discrimination are they entitled to engage in? Bulk
discounts? Frequent-listener discounts? Age discrimination? Location-based
discrimination? Region coding?

We're in line for a repeat of the crypto wars here. There were two
incompatible sets of requirements ("we don't want people to read our
communications" vs. "government wants to be able to read all
communications"). People ignored the ones they weren't interested in and
implemented things like PGP and Clipper.

> Is this necessarily a problem that _can_ be solved with technology?
> And if it can, is it necessarily one that should?

Some of it can, some of it can't. Many legal concepts (e.g. "reasonable",
"intent") can't be technologically represented unless you have a system
that can pass not just the Turing test but the Bar exams.

(There's a Michael Marshall Smith novel which has "smart guns" with
databases of legal precedence in them, which the user can set to the level
of felony he wishes to risk. So you can set them to "self-defence",
"murder two" or "murder one". That's the level of technology that would be
needed for a purely technological implementation of fair use.)

Pete
-- 
Peter Clay                                         | Campaign for   _  _| .__
                                                   | Digital       /  / | |
                                                   | Rights!       \_ \_| |
                                                   | http://www.ukcdr.org


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list