DRM conference update for Saturday One might think Berkeley would know better... Saturday's DRM conference day is at the Bancroft Hotel, in a room that has neither power plugs (only 3 outlets to my knowledge, one in use by video crew, another by transcription team) nor anything resembling net access (the university is right across the street. You'd think they'd get bleed from the wireless on-campus, but apparently not). I won't get to blog the day until afternoon.  ¶ 10:53 PM 0 Comments Links to this post

  DRM Conference, session 4

Impacts of DRMs on consumers

• Chris Murray, Consumers Union (moderator)
• Julie Cohen, Georgetown Univ. Law School (paper on DRM & privacy)
• Joan Feigenbaum, Computer Science, Yale University
• Raymond Ku, Seton Hall Law School (paper on private copying)
• Anita Ramasastry, Univ. of Washington Law School (paper on consumer protection issues)
• Tomas Sander, Hewlett Packard

Joan: digital dilemma report, copyright law from perspective of computer scientist, consumer, and teacher of e-commerce course for undergrads. Four remarks:part of spec should be "enforce copyright law" or at least obey, owners should be given well-defined rights and exceptions, no way to specify a system, need affirmative, direct specification of what users are allowed to do. What if someone builds a good Tech Protection System (TPS)? clever arguments to reverse engineer or circumvent, but not only way/is insufficient to protect rights. Shouldn't have to hack around system to use per your rights. Mulligan and Burstein, 2002 paper: fair use is fact-intensive, case by case. No way to engineer a mass-market system. Need to be able to recognize the typical, vast majority of fair uses extremely effienciently. Note that in analog, most fair use is non-controversial. The Way Forward: (Lacy, Maher and Snyder, 1997 paper): use technology to do what comes naturally, content distrib should benefit from uncontrolled copying and redistribution.

Anita: former regulator, payment mechanisms teacher; who is the consumer? DIfferent discussion here from what consumers think. Content owners or rights holders: level of use is license and contract, fair use is not relevant paradigm, use "fared" (metered) use instead. Consumer portrayed, pirate, geektivist, buyer or licensee in search of cheaper or more goods. New category: luddite: embed values in technology, markets are also social, concerned about fair use and unable to participate in debate. Loss of public forum for exchange of info (channel surfing, DRM will constrict even more). Luddites: broke rules, today's raise moral and ethidcal arguments against excesses of modern tech. Cross purposes: licenses in economic terms, fair use as a way of life (weavers, luddites, less about technology and more about impositions. Culture created thru consumption: core values and identities are bound w/ marketplace values, choices, freedoms and restrictions. 2 paradigms: rationalist econ thought: consumers as a colective groups; social issues reemerge as dominant paradigm and driving force. Consumers will lose lots in broader contest. Consumer is experiencing the market as social phenomenon, not economic. Courts have also recognized fair use as socially constructed, social bargain between rights and duties, constructed and not self evident, only works thru trust and expectations. Social context? daily interactions, disconnect w/ content providers. Markets brought culture and information, now constraining. Rights (shifting, copying) understood in sodial terms. Contract law (before DRM) akin to reasonable expectations, no longer sole paradigm. DRM takes us out of contract, out of fair use; Congress has duty to protect us. Disclosure necessary for consumers to understand what they're interacting with.

Julie: profiling at indiv preferences is dangerous, in both private marketplace and in gov use (chilling affects). More than collection of prefs: underlying social values: freedom to use intellectual goods in relatively private spaces. Stanley v Georgia (privacy to read in own home) -- philosophical construct for other providers, spacial and intellectual considerations (papers and effects). Privacy invasion as breathing space, private space: working drastic changes in bedrock presumptions can be troubling. Fair info practices: provides notice, transparency, but anemic, relies on consent. Consumers can't participate meaningfully, question as to affect of notice and consent. SEcond role for law: invasion of privacy torts? Haven't entered digital age, profiles are likenesses. Comon law privacy rights can be waived, can be trumped by contract provisions, of public concern. (See her paper.) Public/private divide: relationship between freedom and privacy? TIA, et al. Is that all there is? make sure DRM is designed to protect privacy in the first place, minimize collection practices, implement flexible controls (what's this need for precision, Hal A's comments earlier). Law has a role, consumer's bill of rights. Gov shouldn't be in the business of telling what standards should be used, but can specify rights for reasonable freedom from constraints, privacy, meaningful participation in debate.

Raymond: are we creating markets or preserving existing market structures in face of market changes? Gov: don't regulate, don't mandate or choose winners, copyright IS gov action. Fair use is old question, is consumer copying fair use? clarifies appropriate scope of copyright & relationship w/ DRM, challenges claim of entitlement to DRM, highlights what's lost. Williams v Wilkins, Sony v Universal City Studios, VCR and time shifting is fair use. New technologies render certain things ambiguous, contributory infringement or substandial non-infringing uses. not undermined because of financial gain (consumers), public goods problem about creative works or transformative uses. Time shifting doesn't damage original market. Wendy Gordon: A use is considered fair if: market failure is present, transfer of use to DEF is socially desirable, and does not cause substantial injury to incentives of copyright owner. market failure: transactaion costs, externalities, etc, potential for market cures needs to be evaluated. Private copying = micro-infringement. Creative distruction is part of process of fair use. Revolutions of economic structure, new business models, renders prior biz models obsolete. Public goods problem, creation and distribution promotion (Gutenberg). New tech may not share same public goods characteristics as printing press (unbundling requirements). VCR: copying not free riding. Copying and creation is different: don't depend on sale of copies (TV funding sources). Fair use includes the creative destruction of copyright, DRM must permit fair use & other rights, expansion of monopoly rights is inconsistent w/ Article 1 section 8 powers.

Thomas: How draconian can DRM get? good news: creates media consumption paradise for consumers, advances in bandwidth, storage, wireless, computational power.. Concerns: draconian DRM is forced upon consumers, and ghost of DracoDRM has mystical, unreal qualities: limits actions, pay for uses, creates consumer profiles; all shoved down their throat. Design principles: hardware w/ appropriate licenses. secure and tamper-resistent, good for draconian DRM (only way to build secure Draco system). Key application requirements for success: content handling devices need to handle all content (protected and un-) simultaneously; systems w/out consumer acceptance can't win. Privacy: Myth: DRM systems per se privacy invasive, pseudonyms useful, PII needed only for risk mgt or perhaps functionality, has complications. Overall, privacy-friendly DRM is possible w/ careful crafting of solutions, approach consistent w/ privacy laws elsewhere (Europe), give strong guarantees w/ functionality.

questions from floor: DRM not needed, downloaded legal music while here. why are we here? yes. Fred, EFF: how to we protect from devices that haven't been invented yet? RayKu: let the market decide. Julie: simple but hard to understand: abandon idea that best = precision. (missed other questions. Side notes: watch for DTCP bill--content control via firewire, designing minimums into tech that may end up as ceilings to users later.)

amusing side note: speakers are helping each other get their laptops connected.  ¶ 3:18 PM 0 Comments Links to this post

  DRM conference, session 3 Impacts of DRMs on flows of information

• David Wagner, Computer Science, UC Berkeley (moderator)
• Hal Abelson, MIT
• Edward Felten, Computer Science, Princeton University
• Joe Liu, Boston College Law School (paper on DMCA and research)
• Larry Lessig, Stanford Law School (paper on Creative Commons)
• John Erickson, Hewlett Packard

Hal: background: statute of Anne (big picture in background). Speaking to policy makers: watch out. You're sounded by two dangerous delusional communities: making things better by making things more precise. Public good: legal code overwrites & fuzzifies that, IT standards overlays and fuzzifies, implementations (computer guys) on top. This is how the world is, and it's ok. But now: matress tag: DO NOT REMOVE UNDER PENALTY OF LAW. Policymakers: key legal principle is NOT fair use, it's de minimus non curat lex: Do not succumb to illusion that the public good is best served by forcing the strict alignment of practices with policy. Scientific publishing: the basic deal as seen by the universities: scientist authors give to journal publishers, publishers own w/ all rights, allow scientists to retain some limited rights. ACM: I give to ACM, they allow me to post for my personal use on my web site. Elsevier: gives right to present author's work at a conference. Chemists: can post title, abstract... NEJMed - woah! Why? helps maintain the integrity of pub process. (haha) Rights go to responsible parties that exert monopoly control because they own the infrastructure. What about indexing, extraction, other innovations in info use. Internet's access, tools stillborn by limited access to quality sources? or stimulate network effects that lead to further concentration and monopolization of the scientific literature? DRM may exacerbate both. Legally sanctioned publishing monopolies that exert control by dominating the publishing infrastructure? and firmly entrenched by DRM tech and the law? (Implementations.)

John Erickson, HP: Policies: not code, not law? Policies are code, but increasingly not built in (good), useful where system must make choice. DRM is policy enforcement (one choice). Trusted systems on "trusted computing bases", ideal for enforcing DRM. Good parts: may be declaratively expressed, studied, accessed, tailored to context; potential for policy creation. Nasty bits: limits by expressive language, choices by policy makers, implementations and systems subcomponents. Policy as private law: arbitrary controls w/ no constraints, do not factor in fuzzy attributes like locality or user intent, escapes for human intervention must be factored into policy and system design. People in or out of the loop. Constraining info flow: includes discovery, retrieval, use/reuse, dissemination, derivative works; constrained by opacity, policies, monitored access, etc. Encouraged by transparency and metadata, accessibility (policies, constraints, formats). Closed info spaces: built-in policies and control use (don't work with certain browsers), proprietary formats, etc. How to challenge the code? (write and use policies in humanistic way?)

Joseph Liu: DMCA and regulation of scientific research paper. DMCA enacted 1998, liabilities for circumvention and distribution; controversial. How does this affect academic encryption researchers? should be largely untouched, everyone agrees. Exemption 1201(g) for good faith research was later developed, cases include Ed Felten, but claim was that fears were overblown. Impacts on research: "academic encryption researchers should be able to conduct some resarch w/out fear of liability under DMCA" and "DMCA will have non-trivial impact on conditions under which such research takes place." Limits who can conduct research, imposes hurdles before research (must seek permission), limits free communication about results, avenues for publishing, requires notice and disclosure of results, affects content of published work (esp actual code, structure of exemption allows for changes via regulation mechanisms). Evaluating the impact: regulating (not infringing activities, devices) non-infringing activities and research. DMCA is not sufficiently careful about its impacts (overbroad).

Ed Felten: DRM has negative impact not only on tech and research, but also on debate. Device must be a black box that users can't examine. Combination of tech and law makes the box black. Tech & public policy: important pp questions depend on understanding technology (especially true now for DRM), bans on understanding tech cripples debate. TIA program: PP, FBI + CIA want to mine commercial databases (security v privacy tradeoff), advocates claim "don't worry" but need to understand tech first. Porn blocking and filtering: products claim to block only offending tech, don't worry about overblocking. Need to see filter list to know. Electronic voting: push toward computerized voting, convenience and speed vs risk of fraud.What we don't need to do is make process harder.

Larry Lessig: Binary blindness. Have been talking about DRM forever, need to reframe the problem. 3 kinds of people: not controlling their stuff at all, don't touch my stuff unless you ask me first, the rest: ok to use my stuff for certain uses. Original net development ratified position of "nones" but created complaints from "all"--would shrink "some" and "all" space. Political response ("all") to force shift in architecture away from default to support all. Now "some" and "none" lose space/power, must adopt burdonsome tech, marginalizes "none" space. Solving for the extremes: recognize the middle. Strategies, 1: courts and congress, restrict DRM to allow fair use, assure tech doesn't displace rights; not going to work in time. 2: fight DRM, creative commons, distinguish between DRM and DRE: two different issues. Find a way to express one's preferences, can be enforced by machines.

Larry Lessig: Binary blindness. Have been talking about DRM forever, need to reframe the problem. 3 kinds of people: not controlling their stuff at all, don't touch my stuff unless you ask me first, the rest: ok to use my stuff for certain uses. Original net development ratified position of "nones" but created complaints from "all"--would shrink "some" and "all" space. Political response ("all") to force shift in architecture away from default to support all. Now "some" and "none" lose space/power, must adopt burdonsome tech, marginalizes "none" space. Solving for the extremes: recognize the middle. Strategies, 1: courts and congress, restrict DRM to allow fair use, assure tech doesn't displace rights; not going to work in time. 2: fight DRM, creative commons, distinguish between DRM and DRE: two different issues. Find a way to express one's preferences, can be enforced by machines. Build a layer of reasonable copyright law, by expressing reasonable middle; flooding to default "some" space. Restore reasonableness thru voluntary action. Why? incentives to certain artists (increase exposure!), people can participate in debate. Identify, "I believe in (somewhat) free." Urgency, extremes don't control or we lose. Courts aren't ready, congress answers to wrong dialog ($). Best interpretations of "ideals and principles" on Larry's side, other side has "all the money in the world," when was last time ideals won? Should be when's the NEXT time. Reasonableness, building balance through use.

Questions: UC Berkeley student: why did Microsoft choose large content industry over consumers? panel: it's more complicated than that... who's controlling policies? From floor: chastity belts on tech. From floor: creative commons is in tension w/ defaults in law, publishing, existing power bases. Larry: Hal's on CC board, so if there's tension... Jack Valenti's "terrorists" stealing content--one position. Millions of people define a reasonable view, can increasingly define extremists. Ed F: no conflict: CC isn't expressing what I can do or not do. Hal: no conflict, Farber's use of "consumer," triggers new debate, it's not about rights of creators. From floor: controlling data in info spaces? (no answer) Pam S: possible to develop circumvention for fair use, creative anti-circumvention laws, w/out opening pandora's box? Jim: can try and approximate, reach reasonable compromise, how far to carry conversation or compromises. Maybe. Ed: this is one of the most important tech questions, right now: not effectively. Hal: increased access vs (attesting or ??) Joe: legal side, thought experiment: what would fair use look like in legal, regulatory environment? might resemble tax code in complexity. Public interest, people's interaction varies. Mark Limley: Shrinkwrap licenses, open software movement in contract sense, must look at both what big and little guys will do. CC: it's easy to write a set of legal rules, infinite palette(?) and regulation by gov is good or bad thing, CC can facilitate DRM-not-limited-by... ? Larry: Distinction between DRE and DRM, not static, difference is dynamic effect on debate. Overhead of technology before sharing content; DRE (freer content), controlling can be inevitable. Mark L: DRE at odds w/ strong privacy protection? Larry: no, DRE doesn't have same focus, arguments, characteristics of argument. Ed F: distinction w/ DRE: expression about permission vs enforcement mechanisms (raises privacy issues). Adon Katz?: courts, in reframing, was only way to frame or reframe question? Larry: USSC has average view of issues similar to regular people. Ordinary people don't get it until you explain it to them. Movement is salient among ordinary people. Explain clearly and repeatedly, lot of work before we can win.   ¶ 1:27 PM 0 Comments Links to this post

  DRM, session 2

Impacts of DRMs on innovation, competition, & security

• Hal Varian, SIMS, UC Berkeley (moderator)
• David Farber, Computer Science, University of Pennsylvania
• John Manferdelli, Microsoft Corp.
• Lucky Green, cypherpunks.to
• Alex Alben, RealNetworks, Inc.

John: Not one-size fits all. Rights live in the file: persistent protection, share assets in different settings. DRM, Enterprise Rights Management, Personal rights mgmt, Privacy rights mgmt. Different use and attack models. Enterprise doesn't have mass market concerns. All have in common: not to restrict what people can use computers for: can't impose policy (DRM changes w/ time and application), opt-in & user control, widespread permissions w/ negotiated equilibrium (including privacy models)). Misconceptions: don't censor or disable w/out permission, don't lock out vendors or formats, user control, noone owns machine key, won't be perfect. Interoperable. Enemy of good security is demand. Tech providers don't know policy directions.

Lucky Green: Trusted computing & using DRM to stifle competition. Why should you trust entitles that may not trust you? Fall 2000 received invite to Trusted COmputing Platform. offering Secure Boot (to know what OS, under OS, compromising hardware? not building DRM system. Our OS platform doesn't have all that our customer demands (streaming media), must have DRM to deploy. Hardware and software-based, conspiring to keep customers in the dark. Assuring that your computer will disobey your wishes and obey whatever DRM system it's instructed or enabled to. Keeps people from competing with each other. Plugging "analog" hole: feeding speaker back into computer, one of several trends; prevents use of unlicensed software, PC as core of home entertainment, new market opportunities in gov sector also among trends. Upcoming hard/software DRM in office productivity: "We came at this thinking about music, but then we realized that email and docs were far more interesting domains." (Bill Gates) "You could create Word docs that could be read only in the next week." (Steven Levy, MSNBC) How does the law help TC stifle competition? automated agreement in restraint of trade? Vendors say it's an illegal circumvention device. (Question: What would fed prosecutor call...) Consequences of uniquitous, Don't create interoperable software or spend time in prison. DRM is voluntary-? on by default (Palladium), use of gas in a car is similarly optional.

Dave Farber: marvellous religions war, no articulation about real capabilities and limitations. Stop having religious discussions. DRM is not new, generally thought of as software, easy to break. Some now have hardware, multix had protection of documents. Discussions, SecureBoot not in new stuff. ARPAnet was not designed to survive a nuclear attack. FCC: get out of spectrum and other regulatory roles where it's messed things up. Security (lack of perfect) at acceptible levels is important for individuals, corporations, nations. Relevantly secure system difficult to keep DRM out, esp if you don't have boot privileges (in computer environment). Essentially saying you can't build or market if not perfect, bad trade off. Interested in preventing access to his personal info, should have worn his TIA t-shirt. DRM has important role in protecting his info. Mechanismis to enable him, will eventually have to be decided by legislature, courts, marketplace. "Disney problem" (not speaking for FCC): terrible tendency to listen to people w/ inferior solutions (how good? pretty good.) Causes a conflict to engage FBI to track, unwillingness of media companies to pay for protection (distressing). Is far from convinced about fair use that can't have a reasonable, rational balance that gives different forms of fair use and still have rights management systems. Not encouraging DRM, but can happen. Need research, articulation as to what can be found.

Hal Varian: What are the available biz models: Advertise yourself, advertise other stuff, bundle, subscription/versioning/non-linear pricing, low prices and high quality for authentic version, micropayment, DRM. Choosing rights: seller should choose bundle of rights to max value or product, more rights implies more value but perhaps fewer sales, tradeoff (video rentals, DVD sales, library and book purchases, etc). (new techno-threat evolves into mass market.) Home copying: maximizing value models for different places or settings vs. one copyable price (may lose value to sharing, small value); change numbers and variables w/in model for different results. Crippleware not the best answer: reduces value. Competition can compete away copy protection (early Lotus 123). Innovation: 3 types of protection: non-refillable ink carts, cell phones w/ certain batteries, CDs don't allow ripping. 3 types of innovation: printing integrated circuits, generator in a shoe, Elvis remix at world cup,"too much conversation" in NIke ad. Customers may want to use products in innovative ways. (See VonHipple paper at MIT)

Question: double edge sword technology, but also double-ended; doesn't want to be at mercy while gov holds one end and he's responsbile for other end. Farber: you can always buy a mac.

Alex Alben, Real Networks: Property class: bundle of sticks (rights), can be parsed by time, number of plays, ID of user, location, type of device... expectations may not apply. Does enhancing value of rights necessarily diminish personal use rights? "We need to maintain both personal use and copy protection in order to create a marketplace that works. CD's life: assume 10 years, 7.5 cents per month (didn't follow his math.) Roles and responsibilities of key actors; content owners: release product & create licensing, consumers: use products consistent w/ personal use. Tech companies: enable new business models, make DRM transparent. Gov: don't regulate, don't madate, don't choose winners. Thinkers: create intellectual framework for new paradigms of digital distribution. Giving CDs away is not legal personal use, must disabuse consumers. Challenges: crafting a fair use exemption, limiting application of DMCA to protect media, not garage door owners or print cartridges (injunction issued in Lexmark case). Travesty! Broadcast flag: RN supports, News & local should not be marked, fair use w/in broadly defined "home net" must be allowed, no limits on physical copies, gov regulation aka Hollings approach is not good idea ("thin edge of wedge") Reasonable rules required, as industry. DRM is here, abstract concept, can be used for good or ill, need to craft best balance.

Questions from panelists to each other JM: technology should be out of the way. Lucky: most rational consumers believe that uses DMCA has been put were not in scope at time legislation was passed. however as DRM is being pushed will agree, cell batteries programmed to charge less each time, proprietary batteries (Alex: recharge your shoes), courts believe that DRM is legitimate: unless law is changed, careful what you ask for. Farber: need language for policy to accept or reject. Get rid of consumer (the term). Shoes will be confiscated at airport.

Questions from audience: Engineer: values assumed in panel have vastly inflated values, budget for billing and DRM doesn't exist. RN: forward-investing, subscription in 30-day increments. Dierdre M: concern for locking down characteristics, rights expression language and vertical integreation, how will consumers have a voice? no competition really. Alex: standards bodies, costs to join, not open to press but should be (CPTWG). Don't want to put this in hands of politicians. Companies' solutions and standards not always appropriate. Hal: competition is for attention. People will look elsewhere, threat to incumbents. Hal Abelson, MIT to John: will XrML be available on royalty-free basis (MS doen't own it), reasonable and non-discriminatory terms? MS is backing a standard that is not necessarily royalty free. Pam Samuelson: patents on DRM technologies (intertrust, content guard), competition and innovation (Intertrust bought by Sony/Phillips), as to open source developers or smaller players? Dave F: interesting battles, big problems, lots of patents aren't worth paper they're written on. More than two with patents, old tech as prior art. John M: intertrust/MS being sued, can't talk about that, Doesn't think Content guard is in suit, publishers will decide but it's gotta settle down first. MS is minority share in Content guard. Don't know what else to say, will muddle through. Lucky G: patents intended to prevent competitors competing. Underlying tech, open source generally works on open licensing models, not compatible. Patent comes to mind: Palladium (now called something else), MS has stated developers could use but no public stmt as to open licensing to open source model. John M: technology is not based solely on that patent, MS has not announced any licensing offers. From floor: questions related to trusted computing, wrapping data objects, unavailable to competitors, increase security level but tension between policies and strength... what's going on? Lucky: mumbled. from floor: why didn't Lucky ask why no interop w/ RN servers? Alex: investments in server, ads, controls, siphoning off by others. from floor: HDTV & RN? concern for legacy devices, broadcast digital signal, narrow concerns, failure by FCC, intervention/disruption by Internet, Tauzin's concern for broadcast flag, but no longer in time w/ consumer demands. Farber: more complicated than that. What they wanted was digital TV, broadcast industry would use it for something else.  ¶ 11:08 AM 0 Comments Links to this post

  DRM conf, Friday morning, session 1

Will decrypt asap. For now, raw notes... (claim to fame: first online w/ these notes!)

DRM, session 2

DRM as an enabler of business models

>
• Carl Shapiro, Haas School of Business, UC Berkeley (moderator)
• David Reed, Cable Labs
• Allan Adler, Association of American Publishers
• Bob Blakley, IBM Corp.
• Donald M. Whiteside, Intel Corp.
• Cary Sherman, Recording Industry Association of America
• Lon Sobel, Entertainment Law Reporter (paper on ISPs as digital retailers)
• Sarah Deutsch, Verizon Communications

Panel 1: Gary (Hass) intros

Lon: distribution-based copyright scheme, royalty rates set by copyright owners, watermarked w/ info about who's to be paid, etc. If stripped of watermark, use fingerprints. ISPs compute and collect/distribute fees. Motivations: get copyright owners paid, keep gov out of legislating manner of tech design. Would allow P2P w/out concern for legislation. Last session's Hollings bill would have required mfgrs to build DRM in to technology; current session FCC's broadcast flag bill is very similar. Business model: ISPs mark up copyright fees? Also retail stores that distribute (examples: bookstores, record stores mark up 100%, etc.) Darknet; Microsoft? Would hammer hardware lifespan if DRM were in technology. Would increase value of broadband. Problems include copyrighted spam, would require ISPs to know exactly what we're doing (invasion of privacy) but get over it, this is 2003, credit card companies know where you are, this is incrimental; see his paper.

Don Whiteside, Intel: exploring new biz models for digital media. Internet changes everything: internet is one of multitude of disruptive techs... panel about disrupting/creating business models: how consumers use media. Consumers don't know what fair use, but know what customary use is about: I can therefore I should be able to. Societal ethics and morality evolves separate from law. DRM as biz enabler: strategic inflection point created by disrupting; common element as to which path. Shareholders, distribution partners, customers are elements. Recording and movie studios trying to keep life in existing model; but choice is available. Small, nimble companies will, incumbents should explore their relationship with customers. Won't happen overnight, but incumbents may lose their consumers. Role of DRM: protection mechanism (to protect existing biz models), but tech companies don't view their work this way; new control and choices enabled by DRM. Cross industry efforts trying to develop solutions.

Carey Sherman, RIAA: need to continue selling Cds (can't 'just stop selling them, can't just encrypt or market would disappear. Need new players, will take time. Format wars in evolving technology, online is tiny market, consumers think the music should be free. Uncontrolled file sharing, CD burning (giving away and selling) which has collateral effect of street piracy around the world and burners included in new tech, burning replaces purchases. Double-digit decline, complicated rights situation, but they're only one part of a web of rights holders, all parties need to buy into schemes. No one attitude among companies, most widely held: consumers should be able to copy, can't give away or sell copies (commercial expectations). Strategies: companies are pursuing multiple, concurrent approaches: get online w/ as many distribution models as possible. Obstacles: PressPlay (req'd subscription), improving steadily. Identifiers, messagers, to facilitate copyright enforcement. Fair use balanced w/ distribution; vendors keep improving but not good enough for commercial release. Pre-compressed files for computers but can't use on Cds, but need to have compliant devices to prevent piracy.  Personal use copies allowed but can't protect against burning the burned. Add value: bonus tracks, free DVD w/ CD, concert tix, merchandise, other pricing strategies. Make P2P systems less attractive (spoofing). Incentives to companies (ISPs) to prohibit downloading & dis-incentivize P2P. Education, enforcement against consumers. Industry transitioning concurrently w/ artists & customers, lot of moving parts.

Sarah D, Verizon: Trade assns still pursuing old ways, role of 3rd parties? Blame rather than content partners, looking for incentives, wanting to grow DSL thru content development (they don't profit from P2P). Service providers not to interfere w/ standards re: DRM technologies, no substantial costs or burdens on network, talks not yet begun, just attacks (litigation, legislation, ...) Service providers all seeing liabilities. Verizon's case: RIAA sued for customer info on P2P, injunction to disable user. No files are on V's network. District ct's decision gives roving subpoena power: based on assertion, one-pg form loosely based on facts & IP address; has significant privacy implications, has already been misused. V claims unconstitutional if w/out case/controversy, but no requirement for lawsuit following subpoena. RIAA can use John Doe lawsuits, has other remedies but targeting ISPs & consumers. Ref to 18th amendment & similar solutions being used now. Darknet concludes shutting down will fail, must compete on own terms (convenience & low cost). Lon's compulsory license worth considering, has concerns.

RIAA: switching liability: not to hold ISPs liable but to go where infringing is occuring to enforce RIAA rights. No diff on burden to ISPs? Public policy on RIAA's side. Roving subpoena based on good faith belief.

Bob B, IBM: Security architecture is a failure? No, packet movement (ARPAnet design goal), sum of all fears is redistribution”; sum of all hopes is to have cheap,easy distribution (and re-distrib). New technologies for DRM & failure modes: alternate reality: you get what you ask for? Based on enabling rights, rights have value. Does your DRM discourage retail? (prices new & used) Does it raise inventory cost? (regional modes v all-region models)? Mass customization w/ DRM at the last second v all rights for all commodity? Exchange rates & process? Security limits lifespan? (help desks expensive). Privacy liabilities and/or discourage sales? Create niches for competitors? (ringtone trading on certain models). If rights have value, commodity potential? (comparison shopping, price pressure on rights owners until everyone grants all rights, then prices go down.) What if price goes down then tech goes obsolete?

David Reed, Cable labs: (diff book than listed in bio.) Cable industry: balance fair use w/ biz concerns to protect & enable biz models. Building infrastructure now including ports, set-top boxes, cable has proposed strategy for current but not future biz models. Inter-industry cooperation: set-top boxes via retail 2005, open cable requirement complicated by expectations, evolving standards (Consumer Electronics), licenses. Tauzin roundtables, discussions, one-way devices enabled: agreement reached. FCC rulemaking to follow. Encoding rules include DRM, 1394 IEEE plug (dig recording devices, dig (HBCP: high bandwidth copy protection), high host/descrambling devices: set-top box, host interface, connects to VR & TV, component analogs... Encoding rules: free-air broadcast copy once? Never? Does agreement support which biz models? FCC hearing to follow. Challenges: one/two way devices, rules for interfaces.

Allen A: contribution: persuade people to stop homoginizing interests & industries. Copyright never intended to be one-size-fits-all, esp in digital environment. Gov mandates that stifle innovation? Ebooks: minimal demand, book publishers recognized opportunity, offered risks of market failure, limitations of print not carried over to digital. Market harm ?? by DRM, but frustrated consumer expectations. Publishers don't make DRM, vendors focus on feasibility v own missions of convergence & convenience. Publishers don't deal with consumers, not part of DRM conversation. Joe Krause's website. Tech vendors, standardization projects offer help to facilitate products' usefulness. Strong consumer prefs: do same w/ ebooks as print books, but once introduced to enhanced uses, they won't settle for less. Regulatory interference in nascent marketplace: gov tech mandates. Consumers unwilling to forgo expectations of traditional copyright use rules. Evolving w/ competition across industries, platform shifting & as affirmative rights of customer choice. Ability of users to access on many devices is important, should be addressed in biz plans, should accommodate fair-use doctrines.

Sarah: on Lon's work: compulsory license (via congress)? Do you want to turn ISP into tax collector? Common carrier status, flat fee system, wary of technology issues & circumvention possibilities, end-user billing system is really ambitious! Charges based on bits, prices, etc (world's most complicated business system, big brother mining watermarking, fingerprinting)

Lon: yes, really compulsory, exemption for ISPs & service providers. Mandatory retailers, yes; trade-off for ready access for consumers. Not proposing every copyright owner demands payment (spam) or per-use copyright fee. Pop-up notices give opportunity to decline royalty. Billing: asking a lot of computers but he talked w/ vendors & was assured that those companies could provide this kind of system. Keyword: vendor. Things available today, does not require new technology, just perfection of it. Preferable to impose blanket license fee on ISP customers, royalties flow into a pot, generalize according to sampling (ASCAP, BMI), probably not attractive to copyright owners, everything doesn't have same value (Photoshop v one 49 cent song). Blanket license, assigned values, etc. would not happen in his career.

Bob on Lon's points: be skeptical of vendors claims. 3 generations of payment and micropayment systems. Billing systems are difficult, real actual money disappears. Watermark is additional fee. (hacker-type thoughts as circumvention model.)

Wi-fi might distroy system: transmitter at Starbucks: Lon's response: define ISPs including last-in-line to downloaders to be retailers (Starbucks won't). Unauthorized distribution goes to consumers unreasonable beliefs, follow PO box.

Tech, legal, business uncertainties.

BREAK.  ¶ 10:46 AM 0 Comments Links to this post

  Digital Rights Management conference in Berkeley

The URL to this conference is http://www.law.berkeley.edu/institutes/bclt/drm/--where you'll find the correct spelling of the speakers' names, their bios, the program, etc.

These notes correspond to the slides that were shown on the Tutorial day. Slides will be available in a couple of days, but for now...

Barb intro: intro do DRM tech & apps, contrarian view (Drew), Policy & rights expression on trusted platforms (Brian), panel discussion

infrastructure w/ cooperating pieces: encryption, authentication, secure execution

encryption w/ symmetric cyphers, hard to do on large scale; keys wrapped in package like other key (in another key): shared secrets

authentication (legal: privacy): content, device, user; level of tech trust (see slides, incl Brian on devices), “secure execution environments” includes closed hardware systems (not many ports in back), software analog includes trusted systems w/in open environment

DRM Taxonomy: smarter as you go down chart (forensic); in auditable form (NetIntelligence: fingerprints on website). Encrypted content + compliant devices concerned w/ theft of content/service. Labeled content: unauthorized copying, based inside of content (copy once, copy never, copy ok); permissions-based can include others, uses a “rights language” that machines can deal with such as Sample Rights slide.

Threats are theft of services or content; one of many layers of trust and how things work. Digital content = a replica, technology is working against content owners (?).

Drew: Copyright isn't just about keeping secrets (Bob's computer keeps secrets from Bob); questions for lawyers about ownership, responsibility for action w/out knowledge.

Closed design (Ross Anderson's paper): security is riddled w/ failures. Games as development: develop, broken and fix, repeat; process requires credentials to be taken seriously. When things are open... (slide), certain laws drive work underground. (we may never know, hurts everybody)

Watermarks used as tracking devices: usage, metadata, DRM enforcement (Fragile v robust, challenges are different). Code obfuscation for security: immature field, no uniform defs of problem

Paradox: most secure for mass market items (no Macrovision for Harry Potter DVDs, experiment in copying?) DRM companies researched market research reports (high price), publishers not interested. Risk of problems was unacceptable, problems solved by non-tech means.

DRM will fail from consumer pocket vetos. Critics have problems w/ tech too— and they tell people.

Brian: Policy & rights... policy w/ content: rights expression languages and Trusted Computing Platform Alliance/Next Gen Secure Computing Base

Content protection is done thru encryption, but actions via policy (does it allow certain actions). Authoring & evaluating policy expressions, projecting policy remotely. Meta rights, specific or delegated rights, characteristics; interoperable (XML-based). Doesn't deal w/ enforcement (remote device behavior). Issuer, principal, right, resource,condition. (slide 8, 9)

Copyright = liability-based, DRM doesn't recognize fair use (libraries).

Evaluating policy expressions traveling w/ content. Kernel & user modes v Standard or Trusted modes. (15: NCA = Nexus computing agent)

---

Pam, session 2

copyright: reproduce, derivatives, copies... (slide 3)
Universal City Studios & Disney v Sony: betamax VCRs decision
low-cost circuits to read broadcast flags (older origin); fair use allowed thru copies, but Disney claimed that they weren't making transformative use, just consuming, called it infringement. (1984 USSC held substantial non-infringing uses were ok (Mr Rogers), fair use covers time shifting (private, non-commercial copies assumed to be fair use), construe in light of purpose of law (as to changes in tech)

Aftermaths:

Vault v Quaid (5th Circ), slide 6

DAT and sound recording industry, slide 7
Audio Home Recording Act (taxes on DAT machines & tapes, RIAA v Diamond Multimedia). Provision in AHRA (slide 8): exemption for user copying, tax (above), anti-circumvention technology introduced

Inter-industry consortium (slide 9) and CSS (Content Scramble System) embedded technology, license due to patents

DMCA (slide 10), WIPO Copyright Treaty (doesn't say how to implement, left up to countries)

DMCA: copyright infringement detected (1202), 1201(a)(1)(A): protects access to works, exceptions (slide 14, esp f, g, j)
In 1201(g): conditions for encryption research (slide 15) exceptions, (can make one kind of tool but not other kind of tool?)

LOC (library of congress) Rulemaking (slide 16), Rights unaffected (limitations not meaningful) slide 17.

Anti-device provisions (18, 19, subsections are same) 7 statutory exceptions, only 3 allow making a tool. Courts have not addressed if implied use to make a tool, or did congress make a meaningless rights (20 - 2nd mandate)

Realnetworks: who can bring a lawsuit? Law was to protect copyright holders, here found RN had standing.

DMCA and anticompetitive uses (26), Dan Burk UCLA L Review covers DMCA misuse (Gamemasters)

Corley & DeCSS (28): public circumvention of tool in violation of (a)(2); not created for interoperabilty, prevented from raising the defense (journalist doesn't have standard to raise that defense). F only covers interop programming, not data.
Functionality not protected in code as speech, here functionality not 1st A violation.

Fair use: 1201 not copyright but is entirely new protection (31), under Title 17 w/ copyright. Case followups (-34). Failed claims (-39). Challenges (watermarks don't use encryption, Felten et al, -41)

Cases pending: Edelman v N2D2, 321 Studios v MGM (backup DVDs), Davidson v Internet Gateway (blizzard network), Lexmark v Static Controls (print cartridges), Chamberlain v Skylink (garage door openers) (42, 43)

LOC = library of Congress exemption (rulemaking material on web) (44-45)

EU Copyright sometimes more restrictive, circumvention disallowed for encryption research; more generous to users as to exercise rights to exceptions (but doesn't say how to implement via member states. 46)
Finland proposed exception to get around country code.
Japan: anti-tools, no anti-acts
China: acts regulated but not tools
Australia: regulated tools, knowledge requirement, exception for intent

Kabushiki Kaisha Sony Computer Entertainment v Stevens: region coding not a protection (mod chips not illegal)
Sony v Channel Technology

Lots of US Legislative/Policy initiatives include:
S 2048 (Hollings Bill, 51+, embed tech in all devices, criminal & civil penalties, piggybacks on DMCA; one standard for encryption: CSS), from last leg session, probably not this year

Broadcast flag (54+): how many devices does this affect? Does FCC have jurisdiction? Also other efforts (56)

Consumer protection: no legislation about surveillance or other privacy issues that DRM tech proposes, right to circumvent PII collection by tech, but only applies if no warning given (DMCA, 57), LOC rulemaking

Boucher/Doolittle, HR 107, requires labeling (58) & reforms DMCA, Wyden also thinking of introducing labeling bill. Boucher amendments.

HR 5522, Lofgren-Honda bill, (B/D & L/H bills current 107th Congress) goes to fair use (59),

Slide 61: DRM [and/or/vs] law gives ways to conceptualize DRM: enforcement, alternative to copyright, override the law or law can control DRM

Questions:

merging access & copy controls, right to circumvent broken access control is NOT in statute.

1202: unclear relationship between Hollings & 1202, copyright protections & penalties in 1202. Expansion of Byden bill: strict ....

Computerized voting: no exception in DMCA for voting systems anti-circumvention activity to determine fraud, analyze virus, etc.
N2D2: act of reverse engineering to learn more about software

safe harbor provisions for ISPs don't apply to DMCA. P2P networks don't qualify for safe harbor? Before the court now.  ¶ 9:44 PM 0 Comments Links to this post