February 2003 Public Policy Computer Graphics Column

Introduction

Laurie Reinhart

In this issue we cover two subjects of special interest to the graphics community: Bob Ellis and Myles Losch review issues raised by the Consumer Broadband Deregulation Act (S.2863) introduced by Senator McCain, and then Myles Losch reports on the "2002 ACM Workshop on Digital Rights Management".

Comments on the Consumer Broadband Deregulation Act (S.2863)

Bob Ellis
Myles Losch
November 2002

Sen. McCain of Arizona has introduced this bill that would prohibit all government entities from any form of regulation of residential broadband Internet services. It would do this by amending the Communications Acts of 1934 and 1996 by adding a new title: "FREEDOM FROM REGULATION: Except as provided in subsection (c), neither the Commission [FCC], nor any State, shall have authority to regulate the rates, charges, terms, or conditions for the retail offering of consumer broadband service." This far-reaching provision would essentially prohibit any requirement for open access or alternative providers of such services.

The SIGGRAPH Technology Policy Program has been following broadband policy for some time (http://www.siggraph.org/pub-policy) because these services are of critical importance to computer graphics researchers and practitioners. The delivery of graphical data and graphically augmented user interfaces are highly dependent on the widespread deployment of broadband.

While we believe that a competition-friendly environment for broadband is best for rapid deployment, Sen. McCain's legislation basically ignores the fact that the Internet is an essential medium for the delivery of protected speech and not primarily an entertainment medium. For example, the opinion of the special three-judge federal court in Philadelphia that first rejected the (1996) Communications Decency Act called the Internet "... the most participatory form of mass speech yet developed..." -- as lately proved yet again by the 'blogging' phenomenon.

Under S.2863 your cable or DSL Internet service provider would be under no obligation to even serve up Bob Ellis's website, much less do it swiftly! Cable companies in particular are oriented to providing only those channels where they have a defined business relationship (pay for play).

Telecommunications regulation is a complex subject and not one that many computing professionals have much knowledge of (except perhaps when their state commission approves rate increases!).

But there is a simple solution. Dial-up telephone service is designated as a common carrier service. This means that the providers must transmit in an expeditious and nondiscriminatory manner all messages presented to them. In exchange, the service providers have immunity from criminal and civil prosecution and lawsuits regarding the messages they carry. In other words, you can't go after the phone company because people used it to plan a crime or civil violation.

Note that common carriage does not mean that all customers would have to be treated equally. Different levels of service could be provided based on price, much as the USPS (and other carriers) offer different levels of service. But for any given service all customers (including information providers) would have to be treated equally.

Providing immunity to the carriers would also upset those with special interests such as litigation and copyright owners who would like to be able to go after the carriers.

We believe the simple solution to providing protection for speech over broadband Internet services is to make them common carrier services. Note that this may impact the current terms of service agreements used by many service providers in their 'click-wrap agreements,' which purport to forbid a broad range of unwanted online behavior, much of it arguably legal but offensive. These terms include, but are not limited to: bans on [alleged] 'flaming,' harassment, IPR violations, open mail relays, reverse engineering, hacker-like conduct, etc. Often, the supposed harm is to non-customers of that ISP. In contrast, about the only reasons one could be denied basic telephone service would be for (1) non-payment / theft of service, *or* (2) causing technical harm to the carriers network.

Among the more salient business policy issues raised by common carriage is the conflict between that and (e.g.) some cable TV operators' practice of limiting the size of Internet downloads because of perceived competition between online movies and cable TV's premium-priced movie channels. But again, issues like this as well as so-called "bandwidth hogs" can be handled by providing different service plans.

But these issues aside, we believe that there are strong reasons and precedents for designating broadband Internet services common carrier services.

One of us (Ellis) is a constituent of Sen. McCain's and plans to contact his office regarding this legislation. In the past, the ACM Washington office has been helpful in finding information on telecommunications issues. This offers us an opportunity to involve the Washington office if USACM is agreeable. We believe it is time for USACM to start promoting the concept of common carriage for broadband Internet services.

2002 ACM Workshop on Digital Rights Management

Myles Losch

"Digital Rights Management" (DRM) is a generic term for technologies meant to provide copyright owners with control over the use of their digitized information (including, but not limited to, recordings of audiovisual entertainment). In 2001, ACM SIGSAC (q.v.) founded an annual workshop on DRM, linked to that SIG's conference series on Computer and Communications Security.

For SIGGRAPH members, DRM's relevance lies in its current and prospective use with books, music, movies, etc. offered commercially to the public. Having attended both ACM DRM workshops, this reviewer comments below on the most recent one (http://crypto.stanford.edu/DRM2002/).

Of the dozen papers from industry and academia that were presented at DRM2002, four (plus an invited talk from Microsoft [MS]) seemed most interesting for SIGGRAPH readers. The first of these was a talk on 'DRM Challenges' by MS' Brian LaMacchia, which touched on his firm's 'Palladium' secure operating system development project (discussed in this column's November, 2002 edition (http://www.siggraph.org/pub-policy/CGColumn-11-2002.html).

The timing of Dr. LaMacchia's presentation was apt, given the announced plans of Intel and its rival Advanced Micro Devices to build TCPA-type features (conceptually related to Palladium, and also noted here in November 2002) into their personal computer microprocessors, beginning as early as the first quarter of 2003. The result will be a new generation of PCs, designed to hide information not only from intruders and unauthorized 'insiders' (e.g. in a business), but also -- and more controversially -- from these machines' owners.

LaMacchia asserted that "... [t]he most pressing concern today for the DRM industry is, by far, the lack of 'trustworthy computing devices,' by which I mean computing devices whose behavior is defined, understood and acceptable to all parties in a content transaction ..." Past editions of this column have observed, however, that for consumers the acceptability of locked-down machines like those he favors is in some doubt.

To this non-lawyer, such hardware raises significant policy questions that have received little public scrutiny, other than by computer security experts. For example, proponents say that the new 'trusted' PCs can create encrypted documents and other files incapable of being printed or digitally stored in open formats, and processable only on the computer that created them. Thus the failure, loss or destruction of that computer would also destroy access to its secure data, even if backed up elsewhere.

Diarists like former U.S. senator Bob Packwood might value such machines, while lawyers seeking evidence would presumably differ. Another set of questions concerns liability: who can be held accountable if harm flows from the use of a computer, whose contents and operation are (by the chipmakers' design) opaque to the machine's owner?

But Dr. LaMacchia did not address such issues; not being a lawyer, he was perhaps wise to avoid them, in favor of more congenial security-policy questions. He did note, though, that an important challenge for DRM (e.g. in the entertainment industry) is U.S. copyright law, which has few easy-to-program 'bright line' rules defining what the public may and may not legitimately do with content they have paid for. LaMacchia regretfully observed that such decisions are instead made case-by-case in the courts, a tradition that (some copyright experts say) is however a vital safeguard against what could otherwise become a legal straitjacket on creativity.

Turning to the DRM2002 paper presentations, one by Princeton University computer science researcher John A. Halderman analyzed the current anti-copying technologies for audio compact discs. He concluded that "... these schemes are harmful to legitimate CD owners and will not reduce illegal copying in the long term, so the music industry should reconsider their deployment." Among Halderman's findings was that these techniques rely in part for what effectiveness they have, upon bugs in the design and firmware of existing optical disc drives -- bugs that can and will be removed by vendors.

One of the most creative papers at DRM2002 was by a pair of researchers from the University of California at Berkeley (Boalt Hall law school): student Aaron Burstein and Prof. Deirdre Mulligan. They explored how "rights expression languages" used with DRM systems, could be extended to better address concerns (like those of Dr. LaMacchia) about compatibility with copyright laws. First Sale, the Public Domain, user privacy and more are considered.

For Fair Use, bidirectional communication with a neutral arbiter (an online quasi-court, at least partly automated) could buffer the tensions between user and rights-holder interests. And to better model U.S. law, the authors would replace permission-based logic (in which uses not explicitly allowed, are blocked) with its opposite: a denial-based approach.

The two remaining papers discussed here are from Microsoft, and perhaps atypical for that firm. One (by Peter Biddle, Paul England, Marcus Peinado, and Bryan Willman) was "The Darknet and the Future of Content Distribution." Darknet is the authors' term for the means used to share digital content, and they conclude that it has not only thrived, but that despite setbacks, "... ultimately the darknet-genie will not be put back into the bottle..." That is because (as one author told a questioner) "Techies are more creative and faster-moving than lawyers."

Whether or not that perspective has contributed to his employer's antitrust difficulties, is for others to judge. In any case, the paper closes with an optimistic assessment of business prospects for online content sales, if content vendors recognize that "... increased security (e.g. stronger DRM systems) may act as a disincentive to legal commerce..." And like others who spoke at the workshop, the authors also saw a brighter future for DRM in workplace computing than in other (e.g. consumer) markets.

The final Microsoft paper (by researchers Darko Kirovski and Fabien Petitcolas) demonstrated a method of successfully attacking arbitrary content-watermarking systems. Consistent with Prof. Edward Felten's results at Princeton Univ. (that put him in legal conflict with the recorded music industry), this research supports the pessimism of the 'Darknet' paper (above) regarding entertainment industry efforts to both 'close the "analog hole"' and technologically block online file-trading of copyrighted works.

While such findings will hardly end attempts to enact ever more dubious and restrictive laws, in time they may contribute to greater realism in business planning as well as in the shaping of public policy.