2002 ACM Workshop on Digital Rights Management
[ Top of Page ]
[ Introduction ]
[ Comments on the Consumer Broadband Deregulation Act (S.2863) ]
[ 2002 ACM Workshop on Digital Rights Management ]
"Digital Rights Management" (DRM) is a generic term for technologies meant
to provide copyright owners with control over the use of their digitized
information (including, but not limited to, recordings of audiovisual
entertainment). In 2001, ACM SIGSAC (q.v.) founded an annual workshop on
DRM, linked to that SIG's conference series on Computer and Communications
For SIGGRAPH members, DRM's relevance lies in its current and prospective
use with books, music, movies, etc. offered commercially to the public.
Having attended both ACM DRM workshops, this reviewer comments below on the
most recent one (http://crypto.stanford.edu/DRM2002/).
Of the dozen papers from industry and academia that were presented at
DRM2002, four (plus an invited talk from Microsoft [MS]) seemed most
interesting for SIGGRAPH readers. The first of these was a talk on 'DRM
Challenges' by MS' Brian LaMacchia, which touched on his firm's 'Palladium'
secure operating system development project (discussed in this column's
November, 2002 edition
The timing of Dr. LaMacchia's presentation was apt, given the announced
plans of Intel and its rival Advanced Micro Devices to build TCPA-type
features (conceptually related to Palladium, and also noted here in
November 2002) into their personal computer microprocessors, beginning as
early as the first quarter of 2003. The result will be a new generation of
PCs, designed to hide information not only from intruders and unauthorized
'insiders' (e.g. in a business), but also -- and more controversially --
from these machines' owners.
LaMacchia asserted that "... [t]he most pressing concern today for the
DRM industry is, by far, the lack of 'trustworthy computing devices,' by
which I mean computing devices whose behavior is defined, understood and
acceptable to all parties in a content transaction ..." Past editions of
this column have observed, however, that for consumers the acceptability of
locked-down machines like those he favors is in some doubt.
To this non-lawyer, such hardware raises significant policy questions that
have received little public scrutiny, other than by computer security
experts. For example, proponents say that the new 'trusted'
PCs can create encrypted documents and other files incapable of being
printed or digitally stored in open formats, and processable only on the
computer that created them. Thus the failure, loss or destruction of that
computer would also destroy access to its secure data, even if backed up
Diarists like former U.S. senator Bob Packwood might value such machines,
while lawyers seeking evidence would presumably differ.
Another set of questions concerns liability: who can be held accountable if
harm flows from the use of a computer, whose contents and operation are (by
the chipmakers' design) opaque to the machine's owner?
But Dr. LaMacchia did not address such issues; not being a lawyer, he was
perhaps wise to avoid them, in favor of more congenial security-policy
questions. He did note, though, that an important challenge for DRM (e.g.
in the entertainment industry) is U.S. copyright law, which has few
easy-to-program 'bright line' rules defining what the public may and may not
legitimately do with content they have paid for.
LaMacchia regretfully observed that such decisions are instead made
case-by-case in the courts, a tradition that (some copyright experts say) is
however a vital safeguard against what could otherwise become a legal
straitjacket on creativity.
Turning to the DRM2002 paper presentations, one by Princeton University
computer science researcher John A. Halderman analyzed the current
anti-copying technologies for audio compact discs. He concluded that
"... these schemes are harmful to legitimate CD owners and will not reduce
illegal copying in the long term, so the music industry should reconsider
their deployment." Among Halderman's findings was that these techniques
rely in part for what effectiveness they have, upon bugs in the design and
firmware of existing optical disc drives -- bugs that can and will be
removed by vendors.
One of the most creative papers at DRM2002 was by a pair of researchers from
the University of California at Berkeley (Boalt Hall law school): student
Aaron Burstein and Prof. Deirdre Mulligan. They explored how "rights
expression languages" used with DRM systems, could be extended to better
address concerns (like those of Dr. LaMacchia) about compatibility with
copyright laws. First Sale, the Public Domain, user privacy and more are
For Fair Use, bidirectional communication with a neutral arbiter (an online
quasi-court, at least partly automated) could buffer the tensions between
user and rights-holder interests. And to better model U.S. law, the authors
would replace permission-based logic (in which uses not explicitly allowed,
are blocked) with its opposite: a denial-based approach.
The two remaining papers discussed here are from Microsoft, and perhaps
atypical for that firm. One (by Peter Biddle, Paul England, Marcus Peinado,
and Bryan Willman) was "The Darknet and the Future of Content
Distribution." Darknet is the authors' term for the means used to share
digital content, and they conclude that it has not only thrived, but that
despite setbacks, "... ultimately the darknet-genie will not be put back
into the bottle..." That is because (as one author told a questioner)
"Techies are more creative and faster-moving than lawyers."
Whether or not that perspective has contributed to his employer's antitrust
difficulties, is for others to judge. In any case, the paper closes with an
optimistic assessment of business prospects for online content sales, if
content vendors recognize that "... increased security (e.g. stronger DRM
systems) may act as a disincentive to legal commerce..." And like others
who spoke at the workshop, the authors also saw a brighter future for DRM in
workplace computing than in other (e.g. consumer) markets.
The final Microsoft paper (by researchers Darko Kirovski and Fabien
Petitcolas) demonstrated a method of successfully attacking arbitrary
content-watermarking systems. Consistent with Prof. Edward Felten's results
at Princeton Univ. (that put him in legal conflict with the recorded music
industry), this research supports the pessimism of the
'Darknet' paper (above) regarding entertainment industry efforts to both
'close the "analog hole"' and technologically block online file-trading of
While such findings will hardly end attempts to enact ever more dubious and
restrictive laws, in time they may contribute to greater realism in business
planning as well as in the shaping of public policy.