Is the Idea of Fair Digital Rights Management an Oxymoron? The

Royal Holloway Series Fair Digital Rights Management Fair digital rights management HOME

THE BIRTH OF DIGITAL RIGHTS Is the idea of fair digital rights management an oxymoron? The MANAGEMENT music industry has been turned upside down by the Internet, and UNFAIR DIGITAL RIGHTS has tried various methods to protect its profits. But many of its MANAGEMENT actions have been either futile or heavy-handed. Christian Bonnici A DIGITAL RIGHTS and Keith Martin examine various approaches to see which would DILEMMA be most effective and fair to all parties. A COMPROMISE SOLUTION

CONCLUSION

REFERENCES

1 Royal Holloway Series Fair Digital Rights Management

HERE ARE FEW issues more provocative than that THE BIRTH OF DIGITAL of the management of rights to digital content. RIGHTS MANAGEMENT For some consumers the internet is seen as an We will frame our discussion around music HOME Tagent of digital freedom, facilitating free and media, which is one of the most high profile types THE BIRTH OF easy access to digital content such as music and of digital content. FIGURE 1 (page 3) shows a sim - DIGITAL RIGHTS films. For some digital content providers the ple timeline indicating some of the milestones in MANAGEMENT internet has been seen as a technology that has the development of music media. The publication UNFAIR damaged their ability to earn money from selling of the MP3 music compression algorithm in 1991 DIGITAL RIGHTS their products. represents the most significant development with MANAGEMENT The solution to providers’ fears has been vari - respect to digital rights to music media, and this A DIGITAL ous attempts to control access to digital content event is pivotal to our discussion. RIGHTS through the use of technology such as digital Prior to 1991, the speed, quality and cost of DILEMMA rights management systems. But such systems music replication, distribution and storage A COMPROMISE often restrict the very basic rights that a con - arguably presented an appropriate balance SOLUTION sumer expects from purchased content, such as between the music industry’s copyright rights the right to make private copies or lend content and consumers’ fair use rights. For example, it CONCLUSION to a friend. was easy for consumers to fairly replicate a tune In this article we discuss the dilemma at the for personal use. Consumers would purchase a REFERENCES heart of the debate about digital rights manage - Long Play (LP), Music Cassette (MC) or Compact ment and ask whether it is possible that solutions Disc (CD) and only required access to a low cost can be found that are acceptable to all parties. Is MC recording module in order to make a copy. 2 it possible to have fair digital rights management? The illegal mass replication and transfer of pirate Royal Holloway Series Fair Digital Rights Management copies required expensive arrangements such as storage device cost reductions, and the emer - access to high quality recording equipment and gence of Peer-to-Peer (P2P) networking. These costly logistical arrangements. Prior to 1991 it can developments have pushed the balance between be argued that we had fair music media rights the music industry’s copyright rights and the con - management. sumers’ fair use privileges beyond the boundary However, since 1991 several technological of acceptability of the music industry. In other developments have contributed to making illegal words, we now have the potential for unfair digital replication, storage and distribution processes rights management. Unfair, that is, to providers. accessible to virtually everyone. These include This imbalance led to an era of Digital Rights HOME the development of the MP3 algorithm, the prolif - Management (DRM), which refers to any tech - THE BIRTH OF eration of the internet, bandwidth expansions, nology that does “ … everything that can be done to DIGITAL RIGHTS MANAGEMENT

UNFAIR FIGURE 1 DIGITAL RIGHTS MANAGEMENT TIMELINE OF PREVALENT MUSIC DISTRIBUTION MEDIA AND TECHNOLOGIES A DIGITAL RIGHTS DILEMMA

A COMPROMISE SOLUTION

CONCLUSION

REFERENCES

3 Royal Holloway Series Fair Digital Rights Management define, manage, and track rights to digital content” environments, many users are likely to own [1]. These technologies have taken different more than five devices on which they might approaches towards addressing the perceived potentially want to listen to music media that imbalance but, as we will shortly discuss, almost they have purchased. all have proved highly unpopular with consumers, who have seen them as providing unnecessary I Music sharing. Bob is unlikely to be able to restrictions on the basic rights that they feel they share his tune with a friend, which is some - are entitled to when owning music media. Thus thing he was able to do with all music media there are many who would claim that these prior to 1991. HOME schemes also provide unfair digital rights man - THE BIRTH OF agement. Unfair, now, to consumers. I Onward selling. Bob is unlikely to be able DIGITAL RIGHTS to sell his tune once he has finished with it, MANAGEMENT which is again something he was able to do UNFAIR UNFAIR DIGITAL RIGHTS MANAGEMENT prior to 1991. DIGITAL RIGHTS Until January 2009, the most prevalent DRM MANAGEMENT regimes supporting online music stores such as It would seem very reasonable that consumers A DIGITAL iTunes were ex-ante based DRM systems. By this such as Bob should be allowed to perform all RIGHTS we mean that they provide the music industry these actions. DILEMMA with the means to control how music media Indeed there are established doctrines to back A COMPROMISE should be consumed in an a priori fashion. this up. Within jurisdictions controlled by the SOLUTION For example, if Bob legally purchases the Guns World Intellectual Property Organisation (WIPO), N’ Roses’ tune “Chinese Democracy” from an copyright laws are likely to endorse a doctrine CONCLUSION online music store, the store is likely to restrict his which in the US is referred to as Fair Use and in use of it in a number of different ways: the UK as Fair Dealing. The doctrine’s underlying REFERENCES principles aim to create a balance between copy - I Device restriction: The tune is likely to be right rights and fair use exceptions by: restricted to about five devices. Given current 4 trends towards more ubiquitous computing 1. Enabling consumers of copyright protected Royal Holloway Series Fair Digital Rights Management material to flexibly use material in ways that pro - prove of ex-ante based DRM, they cannot do mote creativity, and the dissemination and appli - much to influence the exercising of DRM con - cation of its results, in ways that contribute to trols. As Cohen argued, “…market processes are economic and social development... not well suited to enable consumers to exert pos - itive, as opposed to negative, influence on the 2. ...while providing statutory expression to the design of technical standards. Consumers can moral and economic rights of creators in their refuse to buy, or can switch from one provider to creations and to the rights of the public in access - another, but there are no mechanisms to allow ing those creations. In other words, it is unrea - consumers to communicate as a prospective HOME sonable to expect that music content be made matter the precise level of functionality that they THE BIRTH OF available to all at zero cost. want…” [2]. DIGITAL RIGHTS Another reason is that the big four music dis - MANAGEMENT Thus ex-ante based DRM systems enforce tributors are currently in control of the physical UNFAIR contracts in ways that actually breach the WIPO music distribution market, which constituted over DIGITAL RIGHTS ideologies. This is definitely unfair DRM. 80% of the total music market revenues in MANAGEMENT 2007 3. This is possible because they have the A DIGITAL ability both to promote the mainstream music RIGHTS WHY DID UNFAIR DIGITAL RIGHTS producers’ works on an international level, and to DILEMMA MANAGEMENT “PREVAIL”? support the investments required to mass repli - A COMPROMISE It might seem surprising that unfair DRM could cate music to tangible media to meet global SOLUTION be so easily imposed on online music consumers. demand. Consequently, although the proliferation It might also seem surprising that in the presence of the internet has provided the infrastructure CONCLUSION of such unpopular technology, the non-main - required for very low cost mass distribution of stream music industry was not able to gain com - music, any mainstream music producers holding REFERENCES petitive advantage by adopting business process - the privilege of being able to establish binding es that did not employ ex-ante DRM. There are contracts with major music distributors would several explanations. not opt out of these contracts in order to supply 5 Although online music consumers do disap - music to a digital market that constitutes only a Royal Holloway Series Fair Digital Rights Management small portion of global music sales [3]. by using microphones to record the output of Thus the music distributors have the power and protected music. autonomy required to decide through which of The situation is not helped by the uncertain the online music stores to conduct business. This approach adopted by the law. There is precedent implies that the success of online music stores is dependent on the participation of the music dis - tributors [4], since the music distributors hold Circumvention is also the rights over music produced by the main - stream music producers. Therefore the music dis - often possible through HOME tributors are in a strong market position that exploitation of the “analogue THE BIRTH OF enables them to control the evolution of the DRM DIGITAL RIGHTS technologies that are used for the protection of hole”, for example by using MANAGEMENT the digital music distributed online. microphones to record the UNFAIR DIGITAL RIGHTS output of protected music. MANAGEMENT A DIGITAL RIGHTS DILEMMA A DIGITAL FOR THE MUSIC INDUSTRY RIGHTS The music industry thus currently finds itself in to suggest that circumvention of ex-ante based DILEMMA an uncomfortable situation. It is aware that there DRM can be regarded by the law as being fair. A COMPROMISE is technology widely available that enables every - One example of such ruling is the decisions taken SOLUTION one to freely share music with everyone else for in the case of Jon Lech Johansen’s DeCSS soft - virtually no cost. It is also aware that consumers ware, a computer program capable of decrypting CONCLUSION not only do not like ex-ante based DRM systems, content on a DVD-Video disc encrypted using the but are able to circumvent today’s ex-ante based Content-Scrambling System (CSS) [5]. REFERENCES DRM systems quite easily. For example, DRM cir - After Johansen released DeCSS, he was taken cumvention software is often widely available. to court in Norway for computer hacking in 2002. Circumvention is also often possible through In the first trial in the Oslo district court in 6 exploitation of the “analogue hole”, for example December 2002 the defence argued that it is Royal Holloway Series Fair Digital Rights Management legal under Norwegian law to make copies of A further complication is that even if the law such data for personal use. Thus no illegal access adopted a strict position against DRM circumven - was obtained to anyone else’s information since tions, if at least one consumer professionally Johansen owned the DVDs himself. The verdict recorded legally-owned DRM protected music was announced in January 2003, acquitting using such techniques, it would probably not be possible to hold that consumer responsible. This is because current ex-ante based DRM systems Once a tune’s DRM do not employ watermarks or fingerprints to link actual records to consumers. Once a tune’s DRM HOME protection is circumvented, protection is circumvented, the tune may be THE BIRTH OF the tune may be widely widely distributed through one of the many exis - DIGITAL RIGHTS MANAGEMENT distributed through one of the tent channels without leaving traces of its origin. UNFAIR many existent channels with - DIGITAL RIGHTS TOWARDS DRM-FREE MANAGEMENT out leaving traces of its origin. MUSIC DISTRIBUTION A DIGITAL In 2009 the mainstream music industry seems to RIGHTS be moving in a “DRM-free” direction. Following DILEMMA Johansen of all charges. The Norwegian National long awaited agreements, iTunes, the most popu - A COMPROMISE Authority for the Investigation and Prosecution of lar online music store enjoying links with main - SOLUTION Economic and Environmental Crime (Økokrim) stream music distributors and producers, seems filed an appeal but Johansen’s second DeCSS trial to be ditching ex-ante DRM protection [7] [8]. CONCLUSION resulted in an acquittal in December 2003. Clearly iTunes is not able to ditch ex-ante DRM Økokrim did not appeal the case to the Supreme without the music distributors’ blessings, so this REFERENCES Court. In February 2008 Johansen launched dou - suggests a move by the distributors in the direc - bleTwist [6], a software tool which allows cus - tion away from DRM. tomers to bypass DRM in music files and convert This suggests a major swing in the DRM debate 7 files between various formats. back in favour of consumers, but potentially Royal Holloway Series Fair Digital Rights Management against creators of digital content. However, is with a 24 hour grace period [9]. Such a system this the right direction to move in? may be categorised into what may be referred to as ex-post based DRM since it employs monitor - ing and tracking mechanisms that enable human ALMOST FAIR DIGITAL judges to decide about the fairness of an opera - RIGHTS MANAGEMENT tion performed by a consumer after, not before, As stated earlier, for any system to conform to the WIPO ideology, it must both respect the moral and economic rights of creators in their For any system to conform to HOME creations (by enforcing copyright rights), and THE BIRTH OF enable the flexible use of copyrighted material in the WIPO ideology, it must DIGITAL RIGHTS ways that promote creativity (by enforcing the MANAGEMENT fair use exceptions to copyright rights). Therefore respect the rights of cre - UNFAIR it may be argued that given the existence of tech - ators, and enable the flexible DIGITAL RIGHTS nologies that facilitate mass illegal distribution of MANAGEMENT digital music, while on one extreme ex-ante use of copyright material. A DIGITAL based DRM fails to respect the consumers’ fair RIGHTS use rights, on the other extreme the complete DILEMMA lack of protection may actually fail to respect the the media operation actually occurs. This essen - A COMPROMISE creators’ copyright rights. tially shifts some power from the music industry SOLUTION One example of a DRM system for the protec - back to the copyright regime under the legal tion of music which seems to have been endorsed authorities’ control. CONCLUSION by the consumers is the system supporting the eMusic does not promise strong protection to eMusic online music store. This system employs the non-mainstream music industry’s copyright REFERENCES an acoustic fingerprinting technology that reads rights. In fact, it offers weak protection. For users’ files. Once a match with an eMusic song is instance, since it does not encrypt digital content, made, eMusic sends a Digital Millennium Copy - the system lacks the ability to keep unauthorised 8 right Act (DMCA) infringement notice to the user users from accessing the music. This also implies Royal Holloway Series Fair Digital Rights Management that the system cannot revoke access rights if Therefore it may be argued that eMusic does things go wrong. For example: present an interesting compromise between the competing needs of consumers and providers, I The system cannot implement a court’s ex- but probably does not offer adequate protection post decision that requires the revocation of a to the music industry’s copyright rights. consumer’s access to a particular tune.

I If an acoustic fingerprinting algorithm is com - LOOKING TO THE PAST FOR promised then all music “protected” by the FAIR DIGITAL RIGHTS MANAGEMENT HOME algorithm becomes vulnerable to attacks. No In order to find a more satisfactory compromise THE BIRTH OF key revocations can be implemented to con - solution, it is worth reconsidering the conditions DIGITAL RIGHTS tain the leakage, for example by requiring the that existed prior to the arrival of the MP3, MANAGEMENT tune’s re-download under the protection of a where we argued that a fair balance between UNFAIR stronger algorithm. content creator and content consumer rights DIGITAL RIGHTS was achieved. We suggest that a DRM scheme MANAGEMENT I If Mallory breaks into Bob’s network and ille - could be designed that replicates these condi - A DIGITAL gally transfers 10 gigabytes of legally pur - tions by: RIGHTS chased tunes to a remote location, then Mal - DILEMMA lory can illegally mass distribute the music 1. Allowing consumers to replicate, distribute A COMPROMISE knowing that any DMCA infringement notices and store music at costs of diminished quality, SOLUTION would be sent to Bob. But the system does slow replication and slow distribution. It might not encrypt the content, and therefore Mallo - also be the case that small monetary charges CONCLUSION ry does not require access to any decryption were made for these services. keys to access the content. This implies that a REFERENCES court might not be able to keep Bob or anyone 2. Ensuring that copyright holders would be responsible for such activity. In addition the unable to interfere with digital music consump - lack of encryption means that no key revoca - tion behaviour which a judge would or could rule 9 tions can take place to contain the leakage. as fair. Royal Holloway Series Fair Digital Rights Management

In such a scheme the consumers would be able uses occur. to consume the music content easily and sponta - One possible approach towards integrating neously within interoperable regimes, in ways such characteristics into a DRM scheme would similar to those of the pre-MP3 world. Also con - be to employ independent Trusted Third Parties sumers’ privacy rights would be respected in con - (TTPs) that are trusted by all the DRM stakehold - gruence with the relevant legislation, although ers, including consumers. These TTPs could be used to:

One possible approach 1. Implement policies related to the purchasing, HOME replication and distribution of music at a mone - towards integrating such THE BIRTH OF tary cost, and the replication, distribution and DIGITAL RIGHTS characteristics into a DRM storage of music at the cost of diminished quality, MANAGEMENT slow replication and slow distribution. UNFAIR scheme would be to employ DIGITAL RIGHTS MANAGEMENT Trusted Third Parties. EXAMPLE 1: A consumer Alice might transfer her usage rights on a tune to consumer Bob’s sys - A DIGITAL tem through the TTP at a cost. Such transfer RIGHTS would include transactions such as the tempo - DILEMMA this might imply a level of privacy infringement rary revocation of Alice’s rights, and the re- A COMPROMISE which may be higher than that incurred by con - watermarking and re-encryption of the original SOLUTION sumers in the pre-MP3 world. tune in ways binding the tune to Bob for a tem - Such a DRM scheme is likely to necessarily be porary period of time. CONCLUSION ex-post based, mainly because decisions about REFERENCES whether particular operations are fair or not are EXAMPLE 2: The TTP could store all transaction - based on ambiguous fair use legislation. Such al information and all encryption and decryp - ambiguity makes the taking of such decisions tion keys. Therefore, if a consumer should lose hard to automate, implying that decisions may all or some of his tunes and all his decryption 10 only be taken by human judges after particular keys, then the TTP could send all the tunes to Royal Holloway Series Fair Digital Rights Management

the consumer again, perhaps at a cost. transfer would include transactions such as the re-watermarking and re-encryption of a EXAMPLE 3: A consumer Alice might replicate a diminished quality tune in a manner that binds tune through the TTP at reduced quality. Such the resulting tune to Bob. Either Alice or Bob would pay for the replica through the TTP. FIGURE 2 2. Ensure that all communica - HOME DRM SCHEME OVERVIEW tions between different entities (as indicated in FIGURE 2 ) are THE BIRTH OF carried out securely in ways that DIGITAL RIGHTS respect and enforce policies MANAGEMENT regarding the consumers’ privacy. UNFAIR DIGITAL RIGHTS MANAGEMENT EXAMPLE: The TTP could compile and send non-privacy breaching A DIGITAL statistical information to the RIGHTS music industry in ways that DILEMMA enable the copyright holders to A COMPROMISE identify possible copyright SOLUTION breaches and, if necessary, take legal action. This process recog - CONCLUSION nises the legal authorities, and not any other DRM stakeholders, REFERENCES as the final decision makers about whether particular uses are copy - right breaching. 11 Royal Holloway Series Fair Digital Rights Management

CONCLUSIONS ABOUT THE AUTHORS The future of copyright protection for digital music media remains uncertain. As indicated in [7] and [8] it may be that we are on the verge of Christian Bonnici received a BSc in a digital music distribution revolution that will Computing and Information Systems and an end the dominance of physical music distribution MSc in Information Security, both from The in favour of DRM-free digital music distribution. University of London. However it would seem unlikely that the music His BSc and MSc research has focused on the industry can survive without some type of DRM establishment of DRM stakeholder require - HOME controls. It is clear that ex-ante DRM is not a fair ments for the protection of copyrighted music. THE BIRTH OF solution; however we have suggested that a look He is currently reading for a PhD at Royal Hol - DIGITAL RIGHTS at the past suggests the benefits of considering loway, University of London. His research cur - MANAGEMENT ex-post DRM solutions based on the balance that rently revolves around the interdisciplinary UNFAIR was in place prior to the invention of MP3. Fur - aspects of Privacy and Software Development. DIGITAL RIGHTS ther details concerning this discussion and our MANAGEMENT proposals can be found in [10]. A DIGITAL Prof. Keith Martin is a professor of RIGHTS information security at Royal Holloway, Univer - DILEMMA sity of London, with research interests in crypto - A COMPROMISE graphic key distribution problems. He teaches SOLUTION the Introduction to Cryptography course on the M.Sc. in Information Security at Royal Holloway CONCLUSION and was co-developer of the distance-learning version of the M.Sc. course. REFERENCES

12 Royal Holloway Series Fair Digital Rights Management

REFERENCES: [1] Rosenblatt B. and Dykstra G. Integrating Content Management with Digital Rights Management—Imperatives and Opportunities for Digital Content Lifecycles. White paper, Giantsteps Media Technology Strategies, 2003. [2] Cohen J. E. DRM and Privacy. Berkeley Technological Law Journal. [Online]. 2003. Vol. 18. (Georgetown Public Law Research Paper No. 372741) p. 575-617. Available from: http://ssrn.com/abstract=372741. [Accessed 15 January 2009]. [3] International Federation of the Phonographic Industry. Recorded Music Sales 2007 (physical, digital & performance rights revenues). [Online]. Available from: http://www.ifpi.org/content/section_statistics/index.html [Accessed 15 January 2009]. HOME [4] Fox B. “Fair Use Friendly DRM?”. [Online]. Available from: http://www.cfp2002.org/fairuse/fox.pdf [Accessed 15 THE BIRTH OF January 2009]. DIGITAL RIGHTS MANAGEMENT [5] Wikipedia. Jon Lech Johansen. [Online]. Available from: http://en.wikipedia.org/wiki/Jon_Lech_Johansen [Accessed 15 January 2009]. UNFAIR DIGITAL RIGHTS [6] doubleTwist Corporation. doubleTwist Home Page. [Online]. Available from: http://www.doubletwist.com [Accessed MANAGEMENT 15 January 2009]. [7] Eliot Van Buskirk. iTunes Music Store Finally Ditches DRM, Adds New Prices. Epicenter - Wired Blogs. [Online] 14 A DIGITAL RIGHTS January 2009. Available from: http://blog.wired.com/business/2009/01/apple-promises.html [Accessed 15 Janu - DILEMMA ary 2009]. [8] International Federation of the Phonographic Industry. IFPI Digital Music Report 2008. [Online]. Available from: A COMPROMISE http://www.ifpi.org/content/section_statistics/index.html [Accessed 15 January 2009]. SOLUTION

[9] de Fontenay E. Ex-Post vs. Ex-Ante: EMusic Takes Another Approach to Napster. [Online]. Available from: CONCLUSION http://www.musicdish.com/mag/index.php3?id=2345 [Accessed 15 January 2009]. [10] Bonnici C. Digital Rights Management: Towards a Balance between Copyright Rights and Fair Use Exceptions. MSc REFERENCES project report. Royal Holloway University of London; 2008.