a sceptical look at copyright and drm dr. ian brown frsa mriia university college london

A sceptical look at copyright and DRM

Dr. Ian Brown FRSA MRIIA

University College London

Overview

Where did copyright go wrong? “Trusted” computing The technical problems with DRM Legislative “fixes” Goodbye to fair use

Origins

Statute of Anne, 1710: “for the encouragement of learned men to compose and write useful books ”

US Constitution, 1789: “To promote the progress of science and useful arts”

Droit d’auteur: “a work of creation is intimately linked with its creator. The work cannot be separated from its author, like a child from his father.”

Stationer’s Guild, 1557: no “seditious and heretical books, rhymes and treatises”

Problem #1: copyright terms

0

20

40

60

80

100

120

140

Yea

rs

1790 1831 1909 1976 1998

…EU life + 70 since 1993

The drivers behind copyright

•Mickey debuted in 1928, and copyright would have expired 2003-2005

•US Congress passed Copyright Term Extension Act in 1998 postponing until 2023: http://www.eagleforum.org/column/1998/nov98/98-11-25.html

•Peter Pan has perpetual rights in UK

Problem #2: Internet hysteria

“the VCR is to the American film producer and the American public as the Boston strangler is to the woman home alone.” –Jack Valenti

Mid-90s reaction of copyright industries: technical and legal

“The piracy of software is responsible for annual global revenue losses of more than $4 billion. The piracy of computer games cheats the gaming industry out of more than a billion dollars a year. And the piracy of songs has left the music industry fighting for its digital life, thanks to a pillaging that reached levels of more than a billion songs a month.” –Peter Chernin

Digital Rights Management

Wide range of technologies that allow publishers to control the use of digital media

Restricts reproduction, but also viewing, printing, clipboard functions etc

Present in Windows Media Player, Adobe e-books, RealPlayer etc

DRM basic technology

Media data is encrypted and only accessible by licensed players that control usage

Licensed users given keys to decrypt tied to player

Media can be watermarked with usage instructions and/or user information

DRM a hard problem

Media data has to be decrypted at some point to be useful

Watermarks can be removed, especially with many original files to compare and players to test with

Bits are bits, and PCs are general purpose computers

Legacy equipment won’t disappear for many years

Previous DRM “solutions”

Secure Digital Music Initiative CD protection CSS

New “trusted” architectures

Intel/IBM/HP/etc in TCPA/TCG: machine state auth to 3rd parties; encrypted data only accessible in identical state; encrypted device links

Microsoft Palladium/NGSCB: “curtained” apps, secure drivers, DRM everywhere

Migrating to PDAs/mobiles/watches

Fundamental technical problems

The analogue “hole” – watermarking Break Once Play Anywhere File-sharing won’t stop

Legislative “fixes”

WIPO 1996 treaties Digital Millennium Copyright Act 1998 European Union Copyright Directive 2001 WTO TRIPS 1994 can lead to trade

sanctions

EU Copyright Directive

Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the Harmonisation of Certain Aspects of Copyright and Related Rights in the Information Society

Provides for rights over reproduction, communication to the public and distribution (Articles 2—4)

EUCD Article 6 6.1: “Member States shall provide adequate legal

protection against the circumvention of any effective technological measures”

6.2: bans “manufacture, import, distribution, sale, rental, advertisement for sale or rental, or possession for commercial purposes of devices, products or components or the provision of services”

Purpose is irrelevant Finland, France, UK 2 years prison; Portugal 3 years;

France 150,000€ fine Only Germany, Denmark, Finland and UK have research

exemptions

EUCD Article 7

7.1: “Member States shall provide for adequate legal protection against any person knowingly performing without authority… the removal or alteration of any electronic rights-management information”

Existing problems

“I think a lot of people didn't realize that it would have this potential chilling effect on vulnerability research.” –Richard Clarke

Use to enforce accessory controls (Lexmark, Aibo, Playstation)

Rewriting the copyright bargain

Potential problems

Electronic book burning Reduced software diversity – security and

competition risks Personal and national sovereignty Privacy

Problem #3: disappearing fair use

Private copy Teaching/research Parody Disabled persons

EUCD Article 5

Long list of permissible exceptions (unlike US) 5.1 “Temporary acts of reproduction referred to

in Article 2, which are transient or incidental [and] an integral and essential part of a technological process…”

5.2: exceptions to Art. 2 5.3: exceptions to Art. 3 5.4: any of the above may apply to Art. 4

Fair use and DRM

DMCA and EUCD both ban DRM circumvention, even for fair use

EUCD requests “voluntary measures” from rightsholders

If not forthcoming, most member states allow appeal to national tribunal (except Netherlands)

Abolishing digital fair use

“On-demand services” (“members of the public may access them from a place and at a time individually chosen by them”) exempt from fair use

Could include anything accessed over Internet

Contractual access – also see UCITA

Problems for free software

Accessing a protected file may be circumvention (e.g. DeCSS) if not authorised by rightsholder (despite Software Directive)

Therefore free software could be classed as a circumvention device, with severe penalties

More problems

Growing numbers of file formats may require reboot into Windows to access (Intel hardware prevents OS virtualisation)

Including Office 2003 and later Society may need protection from TPMs

rather than the other way around

Even worse law coming

EU Directive on IPR Enforcement: abolishes right to silence in IP cases; allows injunctions against ISPs; civil litigants can freeze bank accounts and search premises

See fipr.org for analysis

Final thoughts “Be very glad that your PC is insecure – it

means that after you buy it, you can break into it and install whatever software you want. What YOU want, not what Sony or Warner or AOL wants.” –John Gilmore

“"If we can find some way to [stop filesharing] without destroying their machines, we'd be interested in hearing about that. If that's the only way, then I'm all for destroying their machines.” –Senator Orrin Hatch (writer of Our Gracious Lord, Climb Inside His Loving Arms, and How His Glory Shines)