What Every Citizen Should Know About DRM, aka - Public Knowledge

What Every CitizenShould Know About DRM,a.k.a. “Digital Rights Management”By Mike GodwinSenior Technology CounselPublic KnowledgePUBLIC KNOWLEDGENEW AMERICA FOUNDATION

What Every Citizen Should Know About DRM,a.k.a. “Digital Rights Management”By Mike GodwinSenior Technology CounselPublic KnowledgeNEW AMERICAF O U N D A T I O NWashington, DC

AcknowledgementsThis “DRM primer” would not have come about without the author’s having worked withan informal “Risks of Copy Protection” expert group that includes Ed Felten, Matt Blaze,Phil Karn, Steve Bellovin, Bruce Schneier, Alan Davidson, John Morris, Hal Abelson, andBill Cheswick. Two members of the group — Ed Felten and Matt Blaze — deserve specialthanks for framing a number of copy-protection technology issues with such clarity that Ihave to some extent reproduced that clarity here. Phil Karn similarly deserves special thanksfor his discussion of the extent to which peer-to-peer file-sharing is a feature of the Internet’sfundamental design. Andy Moss and Aaron Burstein each made a wide range of helpfulcomments and observations on earlier drafts of this primer.I’m particularly grateful to my boss, Gigi Sohn, for giving me the opportunity to explorethe landscape of digital rights management and to develop further some of my ideas aboutthe directions in which DRM may take us. I’m also thankful for the support and feedback ofmy other fellow staff members at Public Knowledge — Sarah Brown, Alex Curtis, Ann Deville,and Nathan Mitchler. I consider myself fortunate to be backed by such a knowledgeableand resourceful team; each of my colleagues contributed in many ways to the developmentof this project, and all of them read this paper in various stages of development and offeredhelpful corrections and suggestions.Any mistakes, however, remain my own, as do my reasoning and conclusions; my colleaguesand friends should not be blamed for any wrong turns I have made.

ContentsI. A Brief Introduction To DRM and itsRelationship to Copyright Law..........................................................................1What is “DRM,” and How Did It Get Here? ................................................................................1How Copyright Is Different From Other Rights .........................................................................1Why Copying Used To Matter, and Why It Still Does ..............................................................2When Printing Presses Became Commonplace..........................................................................2The Growth and Expansion of Copyright Law............................................................................3Technological Changes Challenge Copyright Law....................................................................3The Ways of Adapting to Cheap Copying ...................................................................................4How Copying Enriches Our Culture...............................................................................................5II. What Does DRM Look Like?..................................................................................7A. Encrypting or Scrambling Content ...........................................................................................7B. Marking .............................................................................................................................................9C. Other Approaches ........................................................................................................................17III. Should DRM Be Imposed By the Government?.......................19A Brief History of Software Copy Protection............................................................................19The Advantages of Selling Software Rather Than Content ................................................20How The Content Producers Have Responded........................................................................21IV. The “Threat Model” of Universal Infringement,and the Potential Threats Posed By DRM ......................................23A. Can “Peer to Peer” Be Stopped On the Internet Itself?...................................................24B. Who’s a Host On Today’s Internet? ........................................................................................27V. Conclusion: Can There Be a “Humane” DRM? .......................27Selected Readings ...........................................................................................................................................35Endnotes..............................................................................................................................................................37

I. A Brief Introduction To DRMand its Relationship to Copyright LawWhat is “DRM,” andHow Did It Get Here?Most broadly, DRM (an acronym for“digital rights management”) is a collectivename for technologies that preventyou from using a copyrighted digital workbeyond the degree to which the copyrightowner wishes to allow you to use it.At first glance, the increasing use ofDRM by movie companies, by consumer-electronicsmakers, and by computermakers may not bother you verymuch. You may look over the increasinguse of DRM and ask yourself why youshould care. After all, isn’t DRM just atechnical means of giving copyrightowners new ways to protect the legalrights they already have?You should care because you havesomething personal at stake both in thebalances built into our copyright law,and in the technologies, such as personalcomputers and the Internet, that mightbe restricted or controlled in order toprotect copyright interests. The choiceswe make now about copyrighted worksand about technological protections forsuch works will affect us for a long timeto come. This is why, as we workthrough our understanding of DRM, weneed to make sure we understand copyrightas well. Although there is a tendencyon the part of some people toequate copyright interests with otherkinds of ownership and property interests,under our legal system copyright isactually significantly different.How Copyright Is DifferentFrom Other RightsHere’s one important difference: copyrightlaw frequently allows other people(sometimes teachers, reporters, or scholarlyresearchers) to quote a copyrightedwork without the copyright owner’s permission.We don’t normally make thesame kinds of exceptions for unauthorizeduses of other kinds of property —for example, you don’t get to use yourneighbor’s car just because he’s not usingit this afternoon, and you happen tohave an urgent need for transportation. 1 1

I. A Brief Introduction To DRM and itsRelationship to Copyright LawCopyrighted works are different in several otherways. They remain the owner’s (or her heirs’)“property” only for a limited time period, unlikeother, older kinds of property. The family manormay have belonged to your and your ancestors forcenturies, perhaps (if you’re the kind of personwho grew up in a manor), but the copyright interestsof your grandfather may, at some long periodafter your grandfather’s death, cease to be anybody’sproperty. We often refer to this final stage of thelegal protection for a copyrighted work by saying ithas “become part of thepublic domain” — a kindThe printing press made of “property” still, but onethat belongs to everyonecopying a creative work and can be used by andcopied by anyone withouttechnologically possible restriction. 2Copyright protection ofin a fraction of the time certain kinds of creativeworks is built into theit had taken the monks Constitution. We inferfrom the language of theto make a copy. Constitution that theFramers saw value ingranting artists andauthors (or the people to whom the artists andauthors gave their rights in their creations) a kindof “exclusive” right in the created work. Thismeans that copyright law allows the copyrightowner to “exclude” other people from copying it,at least so long as the legal term of protection ofthe work lasts, and so long as their copying orother use of your work doesn’t fall within one ofthe specific exceptions, such as “fair use,” that areallowed for in our copyright scheme. 3Why Copying Used To Matter,and Why It Still DoesBut why all this focus on “copying?” There aretechnological reasons for the focus on copying inthe law of copyright (which unlike many legalterms is almost self-explanatory; the term literallyfocuses on the right to make copies, although overthe course of time copyright law in the UnitedStates and around the world has increasinglyencompassed some related rights as well).The technologicalreasons are that, for almost all of humanhistory, the human capability to make copies of acreative work was very limited. Monks used tospend their lifetimes in the monasteries makingcopies of pre-existing works, sometimes addingvaluable commentary or illustrations (then as now,it often helps to break up a block of text with apretty illustration or a helpful diagram or an italicizedheadline). Their copies had to be perfect,without error — and asking human beings to makeperfect copies of anything someone else said orwrote is a very demanding thing.This was true until a number of technologicalchanges made copying easier. The first majorchange was the invention of the printing press — ahuge device that required lots of expertise andmaintenance to operate, but that enabled printersto make (and sell) many copies of books that wereessentially identical to one another.The printing press created a great opportunity forauthors. Instead of begging for patronage from arich man, a nobleman, or a church to create somethingin writing, an author could make a deal with aprinter, so that the books or other materials hewrote could be sold — perhaps many copies of thework — and both the author and the printer couldreap a direct financial reward. The printing press ledto a slow explosion (it took a century or two) of thenumber and availability of books in Europe andelsewhere that even ordinary citizens might buy (orotherwise have access to and perhaps even read).All this was because the printing press madecopying a certain kind of creative work — writtenworks, perhaps supplemented with engraved illustrations— technologically possible in a fractionof the time it used to take the monks to make asingle copy.When Printing PressesBecame CommonplaceBut the process was expensive, so anyone whowanted to publish a book usually had to find aprinter or publisher to sponsor the making ofcopies for sale. Until very recently in our history, ifyou had a book that you wanted to get to a wideaudience, you more or less had to have the supportof a patron to get it published.2

What Every Citizen Should Know About DRM,a.k.a. “Digital Rights Management”More important than the expense and difficultyof printing books, however, was that printingchanged the way we all thought of books (and later,of other creative works that could be copied). Webegan to think the creative effort of the author wasthe real thing of value, or at least far more valuablethan a single copy of the book might be. (In general,that is; sometimes books are themselves rare,collectable items, but that’s not normally the case.) Imight buy a copy of The Hunt For Red October, and Imight even say it’s “my book,” but on another levelI reflexively realize that in some other sense, mybook (and everyone else’s copy of it) belongs to theauthor, Tom Clancy — he has more rights to use itstext than I do, or at least that’s the starting point ofcopyright law. When I own a book, I own ordinary“tangible” property; the author, at least until theperiod of legal protection of the copyrighted workends, owns the “intellectual property.” 4 That is, theauthor, or the person or group or company he giveshis rights to, “owns the copyright.”This whole system of “copyright law” — whichbegan in Europe and then was made part of theConstitution of the United States, has worked prettywell for the few centuries it has existed. It has beenextended to other creative works, including paintings,photography, and even architectural design.Traditionally, the copyright system has been seen asa force that makes our culture richer. For one thing,this new publishing-industry system meant thatmore authors got paid (not so many had to beg for asubsidy from a king or a pope). For another, moreartists and authors were inspired to create, becausethe time and effort it takes to create new workscould end up with the artists and authors gettingpaid, which made the creative effort even moreworthwhile, and occasionally even paid the rent.The Growth and Expansionof Copyright LawOf course, this system has not been without itsproblems. Before there were comprehensive internationalcopyright treaties, publishers in somecountries might print works of authors from othercountries right next door, and the original authorsmight not even learn of this act, Then as now,advocates of international copyright systems havepreferred to equate such unauthorized publicationas a kind of “theft,” but there’s a special legal termfor unauthorized use or copying of copyrightedworks: “infringement.” The reason for the differencein terminology is that, generally speaking,copyright infringement imposes a different kind ofloss or damage on the copyright holder than thetheft of physical property imposes on a traditionalproperty owner. In addition, “infringement” isdefined in terms of specific statutorily grantedrights belonging to the copyright holder, whereas“theft” generally is understood in terms of older,common-law property interests that don’t requireany statutory creation or grant.But, basically, the difficulty and expense of makingcopies of works — even with the invention ofbetter and faster printing presses — kept unauthorizedcopying of legally protected works at a lowlevel compared to what became possible in themodern era. And international legal agreementsmade it increasingly difficult for publishers in othercountries to pull the old infringement-across-theborderdodge.Technological ChangesChallenge Copyright LawAll of this began to change, however, in the 20thcentury, and has accelerated to a surprising degreein the 21st. This is because, when the lawyers andlegislators and judges first framed the idea of protectingan author’s interest in his or her creativework by focusing on the copying of the work, theydid so at a time when copying was expensive, andillegal copying was hard to conceal. So it seemedonly natural to take the difficult part of makingunauthorized use of an author’s work — the makingof a copy — to build a framework of legal protectionsto protect authors and publishers fromillicit copy makers.But with the advent of cameras, photocopyingmachines, tape recorders, and other consumeroperatedcopy-capable machinery and tools —tools that grew both less expensive and more powerfulover the course of the 20th century — theidea that the making of a copy is the easiest place toenforce a creator’s or publisher’s right becamemore questionable.3

I. A Brief Introduction To DRM and itsRelationship to Copyright LawComputers and computer networks, as well asother digital tools, have made the problem evenmore acute. Computer companies and softwarevendors discovered an aspect of this problem in thelate 1970s and early 1980s, because the softwarethat ran on personal computers is inherently copyable.Their experience led to the first efforts atDRM, then known only as “copy protection.” 5Many of us are aware how it is so inexpensive tomake computerized copies of digital creative worksthat the cost probably is too small to be measured.What is less well-recognized (but just as true) isthat other digital tools make it possible to take analogworks (original paintings, say, or printed books)and digitize them and distribute the perfect copies— sometimes as part of an illicit “copyright piracy”enterprise, for commercial gain, and sometimesjust for free. 6 In effect, digital tools make the copyingof any content, regardless of its form, far easierthan it used to be.The Ways of Adapting toCheap CopyingSo the problem, at least as many artists, authors,and publishers see it, is how to make copying ofcreative works more difficult or at least more controllable.Putting the breaks on easy copying makesit less necessary to revise the whole system of lawwe’ve built around the notion of “copyright.” 7For those who want to make copying difficult,as it once was, the digital revolution has beenboth a curse and a blessing. On the one hand,when a work is in digital form, it can easily becopied by digital mechanisms such as the “copy”functions in computer operating systems. Butwhen the work is in digital form, it turns out,there are also a number of technological optionsthat can be employed to limit one’s ability to copyall or part of a work. When Stephen King publisheda novella in 2000 called “Riding the Bullet”and sold it (through his publishers) over theAnalog Versus DigitalIt’s important to understand at this point the fundamentaldifferences between digital technologies andanalog technologies. “Digital” generally refers to representationof information, including content, asones and zeros (or “bits”). There are a number ofadvantages to the use of digital technologies — themajor one is that it is possible for the receiver of digitalcontent to determine whether there has been anerror in transmission, and to correct the error (byseeking retransmission of the altered or lost bits).This is why the word “digital” has a certain appealfor both consumers and vendors — the word connotesquality, because it suggests (not always accurately)that the content has been perfectly copied ortransmitted for consumer use. Moreover, the fact thatit can be subjected to such error-checking is whatmakes it possible for the content to be subjected todigital encryption and decryption techniques.For most of the history of consumer electronics,however, analog technologies, which directly reproducethe waveforms of auditory and visual informationbut do not translate them to “bits,” have beenat the heart of home-entertainment systems. Evenwhere digital technologies and content formatshave become commonplace (as music CDs andmovie DVDs are), they are most commonly used onsystems with analog components (such as stereosystems that use analog connectors to connect CDplayers to speakers). Similarly, in the United States,most TV watchers view television content throughanalog TV displays, even when the actual signal carryingthat content (a cable or satellite signal, forexample) may have been digital when it first arrivedin the home.4

What Every Citizen Should Know About DRM,a.k.a. “Digital Rights Management”Internet, the book was placed in a digital formatthat limited what you could do with it — therewere restrictions on whether you could print anyof it at all, or print it out on your printer justbecause you prefer the feel of paper.King’s experiment taught all of us at least twothings: (a) that there’s a market for works in digitalform that can be downloaded and used onyour computer and other digital devices, and (b)some folks who had never read a book onlinebefore discovered that, even apart from the difficultiesof reading a book on a computer screen,the limitations on a digital creative work seemedto be even greater than those on a paperbackcopy. (At least with the latter you can take thepaperback to a photocopier and grab a few pagecopies that way.)King’s experiment underscored the burgeoningmovement by publishers, record and movie companies,and other enterprises that either are creativethemselves or that work with creative people todevelop and market new works — a movement tofind digital tools that put limits on what individualcitizens can do with the copies of creative worksthat they buy.And this new movement brings us back to theset of issues with which ordinary citizens should beincreasingly concerned. Because, as Law ProfessorJulie Cohen has put it, the traditional copyrightsystem has been helpfully “leaky,” our culture hasbenefited from creative works even when thoseworks are still protected by copyright law. Forexample, many of us know pop song lyrics eventhough we never bought a sheet of music — thefact that we know them by heart, and even cansometimes sing them to each other, is somethingthat makes our lives a little richer, without reallymaking the creator or publisher any poorer.Indeed, if we sing well enough (or badly enough),we may inspire someone to go out and buy theoriginal recording.How Copying Enriches Our CultureMore generally, creative works that can easily bequoted and shown to other people and reused increative ways help enrich our culture by replenishingit with the latest and best creative works. Toput it bluntly, our lives are richer because we get toshare so much of our culture even as we continueto maintain a system that encourages artists andauthors to create more cultural works.A potential problem with DRM is that, when it’sdone in the wrong way, it may end up walling offparts of our culture from one another. Worse, theperceived need to use DRM to protect every digitalwork may cause undesirable changes in the verytechnologies that have revolutionized our dailylives over the past two and a half decades.The questions we have to ask now are these:❚ What does DRM look like? What forms does itcome in?❚ Should DRM be administered by the governmentor developed solely in the marketplace?What limits, if any, should be placed upon it?❚ What harms can it do to the balances built intoour copyright law? What other harms mightDRM cause?❚ Are there good forms of DRM that benefit citizens?If not, could there be? What would suchforms of DRM look like?The remainder of this essay discusses these topicsin detail and draws certain conclusions aboutthe right path for us to take with regard to copyrightand DRM. We focus here both on technicalissues and proposals and on the legal and policyproposals these technical issues and proposals havegenerated. The goal here is to come up with conclusionsthat are applicable across a broad range ofproposed copyright-protection schemes, and notjust the particular technology-mandate proposalsbeing considered in Congress and elsewhere.5

II. What Does DRM Look Like?Since the beginnings of the personalcomputer revolution, more than a quarterof a century ago, a number ofapproaches and technologies have beendeveloped to prevent unauthorizedcopying of, or to otherwise control digitalcontent. There are three broadclasses of approaches that are currentlyused, or that have been proposed in variousstandards-setting or legislative proceedings.Sometimes these approachesare used by themselves, and sometimesin combination with one another.A. Encrypting orScrambling ContentA common approach to copy protectionis encryption — the use of a mathematical/computationalprocess to scrambleinformation so that only those who havethe right key or keys can obtain accessto it. This, for example, is how yourDVD movies work — their content isscrambled so that only DVD playersthat have the right keys can decrypt thecontent so that you can watch the DVDmovie. Similarly, if you receive cable orsatellite television, your TV serviceprovider normally scrambles content inways that prevent most unauthorizedpeople (that is, nonsubscribers) fromgetting access to it.The basic approach for encryption isto encrypt the digital content so thatonly a player with both the decryptiondevice or software and the proper keycan play the content. The contentowner can broadcast the content toeveryone but unless the recipient hasvalid decryption keys he cannot play thecontent. Scrambling is a similar copyprotectionapproach, but without a userappliedkey; instead, the key thatincludes the unscrambling algorithmresides in the player device (which maybe hardware, or software, or both).There are several varieties to encryption-basedcopy protection. In the simplesttype, all content is encrypted undera single master key. This is considered avery fragile scheme because, once thesingle key is compromised, the entire7

II. What Does DRM Look Like?system is considered compromised or “broken.” 8Cryptographers generally disfavor such “BreakOnce Break Everywhere” (a.k.a. “BOBE”) encryptionschemes.More robust approaches avoid the pitfalls ofBOBE by using many different keys. Some encryption-basedsystems encrypt each piece of contentwith its own individual key. As a result, the loss of asingle key only means the compromising of a singlepiece of content, and not the entire system. Inthe most complex variants of encryption-based systems,the encryption keys are unique not only forthe content but for theplayer as well. Thus,In spite of the breach someone who receivedboth the encrypted contentand the encryptionof DVD copy protection,key associated withthe DVD market another person could notplay the copied content oncontinues to witness his own player.An example of this moreremarkable growth. secure encryption-basedapproach can be found inEurope, where encryptionbasedcopy protection is commonly used by paytelevisionsatellite-TV providers. Subscribers havea hardware set-top box that unscrambles the satellitetransmissions into video signals that are thendisplayed on a standard television. Users have a socalled“smart card”: a personalized device thatplugs into the set-top box and controls which televisionprograms can be decrypted and displayed.The satellite television providers transmit theirprogramming in scrambled form, and set-top boxeswith authorized smart-cards are able to unscrambleprograms for viewing. The broadcasters can alsosend instructions to individual smart cards, authorizingthem to unscramble certain television showsor prohibiting them from unscrambling others.A similar scheme, called Content Scrambling System(also known as “Content Scramble System” or“CSS”), has been used by the DVD industry. CommercialDVDs are encrypted with a series of keys.These keys are embedded in different video players,whose manufacturers are licensed to build them intotheir products. As a general result, only “authorizedviewers” (those with legitimate, authorized DVDplayers that use authorized keys) can watch theDVDs. The Content Scramble System was designedso that the administrators of the system are able to“turn off” certain keys if they are compromised —so that some DVD players with now-deauthorizedkeys could be shut out of playing new DVDs withoutcausing the entire system to fail.As it happens, however, CSS in its existing formhas already been compromised by a Norwegiancitizen named Jon Johansen, who came up with ageneralizable workaround for the DVD scramblingsystem. That workaround computer program,called “DeCSS” makes it possible forsufficiently sophisticated users to sidestep DVDscrambling and render DVD movie contentunscrambled (a.k.a., “in the clear”), so that it canbe viewed on any player and, more important inthe context of copyright policy, can be copied onthe Internet and elsewhere.In spite of this breach of the CSS system,however, movie companies continue to produceDVD movies using the existing scrambling system.As a practical matter this breach has not hurtthe DVD market, which has continued to seeremarkable growth in the period since Johansenpublished DeCSS. 9While it is not yet evident that Johansen’s“crack” of the CSS system will cause long-termharm to the DVD market, the failure of CSS tosurvive a deliberate attempt to circumvent it hasspurred both the content companies and the computerand consumer-electronics companies thatproduce players for DVDs to explore alternativesin the delivery of content that may be more secure.Trusted Computing and Tethered ContentOne idea that has gained some currency — notleast because versions of it have been promoted byIntel (the leading manufacturer of personal-computermicroprocessors) and by Microsoft (the leadingmanufacturer of personal-computer operatingsystems) — has been to deliver content inencrypted form, and allow it to be decrypted onlywithin a tamper-resistant environment within acomputer or other device. This approach relies ona new design feature for Intel-based personal com-8

What Every Citizen Should Know About DRM,a.k.a. “Digital Rights Management”puters — a design feature that goes by variousnames, most commonly “trusted computing” or“the Next Generation Secure Computing Base”(NGSCB). 10 This approach has its advantages —notably, it doesn’t have the flaw of being “BreakOnce Break Everywhere” — but it also restrictsusers of this content more than they are restrictedby analog versions of the content, or by previousdigital versions of it. 11Unlike variations of the encryption approachthat require that all content be encrypted under asingle key, content-protection approaches that relytrusted computing, which use a separate key foreach computer or other playback device, can beused to tether content to that particular device.The notion that content may be “tethered” to aparticular platform or to particular individual usersis comforting to many in the content industry,because doing so could drastically limit the extentto which content can be copied and redistributedon the Internet (or by any other means). It is troubling,however, to many copyright scholars, whobelieve that an individual’s ability to give away orsell the copy of a work that he or she buys — theright referred to by copyright scholars as the FirstSale Doctrine — is central to the balance of rightsbuilt into our copyright laws. It is also troubling tomany consumers, consumer advocates, and businesses,because they expect to have the right togive away or resell the copies of copyrighted worksthat they buy. Used bookstores, for example,depend on this right for their very existence.B. MarkingThe second approach to copy protection is somethingwe can call “marking;” it depends on addinga mark in some way to the digital content. Themark may be used to indicate that the content iscopyrighted, and in some cases it also carriesinstructions about what uses of the content areauthorized. For example, in theory a mark maylabel some content as “do not copy” and anothermark may label some other content as “copy oncebut don’t re-copy.”There are three general forms a mark may takein the digital world. First, it may take the form of asimple label that is sent along with the content.Second, it may be a “watermark” - an arrangementof digital bits hidden in the background of the digitalcontent. Or, third, it may be a “fingerprint” — aunique identifier that is derived from the characteristicsof the content itself.Marking is typically used for one of three reasons.First, it is used when an encryption-basedmethod, for whatever reason, is not viable (or isnot perceived to be viable). For example, if theFederal Communications Commission requiresthat broadcast television signals not be encrypted— that they be broadcast “in the clear” — anyDRM for broadcast television signals must bebased on marking. 12 Second, marking is used insystems that attempt to detect copying after thefact rather than preventing it — such use is amongthe so-called “forensic” uses of marking. Putting amark on a piece of digital music, for example,allows one to create a search engine that can find amarked clip on the Internet, which the searchermight then assume is an unauthorized clip (on thetheory that authorized marked clips aren’t availableat all via the Internet). Moreover, if the mark issufficiently sophisticated, it may carry informationthat can be used to determine where the unauthorizedcontent originated (e.g., from a moviestudioemployee).The third major use of marking is as a responseto the so-called “analog hole.” The term “analoghole” refers to the ability of a would-be infringerto capture content as it is being played (or justbefore it is played). An example of this would beplaying of a DVD and capturing the DVD’s contentby using a camera with a microphone, or byreplacing an output device such as a television setwith a recording device, or by connecting to thedigital player through analog connectors.Encryption-based methods by themselves donot address the analog hole, because content mustbe decrypted in order to play it. At the point ofplaying, decrypted content is, at least for themoment, “in the clear” and can be captured in anumber of ways and redigitized. 13 By contrast,some kinds of marks may remain attached tothe content even as the content is being played,which is the basis for some models of content-protectionschemes.9

II. What Does DRM Look Like?The “simple label” approachThe simplest type of mark consists of a straightforwardlabel that is sent along with the content. Youcan think of this as if it were a copyright noticethat is paper-clipped to a document. The “simplemark” approach is especially cheap and simple toimplement — although only at the content-productionlevel — because the mark is easily locatedand is separate from the content. The costs associatedwith marking content are not, however, necessarilycheap and simple to implement on thehardware side — there are many costs associatedwith upgrading computersand other digital devices toA simple mark (such as recognize the mark. Moreover,a simple mark maythe “broadcast flag”) can not be sufficiently sophisticatedto serve as a forensicbe easily removed if the mark, since it may notcarry enough informationcontent is received to indicate the precise originof the unauthorizedoutside a secure system. content, and since even ifit does carry that informationthe mark maynonetheless be easy to remove.An example of a simple label is a “broadcast flag”that can be attached to a digital television broadcast.Note that the term “broadcast flag” is often used,inaccurately, to refer to a much broader and morecomplex broadcast protection scheme of which theflag itself is only one small part; see the outline ofthe “broadcast flag” scheme below for a detaileddiscussion of one such scheme. In this paper, theterm “broadcast flag” means the digital mark byitself — “broadcast flag scheme” is the term usedfor any larger framework that is based on systematicmechanical recognition of the broadcast-flag mark.Broadly described, a broadcast-flag scheme fordigital television works this way: A digital televisionbroadcast transmits a sequence of discretepackets of data to its recipients. Each packet containsa part of video that is to be displayed, precededby a brief “header” that conveys suchinformation as where the packet fits into the overallsequence. The header may also contain a digitalbit or “broadcast flag” which labels the broadcastas copyrighted and which additionally conveys thatthe copyright owner grants only certain limitedprivileges to the broadcast’s recipients. Alternatively,a broadcast flag may not be present in everypacket of digital TV content — if so, hardwaremust be redesigned to capture and “hold in detention”the packets of televised content until enoughof packets can be examined to determine whethera broadcast flag is present.In such a scheme the mark is not part of the contentitself; instead the mark merely accompanies thecontent. This is both the strength and the weaknessof this approach. It is a strength because it allowsthe mark to be found and interpreted easily, andbecause the mark can be applied to virtually anytype of content. It is a weakness because anyonewho receives the content outside of a secure homeentertainmentarchitecture can easily separate themark from the content by editing it out. 14The “Watermark” approachMost people think of the term “watermark” in referenceto paper products — hold a watermarked pieceof paper up to the light, and you can see where themanufacturer has marked it, perhaps with his or hercompany logo. On paper, a watermark is not part ofthe content, but part of the medium (paper) onwhich the content has been placed.In the digital world, however, a watermark is asubtle mark that is added to the digital contentitself. For example, if the content is a recordedsong, the watermark might be a faint sound that isadded as background noise to the song. Digitalwatermarks are so named because they serve thesame purpose as watermarks on paper — the ideais to embed a subtle mark deeply into the fabric ofthe content, without interfering too much with thecontent itself.A successful watermark must have three characteristics.It must be:❚ Imperceptible to the user of the content:Adding the watermark must not affect the user’sexperience in viewing the content.❚ Detectable by machines: An authorized playeror other digital tool must be able reliably todetect the watermark.10

What Every Citizen Should Know About DRM,a.k.a. “Digital Rights Management”❚ Difficult or impossible to remove: It must be difficultor impossible for an unauthorized party toremove the watermark or to render it undetectable,except by unacceptably damaging theperceptual quality of the content.Several companies offer products that claim to meetthese requirements. Only a few of these products,however, have undergone independent scientificscrutiny, and those few that have undergone suchscrutiny have not stood up well. As a technical matterno one knows for certain whether it is even possibleto meet all three requirements simultaneously.Unlike a simple label, a successful watermarkwould be embedded in the content itself, and if thewatermark were adequately persistent then nobodywould be able to separate it from the content — orat least not without a great deal of trouble. 15 11Can Watermarking Work?As we have noted, a watermark must meet threetechnical criteria; it must be:❚ Imperceptible to the user of the content❚ Detectable by machines❚ Difficult or impossible to remove.Is it possible to meet these three criteria simultaneously?We find ourselves asking this question becausethe criteria seem to be in conflict with one another.For example, it must be possible to add to digitalcontent a mark that is an imperceptible mark, yet italso must not be possible to subtract out that markimperceptibly. Similarly, it must be relatively easy andcheap for any player to find a watermark; but it mustbe impossible for anyone to find (and then presumablyremove) the watermark.Watermarking also appears to conflict with populardata compression methods such as MPEG4 andMP3.* These methods reduce the size of a contentfile, and thus allow that file to be stored more compactlyor transmitted more quickly, by discarding anyaspect of the content that human eyes cannot see (orthat human ears cannot hear), and that therefore isunnecessary to one’s enjoyment of the content. Thisposes a problem for watermarks, as an imperceptiblewatermark consists of exactly the kind of informationthat such a compression method is trying to remove.If compression methods are imperfect, as today’s are,then watermarks can be “hidden in the margins” bybuilding them out of imperceptible elements that thecompression methods do not yet know how toremove. But as compression methods get better, these“margins” will shrink, and it will become harder andharder to create imperceptible watermarks that arepersistent in the face of compression.As we have no solid evidence that watermarking ispossible, and we have reason to doubt whether therequirements for a watermarking scheme can be met,we have every reason to doubt that a successfulwatermarking method will be discovered any timesoon. These general reasons for skepticism are supportedby the history of watermarking research,which has repeatedly shown the weakness of proposedwatermarks.* MPEG stands for “Moving Pictures Experts Group,” which is the name of family of standards used for codingaudio-visual information (e.g., movies, video, music) in a digital compressed format. MPEG-4 is a one of the morerecent standards of audiovisual content compression, and is more efficient than earlier standards, such as MPEG-1.MP3 is the term for the audio layer of the MPEG-1 standard, and is the part of the MPEG-1 standard that is usedfor encoding soundtracks. More recently, it has become the most common format for digital music that is traded ordistributed online.

II. What Does DRM Look Like?The “fingerprinting” approachA fingerprint is a type of mark that is not added tothe content, but is extracted from the preexistingcharacteristics of the content. 16 For example, if thecontent is a recorded song, then the fingerprintmay be derived from the song’s tempo, its rhythms,the length of its verses or movements, and mix ofinstruments used, and/or other features.To be effective, a fingerprinting method must be:❚ Unique or At Least Precise: Two pieces ofcontent that look or sound different to a personshould almost always have different fingerprints.❚ Difficult or Impossible to Remove: It must bedifficult or impossible for an unauthorized partyto alter the content in a way that changes its fingerprint,except by unacceptably damaging theperceptual quality of the content.To be successful, a fingerprinting method mustmeet both of these requirements. A number ofcompanies offer fingerprinting technologies thatclaim to satisfy these requirements, but none ofthese claims has undergone independent scientificscrutiny. As a technical matter, it has not beenindependently established whether it is even possibleto meet both requirements simultaneously.Since the fingerprint is derived from the preexistingcontent, it cannot be used to store informationabout the content, such as an enumeration ofauthorized uses. (By way of analogy, your actualfingerprints may be unique to you, and may serveto identify you, while telling us nothing at all aboutyour legal status.) Instead, the fingerprint acts as aunique identifier for each piece of content, and thisidentifier can be used to access an external databasecontaining information about each piece of con-Can “Fingerprinting” Work?As stated above, a fingerprint is a “mark” that isextracted from the preexisting characteristics of thecontent. For example, if the content is a recordedsong, then the fingerprint may be derived from thesong’s tempo, its rhythms, the length of its verses ormovements, the mix of instruments used, and similarfeatures.To be effective, a fingerprinting method must be:❚ Unique or At Least Precise❚ Difficult or Impossible to Remove:As is the case with digital watermarks, it is not establishedwhether it is even possible to meet these twocriteria simultaneously.Unlike a watermark, which can carry instructionsabout how content is to be treated, a fingerprint carriesno descriptive data about the content but can only toserve as a unique identifier for a particular content file.Information about the copyright status and permissionsassociated with the content cannot be stored inthe fingerprint, but must be obtained from a databasesomewhere. It follows that in a DRM system based onfingerprinting, every player must be connected to theInternet (or some similar system) so that it can contactthe database to check the status of each content filebefore playing that file. This fact rules out the use offingerprinting in many DRM scenarios.There has been no generally recognized public scientificresearch on the question of whether a fingerprintingmethod can be both precise and persistent.This is not to say that there may be no use for fingerprinting.As it happens, fingerprinting has uses otherthan DRM, and the evidence indicates that it haspromise for those other uses. The key unansweredquestion is whether a fingerprint can be persistent —whether an attacker can find a way to modify thecontent so that the fingerprint changes, without damagingthe perceptual quality of the content. In theabsence of evidence suggesting that fingerprints arepersistent, it is appropriate for us to be skepticalabout them.12

What Every Citizen Should Know About DRM,a.k.a. “Digital Rights Management”tent. Assuming that such a database could be built,a fingerprint could serve roughly the same functionas a watermark. 17A Deeper Understanding of the“Persistence” RequirementTo be persistent, a watermark or fingerprint mustbe able to survive any of the digital transformationsthat a would-be infringer might attempt to performon the digital content. A wide range of suchtransformations exists.These include (but are not limited to):❚ Playing the content, then using a recordingdevice such as a microphone or a camera torecapture the played content,❚ Compressing the content using a method suchas MP3 that makes some modifications in thecontent in order to facilitate compression,❚ Adding certain kinds of random noise to thecontent, and❚ Altering the content by making subtle changesin the tempo, timing, pitch, or coloration of thecontent.Many of these changes are often made for legitimatereasons, and there are many useful (and lawful)signal-processing and image-processing toolsthat allow an even broader range of possible transformations.Experts agree that devising a mark orlabel capable of surviving the full range of thesetransformations is much more difficult than a nonexpertmight initially expect.How “Marking” Functions in aCopy-Protection SchemeBy itself, no mark can function as a copy-protectionscheme. Instead, a mark is a building blockthat is used in designing a copy-protection scheme.Though the details of such schemes differ, theyshare certain important characteristics.First, marking schemes rely on widespread markingof copyrighted content, since they cannot hopeto protect content that is not marked. If a “simplemarking” or “watermarking” approach is being used,then of course there is no way to mark content thatwas distributed before the copy protection schemewas adopted. 18 Unmarked unauthorized copies ofcontent could continue to be copied on the Internetand elsewhere, and could continue to be experiencedand manipulated by users, so long as players andother devices that inspect content for marks, but donot find them, continue to be capable of playing orprocessing unmarked content. This is why somecritics of marking-based schemes argue that the onlyway for marking-based schemes to work is if playersand other devices read and play only marked content,and refuse to read or play unmarked content.Second, marking schemes rely on all devices thatread the content to check for the mark and, if themark is found, to obey any corresponding restrictionson use of the content. Of course, devices thatwere sold before the copy-protection scheme wasadopted will not be able to satisfy this requirement.This gives rise to what may be characterized as“the backward-compatibility problem,” which mayundermine attempts to implement industry widecopy protection schemes.The Backward-Compatibility ProblemWhen a new copy protection scheme is launched,it generally isn’t implemented in pre-existingdevices. For example, a new scheme for copy protectingrecorded music generally will not be supportedby existing CD players. This fact posesserious problems for the advocates of copy protection.There are three ways for proponents orimplementers of this scheme to deal with this backwardcompatibility problem, but all three have seriouscosts and other flaws.The first approach is to ignore the problem.This makes the owners of existing devices happy,but the existing devices become a loophole in thesystem, a loophole that is widely available towould-be infringers. This approach is preciselywhat is asked for by proponents of the broadcastflagapproach to DRM for digital television broadcasts— existing digital television receivers willcontinue to function regardless of the presence ofthe broadcast-flag bit, which means they can beused to sidestep attempts to limit copying of televisionprograms.The second approach is to require all consumersto upgrade immediately to new players that13

II. What Does DRM Look Like?support the new copy protection scheme. Thisseems likely to anger consumers, and understandablyso, as they would be forced to throw away perfectlygood equipment and replace it withexpensive new equipment. It is hard to imaginesuch an approach being viable for establishedmedia such as television, 19 movies, or music. 20The third approach is to accept the existingequipmentloophole for existing content, but torelease new content in a fashion that allows it to beplayed only on new players. This is essentially aslow-motion version of the preceding approach.Consumers would be forced to choose either tobuy an expensive (and perhapsredundant) newThe transition to digital player, or to forgo all newcontent. This approachtelevision has been seen too seems likely to provokea high level of consumeranger and expense,as an opportunity toalbeit perhaps less than theimpose new copy backlash that might betriggered by an abrupt cutoffof existing home-enter-protection measures.tainment equipment.There seems to be noclearly unproblematic way to address the backwardcompatibility problem, except in cases wherea truly new medium (rather than a new format ornew distribution method for an existing medium)is being created. The advent of DVD movies wasan instance of a new media format 21 that gavemoviemakers and DVD player builders an opportunityto build in a type of DRM. But such helpfultransitions to new media, new media formats,and new technologies are not predictable as ageneral rule.Moreover, waiting for a new medium or mediaformat is no help for those who hold copyrights inexisting media such as music and movies, and whomay be heavily invested in business models basedon media formats such as CD audio recordings andDVD video. It has been argued that improvementsin older media forms — e.g., high-definition television— may be compelling enough to ease the consumertransition to new players and other devices,but it has yet to be seen whether these claims forHDTV will be borne out in the marketplace. Historically,changes or improvements that provideopportunities for new protection schemes havecome about because of market demand rather thangovernment mandate. In the HDTV context, however,the transition to digital television has largelybeen driven by the government.A Closer Look at the Broadcast-Flag SchemeBecause digital television, including HDTV, iscommonly (if incorrectly 22 ) perceived to be moreeasily copied and transmitted over networks likethe Internet, there has been a push by contentcompanies to protect over-the-air broadcastingwith a marking scheme called, generally, “thebroadcast flag” scheme or sometimes just “thebroadcast flag.” (“The broadcast flag” is actuallythe term for the mark that is used in the scheme.)A version of that scheme was adopted by the FederalCommunication Commission in November2003. The goal of a broadcast flag scheme is tolabel the digital broadcast content, then somehowensure that it cannot be captured at all, or that if itcan be captured (e.g., by consumer personal videorecorders like TiVo or ReplayTV) it cannot beduplicated without limit or redistributed to theInternet.The broadcast-flag scheme is a hybrid copy protectionscheme that uses different methods to protectthe content at different points in thedistribution chain. In the first stage of distribution,the content is broadcast over the airwaves in digitalform but is otherwise “in the clear” (unencrypted,unscrambled). In this stage, a broadcastflag is invisibly attached to each field or frame ofdigital television content. The broadcast flag,when present, denotes the copyright owner’s statementthat the recipient is not authorized to redistributethe content.To state the flag scheme in somewhat oversimplifiedform, the proposal requires that when adevice containing a “demodulator” (e.g., a set-topbox that receives a signal from an antenna or froma cable-TV feed) has received the content, thedemodulator must check for the existence of thebroadcast flag, and if the broadcast flag is present,the decoder may not pass on the content to14

What Every Citizen Should Know About DRM,a.k.a. “Digital Rights Management”another downstream device (such as a television, avideo recorder, or a computer) unless the devicecontaining the demodulator first re-encodes thecontent using some other copy-protection technology,or else passes it through “robust” (user-inaccessible)channels to another device that can berelied upon to do the re-encoding. 23If the decoder does re-protect the content, itmust do so using one of the approved copy protectiontechnologies that are listed in “Table A” of thebroadcast-flag framework. 24The scheme additionally requires that if a downstreamdevice is capable of understanding contentthat is encoded using one of the Table A technologies,then that downstream device must itselfimplement that Table A technology.Given the relative simplicity of the broadcastflag itself, the mandates relating to other technolo-gies are in fact the main effect of the broadcast-flagapproach. In this sense, the broadcast-flag schemecan be considered primarily to be a meta-standardwhose purpose is to mandate the use of other standards.Thus, to analyze the real effect of the broadcast-flagscheme we must consider the effect ofmandating all of these other technologies. A fullassessment of that effect is beyond the scope of thispaper, but we may be sure that costs associatedwith a broadcast-flag mandate spread out farbeyond the costs of building flag-detectors intoTV-receiver hardware.To understand why this is so, we need to focus onthe two main lessons to be drawn from our examinationof the broadcast-flag proposal. First, considerthe ever-expanding nature ofbroadcast-flag technology mandate. We startwith a simple broadcast-flag label on digital televi-A Case Study of Watermarking:The Secure Digital Music InitiativeOne example of the problems inherent in attemptingto develop a standard watermarking technology forcontent can be found in the experience of the SecureDigital Music Initiative (SDMI), a consortium of companiesfrom the music, consumer electronics, andsoftware industries. SDMI sought to design a marking-basedDRM system for recorded music. Afterchoosing a set of proposed DRM technologies, includingfour watermarking methods, SDMI announced apublic challenge, inviting the public to try to defeatthe proposed technologies.A team of researchers from Princeton Universityand Rice University studied the four watermarkingmethods, and was able to defeat all of them — thatis, to remove each watermark without unacceptablydamaging the audio quality of the content — in lessthan three weeks of work. 27 During this time theresearchers had access to less information than a realwould-be copyright infringer would have had.The researchers were able to defeat each SDMIwatermark technology by first pinning down thenature of the watermark and where in the content itwas hidden, and then by devising a modification tothe content that would target the watermark’s locationand thereby either remove or mask the watermark.As an example, in one of the SDMItechnologies, the watermark consisted of a smallamount of noise added within a certain narrow rangeof musical tones. Having identified this range oftones, the researchers found it easy to isolate andsuppress this noise, thus defeating the watermark.None of the SDMI watermarks required highlyadvanced technology to defeat. The Princeton andRice researchers concluded that current watermarkingtechnology can be defeated by an attacker of evenmoderate technical sophistication. Although we cannotrule out the possibility that a major advance inwatermarking technology will occur, history suggeststhat any purported advance would have to be subjectedto substantial public scrutiny and testingbefore it could be deemed reliable.15

II. What Does DRM Look Like?sion broadcasts. To protect the effectiveness of this,we need a mandate on all demodulator-containingdevices. But this is pointless unless we impose additionalmandates on all of the devices that might be“downstream” 25 from the demodulator. Becausethere are so many types of downstream devices, wemust incorporate by reference a set of othercopy-protection technologies. What started outas a “simple” broadcast flag scheme ends up includinga range of copy-protection technologies, andwhat started out applying only to digital televisiondemodulators must, to have any hope of even beingeffective at all, up applying to virtually all digitalvideo equipment, personal computers, and personal-computersoftware. 26This expanding-mandatephenomenon is to beWatermarking, like otherexpected with “marking”labeling approaches to approaches generally. Anytechnology mandate coverscontent protection, a limited set of devices andsituations, and the devicesrequires device-makers to at the edge of this coveragetend to become loopholesthrough which theredesign their products.content can escape. Thenatural response is towiden the coverage area to address the loopholes -but this tends only to moves the boundary ratherthan eliminating it.Arguably, then, the only mandate that mightclaim to be truly effective is one that expands toreach the entire universe of digital devices—ineffect, it requires a massive universal redesign of digitaltechnologies that might be used to capture, copy,and redistribute content labeled by the “broadcastflag.” Efforts to “cabin” the effect of the broadcastflagscheme by limiting it to certain classes of digitaldevices (digital TV receivers, set-top boxes, and personalvideo recorders, for example) may limit theextent to which IT companies and others must complywith such mandates, but at the price of increasingthe risk that the marking scheme will besidestepped, either by current or future digital toolsthat aren’t covered by the scheme. 28 This developmentwould render a “cabined” mandate and relatedexpenses a relatively useless and costly exercise.The Risk of Premature Deployment of a Watermark-BasedSchemeAs discussed supra, watermarking remains anunsolved area of scientific research and debate,with many fundamental open problems. No completelysatisfactory watermarking techniques haveyet been developed for the audio, video, or textdomains, nor is it certain that a sufficiently secure,robust and invisible marking technology could bedeveloped in the foreseeable future. It would bevery risky, at present, to deploy systems (or to baseregulatory structures) that depend for their securityor viability on the highly speculative assumptionthat a practical watermarking scheme will be ableto be developed. Should an adequate watermarkingtechnique be invented, however, it would likelyplay a role in several aspects of copy protection andenforcement.At least two applications of digital watermarkingtechnology relate to DRM. The first is contentlabeling, in which the content owner aims to identifyprotected material and specify permissible usesand copying restrictions. The second is serialization,which aims to mark material with a uniqueserial number or message that identifies theauthorized end user and thereby provide evidenceof the source of illegal copying.Neither content labeling nor serialization is sufficientby itself to prevent illegal copying, however.Both approaches require that various parts of thecontent distribution process be “trusted” andsecured against unauthorized access. It is theoreticallypossible that a practical system might bebased on either, or both, approaches, but such apractical system would impose certain requirementson device-makers and other industries thatenable the playback of digital content.Systems based exclusively on content labelingrequire that all devices that use restricted materialwill read the label and refuse to act in a mannerthat is contrary to the restrictions encoded in thelabel. Furthermore, each system component mustcontain all the necessary keys to access the protectedcontent. In addition, the required trustedsystem components include essentially any enduserequipment that must process labeled content.This last requirement is an ambitious one, since it16

What Every Citizen Should Know About DRM,a.k.a. “Digital Rights Management”would, for audio and video, include the entirerange of consumer electronic devices, potentiallyincluding general-purpose computers.Systems based exclusively on serialization, on theother hand, do not place any special requirementson end-user devices, since they would depend fortheir security on the fact that the perpetrators ofillegal copying risk exposure by having their identityencoded in every copy they produce. However,such a system still entails considerable securityinfrastructure, with significant costs and risks. In aserialization scheme, the entire distribution chain,up to the point at which material is serialized, mustbe secure against unauthorized use; a single unauthorized,un-serialized copy has the potential tocompromise the entire system. Furthermore, anyeffective serialization scheme requires that consumersbe positively identified at the point of saleand associated with their serialized copy, a difficultadministrative task at best, and one with seriousprivacy implications. 29Hybrid schemes may also be possible. For example,a system could employ both labeling and serialization(in which case both the distribution channeland the end-user devices must be secured). It mightalso be possible to perform part of a user-serializationprocess in the end-user devices, although thatwould still require a trusted distribution channel aswell as trusted end-user hardware. The recent developmentsin “trusted computing” championed byIntel and by Microsoft may facilitate such a trusteddistribution channel. But since “trusted computing”depends primarily on encryption and on the creationof secure environments within computingplatforms, a marking scheme may be superfluous ina true trusted-computing environment.Outside the trusted-computing context, systemsbased on watermarking, whether for labeling orfor serialization, are often quite vulnerable to singlepoints of failure. In particular, currently proposed“watermarking” systems all have theproperty that anyone with enough information toread a watermark can easily derive the informationneeded to remove it. In the case of labeling systems,this means that if any user device is compromisedand the watermarking parametersdiscovered, not only can that user device makeunlimited copies, but also labels can be removedor altered from content to be played on unmodifieddevices. In the case of serialization schemes,this means that if a single user is prosecuted inopen court, the very same evidence that identifiesand convicts him will provide a primer for futureillicit copiers to escape detection.C. Other ApproachesFaced with the difficulties associated with each ofthe major types of copy protection discussed above,content owners have begun to explore otheroptions. Among them are selective incompatibilityand DRM hybrids.Selective incompability is an approach we’vealready seen in the marketplace for music CDs.Here the notion has been that a music CD manufacturerwill add deliberate “errors” into encodingof music content on CDs, with the result that theCDs will be readable by some CD players (typicallyconsumer-electronics single-purpose devices)and not by others (typically computer CD drives).Music companies’ initial efforts in this directionsuggest that this approach is not a particularlyviable one (one protection scheme for CDs couldbe defeated by using a felt-tip marker to cover upthe “errors” around the edge of the CD 30 ), and inthe long term the risk of too many “false positives”(CDs that are judged to be illicit copies by protectedplayers) and “false negatives” (CDs that arejudged to be unprotected when in fact the manufacturermeant for it to be judged as protected) issignificant with the selective-incompatibilityapproach. Moreover, both device makers and consumersare likely to react negatively to CDs that donot reliably play on the platforms that consumerscustomarily use. (This negative reaction can nodoubt be diminished by clearly marking such CDsas protected in this manner, but this may also resultin diminished sales, at least in some markets.) Theissue of selective incompatibility may also arise inthe near-term with the deployment of DVD-movieproducts in “higher-definition” or other “higherquality”formats that cannot be read by existingDVD players.An example of a DRM Hybrid includes somevariants of the broadcast-flag approach for protect-17

II. What Does DRM Look Like?ing television content, combined with some use ofencryption. Under the “hybrid” version of thescheme, the first step is, as with the broadcast-flagscheme generally, to insert the “broadcast flag”into the digital-television signal. If that signal is notitself encrypted, there are no technical barriers toremoval of this flag.For this reason, the DRM Hybrid version of thebroadcast-flag scheme would require a legal orregulatory mandate that receivers check for thebroadcast flag, and apply an approved DRMmethod (such as encryption or “tethering” thereceived content to a particular home entertainmentsystem or user) to the content if it is markedwith the flag.The DRM Hybrid version of the broadcast flagapproach illustrates a problem with marking systemsgenerally — whether one is using a “pure” markingscheme or a DRM hybrid version of the scheme,there is a general requirement that the scheme bebuttressed by government regulation of some sort.This brings us to our next policy question.18

III. Should DRM Be ImposedBy the Government?No treatment of the copy-protectionmandateissue (which hereafter we’llrefer to as “technology mandates” orsimply “mandates”) can proceed withoutrecognizing that a confluence of severalfactors has brought copyright issues tothe center of the public-policy arena.Although not quite commanding thesame attention as, say, counterterrorismmeasures or foreign-policy concerns,copyright issues have risen to the top ofthe discussion of broadband-Internetpolicy and digital-television policy inaddition to commanding attention ontheir own.The reason for this increasingly evidentintersection of copyright policyand technology policy lies in the fundamentalnature of the personal computeritself. Computers are designed to copyand manipulate data with ease and withaccuracy, (e.g., from hard disk to RAM,or from your e-mail program to afriend’s). This copying is part of theessential functionality of computers. Forthis reason, the increasing ubiquity ofpowerful but inexpensive general-purposecomputers poses a particular challengefor copyright holders whoseinterests lie in digital works.A Brief History ofSoftware Copy ProtectionFor some copyright holders, this challengehas long been apparent. Softwaremakers in the 1970s and 1980s werefully aware that computers could beused to make unlicensed copies of theirproducts. Many and perhaps most softwaremakers attempted to use various“copy protection” technologies to preventusers from making copies of commercialsoftware; these efforts were lessthan completely successful in large partbecause general-purpose computerscould be programmed to edit or alterthe very copy-protection measure thatwas designed to prevent copying. As aresult of this aspect of the nature ofcomputers, and in response to theinconvenience of copy-protectionschemes of the period, an aftermarket in19

III. Should DRM Be ImposedBy the Government?utility programs that enabled the defeat of suchmeasures quickly appeared—for several years therewas an ongoing “arms race” between commercialsoftware vendors, who developed ever more powerfuland arcane copy-protection strategies, and themakers of copy-protection-defeating utilities. Generallyspeaking, however, digital information isinherently copyable and inherently alterable, whichposes special problems for the copyright holderwho seeks to prevent his or her digital work frombeing copied or altered.In the same period, the general-purpose natureof personal computers was what created the greatestnumber of business opportunities for softwaremakers. Because the leadingpersonal computers atIn the 1980s, computerindustrycompanies moved — most notably the Applethe beginning of themicrocomputer revolutionII (1978) and the IBM PCaway from the more rigid (1981) — were designedto be “open platforms,”and restrictive types of this meant that third-partysoftware vendors wereDRM. able to freely develop newapplications for those platforms.(One of those vendors,Microsoft, has been so successful at this thatits revenues currently exceed those of any singlecomputer maker.) At the same time, efforts tomeet consumer needs by promoting dedicatedword processors and other dedicated digital toolsfailed in the marketplace, with the notable exceptionof game consoles. In general, when it comesto computing, the public prefers general-purpose,unconstrained, “open-platform” tools to specialpurpose,limited ones. We may reasonably infer,therefore, that any government mandate thatfocuses on limiting the functionality of generalpurposecomputing tools may have the unintendedeffect of diminishing the market for the resultingproducts. A mandate might also prime an aftermarketfor pre-mandate “open architecture”devices, perhaps via auction websites such as eBay.The Advantages of SellingSoftware Rather Than ContentSoftware makers in the 1970s and 1980s had certainadvantages when attempting to block softwarecopyright infringement. The first and mostimportant advantage was the fact that most commercialsoftware that is capable of performingcomplex tasks requires a significant degree of documentationand support; bona-fide purchasers ofsoftware were able to receive such benefits,whereas those who made unlicensed copies typicallyhad to do without. This led to another aftermarket,this one in third-party manuals andworkbooks for commercial software products.That aftermarket continues to this day, somewhatto the chagrin of software vendors. Nevertheless,software makers have generally abandoned theharsher varieties of copy-protection schemes toprevent unauthorized software copying, largelybecause of negative consumer response. A fundamentalprinciple of the personal-computer business— the principle of High Volume/Low Cost— drove vendors away from the more rigid andrestrictive types of copy protection; the vendorsmanage the problem of “leakage” partly by seekinglegal remedies against the more egregiousinfringers, partly by making software more affordableand thus easier to acquire legally, and partlyby employing measures such as registrationschemes that make illicit copying somewhat moredifficult for ordinary users.But the other advantages for software makerswere also considerable: modem speeds were comparativelyslow, computer storage was comparativelyexpensive, and relatively few consumers hadaccess to the Internet. All of these advantages evaporatedin the late 1980s, in the 1990s, and in thecurrent era, as modem speeds increased by ordersof magnitude, computer storage became increasinglycheap, and access to the Internet becameubiquitous. Indeed, current telephone modems,fast as they are, are likely to be supplanted by highspeedbroadband connections to the Internet,which are becoming increasingly available to mostbusinesses and homes in America.These factors compounded the problems of digitalcopyright holders in a number of ways. First of20

What Every Citizen Should Know About DRM,a.k.a. “Digital Rights Management”all, just as the “open platform” of the general-purposecomputer was designed to make the copyingof digital information easy and reliable, the “openplatform” of the Internet was designed to make thecopying of bits over long distances reliable. Inaddition, the Internet makes it possible for individualcomputer users to copy works to a multiplicityof recipients—to effectively “broadcast” unlicensedcopies of copyrighted works.Secondly, greater computer capacity, advances incompression technology, and greater bandwidthhave made it possible to copy significant numbersof copyrighted works (most notably, songs in theform of MP3 files) and copyrighted works of significantsize (e.g., television shows and featurefilms). Third, digital copyrighted content, unlikecopyrighted software, does not typically requiredocumentation or support to be used.How The Content ProducersHave RespondedAs we have seen, in the computer era one approachof content owners has been to enclose or protectdigital copyrighted works with what we once called“copy-protection technologies” but which we arenow commonly referred to as Digital Rights Managementtechnologies or “DRM.” These technologiesare commonly (but not always) based onencryption. The use of encryption-based copy-protectiontechnologies has been the foremost of thetwo major approaches to preventing the unauthorizedcopying of copyrighted works in the digitalworld. The other approach — the reliance on governmentregulations (often called “technologymandates”) to constrain the capabilities of consumertechnologies — has been much less widespread,although this may be changing.The Digital Millennium Copyright Act(DMCA), enacted in 1998, reflects the Contentcompanies’ assumption at the time that it wouldrely primarily on DRM technologies to protect itscopyrighted works in the digital age. Most of thebroad prohibitions of the DMCA are aimed at preventingcircumvention of these technologies,which, once again, are usually based on encryption.At the same time, the DMCA expressly codified atechnological mandate concerning videocassetterecorders, but also expressly sidestepped the issueof technology mandates generally. 31The DMCA’s provisions in 1998 were aimed atmaking DRM approaches more secure by broadlyprohibiting circumvention (thus preventing thekind of “arms race” between copy-protectiondevelopers and copy-protection circumventers thatoccurred in the 1980s in the software industry). Atthe time, content-company advocates, as well asadvocates from the information-technology sectors,believed that the DMCA was in itself a long-termsolution to the copyright-infringement problemsthey feared. The DMCA, which did not providesignificant exceptions for circumvention or circumventiontools — even when the underlying goal ofthe circumventer or the toolmaker was a legal one— was enough, they believed to forestall the kindof widespread infringement and unlicensed copyingto which the Internet might give rise.Only a year later, however, peer-to-peer file-sharingbecame a visible and well-publicized phenomenon(most famously, through the use of Napster).While particular peer-to-peer applications and servicesmay be hindered or neutralized through litigation,the essentially decentralized nature of theInternet, together with the ubiquity and increasingcheapness of computers, has made it possible forfile-sharing, particularly of music, to continue.Music companies have been particularly vulnerableto file-sharing, for a number of reasons. Firstand foremost, MP3 compression makes most songfilesremarkably compact, which makes them fareasier to transmit and receive, even over today’srelatively limited consumer broadband networks.Moreover, most music companies’ catalogs areavailable on CD in unprotected formats. This isbecause music companies, when adopting the CDformat for distribution of music, did not anticipatethe ubiquity and ease of use of “ripping” 32 and“burning” 33 applications and technologies, nor didthey anticipate the quickness with which musichobbyists would begin to share “ripped” music fileson the Internet via peer-to-peer mechanisms.Movie and television studios and networks fearthat increasing adoption of broadband Internet services,together with the migration of video content todigital formats (such as HDTV) will result in the21

III. Should DRM Be ImposedBy the Government?same “Napsterization” of their offerings that themusic companies have endured. There is less justificationfor their fears, at least in the short term. Partlythis is because the most common form of commercialvideo distribution, other than television, is DVDsales, and DVD content is scrambled to prevent easycopying. Another factor that has slowed or even preventedtrue “Napsterization” of television contenthas been the sheer size of video files; in general, adigital file created from an hour of standard televisionis two or more orders of magnitude larger thanan MP3 file. (When the digital file is HDTV television,the disparity in file sizes is even larger.)Nevertheless, TV and movie offerings that aredistributed via broadcast and cable channels areeither unprotected (“in the clear”) or, if protectedby DRM, they are descrambled at theplayer/receiver end (which they must be in orderto be viewed), whereupon they can be captured byusers through a variety of means. These users canthen digitize, alter, or disseminate the works to theInternet and elsewhere. The fact that some usersdo this (albeit after reducing significantly the resolutionand quality of the captured video content) isadduced by movie and TV companies as evidencethat the threat to their business models posed bypeer-to-peer file sharing is either just around thecorner, or is already here. 34Neither the issue of peer-to-peer file sharing northe increasing capability of computers to copy andtransmit content was fully foreseen by the draftersof the DMCA. Specifically, these issues are notaddressed by the anti-circumvention provisions ofthe DMCA (since they rarely if ever involve actualcircumvention of copy-protection technology) andonly tangentially addressed by the Notice-and-Takedown provisions of the DMCA 35 (since peerto-peerfile sharing does not typically require theuse of an Internet Service Provider as a site formaking illicit content available). Of course, to theextent that file sharing constitutes copyrightinfringement, it is squarely addressed by the substantiveprovisions of the Copyright Act, Title 17 ofthe U.S. Code, but the prospect of having to filethousands or even millions of infringement actionsagainst American citizens is a daunting one for eventhe most assiduously protective content company. 36As a result of the onset of peer-to-peer file sharing,a number of content companies have increasinglyasserted that the solution to peer-to-peerinfringement lies in constraining what those toolsand mechanisms can do, through technologicalmeasures in tandem with government mandates(either regulatory or legislative or both). This perceptionhas been at the root of recent legislativeand regulatory initiatives that are designed to limitor prevent peer-to-peer file sharing, but that may,if enacted, have unintended consequences, includinga significant chilling effect on innovation.That such measures may be worse than ineffective— that they may even be counterproductive —becomes apparent when we dig deeper into ouranalysis of what the real “threat” to contentcompanies is.But before we discuss this threat model, we needto consider one final aspect of the issue of governmentmandates of DRM — that a governmentimposedtechnology mandate may actuallyexacerbate rather than diminish infringementproblems. Consider that when it comes to “solving”infringement problems DRM is aimed at amoving target. As circumvention tools evolve, andas new technologies pose new infringement problems,the locking of industrial sectors into a particular“standard” scheme, mediated and supervisedby government, actually slows the ability of thecontent sector to respond to new problems. Thereare fewer incentives to develop solutions that lieoutside the standard. And solutions that are developedwithin the framework of an “open” yet government-administeredstandard will take longer tobe approved and longer to find their way into marketofferings. While it is unclear that truly effectivelong-term DRM solutions can be developed in thedigital environment, certainly they are less likely tobe developed if development is constrained both byan increasingly outdated standard and by a government-approvalprocess.22

IV. The “Threat Model” of Universal Infringement,and the PotentialThreats Posed By DRMIf there is anything that those of us wholive in the age of the Internet, and whohave access to the Internet, know forcertain, it’s that our use of computersand Internet enables us to engage in thebroad sharing of any information. Sinceany content can, in principle, be broadlyshared or disseminated over the Internet,it follows that the illegal distribution ofcopyrighted content is possible as well.In effect, the same aspects of computersand the Internet that empower us to beglobal publishers also empower us to beglobal copyright infringers.In a nutshell: content owners fear thatonce an unprotected copy of a copyrighteddigital work becomes available,it can and will be distributed universallyon the Internet, and its distribution willdestroy, or at least severely diminish, itsability to generate revenue.This fear often results in self-contradictorystatements from content companiesthat seek, in various forums, legal orregulatory mandates for copy protection.On the one hand, such proposals aredefended as “speed bumps” that merely“keep honest people honest” and that arenot meant to be unduly burdensome toordinary users of the content. On theother, when objections to certain kindsof mandates are raised, the advocates ofthe mandate frequently invoke thespecter of the “one perfect copy” of thecontent escaping the secure system andthen being distributed universally on theInternet. Policy discussions of DRM frequentlyoscillate between the advocacyof limited (and therefore ineffective)proposals and broad (and therefore lesspolitically palatable) proposals. Sometimesthe very same proposal may bedescribed at one point as “limited” andat another point as “necessary to preventInternet distribution.” As a practicalmatter, no “limited” proposal can preventInternet distribution of the copyrightedwork.Of course, not all unauthorized distributionof copyrighted content over theInternet is necessarily infringement. Forexample, we have built into our copy-23

IV. The “Threat Model” of Universal Infringement,and the Potential Threats Posed By DRMright-law framework the important principle of“fair use.” Without discussing “fair use” and otherexceptions to copyright protection in detail — aproject that all by itself would take an essay farlonger than this one — we can say generally thatthe Framers of the Constitution and subsequentinterpreters of the Constitution’s Copyright Clauseand of the Copyright Act that springs from thatclause believed that some degree of unlicensed orunauthorized use of another person’s content islawful. To the extent that such distribution is largescale, however, and to the extent that this largescaledistribution undermines the commercial valueof the work being distributed, it is more likely tobe found by a court to be infringement.Theoretically, thisAt bottom, notion of lawful thoughunauthorized use ofpeer-to-peer file sharing copyrighted works is wellestablishedand uncontroversial,and even theis a characteristiccontent industries can beof the Internet’s heard to say they agreewith the general principlefundamental design. that fair use is important.In practice, however, thereis wide disagreement among stakeholders as to whatthe contours of “fair use” or other lawful but unauthorizeduses might be. In the digital world, however,it is theoretically possible for content ownersto use DRM to foreclose most or all unauthorizeduses of even parts of copyrighted works. This foreclosureof uses does not merely affect our ability tomake unauthorized copies; it also affects our abilityto own a copy of a copyrighted work, since therights associated with ownership of a traditionalbook or record album or movie may be significantlyreduced in a DRM-mediated environment. Thisraises the question of whether the very existenceand use of DRM alters the balances of our systemof copyright in one direction, even as computersand peer-to-peer file sharing may alter them inanother direction. 37 If so, then we may face thechallenge of developing ways to ensure that DRMdoes not skew the fundamental structure of rightsin copyright. The last part of this paper addressessome choices we may make in that regard.A. Can “Peer to Peer” Be StoppedOn the Internet Itself?Foremost among the perceived threats faced by thecopyright industries in the digital age is peer-topeerfile sharing, which arrived as a widespreadmass consumer phenomenon. Although peer-topeerfile sharing is commonly regarded in the contentcommunity as a new, and pernicious,technological development, it actually derives fromthe “architectural” design of the Internet itself. TheInternet was designed to be a simple, robust, reliable,and (most important) decentralized computerbasedcommunications medium. Because the“peer-to-peer” aspect of the Internet is central to itsdesign, it is difficult to imagine any “solution” topeer-to-peer-based copyright infringement thatdoes not require, at minimum, a fundamentalredesign of the Internet.At bottom, peer-to-peer file-sharing can beunderstood simply as the use of multiple computersconnected to the Internet as both “servers”(storing specified files that other computers canretrieve) and as “clients” (able to retrieve specifiedfiles from other computers that are storing them).Because computers engaging in such reciprocalfile-sharing and retrieval are acting both as“servers” and as “clients,” they are, in effect,“peers”—hence the term “peer-to-peer.” It is generallybelieved that peer-to-peer file-sharing hasgreatly increased the volume of unlicensed copying,although reliable statistics as to the actualextent of such copying or as to the economicimpact of such copying are currently unavailable,partly due to the problem with tracking such copying.Moreover, although peer-to-peer applicationsare perceived by many to be primarily tools ofcopyright infringement, it is important to stressthat such applications have both infringing andnon-infringing uses.What this all adds up to is that the aspect of theInternet that most bothers content companies is anaspect that is central to its design. In effect, it isexceedingly difficult to craft a law or regulationthat categorically outlaws peer-to-peer file sharingwithout, in doing so, outlawing the Internet itself.24

What Every Citizen Should Know About DRM,a.k.a. “Digital Rights Management”When Can You Copy a Copyrighted Work Without Permission?American copyright law, unlike most forms of DRM, expressly and deliberately allows for “fair use” of copyrightedworks — that is, it allows for unauthorized uses of those works. The relevant section of the Copyright Act is Section107 of Title 17 of the United States Code, which reads in its entirety as follows:Sec. 107. - Limitations on exclusive rights: Fair useNotwithstanding the provisions of sections 106 and 106A, the fair use of a copyrighted work, includingsuch use by reproduction in copies or phonorecords or by any other means specified by that section, forpurposes such as criticism, comment, news reporting, teaching (including multiple copies for classroomuse), scholarship, or research, is not an infringement of copyright. In determining whether the use madeof a work in any particular case is a fair use the factors to be considered shall include -(1) the purpose and character of the use, including whether such use is of a commercial nature or is fornonprofit educational purposes;(2) the nature of the copyrighted work;(3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and(4) the effect of the use upon the potential market for or value of the copyrighted work.The fact that a work is unpublished shall not itself bar a finding of fair use if such finding is made uponconsideration of all the above factorsBy itself, this passage doesn’t give hard-and-fast guidelines as to whether one’s copying of copyrighted works qualifiesas fair use, but American courts have interpreted fair use over the years to allow for such things as quotingcopyrighted works in reviews or making a small number of complete copyrighted works for teaching purposes. Oneof the more controversial dimensions of DRM is that that DRM, by preventing any “quoting” at all, or by limitingthe numbers of copies that can be made (or eliminating copying altogether), may effectively eliminate fair use. Italso may have an impact on other elements of the balance of rights in the copyright act, such as the First Sale doctrine,which allows the purchaser of a copy of a copyrighted work to resell that work to another, even without thepermission of the author or publisher.This may be counterintuitive to you if you thinkof peer-to-peer file-sharing as a relatively recentphenomenon. One of the reasons peer-to-peer filesharingmay seem to be a new phenomenon is that,during the explosion of commercial activity on theInternet in the 1990s, it was common to havelarger, more powerful computers function primarilyas servers, which then could be accessed bypersonal computers and other devices that wouldretrieve files as necessary. The term “web server”in the mid-1990s typically denoted, or at least sug-gested, the use of a larger, more powerful machineto “serve” web content to users who were surfingthe Web with their personal computers.As a factual matter, however, any computer capableof connecting to the Internet in a manner thatrelies on the standard Internet Protocol (sometimesreferred to as “IP” or even redundantly as“the IP protocol”) can potentially act either as aserver, or as a client, or as both. (Increasingly, consumeroperating systems, from Windows to theMac OS to GNU/Linux, include software designed25

IV. The “Threat Model” of Universal Infringement,and the Potential Threats Posed By DRMBeneficial Uses of Peer-to-Peer File SharingAlthough peer-to-peer file sharing is commonly demonizedas being inherently a copyright-infringing technology,it is well established that peer-to-peertechnology has beneficial, socially constructive uses.Some examples include:Education: Peer-to-peer technology can facilitatedelivery and sharing of class materials and collaborationon class projects. For example, Professor RobertKirkpatrick of the University of North Carolina atChapel Hill used Groove Network’s peer-to-peer toolsto manage a class in the composition of poetry.Among other things, Kirkpatrick used peer-to-peertechnology to encourage collaborative editing andcomment on students’ work, adjust the syllabus,archive course materials, and create a list of links toresources of poetic forms and vast archives of completeworks of poems and critical writing. The classalso used the Groove tools for a class forum and anannouncement board to share information on musical,dramatic and other events on campus.Digital content delivery: Major content companiesuse peer-to-peer tools to distribute copyrighted contentto customers. For example, CenterSpan’s securepeer-to-peer network provides music from Sony Musicartists to a wide variety of online service providersseeking to offer their subscribers streaming anddownloadable music. J!VE Media is the creator of asuite of digital video packaging, DRM and mediadelivery services that enables content providers to distributeprotected digital video content via publiclyaccessible peer-to-peer networks including theGnutella Network (which includes LimeWire and Morpheus)and the Fastrack Network (which includesKaZaA and Grokster). Jive’s customers include: 1) thePriority Records division of the EMI Recorded MusicGroup; 2) Koch International, the world’s third largestindependent music label; and 3) The Comedy Network,Canada’s 24 hour comedy cable channel.Public domain works: Project Gutenberg seeks toconvert to e-book form, and widely distribute over theInternet, over 4500 works from the King James Bibleto Shakespeare to the CIA World Fact Book. Theseworks are either in the public domain or authorizedby copyright owners for distribution. One of the chiefhurdles facing Project Gutenberg and public domainprojects like it has been the expense of hosting anddistributing the resulting files. Today, these expensesare being reduced, and valuable public domain worksare reaching more people, because these texts arebeing distributed over peer-to-peer networksLawful music sharing. Peer-to-peer networks can beused to share music legally. The Furthur Network is anon-commercial, open source, public peer-to-peer filesharing network that allows music lovers to downloadand share live music. The music of the Grateful Dead,Allman Brothers Band, Dave Matthews Band and otherswho authorize the noncommercial taping and tradingof their live performances is shared on this network.Data coordination and collaboration. Peer-topeertechnology is being used to provide up-to-theminute data and facilitate coordination of large-scaleprojects. For example, humanitarian groups in Iraqare using peer-to-peer tools to synchronize distributionof aid to the Iraqi people. Because peer-to-peersystems do not require a central server or centralizedcoordination, they are well suited to environmentswith little communications infrastructure.These examples are taken from the “Statement of Gigi B. Sohn, President, Public Knowledge. ‘Piracy of IntellectualProperty on Peer-to-Peer Networks’” Testimony before the House Judiciary Committee, Subcommittee onCourts, the Internet and Intellectual Property. September 26, 2002. Available at http://www.house.gov/judiciary/sohn092602.htmand the “Statement of Alan Davidson, Associate Director, the Center for Democracy andTechnology. ‘Peer to Peer File Sharing and Security’” Testimony before the House Committee on GovernmentReform, May 15, 2003. Available at http://www.cdt.org/testimony/030515davidson.pdf.26

What Every Citizen Should Know About DRM,a.k.a. “Digital Rights Management”to enable the use of the computer running theoperating system as a Web server.)To understand how intertwined peer-to-peer filesharing is with the Internet itself, it helps to considerwhat the Internet actually is. One way tounderstand the Internet is to say that the Internetconsists of special computers called “routers” interconnectedwith fiber optic lines, cable and dialupmodems, and the like. General purpose “host”computers, including your personal computer, connectto the routers to use the Internet to communicate,and in effect they become part of theInternet as well.The end-to-end design principleRouters are functionally similar to postal sortingmachines. But instead of sorting paper envelopes,they handle small electronic “packets” of data fromand to the host computers. By design, routers provideonly a minimum set of services. All other processingis done on an “end-to-end” basis by thehosts. This “end-to-end principle” was and continuesto be extremely influential in the developmentof the Internet. The principle serves two vital purposes:it simplifies and reduces the cost of theInternet infrastructure, and it facilitates the developmentof new and innovative Internet applicationson the host computers.This end-to-end architecture has a profoundeffect on the viability of any mandated technologicalcopy-protection scheme implemented withinthe Internet itself (i.e., in the routers), as opposedto the host computers connected to it. Just as apostal sorting machine looks only at the addresseson the outsides of envelopes without openingthem, Internet routers only need look at the Internetprotocol “header” on each packet. The contentof each packet is wholly arbitrary, and is not necessarilymeaningful to anyone but the host to whichit is addressed. This is especially true when thepacket has been encrypted with a key possessed byonly the source and destination hosts. Several security(encryption) protocols are already widely usedon the Internet, including SSL, SSH, TLS andIPSEC.Since end-to-end encryption can completelyhide the meaning of each packet, use of encryptionwould make it completely impossible for Internetrouters to scan encrypted packets for “broadcastflags” or any other copyright information so thatthe transfer of such packets could be blocked.Making things worse for would-be infringementdetectives, even when Internet Protocol (IP) communicationstraffic is not encrypted, IP “sniffing”(sampling of packets) is not particularly effective atdetecting infringement. A single IP packet cancarry only a limited amount of data (1500 charactersis the usual maximum) and it is both permittedand fairly common for the different IP packets thatmake up a transfer to follow different paths to theirdestination. To determine by“sniffing” packets whethercontent is being infringed The Internet’s robustwould require the gathering,buffering, and examinationof whole files, or“end-to-end” designleast large chunks of them, makes it difficult toeven if they were transmitted“in the clear.”defeat or deterWhat this discussionsuggests is that any technologymandate thatinfringement at therequires core Internet network level.components (routers, transmissionlinks, and so on) toimplement schemes to thwart the transfer of copyrightedmaterial is likely unworkable and easily circumventable.This means that copy-protectionmandates, if they are to work at all, would requiremechanisms and measures to be implemented inthe Internet hosts.B. Who’s a Host On Today’s Internet?This is a broader prescription than it may firstappear to be because nowadays virtually everycomputer on the Internet can function as a host.This was not always the case, however. In theyears before the personal computer revolution(which can be said to have begun approximatelyin 1976), Internet hosts were usually physicallylarge, continuously operating computers thatacted as both servers and clients, depending onhow you used them. They communicated asequal peers.27

IV. The “Threat Model” of Universal Infringement,and the Potential Threats Posed By DRMWith the personal computer driving the Internet’sexplosive growth in the mid to late 1990s,clients and servers began to differentiate. Today,many and perhaps most personal computers functiononly as clients; they rely on services providedby relatively few dedicated “server” hosts. ManyInternet service providers (ISPs) provide servertypeservices to their customers so that they maypublish web pages and other information. Oneconsequence of this design is good news for contentowners: Specifically, when a user publishesinfringing material on his ISP’s server, it is relativelyeasy to identify andMany observers regard contact the ISP staff torequest removal of thethe broadcast-flag infringing materials.But this aspect of Internetuse is changing, and ininitiative as a first stepa way that harkens back totoward comprehensive the original structure ofthe Internet. With thedesign control over availability of high speed,“always-on” Internetcomputers and other access by cable modemand DSL, of advancedproducts. operating systems such asGNU/Linux and BSD andlater versions of Windows, and of continuingprice/performance improvements in computerprocessors, memory and disk storage, individualscan now run their own servers, accessible to anyoneon the Internet. Users no longer necessarilyrely on ISP-provided servers; they need only basicInternet connectivity. Individual users become, ineffect, “hosts.” This is why, while some perceiveuser-run peer-to-peer servers as a novel development,they are actually nothing more than a returnto the Internet’s original model as a network ofcomputers as equal peers, each acting as both clientand server.The implication of this development is bothclear and disturbing for those who wish to outlawpeer-to-peer services as such — one probably cannotbuild effective DRM at the router level 38 , andbuilding it in at the host level probably requiresbuilding DRM into every personal computer thatcan connect to the Internet.This is a tall order, but at least some representativesof content companies hope to approach thisgoal. One way to do so is on a step-by-step basis.For example, content companies could seek regulationsand other measures that affect the design ofcomputers that receive television content (as anincreasing number of personal computers are ableto do), or that affect the design of devices that canbe connected to TV receivers (this would cover abroad range of digital and consumer-electronicsdevices). Indeed, many observers regard the contentcompanies’ push for a broadcast-flag regulationto be evidence of such a step-by-step strategy.The step-by-step approach can be used in morethan one arena. For example, content companiescan seek DRM-based design changes through privatecontracts (e.g., by refusing to license contentto cable or satellite-TV companies that don’tincorporate certain DRM measures into theirequipment, including the equipment they licenseconsumers to use). At they same time they can seekto advance the ubiquity of DRM by public regulationsuch as the broadcast-flag proposal submittedto the Federal Communications Commission,which the FCC has adopted, albeit in significantlyaltered form.The content companies’ efforts to make DRMmore pervasive in the digital world are complementedby efforts in the computer industry, somemembers of which hope to establish through“trusted computing” and similar initiatives a kindof DRM-based secure space inside your next computer— secure in ways that benefit you, perhaps,but also secure in ways that prevent you from havingfull control over your computer, especiallywhen it is being used as a channel for delivery ofcommercial content.28

What Every Citizen Should Know About DRM,a.k.a. “Digital Rights Management”Collectively, these efforts may hurt citizens in atleast three ways:❚ First, they may swing the balance of rights incopyright so much further in the direction of thecopyright owners that, in effect, they make the“fair use” and other balancing provisions of theCopyright Act unusable and thus irrelevant inpractical terms.❚ Secondly, to the extent that these efforts resultin new limitations on personal computers andconsumer electronics, citizens may soon findthemselves in a world in which these toolsempower them much less than they once did.❚ A third, related point is this: the computer revolutionand the remarkable advances we’ve seen incomputer technology over the last quarter centuryhave been dependent largely on so-called“open architectures.” Personal computers are saidto have “open architectures” because you can buyor build new devices that the computers can usein new ways, and because you can program themto do things that their designers never thoughtof. Moreover, the Internet itself, through its“end-to-end” principle, is another example of anopen architecture — because its underlying principlesare decentralized, simple, and robust, it’spossible for inventors to come up with new usesfor it. A notable example of the latter is theWorld Wide Web itself, which originated nearlytwo decades after the Internet was invented.In sum, then, it’s not just copyright-law intereststhat are at stake — or even citizens’ relationship tocopyrighted works. DRM, if too broadly and indiscriminatelyapplied, may throttle the advance of personal-computertechnology itself. And this wouldaffect you as a citizen even if you never once had thedesire to download a song or TV show or movie.29

V. Conclusion: Can ThereBe a “Humane” DRM?As this essay demonstrates, the balanceof rights and public policies we havegrown accustomed to in our copyrightlawframework is being pulled in morethan one direction. On one side, digitaltechnologies seem to have the potentialto undermine and perhaps even destroythe incentive system we have constructedas part of society’s “copyrightbargain” with artists and authors. Onthe other side, DRM may have thepotential to destroy society’s part of thatbargain, by enabling copyright ownersto prevent even those unauthorized usesof copyrighted works that we recognizeto be lawful, all in the name of stoppingInternet-based infringement.On still another side, we have the technologycompanies, who are torn betweentheir desire to provide new platforms forcopyrighted works (and who themselvesvalue copyright) and their desire to preventthe open platforms of digital toolsand the Internet from becoming “closed”in a way that hinders or halts innovationswe haven’t thought of yet.To suggest a solution that fullyaddresses the needs of all the stakeholdersin the current digital copyrightdebate is not, strictly speaking, beyondthe scope of this essay; it remains, however,beyond the scope of this author.Nevertheless, I believe we can outlinesome approaches to the problems ofdigital copyright and DRM that havethe potential to harmonize the needs ofevery stakeholder group.In short, we can begin to talk aboutwhat a humane, balanced form of DRMmight look like, assuming for the sake ofdiscussion that such a form of DRM ispossible. 39The kind of DRM framework I imaginefor the sake of this discussion meets, atleast, the following set of criteria:A. For Copyright Owners: It mustlimit (or, ideally, prevent) large-scaleunauthorized redistribution of copyrightedworks over the Internet orany similar medium. In addition,it must allow a range of business31

V. Conclusion: Can ThereBe a “Humane” DRM?models for distributing content, within the constraintsof copyright law.B. For Technology Makers: It must maintaintechnology companies’ ability to create a widerange of innovative non-infringing products,and to design, build, and maintain those productsefficiently. It must maintain the ability tochoose between open-source and closed-sourcedevelopment models. It must enable technologymakers to come up with robust, interoperable,relatively simple technologies that are fault-tolerantand easy to maintain.C. For Citizens and Ordinary Users: It mustmaintain access to a wide variety of creativeworks, both past and present, including bothpublic-domain works and works still protectedby copyright. It must maintain access to advancingconsumer technology for uses not related tocopyright. It must continue to allow for maintainfair use (including time-shifting, space-shifting,archiving, format translation, excerpting, and soon) and also must be flexible enough to allow fornew, innovative fair uses (e.g., uses of home networkingand other kinds of fair use we haven’tyet imagined or discovered).These are, of course, difficult criteria to harmonize.I cannot imagine, for example, a governmentbasedregulatory framework that might create this,starting at square one.I can, however, imagine a way that a truly freemarket in DRM-protected works might get us atleast closer to these combined goals. The key tocreating that market is not only to remember andvalue the great creative works that are already inthe public domain, but also to use DRM platformsas a way of revitalizing and redistributing publicdomainworks.Consider: Almost all DRM development nowadays— at least when it comes to copyright — isdesigned primarily to protect works that are currentlyalso within their term of copyright protection(e.g., most movies, recent books, and so on).Remember Stephen King’s novella, “Riding theBullet,” discussed back in Part I of this essay? It wasan electronic book, all right, but in many ways itwas more difficult to use (and to copy from) than itwould have been if it had been published on paper.In general, we expect computers to make informationeasier to get access to, not harder, so the limitationson “Riding the Bullet” and on many othere-books are frustrating. (One couldn’t, for example,cut-and-paste a passage from King’s novella into ahigh-school essay on the subject — the sort of thinga student would love to be able to do with a digitalbook — nor could one print it out, since thatoption was disabled.) This is due primarily to therestrictions traditional publishers place on e-bookpublishers — or, if they are within the same company,on their e-book publishing divisions.The practical outcome of the restrictions onproprietary e-book formats is that these formatsare dead in the marketplace — e-books are unpopular,considered clunky and burdensome, and, atbest, an idea whose time has not yet come. Designersof e-book platforms have been cogitating aboutthe “right” combination of content protection andflexibility, but in the meantime the whole conceptof e-books has been languishing. In a world withnot enough trees in it — a world in which computerdisplays are now good enough to give us abook’s worth of readable text — this is an unacceptableresult.E-books and the Public DomainSuppose, however, that some enterprising companyset out to take public-domain works and editions ofworks and make them available on e-book platforms— with all the DRM copy protection turnedoff. That company could sell the e-books at a nominalprice over the Web, but might even expresslyallow that these e-books may be freely copied,excerpted, subjected to cut-and-paste, and so on.Such an e-book — perhaps a lesser-known MarkTwain work, or Constance Garnett’s translations ofa Russian novel — would have all the advantages ofbeing based on a digital platform and none of thedisadvantages (you could even print out your copy,if paper were the only thing that would satisfy you).Suppose, further, that DRM-disabled digitalformatpublic-domain works became widespread— perhaps even via peer-to-peer file sharing. (Forschool districts this availability might signify a wayto save textbook acquisition costs even as they32

What Every Citizen Should Know About DRM,a.k.a. “Digital Rights Management”made up for increased expenses in the computerlab.) The e-book publisher might even produce aDRM-enabled teacher’s edition of the same work,including critical commentary and lesson plans,and generate a revenue stream from the “teacher’sedition” — in addition to the revenue generatedby direct sales of the public-domain work in e-book format.Nor has this scenario yet touched upon the factthat other people besides students read or otherwiseenjoy works that are now in the publicdomain. (Those works may not be limited tobooks; early films and recordings may also be availablefor this kind of public-domain dissemination.)It seems to me that, should some enterprisingcompany, perhaps based in Redmond, Washington,or Cupertino, California, were to take on this project,it would have a golden opportunity both to educatethe public about the potential convenience ofdigital reader or playback software platforms, and tohelp citizens grow more accustomed to using them.The next step (or, rather, the accompanyingstep) would be to make the same platforms availableto the publishers of current works. Yes, thosepublishers might insist on (and receive) limitationson the extent to which users could copy or excerptthe digital work in question. At the same time,however, consumers would know that the limitationson their use of these works came from thepublisher (or even the author) and not from theplatform itself.One obvious result of this scenario is that consumersbecome educated that it’s not e-book ordigital-media formats that are inherently limited —it’s that the limitations have been insisted upon byparticular publishers or artists. This additionalinformation enables consumers to make betterinformedchoices — they might choose one workover another because its DRM-enabled player hasbeen set to be more flexible or less restrictive.They might forgo buying books from a particularpublisher if that publisher insisted on too manyrestrictions. A more informed market for digitalworks is likely over time to become a more rationalmarket, making better-informed choices aboutwhat kinds of access to a work they are willing topay for. And because the consumer-expectationbaseline is set by the unrestricted availability ofpublic-domain works in DRM-enabled formats,publishers know that the restrictions they chooseto impose upon a copyrighted work are going to becommunicated directly to the buyer.It seems to me that a number of benefits immediatelyinhere from this proposal. First of all, makingmore public-domain works digitally available andmore widely distributed enhances citizens’ ability totake advantage of the wealth of creative works thatare already in the public domain. Second, it diminishesthe cost of reproducingpublic-domain works,which means that more DRM platforms couldsuch works can becomemore widely available at a be used to distributelower cost. Third, it givesboth publishers and digital-mediaplatform makerspublic-domain works inincentives to loosen restrictionsrather than tightenunprotected ways – thusthem, because consumers educating consumerswill naturally prefer lessrestrictive formats. Fourth, about who is insisting onit helps platform makersmake their platforms for copying restrictions fordigital media more familiar,more commonplace, newer works.and more user-friendly thanthey are now.It may be argued that what I’m proposing here ismerely that the influential companies that craftDRM platforms and schemes perform a kind of“community service” in making public-domainworks available. I think, however, that there is asignificant value proposition for these companies inusing their platforms to make public-domain worksavailable in an unrestricted way. Part of the value indoing so lies in revitalizing (or, perhaps more aptly,“vitalizing”) dormant media formats such as e-books. Making public-domain works available for anominal price (but nevertheless a price thatrecoups the cost to the company of digital formattingand distribution) could jumpstart the currentlylimited market for such books, especially if the formatadds significant value (such as the enhancedsearchability of texts).33

V. Conclusion: Can ThereBe a “Humane” DRM?Another part of the value of this proposal is that,even though it would be possible for a reader toget the e-book for free from some downstreamsource, there will always be readers who prefer togo to “the source” to obtain a copy they know tobe pristine, uncorrupted, and unaltered, and whowill pay a modest fee to do so. So there will be arevenue stream associated with making even copyablepublic-domain books available. The lesson thesoftware companies learned in the 1980s — theHigh Volume/Low Cost philosophy in which companiesmanage to “compete with free” in part bymaking it very affordable to buy a reliable productfrom the reliable source — is a lesson that canapply here as well.Finally, to the extent making public-domain contentavailable in DRM platforms with all the protectionsset to “off” educates the market about whois making the choices when it comes protectingthat content (the publisher, not the platformmaker), it rationalizes that market. The choice forvendors will be not between (a) doing a communityservice and promoting the platform and (b) makingmoney. The choice will be whether they are willingto hazard a business model, based on online distributionfor a modest fee of copyable copies of public-domainworks, that does both.One can even imagine that, in the long term,even those authors and publishers who want toimpose some DRM-based restrictions mightchoose different models for imposing those restrictions.We know, for example, that Microsoft andother technology vendors are developing and seekingstandard-setting for a “rights language” thatmay be applied to any digital content. If the baselinefor DRM platforms is that there are no restrictions,isn’t it more likely that such “rightslanguage” will evolve to accommodate an author orpublisher who wished to choose a different modelof rights allocation — e.g., the Creative Commonslicensing scheme. 40 (Perhaps the platform developermight actually meet with the directors of theCreative Commons project, hold a joint press conference,urge that Creative Commons licensesbecome more common — and thus more trustedin the marketplace.)Most of us believe that artists and authorsdeserve to be compensated, and even that publishersdeserve compensation for bringing them to us.At the same time, it is a natural human impulse toshare the creative works we love. (There are fewgreater testaments to this impulse than the NickHornby novel High Fidelity or the John Cusackmovie made from Hornby’s book. One of theironies of Hornby’s story is that his music-sharing,“mix tape”-making hero is also the owner of arecord store.) In the absence of a more humanevariety of DRM, these interests may be at odds withone another. It seems to me, however, that the onlypath to a more humane DRM, one in which marketforces lead to accommodations of both set of interests,is to regulate only minimally, if at all, to mandatecopy-protection technologies. And thatminimal-regulation framework has to be accompaniedby an investment by DRM designers and makersin promoting and preserving the public domain.The question before us, then, is how to harnessboth the technical ingenuity behind DRM and thehuman drive to share the works that we enjoy in away that leverages the best from both. Because it isonly by taking advantage both of human ingenuityand human nature that we will solve the problemsof maintaining the value of copyright — therewarding of creative artistic endeavor and thesharing of the fruits of that endeavor — as wemove further into a digital world.34

What Every Citizen Should Know About DRM,a.k.a. “Digital Rights Management”Selected ReadingsBooks, Articles, and TestimonyReaders who are interested in the topics of copyright,digital media, digital-rights management, and the relationshipsamong these topics as discussed in this DRMprimer may find the following selection of books, articles,and testimony to be useful starting points for readingand research.Biddle, Peter, Paul England, Marcus Peinado, andBryan Willman. “The Darknet and the Future of ContentDistribution,” 2002 ACM Workshop on DigitalRights Management, November 18, 2002Brinkley, Joel. Defining Vision: How BroadcastersLured the Government into Inciting a Revolutionin Television (Revised), Harvest Books, 1998.Craver, Scott A., Min Wu, Bede Liu, Adam Stubblefield,Ben Swartzlander, Dan S. Wallach, Drew Dean,and Edward W. Felten. “Reading Between the Lines:Lessons from the SDMI Challenge,” Proceedings of10th Annual USENIX Security Symposium, Washington,DC, August 2001.Davidson, Alan. Statement of Alan Davidson, AssociateDirector, the Center for Democracy and Technology,“Peer to Peer File Sharing and Security.” Testimonybefore the House Committee on Government Reform,May 15, 2003. Available at .Godwin, Mike. Cyber Rights: Defending FreeSpeech in the Digital Age, Chapter 7, “The BattleOver Copyright on the Net (and other IntellectualProperty Encounters).” Pp. 185-245. MIT Press, 2003.Kirovski, D., and F.A.P. Petitcolas. “ReplacementAttack on Arbitrary Watermarking Systems.” ACMWorkshop on Digital Rights Management, 2002Lemley, Mark. “Romantic Authorship and the Rhetoricof Property.” 75 Tex. L. Rev. 873 (1997)Litman, Jessica. Digital Copyright: Protecting IntellectualProperty on the Internet. Prometheus Books,2001.Sohn, Gigi B. Statement of Gigi B. Sohn, President,Public Knowledge, “Piracy of Intellectual Property onPeer-to-Peer Networks.” Testimony before the HouseJudiciary Committee, Subcommittee on Courts, theInternet and Intellectual Property. September 26, 2002.Available at.Vaidhyanathan, Siva, Copyrights and Copywrongs:The Rise of Intellectual Property and How ItThreatens Creativity, New York University Press,2001Statutes and TreatiesThe legal framework for the protection of copyrightedworks is grounded both in national and in internationallaw.The statutory scheme for the protection of copyrightedworks under United States law is the Copyright Act,Title 17 of the United States Code — specifically chapters1 through 8 and 10 through 12 of Title 17. TheCopyright Act of 1976, which provides the basicscheme for the current copyright law, was enacted onOctober 19, 1976, as Pub. L. No. 94-553, 90 Stat.2541. In the digital era, the U.S. copyright law hasbeen more frequently subject to major or minoramendment by Congress; nevertheless, a reasonablycurrent version of the Copyright Law of the UnitedStates of America and related laws contained inTitle 17 of the United States Code can be foundat the U.S. Copyright Office website at.The treaty-based international framework forprotection of copyrighted works is established bythe Berne Convention for the Protection of Literaryand Artistic Works, available at.Lessig, Lawrence. The Future of Ideas: The Fate ofthe Commons in a Connected World, Vintage, 200235

Selected ReadingsCourt casesTwo court cases in particular may shed light on centralissues concerning the law of copyright as it generallyoperates in the United States today. In Dowling v.United States, 473 U.S. 207 (1985), the United StatesSupreme Court discusses the extent to which copyrightinterests are distinguishable from traditional propertyinterests. In Feist Publications, Inc. v. Rural TelephoneService Co., 499 U.S. 340 (1991), the SupremeCourt discusses at length the scope of protection thatcopyright law provides to created works under theUnited States Constitution.Those interested in the relationship between the substantiveprovisions of the U.S. copyright laws and theDigital Millennium Copyright Act’s prohibition oftechnologies that “circumvent” DRM should read thememorandum decision in the federal district court caseUniversal City Studios, Inc. v. Reimerdes, 111 F.Supp. 2d 294 (S.D.N.Y. 2000). That case was affirmedby a federal appeals court in Universal City Studios,Inc. v. Corley, 273 F.3d 429 (2nd Cir. 2001)The leading case concerning individuals’ rights toengage in some degree of unlicensed copying of copyrightedmaterial is the U.S. Supreme Court’s decisionin Sony v. Universal Studios 464 U.S. 417, 104 S. Ct.774, 78 L. Ed. 2d 574 (1984). Sometimes known as“the Betamax case,” Sony adopted a district court’sfinding that “even the unauthorized home time-shiftingof [content owners’] programs is legitimate fair use,”and concluded that devices that enable such “commerciallysignificant noninfringing uses” are not violationsof the Copyright Act.36

What Every Citizen Should Know About DRM,a.k.a. “Digital Rights Management”Endnotes1 When I say we don’t “normally” make exceptions for unauthorizeduses of other people’s property, I am not sayingthere are no exceptions. The law allows us to make certainuses of other people’s property in some kinds of emergencies,for example, and it may allow a government to invokeits power of eminent domain to authorize a utility companyto tear up your front yard in service of some larger publicgood. Copyright law is nevertheless different because itallows for some routine and regular uses of others’ propertywithout their authorization.2 Sometimes such shared “property” is called a “commons,”based on the tradition that there may be property in atownship whose use and ownership is shared by everybodyin the town.3 The American copyright doctrine called “fair use” has no precisecounterpart in other countries, but there are some similarprotections in other countries for unauthorized copying— these protections derive from copyright doctrines relatingto “fair dealing” and “private copying.” This paperfocuses more on the American doctrine of fair use than onthese analogous doctrines in other countries, but its reasoningmay be applied without much modification in mostother countries that, like the United States, are signatoriesto the Berne Convention (an international copyright treaty).4 The term “intellectual property” is a newer term than youmay think — only a few decades old, according to law professorMark Lemley. See Lemley, “Romantic Authorshipand the Rhetoric of Property,” 75 Tex. L. Rev. 873 (1997)at footnote 123.5 Throughout this paper, the term “copy protection” is usedinterchangeably with “DRM.”6 A more complete discussion of the fact that analog contentcan be digitally copied appears in section II of this paper.7 Other artists and authors and publishers approach the problemdifferently, however, by suggesting that perhaps compensationof artists and authors should not focus so muchon the making of copies of the creative work. There areother models for compensating artists, which include butare not limited to compulsory licensing and levies on playbackor recording equipment. This paper does not advocateany of these alternatives; it assumes that the making andselling of copies of creative works will remain at the heartof the compensation system for some time to come.9 See, e.g., Hernandez, “DVD sales up 57% in 1st half of 2003,”Los Angeles Daily News, Aug. 4, 2003, republished in TheArizona Republic’s online edition at .10 NGSCB was formerly known as “Palladium,” its in-housecodename at Microsoft Corp.11 Advocates of “trusted computing” make a point of stressingthat trusted computing is not itself DRM, but merely maybe used as the basis of a DRM scheme. While this reservationis certainly true, the available public reports concerningtrusted computing suggest that content protection and control(by the content provider) were among the initial motivationsfor the development of this technology. It also seemslikely that content-protection schemes will be among thefirst and foremost uses of trusted-computing architectures.12 Ironically, however, the typical protection scheme offered formarked TV content that is broadcast “in the clear” is toencrypt it after it has been “demodulated” (that is, receivedby a TV receiver). In this scenario, marking the content isnot really an alternative to encryption-based protection; itsimply requires encryption at a different point in the transmissionchain from broadcaster to audience. Why policymakersmight consider this a better alternative than simpleend-to-end encryption, especially given that the content is“in the clear” and unprotected for most of the distance ittravels, is unclear.13 The most obvious way to digitize (or redigitize) analog contentis to point a digital movie camera at a movie or televisionscreen. A less obvious way, perhaps, is the use of apersonal video recorder, such as TiVo or ReplayTV, to captureanalog television content in digital form. Many digitaltelevision receivers have been produced with analog outputsso that they can be integrated into existing homeentertainmentsystems. This means such receivers can beused to “route” in-the-clear digital content through analoginterfaces, after which the content can be redigitized withoutany protections associated with it.14 Once one captures digital content, one can use a computer toremove, modify, or forge a label. While the content may beencrypted while in transition to display, it must ultimatelybe displayed “in the clear” (that is, decrypted) in order foran audience to use it. Obviously, cryptography alone cannotprevent the complete removal of a label of content that isdisplayed or otherwise made available in unencrypted form.8 This is the approach used by cable-television set-top boxes.Once the scrambling or decryption technology of a set-topbox is understood, the box itself can be “pirated” and duplicated,making it possible for the creation of an aftermarketin illegal, cloned cable descramblers. And in fact a numberof such descrambler-cloning enterprises exist, in spite oftheir illegality.37

Endnotes15 The watermarks discussed in this paper are “robust” watermarks,which are designed to survive common operationssuch as data compression. Other types of watermarks are“fragile,” meaning that they are deliberately designed sothat they do not survive such operations. Fragile watermarksare useful only in conjunction with robust watermarks,and fragile watermarks are by definition easilyremoved from content, so their use cannot increase a system’sresistance to hostile attack. The idea is that if amachine detector finds the presence of a robust watermarkin the absence of a fragile watermark, it follows that thecontent has been inappropriately manipulated. But sincethe theory relies on the proposition that there is such athing as a robust watermark, we need to focus only onwhether such robust watermarks are possible.16 “Fingerprint” is a term of art that unfortunately has differentmeanings in different subareas of computer science (as wellas other areas of science, of course). Here we use the meaningcommon in discussions of digital copy protection.17 One possible use of watermarks that has been discussed is theuse of “serial watermarks” as a form of what might becalled “externally imposed fingerprinting.” For example,when a user buys a recording from a website, the downloadedfile could be uniquely marked with a subtle markreflecting not the characteristics of the music but the identityof the buyer. This measure might enable content companiesto track the source of an infringing digital copy ofthe recording found on the Internet. No scheme currentlyproposed entails the use of “serial watermarks,” so I do notcritique such a scheme here, although I note in passing thatusers may be wary of a scheme aimed at branding the contentthey experience with identifying information.18 In practical terms, this means that all content is traded inunprotected, unmarked form on the Internet today may continueto be traded, absent the sort of regime described below.19 Nevertheless, such an approach has been suggested by someadvocates of copy protection in the context of the UnitedStates’ planned transition to digital broadcast television,which is seen, incorrectly, as posing a unique threat tocopyright holders.20 The consumer markets for movies and (especially) for musichave of course endured a number of format changes. Whatmade the transitions — e.g., from VHS movies to DVDmovies, and from music LPs and cassettes to CDS — tolerablefor consumers were that they were unforced; consumersgot to choose when they would move to a newformat, and could set up their home entertainment systemsto accommodate multiple formats. This will not be the caseduring the transition to digital television in the UnitedStates because the U.S. government plans to reclaim thespectrum loaned to broadcasters during the digital transitionso that broadcasters could transmit both digital andanalog television. Once the transition is complete, analogbroadcasts will be shut off, and consumers will have to payto upgrade their equipment in order to receive broadcasttelevision content.21 I distinguish here between media forms (such as musicrecordings and television) and media formats (such asmusic CD and cassette formats, or the analog and digitaltelevision formats). Media formats may change frequently,and at a faster rate as technological advance accelerates, butnew media forms arise less frequently.22 This threat model for digital broadcast television has beensignificantly criticized by a number of participants in theFederal Communications Commission’s proceedingsregarding broadcast-flag regulation. It has been noted, forexample, that data files of digital-television content are generallytoo large to be easily transmitted over the Internet,absent file compression that reduces the quality of suchcontent. This remains true even if we assume that broadbandInternet transmission capability will continue to growsignificantly over the next decade. As has been pointed outearlier in this paper, analog television content is more vulnerableto Internet redistribution because, once digitized,its data-file sizes are significant smaller than those forHDTV program, and thus easier to transmit and receive.23 There is one exception to this rule: the demodulating devicecan only pass on content without checking for the broadcastflag, provided that it does not erase any broadcast flagthat might be present, and provided that it passes the contentthrough robust channels on only to devices which willthemselves check the broadcast flag. Since ultimately thecontent is streamed or transmitted only to devices thatcheck for the flag, we will discuss only the flag-checkingcomponent of the broadcast-flag scheme here.24 “Table A” is the name of the appendix to the broadcast-flag proposalthat lists technologies acceptable for protecting flaggedcontent. The Federal Communications Commission hasadopted the “Table A” approach, but as of November 2003no technologies had been adopted or admitted to Table A.25 A “downstream” device is, essentially, any device that does notitself contain a television signal demodulator but that canconnect to a device that either demodulates broadcast signals,or to a device that itself has received demodulated content. Inshort, a downstream device is any device that receives demodulatedcontent as the result of a digital connection — the harddisk in a TiVo personal video recorder, for example.26 The fact that the scope of devices affected by a broadcast-flagscheme is indeterminate is a key reason that there has neverbeen an inter-industry consensus favoring the scheme.27 See Scott A. Craver, Min Wu, Bede Liu, Adam Stubblefield,Ben Swartzlander, Dan S. Wallach, Drew Dean, and EdwardW. Felten. “Reading Between the Lines: Lessons from theSDMI Challenge,” Proceedings of 10th Annual USENIXSecurity Symposium, Washington, DC, August 2001.28 The FCC’s broadcast-flag report and order in November2003 takes just this approach — a “narrowed” order thatleaves many devices untouched, and that also does notaddress alternative means by which digital TV content canbe captured, such as the “analog hole.”38

What Every Citizen Should Know About DRM,a.k.a. “Digital Rights Management”29 It may be argued that consumers already know that they areroutinely surrendering private information in other contexts,such as credit-card purchases, video-on-demand orders, andso forth, so that their surrender of private information in thecontent-purchase context is at most incremental and unlikelyto trouble consumers. Nevertheless, it seems likely that atleast some consumers will be troubled by the transition from(a) a world in which content such as books, music albums, andDVDs can be purchased anonymously with cash, enjoyed,(and then resold) into (b) a world in which the content a consumerpurchases is “tethered” to that individual, known to beassociated with that individual, and can’t be resold.30 The federal Digital Millennium Copyright Act has beeninterpreted in at least one case to forbid even the disseminationof information that can be used to defeat a DRMscheme. See Universal City Studios, Inc. v. Reimerdes, 111 F.Supp. 2d 294 (S.D.N.Y. 2000). In theory, then, this verydiscussion of using felt-tip markers to defeat CD copy protectionmight be deemed illegal. A discussion of theDMCA follows below.31 See 17 U.S.C., Sec. 1201(c)(3).32 “Ripping” is the reduction of music from its native digitalformat on CD to reduced-in-size formats such as MP3.The term may also be applied to the reduction to MP3 ofmusic in analog formats, such as the tracks on LP records.33 “Burning” is the reproduction of music in compressed formats,such as MP3, to a writable CD or some otherwritable optical medium. “Burning” of music files may ormay not include re-expansion of the files into a non-compressedformat.34 Ironically enough, the unauthorized copying of current televisionshows most commonly originates as digitized copies ofanalog transmissions. Actual HDTV content, which is digital,cannot be significantly compressed without loss of thevery video quality that makes it special, which makes digitalTV content safer from this kind of infringement than isordinary analog television. Nevertheless, it is a widelyaccepted myth that digital television, merely by virtue ofbeing digital, is more subject to peer-to-peer infringementthan is analog TV content. At some level, however, contentcompanies see past this myth; hence their efforts to developmarking schemes that survive digital-to-analog/analog-todigitalconversions, or, in the alternative, to pressure devicemakers to “retire” analog technologies altogether.35 The DMCA’s notice-and-takedown provisions create a liability“safe harbor” for Internet service providers and otherswho, when given notice by a copyright holder that theirservice or site contains infringing copies of copyrightedworks, immediately take down the content in question. Thestatute also includes an appeals process for those whobelieve the works on their service or site are not instancesof copyright infringement.36 Of course, it is well documented that the recording industryhas started to bring infringement actions against parties itconsiders to be the most egregious file-trading infringers ofmusic copyrights. Whether this campaign has successfullydeterred illegal file trading is unclear. A recent PewResearch Center poll concluded that such deterrence mayhave occurred, but critics of the poll’s methodology haveargued that the data are ambiguous at best, since accuratedata would depend on respondents’ admitting to illegalactivity. See, e.g., Schwartz, John, “In Survey, Fewer AreSharing Files (Or Admitting It),” The New York Times, Jan.5, 2004. Section C, Page 1.37 Increasingly, there are efforts to design what is called “fair use”into DRM schemes — here the term “fair use” does notcarry the same meaning it carries in the Copyright Act.Instead, it signifies some degree of individual copying, in linewith what is currently considered to be fair use under Americancopyright law. Legally speaking, such design efforts cannotbe said to add up to “fair use,” since in effect they allowinstances of authorized copying — authorized, in this case, bythe copyright holder and the designers of the DRM scheme— rather than the kind of unauthorized copying that is dealtwith in Section 107 of the Copyright Act.38 Nevertheless, at least one router company has offered to buildDRM in at the router level. Outside experts remain skepticalthat such a scheme can be implemented credibly, however,and they also note that, in order to work, such a schemewould require the replacement of most or all Internet routerscurrently being used. This of course would be a boon forrouter manufacturers, albeit a cost to nearly everyone else.39 Some readers may ask at this point whether it is appropriate toallow DRM to exist at all, given the remedies that copyrightowners already possess under our copyright law. I understandand sympathize with their point. I also note, however, thatour legal system allows us to take steps in other areas to preventharm from coming to ourselves and to our interests. Forexample, we have the right to physically defend ourselvesfrom assault, even when such defenses might themselves beconsidered criminal if unprovoked, and we have the right tolock up our tangible goods in our houses, even though wealso have legal redress should we be stolen from or burglarized.Neither of these examples should be taken as analogousto the copyright bargain, whose built-in balances are unique,implicate free-speech considerations, and do not easily mapto other areas of law. Copyright, as the Supreme Court hassaid, is “no ordinary chattel.” But I think most citizens’ intuitionsabout what the copyright-law balance should includeat least some measure of self-help. Assuming those intuitionsare correct, I infer that at least some degree of DRM may beconsidered acceptable, so long as it is implemented in a mannerconsistent with longstanding copyright policy and withthe First Amendment.40 Creative Commons licenses allow artists and authors tomake their works available on terms more favorable toreaders and viewers of the work than copyright law provides.At the same time, these licenses enable artists andauthors to maintain some degree of control over the use oftheir works. For more information about these licenses,and about the Creative Commons Project generally, see39

1875 Connecticut Ave., NWSuite 650Washington, DC 20009Phone: 202-518-0020 • Fax: 202-986-2539PUBLICKNOWLEDGE.ORGNEW AMERICAF O U N D A T I O N1630 Connecticut Ave., NW7th FloorWashington, DC 20009Phone: 202-986-2700 • Fax: 202-986-3696WWW. NEWAMERICA. NET