DRM and Privacy

Interrogating the relationship between copyright enforcement and privacy raises deeper questions about the nature of privacy and what counts, or ought to count, as privacy invasion in the age of networked digital technologies. This Article begins, in Part II, by identifying the privacy interests that individuals enjoy in their intellectual activities and exploring the different ways in which certain implementations of DRM technologies may threaten those interests. Part III considers the appropriate scope of legal protection for privacy in the context of DRM, and argues that both the common law of privacy and an expanded conception of consumer protection law have roles to play in protecting the privacy of information users. As Parts II and III demonstrate, consideration of how the theory and law of privacy should respond to the development and implementation of DRM technologies also raises the reverse question: How should the development and implementation of DRM technologies respond to privacy theory and law? As artifacts designed to regulate user behavior, DRM technologies already embody value choices. Might privacy itself become one of the values embodied in DRM design? Part IV argues that with some conceptual and procedural adjustments, DRM technologies and related standard-setting processes could be harnessed to preserve and protect privacy

Overcoming Property: Does Copyright Trump Privacy?

This essay does not attempt to specify the privacy rights that users might assert against the purveyors of DRM systems. Instead, it undertakes a very preliminary, incomplete exploration of several questions on the property side of this debate. What is the relationship between rights in copyrighted works and rights in things or collections of bits embodying works? In particular, as the (popular and legal) understanding of copies of works as residing in things becomes largely metaphorical, how should the law construct and enforce boundedness with respect to those copies? Does the calculus of property and contract allow for consideration of other rights, based neither in works nor in things, that might be weighed in the balance? I will suggest that the property justification for using DRM systems to invade privacy is far too narrow, and ignores a number of important public policy considerations

PrivDRM : a privacy-preserving secure Digital Right Management system

Digital Right Management (DRM) is a technology developed to prevent illegal reproduction and distribution of digital contents. It protects the rights of content owners by allowing only authorised consumers to legitimately access associated digital content. DRM systems typically use a consumer's identity for authentication. In addition, some DRM systems collect consumer's preferences to obtain a content license. Thus, the behaviour of DRM systems disadvantages the digital content consumers (i.e. neglecting consumers' privacy) focusing more on securing the digital content (i.e. biased towards content owners). This paper proposes the Privacy-Preserving Digital Rights Management System (PrivDRM) that allows a consumer to acquire digital content with its license without disclosing complete personal information and without using any third parties. To evaluate the performance of the proposed solution, a prototype of the PrivDRM system has been developed and investigated. The security analysis (attacks and threats) are analysed and showed that PrivDRM supports countermeasures for well-known attacks and achieving the privacy requirements. In addition, a comparison with some well-known proposals shows that PrivDRM outperforms those proposals in terms of processing overhead

Digital Rights Management and Consumer Acceptability: A Multi-Disciplinary Discussion of Consumer Concerns and Expectations

The INDICARE project – the Informed Dialogue about Consumer Acceptability of DRM Solutions in Europe – has been set up to raise awareness about consumer and user issues of Digital Rights Management (DRM) solutions. One of the main goals of the INDICARE project is to contribute to the consensus-building among multiple players with heterogeneous interests in the digital environment. To promote this process and to contribute to the creation of a common level of understanding is the aim of the present report. It provides an overview of consumer concerns and expectations regarding DRMs, and discusses the findings from a social, legal, technical and business perspective. A general overview of the existing EC initiatives shows that questions of consumer acceptability of DRM have only recently begun to draw wider attention. A review of the relevant statements, studies and reports confirms that awareness of consumer concerns is still at a low level. Five major categories of concerns have been distinguished so far: (1) fair conditions of use and access to digital content, (2) privacy, (3) interoperability, (4) transparency and (5) various aspects of consumer friendliness. From the legal point of view, many of the identified issues go beyond the scope of copyright law, i.e. the field of law where DRM was traditionally discussed. Often they are a matter of general or sector-specific consumer protection law. Furthermore, it is still unclear to what extent technology and an appropriate design of technical solutions can provide an answer to some of the concerns of consumers. One goal of the technical chapter was exactly to highlight some of these technical possibilities. Finally, it is shown that consumer acceptability of DRM is important for the economic success of different business models based on DRM. Fair and responsive DRM design can be a profitable strategy, however DRM-free alternatives do exist too.Digital Rights Management; consumers; Intellectual property; business models

The Walled Gardens of Ebook Surveillance: A Brief Set of Arguments Against DRM in Libraries

This piece outlines a few brief arguments against the inclusion of ebooks with DRM restrictions in libraries. These arguments center upon what the presence of these ebooks signifies to patrons about libraries today, and how librarians should avoid holding books with DRM within their collections. Ebooks with DRM require that users give up personal data in order to read. In addition, restricted ebooks are frustrating to users and makes them dislike the libraries that offer them. Finally, DRM surveillance is at odds with librarians’ professional commitments to protecting patron privacy

Private Copyright: Digital Rights Management Systems and the Consumer

Digital Rights Managements (DRM) systems impact the digital content and software marketplace on several levels. The issues include copyright law, contract law, privacy, antitrust, and consumer protection. This paper examines how DRM systems affect the consumer and what changes can be made to bring about a more sensible and transparent market in the United States

White-box implementation to advantage DRM

Digital Rights Management (DRM) is a popular approach for secure content distribution. Typically, DRM encrypts the content before delivers it. Most DRM applications use secure algorithms to protect content. However, executing these algorithms in an insecure environment may allow adversaries to compromise the system and obtain the key. To withstand such attack, algorithm implementation is modified in such a way to make the implementation unintelligible, namely obfuscation approach. White-box cryptography (WBC) is an obfuscation technique intended to protect secret keys from being disclosed in a software implementation using a fully transparent methodology. This mechanism is appropriate for DRM applications and able to enhance security for the content provider. However, DRM is required to provide a balanced protection for the content provider and users. We construct a protocol on implementing WBC to improve DRM system. The system does not only provide security for the content provider but also preserves privacy for users

Privacy-preserving digital rights management

Digital Rights Management (DRM) is a technology that provides content protection by enforcing the use of digital content according to granted rights. DRM can be privacy-invasive due to many reasons. The solution is not easy: there are econòmic and legitimate reasons for distributors and network operators to collect data about users and their activities, such as traffic modelling for infrastructure planning or statistical sampling. Furthermore, traditional PET -such as encryption, anonymity and pseudonymity- cannot solve all the privacy problems raised by DRM, even if they can help. Privacy and security considerations should be included in th e design of DRM from the beginning, and they should not be considered as a property that can be added on. PET is considered as technology for privacy protection, in different fields. However, PET solutions are not the only ones to be considered useful to complement DRM systems. The contrary is also true: DRM systems are adapted as technical platforms for privacy. In short, there is a deep change in PET related to the web 2.0, and it is also true for P2DRM: transparency and other new techniques are preferred, or at least added, to anonymity, authentication and other traditional protection