Fairer Usage Contracts For DRM

DRM has been widely promoted as a means to enforce copyright. In many previous papers, it has been argued that DRM gives too much power to rights holders and actually goes beyond the restrictions provided by copyright laws. In this paper we argue that DRM does not actually implement the fundamentals of copyright law, and is rather a mechanism for enforcing licence and contract restrictions on digital data. However, we believe that DRM does have a place in the digital distribution of copyrighted works and present two mechanisms that would allow users to get a more balanced deal from the rights holders. The mechanisms we present also allow for newer business models that cannot be easily implemented with current DRM systems

Digital Rights Management, Fair Use, and Privacy: Problems for Copyright Enforcement through Technology

This article discusses the nature of Digital Rights Management (DRM) systems with regard to the problems they pose to traditional exceptions to copyright restrictions. Problems of fair use and the copying of material for preservation are examined in the context of the architecture of digital rights management systems, and the limitations of current DRM systems in accommodating these policies are examined. The monitoring of usage by the licensing modules of these systems is also criticized for its lack of protection of user privacy and the potential chilling of intellectual freedom. Various potential solutions to these are briefly surveyed with a view of improving DRM and preserving traditional library values

Ticket based Identity System for DRM

One of the major stumbling blocks in achieving interoperability in DRM systems is due to the variety of different user authentication systems utilised by DRM systems. For example, in [6], the authors detailed how Microsoft's Rights Management System fails in fulfilling its requirements mainly because of a lack of its user identity system. The authors discussed how, because one DRM system cannot authenticate users from another DRM system, it cannot offer interoperability, even if they shared the same data formats. Furthermore, interoperability for user authentication in DRM systems is further hampered by the wide range of devices that need to support DRM enabled data, but do not necessarily offer the same features. Decoupling of user identity from the main DRM system also reduces the chances of correlating users' access patterns of protected works. This improves the privacy of users of DRM systems, another major criticisms of current DRM systems. In this paper we discuss the requirements for user identity in a DRM system and then introduce a Kerberos like reusable ticket based user identity system. This system allows multiple systems to be authenticated by the use of time limited authentication tickets, without requiring online authentication. Tickets can be stored at a central controlling point, which is also responsible for acquiring tickets from authentication servers and redistributing tickets to the devices that need the tickets. In our experience, our approach fulfils all the requirements and is a more scalable and inter-operable approach when compared to existing DRM systems

Piracy and Content Protection in the Broadband Age

The illegal distribution of copyrighted material has been blamed for vast losses incurred by publishing companies, especially in the entertainment industry. To this effect, Digital Rights Management (DRM) has been actively promoted as the solution to this problem. Critics of DRM however claim that DRM infringes on basic rights afforded by copyright law and is thus bad for consumers. Adding support for their claims is the incorrect and, in our opinion, illegal implementation of these systems. This paper introduces and debates these issues also discusses results of a survey we conducted over the Internet on the public's response to copyrighted works, DRM and piracy. Our findings conclude that while DRM is still necessary, piracy is neither a clear cut reason for a loss of sales nor a phenomenon easily explainable

DRM Use License Negotiation using ODRL v2.0

In [9], Camp discussed why DRM is not equivalent to copyright enforcement. In 2005, Arnab et al. discussed how DRM is in fact the enforcement of licensing agreements, and promoted the use of negotiation in DRM as a mechanism to handle fair use scenarios [3]. In this paper, we detail negotiation protocols for two of the three types of negotiation -- bidding and bargaining (the third type, auctioning, can easily be handled without any new technology). We motivate the correctness and completeness of our protocols through the use of Petri net modeling. We also motivate the use of the latest draft of the ODRL v2.0 rights expression language (REL) as a language for expressing negotiations in DRM systems. By using a REL in the protocol specifications we remove the need to translate between the protocol and the rights expression language, thus speeding up the overall license acquisition process and reducing the risk of translation errors

Global Registration and Collection of Usage Fees of Digital Works on Internet

The vastly increased popularity of the Internet as an effective publication and distribution channel of digital works has created serious challenges to enforcing intellectual property rights. Works are widely disseminated on the Internet, with and without permission. This thesis examines the current problems with licence management and copy protection and outlines a new method and system that solve these problems. The WARP system (Works, Authors, Royalties, and Payments) is based on global registration and transfer monitoring of digital works, and accounting and collection of Internet levy funded usage fees payable to the authors and right holders of the works. The detection and counting of downloads is implemented with origrams, short and original parts picked from the contents of the digital work. The origrams are used to create digests, digital fingerprints that identify the piece of work transmitted over the Internet without the need to embed ID tags or any other easily removable metadata in the file.Internetin voimakkaasti kasvanut suosio teosten tehokkaana julkaisu- ja jakelukanavana on luonut vakavia haasteita tekijänoikeuksien toteutumiselle – teoksia levitetään laajamittaisesti verkossa, luvallisesti ja luvatta. Tässä työssä käsitellään teosten käyttöoikeuksien hallinnan ja kopiointisuojausten nykyisiä ongelmia ja hahmotellaan uusi menetelmä ja järjestelmä, joka ratkaisee näitä ongelmia. WARP-järjestelmä (Works, Authors, Royalties and Payments) perustuu teosten maailmanlaajuiseen digitaaliseen rekisteröintiin, teosten siirtämisen havaitsemiseen internetissä ja teosten kopiointimäärien laskentaan perustuvien käyttökorvausten tilittämiseen teosten omistajille. WARPissa käyttökorvaukset rahoitetaan veroluontoisilla tietoliikennemaksuilla. Teosten käyttömäärien tilastointi perustuu teoksen sisällöstä poimittaviin omaperäisiin osiin, origrammeihin. Origrammeista lasketaan tiivisteitä, digitaalisia sormenjälkiä, joiden avulla verkossa siirrettävät teokset voidaan tunnistaa liittämättä teostiedostoihin mitään ylimääräistä metatietoa, joka olisi poistettavissa niistä

A framework for usage management

This thesis proposes a formal framework for usage management in distributed systems. The principles of system design are applied in order to standardize certain features of the framework, such as the operational semantics, and leave free of standards areas that necessitate choice and innovation. The framework enables use of multiple policy languages, and dynamic interpretation of usage policies in different computing environments. In addition, the framework provides formal semantics to reason about interoperability of policies with respect to computing environments. The use of this framework in different usage management scenarios is demonstrated including multi-level security, cloud computing and digital rights management (DRM) systems. Furthermore, DRM is cast in a setting that allows the modeling of a number of current approaches within a game theoretic setting. Current strategies that attempt to influence the outcome of such games are analyzed, and a new type of architectural infrastructure that makes novel use of a trust authority is considered in order to create a suitable environment for constructing DRM games that may prove useful in the future

Digital Rights Management: Towards a Balance between Copyright Rights and Fair Use Exceptions.

There have been several attempts pointing towards DRM schemes that better satisfy Fair Use requirements [1, 2, 3, 4]; this project explores a new approach. Based on the idealistic premise that by mimicking the physical properties that prevented piracy in the pre-MP3 world into a post-MP3 world DRM scheme it should be possible to establish a copyright infringement control paradigm that is acceptable to all; this project establishes a Fair Use friendly DRM Scheme. It has been found that for a DRM scheme to be Fair Use friendly it has to aim to reach the following idealistic characteristics: * The copyright holders should not be able to interfere with usage which a judge would or could rule as fair use. * The Consumers would be able to consume the content easily and spontaneously within interoperable regimes. * The Consumers? privacy rights would be respected, in congruence with the legislation in question. * The Consumers should be able to purchase, replicate and distribute music at a monetary cost. * The Consumers should be able to replicate, distribute and store music at the cost of diminished quality, slow replication and slow distribution. However it has also been found that these characteristics alone are not enough, and therefore the DRM scheme should be implemented within the following conditions: * The DRM scheme should find ways to handle the ambiguity of Fair Use. * The DRM scheme should facilitate ex-post tracking and monitoring rather than ex-ante based decision making. * The DRM scheme should support interoperability and privacy. An example of how these properties can be implemented has been designed

Towards a General Framework for Digital Rights Management (DRM)

Digital rights management (DRM) can be defined as a technology that enables persistent access control. The common understanding of DRM is that of a technology that enables means to thwart piracy of digital multimedia through limiting how the media is used by the consumer. It can be observed that many of these restrictions can be applied to any type of data. Therefore, it should be possible to create a two part DRM system -- a common DRM system that enforces the basic access controls (such as read, write and execute) and an application specific DRM system that enforces the application specific access controls (such as print and play). The aim of this dissertation is to create such a framework for distribution independent DRM systems. Most vendors promote DRM as a copyright protection mechanism, and thus consumers expect a number of rights that are allowed by copyright legislation, but which are not available for the DRM protected media. However, DRM is not an enforcement of copyright law, but rather an enforcement of a licensing regime. Thus, there is incorrect (and possibly false) marketing of DRM enabled media from the vendors of DRM enabled media, leading to dissatisfied consumers. We think that one of the main reasons for the current situation, is that there is no defined legal framework governing the operation of DRM systems. In this dissertation, we address this gap, by developing a legal framework for DRM systems as one of the components of our DRM framework. Negotiation can be defined as the process which leads to the conclusion of a contract. Since DRM is the enforcement of licensing agreements, there is a need to cater for negotiation protocols in DRM systems. Negotiations provide the consumer with the power to request different rights packages, especially when consumers have a legitimate need for rights not granted normally to other consumers (for example, disabled consumers have needs that may not be met with standard rights set). Negotiations also allow the possibility for the licensors to extract the maximum value from the consumers. For this reason, the inclusion of negotiation protocols in DRM systems can become a powerful tool, and in this dissertation we present the first negotiation protocols for DRM systems. Even though the definition of DRM as an access control model has existed since at least 2002, there has been no formal description of DRM as an access control model. Thus, there are no formal models for any of the rights expression languages which express DRM access control policies, and various authors have commented on ambiguities present in interpretation and enforcement of licenses expressed in these languages -- a result of a lack of formal definition of these languages. In this dissertation, we develop a formal model for a Licensing Rights Expression Language (LiREL), which is designed to provide a mechanism to express access control policies which are also sound legal license documents. Our formal model also discusses the enforcement of the access control policies, and is thus the first formal model for DRM as a mechanism for access control. Access control is a two part process: authentication of the parties involved and authorisation of the parties to access the resources. Authorisation in DRM provides some unique challenges: there is a need to support multiple platforms, without guaranteed network connectivity and minimal trust between the parties involved. For this reason, the associated authentication framework becomes more complex. While many access control models define user management as part of their model, we have taken a different approach, and removed user management from the core DRM system. Instead, our authorisation process requires a trusted verification of the user's credentials and then decides on the access control request. For this reason, our user authentication framework is ticket based, and shares similarities to Kerberos tickets. DRM also requires a strong data identity management. However, all the current identity systems for data do not provide verification service for data identity. For this reason, we developed Verifiable Digital Object Identity (VDOI) System, to address this gap. These components are combined towards a general framework for digital rights management that advances the understanding, organisation and implementation of DRM compared to approaches or solutions which are currently available