A sceptical look at copyright and DRM

Dr. Ian Brown, UCL

Overview

• Where did copyright go wrong?

• “Trusted” computing • The technical problems with DRM • Legislative “fixes” • Goodbye to fair use

What exactly is copyright?

• Member States shall provide for the exclusive right to authorise or prohibit direct or indirect, temporary or permanent reproduction by any means and in any form, in whole or in part: (a) for authors, of their works; (b) for performers, of fixations of their performances; (c) for phonogram producers, of their phonograms; (d) for the producers of the first fixations of films, in respect of the original and copies of their films; (e) for broadcasting organisations, of fixations of their broadcasts, whether those broadcasts are transmitted by wire or over the air, including by cable or satellite.

Origins

• Statute of Anne, 1710: “for the encouragement of learned men to compose and write useful books science and useful arts” author, like a child from his father.” books, rhymes and treatises” ” • US Constitution, 1789: “To promote the progress of • Droit d’auteur: “a work of creation is intimately linked with its creator. The work cannot be separated from its • Stationer’s Guild, 1557: no “seditious and heretical

Problem #1: copyright terms

140 120 100 80 60 40 20 0 1790 1831 1909 1976 1998

…EU life + 70 since 1993

The drivers behind copyright

•

Mickey debuted in 1928, and copyright would have expired 2003-2005

•

US Congress passed Copyright Term Extension Act in 1998 postponing until 2023:

http://www.eagleforum.org/column/1998/nov98/98-11-25.html

•

Peter Pan has perpetual rights in UK

Problem #2: Internet hysteria

• “the VCR is to the American film producer and the American public as the Boston strangler is to the woman home alone.” –Jack Valenti • Mid-90s reaction of copyright industries: technical and legal • “The piracy of software is responsible for annual global revenue losses of more than $4 billion. The piracy of computer games cheats the gaming industry out of more than a billion dollars a year. And the piracy of songs has left the music industry fighting for its digital life, thanks to a pillaging that reached levels of more than a billion songs a month.” –Peter Chernin

Digital Rights Management

• Wide range of technologies that allow publishers to control the use of digital media • Restricts reproduction, but also viewing, printing, clipboard functions etc • Present in Windows Media Player, Adobe e books, RealPlayer, iTunes etc

DRM basic technology

• Media data is encrypted and only accessible by licensed players that control usage • Licensed users given keys to decrypt tied to player • Media can be watermarked with usage instructions and/or user information

DRM a hard problem

• Media data has to be decrypted at some point to be useful • Watermarks can be removed, especially with many original files to compare and players to test with • Bits are bits, and PCs are general purpose computers • Legacy equipment won’t disappear for many years

Previous DRM “solutions”

• Secure Digital Music Initiative • CD protection • CSS

New “trusted” architectures

• Intel/IBM/HP/etc in TCPA/TCG: machine state auth to 3 rd parties; encrypted data only accessible in identical state; encrypted device links • Microsoft Palladium/NGSCB: “curtained” apps, secure drivers, DRM everywhere • Migrating to PDAs/mobiles/watches

Fundamental technical problems

• The analogue “hole” – watermarking • Break Once Play Anywhere • File-sharing won’t stop

Legislative “fixes”

• WIPO 1996 treaties • Digital Millennium Copyright Act 1998 • European Union Copyright Directive 2001 • WTO TRIPS 1994 can lead to trade sanctions

EUCD Article 6

• 6.1: “Member States shall provide adequate legal protection against the circumvention of any effective technological measures” • 6.2: bans “manufacture, import, distribution, sale, rental, advertisement for sale or rental, or possession for commercial purposes of devices, products or components or the provision of services” • Purpose is irrelevant • Finland, France, UK 2 years prison; Portugal 3 years; France 150,000 € fine • Only Germany, Denmark, Finland and UK have research exemptions

EUCD Article 7

• 7.1: “Member States shall provide for adequate legal protection against any person knowingly performing without authority… the removal or alteration of any electronic rights-management information”

Existing problems

• “I think a lot of people didn't realize that it would have this potential chilling effect on vulnerability research.” –Richard Clarke • Use to enforce accessory controls (Lexmark, Aibo, Playstation) • Rewriting the copyright bargain

Potential problems

• Electronic book burning • Reduced software diversity – security and competition risks • Personal and national sovereignty • Privacy

Problem #3: disappearing fair use

• Private copy • Teaching/research • Parody • Disabled persons

EUCD Article 5

• Long list of permissible exceptions (unlike US) • 5.1 “Temporary acts of reproduction referred to in Article 2, which are transient or incidental [and] an integral and essential part of a technological process…” • 5.2: exceptions to Art. 2 • 5.3: exceptions to Art. 3 • 5.4: any of the above may apply to Art. 4

Fair use and DRM

• DMCA and EUCD both ban DRM circumvention, even for fair use • EUCD requests “voluntary measures” from rightsholders • If not forthcoming, most member states allow appeal to national tribunal (except Netherlands)

Abolishing digital fair use

• “On-demand services” (“members of the public may access them from a place and at a time individually chosen by them”) exempt from fair use • Could include anything accessed over Internet • Contractual access – also see UCITA

Problems for free software

• Accessing a protected file may be circumvention (e.g. DeCSS) if not authorised by rightsholder (despite Software Directive) • Therefore free software could be classed as a circumvention device, with severe penalties

Even worse law coming

• EU Directive on IPR Enforcement: abolishes right to silence in IP cases; allows injunctions against ISPs; civil litigants can freeze bank accounts and search premises • See fipr.org for analysis

Final thoughts

• “Be very glad that your PC is insecure – it means that after you buy it, you can break into it and install whatever software you want. What YOU want, not what Sony or Warner or AOL wants.” –John Gilmore • “"If we can find some way to [stop filesharing] without destroying their machines, we'd be interested in hearing about that. If that's the only way, then I'm all for destroying their machines.” –Senator Orrin Hatch (writer of

Our Gracious Lord

,

Climb Inside His Loving Arms

, and

How His Glory Shines

)