News
I've just come from giving a talk on DRM to HP's research group in Corvallis, Oregon -- a kind of sequel to last year's Microsoft DRM talk. The text of the talk is dedicated to the public domain, and live on the web.
* Privacy
In privacy scenarios, there is a sender, a receiver and an attacker.
For example, you want to send your credit-card to an online store. An
attacker wants to capture the number. Your security here concerns
itself with protecting the integrity and secrecy of a message in
transit. It makes no attempt to restrict the disposition of your
credit-card number after it is received by the store.
* Use-restriction
In DRM use-restriction scenarios, there is only a sender and an
attacker, *who is also the intended recipient of the message*. I
transmit a song to you so that you can listen to it, but try to stop
you from copying it. This requires that your terminal obey my
commands, even when you want it to obey *your* commands.
Understood this way, use-restriction and privacy are antithetical. As
is often the case in security, increasing the security on one axis
weakens the security on another. A terminal that is capable of being
remotely controlled by a third party who is adversarial to its owner
is a terminal that is capable of betraying its owner's privacy in
numerous ways without the owner's consent or knowledge. A terminal
that can *never* be used to override its owner's wishes is by
definition a terminal that is better at protecting its owner's
privacy.
Leave a Reply
|
September 30th, 2005 at 10:34 pm
You say that with use-restriction your terminal is remotely controlled, but I don't think that is the best way to think of it. Remotely controlled implies that the use-restriction app is interacting with the DRM server. While that may happen with a sufficently evil app, it is not required for use-restriction. A better term to describe it I think is limited playback. A file can be downloaded to your system which only supports limited playback and it would not need to talk to the Internet in order to determine that you can't play it under iTunes.
Also you make the assumption that privacy and use-restriction are on opposing axis which I don't think is the case. How does not playing some Metallica song equate to uploading your credit card number? The latter is a result of malicious intent or bad programming, neither of which are inherient in DRM.
October 1st, 2005 at 6:00 pm
Because I wanted a nicer print-out, I converted your plain text document to HTML. If others want it, they can find it at http://www.xs4all.nl/~collin/test/hpdrm.html (for a while, anyway).
October 5th, 2005 at 8:13 pm
Cory, wish they had publicized your visit more over here - I would have definitely come. I watched your talk from my desk, in Corvallis, today. I'm not working on anything related to media but it would have been fun to see you.
Your talk was interesting and I always enjoy the anecdotes of the various ways DRM fails to copy-protect. However I do have one comment. It seems to me that the majority of artists trying to make a living with their works feel that piracy is a real problem. DRM may not be the solution but when I listen to the likes of you or Lessig I always have the feeling that the whole commons movement, while providing some good ideas about alternative copyrighting schemes, does not really have a better solution to theft of creative work either. At one point you brought up the example of animators putting advertisements in a movie to make money? I think I'd rather buy a copy-protected work than suffer through more ads.
I think it's great that the amount of creative works in the public domain is growing and you're certainly contributing to that. On the other hand I get the impression that the line between proponents of the creative commons and completely passive consumers of "stolen" intellectual property is left deliberately vague. And I don't mean people who accidentally break laws by copying material they previously bought, I mean the people who complain about the evil entertainment industry and then turn around and download their products.
Andrew
HP Corvallis