Basic Research

Tuesday, December 06, 2005

TPMs/DRMs, how should we regulate them?

This is a working draft

The wide scale deployment of digital information technologies has created a sea of uncertainly regarding access to knowledge goods. On the one hand, it is now very inexpensive, almost free, to copy and distribute works, even to millions of persons. This has created a large degree of insecurity among publishers, and among the various responses is the rise of new efforts to control or limit the copying, or uses, of creative works and data.

The strategy for controlling the uses of the works is both technological and legal, and involves considerable effort to promote both public and private standards. It essentially involves the combination of (1) effective technological locks on uses of information, (2) a system of tracking and controlling uses, and (3) legal prohibitions against anti-circumvention of (1) and (2).

The technological protection measures (TPMs) and the Digital Rights Management (DRM) systems can operate with or without standardization, depending upon the nature of the publishing exercise. For a number of important uses, it is quite important that multiple stakeholders embrace TPM/DRM systems. For example, in the case of publishing recorded performances of music or motion pictures, it is essential that the copyright owners agree upon standardized TPM/DRM platforms, and that these are used by the firms that make the hardware, software and telecommunications services that are used to play the work for the end user. In other cases, a publisher may be more comfortable with an entirely proprietary and non-standard technology that no other publisher uses.

If the TPM/DRM measures are effective in controlling access to and uses of a work, they provide the publisher with the possibility of managing works in ways that were not possible in print or analogue formats. In the strongest implementation, it becomes possible to completely eliminate all unauthorized copying or uses of works, and to provide for separate fees for a highly differentiated uses of works or data. Examples would include separate permissions (and fees) for uses of works by different persons in different locations at different times on different devices, and complete monitoring and authorizations of all efforts to share or show works to others, including complete control over the ability to print documents in conventional formats.

As designed by and for publishers or other parties seeking to control access to documents and data, the TPM/DRM are a system of private rules for the use of information. They are not themselves bound by the restraints that one observes in copyright laws, which include exceptions and limitations to rights. A TPM/DRM regime can have a permanent term, make a work completely disappear, eliminate the first sale doctrine, or various "fair" uses that might be permitted for personal use, news reporting, education, archiving, or any number of other public interest uses.

Thus, the digital revolution in publishing information presents very different possible futures, largely depending upon the future role and legal status of TPM/DRM regimes.

This note examines a fundamental question. Should we, and more importantly, can we, effectively regulate TPM/DRM technologies in order to ensure that the public interest in access to knowledge goods is protected? And how might that regulation be undertaken in a world of global movement of knowledge goods?

What is protected legally?
Provisions in treaties and implementing laws address the obligation of governments to do certain things with respect to TPM and DRM technologies. The most important treaties are the 1996 WIPO Copyright Treaty (WCT) and the WIPO Performances and Phonogram Treaty (WPPT).

The 1996 WIPO digital copyright treaties are unusual in that they did not seek to harmonize global laws on copyright, but rather to create new and untested standards that would then be implemented by national governments.

These treaties require that member states:
provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty or the Berne Convention and that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by law:
Member States are required to protect TPMs "that are used by authors" to restrict "acts" concerning their rights in works that are "not authorized." In the US and other countries, the TPM itself is protected, independent of a particular copyrighted work, so long as it is used to protect copyrighted works. As a consequence, a TPM that is used to protect a copyrighted work against uses that would be protected under copyright law cannot be broken. But such TPMs can and are of course also used to protect works in the public domain, or for uses that are considered lawful even for copyrighted works.

Member State obligations with respect to "Rights Management Information" are as follows:
(1) Contracting Parties shall provide adequate and effective legal remedies against any person knowingly performing any of the following acts knowing, or with respect to civil remedies having reasonable grounds to know, that it will induce, enable, facilitate or conceal an infringement of any right covered by this Treaty or the Berne Convention:
(i) to remove or alter any electronic rights management information without authority;
(ii) to distribute, import for distribution, broadcast or communicate to the public, without authority, works or copies of works knowing that electronic rights management information has been removed or altered without authority.
Taken together, these obligations require Member States to create a legal environment to protect the TPM/DRM regime.

Hacking the TPM/DRM
It appears at this point that the legal protections are quite important to publishers. Most current TPM/DRM mechanisms for entertainment products are quickly broken. While the TPM/DRM regimes have not proved to be difficult to hack, they have made it difficult or impossible to commercially market the products and services that would enable wider unauthorized uses. Hacking is keep within a smaller subculture, and does not affect the broader users. Thus, to a significant extent, the success of the TPM/DRM approach in limiting access to works depends upon actions of governments to prohibit anti-circumvention.

DRM/TPM as Contracts?
The TPM/DRM regimes are being represented by publishers as contracts that should be enforced by governments. The biggest debate surrounding the new Hague Convention on Choice of Court Agreements was over the status of non-negotiated contracts. Music and software publishers were particularly active in the debate over the provisions in the new Hague Convention on the recognition and enforcement of judgments that are related to non-negotiated contracts. Likewise, the UNCITRAL Convention on the Use of Electronic Communications in International Contracting seeks to elevate the legal status contracts executed between machines. Many national parliaments and struggling with these issues, under the close supervision of publishers who are seeking to establish the legal enforceability of the terms in TPM/DRM regimes.

If possession is nine tenths of the law for physical property, customs and consumer expectations are nine tenths of the law for intellectual property. Publishers and their critics are actively waging campaign to shape expectations and customs regarding the unauthorized uses of works.

Standard setting
There many compelling benefits of standardization for TPM/DRM regimes, including those associated with the ease of using familiar interfaces and systems, the benefits of wider consumer choice of devices and content when standards provide interoperability, and lower costs for designing and maintaining systems that are used by larger numbers of publishers, device makers, service providers and end users. Like other areas of standard setting, network effects can be strong, standards can be open or closed, and have pro-competitive or anticompetitive aspects, and in some implementations, be used in ways that limit choice or involve lock-in.

The Public Interest in Unauthorized Uses of Works
Knowledge goods are unlike physical goods or services in that they can be cheaply and in some cases freely copied. Because they are “non-rival in consumption,” it is feasible for knowledge goods to become (as defined by economists) public goods, available to everyone at no cost. But unlike pure public goods like national defense, it is both possible and common to limit access to knowledge goods. The scarcity of knowledge goods is function of private and government efforts to erect and protect barriers to access. These barriers are most often justified on the grounds that knowledge good will not be created in the first place without the barriers to access, or that there is a moral or ethical obligation to give authors, inventors or publishers some control over the use of their works.

In practice, the types of knowledge goods that are produced are highly heterogeneous in both the character of the goods and the costs and equities associated with the production or creation of the goods. Some knowledge goods will be naturally created in the course of activities that have a separate rationale -- such as the development of course syllabus, the adoption and publishing of laws and regulations, reports of the activities of government agencies, publishing of strongly held or well advertised views, dissemination of scientific results to gain recognition, etc. Many other activities are less likely to be undertaken without an expectation of revenue from the sale of the work, such as the making of feature films, the design of computer semi conductor chips, the creation and maintenance of certain databases, and many other activities. There is no general rule, but rather an endless set of facts and possible outcomes.

There is a public interest in expanding access to knowledge goods. These include arguments based economic efficiency, and also concerns about fairness, social cohesion, accountability, liberty, the preservation of records for history, scientific progress, the protection of public safety, development and other matters of considerable importance.

In cases where the good itself would have been produced in the absence of restrictions on access, there is a strong general presumption that access should be permitted, absent ethical or social norms that favor the control of the works by the author or inventor. The difficult cases are where the knowledge good would not likely be created in the absence of an economic incentive of some kind.

Government copyright laws have tried to strike a balance between the competing public interests, and over time the result has been a system that sets legal and practical limits on acts that a copyright owner can control.

Changes in technology constantly present new opportunities and obligations to reevaluate the balance between the public and private domains. Lobbying efforts by publishers to shape the new legal regime are extensive, perhaps never more than is the case today for rules concerning TPM/DRM regimes.

The implementation of TPM/DRM legal regimes
The existence of effective TPM/DRM regimes is highly dependent upon the support of governments to prohibit anti-circumvention and to recognize and enforce the terms of the DRM permissions. If completely successful, TPM/DRM regimes could radically change the nature of the publishing and access to information, not only in the areas of entertainment, but for works involving news reporting, science, education, public and private sector governance and virtually every area of knowledge creation.

Publishing models that now provide much more open access and liberal copying of works could be replaced by highly restrictive and inaccessible TPM/DRM platforms. Educators, scholars and authors could be faced with zero tolerance for unauthorized uses of TPM/DRM protected works. Whistle blowers in government or corporation positions could be monitored and traced by TPM/DRM technologies. Search engines like Google or Google Print that depend upon the ability to scan and mine data from millions if not billions of documents without prior permissions might never have been created, or might not offer such expanded universal access to knowledge goods in the future.

The implementation of TPM/DRM legal regimes in high income countries
The United States, a country with high per capita income, and a strong domestic publishers of software, movies and music performances was the first country to implement the 1996 WIPO Treaties. The Digital Millennium Copyright Act, known as the DMCA, was signed into law by President Clinton on October 28, 1998. As the first model, it was highly influential.

The basic approach in the US law was to provide for the automatic protection of all TPM/DRM regimes, but to provide for limited areas where there exceptions to the anti-circumvention rules.

The DMCA includes seven exemptions from the prohibition against circumvention of technological measures that control access to copyrighted works:

  1. Non Profit libraries, archives and educational institutions (may circumvent for purpose of gaining access in good faith to determine whether they wish to purchase), 1201 (d)
  2. Law enforcement, Intelligence and other government agencies have certain exceptions, 1201 (2)
  3. reverse engineering of computer programs (the sole purpose of the circumvention must be to analyze and identify elements necessary to achieve interoperability, 1201 (f)
  4. Encryption research (good faith), 17 USC 1201 (g)
  5. Protection of minors, 1201 (h)
  6. protection of personally identifying information, 1201 (i)
  7. Security testing,1201 (j)

In addition the seven statutory provisions, every three years, the US Copyright Office conducts rulemaking proceeding, mandated by the DMCA, where the Librarian of Congress considers proposals to add new exemptions for certain classes of works from the prohibition against circumvention of technological measures that control access to copyrighted works. The purpose of these proceeding is to determine “whether there are particular classes of works as to which users are, or are likely to be, adversely affected in their ability to make non-infringing uses due to the prohibition on circumvention of access controls.” Every one of the exemptions provided by rulemaking are periodically reviewed, and can be withdrawn at a later date.

In 2000, the US approved the first two new exemptions from the DMCA, including compilations consisting of (1) the lists of websites that are blocked by filtering software applications; and (2) literary works, computer programs and databases, protected by access control mechanisms that fail to permit access because of malfunction, damage, or obsoleteness. In 2003, the earlier 2000 exemptions were “renewed,” and two new exemptions were approved, including (3) circumvention when computer programs and video games distributed are available in formats that have become obsolete and which require the original media or hardware as a condition of access, and (4), literary works distributed in ebook formats when all existing editions of the work are inaccessible to the visually impaired, and prevent the enabling of the ebook's read-aloud function, or which prevent the enabling of screen readers to render the text into a specialized format to enhance its readability.

The Europe Union has taken a somewhat similar approach in that there is a general prohibition against circumvention of TPM/DRM systems, but member countries are given some space to allow circumvention in special cases where there is “an exception or limitation provided for in national law,” but the right-owner has not made available “the means of benefiting from that exception or limitation, to the extent necessary to benefit from that exception or limitation.”

The European Union’s system includes an "Internet Copyright Directive," or Directive 2001/29/EC, as well as other directives that set out the regulatory framework for TPM/DRM regimes. Implementation is not harmonized, as EU member states have elected to implement different type of exemptions and strategies for addressing the exceptions, and some countries have yet to implement the directives.

In Canada, the battle is raging. Groups representing users want clear permission to circumvent for research and learning, and for other uses that are now legal under copyright law, and consistency with competition policy, for example, by ensuring that “TPMs are not being used to impose specific TPM vendors onto the marketplace, or allow a tie between a consumers choice of content and technology used to access that content. . . Protection should also not be offered to techniques used to harm competition in other ways, such as the regional coding of DVDs which are better understood as a barrier to trade and not a legitimate use of TPMs.” The publishers are pushing for something quite close to the US model.

Other high-income countries have implemented the 1996 WIPO digital treaties include Japan and Australia.

Implementation of TPM/DRM regimes in developing countries
Today there are 56 contracting parties to the WCT and 55 to the WPPT. None of the highest income members (the 15 members before the recent accessions) of the European Union have formally signed the agreements. The largest numbers of countries that have signed the treaties are from the developing world, including many countries with very limited use of the Internet or computers. Five of the current signatures are defined by the UN as Least Developed Countries (LDCs), including Burkina Faso, Guinea, Mali, Senegal and Togo, and many other signatures have relatively low per capita. In 2004, nine of the WCT members had a per capita gross national income (GNI) of less than $1,000, and more than half (31) had per capita incomes of less than $3,000 per year.

Most developing countries that have signed the WCT or the WPPT have done so in response to trade pressures from the United States or other high-income countries. In general, they have tended to mimic the legal approaches now used in high-income countries, an in particular, within the framework advocated aggressively by the United States in the US bilateral trade negotiations, often without the technical capacity or lacking the perceived practical political freedom to even consider alternative approaches.

Re-Thinking the Legal Regime for TPM/DRM systems
Our concern with the TPM/DRM systems are several, but at the core, it concerns the predictable and harmful impact of having private parties -- publishers -- determine the default rules for access of knowledge goods. The starting point of a regime like the US approach to the regulation of TPM/DRM technologies is that the TPM/DRM itself must be protected from circumvention, independent of the work that is protected, and without regard to the likely impact of the TPM/DRM on the uses of the works. Thus, for example, the United States actually has jailed a person who give a lecturer illustrating security flaws that could lead to circumvention of Adobe ebook technologies. This had nothing to do with a particular work, and everything to do with a particular TPM/DRM technology that could be used in a variety of ways that are contrary to public policy for uses of copyrighted works.

A regime that takes as a starting point the legitimacy of the TPM/DRM regime, and allows only very limited exceptions, such as those approved by the US Copyright Office, radically changes the opportunities not only for unauthorized uses of copyrighted works that would be permitted under pre-TPM/DRM copyright law, but for any work or data that can be protected by the TPM/DRM, including materials that are not unprotected by copyright (such as data or public domain works), or which were never intended to be restricted by the authors.

We are just now beginning to change public expectations regarding the existence and acceptability of TPM/DRM regimes, and to drive the technology deeper into networks, computers, software and consumer electronics. It is appropriate to at least explore and consider alternative ways of regulating the TPM/DRM regimes, which are more consistent with our notions of protecting access to knowledge goods, and have an appropriate balance in rules that is informed by democratic debate.

ADR for resolving access disputes
Professor Jerome Reichman is exploring proposals for introducing low cost administrative dispute resolution (ADR) mechanisms that could be used to obligate a publisher to make available works for uses that would normally be permitted under fair uses in the United States. In his proposal, if the publisher refused to make the work available for the lawful use, the TPM/DRM could be broken. But it is unclear how such a system of authorizing the breaking of the TPM/DRM would work in practice, given the fact that many publishers use third party TPM/DRM systems, and the owner of the TPM/DRM system (like Adobe, for example), would clearly object to the circumvention, particularly if the anti-circumvention technology was widely available, and could be used in cases where circumvention was not appropriate, such as for works where publishers are more forthcoming in terms of satisfying legitimate uses.

Registration of protected TPM/DRM systems
Another approach that CPTech is evaluating would involve a significant change in the ways that protections are extended to TPM/DRM systems. Rather than providing automatic legal protections to TPM/DRM regimes, a system could be put in place that would require vendors of TPM/DRM regimes or publishers to register systems, in order to apply for protection. Such a system need not be automatic, and could involve payment of user fees to defray the costs of evaluating the systems, and negotiations over features of the system to protect user rights.

In such a system, the TPM/DRM protection could be proposed for specific uses. For example, Adobe might apply for anti-circumvention protection for a particular version of its ebook publishing technologies. In doing so, it could be asked to explain how the TPM/DRM regime will respond to legitimate uses of the works under public (rather than private) standards for access. The legal protection should not then be forthcoming, until the regulator was satisfied that the TPM/DRM regime does not inappropriately restrict access to the work.

Such obligations would stimulate public debate over the appropriate access to digital works, and motivate TPM/DRM vendors and publishers to think more constructively about reconciling the needs of publishers and end users.

Conditions for approved TPM/DRM regimes
The obligations in the WCT and the WPPT regarding TPM/DRM regimes are different in character from those associated with a copyrighted work. The TPM/DRM is a lock on a copyrighted work. It is not necessary for the lock to be given broader rights than the work itself, and also not necessarily for the lock to be authorized for every use of a copyrighted work, if the lock has predictable non-trivial uses which are contrary to public policy.

The legal protections on copyrighted works need not be extended to works or uses not protected by copyright, and they need not be extended in ways that are beyond that reasonably needed to protect the most important interests of the copyright owner. The term of protection for the lock could be shorter than the term of protection for the copyrighted work itself, and the lock could be authorized in fairly limited areas, where it is truly needed to protect the core economic rights of the author and publisher, and not-authorized for other areas where there is a weak or non-existent claim that the TPM/DRM regime is needed.

The DRM itself is an assertion of a contract right, and this too should be subject to public policy oversight before one assumes that the DRM should be enforced. The mechanism for reviewing the terms of a protected DRM could be different from that involving the TPM itself. For example, public policy might not approve a DRM that would absolutely prohibit private copying, time shifting for television shows, or which did not allow a work to be used on alternative computer operating systems. Public policy could also insist upon a certain amount of transparency of the DRM architecture, and require interoperability.

New systems of regulating TPM/DRM systems could be proposed and implemented in countries that are willing to experiment and promote policies of protecting access to knowledge.

Public Science
The experimentation could be for the entire copyright field, or for a special area like public science, where norms regarding access are particularly important.

Publicly funded science projects clearly are based upon a different economic model than entertainment products, and they are more central to development and the progress of science.

Outcomes regarding DRM’s could include even cases of copyleft type rules, for example, the HapMap licenses regarding the requirement that users of the works not file patents for a period of time. (See Appendix)


2. You may access and conduct queries of the Genotype Database and copy, extract, distribute or otherwise use copies of the whole or any part of the Genotype Database's data as you receive it, in any medium and for all (including for commercial) purposes, provided always that:

a. by your actions (whether now or in the future), you shall not restrict the access to, or the use which may be made by others of, the Genotype Database or the data that it contains;

b. in particular, but without limitation,

i. you shall not file any patent applications that contain claims to any composition of matter of any single nucleotide polymorphism ("SNP"), genotype or haplotype data obtained from the Genotype Database or any SNP, haplotype or haplotype block based on data obtained from the Genotype Database; and

ii. you shall not file any patent applications that contain claims to particular uses of any SNP, genotype or haplotype data obtained from the Genotype Database or any SNP, haplotype or haplotype block based on data obtained from, the Genotype Database, unless such claims do not restrict, or are licensed on such terms that that they do not restrict, the ability of others to use at no cost the Genotype Database or the data that it contains for other purposes; and . . .


Post a Comment

Links to this post:

Create a Link

<< Home