Embed Size (px)
Citation preview
Digital Right Management
Chung Yip (Eric)
CS 996 Information Security Management
April 27, 2005
Overview
Motivation History legislation Fair Use Two approaches Examples
Concept
What you just bought? The right to use the content! Not the content itself!
Motivation
Digital Rights Management (DRM) systems restrict the use of digital files in order to protect the interests of copyright holders.
DRM technologies can control file access (number of views, length of views), altering, sharing, copying, printing, and saving
Markets Targeted
Textbook Publishers Combat piracy
Providers of music, games, and other
electronic entertainment
Law Firms Control access to information and ensure
that the secure content reaches those
parties who are accountable for its
application or implementation.
Corporate Operations Departments
Financial Organizations
History
VCR case DVD case
VCR 1/3
In 1979 Universal City Studios, Inc. v. Sony Corporation of America Inc. (often called "The Betamax Case"),
Hollywood claimed that inexpensive consumer VCRs would undermine its core business of making movies.
resulted in a ruling that affirmed the First Sale Doctrine.
This meant that Beta and VHS tapes could be purchased by video rental stores, and then rented out to the public, without permission from the copyright holders.
VCR 2/3
The first-sale doctrine is an exception to copyright codified in the US Copyright Act, section 109.
1983 the Consumer Video Sales/Rental Amendment of 1983 (1993, H.R. 1029/S. 33) tries to require anyone who wanted to rent out videotapes to obtain prior permission from the copyright owner.
But this was defeated.
VCR 3/3 (The first-sale doctrine)
This allows the purchaser to transfer (i.e. sell, rent, or give away) a particular, legally acquired copy of protected work without permission once it has been obtained.
That means the distribution rights of a copyright holder end on that particular copy once the copy is sold.
The doctrine of first sale does not include renting and leasing recorded music and computer software,
non-profit archives and libraries are allowed to lend these copyrighted items
DVD
Region Coding Restricts the ability to buy DVDs in one country and
play them in another. It restricts fair use and first purchaser rights, such as
the creation of compilations or full quality reproductions for the use of children or in cars
CSS vs. DeCSS
Legal Requirement
Copyright Law Digital Millennium Copyright Act Fair Use Privacy
DCMA (overview)
Copyright can regulate duplication of works to protect content owners
DMCA can interfere with a user's ability to access content.
The DMCA is a 1998 law designed to increase copyright holders' rights.
The DMCA created civil and criminal penalties for the creation or distribution of DRM circumvention tools.
As a result, a user attempting to circumvent copyright protection, even for legitimate reasons, may violate federal law.
The DMCA was the American version of implementing legislation for a World Intellectual Property Organization treaty.
DMCA Anti-Circumvention
Ban on the circumvention of copy prevention systems
Required that all analogue video recorders have copy prevention built in
DMCAOnline Copyright Infringement Liability Limitation Act
creates a safe harbor for online service providers against copyright liability
if they block access after received a notification from a copyright holder.
DMCA Computer programs
Use of computer software Making of Additional Copy or Adaptation by Owner of
Copy.
The Fair Use 1/2
Statutory and Common Law interpretations of copyright law afford individuals "Fair Use" rights.
The public is entitled, without having to ask permission, to use copyrighted works so long as these uses do not unduly interfere with the copyright owner’s market for a work.
Fair uses include personal, noncommercial uses, such as using a VCR to record a television program for later viewing.
Fair Use allows individuals to interact with content to promote cultural production, learning, innovation, and equity between content owners and consumers.
The Fair Use 2/2
Fair Use includes libraries' and educators' rights to provide content to users,
The right to resell physical copies of certain content that one acquires lawfully (the "First Sale" doctrine), and the ability to make a backup copy of software and music
Fair Use provides a defense to individuals who engage in an unauthorized use of protected content.
It is hard for DRM systems to incorporate Fair Use principles because they are difficult to define, and evolve over time
Requirement of DRM (user friendly)
DRM cannot offer less than current systems anonymous access to content
Free disposal of protected content (e.g. sale, gift, loan)
Portability: the use of a digital content should not be attached to a single device (e.g. to listen a music on hi-fi system, car radio or walkman of a given individual)
Off-line use of a protected content
Two Approaches of DRM System
1. containment
2. marking
Marking
the practice of placing a watermark, flag, or a tag on content as a signal to a device that the media is copy protected
Containment
The content is encrypted in a shell so that it can only be accessed by authorized users
DRM system
require the user to reveal his or her identity rights to access protected content prevent the anonymous consumption of
content copy control / copy prevention
Preventing anonymity in access
assigning an identifier to content or to the content player
attaching personal information to the identifier
stop a user from transferring an to other computers.
Roles
DRM must be implement in both the content and the content player.
For content developer– Encrypted content– Key distribution
For content player manufacturer – Enforcement
Emerging Standards
Extensible Rights Markup Language (XrML) (Xerox and Microsoft)
MPEG Rights Expression Language (http://www.cselt.it/mpeg)
Electronic Book Exchange (EBX) Working Group ( Adobe)
Case Studies
iTune Cable/Satellite TV
Apple’s Fairplay scheme 1/3
Fairplay the DRM mechanism used in iTune. The protected track may be copied to any
number of iPod portable music players. The protected track may be played on up to
five (originally three) authorized computers.
Apple’s Fairplay scheme 2/3
The protected track may be copied to a standard CD audio track any number of times. (The resulting CD has no DRM and may be re-converted to MP3, but this will aggravate the sound artifacts of encoding, since the resulting sound file will have been encoded twice.)
Circumventing the Fairplay protection scheme in this fashion may be a violation of the Digital Millennium Copyright Act and therefore illegal and subject to criminal penalties in the United States.
Apple’s Fairplay scheme 3/3 Vulnerability
The PyMusique software, created by a trio of independent programmers online.
But after Apple closed the hole, the group posted new code that it said will reopen the backdoor to Linux users the next day.
Cable/Satellite TV 1/3
Broadcast flag FCC insist that all HDTV demodulators must listen
for the flag (The Demodulator Compliance Requirements )
Flagged content must be output only to "protected outputs" or in degraded form:
analog outputs, or digital outputs with visual resolution of 720x480
pixels, or less than 1/4 of HDTV's capability.
Cable/Satellite TV 2/3
In order to prevent users from gaining access to the full digital signal
Devices must be "robust" against user access or modifications that permit access to the full digital stream
Challenges
Tamper-proof ? Cost! Legal challenges Fair use
Consideration 1/2
1) Content types to be controlled 2) The value of the content (to both the provider and
recipients) against the cost of content protection 3) Life cycle of the content types to be controlled 4) Rights to be controlled (the particular set of rights
for each type of content may vary) 5) The level of trust that that can be assumed on the
part of recipients
Consideration 2/2
6) Identification of technology limitations in distributor and consumer hardware and software that may impact ability of the DRM solution to function on playback devices
7) Solution transparency (the more transparent the solution, the less likely it is that illegal use or copying will take place and the less likely that the consumer will become discouraged and abandon the transaction)
Marketing concern 1/2
Microsoft had exactly this in mind when they made a big push to get their products translated into Chinese and distributed across that country.
They knew they would be pirated; they new that they would make less than one sale for every ten copies used.
Marketing concern 2/2
Microsoft’s Steve Ballmer has been quoted as saying: “If you’re going to get pirated, you want them to pirate your stuff, not your competitors’ stuff. In developing countries, it is important to have a high share of the piracy software.”
When China enters the free world, they will already be Microsoft compatible. Until then, Microsoft isn’t losing anything. It’s a perceptive business strategy.
Ending of VCR case
Hollywood now entered a new market. They today reaps more revenues from video
sales than from first-run movies.
Reference
http://www.epic.org/privacy/drm/default.html http://www.consumersearch.com/www/electronics/mp3_players/full
story.html http://en.wikipedia.org (DRM, DCMA) DIGITAL RIGHTS MANAGEMENT OVERVIEW, Austin Russ,
Security Essentials v1.2e,July, 2001
