View
1.269
Download
2
Embed Size (px)
DESCRIPTION
Presentation by Jean-Henry Morin, University of Geneva
Citation preview
The Future of DRM :
How would you like it “served” ?Deceptive, Dystopian or Hopeful
June 17, 2010
Copyright & Technology 2010Technology Track
New York
Jean-Henry MorinUniversity of Geneva – CUI
Dept. of Information Systems
[email protected]://jean-henry.com/
J.-H. Morin
How did we get here…… a dystopian scenario ?
http://www.flickr.com/search/?q=DRM
J.-H. Morin3
Extremism
• Larry Lessig Speech at ItalianParliament: Internet is Freedom
http://blip.tv/file/3332375/
VS 2 M iPads sold in 60 days !!!
J.-H. Morin4
Remix, © and Fair Use
• How creativity is being strangled by the law, TED Talk ofLarry Lessig, March 2007
Universal Music VS dancing toddler
http://www.ted.com/talks/lang/eng/larry_lessig_says_the_law_is_strangling_creativity.html
J.-H. Morin
Legal Complexity vs GlobaleServices led Economy
• Total Control and Anticipation :• Unrealistic, impossible and undesirable
100 kb
1 Mb
ContentRules & Policies
J.-H. Morin6
Deceptive and Inapplicable Laws
RegulatoryRegulatoryHumilityHumility
• See also : Larry Lessig Speech at Italian Parliament:Internet is Freedom
French Three-Strikes Graduated Response HADOPI Law
French HADOPI Three-Strikes invites itself to theland of Shakespeare
http://blip.tv/file/3332375/
UK Digital Economy Act (June 12, 2010)
J.-H. Morin7
Doomed initiatives !
• Fundamental Rights:• Internet access has been recognized as a fundamental
right, EU Parliament massively rejects three strikesgraduated responses (481 votes against 25)
• Technically inapplicable:• Deep Packet Inspection and false positives
http://dmca.cs.washington.edu/
• Legally inapplicable:• Territorial nature of such laws VS global media• Germany rejects Three-Strikes approach (June, 2010)
• ACTA : removed Three-Strikes provision frompublic draft
J.-H. Morin
Where did we go wrong?
• Where did User Experience go ?
• Where did Superdistribution go ?
• Where are the innovative Business Models, theReal-time Marketers, etc. ?
• Did DRM curb those that it meant ?
• Wasn’t DRM supposed to be an enabler ?
J.-H. Morin9
Can we finally make DRM“FUN” (i.e., User Friendly ;-) ?
• Assuming :• DRM is likely to stay and be needed (managed content)
• Absolute security is neither achievable nor desirable
• Given the right User Experience and Business Modelsmost users smoothly comply (e.g., iTunes)
• Most users aren’t criminals
• We needed to take a step back to :
• Critically re-think DRM
• Reconsider the debate outside the either/or extremes oftotal vs. no security
• Re-design DRM from ground up
J.-H. Morin1010
Rethinking & Redesigning DRM
• Acknowledge the Central role of the User and UserExperience• Reinstate Users in their roles & rights• Presumption of innocence & the burden of proof
• Fundamental guiding principle to Rethink and RedesignDRM : Feltens’ “Copyright Balance” principle (Felten,2005)
“Since lawful use, including fair use, of copyrighted works is in thepublic interest, a user wishing to make lawful use of
copyrighted material should not be prevented from doing soby any DRM system.”
• Claim and Proposition :• Put the trust back into the hands of the users• Reverse the distrust assumption• Requires a major paradigm shift & change of mindset
The Exception Management Model
J.-H. Morin1212
Rethinking & Redesigning DRM(cont.)
• Exception Management in DRM environments, mixingwater with fire ? Not necessarily !
• Reversing the distrust assumption puts the user “incharge”, facing his responsibilities
• Allow users to make Exception Claims, granting themShort Lived Licenses based on some form of logging andmonitoring
• Use Credentials as tokens for logging to detect andmonitor abuses
• Credential are Revocable in order to deal with abuse andmisuse situations
• Mutually acknowledged need for managed content whileallowing all actors a smooth usability experience
(Morin and Pawlak, 2007, 2008); (Morin 2008, 2009)
J.-H. Morin13
Exception Management in DRMEnvironments
• What is an Exception ?• A claim made by a user wishing to rightfully access /
use content
• Based on « real world » credential patterns• Delegation model based on chained authorities• Credential authorities closer to the users• Locally managed and held (credential store)• Short lived or fixed life time• Revocable• Late binding (enforcement point)
• Model is auditable for abuse and includesrevocation capabilities• Burden of proof on the party having a justifiable reason
to claim abuse (presumption of innocence)• Monitoring in near real time of security policies
J.-H. Morin14
Conclusion
• Can DRM “go green” before we all “go dark” ?
• If so, we might be able to address some“Serious” societal issues while restoring UserExperience along the way !
• Moving forward : A Call For ACTION !• Critically re-think and re-design DRM out of the box
• Involve equally all stakeholders
• Find new innovative Business Models
• Limit law to a “justifiable” level
• Remember technology is just the means
• What Information Society do we want tolive in ?
J.-H. Morin15
Security is bypassed notattacked
Inspired by Adi Shamir, Turing Award lecture, 2002
Jean-Henry MorinUniversity of Geneva – CUI
Dept. of Information Systems
[email protected]://jean-henry.com/
Thank you
Join theConversation…