The Future of DRM :

How would you like it “served” ?Deceptive, Dystopian or Hopeful

June 17, 2010

Copyright & Technology 2010Technology Track

New York

Jean-Henry MorinUniversity of Geneva – CUI

Dept. of Information Systems

Jean-Henry.Morin@unige.chhttp://jean-henry.com/

J.-H. Morin

How did we get here…… a dystopian scenario ?

http://www.flickr.com/search/?q=DRM

J.-H. Morin3

Extremism

• Larry Lessig Speech at ItalianParliament: Internet is Freedom

http://blip.tv/file/3332375/

VS 2 M iPads sold in 60 days !!!

J.-H. Morin4

Remix, © and Fair Use

• How creativity is being strangled by the law, TED Talk ofLarry Lessig, March 2007

Universal Music VS dancing toddler

http://www.ted.com/talks/lang/eng/larry_lessig_says_the_law_is_strangling_creativity.html

J.-H. Morin

Legal Complexity vs GlobaleServices led Economy

• Total Control and Anticipation :• Unrealistic, impossible and undesirable

100 kb

1 Mb

ContentRules & Policies

J.-H. Morin6

Deceptive and Inapplicable Laws

RegulatoryRegulatoryHumilityHumility

• See also : Larry Lessig Speech at Italian Parliament:Internet is Freedom

French Three-Strikes Graduated Response HADOPI Law

French HADOPI Three-Strikes invites itself to theland of Shakespeare

http://blip.tv/file/3332375/

UK Digital Economy Act (June 12, 2010)

J.-H. Morin7

Doomed initiatives !

• Fundamental Rights:• Internet access has been recognized as a fundamental

right, EU Parliament massively rejects three strikesgraduated responses (481 votes against 25)

• Technically inapplicable:• Deep Packet Inspection and false positives

http://dmca.cs.washington.edu/

• Legally inapplicable:• Territorial nature of such laws VS global media• Germany rejects Three-Strikes approach (June, 2010)

• ACTA : removed Three-Strikes provision frompublic draft

J.-H. Morin

Where did we go wrong?

• Where did User Experience go ?

• Where did Superdistribution go ?

• Where are the innovative Business Models, theReal-time Marketers, etc. ?

• Did DRM curb those that it meant ?

• Wasn’t DRM supposed to be an enabler ?

J.-H. Morin9

Can we finally make DRM“FUN” (i.e., User Friendly ;-) ?

• Assuming :• DRM is likely to stay and be needed (managed content)

• Absolute security is neither achievable nor desirable

• Given the right User Experience and Business Modelsmost users smoothly comply (e.g., iTunes)

• Most users aren’t criminals

• We needed to take a step back to :

• Critically re-think DRM

• Reconsider the debate outside the either/or extremes oftotal vs. no security

• Re-design DRM from ground up

J.-H. Morin1010

Rethinking & Redesigning DRM

• Acknowledge the Central role of the User and UserExperience• Reinstate Users in their roles & rights• Presumption of innocence & the burden of proof

• Fundamental guiding principle to Rethink and RedesignDRM : Feltens’ “Copyright Balance” principle (Felten,2005)

“Since lawful use, including fair use, of copyrighted works is in thepublic interest, a user wishing to make lawful use of

copyrighted material should not be prevented from doing soby any DRM system.”

• Claim and Proposition :• Put the trust back into the hands of the users• Reverse the distrust assumption• Requires a major paradigm shift & change of mindset

The Exception Management Model

J.-H. Morin1212

Rethinking & Redesigning DRM(cont.)

• Exception Management in DRM environments, mixingwater with fire ? Not necessarily !

• Reversing the distrust assumption puts the user “incharge”, facing his responsibilities

• Allow users to make Exception Claims, granting themShort Lived Licenses based on some form of logging andmonitoring

• Use Credentials as tokens for logging to detect andmonitor abuses

• Credential are Revocable in order to deal with abuse andmisuse situations

• Mutually acknowledged need for managed content whileallowing all actors a smooth usability experience

(Morin and Pawlak, 2007, 2008); (Morin 2008, 2009)

J.-H. Morin13

Exception Management in DRMEnvironments

• What is an Exception ?• A claim made by a user wishing to rightfully access /

use content

• Based on « real world » credential patterns• Delegation model based on chained authorities• Credential authorities closer to the users• Locally managed and held (credential store)• Short lived or fixed life time• Revocable• Late binding (enforcement point)

• Model is auditable for abuse and includesrevocation capabilities• Burden of proof on the party having a justifiable reason

to claim abuse (presumption of innocence)• Monitoring in near real time of security policies

J.-H. Morin14

Conclusion

• Can DRM “go green” before we all “go dark” ?

• If so, we might be able to address some“Serious” societal issues while restoring UserExperience along the way !

• Moving forward : A Call For ACTION !• Critically re-think and re-design DRM out of the box

• Involve equally all stakeholders

• Find new innovative Business Models

• Limit law to a “justifiable” level

• Remember technology is just the means

• What Information Society do we want tolive in ?

J.-H. Morin15

Security is bypassed notattacked

Inspired by Adi Shamir, Turing Award lecture, 2002

Jean-Henry MorinUniversity of Geneva – CUI

Dept. of Information Systems

Jean-Henry.Morin@unige.chhttp://jean-henry.com/

Thank you

Join theConversation…