Dr. Dobb's is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Channels ▼
RSS

Legal and Binding

By Mark Baugher, February 11, 2002

The DMCA threatens Internet open standards development and could make research into protection mechanisms illegal.

Why They'll Need Open Standards

Many studios and record labels have attempted or are attempting to start Internet-based businesses. Napster was arguably the most successful Internet entertainment venture to date. Many consumers want to use a service to share music on the Internet, but today there are likely few services that are operating completely within regional laws, at least in the U.S. Rather than serve up compelling businesses such as Napster, some big entertainment companies have served up the Hollings Bill, which places severe constraints and costs on digital devices by requiring CPS to be embedded in digital devices. (See the sidebar, "Race Against Time.")

The problem with forcing CPS technology is that copyright protection systems cannot prevent copyright violation, as repeatedly demonstrated by DeCSS and other tools. Even if someone were to invent an unbreakable CPS that was widely deployed for, say, movies, a customer could nonetheless rip a movie after the signal has been decrypted and put it onto the Internet for widespread distribution.

Conventional law enforcement will be the only recourse for rights holders. Complex CPS technology behaves as Schneier described it, it doesn't deter the professional and is overkill for ordinary users who might be tempted to make a copy.

Fortunately, selling copyrighted content without tight restrictions isn't always considered sinful. A compelling content-trading service will let its customers use content works in a variety of ways. If a consumer wants to make a copy, the company will provide a service to make copies; if the consumer wants to write the content work to a DVD, a good service will provide a DVD writing service; and so on. A technology VP from a major media company told me that his firm wasn't opposed to copying per se, but that the company doesn't yet know how to match consumer preferences for using content works.

This is not an engineering problem, but a series of legal and logistical issues among rights holders. Even a copyright protection system is secure when its users and owners have a stake in protecting its secrets and keeping it functioning properly. It's likely that most people prefer to spend time enjoying content over configuring nodes on an illegal content-trading network.

Because we don't conclusively know consumer preferences for using Internet content-trading, and because the necessary business models aren't in place, technologies must be very flexible. Open standards are flexible because they introduce modularity and interoperability. Internet open-standard technologies may not hide content works on computers or enforce copyright provisions in an entertainment appliance, but open protocols provide the infrastructure for businesses that trade in content works on the Internet. These businesses need open development.

Where Will It End?

This is less of a rant against the DMCA and more of a prediction. One might reasonably predict that the DMCA will encounter stiff resistance in the short run and leave little effect on open standards in the long run. This is because the underlying content protection technologies are inevitably weak, even though they may use some of the most important technologies in the public domain (such as the Advanced Encryption Standard or Internet key management). It's hard for me to imagine that U.S. and international research and development into such technologies could be shut down by the DMCA. It's certainly possible, but hopefully the impending legal battles will loosen restrictions.

Open standards guided by the principle of end-to-end interoperability provide a cheap way to interconnect devices on a global scale. It's cheaper for the provider and the user because open standards make it possible to remove a part without drastically affecting the whole. If a particular CPS or player or codec isn't suitable for a service, it's easier to replace when these devices connect through standard protocols. This is a cost savings to operators and their customers; it also encourages rapid deployment of new devices.

Standards built on licensed technology complement open standards when licensing terms and conditions are needed. A licensing authority can constrain a licensee to use a technology in secure or safe ways. Even the best technology, such as the RSA algorithm, can be compromised when used incorrectly. Big entertainment and consumer-electronics companies will likely insist upon using licensed technology for their information products, and will want technical protection measures to protect copyrighted products.

On the Internet, however, such copyright protection systems will need to use standard services for naming and identifying digital items, for locating digital items, for secure transactions with Web sites, for encryption, decryption, and key management. The infrastructure necessary for digital rights management and copyright protection systems are only a small part of it.

It's unreasonable to expect that all of these technologies and standards will be duplicated in the form of licensed technologies. It's more likely that licensed technologies will use open-standard technologies that must continue to be developed without hindrance from the DMCA.

Mark Baugher is co-chair of the Internet Research Task Force DRM Research Group and former chair of the Internet Streaming Media Alliance DRM Task Force. He contributes to the GDOI group key management protocol in the IETF MSEC Working Group and the Secure Real Time Transport Protocol in the IETF AVT Working Group. Mark joined Cisco Systems in 2001 and currently works on cryptographic security in the Core IP Engineering Division.


Race Against Time
by Neil McAllister

As a former general counsel to the CIA and a recipient of that agency's highest honor, when it comes to security issues, Michael O'Neil knows what he's talking about. And lately, he's been worried. Speaking before an audience of computing industry representatives at the Microsoft Trusted Computing Forum in November 2001, O'Neil couldn't have been more blunt. "Help yourselves," he urged. "Fix security soon, or Washington will do it for you."

He was referring to the proposed Security Systems Standards and Certification Act (SSSCA), currently making the rounds in Congress. Sometimes called the "Hollings Bill," the legislation was drafted by Senator Eugene "Fritz" Hollings (D-SC) as an attempt to force the software industry to improve the security of network infrastructures.

"There is little financial incentive for private companies to enhance the security of the Internet and other infrastructures as a whole," the draft bill reads. "The Federal government will need to make investments in this area to address issues and concerns not addressed by the private sector."

The idea of such "investments" is troubling to security experts like O'Neil, who fear an ill conceived, knee-jerk response from Capitol Hill in light of the recent terrorist attacks. "Congress is going to want action on security," he said, "not because it might be effective, but because they need to do something." O'Neil encouraged his audience to take proactive steps to improve security before lawmakers took the issue out of their hands.

Jack Valenti couldn't agree more. A month after the Trusted Computing Forum, Valenti, president and CEO of the Motion Picture Association of America (MPAA) echoed O'Neil's words during a one-day workshop on broadband and digital content organized by the U.S. Commerce Department. "If we don't sit down and talk, others will do this for us," he said.

Valenti is no security expert, but he is one of the most outspoken adversaries of what he calls "the tyranny of piracy" threatening the American film and television industry. While O'Neil's comments sprang from a sincere belief that action is necessary, many view Valenti's sentiments as the clearest possible example of the dark side of the SSSCA.

Opponents of the legislation see its ambiguity as an open door for new legislation that could mandate digital rights management (DRM) for consumer electronics devices. The draft bill's provisions extend not merely to Internet servers, but to any "interactive digital device," a term so broad that some believe it could include nearly anything, from PDAs to video game consoles to televisions. And, in a nod to the Digital Millennium Copyright Act, the SSSCA would make it a crime to disable any electronic security measures approved by Congress.

Taken in that context, some analysts see Valenti's comments not as a warning, but as a threat. Help me push for rights-protected content across every media format, the Washington insider and former aide to President Johnson seems to be saying, or I'll have my friends in Congress do it for me.

Little wonder, then, that Microsoft has gone to such lengths to introduce DRM technologies into its OS and media platforms. What company could be more gun-shy of government intervention than the Redmond giant? According to Andy Moss, Microsoft's director of technology policy, it would much rather see market forces determine such issues. Asks Moss, "Where's the evidence the marketplace doesn't work?"



Previous 1 2 3 

Related Reading

News

Commentary

Slideshow

Video

Most Popular

More Insights

White Papers

More >>

Reports

More >>

Webcasts

More >>
INFO-LINK




Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Recent Articles

Most Popular

Stories Blogs

Upcoming Events



Most Recent Premium Content

Digital Issues