format, MP3, which compresses and renders audio,1 is not associated with any type of use controls. Napster posts these files, or references to them, such that users can send and swap the files without any control, effectively undermining the music distribution channel, typically compact disk with read-only memory (CD-ROM). The publishers chose not to encrypt the data on CDs, for cost and other reasons.2 Music on a CD is stored digitally in a totally unencrypted way, which is why you can make copies to play in your car.

There is no way to control this problem technologically; we can only continue to raise the bar, effectively placing us in the domain of risk management. This is the core problem, which I refer to here as the trusted client security fallacy. I have complete ownership of this device, literally, physically, and in every aspect, when it is on a network. This means that, with the proper tools, I can capture that content no matter what type of controls you place on me. There are people within @stake who are experts in reverse engineering, which allows them to unlock anything that has been encrypted. If we attempt a technological solution, then there will be ways to circumvent it, which then will propagate and become much easier for the masses to use.

I believe that policy drives technology in this problem, simply because technology does not offer a complete solution. The only way to attempt a solution to mitigate risk is to adopt a hybrid approach, mixing technology and policy. Whatever system you come up with in the digital rights space must be sensitive to these policy constraints. You have to distinguish the type of content in attempting to invoke rights on it and control it. This is a fundamental premise of the way a DRM system is designed and applied.3

These policy constraints create the archenemy of security and content control—system complexities. There are serious economic consequences for the technology industry in general, because you are imposing on the end user experience. You are disrupting and removing things, such as free use of and access to information, that I have become accustomed to using on the Internet. Decisions regarding how to implement the policy and technology will affect this industry.

1  

To render means to convert a format into a human-consumable element—displaying data as images, playing data as sound, or streaming data as video.

2  

Milo Medin pointed out that the music publishers themselves created the unencrypted format in which CDs are published, effectively creating this problem. He said we cannot expect people to use a digital management format that offers them fewer capabilities than the native format in which the material originally was published.

3  

References for DRM and client-side controls can be found at <http://www.intertrust.com>, <http://www.vyou.com>, and <http://www.oracle.com>.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement