National Academies Press: OpenBook

The Digital Dilemma: Intellectual Property in the Information Age (2000)

Chapter: 5 Protecting Digital Intellectual Property: Means and Measurements

« Previous: 4 Individual Behavior, Private Use and Fair Use, and the System for Copyright
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 152

5 —
Protecting Digital Intellectual Property:
Means and Measurements

Recent years have seen the exploration of many technical mechanisms intended to protect intellectual property (IP) in digital form, along with attempts to develop commercial products and services based on those mechanisms. This chapter begins with a review of IP protection technology, explaining the technology's capabilities and limitations and exploring the consequences these capabilities may have for the distribution of and access to IP. Appendix E presents additional technical detail, attempting to demystify the technology and providing an introduction to the large body of written material on this subject.

This chapter also addresses the role of business models in protecting IP. Protection is typically conceived of in legal and technical terms, determined by what the law permits and what technology can enforce. Business models add a third, powerful element to the mix, one that can serve as an effective means of making more digital content available in new ways and that can be an effective deterrent to illegitimate uses of IP.

The chapter also considers the question of large-scale commercial infringement, often referred to as piracy. It discusses the nature of the data concerning the rates of commercial infringement and offers suggestions for improving the reported information.

The chapter concludes with a discussion of the increasing use of patents to protect information innovations such as software and Internet business models, and explores the question of whether the patent system is an appropriate mechanism to protect these innovations.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 153

Technical Protection

The evolution of technology is challenging the status quo of IP management in many ways. This section and Appendix E focus on technical protection services (TPSs) that may be able to assist in controlling the distribution of digital intellectual property on the Internet.1 The focus here is on how technical tools can assist in meeting the objectives stated throughout the report, as well as what they cannot do and what must therefore be sought elsewhere. Appendix Explores how the tools work, details what each kind of tool brings to bear on the challenges described throughout the report, and projects the expected development and deployment for each tool. For ease of exposition,m the presentation in this chapter is framed in terms of protecting individual objects (texts, music albums, movies, and so on); however,many of the issues raised are applicable to collections ( e.g., libraries and databases),2 and many of the techniques discussed are relevant to them as well.

A number of general points are important to keep in mind about TPSs:

• Technology provides means, not ends; it can assist in enforcing IP policy, but it cannot provide answers to social, legal, and economic questions about the ownership of and rights over works, nor can it make up for incompletely or badly answered questions.

• No TPS can protect perfectly. Technology changes rapidly, making previously secure systems progressively less secure. Social environments also change, with the defeat of security systems attracting more (or less) interest in the population. Just as in physical security systems, there are inherent trade-offs between the engineering design and implementation quality of a system on the one hand and the cost of building and deploying it on the other. The best that can be hoped for is steady improvement in TPS quality and affordability and keeping a step ahead of these bent on defeating the systems.

1Note that the phrase "technical protection services" is used deliberately. Although it is tempting to talk about technical protection systems—packages of tools integrated into digital environments and integrated with each other—the committee believes that such systems are difficult to implement reasonably in the information infrastructure, an open network of interacting components, lacking boundaries that usefully separate inside and outside. In this environment it is better to talk about technical protection services; services; each service will be drawn on by information infrastructure components and will generally interact with other services.

2For example, as reported by a committee member, in February 1999 the special assistant to the director of Chemical Abstracts Service (CAS) indicated that there were one to three "hacking" attempts per day to get into the CAS database.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 154

• While technical protection for intellectual property is often construed as protecting the rights of rights holders to collect revenue, this viewpoint is too narrow. Technical protection offers additional important services, including verifying the authenticity of information (i.e., indicating whether it comes from the source claimed and whether it has been altered—either inadvertently or fraudulently). Information consumers will find this capability useful for obvious reasons; publishers as well need authenticity controls to protect their brand quality.

• As with any security system, the quality and cost of a TPS should be tailored to the values of and risks to the resources it helps protect: The newest movie release requires different protection than a professor's class notes.

• Again, as with any security system, there are different degrees of protection. Some TPSs are designed to keep honest people honest and provide only a modest level of enforcement; more ambitious uses seek to provide robust security against professional pirates.

• As with any software, TPSs are subject to design and implementation errors that need to be uncovered by careful research and investigation. Professional cryptologists and digital security experts look for flaws in existing services in order to define better products.

• TPSs almost invariably cause some inconvenience to their users. Part of the ongoing design effort is to eliminate such inconvenience or at least to reduce it to tolerable levels.

• The amount of inconvenience caused by a TPS has been correlated historically with its degree of protection. As a result, in the commercial context, overly stringent protection is as bad as inadequate protection: In either extreme—no protection or complete protection (i.e., making content inaccessible)—revenues are zero. Revenues climb with movement away from the extremes; the difficult empirical task is finding the right balance.

• Protective technologies that are useful within special-purpose devices (e.g., cable-television set-top boxes or portable digital music players) are quite different from those intended for use in general-purpose computers. For network-attached general-purpose computers, software alone cannot achieve the level of technical protection attainable with special-purpose hardware. However, software-only measures will doubtless be in wide use soon.

Here (and in more detail in Appendix E) the committee provides a layman's description of the most important technical protection mechanisms, suggesting how each can be fit into an overall protection scheme, describing the limitations of each, and sketching current research directions. There are several classes of mechanisms:

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 155

Security and integrity features of computer operating systems include, for example, the traditional file access privileges enforced by the system.

Rights management languages express in machine-readable form the rights and responsibilities of owners, distributors, and users, enabling the computer to determine whether requested actions fall within a permitted range. These languages can be viewed as an elaboration of the languages used to express file access privileges in operating systems.

Encryption allows digital works to be scrambled so that they can be unscrambled only by legitimate users.

Persistent encryption allows the consumer to use information while the system maintains it in an encrypted form.

Watermarking embeds information (e.g., about ownership) into a digital work in much the same way that paper can carry a watermark. A digital watermark can help owners track copying and distribution of digital works.

For effective protection, the developer of an IP-delivery service must choose the right ingredients and attempt to weave them together into an end-to-end technical protection system. The term ''end-to-end" emphasizes the maintenance of control over the content at all times; the term "protection system" emphasizes the need to combine various services so that they work together as seamlessly as possible.

Protecting intellectual property is a variant of computing and communications security, an area of study that has long been pursued both in research laboratories and for real-world application. Security is currently enjoying renewed emphasis because of its relevance to conducting business online.3 While security technology encompasses a very large area, this discussion is limited to describing generally applicable principles and those technical topics relevant to the management of intellectual property.4

As cryptography is an underpinning for many of the other tools discussed, the following section begins with a brief explanation of this technology.5 Next, the techniques that help manage IP within general-

3As the technology needed for IP may not be affordable for IP alone, there is the possibility of a useful coincidence: The technology needed for IP may be largely a subset of what will be needed for electronic commerce. One concrete example is the Trusted Computing Platform Alliance discussed below.

4For example, the committee passed silently over a concern closely related to IP—the effect of the digital world on personal privacy—because, although there is some intersection of the two sets of issues, they are sufficiently separable and sizable that each is best addressed in its own report.

5A closely related topic, the Public Key Infrastructure—a set of emerging standards for distributing, interpreting, and protecting cryptographic keys—is primarily of technical interest and is discussed in Appendix E.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 156

purpose computers are described. Finally the discussion turns to technology that can help in consumer electronics and other special-purpose devices.6

Encryption: An Underpinning Technology for Technical Protection Service Components

Cryptography is a crucial enabling technology for IP management. The goal of encryption is to scramble objects so that they are not understandable or usable until they are unscrambled. The technical terms for scrambling and unscrambling are "encrypting" and "decrypting." Encryption facilitates IP management by protecting content against disclosure or modification both during transmission and while it is stored. If content is encrypted effectively, copying the files is nearly useless because there is no access to the content without the decryption key. Software available off the shelf provides encryption that is for all practical purposes unbreakable, although much of the encrypting software in use today is somewhat less robust.

Many commercial IP management strategies plan a central role for what is called "symmetric-key" encryption, so called because the same key is used both to encrypt and decrypt the content. Each object (e.g., movie, song, text, graphic, software application) is encrypted by the distributor with a key unique to that object; the encrypted object can then be distributed, perhaps widely (e.g., placed on a Web site). The object's key is given only to appropriate recipients (e.g., paying customers), typically via a different, more secure route, perhaps one that relies on special hardware.

One example of an existing service using encryption in this way is pay-per-view television. A program can be encrypted with a key and the key distributed to paying customers only. (The special hardware for key distribution is in the set-top box.) The encrypted program can then safely be broadcast over public airwaves. Someone who has not paid and does not have the key may intercept the broadcast but will not be able to view it.

There is, of course, an interesting circularity in symmetric-key encryption. The way to keep a message secret is to encrypt it, but then you also have to send the decryption key so the message recipient can decrypt the message. You have to keep the key from being intercepted while it is

6Where the text that follows identifies specific commercial products and services, it is solely for the purpose of helping to explain the current state of the art. The committee does not endorse or recommend any specific product or service.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 157

being transmitted, but if you have a way to do that, why not use that method to send the original message?

One answer is hinted at above: speed. The key (a short collection of digits) is far smaller than the thing being encrypted (e.g., the television program), so the key distribution mechanism can use a more elaborate, more secure, and probably slower transmission route, one that would not be practical for encrypting the entire program.7

Another answer has arisen in the past 20 years that gets around the conundrum—a technique called public-key cryptography.8 This technique uses two different keys—a public key and a private key—chosen so that they have a remarkable property: Any message encrypted with the public key can be decrypted only by using the corresponding private key; once the text is encrypted, even the public key used to encrypt it cannot be used to decrypt it.

The idea is to keep one of these keys private and publish the other one; private keys are kept private by individuals, while public keys are published, perhaps in an online directory, so that anyone can find them. If you want to send a secret message, you encrypt the message with the recipient's public key. Once that is done, only the recipient, who knows the corresponding private key, can decrypt the message. Software is widely available to generate key pairs that have this property, so individuals can generate key pairs, publish their public keys, and keep their private keys private.

As public-key encryption is typically considerably slower (in terms of computer processing) than symmetric-key encryption, a common technique for security uses them both: Symmetric-key encryption is used to encrypt the message, then public-key encryption is used to transmit the decryption key to the recipient.

A wide variety of other interesting capabilities is made possible by public-key systems, including ways to "sign" a digital file, in effect providing a digital signature. As long as the signing key has remained private, that signature could only have come from the key's owner. These additional capabilities are described in Appendix E.

Any encryption system must be designed and built very carefully, as there are numerous and sometimes very subtle ways in which information can be captured. Among the more obvious is breaking the code: If

7The most basic form of "separate mechanism" to send the key is having a codebook of keys hand-carried to the recipient, as has been done for years in the intelligence business. This is not feasible where widescale distribution is concerned.

8The technique was first brought to practical development by R.L. Rivest, A. Shamir, and L.M. Adelman in Rivest et al. (1978). RSA Security (see <http://www.rsa.com> produces software products based on this development.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 158

the encryption is not powerful enough, mathematical techniques can be used to decrypt the message even without the key. If the key-distribution protocol is flawed, an unauthorized person may be able to obtain the key via either high technology (e.g., wiretapping) or "social engineering" (e.g., convincing someone with access to the key to supply it, a widely used approach). If the system used to read the decrypted information is not designed carefully, the decrypted information may be left accessible (e.g., in a temporary file) after it has been displayed to the user. The point to keep in mind is that cryptography is no magic bullet; using it effectively requires both considerable engineering expertise and attention to social and cultural factors (e.g., providing incentives for people to keep messages secret).9

Access Control in Bounded Communities

Perhaps the most fundamental form of technology for the protection of intellectual property is controlling access to information (i.e., determining whether the requester is permitted to access the information). A basic form of such control has been a part of the world of operating systems software almost from the time operating systems were first implemented, offering limited but useful security. In its simplest form, an access control system keeps track of the identity of each member of the user community, the identities of the data objects, and the privileges (reading, altering, executing, and so on) that each user has for each object. The system consults this information whenever it receives a service request and either grants or denies the request depending on what the privilege indicates.

Existing access control, however, offers only a part of what is needed for dealing with collections of intellectual property. Such systems have typically been used to control access to information for only relatively short periods such as a few years, using only a few simple access criteria (e.g., read, alter, execute), and for objects whose owners are themselves users and who are often close at hand whenever a problem or question arises.

In contrast, access control systems for intellectual property must deal with time periods as long as a century or more and must handle the sometimes complex conditions of access and use. A sizable collection—as indeed a digital library will be—also needs capabilities for dealing with hundreds or thousands of documents and large communities of users (e.g., a college campus or the users of a large urban library).

Such systems will thus need to record the terms and conditions of access to materials for decades or longer and make this information acces-

9See, for example, CSTB (1996).

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 159

sible to administrators and to end users in ways that allow access to be negotiated. This raises interesting questions of user authentication: For example, is the requester who he says he is? Does he have a valid library card? It also raises issues of database maintenance: For example, collections change, rights holders change, and the user community changes as library cards expire. Many other questions must be addressed as well so that systems work at the scale of operation anticipated. Some work along these lines has been done (e.g., Alrashid et al., 1998), but a considerable amount of development work is still needed.

Some attempts have also been made to represent in machine-readable form the complex conditions that can be attached to intellectual property. This is the focus of what have been called rights management languages, which attempt to provide flexible and powerful languages in which to specify those conditions.10 DPRL (Ramanujapuram, 1998), for example, attempts to offer a vocabulary in which a wide variety of rights management terms and conditions can be specified.

An important characteristic of these languages is that they are machine-readable (i.e., the conditions can be interpreted by a program that can then grant or deny the desired use). This is superficially the same as a traditional operating system, but the conditions of access and use may be far more complex than the traditional notions used in operating systems. In addition, as will be shown below, these languages are quite useful outside the context of bounded communities. Finally, although large-scale systems have yet to be deployed, rights management language design is not perceived as a roadblock to more robust TPSs.

Enforcement of Access and Use Control in Open Communities

Access control systems of the sort outlined above can be effective where the central issue is specifying and enforcing access to information,

10MPEG-4 offers a general framework of support for rights management, providing primarily a structure within which a rights management language might be used, rather than a language itself. It is nonetheless interesting, partly because it represents the growing recognition that rights management information can be an integral part of the package in which content is delivered. The standard specifies a set of IP management and protection descriptors for describing the kind of protection desired, as well as an IP identification data set for identifying objects via established numbering systems (e.g., the ISBN used for books). Using these mechanisms, the content providers can specify whatever protection strategy their business models call for, from no protection at all to requiring that the receiving system be authorized via a certified cryptographic key, be prepared to communicate in an encrypted form, and be prepared to use a rights management system when displaying information to the end user. For additional information on MPEG-4, see Konen (1998) and Lacy et al. (1998).

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 160

as is typically true in bounded communities represented by, for example, a single corporation or a college campus. In such communities much greater emphasis is placed on questions of original access to information than on questions of what is done with the information once it is in the hands of the user. The user is presumed to be motivated (e.g., by social pressure or community sanctions) to obey the rules of use specified by the rights management information.

A larger problem arises when information is made accessible to an unbounded community, as it is routinely on the Web. The user cannot in general be presumed to obey rules of use (e.g., copyright restrictions on reproduction); therefore, technical mechanisms capable of enforcing such rules are likely to be needed.

A variety of approaches has been explored. The simpler measures include techniques for posting documents that are easily viewed but not easily captured when using existing browsers. One way to do this uses Java routines to display content rather than the standard HTML display. This gives a degree of control over content use because the display can be done without making available the standard operating system copy-and-paste or printing options. A slightly more sophisticated technique is to use a special format for the information and distribute a browser plug-in that can view the information but isn't capable of writing it to the disk, printing, and so on. Knowledgeable users can often find ways around these techniques, but ordinary users may well be deterred from using the content in ways the rights holder wishes to discourage.

There are also a number of increasingly complex techniques for controlling content use that are motivated by the observation made earlier, that digital IP liberates content from medium—the information is no longer attached to anything physical. When it is attached to something physical, as in, say, books or paintings, the effort and expense of reproducing the physical object offers a barrier to reproduction. Much of our history of and comfort with intellectual property restrictions is based on the familiar properties of information bound to physical substrates. Not surprisingly, then, some technical protection mechanisms seek to restore these properties by somehow "reattaching" the bits to something physical, something not easily reproduced. The description that follows draws on features of several such mechanisms as a way of characterizing this overall approach.

Encryption is a fundamental tool in this task. At a minimum, encryption requires that the consumer get a decryption key, without which a copy of the encrypted content is useless. Buy a digital song, for example, and you get both an encrypted file and a password for decrypting and playing the song.

But this approach secures only the original access to the content and

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 161

its transit to the consumer. Two additional problems immediately become apparent. First, the content is still not "attached" to anything physical, so the consumer who wished to do so could pass along (or sell) to others both the encrypted content and the decryption key. Second, the consumer could use the key to decrypt the content, save the decrypted version in a file, and pass that file along to others.

There are several ways to deal with the first problem that involve "anchoring" the content to a single machine or single user. One technique is to encode the identity of the purchaser in the decryption key, making it possible to trace shared keys back to their source. This provides a social disincentive to redistribution.11 A second technique is for the key to encode some things about the identity of one particular computer, such as the serial number of the primary hard drive, or other things that are unlikely to change.12 The decryption software then checks for these attributes before it will decrypt the content. A third technique calls for special hardware in the computer to hold a unique identifier that can be used as part of the decryption key. Some approaches call for this hardware to be encased in tamper-resistant cases, to discourage tampering even by those with the skill to modify hardware. One form of tamper resistance involves erasing the key if any attempt is made to open or manipulate the chip containing it.

Whatever the approach, the intended result is the same—the content can be decrypted only on the machine for which the decryption has been authorized.

But even this protection alone is not sufficient, because it is not persistent. The consumer may legally purchase content and legally decrypt it on her machine, then (perhaps illegally) pass that on to others who may be able to use the information on their machines. The final technological step is to reduce the opportunities for this to happen. Two basic elements are required: (1) just-in-time and on-site encrypting and (2) close control of the input/output properties of the machine that will display the content. Decrypting just in time and on site means that the content is not decrypted until just before it is used, no temporary copies are ever stored, and the information is decrypted as physically close to the usage site as possible. An encrypted file containing a music album, for instance, would not be entirely decrypted and then played, because a sophisticated pro-

11This also has privacy implications that consumers may find undesirable.

12Hard drives typically have serial numbers built into their hardware that can be read using appropriate software but cannot be changed. However, because even hard disks are replaced from time to time, this and all other such attempts to key to the specific hardware will fail in some situations. The idea of course is to select attributes stable enough that this failure rarely occurs.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 162

grammer might find a way to capture the temporary decrypted file. Instead, the file is decrypted "on the fly" (i.e., as each digital sample is decrypted, it is sent to the sound-generation hardware), reducing the ease with which the decrypted sample can be captured. On-site decryption involves placing the decryption hardware and the sound-generation hardware as physically close as possible, minimizing the opportunity to capture the decrypted content as it passes from one place to another inside (or outside) the computer.13

Some playback devices are difficult to place physically near the computer's decryption hardware. For example, digital camcorders, digital VCRs, digital video disk (DVD) movie players, and so on all require cables to connect them to the computer, which means wires for interconnection, and wires offer the possibility for wiretapping the signal.

One approach to maintaining on-site decryption for peripheral devices is illustrated by the Digital Transmission Content Protection (DTCP) standard, an evolving standard developed through a collaboration of Hitachi, Intel, Matsushita, Sony, and Toshiba (see Box 5.1). The computer and the peripheral need to communicate to establish that each is a device authorized to receive a decryption key. The key is then exchanged in a form that makes it difficult to intercept, and the content is transmitted over the wire in encrypted form. The peripheral device then does its own on-site decryption. This allows the computer and peripheral to share content yet provides a strong degree of protection while the information is in transit to the decryption site.

But even given just-in-time and on-site decryption, a sophisticated programmer might be able to insert instructions that wrote each decrypted unit of content (e.g., a music sample) to a file just before it was used (in this case sent to the sound-generation hardware). Hence, the second basic element in providing persistent encryption is to take control of some of the routine input and output (I/O) capabilities of the computer. There are a number of different ways to attempt this, depending partially on the degree to which the content delivery system is intended to work on existing hardware and software.

The largest (current) market is of course for PCs running off-the-shelf operating systems (such as Windows, Mac, and Linux). In that case the content delivery system must use the I/O routines of the existing operating system. The difficulty here is that these routines were not designed to hide the information they are processing. As a result, using an existing operating system opens another door to capturing the decrypted content.

13Information may be captured by physically wiretapping the cables that route signals inside and outside the computer.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 163

BOX 5.1
Characteristics of the DTCP Copy Protection Standard

Copy control information (CCI). Rights holders need a way to specify how their content can be used. The system offers three distinct copy control states included in the data signature—no copies permitted, one copy permitted and data not protected. Compliant copy control devices must be able to extract from the copyrighted material and act in accordance with the contained instruction. Note that view of time-shifted content using a digital recorder is not possible material marked as "no copies permitted," The one-copy state has been specifically created to allow digital recorder time shifting.

Device authentication and key exchange. Before sharing valuable information, a connected device must first verify that another connected device is authentic. This layer defines the set of protocols used to ensure the identity, authenticity and compliance of affected devices prior to the transfer of any protected material

Content encryption Protected data is encrypted for transmission to reduce the opportunity for unauthorized access to the material. Encryption is necessary because data placed on the wire is (often) simultaneously to all connected devices, not just the one device for which it is intended. Encrypting the data with keys known only to the sending and receiving devices protects the data while it is in transit.

System renewability. System renewability ensures long-term integrity of the system through the revocation of compromised devices.

NOTE: See <http://www.dtcp.com> for additional information.

Content delivery systems that wish to work in the environment of such operating systems attempt, through clever programming, to reduce the opportunities to capture the decrypted information while the operating system is performing output. But given existing operating systems, abundant opportunities still exist for a sophisticated programmer.

More complex proposals call for replacing parts of, or even the entire, operating system, possibly right down to the BIOS, the basic input/output routines embedded in read-only memory in the computer hardware. Such computers would instead use specially written routines that will not read or write without checking with the decryption hardware on the computer to ensure that the operation is permitted under the conditions of use of the content. This more ambitious approach faces the substantial problem of requiring not only the development of a new and complex operating system but the widespread replacement of the existing installed base as well. This clearly raises the real possibility of rejection by consumers.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 164

The final problem is the ultimate delivery of the information: Music must be played, text and images displayed, and so on. This presents one final, unavoidable opportunity for the user to capture the information. The sophisticated owner of a general-purpose computer can find ways to copy what appears on the screen (e.g., screen capture utilities) or what goes into the speakers (connect an analog-to-digital converter to the speaker wires). As is usual in such matters, the expectation is that this will be tedious enough (capturing a long document screenful by screenful), complex enough (hooking up the converter), or of sufficiently low quality (the captured speaker signal is not identical to the digital original) that all but the most dedicated of thieves will see it as not worth the effort. Nevertheless, those who place substantial faith in elaborate TPSs should keep in mind the necessity of presenting information to the user and the opportunity this provides for capture.

More generally, because all protection mechanisms can eventually be defeated at the source (e.g., as it was with a2b encoding and Windows Media; see Chapter 2), the key questions concern trade-offs of cost and effectiveness. A good mechanism is one that provides the degree of disincentive desired to discourage theft but remains inexpensive enough so that it doesn't greatly reduce consumer demand for the product. A good deal more real-world experience is needed before both vendors and consumers can identify the appropriate trade-offs.

Currently, any system aiming to provide substantial technical protection will rely on encryption, anchoring the bits to a specific machine, and making encryption persistent through just-in-time decryption and low-level control of I/O. Systems using one or more of these ideas are commercially available, and others are under active development. Music delivery systems such as AT&T's a2b and Liquid Audio's Liquid Player, for example, are commercially available. InterTrust, IBM, and Xerox are marketing wide-ranging sets of software products aimed at providing persistent protection for many kinds of content.14 Similar efforts currently under development include the Secure Digital Music Initiative (discussed in Chapter 2) aimed at providing a standard for protecting music.

Copy Detection in Open Communities: Marking and Monitoring

When a valuable digital object is not encrypted and is outside the sphere of control of its rights holder, the only technical means of hinder-

14See <http://www.a2bmusic.com> for information about a2b, <http://www.liquidaudio.com> for information about Liquid Audio, <http://www.ibm.com/security/html/cryptolopes.html> for information on the IBM products, <http://www.intertrust.com> for information on InterTrust offerings, and <http://www.contentguard.com> for information on Xerox's offerings.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 165

ing misuse is to change it in ways that discourage wrongdoing or facilitate detection. A variety of approaches have been used to accomplish these goals. One technique calls for releasing only versions of insufficient quality for the suspected misuses. Images, for example, can be posted on the Web with sufficient detail to determine whether they would be useful, for example, in an advertising layout, but with insufficient detail for reproduction in a magazine.

Another technique embeds in the digital document information about ownership, allowed uses, and so on. One of the simplest and most straightforward ways to do this is by labeling the document in a standard way (so the label can be found) and in a standard vocabulary (so the terms of use may be widely understood). In its simplest format, a digital label could take the form of a logo, trademark, or warning label (e.g., ''May be reproduced for noncommercial purposes only"). Labels are intended to be immediately visible and are a low-tech solution in that they are generally easily removed or changed, offering no enforcement of usage terms.

Labels could, nevertheless, ease the problem of IP management, at least among the (fairly large) audience of cooperative users. Consider the utility of having every Web page carry a notice in the bottom right corner that spelled out the author's position on use of the page. Viewers would at least know what they could do with the page, without having to guess or track down the author, allowing cooperative users to behave appropriately. Getting this to work would require spreading the practice of adding such information, so that authors did it routinely, and some modest effort to develop standards addressing the kinds of things that would be useful to say in the label. There is an existing range of standard legal phrases.

A second category of label attached to some digital documents is a time stamp, used to establish that a work had certain properties (e.g., its content or the identity of the copyright holder) at a particular point in time. The need for this arises from the malleability of digital information. It is simple to modify both the body of a document and the dates associated with it that are maintained by the operating system (e.g., the creation date and modification date).

Digital time stamping is a technique that affixes an authoritative, cryptographically strong time stamp to digital content; the label can be used to demonstrate what the state of the content was at a given time. A third-party time-stamping service may be involved to provide a trusted source for the time used in the time stamp. Time-stamping technology is not currently widely deployed.15

15Some products do exist, including WebArmor (see <http://www.webarmor.com> and Surety's Digital Notary Service (see <http://www.surety.com>.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 166

Where the labels noted above are separate from the digital content, another form of marking embeds the information into the content itself. Such digital alterations are called watermarks and are analogous to watermarks manufactured into paper. An example cited earlier described how a music file might be watermarked by using a few bits of some music samples to encode ownership information and enforce usage restrictions. The digital watermark may be there in a form readily apparent, much like a copyright notice on the margin of a photograph; it may be embedded throughout the document, in the manner of documents printed on watermarked paper, or it may be embedded so that it is normally undetected and can be extracted only if you know how and where to look, as in the music example.16 Visible watermarks are useful for deterrence, invisible watermarks can aid in proving theft, and a watermark distributed through a document can by design be difficult to remove, so that it remains detectable even if only part of the document is copied.

The objectives, means, and effectiveness of marking technologies depend on a number of factors. Designing an appropriate watermark means, for instance, asking what mix is desired of visibility (Should the mark be routinely visible?), security (How easy is it to modify the mark?), and robustness (What kinds of modifications, such as printing a picture and rescanning it, can the mark survive?). The nature and value of the information clearly matters. A recent hit song needs different treatment than a Mozart aria. Modality also matters. Sheet music is watermarked differently than an audio recording of a performance. Some things are difficult to watermark. Machine code for software cannot be watermarked in the same way as music, because every bit in the program matters; change one and the program may crash. Identifying information must instead be built into the source code, embedded in a way that the information gets carried into the machine code but does not adversely affect the behavior of the program.17 Watermarking digital text also presents challenges: How can, say, an online version of The Grapes of Wrath be marked to include a digital watermark, without changing the text? One trick is to change the appearance of the text. The watermark can be encoded by varying the interline and intercharacter spacing slightly from what would be expected; the variation encodes the information.

Marking a document is of course only half the battle; monitoring is

16Embedding IP ownership information in documents in subtle ways has a long history and had been used much before the arrival of digital information. One of the oldest and simplest techniques is the mapmaker's trick of inserting nonexistent streets or roads. Similarly, text has been "marked" by distributing versions with small changes in wording.

17This is not difficult technologically, but it adds another step to the marking process and can present significant additional overhead.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 167

needed in order to detect the presence of unauthorized copies. A number of efforts have been made in this direction, many of which rely on "Web crawlers," programs that methodically search the Web looking for documents bearing a relevant watermark. An IP management system that watermarked images, for example, would also have a Web searching routine that examined publicly available image files for that system's watermarks. This is an active area of work; systems have been developed in both the commercial and academic world.18

Marking and monitoring technologies do not attempt to control users' behavior directly. In particular, they do not attempt to prevent unauthorized copy and modifications. Rather, they attempt to make these actions detectable so that rights holders can seek legal redress when infringements have been detected. Frequently their intent is simply to indicate that copying is prohibited; the utility of these technologies relies on the fact that many people are honest most of the time.

Trusted Systems

The preceding discussion of technical protection mechanisms points out that the strongest intellectual property protection requires embedding protection mechanisms throughout the computer hardware and software at all levels, right down to the BIOS. In one vision of the future, security will become a major influence on the design of computing and communications infrastructure, leading to the development and widespread adoption of hardware-based, technologically comprehensive, end-to-end systems that offer information security, and hence facilitate creation and control of digital IP. There has been some research (and a great deal of speculation and controversy) about these so-called "trusted systems," but none is in widespread use as of 1999.

One example of this vision (Stefik, 1997b) seeks to enable the world of digital objects to have some of the same properties as physical objects. In these systems, when a merchant sells a digital object, the bits encoding that object would be deposited on the buyer's computer and erased from the merchant's computer. If the purchaser subsequently "loaned" this digital object, the access control and rights management systems on the lender's computer would temporarily disable the object's use on that computer while enabling use on the borrower's computer. These changes

18Digimarc at <http://www.digirnarc.com> is one example of a commercial watermarking and tracking system; Stanford's Digital Library project at <http://www-diglib.stanford.edu/diglib/pub/> has produced systems for detecting copying of text and audio files, using feature extraction techniques to enable fast searching and detection of partial copies.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 168

would be reversed when the object is returned by the borrower to the lender.

The published literature (see, e.g., Stefik, 1997a,b) is fairly clear on what trusted systems are supposed to accomplish, but it does not spell out in technical detail how they are supposed to accomplish it. Stefik, for example, is clear on the need for some sort of hardware component (Stefik, 1997b) to supplement the Internet and PC world of today,19 but he says little about how that component would work or how it would be added to today's infrastructure. Here, we explore two general ways in which trusted systems might be implemented, then consider the barriers they face.

One way to increase control over content is to deliver it into special-purpose devices designed for purchase and consumption of digital content, but not programmable in the manner of general-purpose PCs. For example, game-playing machines, digital music players, electronic books, and many other types of devices could be (and some are) built so that each one, when purchased, contains a unique identifier and appropriate decoding software. The devices could then be connected to the Web in much the same way as general-purpose computers and download content encrypted by distributors. Legitimate devices would be able to (1) verify that the content came from an authorized distributor, (2) decrypt and display the content (the meaning of "display" depending on whether the content is text, video, audio, and so on), and (3) force the device owner to pay for the content (perhaps by checking before decrypting that the subscription fee payment is up-to-date).

It is expensive to design, manufacture, and mass market such a special-purpose device, and an entire content-distribution business based on such a device would necessitate cooperation of at least the consumer-electronics and content-distribution industries, and possibly the banking and Internet-service industries as well. A particular business plan could thus be infeasible because it failed to motivate all of the necessary parties to cooperate or because consumers failed to buy the special-purpose devices in sufficient numbers. The failure of the Divx player for distribution of movies is perhaps an instructive example in this regard.20

Hardware-based support for IP management in trusted systems could also be done using PCs containing special-purpose hardware. Because such machines would have the full functionality of PCs, users could con-

19For example, a tamperproof clock to ensure that rights are not exercised after they expire or to secure memories to record billing information (Stefik, 1997b).

20Production of Digital Video Express LP, or Divx, was terminated by Circuit City in June 1999 (Ramstad, 1999). Although it was not designed to download content from the Web, it was in many other respects the sort of device suggested above.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 169

tinue to use them for everything that they do today. The intent would be that because they had secure hardware, content distributors and their customers could conduct business just as they could in the information-appliance scenario, but without customers having to buy a separate special-purpose device. One problem here, suggested above, is that the content must, eventually, be presented to the user, at which point it can be captured. The capturing may be a slow and perhaps painful process, but, if the content in question is of sufficient value, pirates may well be motivated to go to the effort or to write software that will automate the effort.

The trusted systems scenario faces substantial challenges, in part because accomplishing it would require changes to the vast installed base of personal computers, changes that the marketplace may reject. The need for specialized hardware would require buying new machines or retrofitting existing computers with hardware ensuring that the computer user was able to do with the digital object exactly those actions specified by the rights management language. The tight control of input and output, for example, if universally enforced, would be experienced by the user as an inability to do print redirection, the ability that permits the personal computer user to save into a local file anything he or she can see on the screen or print. The committee finds it questionable whether computer owners would accept the inconvenience, risk, and expense of retrofitting their machines with a device that makes them more expensive and in some ways less capable.

The case is less obvious where purchasing new machines is concerned, but even here there is a substantial question of what will motivate buyers to purchase a machine that is more expensive (because of the new hardware and software) and, once again, less capable in some ways. Note, too, that although consumers might benefit from access to content that would not have been released without trusted systems in place, significant benefit from such systems would accrue to content originators, while the costs would be borne principally by content users.21

There are two plausible scenarios for the adoption of such an approach: the "clean slate" scenario and the "side effect" scenario. The clean slate scenario involves the introduction of new technology, which avoids the problem of an installed base and offers opportunities to mandate standards. DVD offers one such example: The hardware and software for a player must use certain licensed technology and obey certain protection standards in order to be capable of playing movies. Such requirements can be set in place at the outset of a new technology, before there is an installed base of equipment without these capabilities. Given

21For a more thorough discussion of this issue, see Gladney and Lotspiech (1998) and the works it cites.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 170

the size of the installed base of computers and their continuing utility, it is not clear what would provide the analogous clean slate opportunity for trusted systems.

The "side effect" scenario involves technology that is introduced for one reason and turns out to be useful for a second purpose.22 In this case, the initial reason is business-to-business electronic commerce; the second purpose is IP protection. The Trusted Computing Platform Alliance, a collaborative effort founded in October 1999 by Compaq, HP, IBM, Intel, and Microsoft, is aimed at "building confidence and trust of computing platforms in e-business transactions."23 It plans to provide security at the level of the hardware, BIOS, and operating system, i.e., thoroughly integrated into the system in ways that would make it transparent to the user. This is a very ambitious undertaking that will require a considerable, coordinated effort among several manufacturers, and its success is far from guaranteed.

Nevertheless, should the alliance make substantial progress, it would offer a foundation for business-to-business e-commerce and would also mean that PCs would likely come equipped with hardware and software that provided a natural foundation for TPSs aimed at IP protection. This report noted earlier that the marketplace for electronic information might benefit from the marketplace infrastructure built for electronic commerce; it may be the case that the computer hardware and software built for secure electronic commerce will turn out to be a useful foundation for IP protection on individual computers.

An alternative version of the trusted system notion envisions creating software-based IP management systems whose technical protection arises from a variety of software tools, including encryption, watermarking, and some of the technologies discussed above. Although this would not provide the same degree of protection as systems using both software and special hardware, it may very well offer sufficient strength to enable an effective marketplace in low- to medium-value digital information. For a variety of nontechnical reasons discussed at length in Gladney (1998), the integration phase of such systems is proceeding slowly, with end-to-end systems not nearly as well developed or well understood as the individual technical tools.

22In fact there is some reason to believe that general-purpose computers are being used increasingly for entertainment purposes, such as stereo listening, recording studios, and high-tech photo albums, as well as for traditional PC entertainment applications such as computer games, based on a "totally unexpected surge in U.S. home PC buyers," according to industry analyst Roger Kay commenting in McWilliams (1999).

23See <http://www.trustedpc.org>.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 171

Protection Technologies for Niches and Special-Purpose Devices

As the discussion above makes clear, there are substantial challenges in creating technical protection services capable of working effectively in the context of a general-purpose computer. However, with more specialized devices, or in contexts of limited uses of the computer, additional techniques may be employed.

For example, for high value, specialized software with smaller, more narrowly defined markets, hardware-based copy protection schemes have had some success. In the computer-aided design software market, for instance, products are distributed with "dongles," simple physical devices that plug into the printer port; the software does not function unless the dongle is installed. But dongles have been tried and have proven impractical for mass market software: Consumers rapidly became frustrated with the need to keep track of a separate dongle for each application and each of its upgrades.

For specific devices, like CD players, copy protection can be based on hardware built into the device. This hardware makes it difficult to use CD-ROM recorders to create unauthorized copies of disks with commercially valuable music, software, or other content. For example, Macrovision's SafeDisc technology uses digital signature, encryption, and hardware-based copy protection in a TPS that is transparent to the user of a legitimate disk.24 The content of the CD-ROMs is encrypted and digitally signed. The physical copy protection technology prevents CD-ROM readers and other professional mastering equipment from copying the digital signature. This in turn prevents unauthorized copying, because the content can be decrypted only when the digital signature can be read and verified.

Digital video disks provide a second example of hardware-based copy protection for special-purpose devices, in this case for use by the entertainment industry (see Box 5.2).

Technical Protection Services, Testing, and the Digital Millennium Copyright Act of 199825

Understanding the interaction of intellectual property and technical protection services requires an understanding of how technical protection methods and products are developed. One key feature of the technology underlying TPSs is that its creation proceeds in an adversarial manner.

24SafeDisc is targeted at the software publishing market. See <http://www.macrovision.com> for more information.

25These issues are discussed at greater length in Appendix G.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 172

BOX 5.2
Digital Video Disks

Developed by studios and consumer electronics companies in late 1995, digital video disks (DVDs) are used in the entertainment industry to distribute movies and other content. DVDs are compatible with CDs and are of the same size and thickness as CDs, but they have much more capacity—up to 25 times as much as a CD.

Content on DVDs can be protected by a variety of mechanisms:

• Data on the DVD can be encrypted using a system called the content scrambling system (CSS)

• Each disk can indicate whether the contents can be copied, enabling serial copy management. For example, a device getting information from a disk marked "one copy" must change the information on its version to indicate "no [more] copies."

• The DTCP protocol described in Box 5.1 can be used to encrypt information for transmission from the DVD player to other devices.

• Analog copy protection is inhibited by a Macrovision circuit; this adds a signal to the analog video output that will (typically) not distort the display of the video but will cause a recording device to record a significantly degraded copy. This inhibits copying DVDs to videotape.

The DVD technical protection system is useful for keeping hones people honest, but from a security point of view it has defects in its design that prevent it from being a major deterrent for skilled pirates. For example, the effectiveness of the CSS encryption scheme depends on the secrecy of the cryptographic algorithm, not just on the secrecy of the cryptographic key; this is a violation of a well-known cryptographic design principle. CSS has not been adopted elsewhere, partly due to this weakness.

In November 1999, the CSS encryption scheme was apparently broken, due in part to this very issue. Two programmers examined the software used by one DVD player, whose manufacturer had neglected to encrypt its decryption key. Examining the software enabled them to break the scheme for that one specific player, which then provided them with a window into the encryption keys used by any of the other 400-odd licensed players (Patrizio, 1999b).

One member of the community of cryptography and security researchers proposes a protection mechanism, and others then attack the proposal, trying to find its vulnerabilities. It is important that this process go on at both the theoretical and experimental levels. Proposals for new ideas are often first evaluated on paper, to see whether there are conceptual flaws. Even if no flaws are evident at this stage, the concept needs to be evaluated experimentally, because systems that have survived pencil-and-

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 173

paper attempts may still fail in actual use. This can happen either because flaws were simply not discovered in the theoretical analysis or because a sound proposal was implemented badly. Fielded implementations, not abstract designs, are what customers will use; hence, real implementations must be tested in real use.

A crucial part of the development of good technical protection mechanisms is thus the experimental circumvention, or attack, on hardware and software that are claimed to be secure. Before the device is relied on to protect valuable content, vigorous, expert attacks should be carried out, and they should be done under conditions that are as close as possible to those in which the secure hardware or software will be used.

This process is not merely good in theory; it is how good security technology and products are created, both by researchers and in commercial practice. Vendors, for example, assemble their own "tiger teams" that try to circumvent a security mechanism before it is released in the marketplace. The results of this practice validate its use. The history of the field is replete with good ideas that have been tested by the community, found to be flawed, improved, retested, and improved again. The process continues and the technology constantly gets better.26

This in turn has policy significance: Regulating circumvention must be done very carefully lest we hobble the very process that enables the development of effective protection technology. If researchers, vendors, security consultants, and others are unsure about the legal status of their activities, their effectiveness may suffer, and the quality of the resulting products may decline.

This issue arises in part as a consequence of the Digital Millennium, Copyright Act of 1998 (DMCA), the U.S. Congress's implementation of the World Intellectual Property Organization (WIPO) treaty. See Box 5.3 for a brief background on the interaction of the development of technical protection mechanisms and the policy in the DMCA.

What Makes a Technical Protection Service Successful?

Whether a TPS is successful begins with its inherent technical strength but depends ultimately on both the product it protects and the business in

26One ongoing example is the evolution of the Sun Microsystems Java programming system. When Sun launched this innovative system, one of the most important claims that it made was that server-supplied code could be run from any Java-enabled Web browser "safely." This soon turned out to be false, as shown by Dean et al. (1996), whose analysis of the underlying problem led to improvements in Sun's next release of its Java Development Kit. This process continues, as real use and experimentation uncover additional defects, leading to further repairs and improvements.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 174

BOX 5.3
Technical Protection Mechanism Development, Public Policy, and t he Digital Millennium Copyright Act

Congress included in the DMCA two kinds of anticircumvention regulations. The first kind—the access-control provision—generally outlaws circumventing technical protection measures used by rights holders to control access to their works. Simply put. it is illegal to "break" (i.e. circumvent) the technical measures, such as encryption, that rights holders use to control access to their work.1

The second kind of anticircumvention regulation—the "antidevice" provisions—generally outlaw devices that are designed or produced primarily for purposes of circumventing technical protection measures, have no commercially significant uses other then circumvention, or are marketed to circumvent technical protection measures. One of the antidevices rules outlaws devices that circumvent access controls; the other outlaws devices that circumvent use or copying controls ("access" concerns whether you can read the document, "use" focuses on what you do with it, for example, print or make a coy of it).

These provisions are, on their own terms, plausible steps providing prophylactic measures aimed at protecting intellectual property. The access-control provision does its part by defining a new legal wrong—breaking the protection mechanism—a step quite distinct from any illegal copying or other use of the content being protected. The antidevice provisions are analogous to similar laws concerning cable television descramblers, working on the presumption that it is inappropriate to manufacture devices whose intended purpose is to enable to break the law.

As Congress realized, however, problems emerge from the details. First, Congress recognized that circumvention can be done for entirely legitimate purposes, such as encryption research, computer security testing, and achieving interoperability for computer systems. In recognition of this, the access-control provision is subject to seven rather complicated— at times ambiguous—statutory exceptions that permit circumvention for purposes of the sort noted. These exceptions may not, however, exhaust the full range of legitimate purposes for bypassing technical protection systems, as Appendix G explains. The DMCA as written is inconsistent and unclear as to whether circumvention is permitted to enable fair use, though legislative history suggests that Congress intended the preservation of fair use. Future revision of this law should fix this inconsistency.

Second, Congress was apparently concerned about the potential for technical protection mechanisms to disrupt fair use and other noninfringing uses. The concern is simple. If you can't get access to content, you clearly can't make fair use of it. As a result Congress tasked the Librarian of Congress with a kind of watchdog role. The DMCA requires the Librarian of Congress to determine:

Whether persons who are users of a copyrighted work are, or are likely to be in the succeeding 3-year period, adversely affected by the prohibition under subparagraph (A) in their ability to make noninfringing uses under this title of as particular class of copyrighted works. In conducting such rulemaking, the Librarian shall examine:

1Relevant excepts from the DMCA are reprinted in the addendum to Appendix G.

(text box continued on next page)

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 175

(text box continued from previous page)

(i) the availability for use of copyrighted works;

(ii) the availability for use of works for nonprofit archival, preservation, and educational purposes;

(iii) the impact that the prohibition on the circumvention of technological measures applied to copyrighted works has on criticism, comment, news reporting, teaching, scholarship, or research.

If such an adverse effect is found, the Librarian can exempt certain classes of users of works form the access-control ban.

Third, there is a significant ambiguity in the DMCA about whether there is an implied right to get access to the tools needed to do circumvention for fair use or other legitimate purposes. It is a hollow privilege indeed to be allowed to circumvent in order to make fair use and then to be told that all the tools necessary to effect that circumvention are outlawed. Some of the exceptions to the access control provision specifically allow the development of circumvention technologies necessary to accomplish the lawful circumvention, but others do not. As a result, it is somewhat unclear from the statue whether there is an implicit right to develop or purchase a tool to engage in a lawful circumvention. This is an important question that will apparently be left to the courts to address.

Fourth, both the access-control provision and the antidevice provisions are insufficiently clear in their explanation of key concepts and their use of technical terms. Most strikingly, while the provisions indicate that ''No person shall circumvent a technological measure that effectively controls access to a work protected under this title" [sec.1201], they do not adequately explain what is meant by the phrase "effectively controls access."2 The lack of guidance on this key concept means that ordinary computing professionals cannot reasonably know whether a particular technology will be covered by the statue or not.

The DMCA anticircumvention regulations represent the U.S. implementation of a more general provision in the WIPO Copyright Treaty that requires "adequate protection" against and "effective remedies" for circumvention of technical protection measures used by rights holders to protect their works. The anticircumvention provisions of the DMCA were the subject of considerable controversy during the legislative debate on WIPO treaty implemention, and, as adopted, they bear the imprint of lobbying and political compromise. Rather than specifying a few general principles, the rules are instead very complicated, while at the same time ambiguous in important respects (as discussed in some detail in Appendix G). They adopt, moreover, a copyright-centric view of what is, in fact, a more general public policy issue: When should the circumvention of TPSs used by anyone for any purpose by permissible?

All of these difficulties illustrate the complexities of writing regulations for relatively uncharted areas involving complex and fast-moving technology.

2Section 1201(e)(3)(B) does attempt a definition of "effectively controls access": "a technological measure "effectively controls access to a work if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work." This is inadequate to permit even experienced computing professionals to know what the statute covers (see Appendix G).

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 176

which it is deployed. The vendor interested in protecting content is only partly concerned with whether a TPS satisfies an abstract technical definition of security. Indeed, most of the techniques discussed in this section can be circumvented by people who are sufficiently motivated and knowledgeable. Vendors have more concrete concerns: Does the TPS deter enough potential thieves and facilitate enough use by paying customers to produce a profitable content-distribution business?

Some of the properties that bring a TPS in line with a business model include:

Usability. A protection system that is cumbersome and difficult to use may deter paying customers. If that happens, it is a failure, no matter how successful it may be at preventing theft.

Appropriateness to the content. The cost of designing, developing, and deploying the protection system has to be in harmony with the market for the content. For content that is inexpensive or already available in a reasonably priced, non-Internet medium, there is no point to an expensive TPS that drives up the price of Internet delivery.

Appropriateness to the threat. Preventing honest customers from giving copies to their friends may require nothing more than a reasonably priced product, a good distribution system, and a clear set of instructions. At the other end of the spectrum, preventing theft of extremely valuable content that must at some point reside in a networked PC requires a very sophisticated TPS, and even the best available with current technology may not be good enough.

The cost-benefit analysis needed to design or choose an appropriate TPS—if indeed there is one—is difficult, but necessary. Distributors can lose in the marketplace because they choose a TPS that is too sophisticated or too expensive, just as easily as they can because they choose one that is too weak.

The Role of Business Models in the Protection of Intellectual Property

Intellectual property protection is frequently viewed in terms of two forces—law and technology. The law articulates what may legally be done, while technology provides some degree of on-the-spot enforcement. In the early days of the software market, for example, the copyright on some programs was enforced by distributing floppy disks that had been written in a nonstandard way, making them difficult to copy.

But law and technology are not the only tools available for grappling with the sometimes difficult task of distributing intellectual property with-

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 177

out losing control of it. In the commercial setting, a third powerful factor in the mix is the business model. By selecting appropriately from the wide range of business models available, a rights holder may be able to influence significantly the pressure for and degree of illegal copying or other unauthorized uses. By thinking creatively about the nature of the product and the needs of the customer, rights holders may be able to create new business models that are largely unaffected by the properties of digital information (e.g., the ease of replication and distribution) that are problematic in the traditional model of selling content. They may even be able to find business models that capitalize on those very properties. Hence, in addition to its traditional role of specifying the nature of the commercial enterprise, the business model may also play a role in coping with the IP difficulties that arise with products in digital form. This section explores a variety of models and their impact on the need for technical protection mechanisms and considers the interaction of law, technology, and business models.

The Impact of the Digital Environment on Business Models

As noted in Chapter 1, the introduction of digital media changes the business environment in a number of important ways. The focus here is on the impact of digital media on the intellectual property issues involved in the commercial distribution of content.27

Most business models for traditional copyrighted works involve the sale of a physical item that becomes the property of the customer. The economics of the transaction include the costs associated with creating the initial content and first copy of the work (first-copy costs), the costs of reproduction, marketing, distribution, and other overhead costs. Although copyright does not protect subsequent redistribution of the physical copy, in many cases further reproduction and distribution is protected de facto by the costs associated with creating or re-creating a physical copy nearly equal in quality to the original.

Digital information is of course not the first technology to challenge this business model. Photocopying permits the reproduction and distribution of protected works, and although the quality may not be equal to the original, if made available at a low enough price some customers will find photocopies to be acceptable substitutes. Videotapes and audiotapes are similarly vulnerable.

Digital media disrupt the traditional business model by drastically lowering the cost and effort of reproduction and distribution and by pro-

27Shapiro and Varian (1998) have studied digital media in detail, exploring a wide variety of issues encountered in doing business in this new environment.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 178

ducing copies indistinguishable from the original. While rights holders and consumers benefit from this, so of course may infringers. Additional impacts of the digital medium include the ability to reproduce material in private, increasing the difficulty of detection, and the ability to copy and distribute material very quickly, often before an intellectual property owner can even detect the offense, let alone seek injunctive relief. Natural barriers to infringement are thus eroded in the digital environment. This erosion may be sufficiently extreme at times that rights holders may be wise to reevaluate their fundamental business model. In some cases digital information may be simply unprotectable, at least in practice if not in law and in principle.

Digital media have other impacts on business models as well. Licensing, rather than sale, is becoming increasingly popular for digital media, in part because of the difficulty of retaining control of it after a sale. In this model the customer becomes a user rather than an owner, buying access to a service rather than a physical good. This raises important issues: In a world of distribution by paper, the customer owns a physical copy of the work. What is "owned" in a service offered over a network? If a library discontinues a subscription to an online journal, for example, what rights, if any, does it have to the intellectual property it had been accessing? While networked services are far from new—Dialog and Lexis-Nexis are now more than 20 years old—the nature of access rights has become a major concern with information products and must be factored into the business model.

Those distributing intellectual property in digital form over networks find they are in a business environment changed by customer perceptions and expectations. The perception is that distribution costs are lower, so customer expectations are that prices will be lower than for analog equivalents. In some cases this is true, as with, for example, the replacement of printed software manuals with online or ondisk help; here the economics clearly favor digital formats over paper. In many other cases, however, first-copy costs are higher with digital products, partly because consumers have come to expect more from digital information (e.g., indexing, searching, hyperlinks, multimedia). There are, in addition, new costs associated with digital distribution that offset at least some of the decreased traditional manufacturing costs (e.g., the cost of keeping up with the rapid evolution in browser capabilities and in Web languages).

This pressure for low-priced goods is exacerbated by the fact that on the Web, by far the largest single supply of digital information, free information currently predominates, creating expectations that content will be available free or for low prices. There is also the misperception that "free" equates to "public domain," leading some to believe that if it can be downloaded freely, it is unprotected by intellectual property law. Tradi-

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 179

tional business models are thus stressed in a number of ways by digital information; of particular significance here are the erosion of natural barriers to infringement and the pressure for inexpensive goods.

Business Models for Handling Information

Traditional business models include a wide variety of possibilities, including goods paid for solely by the buyer, goods totally or partially subsidized by advertisers, and goods given away at no charge, as well as mixes of these models. These are reviewed briefly here, to indicate how they are used in the digital environment and to set the stage for exploring less traditional business models in the next section.

Traditional Business Models

Some traditional business models are outlined below:

1. Business models based on fees for products or services:

a. Single transaction purchase. Examples: Videos, books, some software, music CDs, some text CD-ROMs, and article photocopies (document delivery).

b. Subscription purchase. Examples: Newsletter and most journal subscriptions.

c. Single-transaction license. Examples: Some software and most text CD-ROMs.

d. Serial-transaction license (usually where there is a flat fee for unlimited use). Example: Electronic subscription to a single title (this is different from item 1c above in that the license will often be renewed from year to year upon payment of fees).

e. Site licenses (these are generally also flat fees for unlimited use, but with a broader licensed community). Examples: Software licenses for whole companies, a package containing all electronic journals from a publisher for all members of a university community.

f. Payment per electronic use. Examples: Information resources paid for per search, per time online, or per article accessed.

2. Business models relying on advertising28

a. Combined subscription and advertising. Examples: Newspapers,

28One of the emerging controversies about the Internet is the relative long-term viability of advertising-supported business models as compared with transaction-based business models. See Caruso (1999).

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 180

consumer and business-to-business magazines, Web sites such as the Wall Street Journal, and America Online.

b. Advertising income only. Examples: Many Web sites and controlled circulation magazines.

3. "Free" distribution business models29

a. Free distribution (no hidden motive). Examples: Scholarly papers on preprint servers and software like Apache, available for free.

b. Free samples—the traditional notion of providing an introduction to the product. Example: A demonstration version of a software package, in the expectation that the customer will want a full, or more up-to-date, version.

c. Information goods for those who buy something else or have another income-producing relationship with the information provider. Example: Free browser software offered to increase traffic on an income-producing Web site.

d. Government information or other information in the public domain. Examples: Standards, economic data, statutes, and regulations.

e. Prestige/vanity/some start-ups. Example: Garage band wanting to get publicity for other services.

Intellectual Property Implications of Traditional Business Models

Models in the first category derive all revenue from fees for the product or service. Here revenues depend on the number of copies sold or licenses signed, making the rights holder more sensitive to illegal copying, piracy, and even fair use, to the degree that any of these replace the purchase of a copy. Success of a business model of this type depends, in part, on the producer's ability to control postsale copying.

Specifically, Models la (single transaction purchase) and 1b (subscription purchase) are outright purchases, with all of the first-sale and existing copyright implications as to fair use described in Chapters 3 and 4. Models 1c (single transaction license), 1d (serial transaction license), and 1e (site license), as licenses, are attempts to remove any ambiguity in the copyright law by creating an enforceable contract between the rights holder and the user. Such contracts may attempt to impose other desires

29The term "free" in quotation marks is used as a way of acknowledging that there are always costs associated with the products and services being given away, costs that must be paid somehow. Free software is paid for by the time of the individuals who create it; the cost of producing and distributing free samples is often built into the price of the full product; government information is paid for by taxes, and so on.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 181

of the rights holder through the terms in the contract. While nominally clearer, many licenses are frequently ignored, not understood, not known about by the end user, or otherwise fail to satisfy all parties. Model If (pay per use) is a fee for service that may be implemented through either sale or licensing models.

Business models that include advertising (Models 2a and 2b) add more balance to the revenue stream. Subscription prices are held down or eliminated because a large number of qualified recipients helps to ensure advertising revenues. Intellectual property concerns may be more related to illegal reproduction and framing—for example, it is important to ensure that users come to the rights holders' Web site so that advertisements are viewed by users as intended by the rights holders. There is less concern about unauthorized access when the sole income is from advertising. Many Web sites of this type require user registration as a way to identify viewers to advertisers but, for many others, simply counting page views or some other measure of traffic is sufficient.

In the free distribution business models (Models 3a through 3e), reproduction is generally not an issue: Except for the case where use of intellectual property is tied to the purchase of some other product, the information owner is clearly seeking as widespread a dissemination as possible by giving free access. The principal intellectual property concerns here relate to preservation of the integrity of the information, proper citation if someone else uses the information, and the prevention of commercial use of the material by unauthorized users.

Less Traditional Business Models

A variety of other business models have been explored in an attempt to confront the IP difficulties encountered in the digital world. Some of these are derived from models used for traditional products, while others appear to be unique to the world of information products. Eight of these less traditional business models are described below:

1. Give away the information product and earn revenue from an auxiliary product or service. Examples of auxiliary products: Free access to an online newspaper in exchange for basic demographic data; the revenue-generating auxiliary product is the database of information about readers. Free distribution of (some) music because it enhances the market for auxiliary goods and services associated with the artist (attendance at concerts, T-shirts, posters, etc.). Example of auxiliary service: The Linux operating system is distributed for free; the market is in service—support, training, consulting, and customization.

2. Give away the initial information product and sell upgrades. Example:

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 182

Antivirus software, where the current version is often freely downloadable; the revenue-generating product is the subsequent updates (along with support service).

3. Extreme customization—Make the product so personal that few people other than the purchaser would want it. Examples: Search engine output, personalized newspapers, and personalized CDs. MusicMaker will create a CD containing the tracks exactly in the sequence specified by a customer.30

4. Provide a large product in small pieces, making it easy to browse but difficult to get in its entirety. Examples: Online encyclopedias, databases, and many Web sites.

5. Give away digital content because it complements (and increases demand for) the traditional product. Examples: The MIT Press and the National Academy Press make the full text of some books and reports available online; this has apparently increased sales of the hard-copy versions.

6. Give away one piece of digital content because it creates a market for another. Examples: The Netscape browser was freely distributed in part to increase demand for their server software; Adobe's Acrobat Reader is freely distributed to increase demand for the Acrobat document preparation software.

7. Allow free distribution of the product but request payment (perhaps offering additional value in the paid-for version). Example: Shareware. Where shareware versions have time-limited functionality or are incomplete demonstration versions, this is quite similar to the "free sample" model above.

8. Position the product for low-priced, mass market distribution. Examples: Microsoft Windows ('95 and '98).

These examples illustrate that far more than immediate production costs enter into pricing decisions. They also demonstrate the trend of relating pricing and other decisions to efforts to develop relationships with customers.

Intellectual Property Implications of Less Traditional Business Models

These less traditional models all reduce the need for enforcement of intellectual property protection against reproduction. The first two do it by foregoing any attempt to generate revenue from the digital content, using it instead as a means of creating demand for services or physical

30MusicMaker is available at <http://www.musicmaker.com>.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 183

products, neither of which are subject to the replication difficulties or digital products. Giving away digital content as a complement to a traditional product works because reading information online is still awkward and because most people are not willing to print out a multi-hundred-page book.31 Selling upgrades relies on the relatively short shelf life of the original product; antivirus software is typically upgraded every 3 months. Extreme customization renders moot any need for enforcing IP protection, because only the original purchaser is interested in the product. Parceling out the product in small pieces simply makes it difficult to copy the entire product, in part restoring a barrier to infringement that comes naturally with physical products.

Giving away one digital product to promote another reduces the need for IP enforcement for the product given away, but it of course does little to reduce the need for IP enforcement for the charged-for product. One related strategy is to differentiate individuals from organizations. For example, Netscape and Adobe give away programs that individuals use, in order to sell the (more expensive) programs purchased by organizations. This approach takes advantage of the comparative ease of enforcing IP rights against organizations as compared to detecting and prosecuting infringement by individuals. It also capitalizes on the expectation that organizations may generate use that is valuable enough for them to pay for the product and recognizes that organizations also have processes and resources to comply more easily with IP laws and license agreements.

Free and low-cost mass market distribution are in the spirit of making the product cheaper to buy than it is to steal. It is worth noting that stealing an information product or service typically comes at a cost. An individual needs to expend the cost, time, and effort to obtain the product or service through infringing means and faces possible downstream costs such as refusal of technical support. When costs (i.e., the price to buy versus the total costs to steal) converge, the need for IP enforcement clearly diminishes.

Business Models as a Means of Dealing with Intellectual Property

As the variety of models above illustrates, business model design and selection can play a significant role in grappling with questions of IP protection. The choice of a model has significant consequences for the role that IP rights enforcement will play and, importantly, models are available that require far less enforcement. Hence, one approach to IP

31This situation, of course, may eventually change as a result of technological developments that improve the usability of online reading. One such ongoing effort is the activity surrounding electronic books.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 184

rights in a world where digital content is difficult to control entails selecting a business model that does not require strict control.

Relying on a business model rather than a technical protection mechanism may also offer some leverage with the difficulty described in Chapter 1. With the emergence of computers and networking into the mainstream of daily life, attempting to enforce IP rights increasingly involves the difficult task of controlling private behavior. Where IP enforcement has historically been an issue between corporations, and where it has historically regulated public acts, the vastly increased means and opportunity for using (and abusing) IP in the hands of individuals has led to increased concern with the private actions of individuals. Where such private actions of individuals are concerned, detection and enforcement is more difficult, making the law a less effective tool. Technical protection mechanisms may help in such circumstances by making illegal or unauthorized actions more difficult, but the selection of an appropriate business model can reduce the motivation for those actions in the first place.

There are, of course, limits to the applicability of these models. Some properties, such as first-run movies, are unlikely ever to be given away, simply because of their high value. In that case other means of dealing with IP issues become more relevant, such as technical protection mechanisms (e.g., as in DVD) or perhaps not making any digital versions of the intellectual property available to consumers.

In formulating a plan for the commercial distribution of intellectual property, then, the rights holder is well advised to consider all three factors: exploring what boundaries are set by the law, what technical protections are practical and cost-effective, and how the business model will produce revenue. The law sets the foundational context in which the other two must function, drawing the boundaries that specify both what legal protection exists against unauthorized reproduction, distribution, and use, and what limits there are on the rights holder's monopoly (e.g., provisions for public access or time limitations on the term of protection). Technical protection mechanisms and business models can then play complementary roles in grappling with the difficulties of distributing IP content in digital form, each capable of reducing the degree of "leakage" of the product.

All three factors interact. Technology influences the selection of a business model: Any technical protection mechanism has both cost and benefit; it costs the producer to implement and may produce nuisance value for the customer (as for example nonstandard floppies), but may also pay off in lower rates of illegal copying. IP law also influences business model selection, as, for example, the limited lifetime of copyright protection must be considered in developing the business model.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 185

And, in some cases, the selection of a business model may obviate the need for technical protection.

Selecting a business model for an information product is difficult in part because of the curious economics of information products. Appendix D discusses this in some detail; this section summarizes a few observations that have consequences in the marketplace and for the selection of a business model.

The duration of economic value varies over an extraordinary range, from a stock market quote (one minute or less) to a classic play (e.g., timeless Greek tragedies), but generally the economic value of most works is far shorter than the standard period of copyright protection. However, while duration of value is often short (sometimes fleeting), changes in value over time can be quite unpredictable. The novel Moby Dick was valueless when published; today's best-sellers may soon be. Today's news is valuable, yesterday's nearly worthless, while the news of 100 years ago is valuable again.

Curiously, there is value in both scarce information and in widely disseminated information. Scarcity confers obvious value. Consider the stock tip known by few others. But wide dissemination of information can produce value as well. Consider network effects in software, where the value of a program increases as more people use it, particularly as it approaches the status of a standard.

For digital information products, there are large first-copy costs and almost negligible production and distribution costs. Particularly in the absence of IP protection, this can produce a very sharp decline in product value over time, as it becomes an easily copied commodity.

A few generalizations are available about selecting business models to deal with IP issues. As a general observation, business models in which intellectual property can be widely disseminated at low cost are more successful in addressing intellectual property problems than are businesses that rely on higher prices and a small number of units distributed. The reasons are straightforward: If the cost of reproduction or piracy is high relative to the cost of acquiring the work legitimately, intellectual property problems will be less serious. Examples include newspapers, magazines, and paperback books.

More interesting, perhaps, is finding ways to permit low-cost distribution. The mass communication media have been the most successful because they make use of advertiser support to cover most or all of the cost of production and distribution, a model widely adopted on the Web. The use of rental markets as in videos (and formerly books) works well where such markets are feasible. The use of intellectual property to promote the use of other products (e.g., free browsers to promote Web traffic)

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 186

is one of the few successful models available of widespread distribution of a digital information product for (very) low cost.32

It is no wonder that the ones most concerned about protection are the producers of intellectual property of high value that is distributed in relatively small quantities. Many high-end professional software packages, for instance, still require a dongle for use, and providers of specialized business information frequently use intranets and extranets protected by passwords in order to keep control of their content.

There is reason to approach doing business on the Web or in other electronic forms with some optimism, for there are a variety of business models to consider. As pointed out by Shapiro and Varian (1998), the goal for commercial information creators and owners is to maximize revenues, not protection. Business models will continue to evolve with the maturation of digital products; their careful design and selection may help to create effective ways to do business in the information world.

Illegal Commercial Copying

The U.S. industries that produce and sell copyrighted products constitute a significant part of the U.S. gross domestic product (GDP) and trade with other nations. It is therefore not surprising that the affairs of these industries and the issues they are concerned with attract considerable attention. One of these issues is the definition of illegal copying and the enforcement of the rules against it. A particular focus is illegal commercial copying—piracy.33 Extensive data are collected and information reported under the auspices of the International Intellectual Property Association (IIPA) and its constituent member trade associations, including

32The model has not been uniformly successful of course. Despite vast numbers of MP3 files that have been downloaded and traded, there is as yet little systematic evidence that this has benefited more than a very few of the artists in question through increased CD sales.

33A briefer at the committee's July 9, 1998, meeting cited her favorite example:

This very cheesy CD, which costs $10 in Hong Kong, includes Windows '95, Office Professional, Microsoft Project, Microsoft Money, Microsoft Works, Norton Antivirus, Norton PCAnywhere, Omni Page, Quark Xpress, Photoshop, Pagemaker, Netscape Communicator, Front Page, Internet Explorer, NetObjects Fusion, Internet Phone, Eudora, McAfee Virus Scan, WinFaxPro, and Winzip Final. All for ten bucks. The street price [the selling price that most customers pay for a product] for this collection of software was $4,415 at the Egghead Online Store.

Even though some of the programs on this list are available for free (e.g., WinZip, Netscape Communicator, Internet Explorer), the prices quoted by a major discount software supplier for the rest still totaled over $4,000 in July 1999.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 187

the Association of American Publishers (AAP), American Film Marketing Association (AFMA), Motion Picture Association of America (MPAA), National Music Publishers Association, (NMPA), Business Software Alliance (BSA), Interactive Digital Software Association (IDSA), and Recording Industry Association of America (RIAA), as well as industry trade associations outside of the IIPA, such as the Software and Information Industry Association (SIIA).34

These trade associations and other groups representing rights holders publish figures intended to demonstrate the huge dollar cost of infringement of U.S. IP rights that occurs both domestically and abroad. These figures are invariably impressive and are often cited as authoritative in newspaper articles or congressional hearings. The total contribution to the GDP of the United States represented by the copyright industries and the potential economic significance of global copyright infringement that detracts from these industries are substantial and disturbing. For example, in one widely publicized IIPA report published in 1998, it was estimated in 1996 that the total (not just core) copyright industries accounted for $433.9 billion in value added, or 5.68 percent of the U.S. GDP, and that those industries employed over 6.5 million people, or 5.2 percent of the U.S. workforce.35 In 1996, the core copyright industries alone were estimated to account for $278.4 billion of the U.S. GDP, 3.65 percent of the total.36 The IIPA estimates U.S. losses due to foreign piracy for the core copyright industries to be approximately $12.4 billion annually; losses resulting from domestic piracy make the total even greater.37

Notwithstanding the extensive amounts of data and information made available by these trade associations, some committee members believe there are reasons to question the reliability of some of the data claiming to measure the size of the economic impact of piracy. The com-

34The Web sites of many of these organizations contain both extensive statistical data on copyright infringement and a description of the methodology utilized to generate their estimates of piracy rates and economic loss (e.g., IIPA data, at <http://www.iipa.com/homepage_index.html>; AAP data, at <http://www.publishers.org/home/issues/index.htm>; AFMA data, at <http://www.afma.com>; MPAA data, at <http://www.mpaa.org/anti-piracy/content.htm>; NMPA data, at <http://www.nmpa.org>; BSA data, at <http://www.bsa.org>; IDSA data, at <http://www.idsa.com/piracy.html>; RIAA data, at <http://www.riaa.com/newtech/newtech.htm>; and SIIA data, at <http://www.siia.net>.

35The "core" copyright industries are those that create copyrighted products, whereas the wider set of "total" copyright industries includes those that distribute or depend on copyrighted products. Some members of the committee have expressed skepticism about the accuracy of balance of trade statistics, fearing they may be influenced by political agendas. However, even if somewhat overstated, there is no doubt that the copyright industries' export value makes a significant positive contribution to the balance of trade.

36See <http://www.publishers.org/home/press/iipa.htm>.

37See <http://www.iipa.com/html/piracy_losses.html>.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 188

mittee considers here some of the issues that arise in collecting and analyzing such data, in part to inform the reader about those issues, and in part as the basis for a recommendation about how such information might reliably be assembled and analyzed. In exploring these issues, the committee takes a strictly economic view, focusing on profits lost from piracy. Lost profits are not the only cost of piracy, nor are the economic consequences the only rationale for enforcing antipiracy laws. But the figures widely circulated by trade organizations are intended to be economic analyses of profits lost, hence it is appropriate to explore these figures and their methodology from a strictly economic viewpoint.

One concern is that those who read figures of the sort found in the IIPA report may infer that all or most of the copyright industries' contribution to the GDP depends on copyright policy that protects works to at least the current degree and that perhaps the contribution now requires still greater copyright protection as a consequence of digital information and networks. However, within the economics community, the specific relationship between the level of IP protection and revenue of a firm in the copyright industries is unclear.38

A second problem is the accuracy of estimates of the costs of illegal copying. A number of difficulties arise here. One difficulty is that the needed data have to be based on extrapolation from very limited information, because illegal sales and distribution are frequently private acts. A second difficulty is determining the extent to which illegal copies are displacing sales. One widely quoted study, by the SIIA, estimates the number of illegal copies and then derives the net loss to the industry by assuming that each illegal copy displaces a sale at standard market prices39 (other studies appear to rely on more complex formulations). This approach is problematic because it is unlikely that each illegal copy displaces a sale at the market price (some people will buy at the pirate price but not the legal market price) and because it estimates reduction in gross revenues rather than net loss to the copyright industries (see Box 5.4). Consequently, these estimates may be taken to represent an upper bound on the reduction in gross revenues by these industries.

There is, as shown in Box 5.4, disagreement about the economic impact of piracy on the copyright industries. It is clear, however, that there

38See, for example, Shy (1998) and the works cited in that article.

39Testimony at the July 9, 1998, committee meeting by a representative of the Software Publishers Association (now SIIA) indicated that they did this when calculating piracy estimates. In addition, the BSA/SIIA's 1999 Global Software Piracy Report indicates that this is still the approach: "By using the average price information from the collected data, the legal and pirated revenue was calculated. This is a wholesale price estimate weighted by the amount of shipments within each software application category" (p. 12). Pirate revenue is then taken to be equivalent to a loss to the legal sellers.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 189

BOX 5.4
Estimating Losses from Piracy

The economic significance of pirating to rights holders is appropriately measured by the net ioncome lost by rights holders as a consequence of reduced sales of legal copies. As suggested in the text, some of their methodology. A variety of problems arise:

• The loss to rights holders is not equal to the street price; it is instead the fraction of the wholesale price that represents pretax profits and royalties to the manufacturers, producers, and talent whose incomes depend on the number of authorized sales. Other aspects of manufacturing and distribution costs are just that—costs that the industry avoids if fewer copies are sold (though these costs may be small compared with the cost of original production and distribution). While piracy creates economic consequences for individuals other than rights holders, such as the loss of profits by retailers and sales tax revenue for government, the net loss due to each of these is a small fraction of the gross sales price of copyrighted products.1

• The number of additional authorized copies that would be sold is not equal too the number of illegally duplicated copies. Pirates typically sell their wares at prices substantially discounted from street prices; the substantial price discounts induce some people to purchase the product who would not otherwise do so. In addition, some unauthorised copies are produced for noncommercial reasons (e.g., making a copy for a friend). There is a substantial difference between getting a copy for free from a friend and having to pay the street price; hence some of these copies would not be purchased if the consumer had to pay something approximately the street price.

• Street prices are affected by the extent of illegal commercial copying. The availability of inexpensive, high-quality illegal copies to the extent that some users buy illegal copies instead of legal ones. Interestingly, the effect on the street price of legal copies can either be positive or negative. The street price will rise if most price-sensitive consumers switch to illegal copies while the price-insensitive consumers do not. The resulting market for legal copies will have less price-sensitive demand, thereby causing the manufacturer's profit-maximizing price to increase, which partially offsets the reduction in sales attributable to piracy.2

• By contrast, the street price will fall if consumers do not differ very much in price sensitivity. In this case all consumers are equally likely to buy from a pirate if given a chance, so that the effect of piracy is to make the demand for legal copies more price elastic.3 If demand is more elastic, the profit-maximizing monopoly price falls and the proper calculation of the loss of the rights holders must include

1Retail profits are approximately 2 percent of retail prices, and studies of tax incidence indicate that about half of the producers rather than consumers.

2"Elasticity" is the precise term in economics for price sensitivity.

3"Consumers" here is taken in the purely economic senses, aside legal and ethical questions for the moment.

continued

(text box continued on next page)

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 190

(text box continued from previous page)

BOX 5.4 Continued

profits lost on legally sold copies (because piracy forced the price down), as well as profits lost from pirated copies.

• Assigning that the extent of unauthorised copying can be estimated with reasonable accuracy—a nontrivial assumption—one should not assume that all unauthorised copies are illegal and, hence, represent piracy. The proper scope and legal definition of illegal copying is a matter of some disagreement and controversy, so different parties produce different estimates of this number. For example, most authorities agree that it is legal to make a backup copy of software (in case the original is damaged or destroyed). More controversial is whether is consumer can legally copy material for multiple uses, such as making a copy of a videotape they own in order to have a copy for personal use near each of two VCRs in their houses.4 Different opinions on the legally of these actions leads to different statistics on the extent of and hence economic consequences of piracy.

• This preceding analysis provides an appropriate foundation for building an estimate of the loss of profits from illegal copying. One first calculates the profit per unit sale for products in the absence of any illegal duplication (call it P), and then multiplies it by the number of unit sales (S) to derive the total profit for rights holders under no piracy (T=P×S).5 Then, one adjusts the net profit per unit of sale to account for price changes because of illegal copying (P), and multiplies this number by the new number of legal copies sold (S) to derive the total profit for rights holders with piracy occuring (T'=P'×S'). The difference between these numbers (T-T) id the basic profit lost to rights holders from illegal duplication.

• Additional profit losses can also accrue. The expectation of illegal copying may cause some products not to be marketed at all, because the manufacturer does not believe that legal sales would be sufficient to recover the costs of production and distribution. In this case the loss to rights holders is the profits and royalties that would have been earned had the product been created and brought to market. Consumers also suffer a cost in this situation, equal to the difference between the value they would have placed on this product less the price they would have paid for it.6

4The 9th Circuit court decision in Recording Industry Association of America v. Diamond Multimedia Systems in June 1999 gave recognition in passing to the notion of "space-shifting" of music for personal use (i.e., an individual making a copy of a legally owned musical work in order to use the copy in a different place). No such position is currently on record for videos.

5By substituting "royalty" for "profit," one can derive analogous numbers for creators.

6There are of course also losses from piracy that do not (directly) concern profits. Counterfeits, for example, result in a loss of reputation for the author whose work has been copied. Counterfeit copies of movies can degrade the reputation of the movie maker in the eyes of viewers who sees those badly made copies, while counterfeit softwares can result in harm to the reputation of the software maker when the unsuspecting purchaser is denied technical support. Here we are concerned solely with lost profits and their appropriate measurement, as such figures are the focus of reports widely circulated by trade organizations.

NOTE: Several committee members who earn their livelihoods in the copyright industries believe strongly that although the text in this box may reflect economic theory, it does not reflect the realises of their industry. For example, no motion picture distribution would reduce the terms of its licenses to theatres because pirated videos were on the street.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 191

are significant losses that, if avoided, might result in increased production. It is also clear that uncontrolled digital dissemination could have very serious repercussions for the copyright industries.

A number of committee members conclude that, despite the extensive statistics available, there is a paucity of reliable information of the quality that might be generated if the subject were investigated by a disinterested third party. They conclude that such information is sorely needed.

However, even given the caveats above concerning methodology, the committee believes that the available information suggests that the volume and cost of illegal copying is substantial.

Although this section is concerned with the economics of piracy, the committee also believes that, regardless of whether the extent of illegal copying is financially significant to all industries that produce copyrighted products, the laws against illegal copying should be strictly enforced. Economic harm, after all, is not the only reason for enforcing copyright protection (or any other law with economic consequences). In a 1983 address and article, "The Harm of the Concept of Harm in Copyright," David Ladd, then the United States Register of Copyrights, expressed the following view: "The notion of economic 'harm' as a prerequisite for copyright protection is mischievous because it disserves the basic constitutional design which embraces both copyright and the First Amendment." Mr. Ladd argued for recognition of the fact that copyright protection is a sine qua non of a civilized society and, accordingly, merits recognition independent of economic impact.

This view is not unanimously endorsed by the committee, as some committee members believe that the constitutional basis for intellectual property protection in authorizing laws was meant to encourage strictly instrumental purposes. Even so, the committee as a whole recognizes that many creators believe that their works, as expressions of their individuality, deserve to be protected and controlled by rights holders, quite independent of the economic consequences. Because people differ in the weight they give to this argument, the committee believes that copyright policy will never be resolved solely by appeal to facts about its economic effects.

Despite the difficulty of finding a universally accepted copyright policy, the committee believes that it is important to conduct research in an attempt to better assess the social and economic impact of both commercial illegal copying for profit and noncommercial personal-use copying.40 The committee believes that reducing the current state of uncer-

40The rationale for greater research on noncommercial copying for personal use is discussed in Chapter 4. The issue is raised here because the two spheres interact. For example, social norms and the easy availability of other copying alternatives (e.g., from a friend) affect an individual's likelihood of purchasing an illegal commercial copy.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 192

tainty about the impact of these various phenomena will be important to policy makers and entrepreneurs. Clearly, there are multiple phenomena at work in both the commercial and noncommercial copying spheres, and perhaps there are differing behaviors among different demographic groups, geographic locations, and, perhaps, even cultures.41 These multiple phenomena may include how much the difficulty of making the illegal copy affects the frequency of copying, the effect on consumer decision making of the price and availability of legitimate copies, the personal sense of the moral or ethical dimensions of the copying involved, the degree of law enforcement or legal scrutiny directed at the behavior, peer group or social opprobrium or encouragement, and so on. Society needs to understand better what these multiple phenomena are and how they operate in the real world, so that appropriate responses can be formulated.

The Impact of Granting Patents for Information Innovations

Historically, information innovations have been excluded from the purview of patent law, based on a notion that Congress had meant for only industrial processes to be patented. Documents were deemed unpatentable, as were improved ways for calculating, organizing information, and managing organizations. However, a great deal has changed in recent years, and it seems that nearly all information innovations may now be patented, as long as they meet the patent law's requirements for novelty, nonobviousness, and utility and can be precisely defined in claims.

Computer software was the first digital information product to challenge the traditional interpretation of patent concepts because of its dual nature as both a literary work (the textual source code) and a machine (i.e., a useful device). Programs have a dual nature because they are textual works created specifically to bring about some set of behaviors. They have been characterized as "machines whose medium of construction happens to be text" (Samuelson et al., 1994).42

The "printed matter" and "mental process" rules were initially invoked to deny patent protection to computer software, as on occasion was the "business method" rule. In its 1972 Gottschalk v. Benson decision, the U.S. Supreme Court ruled that an innovative method for transforming binary coded decimals into pure binary form could not be patented, even

41For example, see Chapter 1, Box 1.6, "A Copyright Tradition in China?"

42See Intellectual Property Issues in Software (CSTB, 1991b) for a greater articulation of the issues and implications concerning the use of the patent regime for software.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 193

though the patent applicant intended to carry out the method by computer and one of the two claims before the Court was limited to computer implementations.43 Drawing on the "mental process" line of cases, the Supreme Court announced that mathematical algorithms could not be patented. One factor that clearly disturbed the Court about the prospect of patenting the Benson algorithm was that a patent would preempt all uses of it, including apparently the teaching of it. In 1978, the Supreme Court in Parker v. Flook denied patent protection for an algorithm useful for calculating "alarm limits" (i.e., dangerous conditions) for a catalytic converter plant.44 The Court did not think that this algorithm, any more than the Pythagorean theorem or any other purely mathematical method, could become patentable merely because it might be applied to a particular useful end.

The turning point in the long struggle over patents for information inventions came with the Supreme Court's 1981 decision in Diamond v. Diehr, which upheld the patentability of an improved rubber curing process, one step of which required a computer program.45 Because Diehr involved a traditional technological process and had so deeply divided the Court, patent administrators and the courts continued to struggle over how broadly to construe the Diehr decision.

In the late 1980s, the tide turned in favor of patents for computer-program-related inventions because of their technological character. Source code listings might still be regarded as unpatentable under the printed matter rule, but as soon as a program has been put in machine-readable form, recent precedents would seem to regard it as patentable subject matter.

Most recent program-related patents are, however, for more abstract design elements of programs. In the late 1980s and through the 1990s, it became increasingly common for courts to uphold patents for data structures, applied algorithms, information retrieval, and business methods carried out by computer programs. The denouement of the legal controversy over software-related patents in the courts and in the U.S. Patent and Trademark Office (PTO) may be the U.S. Supreme Court's decision in early 1999 not to review the State Street Bank decision. The Court upheld a patent attacked on grounds that the claims covered an algorithm and a business method. However, patents continue to be controversial in the information technology industry (Box 5.5).

In State Street Bank and Trust Co. v. Signature Financial Group, the U. S. Court of Appeals for the Federal Circuit issued an opinion that has been

43Gottschalk v. Benson, 409 U.S. 63, 34 L. Ed. 2d 273, 93 S. Ct. 253 (1972).

44Parker v. Flook, 437 U.S. 584, 57 L. Ed. 2d 451, 98 S. Ct. 2522 (1978).

45Diamond v. Diehr, 450 U.S. 175, 67 L. Ed. 2d 155, 101 S. Ct. 1048 (1981).

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 194

BOX 5.5
SightSound.com

There is an interesting between the controversy surrounding the practice of parenting Internet business models and the uploading and downloading of musical recordings in digital formats, including MP3. An internet multimedia distributor, SightSound.com, has claimed that two parents it holds (U.S. Patent 5,191,573 filed in 1990 and granted in 1993, and Patent 5,875,734 filed in 1996 and granted in 1997) cover the digital distribution of audio and video recordings. SightSound has claimed that its ownership of the patents for the sale and distribution of the music and video content over the internet gives it the right to prevent any third party from exploiting a business model involving the selling, via download, of digital content sound files. SightSound has sent legal demand notices claiming that its patents "control, among other things, the sale of audio video recordings in download fashion over the Internet," and demanding that digital music site, such as MP3.com, Platinum Entertainment, Amplified.com, and GoodNoise Corp. (now Emusic, Inc.), enter into patent licenses with SightSound that would give SightSound a royalty of 1 percent of the price per transaction, as charged to the customer, for all such Internet sales AT&T's a2b Music has reportedly already entered into such a patent license with SightSound.The chief technology officer of AT&T's a2b Music has stated, "We licensed our technology to them, and as part of that deal we protected ourselves against patent claims. This whole area of patenting Internet business models is becoming scrutinized. I have trouble seeing how an auction on the Internet could get a patent." Currently, SightSound has sued music site NK2, Inc., for alleged patent infringement.The Recording Industry Association of America, through its spokesperson Lydia Pelliccia, has stated, "The validity of the patents is certain to be challenged."

In an interesting intersection between patent law and the concerns of copyright proprietors about the protection of content in cyberspace, SightSound has suggested that the enforcement of its patents could aid copyright owners in other protection efforts such as the Secure Digital Music Initiative. In the patent infringement claim letters that SightSound has recently sent out, it has demanded that "if [MP3.com] does not become an authorized licensee, it must immediately cease and desist from selling music, or other audio recordings over the Internet in download fashion," thus using patent infringement claims to "enforce" the potential claims of music copyright owners for contributory or vicarious copyright infringement (Lemos, 1999; Business Wire, 1999a,b).

widely regarded as vastly increasing the scope of patent protection available for software,46 and which led the PTO to begin issuing a number of quite broad patents covering methods for conducting business. In the State Street case, the patent in question covered a "hub and spoke" com-

46State Street Bank and Trust Co. v. Signature Financial Group, 149 F.3d 1368, 47 U.S.P.Q.2d 1596 (Fed. Cir. 1998).

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 195

puterized business system, which allowed mutual funds (spokes) to pool their assets into an investment portfolio (the hub). The court held that the calculation by a machine of a mathematical formula, calculation, or algorithm is patentable if it produces a "useful, concrete and tangible result." In reaching this conclusion, the court rejected what it termed "the ill conceived [business method] exception" to patentability.

Patents that were issued in the wake of State Street that attracted widespread public attention include Patent No. 5,794,210, which was issued to an online Internet marketing company, Cybergold, and covers the practice of paying consumers to view advertisements on the Internet. Other examples include a patent issued to Priceline.com covering reverse sellers auctions (which allow potential purchasers to specify the various items they wish and terms on which they are willing to purchase and then allows Priceline to find a seller) and a patent issued to cover a method for embedding Web addresses in e-mail and news group postings (see Box 5.6).

The effects of this substantial de facto broadening of patent subject matter to cover information inventions are as yet unclear. Because this expansion has occurred without any oversight from the legislative branch and takes patent law into uncharted territories, it would be worthwhile to study this phenomenon to ensure that the patent expansion is promoting the progress of science and the useful arts, as Congress intended.

There are many reasons to be concerned. There is first the concern that the U.S. Patent and Trademark Office lacks sufficient information about prior art in the fields of information technology, information design, and business methods more generally to be able to make sound decisions about the novelty or nonobviousness of claims in these fields.47

47On August 31, 1993, the PTO issued U. S. Patent Number 5,241,671 for a multimedia search system to Compton's NewMedia. Not long after the patent was issued, Compton's announced at the Comdex trade show in the fall of 1993 that it had acquired the patent and intended to enforce it and to collect royalties and licensing fees from independent and third-party multimedia developers who utilized a multimedia search system claimed in the Compton's patent. On December 17, 1993, the Commissioner of Patents and Trademarks, in the wake of numerous multimedia developers' complaints about the Compton's patent, took the fairly unusual step of requesting reexamination of the patent. Third parties submitted new prior art references to assist the PTO in determining whether there was a substantial question as to the patentability of the 41 claims granted under the patent. The PTO's examination concerned the issue of whether the 41 claims filed in the patent application were novel and not obvious to someone skilled in the relevant art. The PTO concluded that Compton's claimed inventions had been disclosed or taught in prior art references, and, accordingly, on November 9, 1994, the PTO issued a press release announcing it had formally canceled all 41 claims granted in the Compton's patent. Many commentators believe the Compton's case strongly underscores their concerns regarding the qualifications of the PTO to effectively evaluate prior art in the information technology field.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 196

BOX 5.6
Cybergold and Princeline.com

Nate Goldhaber, the founder and CEO of Cybergold, describes the inspiration behind the company by saying, "The fundamental premise of our company is that attention is valuable commodity. With literally millions of pages on the Web and hundreds of advertisements vying for people's attention, attention is one of the Internet's great acarcities. Cybergold allows marketers to pay consumers directly for their time and active attention." In its most basic terms, Cybergold is a Web site that has registered over 1 million "members," who can earn cash and enter sweep-stakes by visiting Web sites, trying free products, signing up for services, playing games, purchasing goods, and more. Cybergold holds a number if U.S. patents, including U.S.Patent 5,794,210, issued August 11, 1998, which covers a system "which provides the immediate payment to computer and other users for paying attention to an advertisement or other 'negatively priced' information distributed over a computer network such as the internet.... This is the business of brokering the buying and selling of the 'attention' of users.... Private profiles may be maintained for different users and user information may be released through advertisers and other marketers only based on user permission. Users may be compensated for allowing their information to be released."

Priceline.com is a Stamford, Connecticut-based Web site launched in April 1998, consisting of a buying service through which consumers name the price they are willing to pay for goods and services ranging from airline tickets to automobiles. The company holds U.S.Patent No. 5,794,207, which covers a system that lets buyers name their price for goods and services while sellers decide whether or not to accept the offers. Priceline.com's name-your-price service for leisure airline tickets sold more than 100,000 tickets between its launch in April 1998 and the end

(text box continued on next page)

A related concern is the insufficient number of adequately trained patent examiners and inadequate patent classification schemata to deal with this new subject matter. The success of the patent system in promoting innovation in a field depends on the integrity of the process for granting patents, which in turn depends on adequate information about the field. Serious questions continue to exist within the information technology field about the PTO's software-related patent decisions. A number of legal commentators have pointed out that allowing these kinds of patents potentially makes concepts, not technology, the protectable property of the patent holder, "allow[ing] virtually anything under the sun to win patent protection."48

48See, for example, Goldman (1999), Scheinfeld and Bagley (1998), Sandburg (1998), and Sullivan (1999).

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 197

(text box continued from previous page)

of 1998.1 A second name-your-price service for hotel rooms is now available in approximately 200 U.S. cities,2 as well as name-your-price service for all-cash new car buyer in the New York metropolitian market. The company has announced plans to launch name-your-price home mortgage services and to branch out into vacation packages and other online financila services.

Priceline launched an initial public offering (IPO) in March 1999, at one point reaching a market capitalization in excess of $18.5 billion. Like other highly sought-after IPOs for Internet start-ups, much of the perceived value of the company has no earnings in September 1999, Cybergold conducted an initial public offering (Bauman, 1999).3

1In September 1999, priceline proposed the expansion of their business to include groceries (Wingfield, 1999)

2In September 1999, Expedia, Microsoft's travel site, beingallowing customers to name their price on hotel rooms (Wolverton, 1999). In October 1999, October 1999, Priceline initiated patent infringement litigation against Microsoft (Bloomberg News, 1999)

3Othewr noteworthy patents that have been issued in recent years, and which arguably illustrate the general expansion of patent protection for software and Internet business methods, include the following patents and patent holders; Amazon.com (U.S Patent Number5,727,163)(covering secure method for communicating credit card data when placing an order on a nonsecure network); juno Online (U.S Patent Number 5,848,397) (covering method and apparatus for scheduling the presentation of messages to computer users); Egendorf (U.S Patent Number 5,794,221) (covering Internet billing method); The AG Group (U.S Patent Number 5,787,253) (covering apparatus and method of analyzing Internet activity); Interactive Media Works (U.S Patent Number 5,749,075) (covering method of analyzing Internet activity); Interactive Mdeia Works (U.S Patent Number 5,749,075) (covering method for providing prepaid Internet access and/or long-distance calling, including the distribution of specialized calling cards); and Excite (U.S Patent Number 5,577,241) (covering information retrieval system and method with implementation extensible query architecture).

Second, the tradition of independent creation in the field of computer programming may run counter to assumptions and practices associated with patents as they are applied to its traditional domains. When someone patents a component of a manufactured system, for example, it will generally be possible for the inventor to manufacture that component or license its manufacture to another firm and reap rewards from the invention by sale of that component. Rights to use the invention are cleared by buying the component for installation into a larger device.

But there is little or no market in software components. Programmers routinely design large and complex systems from scratch. They do so largely without reference to the patent literature (partly because they consider it deficient), although they generally respect copyright and trade secrecy constraints on their work. With tens of thousands of programmers writing code that could well infringe on hundreds of patents with-

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×

Page 198

out their knowing it, there is an increased risk of inadvertent infringement.49 An added disincentive to searching the patent literature is the danger that learning about an existing patent would increase the risk of being found to be a willful infringer. The patent literature may thus not be providing to the software world one of its traditional purposes—providing information about the evolving state of the art. Much the same could be said about the mismatch between patents and information inventions in general.

Third, although patents seem to have been quite successful in promoting investments in the development of innovative manufacturing and other industrial technologies and processes, it is possible that they will not be as successful in promoting innovation in the information economy. One concern is that the pace of innovation in information industries is so rapid, and the gears of the patent system are so slow, that patents may not promote innovation in information industries as well as they have done in the manufacturing economy. The market cycle for an information product is often quite short—18 months is not unusual; thus, a patent may well not issue until the product has become obsolete. If information inventions continue to fall within the scope of patents, then, at a minimum, the patent cycle-time needs to be improved significantly. Patent classification systems for information innovations may also be more difficult to develop and maintain in a way that will inform and contribute to the success of the fields they serve.

One final reason for concern is that developing and deploying software and systems may cease to be a cottage industry because of the need for access to cross-licensing agreements and the legal protection of large corporations. This in turn may have deleterious effects on the creativity of U.S. software and Internet industries.

49This is in contrast to the copyright framework, where infringement requires a demonstration that some (conscious or unconscious) plagiarism has occurred. For example, independent creation is a defense. Two people could write original but very similar stories (or programs) independently; both would be copyrightable, and neither would infringe upon the other, because the standard for copyright protection is originality, not novelty. Thus an author is not responsible for knowing the entire corpus of literature still within copyright so as not to infringe on it.

Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 152
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 153
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 154
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 155
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 156
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 157
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 158
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 159
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 160
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 161
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 162
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 163
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 164
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 165
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 166
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 167
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 168
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 169
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 170
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 171
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 172
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 173
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 174
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 175
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 176
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 177
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 178
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 179
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 180
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 181
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 182
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 183
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 184
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 185
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 186
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 187
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 188
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 189
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 190
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 191
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 192
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 193
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 194
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 195
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 196
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 197
Suggested Citation:"5 Protecting Digital Intellectual Property: Means and Measurements." National Research Council. 2000. The Digital Dilemma: Intellectual Property in the Information Age. Washington, DC: The National Academies Press. doi: 10.17226/9601.
×
Page 198
Next: 6 Conclusions and Recommendations »
The Digital Dilemma: Intellectual Property in the Information Age Get This Book
×
Buy Paperback | $75.00 Buy Ebook | $59.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Imagine sending a magazine article to 10 friends-making photocopies, putting them in envelopes, adding postage, and mailing them. Now consider how much easier it is to send that article to those 10 friends as an attachment to e-mail. Or to post the article on your own site on the World Wide Web.

The ease of modifying or copying digitized material and the proliferation of computer networking have raised fundamental questions about copyright and patent--intellectual property protections rooted in the U.S. Constitution. Hailed for quick and convenient access to a world of material, the Internet also poses serious economic issues for those who create and market that material. If people can so easily send music on the Internet for free, for example, who will pay for music?

This book presents the multiple facets of digitized intellectual property, defining terms, identifying key issues, and exploring alternatives. It follows the complex threads of law, business, incentives to creators, the American tradition of access to information, the international context, and the nature of human behavior. Technology is explored for its ability to transfer content and its potential to protect intellectual property rights. The book proposes research and policy recommendations as well as principles for policymaking.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!