Introduction
Over the last few years, many authors have written about how DRM privatizes and replaces copyright law, how it undermines copyright limitations, threatens the interests of users and the public at large and inhibits creativity and innovation by unjustly extending intellectual property protection. Although the author shares many of these concerns, it is important to realize that DRM technology is much more flexible and plastic than some DRM critics acknowledge.

An emerging scholarship therefore does not take DRM systems as given constants that are exogenous to the policy process, but asks how DRM systems could be altered in a value-centered design process so that important policy and legal values are preserved. While the idea to shape technology in order to accommodate it with public values is an old one, it has only recently been seriously applied to DRM. This article provides a short overview of this emerging scholarship. As will be described below, examples of such scholarship may be found at the intersection of technology and copyright law, privacy law and competition policy.

DRM and copyright limitations
DRM has been severely criticized for overriding various copyright limitations and for protecting content providers at the expense of legitimate interests of users and the public at large. Although this may be true for many current commercial DRM implementations, it is questionable whether such effects are inherent in the concept of DRM or whether they are just the outcome of a particular kind of implementation of DRM technologies. Four examples may illustrate this point.

Rights expression languages (REL) and rights messaging protocols (RMP)
First, whether a DRM system respects fair use and other copyright limitations or not depends on the design of its rights expression language (REL) and the supporting rights messaging protocol (RMP). Rights expression languages enable a DRM system to express a rich set of usage rules in machine-readable metadata that may be attached to content. With rights expression languages such as XrML, the permission to copy, delete, modify, embed, execute, export, extract, annotate, aggregate, install, backup, loan, sell, give, lease, play, print, display, read, restore, transfer, uninstall, verify, save, obtain, issue, possess, and revoke content may be expressed in a machine-readable form. If fair use privileges and other legitimate interests of information users cannot be expressed in an REL, such interests simply do not exist within the system. Therefore, it is of utmost importance that RELs include semantics to express not only the interests of creators and rights holders, but also of information users. In a paper from 2002, Deirdre Mulligan and Aaron Burstein from the UC Berkeley outlined changes to XrML that would create such a "symmetric" REL.

A DRM system does not only have to be able to express a wide array of rights in its rights expression language. In order to enable bi-directional negotiations between rights holders and users about which rights should be granted under which conditions, a DRM system also has to include rights messaging protocols (RMPs) that support such bi-directional negotiations. Most current DRM systems do not allow the users to engage in extensive negotiations about usage rights. Although general electronic commerce systems that enable negotiations between contracting partners have existed for some time, researchers have only recently begun to develop DRM systems with such functionality.

Currently, it is unclear how to distribute the technological components that are required for symmetric DRM systems between the REL and the RMP. While some researchers attempt to integrate much functionality into the REL, others contend that such functionality should be located exclusively in the RMP. In general, research in this area is still very scarce. It is also quite complex since it requires intensive interaction between technologists and lawyers and, in the case of RMPs, transcends the traditional borders of DRM research.

Fair use infrastructure
Second, in an article from 2001, Dan Burk from the University of Minnesota and Julie Cohen from Georgetown University proposed, among other things, a ‘fair use infrastructure‘. According to their ‘key escrow‘ proposal, beneficiaries of copyright limitations could turn to external third parties in order to receive decryption keys for DRM-protected content so that they could benefit from copyright limitations. This is another example of an attempt to alter the design of a DRM architecture in order to solve the tension between DRM and copyright limitations on a technological level. It is interesting to note that this proposal has some similarities to the relationship between technological protection measures and copyright limitations as regulated by Article 6 (4) of the European Copyright Directive of 2001.

Authorized domain architectures
Third, DRM systems will increasingly include a so-called ‘authorized domain‘ (sometimes also called ‘family domain‘; a related concept is called ‘rights locker architecture‘). The idea behind such architectures is to enable consumers to access content not only from one particular device, but from a number of devices they own. If a consumer acquires a music file, for example, he may then listen to the music not only on his MP3 player, but is also allowed to copy it to his hi-fi system, car radio or mobile phone. In an authorized domain approach, compliant devices are organized into home content delivery networks where legally acquired digital content can freely be played by any device part of the network. In such an architecture, digital rights are made portable among various platforms as permissions to use content are no longer bound to a particular device the consumer owns, but to the consumer himself.

Authorized domain architectures are an attempt to approximate a DRM environment to copyright limitations. They are an example of how engineers respond to consumer expectations and legal values enshrined in copyright laws. Of course, authorized domain architectures have their own problems and they are not a perfect solution to translate copyright limitations into the digital realm. However, they are an example of a value-centered design process that attempts to take extra-technological values into account while a DRM architecture is designed.

Digital Media Project
The Digital Media Project, which was started by Leonardo Chiariglione in summer 2003, attempts to lay the technical foundations of a successful digital media environment that respects the interests of creators, rights holders, consumers and various value-chain players. One part of the project includes the identification and specification of “rights and usages” which consumers have traditionally enjoyed in an analog media environment and which should also be expressible in a Digital Rights Management environment. Although the project is still in its early phase, it has already produced interesting results and could considerably facilitate the development and implementation of value-centered DRM systems.

Privacy-preserving DRM
DRM systems use various mechanisms to identify and track users within the system. They have the potential to monitor what people privately read, listen to or watch. Although the tension between DRM and privacy has been recognized for several years, a clear regulatory approach as to how to reconcile DRM with privacy interests does not yet exist. In a recent paper, Julie Cohen (2003) from Georgetown University argued that part of the solution to reconcile DRM with privacy interests should be a value-sensitive design process. She argues that, in certain cases, the functionality of a DRM system has to be restricted on a technological level in order to preserve some flexibility for privacy-preserving private access and copying, while simultaneously protecting information providers against large-scale commercial copying. A value-sensitive design process would also investigate methods of building in limits on monitoring and profiling of individual users. Finally, it would consider the desirability of implementing limitations on self-help mechanisms used by rights holders to protect their interests. Such design approach should not be understood as to limit the functionality of a DRM system. Rather, it should be understood as a way to reconcile competing values - interests of creators, rights holders, and users - on a technological level.

Trusted Computing and "owner override"
Over the last two years, trusted computing platforms such as the "Trusted Computing Group" and Microsoft‘s "Next-Generation Secure Computing Base" project have received a considerable amount of attention from technologists, lawyers, economists and cyberpolicy activists. Trusted computing architectures ensure that a computing platform always behaves in the expected manner for the intended purpose. In particular, such architectures provide evidence about the integrity and authenticity of the platform to both the platform‘s owner and to arbitrary third parties. Thereby, this architectural approach attempts to increase trust in the computing environment. Many observers have pointed out that trusted computing architectures might be used by application, service and content providers to create lock-ins and hinder competition in client application markets. Recently, Seth Schoen (2003) from the Electronic Frontier Foundation (EFF) has proposed to enable trusted platform users to send false integrity metrics to the remote application, service or content provider (so-called "owner override"). Thereby, the remote provider could no longer base his decision whether to interoperate or not on the particular client application that is running on the users‘ trusted computing platform.

The relationship between trusted computing architectures and DRM systems is a very complex one and is beyond the scope of this article. Although the author is, ultimately, not convinced by EFF‘s proposal for several reasons, it is just another example of how to influence technological architectures at the design level in order to incorporate legal and policy values.

Conclusion
While the idea of value-centered technology design is not novel, it has only recently been explicitely applied to the area of DRM. Various researchers are exploring this idea in various areas, but no coherent research plan exists. However, the recent Digital Media Project could develop into an important platform upon which value-centered DRM systems are designed. Using a value-centered design approach is complicated by the fact that it requires close interaction between technologists and legal scholars or economists, leading to the usual advantages and limitations of interdisciplinary research. Technologists have to find ways to think about public policy, and lawyers and economists have to find ways to understand technology and its implications. Most importantly, as Barbara Fox and Brian LaMacchia (2003) from Microsoft have pointed out, technologists need appropriate incentives in order to engage in value-centered design research in the first place.

It is also important to note that a value-centered design approach towards DRM may have inherent limitations. Some policy problems may not be controllable on a technological level. Some legal doctrines are inherently flexible and vague, thereby making their technological implementation very hard. Furthermore, DRM policy problems always involve balancing various interests. Value-centered design processes may provide a very helpful tool to implement a certain balance of interest, but they do not offer any assistance how to find this balance. Finally, as John Erickson from HP Labs and Deirdre Mulligan (2004) have recently pointed out, automating policy enforcement by technology has fundamental disadvantages as enforcement has to be reduced to simple yes/no questions, which may not be feasible in all cases of policy enforcement.

Bottom Line
Applying value-centered design processes to DRM systems is a promising and still largely unexplored field. In general, no one knows whether a balanced DRM system that protects both the interests of rights holders and of users as well as the society at large is ultimately feasible both from a technological and a business perspective. As all technology, DRM is malleable, and one should not miss the opportunity to engage in a value-centered design process that shapes DRM appropriately.

Sources
  • Bechtold, Stefan (2002): Vom Urheber- zum Informationsrecht, München 2002
  • Bechtold, Stefan (2003): The Present and Future of Digital Rights Management – Musings on Emerging Legal Problems, in: Eberhard Becker et al. (eds.), Digital Rights Management ‘ Technological, Economic, Legal and Political Aspects (2003), Berlin 2003, pp. 597-654, available at http://www.jura.uni-tuebingen.de/bechtold/pub/2003/Future_DRM.pdf
  • Bechtold, Stefan: Trusted Computing Blog, at http://cyberlaw.stanford.edu/blogs/bechtold/tcblog.shtml
  • Burk, Dan L. and Cohen, Julie E. (2001): Fair Use Infrastructure for Rights Management Systems, 15 Harvard Journal of Law & Technology, pp. 41-83
  • Cohen, Julie E. (2003): DRM and Privacy, 18 Berkeley Technology Law Journal, pp. 575-617
  • Digital Media Project, http://www.dmpf.org
  • Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the Harmonisation of Certain Aspects of Copyright and Related Rights in the Information Society, Official Journal of the European Union L 167 (22 June 2001), pp. 10-19
  • Erickson, John S. (2003): Fair Use, DRM, and Trusted Computing, 46 (4) Communications of the ACM, pp. 34-39
  • Erickson, John S. and Mulligan, Deirdre K. (2004): The Technical and Legal Dangers of Code-Based Fair Use Enforcement, 92 Proceedings of the IEEE, pp. 985-996
  • Fox, Barbara L. and LaMacchia (2003): Brian A.: Encouraging Recognition of Fair Uses in DRM Systems, 46 (4) Communications of the ACM, pp. 61-63
  • Maillard, Thierry and Furon, Teddy (2004): Towards Digital Rights and Exemptions Management Systems, 20 Computer Law & Security Report, pp. 281-287, available at http://oggoo.free.fr/0407011
  • Mulligan, Deirdre K. and Burstein, Aaron: Implementing Copyright Limitations in Rights Expression Languages (2003), in: Joan Feigenbaum (ed.): Security and Privacy in Digital Rights Management, New York, pp. 137-154, available at http://crypto.stanford.edu/DRM2002/mulligan_burstein_acm_drm_2002.doc
  • Schoen, Seth (2003): Trusted Computing: Promise and Risk, available at http://www.eff.org/Infrastructure/trusted_computing/20031001_tc.pdf

About the author: Dr. Stefan Bechtold, J.S.M. (Stanford), is a research assistant to Professor Dr. W. Möschel at the University of Tübingen Law School. He is also a Fellow at the Center for Internet and Society at Stanford Law School which is directed by Professor Lawrence Lessig. Mr. Bechtold is the author of numerous publications in the area of cyberlaw and intellectual property, including a book on the implications of digital rights management (Bechtold 2002). In addition, Mr. Bechtold has composed numerous orchestra and chamber music works which have been awarded several composition prizes and have been repeatedly performed and broadcast. Contact: http://www.jura.uni-tuebingen.de/bechtold and stef@n-bechtold.com.

Status: first posted 09/09/04; revised after online-discussion and included in INDICARE Monitor Vol. 1, No 4, 24 September 2004; licensed under Creative Commons
URL: http://www.indicare.org/tiki-read_article.php?articleId=39