About Rüdiger Grimm: Since September 2000 he has been professor for multimedia applications at the Technical University of Ilmenau, Germany. He also heads a research group at Fraunhofer (IDMT – Fraunhofer Institute for Media Technology). Research interests include trustworthy and secure e-commerce applications, payment systems, business protocols, privacy and digital rights. Among the solutions he has contributed to are numbered the First Virtual payment system, and more recently the PotatoSystem and Light Weight DRM. Contact: ruediger.grimm@tu-ilmenau.de


INDICARE: A payment function is often regarded an important component of a DRM system. Nevertheless it seems as if there is not much communication and overlap between those dealing with e-payments and those dealing with DRMs. You are expert in both fields – would you agree that both communities are strikingly separated?

R. Grimm: There are two communities, partly but not completely separated. Indeed, there are a lot of "kernel" DRM systems which are not closely linked to a business model, such as Windows Media Rights Management, Helix, Atrac3 or Fairplay. Also, payment systems like PayPal or Moneybookers are not directly involved in digital goods download through a DRM system. In addition there are also business models for protected content, like iTunes and Sony Connect, not associated with a strategic e-payment system. In this respect: yes, there are two different communities which are only partly interlinked.

But there are other examples of strong interrelation between these communities: The business model of the e-payment system Firstgate's Click&Buy aims at digital goods. During the payment process the purchased digital goods are tunnelled through the server farm of the payment system. This is a DRM business system. The same is true for Paybest. Paybest is closely linked with the PotatoSystem. There is no Potato download without stepping through the Paybest process. The provider of Paybest and the PotatoSystem is the same firm. And iTunes in the US (not in Europe) offer payment by PayPal, as a first step to electronic payment integration.

INDICARE: This means that on one side we see companies who follow an integrated approach with a business model for virtual goods in mind, and on the other side we observe an approach where different components are integrated ex post at the level of the eCommerce system. Why ask for co-operation and a common view if in practice there is no need for joint action and joint systems development?

R. Grimm: I see two reasons why the two strands are not always integrated. Number one is the reason you mention: DRM is in the first place a technical mechanism. Only within a digital goods business system, is payment required. Nonetheless, iTunes is indeed a business system, and – in Europe – it is not interlinked with an electronic payment system. Number two is that both parties, payment systems and DRM business systems, have their own customers. It is not easy for one of the two parties to serve the customers of the other. Both want to serve their own customers. However, this situation is uncomfortable for all users. It limits market growth for both sides. Therefore, it is a matter of time until successful download or file sharing systems conclude strategic partnerships with specific payment partners. Just like eBay goes with PayPal, payment systems will concur to become strategic partners of successful download or (legal) filesharing systems.

INDICARE: Neither PayPal (with eBay) nor credit card payments (with iTunes) are micropayment systems. Do eContent markets need micropayment systems at all?

R. Grimm: Yes, they do. Payment must be (a) strongly interwoven with the purchase process, (b) immediate and able to conclude the purchase, (c) cheap enough for low-price eContent. But there are interesting other models beyond micropayment, such as packeting several purchases to one payment, or subscription, which make credit card payment cheaper.

INDICARE: How big is the demand for integrated DRM & E-payment systems and what are the most successful systems today?

R. Grimm: Successful digital goods purchase systems will provoke Internet micropayment systems. As mentioned above, Firstgate Click&Buy is a functioning integration of micropayment and download of digital goods. Paybest and PotatoSystem is another example. PayPal and Moneybookers are prominent candidates for strategic partnerships with download shops, because they do have a broad customer base. iTunes in the US have already started with PayPal.

INDICARE: Listening to all the names the question of interoperability as a condition for a unified consumer experience automatically pops up. Won't we see again lots of incompatible islands? How will the interoperability problem be solved if not by a winner takes it all logics?

R. Grimm: Exactly so. There are so many different DRM solutions on the market, and they are all incompatible. Electronic payment is not much better. Accounts from one system cannot be used to pay with another system. So, customers get used to having as many logins, accounts, contracts and rules as they use download services and payment systems. To top this problem: They all play with the personal data of their customers. There is a huge privacy bomb out there in DRM services…

INDICARE: What exactly do you mean by "privacy bomb"?

R. Grimm: Web surfers purchase more and more virtual goods. Traces of personal data are created by communication with servers, and also in encoded form within the products. Mostly people are not aware of this networked information about their behaviour. Nor is it utilized so far. However, the information is out there, and it is increasing every day. Users should insist on being informed on the usage of their data. And providers of services should know that trust is the most important basis of business, therefore it is worthwhile to provide transparency on their actions.

INDICARE: Back to payments, do you think it is possible to draw lessons from the early internet payment systems like First Virtual, eCash and CyberCash for the design of DRM systems?

R. Grimm: All three systems worked as both, payment, and digital goods purchase. In modern language: they managed digital rights. But they were not DRM systems in the narrow sense: there was no copy protection or usage control involved. But nevertheless there are (at least) three lessons to learn: (1) payment and digital goods purchase must be simple and cheap: no public key registration or so! (2) There must be many goods of accepted value available on the Internet; (3) there must be no privacy threats.

INDICARE: You mentioned public keys. PKI is debated today in the context of DRM too, when it comes to the granting of exemptions from the owner's exclusive rights. At the last DRM conference in Berlin (see Orwat 2005) Thomas Dreier for example envisaged a solution to this problem through DRM systems based on PKI. What is your opinion on a PKI based DRM approach to achieve fair use?

R. Grimm: PKI are heavy weight for handling. PKI and signatures are fine for B2B rights management. Customers will avoid the extra load of care they have to take for their keys. PKI will be a solid basis for B2C e-Commerce if it is available and used for other purposes as well. But this is not yet in sight.

INDICARE: Well, in other words this means PKI and TTPs are not appropriate means to enable users to enjoy their traditional rights, like making private copies, granted by copyright? Do you have a better solution in mind how to reconcile DRMs and the legal provisions?

R. Grimm: Trusted Third Parties as service providers to enforce additional rights or other services (like fair exchange of high-value) might indeed be an appropriate business model. But PKI for key management just in order to sign contracts is an overload on digital goods, especially in the low value range.

INDICARE: From PKI to payment systems infrastructure is just a tiny step. Payment systems and also micropayment systems at the end of the day need a channel to communicate with the banking world and the monetary system. This missing link has been a problem for micropayment systems, is it an issue for DRM systems? Asked differently, what is the role for payment intermediaries in the field of paid protected content?

R. Grimm: The intermediaries must be the payment systems themselves. It is the purpose of an e-payment system to map the heavy-weight banking system into light-weight Internet communication. They organise intermediate accounting to bundle payment processes for clearance in the "real money world" of banks. When they do this, they offer additional services such as reporting, control of download, re-load of lost goods, concluding a purchase.

INDICARE: Talking about technical infrastructures, there are (apart from convergence) still different types of networks: the open Internet, mobile phone networks and digital TV. Can we expect to see in the future most paid content via digital TV und UMTS mobile networks?

R. Grimm: The mobile world is special. Mobile phones are easier to protect against tampering. Individuals accept to pay for access to mobile networks. Mobile devices carry individual IDs for tracking and accounting. Bringing these points together, mobile networks are predestined for DRM-protected download and payment. Paid download of ring tones works extremely well. Therefore, the mobile industry has great hope, that it will be accepted as a digital goods purchase world. However, this will only succeed if the systems are compatible. OMA - the Open Mobile Alliance - is the relevant standardization initiative. Without success of OMA there will be no mobile DRM business.

The TV world is completely different. I don't see a strong overlap between the passive-consumption world of TV with the active consumption world of the B2C e-commerce – at least in the near future. This might change, but not very fast.

INDICARE: By and by p2p-Networks are being recognized by eContent industries as an opportunity (see Rosenblatt 2005). How will adequate payment systems look like for P2P networks? Can we envisage p2p networks as exponential "recommender-systems" with a payment function?

R. Grimm: A view into the near future, as I see it: Payment systems for digital goods within p2p-networks play the role of intermediaries between p2p value exchange and the real banking clearance. The payment system collects different payment activities and does the intermediate accounting before clearance. All services, such as provisions and special offers are managed by the payment service. Payment customers have access to a huge set of digital goods offerings.

INDICARE: By the way, can you imagine upgrading your PotatoSystem to p2p networks?

R. Grimm: Yes, PotatoSystem is prepared for an upgrade to p2p communication. This requires a close inter-play with an e-payment service, just as Paybest today. Already today Paybest is a broker for many other e-payment services such as Paysafecard, Mircromoney, Moneybookers, and Click&Buy.

INDICARE: Isn't it amazing that we have talked all the time about DRMs without even mentioning copy protection? Looks like entering the DRM arena through the payment door you automatically think of DRMs in terms of business models…

R. Grimm: Virtual goods are made for purchase and usage, not for being protected against usage. It is indeed amazing, that content providers emphasize copy protection and forget so much about new opportunities to make money. Payment brings it all together: content providers want money and consumers want products. Instead of raising border walls of usage protection between them, content providers should open payment doors to their customers and make their goods accessible – and consumable.

INDICARE: Thank you very much for this interview.

Sources

Status: first posted 15/03/05; licensed under Creative Commons
URL: http://www.indicare.org/tiki-read_article.php?articleId=86