DRM Standards: Should DRM security have standards?
The role of standards in DRM security and DRM systems
For years now we have seen arguments that if you have to have DRM then you should have standards, but you should not have DRM anyway because somehow or other it should not be happening. Why is this?
This article is not about the debate as to whether DRM should be used or not. Like it or not, DRM is here to stay. But once that is a given, you have to ask yourself if DRM should have standards, and, if it should, then who should be setting the standards and what should those standards address?
Well, at the front of the list of who are organizations such as the British Library (and there aren’t many organizations with their responsibility for the preservation of literature and cultural heritage). British Library need to be sure that once works come out of Copyright they are accessible to all and freely available to copy. And just to clarify, we are not just talking about books: Institutions like the British Library have a responsibility for the full gamut of culture – books, pictures, films, music, radio. Actual multimedia.
Now that’s an interesting challenge for standards.
Let’s just think about the problems of Copyright controls for books. After all, this should be a simple case. They’ve been around a while (since Gutenberg or Chaucer maybe) so we might have some experience of how to cope with them. Well, if we go back to the 1960s you would find that different countries had very different ideas about how long Copyright lasted. In the USA it was 25 years after the death of the author, in the UK it was 50 years, whilst in Germany it was 85 years.
Now can you imagine an IT system that is so clever that it can figure out exactly which Country you are in (OK, GPS could be used, but it would have to be built into every single device – PC, PDA, mobile) and it would have to be connected to a reference time – one of the atomic clock reference sites since nobody could possibly believe the time on a device where the user can choose what it is, and it would then have to figure out what the current laws are regarding expiration of Copyright control (maybe its connected to a global register of deaths?). Sounds too good to be true? Well, that’s because it is.
And I have chosen the simplest possible example of a book which uses only written text from the author.
Now can you begin to imagine the complexity if the book contains pictures, and I mean works of art that an individual artist has created – an example would be the Tenniel illustrations for Lewis Carroll’s Alice in Wonderland. Even worse would be if the modern book contained audio visual components, because they are governed by different rules – their controls currently exist for 100 years after the creation of the work. Since current TRIPS agreements say that Copyright for written works is now 85 years after the death of the author (and please recall that the law that applies is the law that was in force at the moment of creation of the work, not what happened afterwards) that creates some further interesting problems.
Consider, supposing the author of the work inconveniently lives more than 15 years after the publication of their work. Then whose rights will have priority – the author of the work (who, we might presume, absorbed all the inferior rights to his work, assuming that he has the authority to do this, and that the creators of incorporated film, or music, that are included in the work are indeed inferior, a legal point that we are not competent to make) or the others whose works were incorporated? Would the rights of the author extend the rights of the other works? And exactly how would you register (in a highly formal sense) the death of the author, so as to put DRM systems on notice that is a variable number of years time they should switch themselves off?
Let us assume that there is an even simpler case, that we can establish an unimpeachable authority that could definitively state, with acceptance of full liability for reliance upon its authority, when a Copyright work was freely available how would you actually establish such a body, and how would it actually operate – who would pay for it to be in existence. Because if you cannot figure out how to finance an operation you can be absolutely certain that it cannot and will not exist.
So it seems that until you have solved a few really pragmatic problems that are to do with registration authorities, legal liability and monitoring, the idea of implementing standards in support of DRM is flawed from a business as well as a technological standpoint.
So whilst, in an ideal world, there ought to be standards supporting interoperable DRM, it is currently a pipe dream simply because the complexity of an infrastructure needed to support realistic implementation is not currently present, and will not be available in the foreseeable future.
So, whilst DRM would benefit from Standards, actually the really important issues that Standards would have to address cannot currently be solved. And until there are some significant capabilities introduced – absolutely certain time servers, unimpeachable authorities that can state with full liability for error, the definitive state of a Copyright license for a highly specific work registered and created at a specific time, then it is most unlikely that any development will take place that has any real and valid use in this area, and that proprietary controls, methods and techniques that address the more soluble questions will be implemented. This is because there is a vacuum, rather than there being any clear path to implementing public policy as it applies to any arbitrary nation state or region. This may not make pleasant reading for policy makers, but they are used to making difficult decisions, and this one is nothing new.