October 9, 2024

USACM Policy Statement on DRM

I’m pleased to post here a new policy statement on DRM, issued by USACM, the U.S. public policy committee of ACM, the leading professional society for computer scientists. It’s a balanced yet strong statement of principles that can be applied to many public policy questions relating to DRM. I helped to draft it, and I support it. USACM has posted the original document in PDF format.

USACM is a valuable resource on infotech policy issues. And they have a useful policy blog too.

USACM Policy Recommendations on Digital Rights Management

February 2006

BACKGROUND:

New technologies have remade the consumer entertainment landscape, allowing creative content – such as movies, television, and radio programming – to be delivered in digital form. Because exact copies of digital content can be widely and quickly distributed, some content distributors are employing technical protection systems to manage consumer uses of copyrighted content, often characterized as “digital rights management (DRM)” technology. DRM systems are intended to enable distributors to manage consumer uses of content. In theory, this may prevent the making and distribution of infringing copies of digital works. However, use of these technologies has created controversy, especially as regards issues of “fair use” and public interest. In some cases, DRM technologies have been found to undermine consumers’ rights, infringe customer privacy, and damage the security of consumers’ computers. One notable example was the software distributed with compact discs in 2005 by Sony BMG. Sony subsequently withdrew the product, which had created security and privacy vulnerabilities for consumers’ computers, because of resulting public criticism and legal action.

The marketplace should determine the success or failure of DRM technologies but, increasingly, content distributors are turning to legislatures or the courts to erect new legal mandates to replace long-standing copyright regimes. DRM systems should be mechanisms for reinforcing existing legal constraints on behavior, not as mechanisms for creating new legal constraints. Striking a balance among consumers’ rights, public interest, and protection of valid copyright interests is no simple task for technologists or policymakers. For this reason, USACM has developed the following recommendations on this important issue.

RECOMMENDATIONS:

Competition: Public policy should enable a variety of DRM approaches and systems to emerge, should allow and facilitate competition among them, and should encourage interoperability among them. No proprietary DRM technology should be mandated for use in any medium.

Copyright Balance: Because lawful use (including fair use) of copyrighted works is in the public’s best interest, a person wishing to make lawful use of copyrighted material should not be prevented from doing so. As such, DRM systems should be mechanisms for reinforcing existing legal constraints on behavior (arising from copyright law or by reasonable contract), not as mechanisms for creating new legal constraints. Appropriate technical and/or legal safeguards should be in place to preserve lawful uses in cases where DRM systems cannot distinguish lawful uses from infringing uses.

Consumer Protection: DRM should not be used to interfere with the rights of consumers. Neither should DRM technologies interfere with any technology or use of consumer systems that are unrelated to the copyrighted items being managed. Policymakers should actively monitor actual use of DRM and amend policies as necessary to protect these rights and interests.

Privacy and Consent: Public policy should ensure that DRM systems may collect, store, and redistribute private information about users only to the extent required for their proper operation, that they follow fair information practices, and that they are subject to informed consent by users.

Research and Public Discourse: DRM systems and policies should not interfere with legitimate research, with discourse about research results, or with other matters of public concern. Laws and regulations concerning DRM should contain explicit provisions to protect this principle.

Targeted Policies: Public policies meant to reinforce copyright should be limited to applications where copyright interests are actually at stake. Laws and regulations concerning DRM should have limited scope, applying only where there is a realistic risk of copyright infringement.

Comments

  1. Anthony Oliver says

    Given the technology available I consider I should have an absolute right to enjoy any media, I have legally purchased, on any device I own. Further more I believe I should have the right to make a copy of the media, in order to protect myself from loss, should the original become damaged or deteriate.

    Any restrictions on how I can personnaly use anything I have legally purchased is, and should be viewed in the eyes of the law, as a contravention of my consumer rights.

  2. I have come to the conlusion that if any company wants to implement DRM they must do it through a proprietary self-developed product such as an iPod. All content that operates on a personal computer should be “open source”.

    Companies have no right to protect their content by modifying (crippling) my computer. However, they have a perfect right to develop their own players (hardware) and sell it. It will also be a given, that none of this protected content will work on my PC which is OK, vendors are NOT obligated to provide content that will work on my PC.

  3. Manfred Leile says

    > I can’t read that PDF. It’s encrypted, and my reader prompts
    > me for a password I don’t have. Isn’t that ironic?

    For me Acrobat Reader works fine, but (k)ghostviews from
    Suse 10.0 do not. After replacing pdf_sec.ps for this
    packages by an actual version from
    http://www.cs.wisc.edu/~ghost/
    they also do their job.

  4. Peter Mogensen says

    @Felten

    If the situations was so that we were discussion whether to make a DMCA/EUCD law and the argument was that:
    “Yes do, but put in competition and consumer safeguards until the perfect DRM comes along”. … then I would agree.

    But this is not the situation. The situation is that we _have_ DMCA and EUCD and they have proved very difficult to change.
    The EUCD was implemented in Denmark 22th december 2002. As an argument for the law the responsible minister said that he expected rightholders to develop technical protection measures which allowed consumers to make a limited numer of private copies (which were before 22/2 2002 explicitly allowed). In january 2003 IFPI-Denmark announced on national TV that they expected to have such DRM ready “by summer” (they were speaking about CDs !!!!)

    Currently in Denmark there’s an official evaluation of the rules. For some reason they have never been used in court in Denmark, so the governemt concluded that there was no need for changes.
    In their official reply the the (“no changes”) law IFPI said:
    [quote]
    regarding the possible introduction of a technical measure, which allows a limited number of copies for personal use, IFPI-Denmark is being informed that there is intense ongoing work to find such a system. From what is reported by severeal large record-companies the system should be introduced this year.
    [/quote]

    Now.. this is the reallity. The law exists and consumers are still (through 2003,2004,2005) being told: “We’re not there yet, but …maybe tomorrow”.

  5. “Speaking for myself, I tend to agree with both of you that the perfect infringement-preventing, user-rights-respecting DRM system is not gonna happen. For whatever reason, policymakers don’t seem to understand that. I don’t think it’s necessary to win that debate in order to make good public policy. It’s enough to get user protections that are triggered by the failure of actual DRM systems to protect users.”

    Honestly, I think the opposite is true. Right now, the debate tends to start from the assumption that effective DRM is possible, and focus on whether it’s desirable. And because their ideal DRM is always a few years in the future, they’re able to brush away concerns about implementation difficulties as technical minutia: “the nerds will take care of that once we get the right legal framework in place,” they say.

    I think a crystal clear statement from the nerds that they won’t be taking care of those implementation difficulties because many of them are problems that are theoretically impossible to solve could have an immense impact on the debate. DRM advocates should be defending the ineffectual, restrictive, and anti-competitive DRm systems we have today. And they should squarely acknowledge the possibility that DRM will never work as they imagine, and explain why we should be forced to respect DRM schemes as deeply flawed as those that exist today.

    There are tons and tons of people in the policy community making arguments about competitiveness, fair use, etc. CS professors don’t have any particular expertise in these sorts of issues compared to law professors, journalists, think tank scholars, etc. But they do have expertise on the technical subject of whether effective DRM is feasible, and I think it would be fantastic if you could get them to weigh in on that subject at some point.

  6. DRM sucks says

    Disgusting Rights Manipulation is the only possible outcome of DRM.

    Neoclassicist mentality: control every copy, monetise every exchange, only allow access to those that can pay and pay and pay again is what our culture is being reduced to. DRM is a misuse of technology. The only answer is to educate others and boycott in large numbers.

    Policy statements are nice but in the end thats all they are.

  7. E. Burke says

    PDF opens for me without requesting a password.

  8. I can’t read that PDF. It’s encrypted, and my reader prompts me for a password I don’t have. Isn’t that ironic?

  9. Did I miss something? This balanced statement seems not to address the library/archiving problem. Here’s my two cents:

    Manufacturers using DRM must ensure that their work can be accessed in public libraries at least 100 years later, without access to specific web sites (that might no longer work) or ancient hardware (that might no longer work).
    [By the way, this can be done by placing unecumbered versions of each work in escrow for, say, 20 years and then releasing it into the public domain.]

    I play records that I bought in the 1940’s and 50’s. will you be able to play your iTunes music in 50 years?
    – Precision Blogger

  10. Walter Vannini says

    Frankly, I do not see what more we could expect from a set of recommendations.
    They are reasonable, frank, and simply state that legislation should not dictate which market there should be, only that some basic rights which recognise to be in the collective interest of the public should be maintained while markets and companies routinely reshape themselves technological change after technological change.

    Throughout history, those enjoying a captive market have always opposed any technology that could erode their rents. Scribes against print, traction horse farmers against the internal combustion engine, name your example.

    I believe there will still be a music market ten years from now, and it will make more money than it makes now. There may not be a music *industry* as we know it today, though, as the time for that kind of middelmanship has expired.

    No amount of bad legislation can stop history.

  11. @Matt,

    This is supposed to be a general statement of principles that can be applied to any DRM-related public policy questions that come up. As such, it does not comment on any specific legislation or proceedings. DMCA reform is not the only game in town these days.

    USACM has been involved in public policy in this area for a long time, certainly since before the DMCA.

  12. The problem I have with this is that it’s about a decade too late. What it comes down to is an argument against the DMCA. That would have been valuable before the DMCA was enacted. But now that it’s in place, and now that the main issue before Congress is whether to keep the DMCA as is or make it even stronger, a statement like that is a lot less relevant. Repealing legislation is hard.

    If the goal of the authors is to “preserve lawful uses in cases where DRM systems cannot distinguish lawful uses from infringing uses” then their goal is (among other things) a DMCA-free world. They’d better say so a lot more explicitly. I don’t know if a lobbying campaign to repeal the DMCA has any hope of success, but it sure doesn’t have any hope if the people doing the lobbying won’t say that that’s their goal.

  13. Peter and John,

    I don’t think you’re giving the statement enough credit.

    The first thing to recognize is that these are recommendations for policymakers, not technology designers. The goal is not to tell technologists what they should design or executives what they should try to sell, but to advise lawmakers and regulators on the general approach we think public policy should take.

    The competition principle calls for real competition, not the kind of pseudo-competition where many systems are available in theory but there is only one viable choice in practice. The principle says that public policy should not just “allow” competition, but also “facilitate” it.

    Regarding the hypothetical perfect DRM system that respects all the rights and interests of users, the statement takes the attitude that if somebody manages to develop such a thing, they’re welcome to deploy it as widely as they like, and we’ll all (copyright owners and users) live in copyright nirvana. But until that blessed day comes, public policy should affirmatively protect the rights and interests of users. That’s what the “copyright balance”, “consumer protection” and “privacy” principles are about. All of them call for affirmative steps to protect users where their rights are at risk.

    Speaking for myself, I tend to agree with both of you that the perfect infringement-preventing, user-rights-respecting DRM system is not gonna happen. For whatever reason, policymakers don’t seem to understand that. I don’t think it’s necessary to win that debate in order to make good public policy. It’s enough to get user protections that are triggered by the failure of actual DRM systems to protect users.

  14. The recommendations continue the bizarre “wishful thinking” approach that seems to be taking root: If only we had DRs (digital restrictions) that didn’t restrict us! If only they expired when copyrights did! If only they could not be applied to public domain material! If only the DR technology understood the case law of fair use in the jurisdiction where it was operating! If only every device in the universe was locked-down (not user modifiable) and implemented every DR scheme ever invented! If only we had water that wasn’t wet!

    Why anyone would deploy DRs that didn’t restrict consumers is beyond me; we know they aren’t there to prevent “piracy”, but to enforce distribution cartels. Where there’s no cartel, as in digital photography, you never see DRs; buyers would shun any product that contained them. Only where someone has the market power (or government power) to force DRs down consumers’ throats do DRs succeed.

    The “Competition” recommendation doesn’t alleviate any of the problems with DRs that are mandatory to implement not because of a government mandate, but because a reader or player will not interoperate without them. For example, DVD-CSS. These DRs form new cartels which retard or prevent the entry of consumer-friendly devices into the market, and restrict the distribution of new works.

    Apple is setting us up for this. After refusing to interoperate for years, someday, just before antitrust action succeeds, they will be willing to cross-license their DR system as the mandatory standard for all music & video. With Apple taking a cut of every song or video sale and every player sale. Apple has already joined the Hollywood cartel; this will just formalize it.

    PS: The Apple DRs are being applied even to works whose copyright holders wish to engage in unrestricted, non-DR distribution. For example, David Gans’s albums. Why? To be distributed via the iTunes Music Store — the cartel — you must use Apple DRs. This is not a technical rule, just Apple’s business decision. Why would they sell music that anybody could play on any non-Apple MP3 player? How would that be in Apple’s best interest?

  15. It is curious that the only music I feel comfrotable using on my PC is either pirated or ripped from my older CDs whereas the only software I feel comfprtable with is leagally purchased. Truly an odd situation that the music industry is largely responsible for. I agree with E. Burke, in that I try to be very disciminating about what I insert in my PC but I’ve got kids (that I forbit to use Kaazaa, etc.) that like music and I am very uneasy with what is eventually going to happen to my home systems because of that fact, even though I encourage them to only use leaglly bought music. I dodged the XCP fiacoe but got nailed by MediaMax from a perfectly legal copy of a David Grey CD.
    It truly does feel like I am being attacked for trying to do the right things.

  16. E. Burke says

    Personally, I’ve given up. There are going to be no fair-use rights left standing, and content providers are going to make us pay and pay and pay. I have no intention of putting a music cd or a movie dvd into anything but a stand-alone player–and I run a linux distro on my home computers. I have given up buying music, and refuse to download, because of DRM. I buy only 3 or 4 DVDs a year, and I may stop that pretty soon. I abhor DRM, and apparently the only way legally to escape it is to opt out of the market completely. I’ve gone from being a tech enthusiast to being something nearly akin to a luddite. Thank heavens I have a lot of books.

  17. Peter Mogensen says

    ===
    “Appropriate technical and/or legal safeguards should be in place to preserve lawful uses in cases where DRM systems cannot distinguish lawful uses from infringing uses”
    ===

    Apart from the quote above, I see little progress with this statement. I does set up a few requirements for DRM (as “interoperability”), but since it fails to state that such requirements are wishful thinking, the result will be that consumers will suffer while the media-industry is searching for the holy DRM grail. For the last 4 years the attitude from rightholders regarding DRM respecting fair use has been “we’re not quite there yet, but maybe we’ll have news tomorrow”. This is simply unacceptable when all comon sense says it will never happen.