October 2003  Volume 29, Issue 7
October 2003 Issue
       Send Feedback Table of Contents
e-Definitions: The Sweeping Ambitions of Digital Rights Management
by Mark Tamminga
A potential hammerlock on digital content has plenty of folks scared.

ACCOPS
It’s really getting ugly out there. Backed by a recent decision that Internet service providers can be compelled to turn over the names _of customers suspected of sharing pirated music files, the Recording Industry Association of America has gone on a full-on litigation bender. Whack-a-mole style, the RIAA has issued more than 1,000 subpoenas against the owners of computers used for music file sharing. The potential damages sought are enormous.
It gets worse.

Entertainment industry money is now finding its way into research aimed at sabotaging computers that run file-sharing programs. And it gets worse still. This same industry would find protection in a new bill called the Authors, Consumer and Computer Owners Protection and Security Act. (Read that title again and savor the irony.) This awful legislation would protect copyright holders from liability if they “impaired or disrupted” networks or machines that purport to violate copyright. Oh, and it would make the uploading of a single song to a publicly accessible network a felony. So know this: The recording industry is lawyered right up, has friends in high places willing to write draconian laws and is scared witless.
That’s not a good combination.

DRM
How’s it all going to end? Well, as Keynes said, in the long run we’re all dead. Not willing to wait that long and not keen on that particular outcome, music, movie and book purveyors—the “rights holders”—are doing everything they can to fight the technology that could render their aging but still very lucrative business model obsolete. They argue that unless something is done to protect digital property, content producers will either go broke or simply refuse to let their stuff go digital. Can’t have that.

On the other hand, all this grim suing of everybody and their parents would just go away if stealing digital content in the first place were simply made impossible. To that end, there is a major move in the direction of Digital Rights Management, a set of technologies that embeds restrictions directly into any playback hardware and software (including computers and operating systems) so that content can be played or reproduced only in ways the copyright owner permits.

The ambitions for DRM are sweeping, and some of the implications are indeed attractive. A fully implemented DRM scheme would ensure that documents or e-mails created by a law firm, for instance, could be read or altered only by those with permission, or could be forwarded only to proper parties, or could be made to self-destruct after a given period of time or number of reads. All of which might address some sticky confidentiality and authentication problems.
On the other hand, DRM has a whole lot of people plenty spooked.

Palladium/NGSCB
Why? Well, if you were a big-time, cigar-smoking content owner and you wanted to have DRM built into every machine in the universe, whom would you want on your side? Right. Microsoft. And try as they might, many folks have a hard time trusting Microsoft.

In January 2002, Bill Gates sent out one of his periodic bet-the-farm memos to all Microsoft employees insisting that Trustworthy Computing was now Microsoft’s single most important goal. Henceforth, he said, “when we face a choice between adding features and resolving security issues, we need to choose security.” Not a bad idea, really…. But what exactly did it mean?

It meant Palladium, Microsoft’s name for a comprehensive redesign of the security model used by Windows, and which Microsoft hopes to build into Longhorn, the code name for the successor to Windows XP. Palladium, working in conjunction with new chips from Intel and AMD, would create a “trusted computing platform” that would address a host of security and DRM concerns by preventing the execution of unauthorized code.

Whoa. Unauthorized code? Who decides what’s authorized and what’s not? Microsoft professes to be interested primarily in protecting the end user “from privacy invasion, outside hacking, spam and other electronic attacks.” Predictably enough, though, critics and privacy experts have seen a much darker purpose, pointing out that Palladium would be a dandy architecture for the aggressive protection of Microsoft’s own intellectual property. With the noise getting intense, Microsoft quickly dropped the name Palladium in favor of the brilliantly forgettable Next Generation Secure Computing Base. But that’s all it has done, because it has no intention whatsoever of abandoning this strategy.

Here’s what many worry about: With NGSCB/DRM built into every fiber of Windows, vendors will be able to detect and remotely delete pirated software. Content producers will have a hammerlock on the uses of digital content. (DVDs, for instance, could be made to run only on Palladium-ready machines that would limit you to two or three plays and refuse to allow you to make copies.) Most importantly, it could push users in the direction of making software something that you rent. Stop paying your rent and your software stops working. And any files you created with that software would be suddenly unusable. If the software in question was a future version of Word and access to all your documents depended on keeping up the payments to Microsoft, you’d likely be pretty prompt in sending off those checks.

Whether that’s how it all plays out will become clear in the next two years or so. The record companies, movie producers and book publishers are hoping that Microsoft’s security gambit pays off. The rest of the computing world lives in fear that it will. n


Mark Tamminga ( mark.tamminga@gowlings.com) practices law and fiddles with software at Gowling Lafleur Henderson LLP in Toronto. He is the coauthor of The Lawyer’s Guide to Extranets (ABA, 2003).