Roger Clarke's Web-Site

 

© Xamax Consultancy Pty Ltd,  1995-2016


Roger and Stephen's Technological Protection for Digital Objects

Technological Protections for Digital Copyright Objects

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

and

Stephen Nees

Department of Computer Science, Australian National University

Version of 14 November 1999

© Xamax Consultancy Pty Ltd, 1999

This paper was presented to the Media Track of the ECIS 2000 Conference, Vienna, 3-5 July 2000, and appears in Proc. 8th Euro. Conf. Infor. Sys. (ECIS'2000), July 2000, Vienna Uni. of Economics & Business Administration at pp. 745-752

This document is at http://www.rogerclarke.com/II/TPDCO.html

The PowerPoint slides prepared to accompany the presentation are at http://www.rogerclarke.com/II/TPDCOOhds.ppt


Abstract

The explosion of the Internet has brought with it serious threats to the survival of organisations that have depended on revenue from copyright objects. A substantial range of risks arise for a copyright-owner wishing to use digital formats even for the preparation, let alone the dissemination, of their works. A range of technologies is available, and in development, which may assist in addressing those risks. Devising a complete protection regime appears unlikely to be feasible, however, and adaptation of business models is essential.


Contents


1. Introduction

A vast quantity of information is made available through the world's first widespread public information infrastructure. An expectation has arisen that 'information wants to be free' (Clarke 1999b).

On the other hand, some kinds of information are very difficult to create or assemble. There are many enterprises whose business model involves the collection of revenue in return for the provision of information. Such enterprises must either make their information available gratis over the Internet, and change their business model; or keep the business model, and protect the information from would-be appropriators.

Protecting information turns out to be much harder than it used to be. The most cost-effective form in which data can be prepared, and can be disseminated, is digital formats. And those are precisely the formats that are most at risk to modern-day 'artful dodgers' eager to 'pick a pocket or two'.

In late 1997, Encyclopædia Britannica (EB) responded belatedly to the challenges of the CD-ROM and changed the conception of its product from a set of books to information, and its delivery channel from hand-delivered paper to mailed optical disks (Melcher 1997). In October 1999, yet closer to insolvency, it responded to the challenge of the Web, and not only switched its delivery channel to the web, but also changed its business model from fee-for-personal-copy to advertiser-funded (Fox 1999).

If the owners of content with such undoubted social and cultural value as EB are at dire risk in the new scheme of things, the challenge to the economics of the 500-year Gutenberg period must be very substantial. A proper understanding of an emergent new economics demands a deep appreciation of the technology that is driving these changes. The motivation for this paper is to present a consolidated although necessarily very concise view of the technological changes that threaten copyright-owners, and of the technological protections that are available.

This paper commences by outlining copyright and the nature of copyright objects in the digital era. It then presents a model of the risks confronting an owner of a copyright object that wishes to disseminate it over an open network, but at the same time protect their proprietary interests. The technologies are then classified that can be of assistance in addressing such risks. The final section assesses the extent to which available tools enable the risks to be addressed.


2. Copyright Objects

This section briefly reviews the nature of copyright, of copyright objects prior to the digital revolution, and of copyright objects now.


2.1 Copyright

Copyright is a form of property. It vests it in the originator of what is referred to in this paper as a 'copyright object'. It applies to works of a literary, dramatic, musical, artistic, or cinematographic nature, plus, in some countries, multi-media works; and to what lawyers refer to as 'subject matters other than works': broadcasts and sound recordings. In most countries, computer programs are treated as literary works. The origins of this form of intellectual property are a British statute of the early 18th century. It is the subject of international harmonisation through conventions. Generally speaking, the law is expressed in each country by a special statute (e.g. in Australia, the Copyright Act 1968).

Copyright law confers on the owner certain exclusive rights, e.g. in Australia, they are to reproduce the work, to publish it, to perform it in public, to broadcast it, to 'submit it to a diffusion service', and to adapt it. Ownership may be 'assigned' (i.e. gifted, bartered or sold) to someone else. The owner may provide others with a licence to do specific things with the work. In particular, a licensee may be authorised (gratis, or for a fee) to make a designated number of copies, perhaps for a designated purpose, or to translate it into another nominated language, or to re-publish it in a collection. Ownership may also be intentionally or accidentally forfeited, which places the object 'in the public domain'.

Copyright infringement occurs when a 'substantial part' of a work is appropriated, in the absence of a licence to do so. In particular, it may be reproduced (copied), published (made available to others) or adapted (into a new form, including through translation), without authority. Such infringements are actionable in civil jurisdictions.

The rights of a copyright owner are subject to a number of qualifications. A copy only infringes if the amount copied is a substantial part of the work. Whether the copied part is judged to be substantial or not depends on qualitative factors as well as the size and the proportion of the work that is copied. Another qualification is the 'fair use' or 'fair dealing' provision, whereby quotations or excerpts can be copied and re-published for the purpose of research, study or comment. A further qualification relates to reproduction and adaptation for the purposes of the physically and intellectually impaired. Copyright laws generally provide for compulsory licences whereby libraries, archives, museums, galleries and educational institutions are permitted to reproduce copyright material, subject to equitable payment.

A copyright-object may be the subject of a covenant, which is a limitation with respect to the owner's rights. Arising from European laws, an implied covenant usually referred to as 'the moral rights of the author' is becoming increasingly important.

Two particular aspects of the underlying philosophy of copyright are that it is intended to protect the expression of an idea, not the idea itself, and that the purpose of copyright is not to reward origination, but to create the possibility of revenue flows which will encourage publication. These aspects of copyright law, like many others, are subject to widely varying interpretations.

Guidance in relation to copyright and the Internet is at Dempsey (1996). A more detailed examination is in Clarke & Dempsey (1999). The reader may also find it useful to peruse the copyright notice relating to this paper.

It has been argued by some that the changes being wrought by information technology during the last decades of the twentieth century make a re-assessment of copyright law inevitable and urgent (e.g. Barlow 1994, Dyson 1995, Kelly 1996, Samuelson 1996, Nelson 1997).


2.2 Copyright Objects Then

As recently as the early 1990s, most copyright objects were recorded on highly tangible things, such as books, journal issues, photographs, vinyl records, audio-tapes, microfilm, video-tapes, cassettes, diskettes, CD-ROMs and games-cartridges. The expressions on the media were protected, but the ideas underlying the expressions were not.

The primary manner in which one acquired the ability to see and use a work was to buy or rent such a tangible thing, or to purchase admission to a location where the work was being reproduced, performed or played. A person could also gain access by going to a library which acquired and stored the particular thing that the person wanted, and either lent it, or made it available for inspection on the premises. In general, the person did not need to acquire a copyright licence.

Most of these tangible storage-media could be copied in some manner that replicated the works contained in them. Such replication involved access to infrastructure and effort, and hence in most cases appreciable costs. Moreover, most reproductions were accessible by only one user at a time.


2.3 Copyright Objects Now

Ideas have previously been conceived as words, numbers, symbols, shapes, pictures and sounds, and expressed in what we now refer to, somewhat disparagingly, as physical or analogue forms. Most of these forms were not capable of being manipulated, and were clumsy to reproduce or even to transport. In some cases, inflexible, specialist equipment was needed to convert the storage forms back into a human-appreciable stream of impulses.

Suddenly, during the last few decades, digital representations have become the mainstream. A great deal of copyrightable material has leapt from the physical to the electronic, or, as Negroponte (1995) preferred to put it, has migrated from atoms to bits. Convenient digital storage formats exist that can be used to store information intended for most of the human senses (taste and smell being the primary exceptions, to date). Digital forms can be readily translated into impulses that entirely satisfy the human eye, ear, and mind, and even the tactile and proprioceptive senses. In the cases of audio, image, and moving image / video, the quality of digital formats quickly overtook that of predecessor technologies.

The digital revolution has been multi-facetted, enabling:

The effect of copyright law changed in an important way as a result of digitisation, and the impact became even more apparent with the explosion of the Internet. The purchase of a book or tuning to a broadcast channel did not necessitate the acquisition of a copyright licence. The purchase or rental of digital media, on the other hand, generally did. An early and pervasive example was the need to copy a games-cartridge into a computer's memory in order to play the game.

Moreover, a computer's mode of operation inherently involves the making of a succession of copies of the object. Rather than directly viewing a purchased physical object, the reader sees it on a screen. To achieve this, the workstation moves the transmitted object into its input-buffer (thereby, in copyright law, making a copy), moves it from there into its video-storage or VRAM (another copy), and then displays it on the screen (yet another copy). The operation of routers also involves the making of copies, as the object is transferred, piecemeal, from the node's input-buffer to its output-buffer.

The mis-match between copyright law and the new patterns of copying inherent in new technologies has had the accidental effect of increasing the power of copyright owners.


3. Risks

The digitisation of copyright works has brought enormous benefits to organisations and individuals that consume content, and that use it as a factor of production of new works. An overview of electronic publishing is in Clarke (1997).

With those benefits have come serious challenges to the producers and owners of works. In many cases, their operations have been predicated on a user-pays business model, with the revenue arising being split among the various organisations in the production chain. Digitisation, the Internet, and the web have undermined that business model, making it very easy for content to escape from the control of owners, and be exploited without payment. An assessment of issues is in Clarke (1999a).

This section summarises an examination of the risks that confront the owner of a copyright object, when they seek to publish it on the Internet. It is drawn from Nees (1999).

(a) Classes of Risk

The primary concerns are that unauthorised actions may be taken by someone in possession of the work. The actions may be any or all of:

Forms of harm that may result from such actions include loss of revenue, and reduction in the reputation of the work, the originator or the publisher. It is also possible that contingent liabilities could arise, especially from an altered version, e.g. an action in defamation or negligent misstatement.

(b) Sources of Risk

Each party involved in a transaction represents a potential source of breach. Depending on the circumstances, these may include:

(c) Situations of Risk

Digital objects are subject to vulnerabilities at multiple points within the computer-based systems operated by each party. These include:


4. Protection Technologies

A range of technologies can be used to address the risks to copyright objects described in the previous section. Exhibit 1, drawn from Clarke & Dempsey (1999), provides a taxonomy. See also Stefik (1997).

Exhibit 1: Protection Technologies

  1. Passive Protections:
    1. object-protection while it is under the control of an originator, publisher or distributer (e.g. security features on the relevant servers and clients);
    2. object-protection while it is in transit (e.g. transmission only on private networks; and transmission in encrypted form);
    3. object-protection while it is under the control of a licensee or some other recipient (e.g. storage formats that use unpublished proprietary formats and that therefore can only be interpreted through the use of proprietary software; and encrypted storage, such that copies are not readable); and
    4. means of tracing rogue copies, in particular marking systems, including:
      • 'digital watermarks' (to uniquely identify the publication); and
      • 'digital fingerprints' (to uniquely identify the copy downloaded to the particular user).
  2. Active Protections:
    1. notification of the rights under the licence (in particular the rights that the owner asserts, the permissions that the owner has granted to the licensee, the actions that the licensee may take in relation to the copyright-object, actions that the licensee may not take in relation to the copyright-object without being in breach of the licence, steps that the licensee needs to take in order to exercise the licence, and steps that the licensee needs to take in order to extend the licence);
    2. identification of licensees, and authentication of identities, in order to preclude anonymous and perhaps even pseudonymous dealings (e.g. by insisting on digital signatures and high-quality digital certificates);
    3. enforcement mechanisms that operate on the client-workstation, including:
      • prevention, such as software features that preclude actions that would breach those permissions, e.g. unauthorised printing of a copyright-object where the licence only supports display;
      • recording of actions that exercise permissions under the licence (e.g. of copies made, within the permitted limit);
      • recording of breaches of the licence and/or of attempts to perform actions that would breach the licence (e.g. making additional copies, beyond the permitted limit); and
      • reporting to the copyright-owner of actions that breach user permissions, or of attempts to perform actions that would breach the licence; and
    4. destruction or disablement of the copyright-object, e.g. where the licence has expired, or violation has been attempted.

5. Risk Mitigation

This section provides a brief analysis of the extent to which the various protection technologies identified in the preceding section enable the risks to copyright objects to be addressed.

Of the passive approaches identified in Exhibit 1, several are well-known, including 1.1 (server and client security - W3C 1996, Garfinkel & Spafford 1996, 1997), 1.2 (channel encryption - Hickman 1995, Schneier 1995, Ylönen 1996) and 1.4 (watermarking and fingerprinting - Aucsmith 1998).

Item 1.3 (object encryption) is, on the other hand, more challenging and little-researched. Moreover, it underpins the active protections (2.1-2.4). Nees (1999) examined the limited research literature on the topic of encryption protections for digital objects. It also considered the commercial products that have become available during the last several years. Most of these are very limited implementations, and the protections that they afford are capable of fairly easy circumvention. A possible exception is Xerox's digital rights protection product; but its claims are very difficult to subject to analysis because the documentation is not accessible. It does not appear that any of these products have achieved any significant market penetration to date.

Nees (1999) then proposed an architecture which would provide more effective protection, and implemented prototypes that applied the architecture to ASCII text, to MP3 audio files, and to compound files containing collections of objects (such as an issue of a journal). This demonstrated that encryption can be used to protect the object against various risks while it is in storage on the site of an authorised recipient, and against the risks of being used by the authorised recipient in unauthorised ways.

There are some challenges to be overcome, and some residual risks. One significant challenge is the selection of a suitably secure encryption key, which is specific to the individual recipient. Yet more difficult is key management on the client side, i.e. devising a means of storage of the key on the client that precludes both subversion by the user and distribution to other parties.

Residual risks that cannot be directly addressed, or are very readily circumvented, include:


6. Conclusions and Implications

Since the early eighteenth century, copyright law has provided the primary regulatory context within which the publishing industry has operated. Digital storage media, the Internet in general, and the World Wide Web in particular, have challenged conventional practices, and the legal framework.

It may be that what the problems posed by technology may be able to be addressed, by creating and deploying more technology, or by adapting the technology that gave rise to the challenges in the first place. The analysis presented in this paper concludes that some of the risks may be addressed by technological means, including conventional security measures complemented by the application of object encryption. These protections are, however, challenging, and subject to countermeasures.

This area of research is significant. If protections cannot be successfully devised, implemented and deployed, longstanding business models in the publishing industry are under serious threat. And to the extent that technological protections are successful, risks arise to the interests of other parties in relation to access to copyright objects. These aspects are addressed in companion papers Clarke & Dempsey (1999), and Clarke (1999c).


References

Aucsmith D. (Ed. (1998) 'Information Hiding' Proc. Second Int'l Workshop, Lecture Notes in Computer Science Volume 1525, Springer-Verlag, 1998

Barlow J.P. (1994) 'The Economy of Ideas: A framework for patents and copyrights in the Digital Age', Wired 2.03 (March 1994), at http://www.wired.com/wired/archive/2.03/economy.ideas_pr.html

Clarke R. (1997) 'Electronic Publishing: A Specialised Form of Electronic Commerce', Proc. 10th Int'l Electronic Commerce Conf., Bled, Slovenia, June 1997, at http://www.rogerclarke.com/EC/Bled97.html

Clarke R. (1999a) 'Key Issues in Electronic Commerce and Electronic Publishing', Proc. Conf. Information Online and On Disc 99, Sydney, 19 - 21 January 1999, at http://www.rogerclarke.com/EC/Issues98.html

Clarke R. (1999b) "Information Wants to be Free", August 1999, at http://www.rogerclarke.com/II/IWtbF.html

Clarke R. (1999c) "Freedom of Information? The Internet as Harbinger of the New Dark Ages", Proc. Conf. Conference Freedom of Information and the Right to Know', Melbourne, August 1999, at http://www.rogerclarke.com/II/DarkAges.html

Clarke R. & Dempsey G. (1999) 'Electronic Trading in Copyright Objects and Its Implications for Universities' Proc. Australian EDUCAUSE'99 Conference, Sydney, 18-21 April 1999, at http://www.rogerclarke.com/EC/ETCU.html

Dempsey G. (1996) 'Copyright Guide', January 1996, at http://www.uq.edu.au/~uqgdemps/copyright.html

Dyson E. (1995) 'Intellectual Value' Wired 3.07 (July 1995), at http://www.wired.com/wired/archive/3.07/dyson_pr.html

Fox C. (1999) 'Britannica frees up its online content ', The Australian Financial Review, 20 October 1999, at http://www.afr.com.au/content/991020/inform/inform5.html

Garfinkel S. & Spafford G. (1996) 'Practical Unix and Internet Security' O'Reilly, 1996

Garfinkel S. & Spafford G. (1997) 'Web Security & Commerce' O'Reilly, 1997

Hickman K. E. B. (1995) 'The SSL Protocol', Netscape, December 1995, at http://home.netscape.com/eng/security/SSL_2.html

Kelly K. (1996) 'The Economics of Ideas', Wired 4.06 (June 1996), at http://www.wired.com/wired/archive/4.06/romer_pr.html

Melcher R.A. (1997) 'Dusting off the Britannica' Business Week, 20 Oct 97, at http://www.businessweek.com/1997/42/b3549124.htm

Nees S. (1999) 'Technological Means of Intellectual Property Protection' Unpublished Honours Thesis, Department of Computer Science, Australian National University, November 1999

Negroponte N. (1995) 'Being Digital' Hodder & Stoughton, 1995

Nelson T.H. (1997) 'Transcopyright: Dealing with the Dilemma of Digital Copyright', Educom Review, 32:1 (January/February 1997), 32-5, at http://www.sfc.keio.ac.jp/~ted/TedPicPermish.html

Samuelson P. (1996b) 'Authors' Rights in Cyberspace: Are New International Rules Needed?', First Monday, 1, 4, October 1996, at http://www.firstmonday.dk/issues/issue4/samuelson/

Schneier B. (1995) 'Applied Cryptography' Wiley, 2nd Ed., 1995

Stefik M. (1997) 'Shifting The Possible: How Trusted Systems And Digital Property Rights Challenge Us To Rethink Digital Publishing', Berkeley Technology Law Journal, 12, 1 (Spring 1997), at http://www.law.berkeley.edu/journals/btlj/articles/12-1/stefik.html

W3C (1996-) 'W3C Security Resources', at http://www.w3.org/Security/

Ylönen T. (1996-) 'Introduction to Cryptography', at http://www.cs.hut.fi/crypto/intro.html



xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.

Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 22 October 1999 - Last Amended: 9 July 2000 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/II/TPDCO.html
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2013   -    Privacy Policy