Search   |   Back Issues   |   Author Index   |   Title Index   |   Contents



D-Lib Magazine
February 2005

Volume 11 Number 2

ISSN 1082-9873

Concepts and a Design for Fair Use and Privacy in DRM


Pasi Tyrväinen
University of Jyväskylä, Finland

Red Line



Typical digital rights management (DRM) systems used for piracy protection in content distribution provide access to encrypted content only on the hardware identified in a digital license. This hardware locking restricts fair use, e.g., by preventing copying content for private use. Using hardware identity, media distributors can also link together all customer purchases, which can threaten customer privacy. The need to design DRM systems and electronic commerce business models that allow fair use is commonly agreed. But the intelligence and contextual factors that a judge uses in interpreting the legal limits of fair use in the US cannot be fully implemented in the licensing rules of DRM systems. However, approximating fair use by licensing would be well in line with the requirement of the EU copyright directive and would also serve customers in the US by reducing the need for costly human evaluation. We propose approaching this problem by a set of new design concepts bringing access to process context information to DRM license control systems. These concepts provide privacy by separating user and product identities and by enabling distribution history tracking. The fair use licensing proposed does not violate privacy although it maintains the advantages of hardware locking. It also enables new added value services for customers on back-up services and on re-sales of content products.

1. Introduction

Digital Rights Management (DRM) deals with controlling and managing digital rights over intellectual property [12, 21]. Recently, DRM has broadened its scope from content protection to description, identification, trading, protection, monitoring and tracking of rights for tangible or intangible assets in various electronic commerce systems. This emerging business-to-business use of DRM is less visible for customers, who are mostly concerned with the use of DRM for content protection in delivery of digital goods, such as music, movies, documents, games, and software. Protected content can be distributed through CD-ROMs, the Internet, or digital audio and video broadcasting. Protection is used to avoid uncontrolled and unauthorized access and copying of digital content.

The European Union Copyright Directive (EUCD) [7] aims at harmonizing heterogeneous national practices and addressing those that are lacking for intellectual property rights (IPR) management in digital environments. Both the EUCD and the legal framework in the US have set the balance between conflicting interests of copyright owners and users of content products in digital environments. In both cases the resulting legislation criminalizes infringements on copy protection or circumvention of DRM systems on digital content. However, exceptions that allow the right to use a copyrighted work without a license from the rights holder is included both in the EUDC and in the US code of law. Use of copyrighted content for purposes such as criticism, comment, news reporting, and teaching is not considered as infringement of copyright, but as fair use in the US law (Section 107, Chapter 1, Title 17). However, there are some concerns whether fair use can be achieved at all without the circumvention of DRM systems [5, 15]. Rather than treating fair use as a defence to copyright infringement, as in the US, the national law in most European countries provides a list of circumstances where the author is not allowed to enforce his or her rights. In most countries the following exceptions are recognized: private copy or other private use, parody, quotation, use of a work for scientific or teaching purposes, news reporting, library privileges, and the administration of justice and public policy needs [5].

This article is a step towards fair use by design. For the purposes of this article, we use the term fair use as a general concept denoting the legally protected right of people to use content based on exceptions and limitations of copyright laws in general, without adopting the specific definition or legal process of the US, some other country, or the EUCD. Fair use design refers here to designs and designing of systems to enable fair use of copyrighted work.

The main goal of this article is to present a model and a technical means to approximate fair use in DRM systems. The article is organized as follows. Section 2 overviews the contemporary DRM technology. Section 3 presents prior work on implementing fair use. Section 4 presents the fair use licensing design proposed, including the key concepts of license request templates carrying distribution history, the central license types and template types, the separation of clearinghouse roles, as well as scenarios for use. Section 5 discusses the potential benefits of this approach in the legal context of the EUCD and the US. Finally, the paper draws some conclusions and lists areas for further research.

2. DRM

DRM systems focusing on content protection are intended to enforce legal license practices by technical means. The content protected by a DRM system is typically encrypted and associated with a digital license. A digital license identifies the content product and the authorized user, and describes the rights the user has to the digital resource in a computer readable format using some digital rights expression (or description) language (DREL)—also sometimes referred to as REL or RDL—such as Open Digital Rights Language (ODRL) [20] Digital Property Rights Language (DPRL) [4] or extensible Rights Markup Language (XrML) [3] that describes the rights given for the user and the related constraints and conditions.

Figure 1 represents the process and the components of a typical DRM system used for content protection [13, 15]. The content provider represents a publisher, record label, or a movie studio holding the rights to content and interested in selling content products safely. The content distributor packages the content obtained from the content provider using encryption techniques and delivers the protected content with the associated metadata to the customer using the Internet, distributing it on CD-ROM, etc.

Chart showing components of a DRM system

Figure 1. The common components in a content protection oriented DRM system, adopted from [13, 15].

Users wishing to use the content pay a fee and request a digital license from a clearinghouse (e.g., content clearing center, copyright clearance center, CCC). The clearinghouse delivers to the consumer the digital license containing the decryption key enabling use of the content and credits the content provider and the distributor for the sales. In this model, the consumer is able to use the content to the extent the software interpreting the digital license permits.

The same DRM technology can be applied to a variety of business models by encoding the usage rules of the business model with the DREL to the digital licenses. In addition, the licenses require reliable means to identify the product, the user or equipment to which the license was granted, as well as the environment variables required by the business model, such as the current time used as a constraint for temporal licenses or the country used for geographically constrained licenses. The digital license also includes the key(s) needed for decrypting the encrypted content. In superdistribution [18] the content delivered to each user is typically encrypted with the same key. This enables broadcasting the content with satellite or with other high-bandwidth devices. The delivery of the digital licenses themselves requires only limited communication capacity [14].

The present means for ensuring secure delivery of content in DRM systems include the use of symmetric or public key encryption. Content can be encrypted with the public key of a specific user or equipment, thus preventing other users from consuming the content. Typically, individual users are recognized based on the identity of their hardware equipment, such as the processor ID. The identification data can also be stored to a specialized, unique DLL library holding the private key, as has been implemented in Windows Media Rights Manager. This hardware-locking approach prevents illegal copying of content to another device. However, it also thwarts commonly expected fair use by preventing use of the purchased content for personal purposes in another device or backing up purchased content. The use of a unique hardware identity also threatens customer privacy by enabling distributors to link to personal data that was given while the customer purchased separate content products using the same hardware identity [8, 24].

Furthermore, it is questionable if the level of protection provided by hardware locking is necessary. Byers et al. [1] observed that in the case of movie distribution, most (77%) of the unauthorized copying of content products via file sharing networks was made possible by industry insiders leaking the content to those networks. This implies that increasing the protection level of the copies delivered to paying customers can have only a minor positive impact on the revenues of distributors. Instead, introducing a freer use policy may improve usability and motivate potential customers to purchase products rather than illegally copying them. With software, vendors sometimes even use peer-to-peer networks to distribute unauthorized copies in order to promote new product versions in the software beta testing phase. A reasonable number of the users of the beta versions go on to purchase the official software product at a later date. This approach is in line with the marketing use of limited promotional, "lite" and demonstration versions of products delivered without charge.

3. Prior Work on Designing Fair Use

Most of the following literature on designing is based on the legal context of fair use in the US, where a judge determines only afterwards whether the use of copyrighted content should be considered fair use or not. The vagueness of the fair use test in the US makes it nearly impossible to create a DRM system that would enable all types of fair uses in advance [6, 9, 19, 23], at least without some level of human intervention. As we employ here only the general concept of fair use rather than the strict definition of fair use under US law, we are interested in technical approaches providing some level of fair use, even though any practical system would probably be simultaneously too permissive and too restrictive [2].

Fox and LaMaccia [10] suggest creating subsets of fair use types—safe harbours—that are allowed without the explicit permission of copyright holders. They find two open issues in this: how can machine-interpretable expressions be created that adequately model a set (or subset) of fair use rights; and how do we get the stakeholders to work together on defining boundaries of a subset of fair use that would be safe to implement? They suggest starting with finding out how to permit a single copy of a digital work (exclusively for personal use) and propose the use of a secure hardware component to ensure security and auditability of a "personal domain". Fox and LaMaccia conclude that authenticating the copying device and ensuring that only one copy can be made is clearly difficult but is not an insurmountable problem. When fair use is implemented with limited licenses as in this approach, the solutions need to be expandable and possibly complemented with human intervention, or they will be limited to the expected situations excluding unanticipated fair uses.

Messerges and Dabbish [17] propose a set of equipment to form a private domain called a "family domain" within which content can be shared freely. Technically the domain is formed by using the same private key in all the family equipment enabling any of these to open encrypted content purchased for the family use.

Erickson [6] suggests a DRM architecture for approximating fair use by introducing human intervention through a third-party license-granting authority to the technical DRM context. This rights escrow server containing a DRM license generator complements a license server (i.e., Clearinghouse in Figure 1 or Fair Use Manager in Figure 2). In case the user would like to use an unlicensed work based on fair use, the local DRM control software would send a fair use request to this escrow agent, which would then generate a (kind of waiver) license using decryption keys that the content owners would have to deposit to it. This could be done without requiring permission from the rightholders.

Sobel [22] proposes the adoption of a Digital Retailer Model, where Internet Service Providers (ISPs) would serve as Digital Retailers. They would monitor watermarks in content distributed to consumers and collect royalties for the first loading of any identified content downloaded based on the watermarks embedded in registered digital works. As only the first download would be charged, fair use treatment would take place for each user account. This approach could be enhanced to avoid problems with spamming, but it has no means to identify content transmitted from one user to another in an encrypted format.

Other approaches related to fair use and privacy in DRM systems include the Shibboleth architecture described by Martin et al. [16] as well as the use of a locker server providing a key management service for the customer [11]. Nevertheless, reducing need for human intervention in fair use management remains difficult. All the present approaches can be characterized as point solutions to personal copies or some other aspect of the problem. In the next section of this article, we present a model that provides design concepts for a closer approximation of fair use applicable for several use scenarios.

4. The Model

Design Concepts and Assumptions

The model presented here uses design concepts of license templates and distribution history to ensure fair use and to enable new business models. Privacy is ensured by separating the hardware identity and the identifiers of multiple roles of a content owner, and by splitting the clearinghouse role to the roles of an account manager and a product copy manager. The role of a fair use manager is added in line with the proposal of Erickson [6]. These key design concepts are introduced using three fair use scenarios, the fair private use scenario, the customer distributor scenario, and the educational use and libraries scenario.

Implementing fair use and privacy can be approached using signatures or watermarking [22], i.e., by relaxing the strict hardware-locking method currently used by DRM systems. However, we wish to demonstrate the use of the proposed concepts in the context of a DRM system to demonstrate that it is feasible to support fair use and privacy—to a large extent—even in this difficult case. For the sake of simplicity, the description assumes the use of superdistribution for content delivery, although it is not essential for the model. Multiple digital licenses are used for a single content product. Each of the licenses represents a separate Content Product with an associated license type and set of rights and constraints described with a DREL (for example, a preview license enabling 15 second viewing and a full private license, to name two). A DRM access control manager is assumed to enforce the rights on a content product based on the DREL descriptions of the licenses. The manager can be located in the customer hardware or, alternatively, a DRM access control manager can be accessed across a communication network. We use the EUDC assumption that fair use should be enabled only when content has been legally purchased.

The first design concept related to fair use is a license template (an offer) defining the product, i.e., the content and the terms of use. The customer uses the template to create a license request (an order) identifying the product (ProductID) and by default, the hardware equipment (HWID). The clearinghouse receiving the license request will return a digital license enabling use of the product. The license types have different rights over the content product described with the DREL.

Fair Personal Use Scenario

The scenario for fair personal use is as follows. A Personal license provides a customer with the basic rights to the content and is locked to a specific piece of equipment. In order to gain a Personal license, a customer has to pay a fee, fill in a template and submit a Personal license request to a clearinghouse. The customer will receive a Personal license enabling the use of the product and a Personal copy (back-up) template. When the customer fills it in using another device and delivers it to the clearinghouse (Product Copy Manager), the customer will receive another license for personal use of the content, locked to the second device. The contractual commitment at the customer side is that the customer will restrict the content to his or her own personal use. The clearinghouse needs to check that the properly authenticated user (Product Copy Owner) has the rights to the content from the existing Personal license, and the clearinghouse is also able to control the number of personal copies per person. Depending on national regulations on fair use, typically only a small number of personal copies should be made available free of charge for the customer.

Table 1 represents a descriptive list of license types and associated license request templates. The table and the following description should be considered as declarative rather than normative examples of license types most likely to be valuable when designing for fair use DRM based on national regulations.

License Request Template Features Digital License Features Included Request Templates
No user nor hardware authentication
Demonstration license. Free; no hardware locking; limitations on, e.g., duration or quality; advertising, etc. Personal license template; Distributor license template.
Volunteer authentication needed by some further licenses. Personal license. Hardware locked. Personal copy template; Distributor license template; Educational license template; Library license template.
Requires authentication of Personal license owner and the requester. Personal copy. Hardware (user) locked; free or nominal price. Personal copy (back-up) template.
Requires personal authentication for crediting sales. Distributor license. More expensive; credited for sales. Personal license template; Distributor license template.
Requires authentication of Educational license owner and specific means to authenticate students/hardware. Educational license. Variation; contractual means to share responsibility of student misuse of content. Student license template.
Requires personal/group authentication of students (variation) Student license. Variation from hardware locking and signatures to use of special demonstration licenses. Personal license template; Distributor license template.
Requires authentication of Library license owner and specific means to authenticate customers. Library license. Measure to implement digital lending assumed. Personal license template; Distributor license template.

Table 1. Types of digital licenses (column 2), their features (column 3), features of license request templates for each digital license type (column 1), and license request templates included with each of the license types (column 4).

The newly identified clearinghouse functionality for the provision of hardware locked digital licenses to already purchased product is here referred to as the Product Copy Manager (PCM) role of a clearinghouse. This role takes care of the number and duration of digital licenses associated with a single purchased product based on DREL product descriptions and on the identity of product ownership. No information about the owner is necessary, whereas awareness of the location of the product copies is needed. The corresponding concept in the physical world is the product item itself, such as a specific hardcover book.

Figure 2 describes the roles, customer identities, and major information flows related to the process of acquiring a Personal copy license from the viewpoint of identities and privacy. A customer can have multiple credit cards (payID) with associated authentication means required by each bank (Transaction manager). The customer may also have accounts in multiple book stores (Account Managers) with associated account identities (AccID) and authentication means. When paying for the monthly purchases of an account, the customer may use any of the credit cards, but no authentication data nor account identity will be required to be transmitted to the bookstore. Neither does the bookstore have to know the bookshelf (the hardware identity of the permitted location).

In case of a digital content product, it is sufficient that a single product copy manager (PCM) is aware of the physical locations (HWIDs) of the purchased products. However, the other PCMs and the stores do not have to possess this information. The PCM manager needs to be able to have an identity of the product copy ownership (PCOID) in order to manage the number of physical copies for each purchased product copy. From the privacy perspective, this identity should be separated from the hardware identity and the account identity of the purchaser. Even in this case, the co-operation of an account manager and (a set of) PCMs would enable the creation of a linkage from the account identities of the customer to the hardware identities. Also, the use of PCOIDs can be avoided through appropriate protocols in between the account manager and PCM.

Flow chart showing how a personal back-up license

Figure 2. A scenario of acquiring a Personal (back-up) license to a second hardware equipment.

When a customer orders a product using a Personal License Request (see Figure 2), privacy can be maximised because no hardware identities are delivered. In this case, the account manager returns a Personal copy template (PCT) and associated certificates. The customer will send the PCT with the hardware identity to a chosen PCM that will verify the data from the account manager and return the hardware locked digital license (PCL, Personal copy license) enabling the use of the content product. The PCM functionality can be linked with the use of remote DRM access control managers although the PCM may be used only once per hardware equipment while the remote DRM access control is invoked each time the user wishes to access the content.

Table 2 represents the various identities used. Note, that User ID for credit and hardware ID were already separated in the superdistribution design of Mori and Kawahara [18], while they did not separate the product owner ID from these two.

Abbreviation Description Examples Examples of authentication
PayID Payment identity Credit card number Number, name, expiration date
AccID Account identity Account number Username, password
PCOID Product copy owner identity Vendor-specific ID Username, password
HWID Hardware identity Processor ID, Private PKI key Hardware part
ProductID Identity of content + rights
PCMID Product copy manager

Table 2. Identities and identifiers used in figures.

The customer may be willing to give up some privacy and enable the account manager and PCM to link their data for a number of reasons. First, it may be simpler to order the hardware locked license directly from the account manager acting also as a PCM. Next, in case a customer has lost all the licenses and templates, the customer would be able to request a new Personal copy template from the account manager based on the authentication information provided to the account. But in order to avoid misuse of multiple PCMs for a high number of users of a single purchased product, additional constraints are needed. Either the templates have to be fixed to a specific PCM in the first place, or, alternatively, the templates should be bound to a user account identity and only the use of a set of hardware locked licenses with limited duration should be enabled, thus enabling the user to get new licenses once all previous licenses have timed out. However, a back-up option would clearly provide added value to the customer when compared to non-digital products—additional copies of books are not provided for lost or stolen hard copies. Thus the customer would probably be willing to give up some privacy and would also be willing to pay something for it instead of organizing personal back-up hardware.

Customer Distributor Scenario

The next example is related to customer ability to take the role of a distributor. But prior to that, we introduce the next key concept. In case of a Personal (back-up) copy template, the product copy owner information (AccID and/or password) can be included in the distribution history carried with the templates to identify the possessor of the Personal license, authorizing the user to receive a Personal copy license. The history data carried in an encrypted format in Personal copy licenses can be used to verify the authority of the user to use the content product. When another user submits a license request using a Personal copy template, the history data copied from the template to the request can be compared with the data filled in by the requestor. This reduces the chances of misuse of the free licenses provided for personal purposes.

History data included in the templates is not only for IPR protection purposes. It provides options for implementing business models that can attract customers and increase success in the market place. Figure 3 represents a customer distributor scenario demonstrating this approach. Customer A purchases a Personal license and also receives Demonstration licenses and License request templates. Licenses and templates contain the delivery chain history or A's identity (AccID or PCOID) enabling access to history stored by the clearinghouse(s). When A delivers the content and the license templates to B, B is able to use the content with the demonstration license providing limited access to the content without hardware locking. When B purchases the content with a license request containing A's identification, the Account Manager function of the clearinghouse is able to reward A's account for the sale.

Flow chart shoiwng a customer distributor process

Figure 3. Customer distributor scenario.

Some further observations should be made from this distributor scenario. First, it is likely, that successful business models using this scenario will credit both A and the Distributor selling the license for A for the sales to B. In case B has purchased a Distributor license and sold the product to C, both B and A, as well as the Distributor will be credited for the sales. This information is made available for the clearinghouse in real time and enables fast analysis of delivery chain patterns and impacts of marketing efforts among others.

In this kind of marketing model the customers willing to become resellers are happy to provide some more personal data required by the position as well as to pay considerable fees to gain the position. When this model is applied across peer-to-peer networks, there exists a variation in options on the rights granted by the demonstration licenses to make them tempting to customers willing to purchase legal content they wish to use.

Educational Use and Libraries

Educational licenses can be requested by filling in sufficient information using an Educational license template. This includes sufficient identification of the institution as well as means to identify the student licenses. A submission of an educational license request will return either limited student licenses or Student license template(s) to be used for student specific requests of licenses. In both cases these will include the identity of the educational organization in their distribution history. In case some of the students request a full Personal license, the educational institution can even be credited for this sale.

The case of library licenses can be implemented by providing libraries with Library customer templates to request Library customer licenses valid for a fixed period of time. Prior to giving out a new copy of a Library customer template, the library can check the PCM to see whether the number of customer licenses in use is fewer than the maximum allowed. The content would not be lent out until the previous loan transactions were completed, making further licenses available.

5. Manual Intervention and Various Legal Contexts

The overall design presented in Figure 2 includes a Fair Use Manager that can bring manual intervention to cases that require special care or that cannot be handled by automated systems. Prior to elaborating these, we need to look at the main differences in legal contexts in the US and the EUCD, which will have major impact on the roles of automated and manual operations in the overall design.

According to the EUCD [Article 6, Paragraph 4 in 7] "in the absence of voluntary measures taken by rightholders" the Member States should "ensure that rightholders make available to the beneficiary of an exception or limitation provided for in national law ... that the beneficiary has legal access to the protected work or subject-matter concerned." This means that users should not need to break the digital lock-up for content protected by DRM to gain access to content based on fair use exceptions, as in the US. Rather, the rightholders should provide fair use by design [5] enabling use of the content. This can be embedded in the technical design of the DRM system or in the contractual design of the business model. This bold intent of EUDC has been undermined by the rightholders' ability to overcome the obligations by contractual means or by providing mainly high-priced, on-demand services [5], which can even be fully automated.

On this basis, DRM systems implementing fair use are well in line with the EUCD requiring "voluntary measures taken by rightholders", as long as the exceptions of each national law in question are properly addressed. However, in the US the legally permitted types of fair use cannot be transformed into technical systems operating without human intervention [6, 9, 19]. Literally, the term "fair use design" is, as such, a contradiction in the context of the US law, where the judges determine only afterwards if an unauthorised use of copyrighted work was fair use or not, and any licensing in advance will remove any fair use considerations afterwards.

Further, the judges' determination of fair use in the US should include the following four broad factors on a case-by-case basis:

  • the nature of the use (e.g., commercial or non-profit),
  • the nature of the original work,
  • the portion of the original work used, and
  • the effect of the use on the market value of the work.

In practice, the US Supreme Court decisions will form the guidelines that evolve over the years, making it hard to implement fair use by technical means. In several European countries the legal tradition determines that the laws themselves contain more explicit criteria and, therefore, can be implemented with technical means to a much larger extent. There may be some legal cases clarifying the limits of the law, but the percentage of cases requiring human judgement tends to be smaller when compared to US practice.

Note that according to Paragraph 4 in [7], fair use of content should be made available only to beneficiaries of the exceptions who have legal access to the protected work, i.e., for those who purchase the product rather than granting free access to all users to enjoy fair use, as in the US. The EUDC also requires "fair compensation" to be paid to the copyright owners in some cases of fair use.

From the technical viewpoint, the product copy manager functionality can be automated to a large extent for granting licenses in routine cases of private copies, educational licenses and for other fair use purposes. This can be controlled using DREL descriptions detailing the allowed number of hardware copies, duration and other aspects related to the digital licenses of the content products. The key enabler for this is the awareness of the process context in which digital licenses are granted. It enables making good approximations for fair use in several situations, without sacrificing privacy.

The cases where process context does not provide sufficient data for automated decision-making need to be handled manually. When a PCM denies a license requested, it should also provide the reasons for the denial. For this, there are multiple strategies from which to select. First, the PCM can provide a template to submit the request anew to manual processing by a Fair Use Manager (see Figure 2 and compare with [6]). In contrast to the automated free PCM service, this may incur a cost to the customer or may be funded by some governmental parties or through some funds collected by payment fees or the like. Or in cases where the request was considered to be fair use, the manual process would be funded by the account manager or party setting the rules for the product, in other cases by the customer. Yet another approach presented in the relevant literature, which is following roughly the US legal practice is as follows: when a PCM denies a license requested on fair use basis, it delivers a "Denied fair use license" enabling use of the content technically, but making the customer aware about the fact that the customer was not granted a permission to do it. If the customer uses the content with the Denial license, the rights holders can prosecute the customer or may accept it as fair use. This alternative avoids costly manual operations and corresponds to the practice of non-digital world, but enables both parties to be aware of the situation and forces them to reconsider their position statements prior to getting to court. In these cases especially, the distribution history of the licenses is valuable in providing information about the conditions under which fair use rights are claimed.

6. Summary, Conclusions, and Further Research

The model presented here provides a flexible framework to implement various aspects and special cases of fair use using DRM systems. The key concepts used were templates carrying distribution history, the separation of product owner identity from hardware identity and account identity, and the separation of product copy management function managing the relation of product owner identity and hardware identities. By these means, an automated product copy manager is able to gain additional information about the process context enabling a higher portion of the fair use cases to be handled without human intervention. The examples presented included managing personal copies and back-up copies with the full security of hardware locking. The use of educational license templates and library templates provides means to achieve additional knowledge about the circumstances related to educational and library use in structured format for the PCM.

The model also provides a base-line for two business models. Users can employ a backup service provided by the vendor, especially when combined with the superdistribution model. The second added value option for customers lies in the possibility of serving as distributors of content products in peer-to-peer networks.

Although the presented model provides means to gain knowledge about process context to the automated process, a court judgement will still be needed for cases considering market impact of fair use and similar aspects addressed by US legal practice. Instead, the presented solution seems to satisfy well the EUCD requirements, while national regulations need further analysis.

Regardless of the legal context, human intervention is always costly. The value of automating the bulk of fair use decisions would reduce the cost of rights transactions. This, in turn, would enable governments and other organizations to implement systems providing access to content to the people on fair use basis. Without such systems expensive fair use transactions increase the digital divide. Some people simply cannot take the risk that they may have to pay legal sanctions on something that they expected to be fair use. From the rightholders perspective, increased use of content will eventually have a positive impact on their revenue. Although the mechanism presented here is not fair use in terms of US law, we expect the same design concepts to be applicable, to some extent, in the US context as well.

In the EU, further analysis on national regulation is needed both on feasibility analyses of the national processes and on elaborating license types and templates for all fair use cases. This should be supported with a quantitative analysis of daily fair use to gain understanding of the feasibility of the economic alternatives to support the infrastructure proposed by the model. A special emphasis should be put on the conditions set to free licenses—they will be the ones dominating the volumes. With respect to the new business models, the tax laws may also require identifying persons who gain provisions on content sales, providing another constraint for privacy.

The ease of use of product descriptions and license conditions is essential for the success of extensive licensing practices. Thus further research is needed for tools to create dual language templates, where the consistency of product descriptions in natural language and the corresponding formal rights description language representations can be guaranteed. Further elaboration is needed on the technical choices of hardware locking vs. the use of signatures, the use of superdistribution vs. personal encryption, the use of local vs. remote DRM control units, as well as on the use of ticketing methods for crediting customers for sales.


1. Byers, S.; McDaniel, P.; and Cronin, E. Analysis of Security Vulnerabilities in the Movie Production and Distribution Process, In, Yung, M., (ed.) Third ACM Workshop on Digital Rights Management, Washington DC USA: ACM Press, 2003, pp. 1-12.

2. Cohen, J.E. DRM and Privacy. Communications of the ACM, 46(4). (April 2003), pp. 47-49.

3. ContentGuard. Extensible Rights Markup Language (XRML) 2.0 Specification, <>. Accessed on 26.8. 2004.

4. DPRL. Digital Property Rights Language, <>. Accessed on 26.8. 2004

5. Dusollier, S. Fair Use by Design in the European Copyright Directive of 2001: An Empty Promise. "Fair Use by Design?" Workshop at the 12th Conference on Computers Freedom & Piracy, San Francisco, CA, USA, 2002, 12 p.

6. Erickson, J.S. Fair Use. DRM, and Trusted Computing. Communications of the ACM, 46(4). (April 2003), pp. 34-39.

7. EU2001/29/EC. Directive 2001/29/Ec of the European Parliament and of the Counsil of 22 May 2001 on the Harmonisation of Certain Aspects of Copyright and Related Rights in the Information Society. Official Journal, L(167). (22/06/2001), pp. 0010-0019.

8. Feigenbaum, J., et al. Privacy Engineering for Digital Rights Management Systems. Proceedings of the 2001 ACM Workshop on Security and Privacy in Digital Rights Management., 2001, 30 p.

9. Felten, E.W. A Skeptical View of DRM and Fair Use. Communications of the ACM, 46(4). (April 2003), pp. 57-59.

10. Fox, B.L. and LaMacchia, B.A. Encouraging Recognition of Fair Uses in DRM Systems. Communications of the ACM, 46(4). (April 2003),pp. 61-63.

11. Garnet, N. and Sander, T. What DRM Can and Cannot Do... And What It Is or Isn't Doing Today. 12th Conference on Computers, Freedom & Piracy, San Francisco, 2002, 6 p.

12. Iannella, R. Digital Rights Management (DRM) Architectures. D-Lib Magazine, 7(6). Available at <doi:10.1045/june2001-iannella>.

13. IMPRIMATUR. Synthesis of the Imprimatur Business Model. <>. Accessed on 28.9. 2004.

14. Kaplan, M.A. IBM Cryptolopes™, Superdistribution and Digital Rights Management, <>. Accessed on April 8. 2004.

15. Liu, Q.; Safavi-Naini, R.; and Sheppard, N.P. Digital Rights Management for Content Distribution, In, Johnson, C., Montague, P., and Steketee, C., (eds.). Australasian Information Security Workshop 2003, Adelaine, Australia: Australian Computer Society Inc., 2003, pp. 49-58.

16. Martin, M., et al. Federated Digital Rights Management. D-Lib Magazine, 8(7). (July/August 2002), 9(7/8). Available at <doi:10.1045/july2002-martin>.

17. Messerges, T.S. and Dabbish, E.A. Digital Rights Management in a 3g Mobile Phone and Beyond. Proceedings of the 2003 ACM Workshop On Digital Rights Management, 2003, pp. 27-38.

18. Mori, R. and Kawahara, M. Superdistribution - the Concept and the Architecture. The Transactions of the IEICE, 73(7). (July 1990).

19. Mulligan, D. and Burstein, A. Implementing Copyright Limitations in Rights Expression Languages. 2002 ACM Workshop on Digital Rights Management, Wyhdham, Washington DC, USA: ACM, 2002, 15 p.

20. ODRL. Open Digital Rights Language, <>. Accessed on 26.8. 2004.

21. Rosenblatt, B.; Trippe, B.; and Mooney, S. Digital Rights Management: Business and Technology. New York: M&T Books. 2002.

22. Sobel, L.S. DRM as an Enabler of Business Models: ISPs as Digital Retailers. Berkeley Technology Law Journal, 18(2). (Spring 2003), pp. 667-695.

23. von Lohmann, F. Fair Use and Digital Rights Management: Preliminary Thoughts on the (Irreconcilable?) Tension between Them. Computers, Freedom & Privacy 2002. (April 12 2002), 9 p.

24. Vora, P., et al. Privacy and Digital Rights Management. W3C Workshop on Digital Rights Management, 2001, 4 p.

Copyright © 2005 Pasi Tyrväinen

Top | Contents
Search | Author Index | Title Index | Back Issues
Previous Article | Next article
Home | E-mail the Editor


D-Lib Magazine Access Terms and Conditions