1. The Future of DRM :
How would you like it “served” ?
Deceptive, Dystopian or Hopeful
Copyright & Technology 2010
Technology Track
New York
Jean-Henry Morin
University of Geneva – CUI
Dept. of Information Systems
Jean-Henry.Morin@unige.ch
http://jean-henry.com/
June 17, 2010
2. How did we get here…
… a dystopian scenario ?
http://www.flickr.com/search/?q=DRM
J.-H. Morin
3. Extremism
• Larry Lessig Speech at Italian
Parliament: Internet is Freedom
http://blip.tv/file/3332375/
VS 2 M iPads sold in 60 days !!!
3
J.-H. Morin
5. Legal Complexity vs Global
eServices led Economy
• Total Control and Anticipation :
• Unrealistic, impossible and undesirable
Rules & Policies
Content
100 kb
1 Mb
J.-H. Morin
6. Deceptive and Inapplicable Laws
French HADOPI Three-
Strikes invites itself to the
land of Shakespeare
UK Digital Economy Act (June 12, 2010)
Regulatory
Humility
French Three-Strikes Graduated Response HADOPI Law
• See also : Larry Lessig Speech at Italian Parliament:
Internet is Freedom
http://blip.tv/file/3332375/
6
J.-H. Morin
7. Doomed initiatives !
• Fundamental Rights:
• Internet access has been recognized as a fundamental
right, EU Parliament massively rejects three strikes
graduated responses (481 votes against 25)
• Technically inapplicable:
• Deep Packet Inspection and false positives
http://dmca.cs.washington.edu/
• Legally inapplicable:
• Territorial nature of such laws VS global media
• Germany rejects Three-Strikes approach (June, 2010)
• ACTA : removed Three-Strikes provision from
public draft
7
J.-H. Morin
8. Where did we go wrong?
• Where did User Experience go ?
• Where did Superdistribution go ?
• Where are the innovative Business Models, the
Real-time Marketers, etc. ?
• Did DRM curb those that it meant ?
• Wasn’t DRM supposed to be an enabler ?
J.-H. Morin
9. Can we finally make DRM
“FUN” (i.e., User Friendly ;-) ?
• Assuming :
• DRM is likely to stay and be needed (managed content)
• Absolute security is neither achievable nor desirable
• Given the right User Experience and Business Models
most users smoothly comply (e.g., iTunes)
• Most users aren’t criminals
• We needed to take a step back to :
• Critically re-think DRM
• Reconsider the debate outside the either/or extremes of
total vs. no security
• Re-design DRM from ground up
9
J.-H. Morin
10. Rethinking & Redesigning DRM
• Acknowledge the Central role of the User and User
Experience
• Reinstate Users in their roles & rights
• Presumption of innocence & the burden of proof
• Fundamental guiding principle to Rethink and Redesign
DRM : Feltens’ “Copyright Balance” principle (Felten,
2005)
“Since lawful use, including fair use, of copyrighted works is in the
public interest, a user wishing to make lawful use of
copyrighted material should not be prevented from doing so
by any DRM system.”
• Claim and Proposition :
• Put the trust back into the hands of the users
• Reverse the distrust assumption
• Requires a major paradigm shift & change of mindset
10
J.-H. Morin
12. Rethinking & Redesigning DRM
(cont.)
• Exception Management in DRM environments, mixing
water with fire ? Not necessarily !
• Reversing the distrust assumption puts the user “in
charge”, facing his responsibilities
• Allow users to make Exception Claims, granting them
Short Lived Licenses based on some form of logging and
monitoring
• Use Credentials as tokens for logging to detect and
monitor abuses
• Credential are Revocable in order to deal with abuse and
misuse situations
• Mutually acknowledged need for managed content while
allowing all actors a smooth usability experience
(Morin and Pawlak, 2007, 2008); (Morin 2008, 2009) 12
J.-H. Morin
13. Exception Management in DRM
Environments
• What is an Exception ?
• A claim made by a user wishing to rightfully access /
use content
• Based on « real world » credential patterns
• Delegation model based on chained authorities
• Credential authorities closer to the users
• Locally managed and held (credential store)
• Short lived or fixed life time
• Revocable
• Late binding (enforcement point)
• Model is auditable for abuse and includes
revocation capabilities
• Burden of proof on the party having a justifiable reason
to claim abuse (presumption of innocence)
• Monitoring in near real time of security policies 13
J.-H. Morin
14. Conclusion
• Can DRM “go green” before we all “go dark” ?
• If so, we might be able to address some
“Serious” societal issues while restoring User
Experience along the way !
• Moving forward : A Call For ACTION !
• Critically re-think and re-design DRM out of the box
• Involve equally all stakeholders
• Find new innovative Business Models
• Limit law to a “justifiable” level
• Remember technology is just the means
• What Information Society do we want to
live in ? 14
J.-H. Morin
15. Security is bypassed not
attacked
Inspired by Adi Shamir, Turing Award lecture, 2002
Thank you
Join the
Conversation…
Jean-Henry Morin
University of Geneva – CUI
Dept. of Information Systems
Jean-Henry.Morin@unige.ch
http://jean-henry.com/
15
J.-H. Morin