DRM and Privacy

By CIOinsight  |  Posted 10-11-2002

Web Extra: The Trouble with Digital Content Controls

Jeffrey Hunker, dean of the H. John Heinz III School of Public Policy and Management at Carnegie Mellon University, spoke recently to CIO Insight Copy Chief Debra D'Agostino about the future of digital content control technologies.

How significant will digital antipiracy controls be in the future?

I think DRM definitely is going to be a big part of our lives, and there are probably two reasons for that. DRM has to do, essentially, with how we define and how we protect the information that we want to share on a limited basis over a network, so it has enormous practical issues for that reason. It's not just the recording industry that cares about it.

Really, the question of rights management affects anyone who wants to share information but who also wants to be able to control the distribution of that information. I think that covers a lot of what any business, and a lot of individuals, frankly, would like to do.

The second reason why I think it's going to be very, very significant is because DRM in a lot of ways is very closely related to the protection of privacy and security. If you can control who has access to sets of information, it will obviously have important implications in terms of one's security. And if you flip it around, controlling access to information also is a way of defining the limits of your privacy. And so I see for both of those reasons this being a very, very important and very central issue.

Taking Sides on DRM

Taking Sides on DRM

What will some of the implications be, for both society and business?

Right now you've got sort of two poor extremes and a lot of people in the middle who are arguing about what rights management really should be. On the one hand, you have people—I think Hollywood probably exemplifies this best—who basically say they should be able to control the information. Or you have the owner of the intellectual property saying he or she ought to be able to control it and have the ability to prevent people from making copies for their own personal use. And if you want to make a copy or you want to have access, you are going to have to pay me.

On the other extreme, you've got people saying that information essentially ought to be free, and that you ought to have the capability to put it onto a network or a peer-to-peer system and share it freely. Those are polar opposite views, and we haven't yet come to any sort of reconciliation about what a really effective model is.

A lot of money is tied into questions like that. And we don't have a business model that works yet. I am not sure when this is all going to come out, but you've got billions of dollars hanging on essentially the development of whatever scheme we eventually work on. This is one of the top fundamental networking issues that we are going to have to address.

And further, this is not an issue that is just about technology. Often times when we talk about networks and electronic media we think in terms of what is the technology and how does technology fix the problem. This is an example where there are certainly technical issues and technical protocols involved, but it's also a social and a political issue as much as it is a technical issue. I emphasize that because I think problems like this are really more about IT and society than they are about technology, and shall become much more prominent.

DRM is at the cutting edge of this not just because there's a lot of money tied up in it and we haven't reached a resolution, but because I think it's maybe the first good example of a whole set of IT and society challenges that increasingly we are going to have to be dealing with as a country and as a society.

What I find fascinating about DRM is that there are very different social models being proposed of how information should be used or viewed, and we don't really have a very well established process for making choices between those different alternatives right now.

DRM and Privacy

DRM and Privacy

How does the issue of privacy play into this issue?

On the one hand, if you believe you can absolutely control the distribution of content, that is certainly one facet of strengthening my protections of my own personal privacy. If I have a medical file and there is a system of DRM such that I can, with high confidence, ensure it's only my physician who can access that information, that gives me a lot of confidence that my privacy is being protected. So in that sense, it's really good.

On the other hand, it can also make it more difficult to share information; it sort of goes against the idea of widespread information being good, it even goes against the notion in copyright law of fair use. And to that extent, it's bad.

My own sense is that, in some of the proposals that are floating around Congress right now to require either hardware or software installations into PCs and other devices in order to prevent copying, I think those go way, way too far. But that's my own personal perspective.

Furthermore, digital protection is not just an issue about protecting intellectual property or how you can share it. DRM also may have some really big implications in terms of how the PC market is going to develop in the future. If in the future any PC that you buy or any system that you buy has a big lock on it so that you don't have access to the system, I could see that slowing down the rate of innovation and the development of new software applications tremendously.

Why? Because if you can't get access to the software, it's going to be harder for people to actually play around with it to develop new applications. So I think it's important that we think about DRM as not just being an issue about the control of intellectual property, but also—if we have to install locks on pieces of software or hardware in order to protect information from being copied or being distributed—how valuable or how much utility people will get out of their PCs in the way in which we might see innovation in the future.

DRM and Innovation

DRM and Innovation

So how could these protective measures affect innovation and collaboration?

Think about a book or an article: I want to share it with somebody, and so under fair use I can make a copy of it and share it with somebody, and we can discuss the article and perhaps there is some sort of value that comes out of that collaboration. That takes place all the time.

Now imagine a world where every time I want to make a copy of something, I have to pay the author a dime. Or I have to get permission from the author. You can imagine that world in an electronic environment where there's very strong DRM. Theoretically that shouldn't slow down collaboration, because it just involves another step of getting permission or paying a fee or something like that, but the reality is that it is going to have an impact on collaboration. Less information will be shared, so a lot of the utility of having easy reproducibility gets lost.

We collaborate because it's easy to collaborate, because it's easy to share information. We can get on the phone, we can share e-mails, we can share information physically with a Xerox machine or electronically just by file attachments, and you know if you make it more difficult you're just going to cut down on the amount of collaboration, I don't care what anybody says. My suspicion is that there may be a big social and economic cost associated with that, but one that would be really hard to estimate because it would occur in such diffuse ways in so many different places.

Is there a happy medium? Is there a way to ensure collaboration and innovation while at the same time allowing for a secure environment?

I wish I knew. The stakes are actually very high here. You know, it gets to the heart of a lot of the source of innovation and creativity in our society. This can potentially be an enormous burden, far beyond the sort of direct dollar costs of, let's say, a film or recording or content.

Is there a way? I believe yes, but I have not seen it yet, and I say that because this is the sort of issue which here at Carnegie Mellon we are beginning to look into, not just sort of what is the technical fix, but are there other economic or negotiation protocols that can be developed which, in fact, would ensure that we could still have collaboration among people but not hurt innovation in the PC market and at the same time allow for appropriate protections of digital materials. That's a question that we're starting to do research on here. I haven't seen the answer emerge yet, but I believe that there probably is one. That's what makes this issue so exciting for people at universities.

Private citizens will be much more concerned about their own information?

Absolutely. It's not a perfect example, but look at the rise of identity theft. What is identity theft? It's the ability for someone to take information that you don't want him or her to have, and assemble a picture that represents you so that they have, in effect, stolen your identity.

Do you have a system of rights management so people couldn't do that? You know, that's an example that touches a lot of people because identity theft is a rising crime and one that is very serious.

How can we move in that direction without bearing too much to one extreme? What are some of the things we need to keep in mind?

I think it's important that as we think an issue like about DRM, we recognize, first of all, that it's not just a technical issue. Second? The stakes are very high because they involve issues like innovation and collaboration. What you're really talking about here is as much about social choices as technical ones.