OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

rights-requirements message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [rights-requirements] FW: EFF OASIS submission


Title: FW: EFF OASIS submission

Hello All:
I received this for a new prospective member, Cory Doctorow.
Regards,
Hari


-----Original Message-----
From: Cory Doctorow [mailto:cory@eff.org]
Sent: Wednesday, August 14, 2002 5:33 PM
To: hari.Reddy@CONTENTGUARD.COM
Subject: EFF OASIS submission


Enshrining Fair Use in DRM:

Submission to the OASIS Rights Technical Committee

Cory Doctorow

cory@eff.org

8/14/02

Version 1.5

Abstract

A copyright-complete DRM scheme must uphold the public's rights in
copyright as well as those of rights-holders. Since fair use relies on
the combination of unauthorized uses and the courts to evolve, a
copyright-complete DRM scheme must permit unauthorized uses. To date,
one proposed use-case has accommodated unauthorized uses consistent with
fair use. If this standard is to "address the needs of the diverse
communities that have recognized the need for a rights language," then
the OASIS Rights TC should ensure that the standard can accommodate this
use-case.

1.0 Background

1.1 The Electronic Frontier Foundation

The Electronic Frontier Foundation (EFF) is a nonprofit organization
with over 7,000 dues-paying members and over 30,000 supporters on its
mailing list, that works to uphold civil liberties interests in
technology law, policy and standards.

Further reading: EFF site
        <http://www.eff.org>

1.2 The bargain

The US Constitutional basis for copyright:

        "To promote the Progress of Science and the useful Arts, by
        securing for limited Times to Authors and Inventors the exclusive
        Right to their respective Writings and Discoveries."

establishes the American conception of copyright as a bargain between
the public good, as served through the promotion of the Science and the
useful Arts (i.e., through the ability of the general public to make
fair uses of copyrighted works, and of the ability of the public to
unlimited uses of work in the public domain) and the provision of an
incentive to authors and other rights-holders so that they will create
more original works from which fair uses may be made and which will some
day enter the commons of public domain works from which any use may be
made.

The rights-holder's monopoly is the carrot we dangle before him so that
he will create new works, but the public domain and the realm of fair
uses are the firmament on which he treads. Without this commons, no
original works can be undertaken, since all works are derived from the
works that came before them.

Thus we see that any technical system that is established to promote
copyright must likewise preserve the public domain and uphold fair use.

Further reading: Lessig et al. brief in Eldred v. Ashcroft

        <http://eon.law.harvard.edu/openlaw/eldredvashcroft/supct/opening-
brief.pdf>

1.3 Fair use

Fair use is a complex legal construct, one that is often misunderstood.
Upon hearing that there are a bundle of uses that are reserved from an
author's monopoly, many engineers ask that these rights be enumerated so
that they can be enshrined into a set of business-rules and left
switched on by default.

This point of view, while seemingly technically reasonable, represents a
serious misunderstanding of the role of fair use in an innovative and
creative society. Copyright interests, such as the RIAA and MPAA
recording and film lobbies often answer questions about fair use by
saying that fair use is a defense against a claim of infringement, not a
set of rights in copyright.

This is technically true, but it is true in the same way that the First
Amendment is a defense against claims of illegal speech -- to
characterize fair use as a defense does not diminish its importance in
copyright.

The default position in copyright is that an end-user of a copyrighted
work can make any use that she can conceive of with the tools at hand.
For example, the owner of a VCR may record entire copyrighted television
programs for later viewing or archiving. If this use comes to the
attention of a rights-holder, as it did in the Betamax case in the early
1980s, the rights-holder can take his customer to court, and ask a judge
to determine whether a given use is fair or not.

In the Betamax hearings, the Supreme Court ruled that time-shifting --
making copies of entire copyrighted works -- was a fair use. In this
way, the rights of the public in copyright were incrementally expanded.

This typifies the means by which the fair use doctrine evolves: some
new, unauthorized use is made by an end-user, and a court (or Congress)
is asked to determine whether that use is fair, and the doctrine expands.

Further reading: von Lohmann white-paper on DRM

        <http://www.cfp2002.org/fairuse/lohmann.pdf>

1.3 The DMCA and fair use

The 1998 Digital Millennium Copyright Act (DMCA) makes it illegal to
circumvent copy-prevention technology, such as DRM schemes, even if the
circumvention is in the service of making a use previously established
by the courts as non-infringing. For example, it is illegal to disable
the copy-prevention measures in a pre-recorded DVD regionalized for
Europe in order to watch it in the USA, even though there is no
copyright law that criminalizes the act of watching a European DVD in
the US.

In a DMCA-enabled universe, it is critical that the fair use doctrine
not be undermined.

DRM business rules, in combination with a copy-prevention technology,
limit end-users to those uses that are explicitly authorized by
rights-holders and their agents. Thus, DRM and the DMCA may rob
end-users of the opportunity to make any unauthorized uses, including
both well-established and innovative fair uses.

If a DRM scheme is to uphold the copyright bargain between the public
good and the need to provide an incentive to authors, it must permit
scenarios in which the fair use doctrine continues to evolve; that is to
say, Constitutionally valid, copyright-complete DRM schemes must provide
the end-user with the capability of making unauthorized uses, even
explicitly forbidden uses. It is not consistent with copyright law to
afford authors the absolute authority to govern those uses which their
customers may make; DRM must not grant authors the ability to displace
the courts and Congress as the final arbiters of lawful use.

==

2.0 The proposal

2.1 Fair Use Infrastructure for Copyright Management Systems

At the 12th Annual conference on Computers, Freedom and Privacy, Dan L.
Burk, Professor of Law and Vance K. Opperman Research Scholar,
University of Minnesota and Julie E. Cohen, Associate Professor of Law,
Georgetown University Law Center, two respected legal scholars, jointly
delivered a paper entitled "Fair Use Infrastructure for Copyright
Management Systems."

This paper is noteworthy in that it contains what appears to us to be
the sole proposal to date which allows DRM to protect existing fair uses
and other public rights, and to accommodate the continued evolution of
the fair use doctrine. The authors begin by dismissing the idea of an
algorithmic approach to embedding fair use in business-rules:

        ...[A]n algorithm-based approach to fair use is unlikely to
        accommodate even the shadow of fair use as formulated in current
        copyright law. We are not optimistic that system designers will
        be able to anticipate the range of access privileges that may be
        appropriate in order for fair uses to be made of a particular
        work. Neither are we optimistic that system designers will be
        able to anticipate the types of uses that would be considered
        fair by a court. Fair use is irreducibly a situation-specific
        determination. In some instances, a user may fairly take a work
        in its entirety -- say, for example, where the work is entitled to
        only thin protection, the use is for a protected use such as
        scholarship or criticism, and/or the use is expected to have no
        appreciable impact on the market for the work. In other
        situations, where three or four of the factors weigh heavily
        against a particular use, taking much less might exceed fair
        use. Building the range of possible outcomes into computer code
        would require both a bewildering degree of complexity and an
        impossible level of prescience. There is currently no good
        algorithm that is capable of producing such an analysis, meaning
        that (at least for now) there is no feasible way to build rights
        management code that approximates the results of judicial
        determinations.

Profs. Burk and Cohen instead hold that:

        [a]t present, only human intelligence, reviewing the unique
        circumstances of a particular use, can determine whether it is
        likely to be fair.

2.2 The Burk-Cohen Approach.

The authors reconcile the seemingly impossible conundrum of preserving
unauthorized uses with the desire of rights-holders to control end-users
of their material with a problematic solution: key-escrow.

The authors suggest key-escrow as a method for preserving unauthorized
uses with the desire of rights-holders to control end-users of their
material. EFF does not necessarily advocate Profs. Burk and Cohen's
proposal, but as the only technological proposal that attempts to
preserve the possiblity of continued flexible, case-by-case
determinations that have been the hallmark of the fair use doctrine, its
translation into practice is worthy of inclusion in this group's set of
supported use-cases. It is important to note that the charter of the
OASIS Rights TC establishes as its purpose to:

        Define the industry standard for a rights language that supports
        a wide variety of business models and has an architecture that
        provides the flexibility to address the needs of the diverse
        communities that have recognized the need for a rights language.

Respected copyright scholars, such as Burk and Cohen, clearly belong to
one of "the diverse communities that have recognized the need for a
rights language." What's more, they have put forward the sole proposal
to date by which the doctrine of fair use can be allowed to evolve, and
they did so at the world's foremost conference on digital civil
liberties, to an audience of internationally renowned legal scholars,
activists, cryptographers and technologists.

2.3 The use-case

The use-case is as follows:

        As in the case of electronic commerce, a new technical, legal,
        and institutional infrastructure might facilitate the development
        of trusted third parties to mediate fair use access to
        technologically protected works. The system we propose hinges
        upon the concept of key escrow, that is, management of rights
        management keys by a trusted third party, rather than by the
        owner of a work. Keys to technologically-protected works would be
        held by the trusted third party, who would release them to users
        applying for access to make fair use.
       
        Although, as we have noted, any preauthorization requirement
        impinges upon spontaneous uses, the trusted third party's
        approval procedure could be designed to minimize this impact. In
        order to avoid difficult ex ante judgments about particular uses,
        and to approximate as nearly as possible the cost and incentive
        structure of traditional fair uses, the third party would not be
        required, and would not attempt, to make a determination about
        the bona fides of the access application. Rather, the third party
        would simply issue keys to applicants via a simple online
        procedure.
       
        Solving the anonymity problem is far more difficult. The concept
        of key escrow has been vilified in the past, and we believe with
        good reason, when it constituted the core of a governmental plan
        that would have systematically undermined the integrity of
        private communications. But a different sort of privacy
        interest is at stake here, where the issue is public access to
        publicly distributed works of authorship, rather than
        governmental access to private communications. In this instance,
        the concept of third-party escrow works in the public interest
        and could be made to work in favor of preserving privacy, rather
        than against both goals.
       
        A trusted third-party system could be designed for true
        anonymity. Under such a system, the escrow agent would release
        keys to applicants without retaining or even generating
        identifying records.
       
        Such a system would replicate the anonymity that fair users enjoy
        in traditional media. In some cases, it might even provide
        stronger anonymity -- as, for example, where access via escrowed
        keys might substitute for checking a work out of the library. For
        exactly this reason, though, we suspect that this sort of
        arrangement is likely to be politically unacceptable.
       
        A second-best alternative would require that the agent keep
        records of the applications and keys issued, but would subject
        the records to stringent privacy protections similar to those
        that now protect many library patron records. We think it likely
        that the copyright industries would demand the ability to match
        keys with identities so that the subsequent appearance of pirated
        materials could be linked to the applicants for access.
        However, we would recommend that identifying information be
        released only pursuant to a court order, and only on a showing of
        actual piracy, as distinct from garden-variety infringement or
        arguable fair use. This places some evidentiary burden on the
        copyright holder, but we note that this mechanism nonetheless
        would give rights owners a substantial advantage that they do not
        enjoy for works distributed in traditional media. In addition,
        regulations governing the privacy practices of trusted third
        parties should prohibit sale or other transfer of key access
        information, and should require that access and usage records be
        destroyed after some period of time. We are cautiously optimistic
        that rigorous privacy protections could prevent the use of key
        access information to intimidate critics, parodists, and the
        like. Nonetheless, we label this arrangement "second-best"
        because even the most stringent system of privacy protections for
        fair users is likely to chill some lawful uses.
       
        ...
       
        The first layer of our proposed fair use infrastructure would
        involve the design of rights management technologies that
        incorporate automatic fair use defaults based on customary norms
        of personal noncommercial use. The legal rule for facilitating
        this part of the proposal would operate in a fashion similar to
        current provisions of the Copyright Act designed to encourage
        copyright registration and deposit, by conditioning copyright
        enforcement on implementation of the automatic fair use
        defaults. To guard against a "race to the bottom" in fair use
        law, the law would clearly state that the level of copying
        permitted by the automatic defaults does not define the full
        extent of permitted fair use.
       
        Those who desire greater fair use access, meanwhile, would turn
        to a trusted third party intermediary. Under the system, deposit
        of access keys into key escrow would be facilitated by
        conditioning anti-circumvention protection on such deposit. Users
        who failed to obtain access via the escrow agent would be subject
        to suit for circumventing technical measures; those users,
        however, still might escape liability by successful invocation of
        a constitutional defense to circumvention liability. Rights
        holders that opt not to deposit keys with the escrow agent would
        be unable to invoke legal protection against circumvention; for
        such unescrowed works, a "right to hack" would effectively
        substitute for access via the escrowed keys. As noted in Part II,
        the DMCA's ban on the manufacture and distribution of
        circumvention technologies also would need to be modified or
        amended to make this defense a realistic possibility. Finally, to
        preserve the relative anonymity of the key escrow system, the
        records of applicants and keys issued would need to be guarded by
        stringent legal protections along the lines described above.
       
        The most likely and appropriate escrow agent will be a publicly
        funded institution, such as the Library of Congress; indeed, the
        Library's long experience with copyright matters and with deposit
        of copyrighted works makes it the ideal candidate to fill the
        escrow role. We see little prospect for development of private
        escrow agents, as has been the case in the trusted third party
        models for commercial PKI. Fair users are almost by definition
        poor candidates to fund an escrow institution. As we have
        indicated above, moreover, the point of fair use is to provide
        low cost or free access to content; assessing fair use fees to
        fund escrow agents would run counter to this purpose. Content
        owners, meanwhile, are unlikely to voluntarily pay for an
        institution that facilitates low cost or free access to their
        works. Even were they to do so, however, a publicly funded
        institution probably would be the preferred choice because the
        public policies underlying fair use require some guarantee of
        institutional longevity.
       
        Finally, the tradition of strong privacy protection by libraries
        makes these institutions best suited to maintaining the privacy
        of fair users. Funding for the fair use infrastructure could be
        provided either through general taxation, by a small
        administrative fee levied on copyright owners, or by some
        combination of the two.

The remainder of the paper goes on to explore the legality of such a
system in light of US and international treaty law and concludes that
such a system is feasible both domestically and abroad.

Further reading: Burk and Cohen, Fair Use Infrastructure for Copyright
Management Systems
        <http://www.cfp2002.org/fairuse/burkcohen.pdf>

==

3.0 Requirements additions

3.1 Accommodating a plausible scenario

The use-case outlined in 2.3 is legally valid, and represents the first
scenario to date that would permit the continued evolution of the
crucial fair use doctrine in a DRM universe. It is critical that the
final standard that emerges from OASIS accommodate this case in addition
to the other cases thus far considered.

3.2 Specific requirements

* A means by which the fair use escrow agent for a file may be indicated

* A means by which non-participation in fair use escrow (i.e., the
abovementioned "right to hack" condition) is signalled in all cases
where the above is not present

* A means by which a user may communicate with an escrow agent through a
temporary identifier, such as an on-the-fly GUID

* A means by which an escrow agent may signal to a DRM application that
a given use has been approved or denied

* A means by which escrow agents may exchange information as to new
classes of uses that have been held to be fair

* A means by which an agent may authenticate a user as a member of one
of the classes of persons with limited or entire copyright exemption,
i.e., critics, researchers, academics, students, archivists, librarians

* A means by which bundles of rights reserved to exempt persons may be
grouped (i.e., a class of permissions that are always afforded to
librarians), with the possibility of localization to reflect varying
copyright laws and practices

* A means by which a DRM scheme can respond to the presence of an
exemption flag, through evaluating the permissions afforded to the
exempt person based on locality at execution time in either the client
or the server

* A means of signaling that an end-user's rights in a work have been
transferred to an exempt person (i.e, donated to a school or library)

==

4.0 Conclusions

This scenario remains a use-case in which fair use is given space to
evolve. A copyright-complete DRM scheme must uphold the public's rights
in copyright, and if this system is to serve as the basis for both
policy and business, it must accommodate the above and other scenarios
that permit ambiguity in fair use.

==

5.0 References

* EFF site:
        <http://www.eff.org>

* von Lohmann white-paper on DRM:
        <http://www.cfp2002.org/fairuse/lohmann.pdf>

* Lessig et al. brief in Eldred v. Ashcroft:
        <http://eon.law.harvard.edu/openlaw/eldredvashcroft/supct/opening-
brief.pdf>

* Burk and Cohen, Fair Use Infrastructure for Copyright Management
Systems:
        <http://www.cfp2002.org/fairuse/burkcohen.pdf>
       
eof
--
Cory Doctorow
Outreach Coordinator, Electronic Frontier Foundation
415.726.5209/cory@eff.org

Blog: http://boingboing.net



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC