[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [rights-requirements] FW: EFF OASIS submission
Hello All:
I received this for a new prospective member, Cory Doctorow.
Regards,
Hari
-----Original Message-----
From: Cory Doctorow [mailto:cory@eff.org]
Sent: Wednesday, August 14, 2002 5:33 PM
To: hari.Reddy@CONTENTGUARD.COM
Subject: EFF OASIS submission
Enshrining Fair Use in DRM:
Submission to the OASIS Rights Technical Committee
Cory Doctorow
cory@eff.org
8/14/02
Version 1.5
Abstract
A copyright-complete DRM scheme must uphold the public's rights in
copyright as well as those of rights-holders. Since fair use relies on
the combination of unauthorized uses and the courts to evolve, a
copyright-complete DRM scheme must permit unauthorized uses. To date,
one proposed use-case has accommodated unauthorized uses consistent with
fair use. If this standard is to "address the needs of the diverse
communities that have recognized the need for a rights language," then
the OASIS Rights TC should ensure that the standard can accommodate this
use-case.
1.0 Background
1.1 The Electronic Frontier Foundation
The Electronic Frontier Foundation (EFF) is a nonprofit organization
with over 7,000 dues-paying members and over 30,000 supporters on its
mailing list, that works to uphold civil liberties interests in
technology law, policy and standards.
Further reading: EFF site
<http://www.eff.org>
1.2 The bargain
The US Constitutional basis for copyright:
"To promote the Progress of Science and the useful Arts, by
securing for limited Times to Authors and Inventors the exclusive
Right to their respective Writings and Discoveries."
establishes the American conception of copyright as a bargain between
the public good, as served through the promotion of the Science and the
useful Arts (i.e., through the ability of the general public to make
fair uses of copyrighted works, and of the ability of the public to
unlimited uses of work in the public domain) and the provision of an
incentive to authors and other rights-holders so that they will create
more original works from which fair uses may be made and which will some
day enter the commons of public domain works from which any use may be
made.
The rights-holder's monopoly is the carrot we dangle before him so that
he will create new works, but the public domain and the realm of fair
uses are the firmament on which he treads. Without this commons, no
original works can be undertaken, since all works are derived from the
works that came before them.
Thus we see that any technical system that is established to promote
copyright must likewise preserve the public domain and uphold fair use.
Further reading: Lessig et al. brief in Eldred v. Ashcroft
<http://eon.law.harvard.edu/openlaw/eldredvashcroft/supct/opening-
brief.pdf>
1.3 Fair use
Fair use is a complex legal construct, one that is often misunderstood.
Upon hearing that there are a bundle of uses that are reserved from an
author's monopoly, many engineers ask that these rights be enumerated so
that they can be enshrined into a set of business-rules and left
switched on by default.
This point of view, while seemingly technically reasonable, represents a
serious misunderstanding of the role of fair use in an innovative and
creative society. Copyright interests, such as the RIAA and MPAA
recording and film lobbies often answer questions about fair use by
saying that fair use is a defense against a claim of infringement, not a
set of rights in copyright.
This is technically true, but it is true in the same way that the First
Amendment is a defense against claims of illegal speech -- to
characterize fair use as a defense does not diminish its importance in
copyright.
The default position in copyright is that an end-user of a copyrighted
work can make any use that she can conceive of with the tools at hand.
For example, the owner of a VCR may record entire copyrighted television
programs for later viewing or archiving. If this use comes to the
attention of a rights-holder, as it did in the Betamax case in the early
1980s, the rights-holder can take his customer to court, and ask a judge
to determine whether a given use is fair or not.
In the Betamax hearings, the Supreme Court ruled that time-shifting --
making copies of entire copyrighted works -- was a fair use. In this
way, the rights of the public in copyright were incrementally expanded.
This typifies the means by which the fair use doctrine evolves: some
new, unauthorized use is made by an end-user, and a court (or Congress)
is asked to determine whether that use is fair, and the doctrine expands.
Further reading: von Lohmann white-paper on DRM
<http://www.cfp2002.org/fairuse/lohmann.pdf>
1.3 The DMCA and fair use
The 1998 Digital Millennium Copyright Act (DMCA) makes it illegal to
circumvent copy-prevention technology, such as DRM schemes, even if the
circumvention is in the service of making a use previously established
by the courts as non-infringing. For example, it is illegal to disable
the copy-prevention measures in a pre-recorded DVD regionalized for
Europe in order to watch it in the USA, even though there is no
copyright law that criminalizes the act of watching a European DVD in
the US.
In a DMCA-enabled universe, it is critical that the fair use doctrine
not be undermined.
DRM business rules, in combination with a copy-prevention technology,
limit end-users to those uses that are explicitly authorized by
rights-holders and their agents. Thus, DRM and the DMCA may rob
end-users of the opportunity to make any unauthorized uses, including
both well-established and innovative fair uses.
If a DRM scheme is to uphold the copyright bargain between the public
good and the need to provide an incentive to authors, it must permit
scenarios in which the fair use doctrine continues to evolve; that is to
say, Constitutionally valid, copyright-complete DRM schemes must provide
the end-user with the capability of making unauthorized uses, even
explicitly forbidden uses. It is not consistent with copyright law to
afford authors the absolute authority to govern those uses which their
customers may make; DRM must not grant authors the ability to displace
the courts and Congress as the final arbiters of lawful use.
==
2.0 The proposal
2.1 Fair Use Infrastructure for Copyright Management Systems
At the 12th Annual conference on Computers, Freedom and Privacy, Dan L.
Burk, Professor of Law and Vance K. Opperman Research Scholar,
University of Minnesota and Julie E. Cohen, Associate Professor of Law,
Georgetown University Law Center, two respected legal scholars, jointly
delivered a paper entitled "Fair Use Infrastructure for Copyright
Management Systems."
This paper is noteworthy in that it contains what appears to us to be
the sole proposal to date which allows DRM to protect existing fair uses
and other public rights, and to accommodate the continued evolution of
the fair use doctrine. The authors begin by dismissing the idea of an
algorithmic approach to embedding fair use in business-rules:
...[A]n algorithm-based approach to fair use is unlikely to
accommodate even the shadow of fair use as formulated in current
copyright law. We are not optimistic that system designers will
be able to anticipate the range of access privileges that may be
appropriate in order for fair uses to be made of a particular
work. Neither are we optimistic that system designers will be
able to anticipate the types of uses that would be considered
fair by a court. Fair use is irreducibly a situation-specific
determination. In some instances, a user may fairly take a work
in its entirety -- say, for example, where the work is entitled to
only thin protection, the use is for a protected use such as
scholarship or criticism, and/or the use is expected to have no
appreciable impact on the market for the work. In other
situations, where three or four of the factors weigh heavily
against a particular use, taking much less might exceed fair
use. Building the range of possible outcomes into computer code
would require both a bewildering degree of complexity and an
impossible level of prescience. There is currently no good
algorithm that is capable of producing such an analysis, meaning
that (at least for now) there is no feasible way to build rights
management code that approximates the results of judicial
determinations.
Profs. Burk and Cohen instead hold that:
[a]t present, only human intelligence, reviewing the unique
circumstances of a particular use, can determine whether it is
likely to be fair.
2.2 The Burk-Cohen Approach.
The authors reconcile the seemingly impossible conundrum of preserving
unauthorized uses with the desire of rights-holders to control end-users
of their material with a problematic solution: key-escrow.
The authors suggest key-escrow as a method for preserving unauthorized
uses with the desire of rights-holders to control end-users of their
material. EFF does not necessarily advocate Profs. Burk and Cohen's
proposal, but as the only technological proposal that attempts to
preserve the possiblity of continued flexible, case-by-case
determinations that have been the hallmark of the fair use doctrine, its
translation into practice is worthy of inclusion in this group's set of
supported use-cases. It is important to note that the charter of the
OASIS Rights TC establishes as its purpose to:
Define the industry standard for a rights language that supports
a wide variety of business models and has an architecture that
provides the flexibility to address the needs of the diverse
communities that have recognized the need for a rights language.
Respected copyright scholars, such as Burk and Cohen, clearly belong to
one of "the diverse communities that have recognized the need for a
rights language." What's more, they have put forward the sole proposal
to date by which the doctrine of fair use can be allowed to evolve, and
they did so at the world's foremost conference on digital civil
liberties, to an audience of internationally renowned legal scholars,
activists, cryptographers and technologists.
2.3 The use-case
The use-case is as follows:
As in the case of electronic commerce, a new technical, legal,
and institutional infrastructure might facilitate the development
of trusted third parties to mediate fair use access to
technologically protected works. The system we propose hinges
upon the concept of key escrow, that is, management of rights
management keys by a trusted third party, rather than by the
owner of a work. Keys to technologically-protected works would be
held by the trusted third party, who would release them to users
applying for access to make fair use.
Although, as we have noted, any preauthorization requirement
impinges upon spontaneous uses, the trusted third party's
approval procedure could be designed to minimize this impact. In
order to avoid difficult ex ante judgments about particular uses,
and to approximate as nearly as possible the cost and incentive
structure of traditional fair uses, the third party would not be
required, and would not attempt, to make a determination about
the bona fides of the access application. Rather, the third party
would simply issue keys to applicants via a simple online
procedure.
Solving the anonymity problem is far more difficult. The concept
of key escrow has been vilified in the past, and we believe with
good reason, when it constituted the core of a governmental plan
that would have systematically undermined the integrity of
private communications. But a different sort of privacy
interest is at stake here, where the issue is public access to
publicly distributed works of authorship, rather than
governmental access to private communications. In this instance,
the concept of third-party escrow works in the public interest
and could be made to work in favor of preserving privacy, rather
than against both goals.
A trusted third-party system could be designed for true
anonymity. Under such a system, the escrow agent would release
keys to applicants without retaining or even generating
identifying records.
Such a system would replicate the anonymity that fair users enjoy
in traditional media. In some cases, it might even provide
stronger anonymity -- as, for example, where access via escrowed
keys might substitute for checking a work out of the library. For
exactly this reason, though, we suspect that this sort of
arrangement is likely to be politically unacceptable.
A second-best alternative would require that the agent keep
records of the applications and keys issued, but would subject
the records to stringent privacy protections similar to those
that now protect many library patron records. We think it likely
that the copyright industries would demand the ability to match
keys with identities so that the subsequent appearance of pirated
materials could be linked to the applicants for access.
However, we would recommend that identifying information be
released only pursuant to a court order, and only on a showing of
actual piracy, as distinct from garden-variety infringement or
arguable fair use. This places some evidentiary burden on the
copyright holder, but we note that this mechanism nonetheless
would give rights owners a substantial advantage that they do not
enjoy for works distributed in traditional media. In addition,
regulations governing the privacy practices of trusted third
parties should prohibit sale or other transfer of key access
information, and should require that access and usage records be
destroyed after some period of time. We are cautiously optimistic
that rigorous privacy protections could prevent the use of key
access information to intimidate critics, parodists, and the
like. Nonetheless, we label this arrangement "second-best"
because even the most stringent system of privacy protections for
fair users is likely to chill some lawful uses.
...
The first layer of our proposed fair use infrastructure would
involve the design of rights management technologies that
incorporate automatic fair use defaults based on customary norms
of personal noncommercial use. The legal rule for facilitating
this part of the proposal would operate in a fashion similar to
current provisions of the Copyright Act designed to encourage
copyright registration and deposit, by conditioning copyright
enforcement on implementation of the automatic fair use
defaults. To guard against a "race to the bottom" in fair use
law, the law would clearly state that the level of copying
permitted by the automatic defaults does not define the full
extent of permitted fair use.
Those who desire greater fair use access, meanwhile, would turn
to a trusted third party intermediary. Under the system, deposit
of access keys into key escrow would be facilitated by
conditioning anti-circumvention protection on such deposit. Users
who failed to obtain access via the escrow agent would be subject
to suit for circumventing technical measures; those users,
however, still might escape liability by successful invocation of
a constitutional defense to circumvention liability. Rights
holders that opt not to deposit keys with the escrow agent would
be unable to invoke legal protection against circumvention; for
such unescrowed works, a "right to hack" would effectively
substitute for access via the escrowed keys. As noted in Part II,
the DMCA's ban on the manufacture and distribution of
circumvention technologies also would need to be modified or
amended to make this defense a realistic possibility. Finally, to
preserve the relative anonymity of the key escrow system, the
records of applicants and keys issued would need to be guarded by
stringent legal protections along the lines described above.
The most likely and appropriate escrow agent will be a publicly
funded institution, such as the Library of Congress; indeed, the
Library's long experience with copyright matters and with deposit
of copyrighted works makes it the ideal candidate to fill the
escrow role. We see little prospect for development of private
escrow agents, as has been the case in the trusted third party
models for commercial PKI. Fair users are almost by definition
poor candidates to fund an escrow institution. As we have
indicated above, moreover, the point of fair use is to provide
low cost or free access to content; assessing fair use fees to
fund escrow agents would run counter to this purpose. Content
owners, meanwhile, are unlikely to voluntarily pay for an
institution that facilitates low cost or free access to their
works. Even were they to do so, however, a publicly funded
institution probably would be the preferred choice because the
public policies underlying fair use require some guarantee of
institutional longevity.
Finally, the tradition of strong privacy protection by libraries
makes these institutions best suited to maintaining the privacy
of fair users. Funding for the fair use infrastructure could be
provided either through general taxation, by a small
administrative fee levied on copyright owners, or by some
combination of the two.
The remainder of the paper goes on to explore the legality of such a
system in light of US and international treaty law and concludes that
such a system is feasible both domestically and abroad.
Further reading: Burk and Cohen, Fair Use Infrastructure for Copyright
Management Systems
<http://www.cfp2002.org/fairuse/burkcohen.pdf>
==
3.0 Requirements additions
3.1 Accommodating a plausible scenario
The use-case outlined in 2.3 is legally valid, and represents the first
scenario to date that would permit the continued evolution of the
crucial fair use doctrine in a DRM universe. It is critical that the
final standard that emerges from OASIS accommodate this case in addition
to the other cases thus far considered.
3.2 Specific requirements
* A means by which the fair use escrow agent for a file may be indicated
* A means by which non-participation in fair use escrow (i.e., the
abovementioned "right to hack" condition) is signalled in all cases
where the above is not present
* A means by which a user may communicate with an escrow agent through a
temporary identifier, such as an on-the-fly GUID
* A means by which an escrow agent may signal to a DRM application that
a given use has been approved or denied
* A means by which escrow agents may exchange information as to new
classes of uses that have been held to be fair
* A means by which an agent may authenticate a user as a member of one
of the classes of persons with limited or entire copyright exemption,
i.e., critics, researchers, academics, students, archivists, librarians
* A means by which bundles of rights reserved to exempt persons may be
grouped (i.e., a class of permissions that are always afforded to
librarians), with the possibility of localization to reflect varying
copyright laws and practices
* A means by which a DRM scheme can respond to the presence of an
exemption flag, through evaluating the permissions afforded to the
exempt person based on locality at execution time in either the client
or the server
* A means of signaling that an end-user's rights in a work have been
transferred to an exempt person (i.e, donated to a school or library)
==
4.0 Conclusions
This scenario remains a use-case in which fair use is given space to
evolve. A copyright-complete DRM scheme must uphold the public's rights
in copyright, and if this system is to serve as the basis for both
policy and business, it must accommodate the above and other scenarios
that permit ambiguity in fair use.
==
5.0 References
* EFF site:
<http://www.eff.org>
* von Lohmann white-paper on DRM:
<http://www.cfp2002.org/fairuse/lohmann.pdf>
* Lessig et al. brief in Eldred v. Ashcroft:
<http://eon.law.harvard.edu/openlaw/eldredvashcroft/supct/opening-
brief.pdf>
* Burk and Cohen, Fair Use Infrastructure for Copyright Management
Systems:
<http://www.cfp2002.org/fairuse/burkcohen.pdf>
eof
--
Cory Doctorow
Outreach Coordinator, Electronic Frontier Foundation
415.726.5209/cory@eff.org
Blog: http://boingboing.net
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC