Catálogo de publicaciones - libros

Digital Rights Managements (DRM) systems often must manage persistent state, which includes protected content, an audit trail, content usage counts, certificates and decryption keys. Ideally, persistent state that has monetary value should be stored in a physically secure server. However, frequently the persistent state may need to be stored in a hostile environment. For example, for good performance and to support disconnected operation, recent audit records may be stored on a consumer device. The device’s user may have an incentive to alter the audit trail and thus obtain content for free. In this paper we explain the need for persistent state in DRM systems, describe several methods for maintaining persistent state depending on the system requirements, and then focus on the the special case of protecting persistent state in hostile environments.

We describe a weakness in the High Bandwidth Digital Content Protection (HDCP) scheme which may lead to practical attacks. HDCP is a proposed identity-based cryptosystem for use over the Digital Visual Interface bus, a consumer video bus used to connect personal computers and digital display devices. Public/private key pairs are assigned to devices by a trusted authority, which possesses a master secret. If an attacker can recover 40 public/private key pairs that span the module of public keys, then the authority’s master secret can be recovered in a few seconds. With the master secret, an attacker can eavesdrop on communications between any two devices and can spoof any device, both in real time. Additionally, the attacker can produce new key pairs not on any key revocation list. Thus the attacker can completely usurp the trusted authority’s power. Furthermore, the protocol is still insecure even if all devices’ keys are signed by the central authority.

This paper will examine and categorize potential business model scenarios for online music. The virtualization of music leads to market uncertainties. On the supply side, the offering party might not be able to sufficiently privatize online music by using digital rights management technologies. On the demand side, with a changing cost structure for digital goods, consumers might not be willing to pay directly for digital goods so that revenues would have to be collected indirectly by public or private entities. As a result, business models for online music can be categorized into four scenarios. In the first scenario, online music is used to promote the traditional offline business while in the second scenario, consumers are willing to pay for additional services to access online music. The third scenario is significantly different from the first two scenarios as music providers are expected to be able to protect their content by using digital rights management technology. In the fourth scenario peer-to-peer technologies allow consumers to use a mechanism called super distribution with which they can share and recommend songs. The paper concludes with a recommendation to music companies regarding privacy and strategic positioning.

Digital Rights Management (DRM) promises to enable a secure electronic marketplace where content providers can be remunerated for the use of their digital content. In the last few years, countless research efforts have been devoted to DRM technologies. However, DRM systems are not only technological phenomena: they pose complex legal, business, organizational and economic problems. This article tries to show that from a lawyer’s perspective some of the innovativeness and potential of DRM can only be understood when one looks at it from a multidisciplinary viewpoint. The article gives an overview of the various ways by which digital content is protected in a DRM system. The intertwining protection by technology, contracts, technology licenses and anti-circumvention regulations could lead to a new “property right” making copyright protection obsolete. However, there is a danger of over-protection: questions of fair use and other limitations to traditional copyright law have to be addressed. If competition is not able to solve this tension between the interests of content providers and the interests of users or the society at large - which seems to be doubtful at least - it is the law that has to provide a solution. The legislators in the U.S. and Europe use different approaches to address this problem. By looking at DRM in this way, several patterns can be observed which are characteristic of many areas of Internet law.

Under current U.S. law and common understanding, the fundamental right granted by copyright is the right of reproduction — of making copies. Indeed, the very word “copyright” appears to signify that the right to control copying must be a fundamental part of any system of copyright. Nonetheless, we claim that this assumption is incorrect. The advent of digital documents has illuminated this issue: In the digital realm, copying is not a good predictor of intent to infringe; moreover, copying of digital works is necessary for normal use of those works. We argue that the right to control copying should be eliminated as an organizing principle of copyright law. In its place, we propose as an organizing principle the right to control public distribution of the copyrighted work.