Nov 25, 2003
This is a very interesting little paper with wider implications. First, some background. Digital Rights Management (DRM) involves three major components:
- The expression of digital rights (analagous the copyright notice in a book, or the deed to a house)
- Authorization (by password or machine identity) to access or otherwise use the content (analagous to a library card, a cash register receipt, or a key to the front door)
- And enforcement mechanisms such as encryption and file locking (analagous to a coded book, or a burglar alarm system).
OK, that's the background. Onto the article. The author proposes, with (given the history of Peer to Peer) good cause, that digital rights technology be integrated into peer to peer networks. I agree with this, so far as it goes, because we need DRM to protect the users of free content from frivolous lawsuits, and because Peer to Peer is probably our best hope for widely distributed broadband content. But consider the issues:
- Whether the authorization is done on the basis of a user's identity, a device's identity, or both.
- Whether the software doing the authorization is built in to the playback device or software, built in to the platform on which it runs, or independent of those.
- Whether the license is bundled in with or separate from the content.
- How much fine-grained control the IP owner has over specification of rights.
- Whether or not the user is required to be connected to the network at all times.
- How financial transactions are integrated with the authorization process.
See, the author is probably thinking of Microsoft's Rights Management Server system or the concept of trusted computing, which embodies all three levels of DRM at the network level. Under such systems, the entire network becomes secure - but at the cost of such overhead that only major commercial publishers can afford to distribute content at all. But if that is the model of DRM being considered, who needs P2P? The internet becomes just another cable channel (a pay-per-view channel).
DRM and P2P are, as the author asserts, far from mutually exclusive. But there's a trade-off. Is a distributed network, such as P2P (or other content syndication systems, such as RSS), you need a distributed digital rights management, which embodies the three layers of DRM discussed above. But the big players in DRM today aren't interested. After all, what benefit to them to see an environment where just anyone can produce and distribute content?