[FTC Town Hall] Digital Rights Management FTC Town Hall – Panel 3: DRM In Action

J. Alexander Halderman – Prof of electrical engineering and CS at University of Michigan

FTC has a role to play in easing burden of DRM. Helping consumers understand what they’re buying, and helping them get what they pay for. Consumers are beginning to expect that products containing DRM will harm them, and that’s not good for either consumers or the content industries.

He researches security of DRM systems. At one time research was primarily around security of content, but there’s an emerging area of collateral damage caused by DRM measures. DRM has a tendency to create security risks beyond that presented by typical consumer software. Brings up the Sony rootkit, and a videogame DRM system called Safe Disk, which had a security bug and the software had kernel-level access to Windows systems. Automatic updates without notification, “phoning home” without notification, are also issues that reduce the users’ understanding and control.

Independent review is necessary to really vet security of programs, but DRM makers hide behind the DMCA – he’s been threatened with legal action against some of his research. He’d like to propose that DRM produces and the FTC to pursue measures to facilitate independent security review of DRM issues by adopting a “mere notice” provision of testing rather than asking permission as is required under current DMCA provisions. Also proposes notice to consumers of risky behavior like running kernel-level code. Also wants to propose technical transparency around disclosure of technical details of DRM systems on manufacturer’s web sites.

Patrick Ross – Exec. Director, Copyright Alliance

Creators are thrilled these days when people are actually willing to pay for content.

Mandatory labeling isn’t the answer – gives example of long information handouts that come with drug prescriptions that don’t get read.

Christpher Soghoian – Student Fellow, Berkman Center

Speaking to longevity issues – some content needs to call home to authenticate, either on use or periodically. Sometimes services go under, which prevents lawful access to content that’s been paid for. So far the large companies that have stopped services (Microsoft, Yahoo, Google, Walmart) have been able to provide for refunds or continued services upon outcry, but that might not be true of smaller operations. Consumer cannot predict failures – that’s why we have regulation. Education not sufficient in this area, so proposing action for FTC – force DRM providers to provide source code and authentication keys to be held in escrow by the FTC. “Obviously, this is a proposal that’s a little bit out there”. In the music market we’ve seen DRM fail. But the same companies are moving ahead with DRM in other spaces. Because companies won’t actually act rationally, we need government action.

Debbie Rose – Association for Competitive Technology

Her members are mostly small inventors and innovators. Interested in knowing what the rules are and how they can use them to make cool products. The message is the rules of the road are not that prohibitive and DMCA and DRM are not roadblocks to innovation. Recently written an “innovator’s guide to the DMCA” (not yet published). DMCA has two prohibitions with a host of exceptions – key is it’s a working mechanism. Access control technologies are being used in lots of fields besides entertainment – privacy protection for medical records, as an example.

Rashmi Rangnath – Staff Attorney, Public Knowledge

Harms caused by lack of interoperability – affects both consumers and competition. An example is older BluRay disks not playing at full resolution on older HDTVs because of copy protection technology.

Lock-in – example is iPods linked to iTunes – with FairPlay you couldn’t use the iTunes Music Store with players that weren’t Apple iPods, harming competition in the device market. FTC should investigate lock-in and consider it an unfair trade practice.

Preventing lawful use – DRM on DVDs prevents classroom use of clips. Professors in media studies departments got an exception in the rulemaking process. But consumers have to re-apply every three years and exemptions to not extend to traficking, so if you’re not technically savvy you can’t circumvent because nobody can send you the tools. We should amend the DMCA to allow circumvention for lawful uses, but in the meantime we should grant the Copyright Office more authority to grant wider exceptions.

Bo Anderson – President and CEO, Entertainment Merchants Association

Retailers are at the pivot point of commerce in entertainment goods, delivering product into hands of consumers. Have a brief but costly opportunity to help educate consumers, and get direct feedback from customers when they are displeased – the first to hear when trust is broken. Rebuilding broken trust is more expensive than keeping it in the first place. Retailers are concerned about the use of DRM when it abridges consumers rights of use, transferability, and rights of privacy. They’re concerned whenever DRM is used to require consumers to have a business relationship with the content providers as a condition of use.

When DRM is used to facilitate broad dissemination by facilitating the licensing of exclusive rights, it should be encouraged. When it’s used to restrict, burden or control dissemination beyond limited exclusive rights, it should be discouraged.

A fairly inane, though heated, discussion on business models, DRM, and consumer rights breaks out at the end.