In their book Canadian Copyright: A Citizen's Guide, Laura J. Murray and Samuel E. Trosow dedicate 8 pages (including illustrations, resources, etc) to the practise known as Digital Rights Management (DRM). Given this is a topic that has had hundreds of thousands of pages written about it, the chapter only barely scratches the surface.
While the chapter spoke about DRM systems, to understand many of the issues you need to break specific examples of these systems into their component parts and then analyze the components. For me the most important question is always: who actually owns each component part, and are the various rights of the owner being respected?
To illustrate, lets take one of the technologies that was mentioned in the chapter and compare it to your typical DRM system to see what the differences are.
In recent years exclusion mechanisms have made digital technologies commercially and practically useful. Software encryption can ensure the security of your bank account and the privacy of your email. It allows online businesses to set passwords for subscription access, and it can guarantee the authenticity of electronically transmitted materials. But exclusion mechanisms improperly applied can be dangerous.
Lets look at one of those examples: a private citizen using online banking.
Lets presume the most secure scenario. The citizens home computer is secure, meaning that only its owner is in control and is able to authorize any access to that computer, and disallow anyone not authorized. The banks computers are also secure, meaning that the bank is able to disallow access or control from any unauthorized intruder.
They then want to send messages between each other such that a third party intercepting the message could not access the information, or inject their own false information. This is precisely what Cryptography is designed to do -- the information is scrambled by the sender such that only the recipient can descramble it. While someone may be eavesdropping on the conversation, all they see is scrambled junk that has no meaning to them.
One of the first messages communicated is often a password or other way for the bank to be certain what person is trying to communicate with them. This way they can allow this person access do information the bank has stored about that individual person, but ensure that they don't have access to any other customer data, or that no other customer has access to their data.
There are 3 components in this system: the citizens computer, the banks computer, and the messages sent between them. The citizen owns their computer, the bank owns their computer, and the owners are in control of their own computers.
Lets compare this to Apples' "FairPlay" DRM, Microsoft's "Plays for Sure", or related schemes. Lets equally presume for the moment that these technologies are effective at their intended goal, which itself is a leap of faith that has been demonstrated to not be true.
You still have 2 computers and an encrypted message involved, similar to the bank situation. The senders computer is still able to be secured such that its owner authorizes access/control. They encode the material in a way that is not decipherable by the recipient person any more than it is decipherable by an eavesdropper, given the system design is based on a mistrust of the intended recipient. These senders have made special deals with device manufacturers that they trust (whether this trust is misplaced is worth additional analysis), so the messages are encoded such that only specific brands of access devices are able to access the message. These device manufacturers are those who have locked down this hardware/software. The locks aren't used by the owner to ensure that unauthorized persons cannot access or control the hardware, but used by the device manufacturer to decide who is authorized or not. The intention is to not trust the owner of the device, and not authorize them access to the hardware/software.
Quick comparison:
- In banking, technology is used to ensure that the owners of the computers carrying out a conversation are secured against third party unauthorized access/control of the computers, or unauthorized access to or manipulation of the message.
- In these examples of "DRM", technology is used to ensure that the owner of the recipient computer is locked out of their own hardware such that the device manufacturer, and not the owner, is able to authorize access/control of the computers and access to the message.
You may also notice a contradiction between these two systems. A computer can really only have one "master", and thus if it is secure from the point of view of the device manufacturer, it can't bee secure from the point of view of its owner.
This is why Stewart Baker, US Department of Homeland Security's assistant secretary for policy, had the following to say to a group of copyright holders in 2005.
"It's very important to remember that it's your intellectual property -- it's not your computer. And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days."
If you do the same analysis, you will notice that none of the examples in the quote from the book are controversial from the perspective of analysing the owner of each of the component, or from the perspective of computer security. You have the citizen who is able to own and securely control their own devices, you have banks, online retailers and other entities to communicate with which are able to own and control their own devices, and you have messages communicated between them that are technologically protected.
The other thing to look out for are things which are called "Digital Rights Management" systems, but do not involve components with controversies around ownership rights. While we often hear about controversial DRM systems like those from Apple, Microsoft, Macromedia and Sony, there are also people using this same or similar terms to refer to non-controversial searchable databases of copyright holder information, or systems that store copyright and licensing information along with the copyrighted work (See the Creative Commons Metadata lab for an example).
This summary is also fairly brief, and if you wish to dive deeper into the "two locks of DRM" I recommend reading the support material around our Petition to protect Information Technology property rights, especially the article in the December issue of the Open Source Business Resource.