Having been at the last year’s DRM workshop organized by ACM (Association for Computing Machinery) (cf. Kerényi 2004), I looked forward to visiting the 2005 event organized in Alexandria, Virginia. This time the workshop, being part of a week-long event, the 12th ACM Conference on Computer and Communications Security, was organized in a more prestigious place than last year, the Hilton Alexandria Mark Center. Therefore I was surprised, that compared to the previous workshop, the number of the audience was approximately halved. The around twenty participants came from all over the world, mostly universities, but there were some representatives from the tech industry (Microsoft, Motorola).

As the name of the enclosing event suggests, I expected the presentations to have mainly a technical focus, but the title of the first two presentations (cf. event web site, workshop program) suggested a stronger consumer-related view. As the whole event was introduced, the workshop this year promised a "comprehensive intellectual view", mentioning the legal and market-related questions of DRM beside the expected technical focus.

Opening block – Legal issues and fair use
Alapan Arnab from the University of Cape Town talked about the well known controversy, that DRM, which was meant to be an active protection of copyright, as opposed to the historic passive enforcement, does not actually implement the fundamentals of copyright law. One of the most salient signs is that current systems do not allow fair use. As he said fair use was "a feature for lawyers", that computers, more specifically Rights Expression Languages, could not express. Therefore he concluded that "fair use was unsuitable for DRM". Instead he proposed that "fairer use" could be achieved, than what is available at present.

Arnab discussed the question whether DRM systems are rather similar to buying or licensing. He stated that DRM systems will never be able to enforce core protection (copying, redistributing), they can only restrict usage. Thus, if we drop the old view of ‘buying music just as one used to buy a CD’ and look at today’s ‘buying content from the on-line store’ as licensing (basically a contractual process), then consumers will not necessarily be in a worse position. However, for contracts it is necessary, that both parties can provide their input, and agree on the terms and conditions under which the deal will be made. Current DRM systems, he said, do not allow the users any input on the terms of the usage licenses. For this, he proposed two different solutions, which could contribute to achieving fairer use.

First, he talked about negotiation of licenses. He described a protocol, based on which the end user and the license server could conduct the negotiation process, and by which e.g. different prices could be paid for different sets of rights. He proposed that instead of a separate language for negotiation, RELs should be extended to be able to support bi-directional requests. (see also Rump, 2004) He also proposed extensions to the two most widespread RELs, ODRL and XrML, to make such negotiation of terms possible.

The second solution Arnab proposed was credentials-based. He said that credentials-based systems were not new, and such functions could be achieved in DRM systems, too. A simple example of credentials-based access could be that for average users some form of license is granted to a piece of writing, in which any derivative work is forbidden, but those who have a journalist credential are allowed to excerpt. Naturally trusted credentials servers are required for strong identity management in order to maintain security of the system. Arnab again examined both ODRL and XrML, and concluded that the latter was ready for credentials-based use, and proposed an extension for the first one to be compatible with this approach.

Rei Safavi-Naini from the University of Wollongong, Australia, presented research done by four fellows, one dealing with computer law and three sociologists. She analyzed fair use and fair dealing, as similar concepts in many countries, including Australia and also appearing in some EU documents. She gave a detailed background about the history and law cases in connection with fair use and personal use.

Safavi-Naini talked also about the social context of music and new media. The authors examined several surveys, and concluded that music was very important in society, because "music and talk about music is a way of constituting and maintaining friendship networks". They also conducted in-depth interviews with 23 consumers, somewhat similar to what INDICARE did (cf. references). The authors found out that both listening alone and sharing one’s vision with friends was a basic social need. Thus she concluded that DRM systems need to encourage sharing and exploring new music, because this is what people always wanted. Safavi-Naini said that exploration of new music based on sharing often leads to purchase. Thus, revenues can be collected by different means, e.g. with the purchase of concert tickets, T-shirts, CDs, etc.

The key recommendation of the presentation was that "DRM systems should concentrate on how sharing and exploring new music can lead to a purchase, rather than try to stop a core music activity". DRM system designers should address user requirements in the area of file sharing, and make it possible for users to legally exchange music.

At the workshop we had also quite some presentations regarding interoperability, one of the questions that interest consumers most. The three speakers who touched the topic the closest each had a different view of how to achieve this goal.

Pramod A Jamkhedar, from the University of New Mexico, continued research that he had presented in the previous year’s conference. At that time he had talked about creating a layered architecture for DRM and standardizing the function of the layers (cf. Kerenyi 2004). This year he analyzed what is necessary for achieving interoperability (interfaces, protocols, standards that should be developed). Jamkhedar’s view was that standardization does not have to happen all at once; while today’s DRM systems are monolithic, and in the future the aim is to create highly interoperable system, there will be a gradual change through intermediate levels of interoperability.

Sam Micheils, a researcher from the Katholieke Universiteit Leuven took a very different approach: instead of defining layers and dividing DRM functionality in a vertical manner, he looked at the functionality that DRM systems provide. Micheils analyzed state-of-the-art DRM technologies and extracted from them high level usage scenarios with respect to consumers of content, producers and publishers. He identified seven subsystems which are, or should be common to all different systems. These are Content Service, License Service, Access Service, Tracking Service, Payment Service, Import Service and Identification Service.

Micheils concluded that today’s DRM systems lack a generic software architecture that supports interoperability and reuse of specific DRM technologies. He proposed that the identified functions and key services should be located in an overall software architecture for DRM, and the different functions and sub-services of DRM should be standardized. This could also contribute to the gradual change to full interoperability, and provide a way for newcomers to the market to step in with just one of the functions newly implemented and using existing subsystems for the other key services. By not having to re-implement the whole DRM architecture every time one has a new idea for one of the six functions, the market could open up to new ideas and grow faster, to the benefit of consumers.

While the previous two speakers presented "just research", and had no intention to promote actual standardization, David W. Kravitz from Motorola talked about a real device which could help achieve interoperability. He introduced the Rights Issuer Module (RIM), a central device in one’s home entertainment system, which achieves functional interoperability by acting as a content and rights object translator between the "upstream device" (could also be the content provider) and the "downstream device" (this is the device receiving the content and rights). Motorola’s aim when designing the RIM was to create a supplementary system with the help of which one can easily move content among devices with minimal or potentially even no change to existing players, and that was secure, while at the same time reducing robustness requirements for home devices.

Technical research going on
Just to touch on other topics mentioned at the workshop, we also had presentations about broadcast encryption, watermarking, and software protection techniques. Markus Rohe from the Ruhr-Universität Bochum introduced a secure digital rights distribution infrastructure, where customers can verify the legality of a license. This is important, when digital content is used for important calculations, and accuracy of data is crucial, and this infrastructure can guarantee liability of the content provider. Andreas Matheus from the University of the Federal Armed Forces Munich talked about extending DRM systems to the geospatial domain – with GeoXACML Matheus successfully added location information to both content and rights, which can be important if heterogeneous and distributed geodata are to be used at the same time, or usability of licenses can vary based on the location of the consumer.

Microsoft’s DRM vision
The liveliest discussion emerged, when Andrew Moss, a Windows strategist from Microsoft stepped on stage and gave a less technical and more visionary speech. After his talk, attendees of the workshop asked questions about Microsoft’s vision and to me it emerged that consumer acceptability is indeed a very important question for the "bigs". Moss emphasized the importance of simplicity of DRM systems. He said that most consumers are not engineers therefore simplicity of solutions is one of the most important points when designing a DRM system. Therefore the best DRM is invisible, "if you realize it is there, they do something wrong". Moss said that "the challenge now is not too much in technology", instead he identified today’s key disputes as privacy, accessibility, ease of use, interoperability and device-to-device availability.

Bottom line
Compared to the results of last year’s similar DRM workshop by ACM where researchers did not pay much attention to consumer acceptability, it seems that now the approach of both researchers and technology providers have changed, and today the end user, and his wishes are in the focus of research.


About the author: Kristóf Kerényi is a researcher at Budapest University of Technology and Economics in the SEARCH Laboratory. His interests include mobile and wireless IT security, as well as technological aspects of DRM. He received a MSc in computer science from BUTE. Contact:

Status: first posted 25/11/05; licensed under Creative Commons