We must seek out a new approach to managing trust on the network.

To date, our halting attempts at cobbling together a "digital rights management" solution have been at best unconvincing, at worst completely inept – because they have been exclusively focused on protection of intellectual property rights, and have approached the issue in a very limited way. What we now call "DRM" needs to evolve into something which perhaps we will come to call "Digital Policy Management" – a new technical approach to managing trust on the network.

Some of the policies we want to manage in this way may indeed be rooted in intellectual property rights protection. But others will stem from personal or corporate policies (like privacy and confidentiality); yet others may come from interpretation of the legal code. Effective protection of intellectual property – in a manner that is acceptable to consumers – should be a side effect of this new "Digital Policy Management" approach to managing trust, not the main event.

Building a framework for network citizenship
The challenge of maintaining a framework for protection of intellectual property on the network is closely related to many other challenges which are facing us on the network. Despite the best efforts of both lawmakers and of those who would enforce the law, users bent on using the internet with felonious intent persistently stay one step ahead. Fraud is rife, and fraudulent emails become ever more sophisticated. Attempted extortion based on denial of service attacks has recently been exemplified by the attack on "Million Dollar Homepage" (cf. Gonsalves 2006). Although the recent attack of the Kama Sutra virus may not have been as disastrous as predicted (BBC 2006), viruses and spyware continue to proliferate throughout the network. And spam, while perhaps exemplary of a rather different level of malfeasance, creates a problem for every user of the network that is – in its totality – immensely costly.

At first sight, these "network citizenship" issues may appear to have little link with intellectual property and digital rights management, but the problem in all these cases is one of trust and trusted identity.

Our response to the attack on trust on the network has been somewhat feeble. Trust circles, like those based on "friend of a friend" (cf. sources) linking of personal web pages – or more business oriented approaches like LinkedIn (cf. sources) – undoubtedly have a role to play; but they don’t deal with the problem of the outside world, with the fact the Internet is (as I have recently seen it described; Becker 2006) a "world of strangers" – nor with the reality that those strangers are not universally benign. To move beyond this world of strangers, we need to move from concepts like trust circles to more robust mechanisms that allow us to truly trust one another’s assertion of identity and to grant appropriate permissions to those that we do trust.

Renewing trust on the Internet
In a recent article (Talbot 2005), David Clark of MIT, an Internet pioneer, is quoted as saying: "We might just be at the point where the utility of the Internet stalls – and perhaps turns downward" – because of the growing loss of trust. The economic and social implications of a widespread loss of trust in the network are incalculable; it is now integrated into our lives at a very deep level.

In a similar vein, Vint Cerf, one of the "founding fathers" of the Internet, and now Google’s "chief internet evangelist" was recently quoted (Talbot 2006) as saying: "I believe the potential growth of the Internet will be limited if we allow invasive badware and spyware to continue to fester without strong action. All consumers must be in control of their experiences when they browse the Internet and the mass proliferation of badware threatens this control. We cannot allow that to continue…. The providers of Internet services and software simply must get this problem under control."

You do not necessarily need to share the view that we urgently need a complete re-engineering of the fundamental architecture of the Internet to recognise that there is real enough problem to address. Nor is it necessary to accept uncritically the architecture proposed by the Trusted Computing Group (TCG; cf. sources), which appears to run the risk of putting an excessive amount of power into the hands of a small number of technology companies. In the circumstance, the words "trust", "trusted" and "trustworthy" can all become a little slippery.

No one will easily be brought to trust technology solutions which threaten "lock in" to particular providers of technology, and to hand power to a technocracy.

Avoidance of lock in is dependent on interoperability and low switching costs, something that the TCG proposals could impose considerable limitations on. Interoperability is therefore the key challenge – and interoperability will depend on the availability "policy metadata": clear, unambiguous and standardised ways of expressing policies – in many ways, building this layer of policy data is a much more significant task than enforcing the policies.

Indeed, the ability to express the policies in a standard, interoperable way provides us individually with options – options as to whether policies are to be enforced through technology (in the context of intellectual property, think "DRM") or through a combination of trust, good will and the law (think "Creative Commons").

Of course, there is potential downside to the interpretation of essentially uncertain legal concepts into the certainty of machine-interpretable code. It becomes necessary to hard code concepts of "reasonableness" and "proportionality", things that are by their nature contextual. This inevitably creates a challenge in areas like exceptions to copyright; but we should face up to those challenges rather than simply spike them as "too difficult".

Maintaining the balance
We do well to remember that copyright was established for the good of society: "To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries" (US Constitution). Technology should no more be used to extend the intended scope of copyright protection than it should be used to destroy its central purpose.

There can be few who still doubt that the internet will prove to be a hugely disruptive technology for the copyright industries, just as it proving hugely disruptive for other sectors. However, before deciding that we want to dispose of the entire structure of intellectual property, we should be sure that we have fully considered the consequences.

Ultimately, effective management and protection of intellectual property on the network will only be possible within a framework of trusted (and trustworthy) network computing. However, the primary motivation for the implementation of such a framework will not be the protection of the current business models of the media and technology industries (who have not always acted in ways guaranteed to make themselves popular with consumers).

Consumers will welcome the introduction of digital policy management technology – including management of "digital rights" – only if it also offers a solution to their underlying security and identity problems and contributes to the maintenance of civil society on the network, with all the complex checks and balances that this implies.

This will not easily be achieved, but that does not mean that it is not worth the effort.


About the author: Mark Bide is a Senior Consultant at Rightscom Limited, a specialist consultancy based in London which was founded in 2000 to support the design and deployment of business, technology and process solutions in the management, protection and trading of intellectual property rights and content in the digital environment. Mark has over 30 years experience in the publishing industry, having been a Director of the European subsidiaries of both CBS Publishing and John Wiley & Sons. With a background in production, distribution, and publishing technology, he has been a consultant for nearly 15 years and has particular expertise in the impact of network technology on the information value chain. He has been closely involved in standardisation strategies to support the management of intellectual property on the network. Contact:

Status: first posted 22/02/06; licensed under Creative Commons