Enshrining Fair Use in DRM: Submission to the OASIS Rights Technical Committee
By: Cory Doctorow
A copyright-complete DRM scheme must uphold the public's rights in copyright as well as those of rights-holders. Since fair use relies on the combination of unauthorized uses and the courts to evolve, a copyright-complete DRM scheme must permit unauthorized uses. To date, one proposed use-case has accommodated unauthorized uses consistent with fair use. If this standard is to "address the needs of the diverse communities that have recognized the need for a rights language," then the OASIS Rights TC should ensure that the standard can accommodate this use-case. [note]
1.1 The Electronic Frontier Foundation
The Electronic Frontier Foundation (EFF) is a nonprofit organization with over 7,000 dues-paying members and over 30,000 supporters on its mailing list, that works to uphold civil liberties interests in technology law, policy and standards.
Further reading: EFF site
1.2 The bargain
The US Constitutional basis for copyright:
"To promote the Progress of Science and the useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries."
establishes the American conception of copyright as a bargain between the public good, as served through the promotion of the Science and the useful Arts (i.e., through the ability of the general public to make fair uses of copyrighted works, and of the ability of the public to unlimited uses of work in the public domain) and the provision of an incentive to authors and other rights-holders so that they will create more original works from which fair uses may be made and which will some day enter the commons of public domain works from which any use may be made.
The rights-holder's monopoly is the carrot we dangle before him so that he will create new works, but the public domain and the realm of fair uses are the firmament on which he treads. Without this commons, no original works can be undertaken, since all works are derived from the works that came before them.
Thus we see that any technical system that is established to promote copyright must likewise preserve the public domain and uphold fair use.
Further reading: Lessig et al. brief in Eldred v. Ashcroft
1.3 Fair use
Fair use is a complex legal construct, one that is often misunderstood. Upon hearing that there are a bundle of uses that are reserved from an author's monopoly, many engineers ask that these rights be enumerated so that they can be enshrined into a set of business-rules and left switched on by default.
This point of view, while seemingly technically reasonable, represents a serious misunderstanding of the role of fair use in an innovative and creative society. Copyright interests, such as the RIAA and MPAA recording and film lobbies often answer questions about fair use by saying that fair use is a defense against a claim of infringement, not a set of rights in copyright.
This is technically true, but it is true in the same way that the First Amendment is a defense against claims of illegal speech -- to characterize fair use as a defense does not diminish its importance in copyright.
The default position in copyright is that an end-user of a copyrighted work can make any use that she can conceive of with the tools at hand. For example, the owner of a VCR may record entire copyrighted television programs for later viewing or archiving. If this use comes to the attention of a rights-holder, as it did in the Betamax case in the early 1980s, the rights-holder can take his customer to court, and ask a judge to determine whether a given use is fair or not.
In the Betamax hearings, the Supreme Court ruled that time-shifting -- making copies of entire copyrighted works -- was a fair use. In this way, the rights of the public in copyright were incrementally expanded.
This typifies the means by which the fair use doctrine evolves: some new, unauthorized use is made by an end-user, and a court (or Congress) is asked to determine whether that use is fair, and the doctrine expands.
Further reading: von Lohmann white-paper on DRM
1.3 The DMCA and fair use
The 1998 Digital Millennium Copyright Act (DMCA) makes it illegal to circumvent copy-prevention technology, such as DRM schemes, even if the circumvention is in the service of making a use previously established by the courts as non-infringing. For example, it is illegal to disable the copy-prevention measures in a pre-recorded DVD regionalized for Europe in order to watch it in the USA, even though there is no copyright law that criminalizes the act of watching a European DVD in the US.
In a DMCA-enabled universe, it is critical that the fair use doctrine not be undermined.
DRM business rules, in combination with a copy-prevention technology, limit end-users to those uses that are explicitly authorized by rights-holders and their agents. Thus, DRM and the DMCA may rob end-users of the opportunity to make any unauthorized uses, including both well-established and innovative fair uses.
If a DRM scheme is to uphold the copyright bargain between the public good and the need to provide an incentive to authors, it must permit scenarios in which the fair use doctrine continues to evolve; that is to say, Constitutionally valid, copyright-complete DRM schemes must provide the end-user with the capability of making unauthorized uses, even explicitly forbidden uses. It is not consistent with copyright law to afford authors the absolute authority to govern those uses which their customers may make; DRM must not grant authors the ability to displace the courts and Congress as the final arbiters of lawful use.
2.0 The proposal
2.1 Fair Use Infrastructure for Copyright Management Systems
At the 12th Annual conference on Computers, Freedom and Privacy, Dan L. Burk, Professor of Law and Vance K. Opperman Research Scholar, University of Minnesota and Julie E. Cohen, Associate Professor of Law, Georgetown University Law Center, two respected legal scholars, jointly delivered a paper entitled "Fair Use Infrastructure for Copyright Management Systems."
This paper is noteworthy in that it contains what appears to us to be the sole proposal to date which allows DRM to protect existing fair uses and other public rights, and to accommodate the continued evolution of the fair use doctrine. The authors begin by dismissing the idea of an algorithmic approach to embedding fair use in business-rules:
...[A]n algorithm-based approach to fair use is unlikely to accommodate even the shadow of fair use as formulated in current copyright law. We are not optimistic that system designers will be able to anticipate the range of access privileges that may be appropriate in order for fair uses to be made of a particular work. Neither are we optimistic that system designers will be able to anticipate the types of uses that would be considered fair by a court. Fair use is irreducibly a situation-specific determination. In some instances, a user may fairly take a work in its entirety -- say, for example, where the work is entitled to only thin protection, the use is for a protected use such as scholarship or criticism, and/or the use is expected to have no appreciable impact on the market for the work. In other situations, where three or four of the factors weigh heavily against a particular use, taking much less might exceed fair use. Building the range of possible outcomes into computer code would require both a bewildering degree of complexity and an impossible level of prescience. There is currently no good algorithm that is capable of producing such an analysis, meaning that (at least for now) there is no feasible way to build rights management code that approximates the results of judicial determinations.
Profs. Burk and Cohen instead hold that:
[a]t present, only human intelligence, reviewing the unique circumstances of a particular use, can determine whether it is likely to be fair.
2.2 The Burk-Cohen Approach.
The authors reconcile the seemingly impossible conundrum of preserving unauthorized uses with the desire of rights-holders to control end-users of their material with a problematic solution: key-escrow.
The authors suggest key-escrow as a method for preserving unauthorized uses with the desire of rights-holders to control end-users of their material. EFF does not necessarily advocate Profs. Burk and Cohen's proposal, but as the only technological proposal that attempts to preserve the possiblity of continued flexible, case-by-case determinations that have been the hallmark of the fair use doctrine, its translation into practice is worthy of inclusion in this group's set of supported use-cases. It is important to note that the charter of the OASIS Rights TC establishes as its purpose to:
Define the industry standard for a rights language that supports a wide variety of business models and has an architecture that provides the flexibility to address the needs of the diverse communities that have recognized the need for a rights language.
Respected copyright scholars, such as Burk and Cohen, clearly belong to one of "the diverse communities that have recognized the need for a rights language." What's more, they have put forward the sole proposal to date by which the doctrine of fair use can be allowed to evolve, and they did so at the world's foremost conference on digital civil liberties, to an audience of internationally renowned legal scholars, activists, cryptographers and technologists.
2.3 The use-case
The use-case is as follows:
As in the case of electronic commerce, a new technical, legal, and institutional infrastructure might facilitate the development of trusted third parties to mediate fair use access to technologically protected works. The system we propose hinges upon the concept of key escrow, that is, management of rights management keys by a trusted third party, rather than by the owner of a work. Keys to technologically-protected works would be held by the trusted third party, who would release them to users applying for access to make fair use. Although, as we have noted, any preauthorization requirement impinges upon spontaneous uses, the trusted third party's approval procedure could be designed to minimize this impact. In order to avoid difficult ex ante judgments about particular uses, and to approximate as nearly as possible the cost and incentive structure of traditional fair uses, the third party would not be required, and would not attempt, to make a determination about the bona fides of the access application. Rather, the third party would simply issue keys to applicants via a simple online procedure. Solving the anonymity problem is far more difficult. The concept of key escrow has been vilified in the past, and we believe with good reason, when it constituted the core of a governmental plan that would have systematically undermined the integrity of private communications. But a different sort of privacy interest is at stake here, where the issue is public access to publicly distributed works of authorship, rather than governmental access to private communications. In this instance, the concept of third-party escrow works in the public interest and could be made to work in favor of preserving privacy, rather than against both goals. A trusted third-party system could be designed for true anonymity. Under such a system, the escrow agent would release keys to applicants without retaining or even generating identifying records. Such a system would replicate the anonymity that fair users enjoy in traditional media. In some cases, it might even provide stronger anonymity -- as, for example, where access via escrowed keys might substitute for checking a work out of the library. For exactly this reason, though, we suspect that this sort of arrangement is likely to be politically unacceptable. A second-best alternative would require that the agent keep records of the applications and keys issued, but would subject the records to stringent privacy protections similar to those that now protect many library patron records. We think it likely that the copyright industries would demand the ability to match keys with identities so that the subsequent appearance of pirated materials could be linked to the applicants for access. However, we would recommend that identifying information be released only pursuant to a court order, and only on a showing of actual piracy, as distinct from garden-variety infringement or arguable fair use. This places some evidentiary burden on the copyright holder, but we note that this mechanism nonetheless would give rights owners a substantial advantage that they do not enjoy for works distributed in traditional media. In addition, regulations governing the privacy practices of trusted third parties should prohibit sale or other transfer of key access information, and should require that access and usage records be destroyed after some period of time. We are cautiously optimistic that rigorous privacy protections could prevent the use of key access information to intimidate critics, parodists, and the like. Nonetheless, we label this arrangement "second-best" because even the most stringent system of privacy protections for fair users is likely to chill some lawful uses. ... The first layer of our proposed fair use infrastructure would involve the design of rights management technologies that incorporate automatic fair use defaults based on customary norms of personal noncommercial use. The legal rule for facilitating this part of the proposal would operate in a fashion similar to current provisions of the Copyright Act designed to encourage copyright registration and deposit, by conditioning copyright enforcement on implementation of the automatic fair use defaults. To guard against a "race to the bottom" in fair use law, the law would clearly state that the level of copying permitted by the automatic defaults does not define the full extent of permitted fair use. Those who desire greater fair use access, meanwhile, would turn to a trusted third party intermediary. Under the system, deposit of access keys into key escrow would be facilitated by conditioning anti-circumvention protection on such deposit. Users who failed to obtain access via the escrow agent would be subject to suit for circumventing technical measures; those users, however, still might escape liability by successful invocation of a constitutional defense to circumvention liability. Rights holders that opt not to deposit keys with the escrow agent would be unable to invoke legal protection against circumvention; for such unescrowed works, a "right to hack" would effectively substitute for access via the escrowed keys. As noted in Part II, the DMCA's ban on the manufacture and distribution of circumvention technologies also would need to be modified or amended to make this defense a realistic possibility. Finally, to preserve the relative anonymity of the key escrow system, the records of applicants and keys issued would need to be guarded by stringent legal protections along the lines described above. The most likely and appropriate escrow agent will be a publicly funded institution, such as the Library of Congress; indeed, the Library's long experience with copyright matters and with deposit of copyrighted works makes it the ideal candidate to fill the escrow role. We see little prospect for development of private escrow agents, as has been the case in the trusted third party models for commercial PKI. Fair users are almost by definition poor candidates to fund an escrow institution. As we have indicated above, moreover, the point of fair use is to provide low cost or free access to content; assessing fair use fees to fund escrow agents would run counter to this purpose. Content owners, meanwhile, are unlikely to voluntarily pay for an institution that facilitates low cost or free access to their works. Even were they to do so, however, a publicly funded institution probably would be the preferred choice because the public policies underlying fair use require some guarantee of institutional longevity. Finally, the tradition of strong privacy protection by libraries makes these institutions best suited to maintaining the privacy of fair users. Funding for the fair use infrastructure could be provided either through general taxation, by a small administrative fee levied on copyright owners, or by some combination of the two.
The remainder of the paper goes on to explore the legality of such a system in light of US and international treaty law and concludes that such a system is feasible both domestically and abroad.
Further reading: Burk and Cohen, Fair Use Infrastructure for Copyright Management Systems
3.0 Requirements additions
3.1 Accommodating a plausible scenario
The use-case outlined in 2.3 is legally valid, and represents the first scenario to date that would permit the continued evolution of the crucial fair use doctrine in a DRM universe. It is critical that the final standard that emerges from OASIS accommodate this case in addition to the other cases thus far considered.
3.2 Specific requirements
* A means by which the fair use escrow agent for a file may be indicated
* A means by which non-participation in fair use escrow (i.e., the abovementioned "right to hack" condition) is signalled in all cases where the above is not present
* A means by which a user may communicate with an escrow agent through a temporary identifier, such as an on-the-fly GUID
* A means by which an escrow agent may signal to a DRM application that a given use has been approved or denied
* A means by which escrow agents may exchange information as to new classes of uses that have been held to be fair
* A means by which an agent may authenticate a user as a member of one of the classes of persons with limited or entire copyright exemption, i.e., critics, researchers, academics, students, archivists, librarians
* A means by which bundles of rights reserved to exempt persons may be grouped (i.e., a class of permissions that are always afforded to librarians), with the possibility of localization to reflect varying copyright laws and practices
* A means by which a DRM scheme can respond to the presence of an exemption flag, through evaluating the permissions afforded to the exempt person based on locality at execution time in either the client or the server
* A means of signaling that an end-user's rights in a work have been transferred to an exempt person (i.e, donated to a school or library)
This scenario remains a use-case in which fair use is given space to evolve. A copyright-complete DRM scheme must uphold the public's rights in copyright, and if this system is to serve as the basis for both policy and business, it must accommodate the above and other scenarios that permit ambiguity in fair use.
* EFF site:
* von Lohmann white-paper on DRM:
* Lessig et al. brief in Eldred v. Ashcroft:
* Burk and Cohen, Fair Use Infrastructure for Copyright Management Systems:
Cory Doctorow Outreach Coordinator, Electronic Frontier Foundation email@example.com Blog: http://boingboing.net From: Cory Doctorow [mailto:firstname.lastname@example.org] Sent: Wednesday, August 14, 2002 5:33 PM To: hari.Reddy@CONTENTGUARD.COM Subject: EFF OASIS submission
Prepared by Robin Cover for The XML Cover Pages archive.