Cover Pages Logo SEARCH
Advanced Search
ABOUT
Site Map
CP RSS Channel
Contact Us
Sponsoring CP
About Our Sponsors
NEWS
Cover Stories
Articles & Papers
Press Releases
CORE STANDARDS
XML
SGML
Schemas
XSL/XSLT/XPath
XLink
XML Query
CSS
SVG
TECHNOLOGY REPORTS
XML Applications
General Apps
Government Apps
Academic Apps
EVENTS
LIBRARY
Introductions
FAQs
Bibliography
Technology and Society
Semantics
Tech Topics
Software
Related Standards
Historic

Enshrining Fair Use in DRM: Submission to the OASIS Rights Technical Committee

By: Cory Doctorow
Email: cory@eff.org
Date: 8/14/02
Version: 1.5

Abstract

A copyright-complete DRM scheme must uphold the public's rights in copyright as well as those of rights-holders. Since fair use relies on the combination of unauthorized uses and the courts to evolve, a copyright-complete DRM scheme must permit unauthorized uses. To date, one proposed use-case has accommodated unauthorized uses consistent with fair use. If this standard is to "address the needs of the diverse communities that have recognized the need for a rights language," then the OASIS Rights TC should ensure that the standard can accommodate this use-case. [note]

1.0 Background

1.1 The Electronic Frontier Foundation

The Electronic Frontier Foundation (EFF) is a nonprofit organization with over 7,000 dues-paying members and over 30,000 supporters on its mailing list, that works to uphold civil liberties interests in technology law, policy and standards.

Further reading: EFF site

http://www.eff.org

1.2 The bargain

The US Constitutional basis for copyright:

	"To promote the Progress of Science and the useful Arts, by
	securing for limited Times to Authors and Inventors the exclusive
	Right to their respective Writings and Discoveries."

establishes the American conception of copyright as a bargain between the public good, as served through the promotion of the Science and the useful Arts (i.e., through the ability of the general public to make fair uses of copyrighted works, and of the ability of the public to unlimited uses of work in the public domain) and the provision of an incentive to authors and other rights-holders so that they will create more original works from which fair uses may be made and which will some day enter the commons of public domain works from which any use may be made.

The rights-holder's monopoly is the carrot we dangle before him so that he will create new works, but the public domain and the realm of fair uses are the firmament on which he treads. Without this commons, no original works can be undertaken, since all works are derived from the works that came before them.

Thus we see that any technical system that is established to promote copyright must likewise preserve the public domain and uphold fair use.

Further reading: Lessig et al. brief in Eldred v. Ashcroft

http://eon.law.harvard.edu/openlaw/eldredvashcroft/supct/opening-brief.pdf

1.3 Fair use

Fair use is a complex legal construct, one that is often misunderstood. Upon hearing that there are a bundle of uses that are reserved from an author's monopoly, many engineers ask that these rights be enumerated so that they can be enshrined into a set of business-rules and left switched on by default.

This point of view, while seemingly technically reasonable, represents a serious misunderstanding of the role of fair use in an innovative and creative society. Copyright interests, such as the RIAA and MPAA recording and film lobbies often answer questions about fair use by saying that fair use is a defense against a claim of infringement, not a set of rights in copyright.

This is technically true, but it is true in the same way that the First Amendment is a defense against claims of illegal speech -- to characterize fair use as a defense does not diminish its importance in copyright.

The default position in copyright is that an end-user of a copyrighted work can make any use that she can conceive of with the tools at hand. For example, the owner of a VCR may record entire copyrighted television programs for later viewing or archiving. If this use comes to the attention of a rights-holder, as it did in the Betamax case in the early 1980s, the rights-holder can take his customer to court, and ask a judge to determine whether a given use is fair or not.

In the Betamax hearings, the Supreme Court ruled that time-shifting -- making copies of entire copyrighted works -- was a fair use. In this way, the rights of the public in copyright were incrementally expanded.

This typifies the means by which the fair use doctrine evolves: some new, unauthorized use is made by an end-user, and a court (or Congress) is asked to determine whether that use is fair, and the doctrine expands.

Further reading: von Lohmann white-paper on DRM

http://www.cfp2002.org/fairuse/lohmann.pdf

1.3 The DMCA and fair use

The 1998 Digital Millennium Copyright Act (DMCA) makes it illegal to circumvent copy-prevention technology, such as DRM schemes, even if the circumvention is in the service of making a use previously established by the courts as non-infringing. For example, it is illegal to disable the copy-prevention measures in a pre-recorded DVD regionalized for Europe in order to watch it in the USA, even though there is no copyright law that criminalizes the act of watching a European DVD in the US.

In a DMCA-enabled universe, it is critical that the fair use doctrine not be undermined.

DRM business rules, in combination with a copy-prevention technology, limit end-users to those uses that are explicitly authorized by rights-holders and their agents. Thus, DRM and the DMCA may rob end-users of the opportunity to make any unauthorized uses, including both well-established and innovative fair uses.

If a DRM scheme is to uphold the copyright bargain between the public good and the need to provide an incentive to authors, it must permit scenarios in which the fair use doctrine continues to evolve; that is to say, Constitutionally valid, copyright-complete DRM schemes must provide the end-user with the capability of making unauthorized uses, even explicitly forbidden uses. It is not consistent with copyright law to afford authors the absolute authority to govern those uses which their customers may make; DRM must not grant authors the ability to displace the courts and Congress as the final arbiters of lawful use.

2.0 The proposal

2.1 Fair Use Infrastructure for Copyright Management Systems

At the 12th Annual conference on Computers, Freedom and Privacy, Dan L. Burk, Professor of Law and Vance K. Opperman Research Scholar, University of Minnesota and Julie E. Cohen, Associate Professor of Law, Georgetown University Law Center, two respected legal scholars, jointly delivered a paper entitled "Fair Use Infrastructure for Copyright Management Systems."

This paper is noteworthy in that it contains what appears to us to be the sole proposal to date which allows DRM to protect existing fair uses and other public rights, and to accommodate the continued evolution of the fair use doctrine. The authors begin by dismissing the idea of an algorithmic approach to embedding fair use in business-rules:

	...[A]n algorithm-based approach to fair use is unlikely to
	accommodate even the shadow of fair use as formulated in current
	copyright law. We are not optimistic that system designers will
	be able to anticipate the range of access privileges that may be
	appropriate in order for fair uses to be made of a particular
	work. Neither are we optimistic that system designers will be
	able to anticipate the types of uses that would be considered
	fair by a court. Fair use is irreducibly a situation-specific
	determination. In some instances, a user may fairly take a work
	in its entirety -- say, for example, where the work is entitled to
	only thin protection, the use is for a protected use such as
	scholarship or criticism, and/or the use is expected to have no
	appreciable impact on the market for the work. In other
	situations, where three or four of the factors weigh heavily
	against a particular use, taking much less might exceed fair
	use. Building the range of possible outcomes into computer code
	would require both a bewildering degree of complexity and an
	impossible level of prescience. There is currently no good
	algorithm that is capable of producing such an analysis, meaning
	that (at least for now) there is no feasible way to build rights
	management code that approximates the results of judicial
	determinations.

Profs. Burk and Cohen instead hold that:

        [a]t present, only human intelligence, reviewing the unique
        circumstances of a particular use, can determine whether it is
        likely to be fair.

2.2 The Burk-Cohen Approach.

The authors reconcile the seemingly impossible conundrum of preserving unauthorized uses with the desire of rights-holders to control end-users of their material with a problematic solution: key-escrow.

The authors suggest key-escrow as a method for preserving unauthorized uses with the desire of rights-holders to control end-users of their material. EFF does not necessarily advocate Profs. Burk and Cohen's proposal, but as the only technological proposal that attempts to preserve the possiblity of continued flexible, case-by-case determinations that have been the hallmark of the fair use doctrine, its translation into practice is worthy of inclusion in this group's set of supported use-cases. It is important to note that the charter of the OASIS Rights TC establishes as its purpose to:

	Define the industry standard for a rights language that supports
	a wide variety of business models and has an architecture that
	provides the flexibility to address the needs of the diverse
	communities that have recognized the need for a rights language.

Respected copyright scholars, such as Burk and Cohen, clearly belong to one of "the diverse communities that have recognized the need for a rights language." What's more, they have put forward the sole proposal to date by which the doctrine of fair use can be allowed to evolve, and they did so at the world's foremost conference on digital civil liberties, to an audience of internationally renowned legal scholars, activists, cryptographers and technologists.

2.3 The use-case

The use-case is as follows:

	As in the case of electronic commerce, a new technical, legal,
	and institutional infrastructure might facilitate the development
	of trusted third parties to mediate fair use access to
	technologically protected works. The system we propose hinges
	upon the concept of key escrow, that is, management of rights
	management keys by a trusted third party, rather than by the
	owner of a work. Keys to technologically-protected works would be
	held by the trusted third party, who would release them to users
	applying for access to make fair use.
	
	Although, as we have noted, any preauthorization requirement
	impinges upon spontaneous uses, the trusted third party's
	approval procedure could be designed to minimize this impact. In
	order to avoid difficult ex ante judgments about particular uses,
	and to approximate as nearly as possible the cost and incentive
	structure of traditional fair uses, the third party would not be
	required, and would not attempt, to make a determination about
	the bona fides of the access application. Rather, the third party
	would simply issue keys to applicants via a simple online
	procedure.
	
	Solving the anonymity problem is far more difficult. The concept
	of key escrow has been vilified in the past, and we believe with
	good reason, when it constituted the core of a governmental plan
	that would have systematically undermined the integrity of
	private communications. But a different sort of privacy
	interest is at stake here, where the issue is public access to
	publicly distributed works of authorship, rather than
	governmental access to private communications. In this instance,
	the concept of third-party escrow works in the public interest
	and could be made to work in favor of preserving privacy, rather
	than against both goals.
	
	A trusted third-party system could be designed for true
	anonymity. Under such a system, the escrow agent would release
	keys to applicants without retaining or even generating
	identifying records.
	
	Such a system would replicate the anonymity that fair users enjoy
	in traditional media. In some cases, it might even provide
	stronger anonymity -- as, for example, where access via escrowed
	keys might substitute for checking a work out of the library. For
	exactly this reason, though, we suspect that this sort of
	arrangement is likely to be politically unacceptable.
	
	A second-best alternative would require that the agent keep
	records of the applications and keys issued, but would subject
	the records to stringent privacy protections similar to those
	that now protect many library patron records. We think it likely
	that the copyright industries would demand the ability to match
	keys with identities so that the subsequent appearance of pirated
	materials could be linked to the applicants for access.
	However, we would recommend that identifying information be
	released only pursuant to a court order, and only on a showing of
	actual piracy, as distinct from garden-variety infringement or
	arguable fair use. This places some evidentiary burden on the
	copyright holder, but we note that this mechanism nonetheless
	would give rights owners a substantial advantage that they do not
	enjoy for works distributed in traditional media. In addition,
	regulations governing the privacy practices of trusted third
	parties should prohibit sale or other transfer of key access
	information, and should require that access and usage records be
	destroyed after some period of time. We are cautiously optimistic
	that rigorous privacy protections could prevent the use of key
	access information to intimidate critics, parodists, and the
	like. Nonetheless, we label this arrangement "second-best"
	because even the most stringent system of privacy protections for
	fair users is likely to chill some lawful uses.
	
	...
	
	The first layer of our proposed fair use infrastructure would
	involve the design of rights management technologies that
	incorporate automatic fair use defaults based on customary norms
	of personal noncommercial use. The legal rule for facilitating
	this part of the proposal would operate in a fashion similar to
	current provisions of the Copyright Act designed to encourage
	copyright registration and deposit, by conditioning copyright
	enforcement on implementation of the automatic fair use
	defaults. To guard against a "race to the bottom" in fair use
	law, the law would clearly state that the level of copying
	permitted by the automatic defaults does not define the full
	extent of permitted fair use.
	
	Those who desire greater fair use access, meanwhile, would turn
	to a trusted third party intermediary. Under the system, deposit
	of access keys into key escrow would be facilitated by
	conditioning anti-circumvention protection on such deposit. Users
	who failed to obtain access via the escrow agent would be subject
	to suit for circumventing technical measures; those users,
	however, still might escape liability by successful invocation of
	a constitutional defense to circumvention liability. Rights
	holders that opt not to deposit keys with the escrow agent would
	be unable to invoke legal protection against circumvention; for
	such unescrowed works, a "right to hack" would effectively
	substitute for access via the escrowed keys. As noted in Part II,
	the DMCA's ban on the manufacture and distribution of
	circumvention technologies also would need to be modified or
	amended to make this defense a realistic possibility. Finally, to
	preserve the relative anonymity of the key escrow system, the
	records of applicants and keys issued would need to be guarded by
	stringent legal protections along the lines described above.
	
	The most likely and appropriate escrow agent will be a publicly
	funded institution, such as the Library of Congress; indeed, the
	Library's long experience with copyright matters and with deposit
	of copyrighted works makes it the ideal candidate to fill the
	escrow role. We see little prospect for development of private
	escrow agents, as has been the case in the trusted third party
	models for commercial PKI. Fair users are almost by definition
	poor candidates to fund an escrow institution. As we have
	indicated above, moreover, the point of fair use is to provide
	low cost or free access to content; assessing fair use fees to
	fund escrow agents would run counter to this purpose. Content
	owners, meanwhile, are unlikely to voluntarily pay for an
	institution that facilitates low cost or free access to their
	works. Even were they to do so, however, a publicly funded
	institution probably would be the preferred choice because the
	public policies underlying fair use require some guarantee of
	institutional longevity.
	
	Finally, the tradition of strong privacy protection by libraries
	makes these institutions best suited to maintaining the privacy
	of fair users. Funding for the fair use infrastructure could be
	provided either through general taxation, by a small
	administrative fee levied on copyright owners, or by some
	combination of the two.

The remainder of the paper goes on to explore the legality of such a system in light of US and international treaty law and concludes that such a system is feasible both domestically and abroad.

Further reading: Burk and Cohen, Fair Use Infrastructure for Copyright Management Systems

http://www.cfp2002.org/fairuse/burkcohen.pdf

3.0 Requirements additions

3.1 Accommodating a plausible scenario

The use-case outlined in 2.3 is legally valid, and represents the first scenario to date that would permit the continued evolution of the crucial fair use doctrine in a DRM universe. It is critical that the final standard that emerges from OASIS accommodate this case in addition to the other cases thus far considered.

3.2 Specific requirements

* A means by which the fair use escrow agent for a file may be indicated

* A means by which non-participation in fair use escrow (i.e., the abovementioned "right to hack" condition) is signalled in all cases where the above is not present

* A means by which a user may communicate with an escrow agent through a temporary identifier, such as an on-the-fly GUID

* A means by which an escrow agent may signal to a DRM application that a given use has been approved or denied

* A means by which escrow agents may exchange information as to new classes of uses that have been held to be fair

* A means by which an agent may authenticate a user as a member of one of the classes of persons with limited or entire copyright exemption, i.e., critics, researchers, academics, students, archivists, librarians

* A means by which bundles of rights reserved to exempt persons may be grouped (i.e., a class of permissions that are always afforded to librarians), with the possibility of localization to reflect varying copyright laws and practices

* A means by which a DRM scheme can respond to the presence of an exemption flag, through evaluating the permissions afforded to the exempt person based on locality at execution time in either the client or the server

* A means of signaling that an end-user's rights in a work have been transferred to an exempt person (i.e, donated to a school or library)

4.0 Conclusions

This scenario remains a use-case in which fair use is given space to evolve. A copyright-complete DRM scheme must uphold the public's rights in copyright, and if this system is to serve as the basis for both policy and business, it must accommodate the above and other scenarios that permit ambiguity in fair use.

5.0 References

* EFF site:

http://www.eff.org

* von Lohmann white-paper on DRM:

http://www.cfp2002.org/fairuse/lohmann.pdf

* Lessig et al. brief in Eldred v. Ashcroft:

http://eon.law.harvard.edu/openlaw/eldredvashcroft/supct/opening-brief.pdf>

* Burk and Cohen, Fair Use Infrastructure for Copyright Management Systems:

http://www.cfp2002.org/fairuse/burkcohen.pdf

[Note: this lightly-formatted text is from the source in an email message "EFF OASIS submission" sent by Cory Doctorow to Hari Reddy.

[See also the collection of Requirements contributions to the Requirements Subcommittee, OASIS RLTC.]

Cory Doctorow
Outreach Coordinator, Electronic Frontier Foundation
415.726.5209/cory@eff.org
Blog: http://boingboing.net

From:      Cory Doctorow [mailto:cory@eff.org]
Sent:      Wednesday, August 14, 2002 5:33 PM
To:       hari.Reddy@CONTENTGUARD.COM
Subject:   EFF OASIS submission

Prepared by Robin Cover for The XML Cover Pages archive.
Globe Image

Document URL: http://xml.coverpages.org/EFF-DRM-Requirements20020814.html