[discuss] DRM

[Jacqueline McNally]

Malte's talk at OOoCon2005 on Digital Signatures 
(http://marketing.openoffice.org/ooocon2004/presentations/friday/timmermann_digital_signatures.pdf) 
touched on DRM.

I have not met many people or organisations that want DRM, but then that 
may be my fault :) But for those that do, do you think what is offered 
by the Coral Consortium is worth considering for OpenOffice.org ?

See: http://www.theregister.co.uk/2005/01/24/community_source_program/
CE giants open DRM to the community
[Faultline, The Register, 24 January 2005]
"The leading vendors in consumer electronics have banded together to 
create a Community Source Program for digital rights management and will 
license the whole kit and caboodle, the patents, copyrights, compliance 
logo and source code to anyone that wants it.

Effectively CE DRM is going open source (to the extent that Community 
Source is the same as Open Source) in order to flood the market with DRM 
systems and route the threat offered by Microsoft in consumer electronics.

The move comes from the leading lights in the October announced Coral 
Consortium, and the DRMs that can be created with the new development 
tools will all be compliant with and ready to interoperate through the 
Coral interoperability standard."

All the best
Jacqueline McNally
Lead, OpenOffice.org Marketing Project
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Daniel Carrera]

This is a complex issue. It may be wise to get professional advice from 
the  Software Freedom Law Center:

http://www.softwarefreedom.org/
http://www.groklaw.net/article.php?story=20050201060017590


I don't know if this question lies within their legal consulting services. 
But there's no harm in asking, right?

Cheers,
Daniel.


On Wed, Feb 02, 2005 at 09:59:16AM +0800, Jacqueline McNally wrote:
> Malte's talk at OOoCon2005 on Digital Signatures 
> (http://marketing.openoffice.org/ooocon2004/presentations/friday/timmermann_digital_signatures.pdf)
>  
> touched on DRM.
> 
> I have not met many people or organisations that want DRM, but then that 
> may be my fault :) But for those that do, do you think what is offered 
> by the Coral Consortium is worth considering for OpenOffice.org ?
> 
> See: http://www.theregister.co.uk/2005/01/24/community_source_program/
> CE giants open DRM to the community
> [Faultline, The Register, 24 January 2005]
> 
> "The leading vendors in consumer electronics have banded together to 
> create a Community Source Program for digital rights management and will 
> license the whole kit and caboodle, the patents, copyrights, compliance 
> logo and source code to anyone that wants it.
> 
> Effectively CE DRM is going open source (to the extent that Community 
> Source is the same as Open Source) in order to flood the market with DRM 
> systems and route the threat offered by Microsoft in consumer electronics.
> 
> The move comes from the leading lights in the October announced Coral 
> Consortium, and the DRMs that can be created with the new development 
> tools will all be compliant with and ready to interoperate through the 
> Coral interoperability standard."
> 
> All the best
> Jacqueline McNally
> Lead, OpenOffice.org Marketing Project
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-- 
Daniel Carrera  | Rigorous reasoning from inapplicable
Join OOoAuthors today!  | assumptions yields the world's most
http://oooauthors.org   | durable nonsense.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Jacqueline McNally]

Daniel Carrera wrote:
This is a complex issue. It may be wise to get professional advice from 
the  Software Freedom Law Center:

http://www.softwarefreedom.org/
http://www.groklaw.net/article.php?story=20050201060017590
I don't know if this question lies within their legal consulting services. 
But there's no harm in asking, right?

Eben Moglen is speaking at http://www.linux.conf.au/ so I'm sure he/they 
will be asked by lots that are attending 
http://www.openoffice.org.nz/miniconf/ :)

DRM is one of those subjects that people often have strong views one way 
or the other. Even if the Coral interoperability standard checks out ok, 
we would still need our community to understand the issues and support 
the initiative. This is one of the reasons I posted here.

Also, DRM is promoted as a feature in other office-suites, so we do need 
to understand and be able to state succintly where we stand on the issue.

Regards
Jacqueline
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Daniel Carrera]

Jacqueline McNally wrote:

> Also, DRM is promoted as a feature in other office-suites, so we do need 
> to understand and be able to state succintly where we stand on the issue.

Yes, it's a difficult issue.

My take is that we should provide security-related features like digital 
signatures and encryption. But I have problems with features that, for
example, give control of your computer to another party, or eliminate 
whistle-blowing.

The problem with "DRM" is that it could encompass any and all of the 
above, as well as a dozen things I haven't thought of. This in turn has 
another problem, related to what you just said. Suppose we take DRM to 
mean "digital signatures" only. So under product description we put a 
check mark next to DRM. Then someone comes in, sees DRM, and takes it to 
be a synonym for "Treacherous Computing" and tells everyone OOo has sold 
out to the devil.

Not easy at all.

*Perhaps* it would be good to not use the term DRM but list the specific 
features that, for some people, may lie in that category.

I don't know. I'm just rambling right now. I need some time to formulate 
a meaningful opinion.

Cheers,
-- 
Daniel Carrera  | Rigorous reasoning from inapplicable
Join OOoAuthors today!  | assumptions yields the world's most
http://oooauthors.org   | durable nonsense.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Christian Einfeldt]

On Tuesday 01 February 2005 20:01, Daniel Carrera wrote:
> Jacqueline McNally wrote:
> > Also, DRM is promoted as a feature in other office-suites, so
> > we do need to understand and be able to state succintly where
> > we stand on the issue.
>
> Yes, it's a difficult issue.

snip..

> I don't know. I'm just rambling right now. 

Actually, I think that you hit a lot of the issues correctly.  
Information rights management is important for those who want it, 
but it is important that it be open.  I met someone recently at a 
Creative Commons party that was working on open privacy.  I'll try 
to get the card back from my office neighbor and send the info to 
this list. 

In Christensen's terms, info rights management is part of moving up 
market.  As a disruptive technology improves, it needs to prepare 
for the day when there will come "competitive battles" in which the 
disruptive technology moves out of the separate value network in 
which it was nurtured to attack the incumbent's weakening value 
network.  People want DRM, so we need to eventually be able to 
provide it to them, but make it OPEN.  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Daniel Carrera]

Christian Einfeldt wrote:

> People want DRM, so we need to eventually be able to 
> provide it to them, but make it OPEN.  

It's more difficult than than:

 * Some people want DRM.
 * Some people abhor DRM.
 * I doubt most people have a clear picture of what DRM is (I don't).


So, I agree we need to provide *something* to meet at least some of the 
needs of the first group. But *what* to provide is a very difficult 
matter.

Christian, could you provide a good definition of what DRM *is*. Suppose 
I'm new at this whole DRM brouhaha. I come over to a list and say "hey, I 
just heard about something called DRM, can someone explain what it is?"
What would you answer?

Cheers,
-- 
Daniel Carrera  | Rigorous reasoning from inapplicable
Join OOoAuthors today!  | assumptions yields the world's most
http://oooauthors.org   | durable nonsense.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Daniel Carrera]

Alright, I think it would be good to define DRM and the issues behind it
in clear and simple terms. For those who want to dig deeper, please read 
the resources section at the end of this post.

Now I'll have a go at laying out the issues.

  What is DRM?
  
  It is a term for a system which allows a supplier of electronic
  content to control and restrict its usage in ways that are specified
  by the supplier.

  Why DRM?
  
  The main argument for DRM is to prevent the ranpant copying of
  copyrighted software which was made possible by the advent of
  digital technology.

  Issues with DRM
  ---
  The problem with DRM is that it can be abused to apply restrictions
  beyond what is legally permissible under copyright law. For example:

  * In 2000 Adobe released the public domain work "Alice in Wonderland"
using DRM controls that prevented text-to-speech reading.

  * Lexmark added computer chips to their printer cartridges. These are
used to detect third-party cartridges and make them waste ink so
they'll deplete faster. Lexmark used DRM combined with the DMCA
to prevent competitors from emulating said chips.

  * DRM is used to control who can view a DVD. For example, if you buy
a DVD in the UK, it won't play on your DVD player in Australia.
Also, you can't view the DVD on GNU/Linux unless you use a
ircunvention library (DeCSS) which is illegal in some countries.


Whatever we decide to do about DRM, we should try to deliver "protection" 
to copyright authors, while avoiding the posibility of misuse. This ain't 
gonna be easy. It might well be impossible. I guess that we might 
try to prove only a very limited ammount of DRM technology that we are 
fairly confident would not be easily misused. What I'm trying to say is 
that this need not be black and white. We might decide to permit some DRM 
schemes but not others. For example, digital signatures and encryption 
could be considered DRM schemes, in a way.


Resources on the subject:

* _Free_Culture_ by Prof Lawrence Lessig:
  http://free-culture.org/

* Wikipedia:
  http://en.wikipedia.org/wiki/Digital_Rights_Management

* Freedom to Tinker -- by Prof Edward Felten
  http://www.freedom-to-tinker.com/

* The Digital Right to Read -- by RMS
  http://www.gnu.org/philosophy/right-to-read.html

* The Digital Imprimatur -- by John Walker
  http://www.fourmilab.ch/documents/digital-imprimatur/

Cheers,
-- 
Daniel Carrera  | Rigorous reasoning from inapplicable
Join OOoAuthors today!  | assumptions yields the world's most
http://oooauthors.org   | durable nonsense.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Louis Suarez-Potts]

HI

>
>Also, DRM is promoted as a feature in other office-suites, so we do
>need to understand and be able to state succintly where we stand on
>the issue.

We first came across this problem a couple of years ago, and our (Joerg
Heilig, technical lead, speaking for the Sun) stance at the time was
that we would rather go with 

"digital signatures and encryption using open APIs and open standards
(like XML signatures). We do not have information on how to use the
Microsoft DRM in apps not coming from MS, like OpenOffice.org. It would
be a requirement for supporting DRM to have access to these APIs but
also to be able to replace the backend infrastructure that manages the
certificates and the authentication behind the APIs. I do not see any
indications that this information is going to be available soon. In the
end it is the people who send documents around who will decide on how
useful this feature is. Remember that you need to know that the
recipient has at least MS Office 2003 and that she has a MS passport
account or other account managed in a MS backend certificate store. This
does not sound to me like a compelling picture looking at the level of
trust that people have developed towards MS. I rather see people asking
for a backend infrastructure that is based on public standards and
implementations from multiple vendors to choose from." [1]

Since this interview, we have of course been working on digital
signatures, which provide security.

In general, DRM is a) largely undefined but often means limiting what
one does as a recipient with a file,  and b) often pernicious where you
find it (because it limits what you do with what you think is your
property).  

In several interviews (or at least a couple; it was a big issue then;
Joerg also was interviewed elswhere, on this issue, though I don't know
if was published), I argued that Microsoft is terrorizing users,
espeically enterprises, and using its DRM as a weapon to route them into
using MSFT products alone.  I also presented the counter: one can have
just more than adequate security using the technologies Joerg describes,
which are open, and not ultimately forcing a dependency on a secretive
corporation.  


>
>Regards Jacqueline

-cheers
Louis
>

[1] Joerg Heilig interview.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Christian Einfeldt]

On Tuesday 01 February 2005 22:54, Daniel Carrera wrote:
> Christian Einfeldt wrote:
> > People want DRM, so we need to eventually be able to
> > provide it to them, but make it OPEN.
>
> It's more difficult than than:
>
>  * Some people want DRM.
>  * Some people abhor DRM.
>  * I doubt most people have a clear picture of what DRM is (I
> don't).

+1

>
>
> So, I agree we need to provide *something* to meet at least some
> of the needs of the first group. But *what* to provide is a very
> difficult matter.

+1

>
> Christian, could you provide a good definition of what DRM *is*.

Heh.  That's like the new judo student showing the instructor how to 
flip people.  But I will give it a try.

DRM is technology which allows a user to restrict access to 
technology by other users.  A broad definition, I know.  But 
workable.  In the context of an OOo doc, it means that you will 
have a mutual set of keys that you exchange with another OOo user, 
so that whenever that code is sent to that person, they and only 
then can open it, unless you want to allow other members of a 
defined group to open it. 

> Suppose I'm new at this whole DRM brouhaha. I come over to a list
> and say "hey, I just heard about something called DRM, can
> someone explain what it is?" What would you answer?

See above. 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Christian Einfeldt]

> I also
> presented the counter: one can have just more than adequate
> security using the technologies Joerg describes, which are open,
> and not ultimately forcing a dependency on a secretive
> corporation.

+1

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM >:(

[Lars D. Noodén]

Digital signatures and encryption should be available features.  Those are 
not necessarily DRM unless tangled as part of a larger system.  DRM or 
terms associated too closely with it should be avoided like the plague.

DRM is a very difficult issue and is nebulously defined at best.  In the 
cases I've been aware of it has had a very negative reception by both 
media and the public.  Following the technical side of it, I am very 
negatively impressed by the concept and goals.  So I'd second Daniel's 
suggestion that OOo list specific features rather than voluntarily take 
on such an unappealing mantle.

I was reading up on DRM again this weekend and consider that it has more 
potential for abuse than for legitimate uses, especially in the area of 
censorship or monitoring.  Widespread DRM would make it difficult if not 
practically impossible for many things, including whistle blowing.  Enron 
or the Saving & Loans scandals would not have been possible.  None of that 
is good for your investment (taxes) in the government or retirement.

DRM's not good for your wallet here and now either.  Proprietary devices, 
proprietary interfaces, copy protection, and restricted functionality pave 
the way for rental and service charges where you will be paying monthly or 
per session for every "computer controlled consumer electronics device", 
application or data stream.

"My fear is that Pd [DRM] will lead us down a road where our
computers are no longer our computers, but are instead owned
by a variety of factions and companies all looking for a
piece of our wallet."  -- Bruce Schneier
-- http://www.schneier.com/crypto-gram-0208.html
Feature list good.  DRM bad for liberty and democracy...
-Lars
Lars Nooden ([EMAIL PROTECTED])
The Internet is for Everyone:
http://www.ietf.org/rfc/rfc3271.txt?number=3271
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Mathias Bauer]

Daniel Carrera wrote:

> My take is that we should provide security-related features like digital 
> signatures and encryption. But I have problems with features that, for
> example, give control of your computer to another party, or eliminate 
> whistle-blowing.

IMHO DRM does not necessarily give anyone control of your computer. At
first DRM gives *you* control over your content and how it is used by
others. For non-private use this can be a useful and important feature
even for office programs.

The problem with DRM is that following the common understanding it needs
hardware support to make it safe. This of course is currently very often
seen as something that might cause problems in the area you mentioned.
But OTOH it is also not clear that DRM will really take over the
computer just because there is no implementation where that could be
verified or disproved.

> The problem with "DRM" is that it could encompass any and all of the 
> above, as well as a dozen things I haven't thought of. This in turn has 
> another problem, related to what you just said. Suppose we take DRM to 
> mean "digital signatures" only. So under product description we put a 
> check mark next to DRM. Then someone comes in, sees DRM, and takes it to 
> be a synonym for "Treacherous Computing" and tells everyone OOo has sold 
> out to the devil.

I wouldn't care for people that tell such nonsense. Obviously they don't
understand the matter and are just parroting something they have read
somewhere else.

DRM is very often misunderstood. IMHO it's neither good nor bad, in the
same way as encryption or signing isn't. It's just a feature one can use
(or not), and there is nothing bad in restricting the access to content
you have produced by yourself.

Best regards,
Mathias

-- 
Mathias Bauer - OpenOffice.org Application Framework Project Lead
Please reply to the list only, [EMAIL PROTECTED] is a spam sink.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Lars D. Noodén]

On Wed, 2 Feb 2005, Daniel Carrera wrote:
[...]
 Why DRM?
 
 The main argument for DRM is to prevent the ranpant copying of
 copyrighted software which was made possible by the advent of
 digital technology.
[...]
I think copyright infringement is the phrase being sought.
The phrasing of that is hard to get right, especially because of all the 
conflicting information, misdirection, and just plain misinformation put 
out there, largely by the pro-DRM crowd.

To be accurate, copyrighted software music books etc can be freely and 
legally downloaded copied modified shared etc if either the law or license 
allows it.  Licenses which allow this include GPL, BSD and CC.  Most 
countries have quite reasonable interpretations of the fair use clause, 
even the U.S. still has one (article 106 or there abouts) for a while. 
Denmark and Candada standout as good models.  One ofthe main problems with 
currently proposed implementations of DRM is that they do not take into 
account any flexibility or fair use afforded by the Berne Convention or 
national laws.

-Lars
Lars Nooden ([EMAIL PROTECTED])
The Internet is for Everyone:
http://www.ietf.org/rfc/rfc3271.txt?number=3271
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Lars D. Noodén]

On Wed, 2 Feb 2005, Mathias Bauer wrote:
IMHO DRM does not necessarily give anyone control of your computer. At
first DRM gives *you* control over your content and how it is used by
others. For non-private use this can be a useful and important feature
even for office programs.
In order for DRM to work, you must cede control of your computer. 
Otherwise, circumvention of the technology is trivial.  Read up on how 
the LaGrande CPU is supposed to work. There is similar work with 
BIOS (Pheonix) and with hard drives.

Most implementations and proposed implementations of DRM violate both fair 
use and the doctrine of first sale.  There are also issues about being 
able to lock out competitors -- it's a clear way to ensure that files 
created with one company's products cannot be opened by others.

If one wants to look at computers as a communications device, then DRM 
also raises problems with common carriage, though it seems that many 
multi-national corps would like folks (esp judges) to forget that ancient 
doctrine / law.

Nothing we know or teach today is the result of keeping knowledge 
secret or preventing its distribution.

-Lars
Lars Nooden ([EMAIL PROTECTED])
The Internet is for Everyone:
http://www.ietf.org/rfc/rfc3271.txt?number=3271
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Lars Oppermann]

Hi guys,
I belive that we are taking to many steps at a time here when discussing 
DRM. As Christian pointed out, DRM, in general, provides means for 
owners of some content to control what others are allowed to do.

In oder to implement those means, the content is usualy encrypted, and 
only conforming applications are allowed to decrypt the content. This is 
where it gets quite complicated, because it somehow has to be ensured, 
that only the 'right' applications are able to decrypt the content.

Today, this is implemented through closed source implementations as is 
with media-players, or licensing as with DVD player hardware.

These are models of which I don't know how they could be applied to open 
source software. Anyone could recompile the application and just comment 
out the restriction checks.

Is anyone aware of a way those two concepts can co-exist? Because as 
soon as the content has been decrypted, an application could do anything 
with it, which renders DRM virtually unusable on the application level. 
DRM on the hardware level (like trusted computing) however still needs 
Applications to be authorized.

Can anyone think of a scenario that would work?
~Lars
--
Lars Oppermann <[EMAIL PROTECTED]>  Sun Microsystems Inc.
Software Engineer - StarOffice   http://www.sun.com/staroffice
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Lars D. Noodén]

On Wed, 2 Feb 2005, Lars Oppermann wrote:
[..]
Is anyone aware of a way those two concepts can co-exist? Because as soon as 
the content has been decrypted, an application could do anything with it, 
which renders DRM virtually unusable on the application level. DRM on the 
hardware level (like trusted computing) however still needs Applications to 
be authorized.

Can anyone think of a scenario that would work?
No, but it would be interesting to read of one.
I've seen (but lost the links to) articles which claim that DRM is not 
feasible even in theory. This somehow reminds me of copy protection 
gimmicks of the late 1970's and 1980's which were eventually dropped from 
software in the 1980's because it was proven to not work.

Even if you can technically implement uncomplex DRM, handling principles 
like the doctrine of first sale and fair use are likely too much for any 
technology even on the horizon.  Without those DRM is mostly 
disadvantageous.

Also, how can it be guaranteed that DRM can't / won't be used to lock out 
competition or for censorship or espionage?

-Lars
Lars Nooden ([EMAIL PROTECTED])
The Internet is for Everyone:
http://www.ietf.org/rfc/rfc3271.txt?number=3271
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Daniel Carrera]

Lars Oppermann wrote:

> Is anyone aware of a way those two concepts can co-exist? Because as 
> soon as the content has been decrypted, an application could do anything 
> with it, which renders DRM virtually unusable on the application level. 
> DRM on the hardware level (like trusted computing) however still needs 
> Applications to be authorized.
> 
> Can anyone think of a scenario that would work?

Nothing would provide full "protection". Nothing at all. Even propietary, 
hardware-encoded systems would not provide full protection. People could 
just grab a home camera, point it at the computer monitor and mail tapes 
by physical mail.

But full protection should not be the goal.  Let me explain:

Do bicyle theft laws prevent the theft of all bicycles?
Does any law fully prevent any crime?
No.

The objective of laws is not the complete removal of an illegal activity, 
because the only way to truly attain that is by creating a police state 
governed by a brutal tyrany. Rather, the objective of laws is to 
discourage crime, but to balance the desire for low crime against the 
desire for personal freedom. So too should it be with DRM.

Therefore, this is the stance I propose:

  The goal of DRM is not to make copying absolutely impossible. Just
  make it difficult and inconvenient in a way that properly balances
  against users' freedoms.
  If anyone has a good reason why they need near absolute access
  control, they should not be using DRM, they should use password
  based encryption.


Now, if I think of a way to attain that other goal, I'll let you know.
:-)

Cheers,
-- 
Daniel Carrera  | Rigorous reasoning from inapplicable
Join OOoAuthors today!  | assumptions yields the world's most
http://oooauthors.org   | durable nonsense.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Christian Einfeldt]

snip..

> Is anyone aware of a way those two concepts can co-exist? Because
> as soon as the content has been decrypted, an application could
> do anything with it, which renders DRM virtually unusable on the
> application level. DRM on the hardware level (like trusted
> computing) however still needs Applications to be authorized.
>
> Can anyone think of a scenario that would work?

I met someone at a creative commons party recently here in SF who is 
working on an open source solution.  I am a simple end user, so I 
can only repeat what the true geeks tell me.  I have loaned this 
person's card to a friend, who is not in his office next door at 
the moment.  When he gets back, I will get it from him. 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Jacqueline McNally]

Christian Einfeldt wrote:
snip..

Is anyone aware of a way those two concepts can co-exist? Because
as soon as the content has been decrypted, an application could
do anything with it, which renders DRM virtually unusable on the
application level. DRM on the hardware level (like trusted
computing) however still needs Applications to be authorized.
Can anyone think of a scenario that would work?

I met someone at a creative commons party recently here in SF who is 
working on an open source solution.  I am a simple end user, so I 
can only repeat what the true geeks tell me.  I have loaned this 
person's card to a friend, who is not in his office next door at 
the moment.  When he gets back, I will get it from him. 

I started the conversation off with:
See: http://www.theregister.co.uk/2005/01/24/community_source_program/
CE giants open DRM to the community
[Faultline, The Register, 24 January 2005]
It would be interesting to know if there are other groups in addition to 
the Coral Consortium that are working towards an open standard or open 
source solution.

The last paragraph of the above article reads:
"In the digital media world that is coming, all future entertainment 
players will need to have a processor and an operating environment (most 
will chose CE Linux), and the commonality between platforms will not 
reside in the operating system but in the file types, the digital 
identifiers and an interoperability layer for the DRM systems which are 
most likely to be orchestrated by web services."

To me "... and the commonality between platforms will not reside in the 
operating system but in the file types ..." is similar to us and others 
encouraging the use of OpenDocument.

Also, they say earlier in the article "Coral is being written in XML and 
according to web service standards ...".

Regards
Jacqueline
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Christian Einfeldt]

On Wednesday 02 February 2005 19:19, Jacqueline McNally wrote:

snip...

> I started the conversation off with:
>
> See:
> http://www.theregister.co.uk/2005/01/24/community_source_program/
> CE giants open DRM to the community
> [Faultline, The Register, 24 January 2005]

Hi, 

Wow, this thread is so important that I have linked the thread on 
this page of the Digital Tipping Point site.  My thanks to the 
folks participating in this thread, including, but not limited to, 
Jacqueline and Daniel, as I have cut and pasted some of the links 
from your posts into links of their own on this page.  

http://www.digitaltippingpoint.com/component/option,com_weblinks/catid,93/Itemid,4/

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Mathias Bauer]

Lars D. Noodén wrote:
> On Wed, 2 Feb 2005, Mathias Bauer wrote:
>> IMHO DRM does not necessarily give anyone control of your computer. At
>> first DRM gives *you* control over your content and how it is used by
>> others. For non-private use this can be a useful and important feature
>> even for office programs.
> 
> In order for DRM to work, you must cede control of your computer. 
> Otherwise, circumvention of the technology is trivial.  Read up on how 
> the LaGrande CPU is supposed to work. There is similar work with 
> BIOS (Pheonix) and with hard drives.

(...and some more...)

That's more or less what I wanted to express by writing: The problem
with DRM is that following the common understanding it needs hardware
support to make it safe.

If that means that one gives away control of ones computer is still open
for me until it is clear how the used implementations really work.
Giving away control in my understanding means that this control is taken
over by someone/something else. That must be proven in the products when
they are accessible. I prefer to cross the bridge when I get to it.

But even if I find that those implementations take too much control away
from me I still can decide not to use them and so not use DRM. OTOH this
means that DRM and the hardware to support it are OK as long as there
are other options.

There's too much fuss around DRM.
Besides that there are two valid arguments against DRM I absolutely
agree to:

- DRM can be used to tie your work to a single implementation if it
doesn not use free standards. DRM based on a MS infrastructure would be
a distaster, it might give you the control over your content, but it
gives MS the control over how you create it. This would be the perfect
lock-in.

- It's absolutely unclear if such "free standards based" DRM (and this
is the only acceptable one IMHO) is possible at all. So maybe this whole
discussion is useless. ;-)

Best regards,
Mathias

-- 
Mathias Bauer - OpenOffice.org Application Framework Project Lead
Please reply to the list only, [EMAIL PROTECTED] is a spam sink.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Lars Oppermann]

Mathias Bauer wrote:
- DRM can be used to tie your work to a single implementation if it
doesn not use free standards. DRM based on a MS infrastructure would be
a distaster, it might give you the control over your content, but it
gives MS the control over how you create it. This would be the perfect
lock-in.
That is absolutly true, especialy for the current DRM systems. They lend 
themselfes perfectly to lock in, because the decryption scheme is 
regarded intelectual property, thus unauthorized decryption by competing 
products can be regarded as infringement. This allows platform vendors 
to lock consumers AND content providers into their system, which only 
they (or those paying royalitoies to them) are allowed to sell...

That said, an open platform for authorization based content handling 
would be a good thing.

For mobile devices there is OMA: 
http://www.openmobilealliance.org/tech/publicmaterial.html
They are defining an XML container which includes the DRM information. 
The platform then just keeps itsel 'restrained' according to that 
container. That's easy, because in the mobile devices world, vendors 
have control over the platform.
I guess, that the OMA license requirements will also require 
implementors to build systems that can't circumvent the protection, but 
I didn't work through it.

- It's absolutely unclear if such "free standards based" DRM (and this
is the only acceptable one IMHO) is possible at all. So maybe this whole
discussion is useless. ;-)
While defining a DRM container is possible (as we all aggree), the 
problem is with the enforcment of that container on an open platform. 
'Enforce' and 'open' just don't work well together I guess ;)

Christian compared this with law enforcement and mentined the balance 
between freedom and protection. I belive, that DRM has a more 
preemtive-approach on enforcement than traditional law enforcement. 
(Please, tell me when I'm off here, IANAL)
Traditionally, anyone breaking a law has to fear some sanctions. 
Applying this to digital content means: anyone not following the 
licensing terms under which content was provided to him has to fear 
sanctions. a) you don't need DRM for that, b) that's what copyright laws 
are for IIRC.

A DRM container like OMA alone is just a formal description of a 
license. It contains terms which tell the licensee what he may do and 
nay not do. An application that is able to read thos terms can help the 
licensee to adhere to the terms without having to understand and read 
every single word of a complicated license aggreement. When you put it 
like this, it doesn't sound so bad, does it?

People can still decide to not adhere to the license by not adhereing to 
thew terms rquired by the container, should their application permit 
them too. That's like someone deciding to break a law.

Cheers
~Lars


--
Lars Oppermann <[EMAIL PROTECTED]>  Sun Microsystems Inc.
Software Engineer - StarOffice   http://www.sun.com/staroffice
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Daniel Carrera]

Lars Oppermann wrote:

> While defining a DRM container is possible (as we all aggree), the 
> problem is with the enforcment of that container on an open platform. 
> 'Enforce' and 'open' just don't work well together I guess ;)

Though it's not inconceivable. After all, the most powerful encryption 
algorithms (El Gamal, Blowfish) are open.

Let's see if we can look at DRM from that approach. Ecryption systems 
can be open and reliable because their security depends not on the 
secrecy of the algorithm, but the secrecy of a key. Therefore, we 
might guess that an open DRM system would have to be similar.

I don't have a direct application of that to DRM, but I wanted to 
throw that out for brainstorming.

> Christian compared this with law enforcement and mentined the balance 
> between freedom and protection.

I could be wrong, but that might have been me :-)

> Traditionally, anyone breaking a law has to fear some sanctions. 
> Applying this to digital content means: anyone not following the 
> licensing terms under which content was provided to him has to fear 
> sanctions. a) you don't need DRM for that, b) that's what copyright 
> laws are for IIRC.

Yes.  But on the other hand, the probabilities of being caught are 
small unless you use some form of DRM.

One thing I'd like to know is, what kind of DRM does someone need on 
an office suite anyway? OOo doesn't play movies or MP3s. So it's not 
like the RIAA/MPAA give a hoot if OOo has DRM or not.


Cheers,
-- 
Daniel Carrera  | Rigorous reasoning from inapplicable
Join OOoAuthors today!  | assumptions yields the world's most
http://oooauthors.org   | durable nonsense.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Lars Oppermann]

Daniel Carrera wrote:
Lars Oppermann wrote:
While defining a DRM container is possible (as we all aggree), the 
problem is with the enforcment of that container on an open platform. 
'Enforce' and 'open' just don't work well together I guess ;)
Though it's not inconceivable. After all, the most powerful encryption 
algorithms (El Gamal, Blowfish) are open.

Let's see if we can look at DRM from that approach. Ecryption systems 
can be open and reliable because their security depends not on the 
secrecy of the algorithm, but the secrecy of a key. Therefore, we 
might guess that an open DRM system would have to be similar.

I don't have a direct application of that to DRM, but I wanted to 
throw that out for brainstorming.
The problem here seems to be, that DRM starts where encryption ends. 
Encryption also has to do with trust. You encrypt under the assumption, 
that only trusted people will be able to decrypt the content. DRM 
encryts under the assumption that the person that is provided means to 
decypt is not to be trusted and thus needs to be 'guided' (euphemism 
intended :) by a trusted application.


[...]
One thing I'd like to know is, what kind of DRM does someone need on 
an office suite anyway? OOo doesn't play movies or MP3s. So it's not 
like the RIAA/MPAA give a hoot if OOo has DRM or not.
We discussed this on the OASIS OpenDocument call. It seems like some 
people have indicated that they would like this to control how documents 
are shared over the network. For example certain people not being able 
to modify or print a document, not send it as email...

A 'soft' way of doing this is easy, we would just need a syntax that 
expresses what is allowed and what's not and there could be an 
application feature that honours thsose flags. This should however be 
configurable, since anyone with a compiler could disable it anyway :)

It might be regarded as help for people not accidently modifying an 
important document, not accidently sending a confidential document and such.

It is however not real security. As real DRM IMHO is kind of a scam to 
lure content providers into providing their content at all by giving 
them the impression that it was protected by sophisticated technical 
measures as well as providing technology lock-in.

Bests
~Lars
--
Lars Oppermann <[EMAIL PROTECTED]>  Sun Microsystems Inc.
Software Engineer - StarOffice   http://www.sun.com/staroffice
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [discuss] DRM

[Ric Hayman]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lars Oppermann wrote:
| Daniel Carrera wrote:
|
|> Lars Oppermann wrote:
|>
|>> While defining a DRM container is possible (as we all aggree), the
|>> problem is with the enforcment of that container on an open platform.
|>> 'Enforce' and 'open' just don't work well together I guess ;)
|>
|>
|> Though it's not inconceivable. After all, the most powerful encryption
|> algorithms (El Gamal, Blowfish) are open.
|>
|> Let's see if we can look at DRM from that approach. Ecryption systems
|> can be open and reliable because their security depends not on the
|> secrecy of the algorithm, but the secrecy of a key. Therefore, we
|> might guess that an open DRM system would have to be similar.
|>
|> I don't have a direct application of that to DRM, but I wanted to
|> throw that out for brainstorming.
|
|
| The problem here seems to be, that DRM starts where encryption ends.

| Bests
| ~Lars
|
There has been prior discussion on this topic (check the archives if
interested) but I will summarise my previous comments thus:
The only reason apparent to me for the use of DRM on office documents
(movies and music may be a separate argument) is to allow a vendor of
proprietary software to lock-in existing customers, not only to their
product, BUT potentially forcing upgrades on a schedule of the vendor's
choosing - all to access your OWN data. The other possible scenario is
where a market mismatch exists (e.g. large customer:small supplier) then
a business may find it necessary to purchase a proprietary product to
continue dealing with their large and very important customer.
DRM, IMO, does not add anything worthwhile that is not already available
~ via PKI encryption/authentication - which doesn't require a proprietary
solution.
Ric
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCAtpYzF8kS4Euk0QRAstcAJ0Q/9ZqP5Jt4mwAfDnprnbHho4hVACgoMOC
72AoWtuqKLr0CNU9gHSFhHs=
=z+bN
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[discuss] DRM in MS Office, was:sharing OOo among lawyers

[M. Fioretti]

On Wed, Apr 20, 2005 10:49:23 AM -0400, Lars D. Noodén
([EMAIL PROTECTED]) wrote: 

> MSO XP on MS-Windows XP SP2 or MSO 2003 (which has DRM baked in) has
> the capability that every time a document is opened, created,
> edited, printed, copied, saved, or mailed that action can be
> tracked.  Depending on the settings, the tracking either occurs at
> the MS-Pasport site, or on another designated MS-Server.  Note that
> 2003, XP SP1, and 2000 SP3 grant third party access to the contents
> of the server (check the technical description or just read the
> license that came with) I'm sure it's not a good thing to allow
> third parties to keep up on internal communications

Any URLs (possibly from Microsoft) where this is officially said and
explained in more detail?

TIA,
Marco


-- 
Marco Fiorettimfioretti, at the server mclink.it
Fedora Core 3 for low memory  http://www.rule-project.org/

Sometimes when you fill a vacuum, it still sucks.
-- Bill Joy, founder of Sun Microsystems

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]