W3C Technology and Society

[Minutes Overview] [Workshop Home] [Previous: Introduction][Next: Publishers Requirements]

Minutes from the Section on Social and Legal requirements

Please refer to the position-papers and slides for authoritative answers. The following minutes are only a snapshot of Presentations and Discussions

Poorvi Vora (HP): Privacy and Digital Rights Management

See also the [Slides (ppt)] and the Position Paper

Why privacy?

We have been seeing common privacy infringement across the Internet. Consumers are responding with class action suits and negative responses through stock value depreciation. Privacy-violating protections against copyright infringement are not necessary for fraud prevention.

Poorvi Vora gave description of such a system

This implies that the legal liability of data collectors is amplified, in spite of their copyright protection schemes. W3C should care about privacy, because P3P credibility will be diminished by privacy infringement via DRM. On the other hand, those interested in DRM ought to pay attention and can benefit from the P3P work.

What are some potential invasions of privacy?

  1. User authentication - current PKI protocols limit the degree of anonymity -- we need to know who are you so we can sue you if you infringe
  2. Usage tracking for fraud prevention
In these things, all controls are in hands of content providers, providers are the center of this universe. We ought to make the consumer a first-class participant in the system, this will result in a more neutral system that will be more widely trusted.

Privacy infringement is not necessary for fraud prevention

Poorvi Vora than developed her thoughts around the idea of a person's profile being an asset. This would mean Being a first class participant means: Ownership of the asset and control of access rights. If proof of identity must be divulged, then this constitutes trade in an asset, especially when the personal info provided is more than the minimum.

She than proposed, that Systems ought to allow for many levels on anonymity. The consumer ought to participate in the degree of tracking involved. General desire: all transactions are explicit and with consumer participation.

Followed by a short description of the actual state of technology, she proposed to develop a stronger vocabulary for privacy expressions. P3P is seen as a beginning. Furthermore, there is a protocol of fulfillment needed to determine, how often a clearing agency e.g. was contacted

As an outcome for the Workshop, Poorvi Vora wanted to begin to work on degrees of anonymity, vocabularies for profile description, expressing of access rights ..

Viveca Still (University of Helsinki): Legal challenges for the development of Digital Rights Management Systems

See especially the [Slides (ppt)]and the Position Paper

Viveca Still split her talk into two questions:

  1. What requirements on the design of DRMS (DRM Systems) are set by copyright law?
  2. Requirements by other information law

Law Requirements for DRM

There are many implicit and few explicit. Remember we are talking about two features: technological measures (TM) and rights management information (RMI).
Relevant laws include European copyright directive and the US Digital Millenium Copyright Act (DMCA):

Neither Digital Millenium Copyright Act nor EU Copyright Directive require standardization but DCMA says that when there is standardization, the transmission of data must preserve the rights information

In the EU, the Copyright Directive has to be seen in the context of the Privacy Directive. In the EU copyright directive the rules are more explicit. It contains explicit rules about Privacy, which don't allow to build or profiles or monitor online activities

Do we need to consider fair use or other copyright exceptions?

There was a short discussion about loosing information because of DRM. Viveca Still developped the theory, that in this case, the state reserve itself the right to hack the copyright protection to assure the libraries right to archive and preserve works.

Requirements for DRM from other types of laws

Examples could be found in competition laws, consumer protection laws, general contract laws. Actually, it is too early to predict problems. New doctrines on misuse of rights may evolve.

But is there a rule of thumb here? Viveca Still insisted that we must think about the free flow of information, which is an old principle in law. There is a basic human right to think, talk, communicate. And economic efficiency and free trade are also very basic principles involved.

Are there general requirements from the concept of free flow of information?


Hiroshi Kawamura(Daisy Consortium/JSRPD): DRM For Persons Who are Blind and/or Print Disabled

See also the Position Paper. The presentation was in SMIL and is not publicly available

Hiroshi Kawamura talked mainly about Talking Books and other Specifications from Daisy, which are supposed to give access to disabled and dyslexic people.

Kawamura started with a SMIL- example: a "book" about dragons that synchronized text, pictures, and audio. He also showed a version of Martin Luther King's "I Have a Dream" speech that synchronized text and the actual recording. These examples were intended to give an idea of synchronized multimedia, related to the new digital talking book standard. We started with the idea of the digitization of books, Kawamura said, and reached a multimedia presentation. This brings up a new horizon of service for the disabled. Note too that synchronized text and audio can serve the dyslexic population, not just the blind. For example, this form of communication will be perfect for sending emergency messages in regions where there are language problems, can use this approach to inform the whole population.

The Digital Talking Book (DTB) group has taken these positions:

Hiroshi Kawamura closed by the following requirements for DRM from a standpoint of accessibility:


Peter Schirling, IBM & MPEG: reports notes that MPEG has a 16 kbps coder for MPEG-4 that can compress more effectively for content on a disk.

Question: In this age of digital information, we seem to be intorducing a control that has never existed before. In the future will information be as available, e.g. in libraries, as it was before. Should there be a time limit on DRM at work, is there a parallel to the expiration of copyright protection?

Jonathan Hahn (Versaware): notes that the limits we are worrying about may not be new and associated with digital content. Don't forget that it is not trivial to photocopy a 500 page book, nor is it trivial to retrieve a paper book 100 years later.

John Erickson (HP) : One assertion that was made that certain copyright law in certain domains provide exemtpions for certain access privileges. As we move forward, how do we preserve the kinds of ambiguity which for example have given certain communities "fair use" or "free use"?. There is a concern that certain protection measures will take away ambiguities we have used in the past. Do some lose access? Exemptions may be needed for some communities.

Scott Foshee (Adobe): I support general concept of putting privacy in the DRM, but how? I go one step further; this was alluded to as multi levels. If an individual's name is availabe to the DRM for identification purposes it might be useful to distinguish between data tracking and marketing purposes. I might be more comfortable if they agreed to use it only for access. If I enter into an agreement that they can use for marketing, I may wish to place additional constraints on what they do with my identify.

Jonathan Schull (Digital Goods): Tracking an anonymity are not incompatible. It is possible to preserve anonymity while allowing both marketing and tracking. Regarding the relation between personal information as an asset and DRM systems: perhaps we can treat personal information as subject to copyright protection also.

Poorvi Vora (HP): We can design a system this way, but there is no present legal support. Today's systems when they prompt you for information do not treat this as personal property. It depends also about the country. (Data self determination in the EU )

Larry Lannom (CNRI): We cannot have a discussion about the impact of DRM unless DRM is more fully defined.

Rigo Wenning (W3C): Well at this meeting we want to sketch out the requirements for a DRM system, more in the following sessions. We hope to identify and collect requirements here at this meeting.

Chuck Myers (Adobe): As a proxy for the library community, he expressed concerns that DRM systems acknowledge that copyrights expire. US Copyright law has some exceptions specifically for libraries that I understand are difficult for DRM systems to implement.

Melissa Levine (LOC): gives example of a legal issue: the law provides for first sale and ILL. We can see this working for physical things, but this has been harder to work out in the new technology. Our anxiety is that the current balance may be off, currently seems to favor the owner-protector.

Viveca Still: About the extinction of rights, she notes that in the digital environment, rights do tend to be perpetual. Agrees with comment from floor that DMCA does not make explicit the "right to hack." Remarks on the two or three newly allowed exemptions to anti-circumvention in DMCA, these in effect imply the right to hack. She gave the example of WebNannies; it was decided that the community has the right [to correct errors].

Chris Barlas (RightsCom, London): There are different legal conditions in Europe and in the US. There are different cultural conditions within Europe as well as between Europe and the US. If DRM is to be a global phenomenon we have to deal with this. While we are having these conversations it is important for each of us to identify from [which culture] we are coming; to identify what our assumptions are. How to think of this internationally is very challenging. Some for example may think that copyright never expires. But yes, copyright does run out.

Danny Weitzner (W3C): Regarding personal profiles being an asset, I think this is a valuable concept even for reasons having nothing to do with DRM. It is a fascinating question how to synchronize this concept with copyright protection. For freedom of expression purposes, I am opposed to think of protecting person information as copyrighted. E.g. should a journalist have to get my permission to write about me. Copyright could apply to the creator of the profile, not the subject of the profile. We should be careful about this. Regarding "do we know what a DRM is", we are here to understand what different DRMs are as they exist today and to understand what additional requirements we may need to meet.

[Minutes Overview] [Workshop Home] [Previous: Introduction][Next: Publishers Requirements]

Created by Rigo Wenning February 2001
Last update $Date: 2001/04/03 17:31:38 $ by $Author: rigo $