[Paper Overview] [DRM-Workshop Homepage]

Reuters - Position Paper for Workshop on Digital Rights Management

David Parrott
David.Parrott@reuters.com

Copyright © Reuters 2000. All rights reserved.
Note: The W3C-Document-License was granted

Perspective

Reuters is in the business of information; it is, amongst other things, a producer of high-value content. The products and services that Reuters supplies are based on information in the form of multimedia news (including text, still pictures, and audio/video), financial data, transactional data, and editorial content in numerous forms. The information delivered includes both discrete content files and continuous streams of discrete updates. Both historical and real-time information is available, and transaction processing is a key part of the business.

The bulk of Reuters products is delivered electronically. Historically, this has been over proprietary networks onto the screens and servers of closed user communities. While Reuters continues to pursue that mode of delivery, in more recent times Reuters vision has been defined as "making financial markets really work on the Internet".

Open networks, such as the public Internet, offer significant benefits but are also fraught with difficulties. On its closed networks, Reuters has honed its expertise in the field of permissioning and access control via the provision of bespoke entitlements systems. In the Internet world, by contrast, the degree of access control requires a more comprehensive and off-the-shelf solution such as that offered by Digital Rights Management (DRM).

What Reuters Needs from DRM

To date, much of the proprietary effort in building DRM solutions has been directed towards the delivery of simple, finite bounded content such as video, eBooks, music, and on-screen graphics directly to human "eyes and ears". Reuters needs DRM to work in an open, not proprietary, manner and to be able to cope with complex data types, delivered to machines (in addition to human beings) for customer-defined processing. Moreover, there must exist safeguards to ensure that all is not lost when the security of DRM systems is compromised.

In summary, three of the most significant issues facing users of DRM technology are:

1. The proprietary nature of systems (i.e., the lack of deployed standards and interoperability, both in terms of rights markup and in an operational sense).
2. Limitations in the way that trust is implemented, with a heavy bias towards trusted applications which focus on data types delivered directly to human "eyes and ears". Where Reuters customers define their own machine-processing requirements for Reuters data, the traditional DRM approach of pre-defined browser plug-ins no longer applies. A mechanism for customers to build trusted applications is highly desirable.
3. The failure of DRM solutions to address aspects of security such as "detection" and "action" following a security breach. Current DRM systems concentrate solely on "preventative" security, which is criticised because no system is fool-proof.

The key to much of the above is to build open, interoperable DRM systems. This is a vast space and encompasses the following:

• Ease of building, securing, and certifying trusted applications for novel problem domains.
• Secure cryptographic key management across different DRM solutions.
• Establishing and maintaining trust relationships between components and users of different DRM solutions.
• Standardisation of both the language to describe digital rights and of operational aspects such as data containers, control information, and content data structures.
• Trusted financial and information clearing between different DRM clearing infrastructures.
• Models of operation need to be revisited. Some systems allow fully off-line processing by delegating all trust functions to client-side components. Other systems require on-line access to download "licences" for once-off use which are then checked locally. In an interoperable world, compatible trust schemes would be necessary.
• To date, DRM solutions have attempted to address many different styles of content access with a single solution. For example, off-line access in MP3 music players is tackled using the same technology employed to manage access by Web content on the Internet from a permanently-connected PC. This "one size fits all" approach may need to be reconsidered.

Interestingly, a secure open-systems approach obviates the perceived need for DRM technology to be pushed down into operating systems. This mirrors the way that interoperable Public Key Infrastructure systems do not particularly require operating system support. Indeed, as with PKI systems today it is possible that operating systems could in the future provide some of the trusted component functions, more as a convenience than as a necessity. PKI also provides a good example for why DRM needs to become open and interoperable. No right-thinking business would seek to deploy a PKI solution if it precluded interaction with users of other PKI systems. The same will be true for DRM.

In addition to openness and interoperability, there is a requirement for extensibility. This is especially true for the language of rights markup. Current systems often deal in straightforward rights for printing, playing, and executing content (amongst others) but fail to address some of the more esoteric rights such as fair-use applications and rights to quote, subject to the constraints of quoting in a specified context.

Expectations from the Workshop

Key outputs from the workshop for Reuters are:

• A recognition that Open, Interoperable, and Extensible DRM systems are essential.
• Commitment from the W3C and DRM vendors to working towards an open framework both for Rights Markup and for functional interoperability.
• A realisation by DRM vendors that there is far more to data delivery on the Internet than entertainment files to be played and viewed in browsers.
• Ways forward to address the issues raised above, under the heading "What Reuters needs from DRM".

Reuters Contribution

From a background of delivering content electronically over a variety of media, Reuters has insights into many of the problems facing DRM in order for it to develop into a truly useful technology. Reuters has been looking at the application of DRM technologies for over three years and has a sound appreciation, from the content provider's perspective, of DRM's limitations and areas of potential development. Topics on which Reuters can contribute to the debate include:

• Complex permissioning models.
• The application of DRM to non-standard problems such as to streams of discrete data packets.
• The extensibility of Rights Markup to encompass complex scenarios such as:
  • Fair use
  • Context-sensitive quotation
  • The provision of real world problems such as:
    • the definition of rules over the usage and pricing of many forms of data,
    • rules over access to real-time data from financial exchanges,
    • the management and syndication of contributed data (in addition to distribution of Reuters own content) and, in particular, of the rules assigned to contributed data by the originators.
  • Extending the notion of "payment" to one of "obligation" on the part of the consumer (which may or may not imply a financial payment).
• Secondary technologies required to back-up the traditional DRM approach of preventing illicit access to content. This is likely to include traitor tracing, digital watermarking, and Public Key Infrastructure solutions.

Conclusions

Reuters has a desire to make DRM work. Until now this has been driven mostly by the requirement that Reuters has to protect its intellectual property rights on open networks coupled with the notion there is a certain credibility about DRM. This is not enough. DRM must be proven to work flexibly and openly in a number of key business areas and must overcome the criticisms leveled at it by experts such as Bruce Schneier in his recent book "Secrets and Lies".

Unless strong arguments to the contrary are made, Reuters will continue to view DRM as a potential, albeit partial, solution to the problem of protecting intellectual property rights on open networks. However, the search for alternatives will not cease until compelling arguments are presented to support the widespread deployment of DRM technology.