The UK government released today its interim report Digital Britain unveiling 22 recommendations and a road map towards a final report due this summer. On Digital Content, the interim report presents 4 actions on the economics (action 10) and on the rights and distribution (actions 11 to 13), arguing for :

• alternative funding models to advertising revenues,
• a Rights Agency in charge of enabling technical copyright-support solutions that work for both consumers and content creators “Digital Rights Management (DRM), properly applied“,
• education and information of consumers on fair and appropriate use of copyrighted material,
• fighting unlawful P2P file-sharing having ISPs monitor users’ Internet traffic, warning them in case of infringement and revealing the information to rights-holders based on a court order.

A TED like summit is planed for April and in the meantime, interested parties are invited to join the discussion by sending their expressions of interest to : digitalbritain@berr.gsi.gov.uk before March 12, 2009.

The US FTC is organizing a DRM conference on March 25, 2009 in Seattle at the University of Washington Law School. Topics to be covered include basic introductory issues, legal, consumer issues and future trends. They are also inviting interested parties to submit comments and suggestions for topics by email to : drmtownhall@ftc.gov by February 9, 2009.

Oddly enough, it feels like states and governments around the world have all of a sudden realized that we have entered in the 21 century, that we live in a global networked economy and society where trade and services are now dematerialized and involve intangible assets. Paradoxically recent initiatives are starting to drop DRM (Apple iTunes Plus, just for music though).

All this may not be contradictory after all. Highly commoditized goods such as music nowadays may go DRM free provided there is some form of higher authority overlooking and requiring that the ISPs monitor user traffic to detect unlawful P2P file-sharing. The story might be slightly different with video premium content in the short term.

At the end of the day, we are likely to still have DRM and gain a global surveillance from our ISPs of our every packets flowing in and out of our homes, forced by law. So wouldn’t we want to get that DRM “thing” right ? Now would be the time to do it before we get into another fight about our civil liberties and privacy rights.

Lets go “green” (Green DRM), before we all go dark !

The planed law proposes a gradual and proportionate answer in three steps. The first step requires the ISP, on behalf of the HADOPI (Haute autorité de diffusion des oeuvres et de protection des droits sur internet), to warn the user by email. In case the user repeats the offense within six months a second warning is sent both by email and by registered mail. Finally, if the user does it again within the year after the second warning, HADOPI can either order the Internet access to be suspended for three months to one year or order the user to take measures preventing further infringements. ISPs in this context will have to comply to such new laws and not only spy on their subscribers but also collaborate with the legal authorities.

Several points need to be stressed about this :

First, this goes against the European Parliament positions on this issue arguing that it would go against civil liberties, human rights and the principles of proportionality, effectiveness, and dissuasiveness. A recent vote on the issue led to the position that it would require a court order to disconnect someone from the Internet. In the 21st century, Internet access has become a vital commodity like water or electricity. One cannot reasonably ban someone from the Internet ! People depend on it to work, bank, trade, find jobs, socialize, shop, telephone, etc.

Second, such a law will be totally ineffective. By the time it comes into force and can be applied there will already be dozens of ways to circumvent it technically using infrastructure outside national jurisdiction and encrypted networks.

Third and most notable is that we are working with the wrong paradigm. The whole industry is working under the assumption that the user is presumed criminal. The rights holders have barely accepted the idea of “managed copying“. The DRM technology providers basically implement what the industry tells them to do. Consequently, what can you expect from the public policies and legal framework : the above mentioned kind of laws.

The fundamental assumption is wrongly postulating that the threat comes from the user and consequently turns him into a presumed criminal. Under such hypothesis it is no wonder that DRM technology providers implemented DRM solutions based on strong cryptography shifting the load of the burden towards the users. The impulse coming from the media industry refusing to see the transformation of their industry as an opportunity rather than a threat, the requirements were naturally mapped on old patterns of copyright coming from the pre-Internet age.

In this context, it is no wonder DRM opponents and activists justifiably argue that DRM is “defective by design“. And I have to fully agree, even though I am a researcher in DRM, as long as the users will be considered criminals a priori.

So the true question is not how to ditch DRM and copy protection, as often argued by Cory Dotorow, but rather how to approach the problem with the right assumptions and consequently the right business models (e.g., Apple iTunes Plus DRM free content). Such an assumption postulates to put the user back where he belongs in the center of the model and to trust him (the criminals are not who the media industry thinks they are). In doing so, DRM can be approached in a totally different way. Enhancing user experience (which to the best of my knowledge is a key success factor in this industry). Work has been done in this area with models for managing exceptions in DRM environments, but the media industry just doesn’t want to see it and is still on a witch hunt trying to preserve an industry which has already changed whether they like it or not.

I want to close this blog post illustrating the negative impact of law on creativity quoting the brilliant TED Talk of Lary Lessig March 2007.
In law, there is a basic principle that often applies called the burden of proof (onus probandi) applicable to the plaintiff to prove his allegations.

In other words and in this context, shouldn’t lawful use be presumed, unless otherwise proven by the right holder ? But this is common sense “a rare idea in the law! ” quoting Lary Lessig.

Now what exactly would we find behind “cloud computing” ? Of course, all the great technology and infrastructure we now have at hand stemming from grid and utility computing and storage, service architectures, etc. but we may still be missing a basic building block. One which would offer some of the nice and desirable properties to realize such scenari. Actually, thinking about it again in terms of pervasive, proactive and personalized immediately triggered the idea of “personal avatars” or “electronic butlers” launched in the Ethos of the Cloud knowing at all time what to do, where I am, what I need, and of course able to protect itself from the outside since it is likely to hold many personal information. Having worked for some time on Mobile Agents, peer-to-peer protocols and DRM led me to think this might just be the time for a new start for Mobile Agents. Moreover, combined with virtual environments such as for example Second Life could represent just the right Human Computer Interface for Mobile Agents.

What better metaphor could we find for a mobile agent to which we delegate complex tasks than one of an Avatar which by the way may not necessarily have a human like representation. People may want to think about it as a simple “black box” with a mood like interface on it instantly showing a sign of its status… Real World and Virtual World probes and sensors helping along the way…

Fun times ahead and as we very well know, sometimes the timing is just not the right one, mobile agents have been around for decades, maybe just waiting for the right “Cloud” to start delivering on their promises and capabilities…

Of particular interest here is a paper [1] by Nancy Jennings and Chris Collins documenting current practices and uses in education and research within Second Life. The survey covers some 170 accredited educational institutions and is a very good starting point to get an idea of the kind of activities that are being carried out using this new media in order to augment, transform and start (re)thinking how some Real Life activities may be re-visited through such technologies. Mew media warrants new thinking! It will be very interesting to see how education and collaboration will look like in a maybe not so distant future…

[1] N. Jennings and C. Collins, “Virtual or Virtually U: Educational Institutions in Second Life”, International Journal of Social Sciences, Vol 2, No. 3, 2008, ISSN 1306-973X. (PDF File Here)

So, despite the “YouNameIt++ frenzy” (trend consisting of giving and incrementing version numbers to reflect the next generation of challenges in a topic, e.g., Web 2.0, Web 3, Identity 2.0, etc.) he calls for “Security 2.0” saying it builds on traditional security (Security 1.0) adding protection at the level of the information itself and the interactions.

Interestingly, Enterprise DRM is currently one of the possible technologies used in the corporate environment to address some of these issues trying to persistently protect and manage content no matter where it resides (i.e., including outside traditional corporate perimeters). As a result, this brings the granularity of the protection down to the individual information level by cryptographically associating governing rules to the content. Moreover, given the criticality of the managed content it is also possible to dynamically adapt those rules in real time thus allowing to basically “recall” content if needed.

Our environment cannot rely anymore only on perimeter based security, Access Control, and secure communication channels. We’ve passed the point of no return and need to address information security in a way that accommodates current and future business practices.

Two problems arise here : First Interoperability and the lack of standards in the field of Enterprise DRM. We cannot rely on vendor specific proprietary solutions. Second, most deployed solutions today address specific needs in siloed approaches (e.g., SOX, Based II, HIPPA, IP protection, etc.). As a result, the field needs to take a step back and rethink the whole problem at a higher abstraction level in terms of Policies and how they are managed. Some of which may be electronically instrumented through technical means (e.g., Enterprise DRM). This is Digital Policy Management, an emerging and very important research area I’m working on. I have setup a page for this in order to generate and stimulate discussion on these issues here: The Digital Policy Management (DPM) Page. Everyone is welcome to join the conversation (practitioners and researchers) on all aspects of the problem (engineering, management, legal, social, ethical, behavioral, etc.)

Source : FT.com, Dec. 5, 2007, “New Threats call for a fresh approach“, Personal View by Tom Kendra,
http://www.ft.com/cms/s/0/bef572d0-9f58-11dc-8031-0000779fd2ac.html

Also noted is the necessity for research on the future of the Web to “draw on experts from a mix of backgrounds, including technologists, economists, psychologists and sociologists.” in order to rethink Web interaction, organizing society and maybe replace existing forms of democracy.

I couldn’t agree more. In my opinion this goes far beyond industry research. This is also valid in the academic environment where some IT related disciplines such as MIS and IS are facing growing concerns with dramatic drop in enrolment. We need to take a step back and rethink our disciplines in ways that integrate the ever increasing dimensions of our societies. Of particular interest here, is the emergence of Services Sciences as a discipline drawing form disciplines too often isolated such as computer science, operations research, industrial engineering, business strategy, management sciences, social and cognitive sciences, and legal sciences. IBM has been instrumental in this direction which they now brand under the title of : Services Sciences, Management and Engineering (SSME).

Predictions are hard to make. However my “gut feeling” definitely includes evolution towards interdisciplinary research in our field to address the challenging issues of our networked economies and the growing pervasiveness of our “read-write” societies (borrowed from Lawrence Lessig, great talk at Linuxworld 2006 and TED Talk March 2007), but this is another story…

Source : FT.com, Dec. 6, 2007, “Web founder warns of short-termism“, Richard Waters and Kevin Allison,
http://www.ft.com/cms/s/0/36c5b334-a467-11dc-a28d-0000779fd2ac.html