At the Federal Trade Commission’s hearings on DRM back in February, I got into a discussion with Alex Halderman, formerly a student of Ed Felten in Princeton, now a tenure-track researcher at the University of Michigan. I asked Dr. Halderman why academic research on DRM has dwindled to a virtual halt, at least in the United States.
Specifically, I wanted to know whether he believed that security researchers were scared away from the field after the RIAA threatened his mentor Felten with a lawsuit over Felten’s own threat to publish a paper on how his team hacked the supposedly secure SDMI watermark. The ever-genial Halderman replied, “No, I think we are moving away from DRM research because many of us feel that most of the interesting problems have already been solved.”
Alex, if you’re reading this, pardon my skepticism. As those who attended the Virtual Goods/ODRL Workshop yesterday in Nancy, France found out, research on rights management is alive and well and living in cities near the Rhine river — which, after all, lent its name to the symmetric encryption algorithm (Rijndael) that became the government standard AES, used in many DRM implementations.
The research papers included an interesting one called Usage Rights Management, which discussed tools that users can use to monitor the licensing terms of their own files in a simple, color-coded way, without actually protecting files or restricting them from playing. The so-called URM scheme, from three researchers at the University of Koblenz, is intended to confer benefits on the user, such as proof of purchase of legitimate files when the user is accused of piracy. This scheme could also be an interesting fit with the FTC’s quest to find a DRM labelling standard.
Another interesting talk at this conference described a way of using the ODRL rights expression language to achieve interoperability among social networks’ usage rights policies. This paper was given by Renato Iannella, one of the founders of ODRL.
My own keynote speech centered on an analysis of how well DRM is faring according to the four criteria discussed in Lawrence Lessig’s book Code: And Other Laws of Cyberspace — namely Architecture (technology), Norms (behaviors), Law, and Market (economics). There are plenty of shortcomings with respect to each of these criteria, but also a few success stories that buck the theories.