Lift Asia09 Morin


Published on

DRM : From Dydtopia to (serious) fun ? Talk given at Lift Asia 09 in Jeju, South Korea, Sept 16, 2009.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Lift Asia09 Morin

  1. 1. Lift Asia 09 Jeju, Korea Jean-Henry Morin University of Geneva – CUI Dept. of Information Systems Lift Asia, Sept 16-17, 2009
  2. 2. New Media Warrants New Thinking © Chappatte in "Le Temps" (Geneva), Jan 21, 2006 J.-H. Morin
  3. 3. How did we get here… … a dystopian scenario ? J.-H. Morin
  4. 4. Remix et © Universal Music VS dancing toddler Mannie Garcia, 2006 VS Shepard Fairey 4 J.-H. Morin
  5. 5. Where did we go wrong? •  Where did User Experience go ? •  Where did Superdistribution go ? •  Where are the innovative Business Models, the Real-time Marketers, etc. ? •  Did DRM curb those that it meant ? •  Wasn’t DRM supposed to be an enabler ? J.-H. Morin
  6. 6. Can we finally make DRM “FUN” (i.e., User Friendly ;-) ? •  Assuming : •  DRM is likely to stay and be needed (managed content) •  Absolute security is neither achievable nor desirable •  Given the right User Experience and Business Models most users smoothly comply (e.g., iTunes) •  Most users aren’t criminals •  We needed to take a step back to : •  Critically re-think DRM •  Reconsider the debate outside the either/or extremes of total vs. no security •  Re-design DRM from ground up 6 J.-H. Morin
  7. 7. Rethinking & Redesigning DRM •  Acknowledge the Central role of the User and User Experience •  Reinstate Users in their roles & rights •  Presumption of innocence & the burden of proof •  Fundamental guiding principle to Rethink and Redesign DRM : Feltens’ “Copyright Balance” principle (Felten, 2005) “Since lawful use, including fair use, of copyrighted works is in the public interest, a user wishing to make lawful use of copyrighted material should not be prevented from doing so by any DRM system.” •  Claim and Proposition : •  Put the trust back into the hands of the users •  Reverse the distrust assumption •  Requires a major paradigm shift 7 J.-H. Morin
  8. 8. Rethinking & Redesigning DRM (cont.) •  Exception Management in DRM environments, mixing water with fire ? Not necessarily ! •  Reversing the distrust assumption puts the user “in charge”, facing his responsibilities •  Allow users to make Exception Claims, granting them Short Lived Licenses based on some form of logging and monitoring •  Use Credentials as tokens for logging to detect and monitor abuses •  Credential are Revocable in order to deal with abuse and misuse situations •  Mutually acknowledged need for managed content while allowing all actors a smooth usability experience (Morin and Pawlak, 2007, 2008); (Morin 2008, 2009) 8 J.-H. Morin
  9. 9. Exception Management in DRM Environments (Morin and Pawlak, 2007, 2008); (Morin 2008, 2009) •  What is an Exception ? •  A claim made by a user wishing to rightfully access / use content •  Based on « real world » credential patterns •  Delegation model based on chained authorities •  Credential authorities closer to the users •  Locally managed and held by users (credential store) •  Short lived or fixed life time •  Revocable •  Late binding (enforcement point) •  Model is auditable for abuse and includes revocation capabilities •  Burden of proof on the party having a justifiable reason to claim abuse (presumption of innocence) •  Monitoring in near real time of security policies 9 J.-H. Morin
  10. 10. A “Serious” problem in Social Networks and Services Socially-Responsible Management of Personal Information •  Personal Information •  Different from Personally Identifying Information (PII) •  Subject to legal frameworks in most countries •  Increasingly shared on social networks •  Blurring boundaries between private and public life Legitimate concern (i.e., rights) over our information in terms of lifetime, usage purposes, access, etc. 10 J.-H. Morin
  11. 11. Problems and Issues •  Publish / share once, publish / share forever • Indexing and searching •  Who “owns” and manages YOUR information (SLAs) ? Raging debates. • Who’s information is it ? • Do you retain control ? •  Semantic searching capabilities 11 J.-H. Morin
  12. 12. The Right to Forget •  Right to Forget : fundamental human right threatened by the digital nature of information (i.e., searchable) •  Traditional Media (i.e., non digital) “Memory” erodes over time • Labor and cost intensive •  Digital Media, requires explicit human intervention to “make forget” information (Rouvroy, 2007) 12 J.-H. Morin
  13. 13. Anonymity and Privacy •  Anonymity and Privacy are fundamental to social networking • It’s not a “bug”, it’s a feature ! • It’s not schizophrenia ! •  Multiple legitimate personas (e.g., work, family, communities, etc.) • How do we deal with it in a socially- responsible and ethically sustainable way ? •  Cyber bullying (e.g., Akple in Korea) Requires traceability and accountability of information (i.e., managed information) 13 J.-H. Morin
  14. 14. Key Question •  Is Privacy and personal information threatened by current social networking services ? •  We contend there is a need for Managed Personal Information • Socially-responsible and sustainable How can we retain an acceptable (by all) level of control over our personal information ? 14 J.-H. Morin
  15. 15. Proposition (Morin, 2009) •  Personal Information should be augmented with a layer accounting for its management •  Alongside other metadata increasingly used in addressing the semantic dimension of our electronic services •  We argue DRM combined with Exception Management may be a promising path towards : • Socially-Responsible management of personal information in social networks and services 15 J.-H. Morin
  16. 16. Conclusion •  Can DRM “go green” before we all “go dark” ? •  If so, we might be able to address some “Serious” societal issues while having “Fun” along the way ! 16 J.-H. Morin
  17. 17. Security is bypassed not attacked Inspired by Adi Shamir, Turing Award lecture, 2002 Thank you Jean-Henry Morin University of Geneva – CUI Dept. of Information Systems 17 J.-H. Morin