Jean-Henry Morin, University of Geneva


Published on

Presentation by Jean-Henry Morin, University of Geneva

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

Jean-Henry Morin, University of Geneva

  1. 1. The Future of DRM : How would you like it “served” ? Deceptive, Dystopian or Hopeful Copyright & Technology 2010 Technology Track New York Jean-Henry Morin University of Geneva – CUI Dept. of Information Systems June 17, 2010
  2. 2. How did we get here… … a dystopian scenario ? J.-H. Morin
  3. 3. Extremism • Larry Lessig Speech at Italian Parliament: Internet is Freedom VS 2 M iPads sold in 60 days !!! 3 J.-H. Morin
  4. 4. Remix, © and Fair Use Universal Music VS dancing toddler • How creativity is being strangled by the law, TED Talk of Larry Lessig, March 2007 4 J.-H. Morin
  5. 5. Legal Complexity vs Global eServices led Economy • Total Control and Anticipation : • Unrealistic, impossible and undesirable Rules & Policies Content 100 kb 1 Mb J.-H. Morin
  6. 6. Deceptive and Inapplicable Laws French HADOPI Three- Strikes invites itself to the land of Shakespeare UK Digital Economy Act (June 12, 2010) Regulatory Humility French Three-Strikes Graduated Response HADOPI Law • See also : Larry Lessig Speech at Italian Parliament: Internet is Freedom 6 J.-H. Morin
  7. 7. Doomed initiatives ! • Fundamental Rights: • Internet access has been recognized as a fundamental right, EU Parliament massively rejects three strikes graduated responses (481 votes against 25) • Technically inapplicable: • Deep Packet Inspection and false positives • Legally inapplicable: • Territorial nature of such laws VS global media • Germany rejects Three-Strikes approach (June, 2010) • ACTA : removed Three-Strikes provision from public draft 7 J.-H. Morin
  8. 8. Where did we go wrong? • Where did User Experience go ? • Where did Superdistribution go ? • Where are the innovative Business Models, the Real-time Marketers, etc. ? • Did DRM curb those that it meant ? • Wasn’t DRM supposed to be an enabler ? J.-H. Morin
  9. 9. Can we finally make DRM “FUN” (i.e., User Friendly ;-) ? • Assuming : • DRM is likely to stay and be needed (managed content) • Absolute security is neither achievable nor desirable • Given the right User Experience and Business Models most users smoothly comply (e.g., iTunes) • Most users aren’t criminals • We needed to take a step back to : • Critically re-think DRM • Reconsider the debate outside the either/or extremes of total vs. no security • Re-design DRM from ground up 9 J.-H. Morin
  10. 10. Rethinking & Redesigning DRM • Acknowledge the Central role of the User and User Experience • Reinstate Users in their roles & rights • Presumption of innocence & the burden of proof • Fundamental guiding principle to Rethink and Redesign DRM : Feltens’ “Copyright Balance” principle (Felten, 2005) “Since lawful use, including fair use, of copyrighted works is in the public interest, a user wishing to make lawful use of copyrighted material should not be prevented from doing so by any DRM system.” • Claim and Proposition : • Put the trust back into the hands of the users • Reverse the distrust assumption • Requires a major paradigm shift & change of mindset 10 J.-H. Morin
  11. 11. The Exception Management Model
  12. 12. Rethinking & Redesigning DRM (cont.) • Exception Management in DRM environments, mixing water with fire ? Not necessarily ! • Reversing the distrust assumption puts the user “in charge”, facing his responsibilities • Allow users to make Exception Claims, granting them Short Lived Licenses based on some form of logging and monitoring • Use Credentials as tokens for logging to detect and monitor abuses • Credential are Revocable in order to deal with abuse and misuse situations • Mutually acknowledged need for managed content while allowing all actors a smooth usability experience (Morin and Pawlak, 2007, 2008); (Morin 2008, 2009) 12 J.-H. Morin
  13. 13. Exception Management in DRM Environments • What is an Exception ? • A claim made by a user wishing to rightfully access / use content • Based on « real world » credential patterns • Delegation model based on chained authorities • Credential authorities closer to the users • Locally managed and held (credential store) • Short lived or fixed life time • Revocable • Late binding (enforcement point) • Model is auditable for abuse and includes revocation capabilities • Burden of proof on the party having a justifiable reason to claim abuse (presumption of innocence) • Monitoring in near real time of security policies 13 J.-H. Morin
  14. 14. Conclusion • Can DRM “go green” before we all “go dark” ? • If so, we might be able to address some “Serious” societal issues while restoring User Experience along the way ! • Moving forward : A Call For ACTION ! • Critically re-think and re-design DRM out of the box • Involve equally all stakeholders • Find new innovative Business Models • Limit law to a “justifiable” level • Remember technology is just the means • What Information Society do we want to live in ? 14 J.-H. Morin
  15. 15. Security is bypassed not attacked Inspired by Adi Shamir, Turing Award lecture, 2002 Thank you Join the Conversation… Jean-Henry Morin University of Geneva – CUI Dept. of Information Systems 15 J.-H. Morin