acm-header
Sign In

Communications of the ACM

Inside risks

DRM and Public Policy


Digital rights management (DRM) systems try to erect technological barriers to unauthorized use of digital data. DRM elicits strong emotions on all sides of the digital copyright debate. Copyright owners tend to see DRM as the last defense against rampant infringement, and as an enabler of new business models. Opponents tend to see DRM as robbing users of their fair use rights, and as the first step toward a digital lockdown. Often the DRM debate creates more heat than light.

I propose six principles that should underlie sensible public policy regarding DRM. They were influenced strongly by discussions within USACM (ACM's U.S. Public Policy Committee), which is working on a DRM policy statement. These principles may seem obvious to some readers; but current U.S. public policy is inconsistent, in various ways, with all of them.

Competition. Public policy should enable a variety of DRM approaches and systems to emerge, should allow and facilitate competition between them, and should encourage interoperability among them. In a market economy, competition balances the interests of producers and consumers. The market, and not government or industry cartels, should decide whether and how DRM will be used. Government should not short-circuit competition by mandating use of DRM, or by allowing industry groups to use DRM "standardization" as a pretext for reducing competition.

Copyright Balance. Since lawful use, including fair use, of copyrighted works is in the public interest, a user wishing to make lawful use of copyrighted material should not be prevented from doing so by any DRM system. DRM systems should be seen as a tool for reinforcing existing legal constraints on behavior (arising from copyright law or by contract), not as a tool for creating new legal constraints. Traditionally, copyright has reflected careful public-policy choices that balance competing rights and interests. DRM should shore up this balance, not override it. DRM can reinforce legal rights, but it must neither create nor abridge them; that is the province of policymakers.

Consumer Protection. DRM should not be used to restrict the rights of consumers. Policymakers should actively monitor actual use of DRM and amend policies as necessary to protect these rights. In an ideal world, the first two policy principles would make this one unnecessary: competition and copyright balance would protect users' interests. But real-world experience shows that imbalances of power often require regulation to protect consumers.

Privacy. Public policy should ensure that DRM systems collect, store, and redistribute private information about users only to the extent required for their proper operation, that they follow fair information practices, and that they are subject to informed consent by users. DRM must not become a platform for spying on users or for gathering records of what each user reads or watches. If a system must gather private information, for example to process payments, the information should be handled according to accepted privacy principles.

Research and Public Discourse. DRM systems and policies should not interfere with legitimate research or with discourse about research results or other matters of public concern. Laws concerning DRM should contain explicit exceptions to protect this principle. Laws designed to bolster DRM, such as the anti-circumvention provisions of the Digital Millennium Copyright Act (DMCA), must not hinder research or public discussion. Important public-policy debates, about topics such as e-voting, content filtering, and DRM itself, rely on accurate information about the design and efficacy of particular technologies. When the law blocks the discovery and dissemination of such information, public debate suffers. Existing law does not do enough to protect research and discussion, as my colleagues and I learned in 2001 when the recording industry tried to use DMCA threats to stop us from publishing a scholarly paper about DRM technology. The law should explicitly protect research and debate.

Targeted Policies. Policies meant to reinforce copyright should be limited to applications where copyright interests are actually at stake. Creative lawyers have tried to use the DMCA (a law intended to protect copyright owners) to block third-party remote controls from working with garage-door openers (Chamberlain v. Skylink) and third-party toner cartridges with printers (Lexmark v. Static Control). The courts wisely rejected these attempts, observing that there was no risk of copyright infringement. Similar limits should apply to other areas of DRM policy.

Changing public policy can be difficult, especially on a topic as contentious as DRM. Agreeing on policy principles is a good way to start.

Back to Top

Author

Edward W. Felten ([email protected]) is a professor of computer science and public affairs at Princeton University.


©2005 ACM  0001-0782/05/0700  $5.00

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2005 ACM, Inc.


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
Article Contents: