Amazon Prime Video

The Grand Tour is not the most pirated show ever - but it certainly is one of the most pirated shows ever. That is not too surprising - Top Gear in the days of Clarkson was also one of the most pirated shows. Some years back, I wrote a paper on digital piracy (also related to a presentation at Indicare 2005) where I proposed that a key cause of piracy was availability of media and convenient format of media - and while factors such as price matter, digital piracy would remain an issue if availability in the right format is not solved for. The Grand Tour is the perfect example of this proposal - launching a highly popular show (well at least Top Gear was) but constrained to a few locations instead of the global reach.

Amazon's Prime Video service has now taken the leap of bridging the availability conundrum with its global launch. The key attraction - shown prominently on the web page - is off course The Grand Tour; but it does offer more than that. Amazon's own original series - Mozart in the Jungle, Man in the High Castle - are also on offer; and the price is phenomenal at USD 2.99 for the first 6 months followed by the standard price of USD 5.99. Oh, and there is a free trial also for a month.

However, the breadth of content is quite underwhelming. Starting with Amazon's own content - the content available is not all the content produced by Amazon. Furthermore, not all the seasons are there - I have access Mozart in the Jungle's first season, not the second for example (and the same with Transparent). Outside Amazon's own content - there are very few other top TV series, and the catalogue for movies is equally bare. 

Catalogue of content aside, the other big annoyance is the lack of Apple TV support. At this moment, I am downloading content to my phone and then playing via Airplay (and I am very impressed with its power efficiency). But what I would rather prefer is to queue content download on Apple TV, instead of relying on downloading when I am at home.I have tried the streaming - and have been generally quite impressed with the quality and speed. My Internet connection is flaky so prefer the download approach - but generally I have been impressed by the app.

I expect that the catalogue will grow with time - and there is enough right now to keep me interested and subscribed. I just need the Apple TV app ...

Digital vs Physical Books

I love books - those that you can hold, put on a bookshelf, use as a paperweight, leave it lying about in the lounge, use as a prop to hold other things in their place. I have a fair number of books, including a whole box (and more) unread ...

But the same things that I like about books, are the same things that make them difficult - they are heavy, they are unwieldy, difficult to carry around. I was on my way to Cape Town on the day that Walter Issacson's biography of Steve Jobs launched; and for me, it became an interesting decision on whether to buy the digital copy on iTunes or the hard cover at Exclusives (before boarding the plane).

There was an interesting contrast in pricing - the hardcover was approximately R300, while the iBooks version was USD 16, roughly 50% of the hardcover. This is exactly the type of business models I envisaged in my thesis on DRM - the digital copy, which is effectively licensed (as opposed to owned), has a lot more restrictions (e.g. restrictions on sharing, resale) compared to the physical copy; and one would expect a difference in cost. This cost difference extends to the US also (and is not just a result of exchange rates etc) - the retail price for the book is USD 35; though it can be found now at a much more discounted price.

In the end, I did buy the digital copy - mostly because I was going to be reading most of it while traveling - on the plane, on the Gautrain, in my hotel/BnB room. I like reading on my iPad - but strangely, this is the only book I have exclusively read on it (I have some "textbooks" on PDF that I have also read; though I actually prefer the physical book to the PDF). I do however miss it on my bookshelf ...

Goodbye Steve Jobs

He was a visionary - not only on gadgets, but the entire digital lifestyle experience. It was more than just iPods, iPhones, iPads and before that, the Mac. It was also Pixar, Disney, iTunes and OS X. It was about design and usability - not GHz and MB.

If I look back, what drove my attention to DRM, was the then recently launched iTunes Music store; with Fairplay DRM. That's what drove my interest into copyright law, into DRM; and perhaps security as a discipline itself ... for that, thank you.

Virtual Goods 2009

This was my 3rd Virtual Goods Workshop, and my first as program chair. Without blowing my own horn too much, I think that although the number of papers in the workshop was not as high as I would have liked it to be, the quality of the papers was amazing.

The highlight for me was the keynote talk by Bill Rosenblatt, on the past, current and future of DRM. Like many in the DRM research community, it is well accepted that the biggest fundamental problem with DRM was not necessarily the technology, but the economics and the marketing that went in. More and more, DRM is being proposed as a means to enforce privacy legislation, one of the original use cases of DRM, that was overlooked in favour of pushing for a very small control set of copyright regulation enforcement. Bill Rosenblatt has been in the field of DRM for a long time, and the presentation was insightful on the many aspects that led to the current outlook on DRM.

Another interesting talk was Mario Kubek and Jürgen Nützel's paper on "Novel Interactive Music Search Techniques", which takes a number of different search techniques including text analysis, melody analysis, frequency analaysis and much more to derive the various genres that correspond to a musical item; and also look for similarities between musical pieces using sources such as Google and Wikipedia. It is certainly an interesting way for powering future media exploration.

Next year's Virtual Goods Workshop will take place in Namur, Belgium.

PCFormat's DRM Article

I am not a regular buyer of PCFormat - but when I saw the DRM article advertised on the cover, I could not resist. Since I do consider myself somewhat of an expert on DRM, I was interested to see what the magazine had to say. And in most respects, it was very much what I thought it would be; although a lot less hysterical and to be fair, a lot more balanced. However, there are a number of points I would like to raise - so here it goes.

Firstly - what is DRM? Strictly speaking - DRM is about the control of usage and access to electronic data. It is not about copy control. In fact, every DRM system that has tried to enforce copy control has been a failure - and are usually led the bad rap - such as Sony-BMG's rootkit. It is physically impossible to restrict copying - computers work by copying data all the time. The way copying is controlled is through restricting the use of electronic data - but not physically restricting copying. It is an important distinction.

Secondly, DRM is not strictly about copyright enforcement - it is about license enforcement. This is the reason that music DRM has failed, and probably will never succeed. Music has never been sold as being licensed to the buyer - instead the buyer has always "bought" an instance of a musical performance. To apply DRM directly to this model was stupid, and has consequently failed.

Software is different - it has always been distributed and used as being licensed. You do not own a game. You own a license to play the game. You do not own a copy of Windows XP. You own a license to use Windows XP. Consequently, DRM fits in a lot better to the model for Software Protection - it is a natural extension to what has always been practiced, but never really been enforced.

But does this mean that the economic and usability models being applied to current software is correct? No. Previously, I could get a license to play a game on unlimited number of machines for R400. Now, I get a license restricted to play on 3 machines for R400. That is not economically justifiable. Likewise, usability of phoning a number, hanging on for 20 minutes while reciting 20 letter numbers is not user-friendly.

In my opinion, DRM was rushed to the market - mainly because the old business models in the music industry could not cope with the new economy. There is a lot of research that needs to be done - a lot of it is being done. There is a lot of use for DRM, and the power it can hand to the user could be immense. If done properly, the user could be in a position to determine, how, who, why, when and where another entity could use their personal data - that is powerful. However, competing DRM standards (there are at least three organisations in the standardisation game: OMA, MPEG and W3C), competing interests and a general fuck up due to the immature introduction of the technology has meant that real progress has been really slow.

Virtual Goods 2008

Or to give its full name, "6th International Workshop for Technical, Economic and Legal Aspects of Business Models for Virtual Goods incorporating the 4th International ODRL Workshop", held in Poznan, Poland. This workshop has had some interesting history; and I thoroughy enjoyed it last year and brings together a number of different aspects of computer science. As we become more digital, the concept of a virtual good becomes more tangible; and some of the ideas explored in the conference are more realistic that ever!

There were a few really interesting talks and presentations. The host university, demonstrated a virtual museum system, which had a wonderful way to interact with 3D virtual objects; in a very low tech solution; and a presentation by the general chair on why the "free" economic theory ultimately will not work was very interesting.

With authors from 6 continents (no one from South America, but a presenter from Tahiti!), there was a small, but very diverse group of papers and people. This was a very good workshop, and I hope I can contiue to be involved.

One more paper

A couple of months ago, I submitted a paper to the ACM DRM workshop on the work I did while I was doing my internship at Fraunhofer. And it got accepted ... quite nice actually as it was a very complex paper on privacy and DRM. Also, my first paper that does not feature Andrew (my PhD supervisor) as an author.

Very impressed with myself :)

Reflections on AXMEDIS 2007

AXMEDIS; is a huge EU funded project, officially called Automated Production of Cross Media Content for Multi-Channel Distribution. This is the third conference ; hosted by the project, which brings together various efforts from the project itself and papers in the related fields.

To be honest, the conference was not very exciting ... many of the papers that I attended did not really promote anything new, and some were hashes of existing work. That said, I must admit that I did learn a lot about the MPEG-21 standard, and I am even more convinced that it is an almost useless piece of standardisation.

That said, there was one very interesting presentation, which made it all worthwhile. Richard Owens, a director from WIPO gave a long presentation on copyright and challenges on the enfocement of copyright. It was one of the most comprehensive talks I have ever been to, and he highlighted a number of interesting points; including:

• Technology should be taken as given. Copyright law needs to be applied to technology and not the other way round.


• Automatic filtering technology (based on watermarking and fingerprinting) has to be accepted as part of the deal, and groups like the EFF are coming round to accepting this position.


• Standards could have too much patents and themselves become technological barriers


• Access to education material in development countries could become a copyright exception

He also participated in a panel on rights expression languages (where I was also a panelist). The panel however was not that exciting to be honest, although my view that there is a strong need for core formal models for REL was accepted :)

Reflections on ACM DRM 2007

This is my fourth successive attendance of the ACM DRM Workshop, although, this would be the first time that I would not stay on for the rest of the ACM Computer and Communications Security Conference. The workshop has always had a great mix of papers (authors were from at least 8 different countries in 5 continents), and a relatively low acceptance rate (33%) ensures high quality of papers. For the first time the workshop had some sponsorship from Microsoft, which meant that I get some money to defray the costs of travel to the workshop!

The conference also gives a great opportunity to meet and talk to other researchers in the field. Being effectively a "regular" it was more of an opportunity to re-establish old contacts, and since I was only spending the day at the conference, there was unfortunately not enough time to talk to most of the new people!

The first two papers focussed on implementation experiences. The first paper, by researchers from Phillips Labs, looked at mostly key management in pay per view broadcast systems. The system was quite cool, and although their system meets their performance targets, I think those targets are not really user friendly - for example around 40 seconds before a pay per view live show starts from cold boot. The second paper was by Nicholas Sheppard from the University of Wollongong (who I also met at Virtual Goods), on partial implementation of the MPEG-21 DRM standards. I finally understood what IPMP (Intellectual Property Management and Protection) tools are about, and while they provide a useful abstraction for the interpretation and enforcement of DRM policies, they are not specific enough to actually provide interoperability between implementations. The paper did not actually look at the actual enforcement of policies, just the interpretation, and I have a feeling that there will be too much overhead in the process.

The third paper was very strange. It was interesting because the first part was a good tutorial on side channel attacks, which are used against encryption algorithms such as AES. However, I am not sure of its relevance to the workshop, and should have probably been in CCS than the workshop itself.

Last year, I took part in a Digital Media Project (DMP) meeting over Skype, where I also presented a paper via Skype. The fourth paper was about Chinese copyright laws and fair use effects on DRM (in China). The author could not get a visa to travel to the USA, and he presented the paper via Skype. The connection was choppy, but it went well enough. The paper was not very different to other existing papers in the area - but it is the first time these issues have been explored in a Chinese legal environment.

The invited talk, by Andrew Odlyzko, was an exploration of technology and economics. He looked at how economics affect the actual adoption of new technology, and while DRM could redefine pricing patterns, there is also a strong resistance from users on certain pricing patterns. For example, many consumers would object to differential pricing which charge services and products according to what the consumer would be willing to pay for it - and would much rather prefer flat rate pricing. In his opinion, while there will be always limited areas for DRM application, the main advantages offered by fine level controls offered by DRM will be largely ignored.

The session after lunch started with two papers on DRM models - my paper on the formalising of DRM as an access control model, followed by Greg Heileman exploring the distribution of music through game theory model. The game is still in its early form, and is currently quite simple - but it clearly explains why certain business models in online music distribution are working, and others aren't. My own presentation was also well received.

The next three papers were on the complicated area of software protection methods - how do you protect software in its binary form, while being executed in a processor and stored in memory. The first two papers presented some work in obfuscation, while the last paper (another paper from Phillips Labs) was on a complete white box cryptography system - and the presenter gave a very useful and interesting overview on the subject.

The last paper from Microsoft Research, looked at a new approach to fingerprint hashing: where the hash is computed from the metrics of the fingerprint lines (but not through wavelets). The system is quite neat, and provides quite good accuracy - as long as fingerprints are accurately collected.

Overall, the workshop was great, and there was a great collection of papers on a good variety of topics in the area. It was agreed to hold an eighth workshop next year, and it was also agreed that we should try to co-ordinate better with Virtual Goods, so that they are not too close together, and maybe have better participation in both workshops.

Reflections on Virtual Goods 2007

The Virtual Goods workshop series is an interesting gathering from different disciplines: IT, Law and Business and is sponsored by IFIP TC 6.11. It was a comparatively small conference (considering the length of the program) with about 35 attendees, but featured participants from at least 11 countries and 5 continents (there was no South American attendee). This diversity certainly made the conference very interesting.

This is the first conference I have attended which officially started in the afternoon, and then carried on to Saturday. I am not sure if this is a bad idea or a good idea, and I think the conference could have been accommodated into two days. But this did allow for two social events ... so I have no problem with the organisation! I am only reflecting on the papers I found interesting. Complete program, abstracts and the presentations can be found here.

In the first (and only) paper session of the first day, Eetu Luoma's paper on copyright management was definitely the highlight. He is specifically looking at the requirements for electronic copyright management in universities. Universities are in a strange position in some ways - they need to encourage learning and publications, but at the same time, have control over the copyrights of these publications which are complex to manage due to the number of parties involved: publishers, the authors and the university. Add to this the cost of lawyers and administration, and copyright management is often just a mess ... and mostly not available in an electronic form.

The social event featured a key note talk by Dr Susanne Guth, who discussed content protection in the mobile TV standard DVB-H, which is being rolled out in Germany. There are two profiles available for DVB-H: Smartcard profile (driven by smartcards such as SIM) and DRM. The talk was enlightening particularly because of the decision process and the factors that affected the decision. The DRM profile is cheaper and easier to implement, and arguably offers a more complete, open and flexible solution. The smartcard profile is more expensive, a lot more complicated to implement and features some proprietary technology. Yet, at the end of the day it was the smartcard profile that is being deployed; for a simple reason. The smartcard profile allows operators to lock customers in for a longer time and thus it means that there will be less numbers of customers who will switch networks. At the end of the day, that means a higher probability of breaking even, and thus the economics dictated the choice of system.

Some of the issues raised by Eetu, were addressed by my presentation, bright and early, first thing in the next morning. My presentation on negotiations was really an advancement of my first ACM paper and then the paper I contributed to the Digital Media Project last year. It is one of the cornerstones of my PhD, and it was nice to see that the paper following mine, looking at the use of ODRL to specify web service agreements, would be a great application of my protocols.

The second session of the second day was possibly one of the most interesting of the conference. Martin Springer gave a presentation on music sampling, and an ontology that can represent sampling rights. The ultimate aim of the ontology is to create a mapping for copyright law. I have two reservations on this: I do no think it is possible to make such ontology, and I do not think it is possible to technically enforce licenses that allow sampling. Regardless, it should not mean that such attempts should be ignored. The next paper was from Australia, looking at search engines and copyright infringements - and some famous cases were analysed. The last paper of the session was interesting to me for two different reasons. Firstly, the author presented an alternative rights model: instead of focusing on licensing, it focused on copy control. basically, if you have a copy, you can do what you want. The model is a very impressive representation of the analogue world - no doubt about that - but I think it is digitally irrelevant and not enforceable: digital goods exist and operate through copies - on the disk, on the network, in memory - controlling this is infeasible. The second reason I found it interesting, is that the author was an independent researcher; and in fact not even involved in IT in his daily professional life. Since the growth of large universities and corporate research labs, private research is almost non existent, and it is the first time I have seen such a contribution (in IT at least). The author, Nicholas Bentley, told me that many conferences and journals have refused to even consider his work ... maybe we should get off our high horses. Surely, public access to academic work is what academia is all about?

The next interesting session was the next day, on superdistribution, which featured two contrasting papers. The first paper, presented an incentive scheme for super distribution. A lot like Amway, but for digital goods. It sounded a bit like a pyramid scheme to me, and I do not think the business model can be supported, for music anyway. The next paper was on why superdistribution incentive schemes will fail. In their, admittedly short, study the authors found that users are just not interested in superdsitribution, and one of the key reasons: users just did not want to make money off friends.

The last session of the conference had two interesting papers: first on user collaboration in second life. I had not thought a lot of virtual environments and their impact on virtual goods - but they represent some of the most interesting cases. If you think about it, the real market for World of Warcraft items exists because they are unique and cannot be replicated. I wonder if some of these models can be replicated outside the tight controls of the virtual worlds. The last paper was on universities - specifically the specific DRM needs of universities. It promoted a lively debate, and was a great finish to the conference.

MP3, AAC, DRM and the Future of Music

One of the highlights of the 2007 Virtual Goods Workshop was the presentation by Prof. Dr. Karlheinz Brandenburg titled “From data compression to virtual goods - technical perspectives for the usage of digital music”. Prof Brandenburg is one of the inventors of MP3, and has been involved in the audio field ever since. I must, at this point, also point out that the department head of Multimedia Security at the Fraunhofer IIS (where I am currently interning, and thus my boss); Stephan Krägeloh is also one of the co-inventors. However, Prof. Brandenburg is the main inventor of the MP3, and can be regarded as the “Father of the MP3”.

The focus of the conference was virtual goods, and MP3 is perhaps the most significant virtual good. For the first part of his talk, Prof. Brandenburg focussed on the development of the MP3, which like many new technologies was greeted with scepticism (why would anyone need audio compression?) and took a long time to get through the standardising process.

Off course, MP3 really took off when the Internet took off; but even then, ironically, piracy was a big factor in its success. In the early 90s, MP3 decoders were available for free (i.e. without any patent costs), but encoders cost in the 100s of US dollars. Somewhere along the line, a rogue employee was involved in releasing the encoder software for free (with a redesigned front end). And once it was on the Internet, it was hard to remove, and MP3 encoders became freely available to the public, and the rest is history …

AAC, first really thrown into the spotlight for being the base format for Apple’s iTunes Service is the follow up, providing better quality at the same compression ratio. AAC is also more flexible – according to Prof Bandenburg, there is no improvement in MP3 quality after 192 kbit/s, even though the maximum bit rate is 320 kbit/s.

Off course no discussion of lossy compression can be complete without a listening test, of lossy compression (AAC) and lossless encoding. To make it harder, the test comprised of three audio tracks, with three samples, with at least one sample being lossless, and one sample being lossy. I found it easy to distinguish between lossy and lossless for a classical music track, but could not find any difference in the speech and pop music tracks. No one in the audience picked up all the correct answers.

The last part of his talk was about DRM, and what he thinks of the future of music. In his opinion, DRM for audio will depend entirely on how much piracy occurs for non protected files within the next year. If the record companies do not suffer significant losses, in his opinion, DRM will be dead within a year after that. He pointed out that othe efforts at securing music distribution, such as SDMI, failed horribly, and interoperability will remain the main factor in determining whether DRM will ultimately succeed.

But the future of audio is not only about DRM and compression; but rather search and organisation. It is after all quite common to have gigabytes of music and the organisation and use of the information is now more important than the actual storage of the music. New ideas would include automatic playlist generation (not from the tags but from the actual content of the music) and search by humming.

Personally, I have my doubts about whether non protected music distribution will work. As I commented on my last post, I have very good reasons to believe that there will be more pirated copies than legitimate copies after a year or so, and thus DRM will be needed, if protection is required.

Free vs Piracy

So, Forbes.com reports here that there are more pirated copies of the new Radiohead album than 'original' copies. I am not surprised ... I predicted this in my SATNAC paper last year (see here).

It feels good to be right :p

Rough Minutes of the Open ODRL WG Meeting

These are the rough minutes of the ODRL WG meeting at the 2007 Virtual Goods Workshop in Koblenz, Germany. I hope it is complete, but I could have unintentionally left out things ... they are reconstructed from notes I typed at the meeting.

---

There hasn’t been a face to face ODRL meeting since the last International ODRL workshop in Lisbon in 2005. With ODRL joining forces with the Virtual Goods workshop, the conference also provided an opportunity to have a face to face meeting of the ODRL v2 working group. Three regular contributors from the mailing list were at the meeting: the co-leaders Dr Renato Iannella and Dr Susanne Guth and myself. However, since it is an open meeting, a number of other interested parties were also present, which provided the discussions with some new positions and insights. The other attendees included (and this is not the complete list) Pramod Jamkhedkar (PhD student from the University of New Mexico), GR Gangadharan (PhD student from the University of Trento), Martin Springer (independent contributor to the DMP) and Dr Rüdiger Grimm (from our hosts at the University of Koblenz-Landau).

The main thrust of the meeting was a push to simplify the ODRL v2 model, in an attempt to create a simpler core language; which could then be extended to have different profiles such as licensing and negotiation support. Susanne Guth and I promoted the use of access control as the base model for v2. Pramod Jamkhedkar however promoted the use of database style definition, and maybe the use of tupple calculus and a sound logical (mathematical) structure. In the paper I am due to present at the ACM DRM Workshop in two weeks time, I do present something that bridges these two approaches, and could lay the foundation for the v2 model. I will release a link to the paper on the WG mailing list after I present the paper in Washington in 2 weeks time.

Martin Springer raised the point that a model depends on what we need to describe, and that requires detailed use cases. Susanne Guth countered that detailed use cases would however lead to very specific models, which would not achieve the generality required for ODRL. In this respect, the current approach of stating general requirements (or goals) for the model is much better than specific use cases.

Rüdiger Grimm raised the question on the necessity of the duties element. After all, duties could be reworded as constraints. Pramod Jamkhedkar commented that, everything could be modelled as rights and constraints – and the use of duties and parties are dependent on the level of abstraction we want. It was felt that duties provide an additional level of expressiveness and thus should be retained.

Susanne Guth raised the issue of a container. The container, as defined in ODRL 1 was too complex, and needed to be refined. Susanne proposed a narrower definition of the container, as defined in the current model document. She also suggested the use of XLink for the XML implementation of the concept.

Renato Iannella raised the issue of whether the exclusive attribute needs to be retained. It is a rarely used concept, and I commented that it could easily be expressed as a duty instead of an attribute. It was agreed that this may be the best approach, and an example on how it can be used can be discussed in the model.

Also with duties, the non-performed section was removed, as it can also be expressed as another separate duty. This approach could also have less processing requirements than the current approach of a non-performed section.

In the discussion of the Assets element, it was decided to remove WEMI and metadata. Parts, which aimed to define collections of assets is strictly not necessary, and was thus removed. The inheritance model however needs to be revisited – OMA uses the inheritance model, but it does not strictly belong under the Asset element. Any changes to the inheritance model, would require some clarifications from OMA.

reType, which I introduced to simplify the agreement/offer model was retained. It offers a high degree of flexibility and it was decided that the vocabulary for reType will not be defined (apart from agreement probably).

The tradable attribute was removed, as negotiation support will be a profile and not a core component of the model.

The following elements were removed: signature, encryption, legal and communication.

Acceptance

In the last two weeks of May, and the first two weeks of June, I submitted four conference papers. Each paper was effectively a chapter from my thesis. Over the past week or so, I have been notified that three of the four papers were accepted. So I have been accepted to present papers at:

"DRM Use License Negotiation Using ODRL V2" at the 2007 Virtual Goods Conference sponsored by ODRL and IFIP TC-6, in Koblenz, Germany. This is one of my big contributions of my research work, and one of the longest running components of my thesis. This conference is in mid October.

"Persistent Access Control: A Formal Model for DRM" at the 2007 DRM Workshop at ACM CCS in Washington DC, USA. This is the third successive paper I will be presenting at this conference, and my personal favourite conference. The paper is also one of the cornerstones of my thesis, where I present, as far as I know, the first formal definition for DRM as a form of access control. This conference is in the last week of October, first week of November.

"Experiences in Implementing a Kernel-Level DRM Controller" at the 3rd International Conference on Automated Production of Cross Media Content for Multi-Channel Distribution (AXMEDIS) in Barcelona, Spain. This has taken a long time, and is the paper written together with the Marlon Paulse and Duncan Bennett, who implemented this as part of their honours project. The conference as a whole is not really relevant to my work, and am not even sure if I can go for the full conference, since I am supposed to be finishing up my internship around the same time, and there is a limit of time I can take off to go travelling round the world. This conference is on the last three days of November.

As for the paper that was rejected, to be honest it was a very long shot, so I am not too surprised. But, if I did not try, there was a 100% chance of it not being accepted! The paper was submitted to ACM DRM 2007.

DRM Doomed?

Yet another opinion on a tech site raises the question - was my 4 years of slaving (well ok not slaving) towards a PhD really worth it?

The thing is, DRM is not a copy protection mechanism - it stands for rights management; not copy management. Likewise, it is not a copyright enforcement mechanism. There are enough academic papers (including my own) about the last two points. And if that is the case; why on earth does everyone still rally on the same issue?

The fact of the matter is, DRM has been maligned with control of media in a veiled attempt at controlling piracy. DRM has been sold on the same terms as CDs and tapes; and not as new business measures which is what it really is. Furthermore, DRM has been seen as the big guys protecting their property from the public - the possibility that joe public could use DRM to protect their own things - photos, documents, home movies etc. has been ignored. So maybe, my thesis does have a place; but will anyone care?

Reflections: ACM DRM 2006

Yesterday was basically the reason I am here - to attend and present my paper at the DRM Workshop at the ACM Computer and Communications Security (CCS) Conference. So, this is a brief reflection of the proceedings of the workshop.

The first paper, by some researchers from SUN, looked at some of the business models that movie industry could adapt from the MMORPG world. While the ideas are certainly applicable; I am not really sure of the practicality of the ideas. The second paper looked at privacy, from the point of legal and economic practicalities. Basically, the paper argues that there exists certain legal and economic obligations if a business wishes to collect private information. These obligations create a risk; and thus creates ceiling on how much privacy can be afforded to customers. It was a very interesting paper; but I think it glossed over one crucial point - very rarely do businesses actually take into full consideration the economic and legal obligations when they do collect private data.

My paper, which was next, was very well received, and attracted quite a lot of interest. I was not really expecting a great reception; because the paper is quite simple in nature - but it is an area that has not really been addressed before. So, I was pleasantly surprised at the paper's reception.

The next paper on a view only file system has been discussed before as a mechanism for short term DRM solution. The one presented this year went a step further and designed a VM based system. It could work; but I am not convinced on the security layer between the VM and OS/lower level VM; or the performance overheads. The paper following it discussed an interesting key distribution strategy; but I must admit I did not follow it as well as I should have.

Tom Kalker, from HP Labs and Coral, presented the invited talk focussing on interoperability. Most people who have voiced opinions against DRM, seem to imply hatred on the lack of DRM interoperability, and not some of the other issues. He discussed how interoperability in DRM is not only a format issue; but also a business and complete technological issue. He talked about Coral, which uses a credential system, allowing for interoperability. However, it is by no ways a perfect solution, as every device would still require their own file format etc.

The next paper discussed more interesting code obsfucation and diversification as a mechanism to combat piracy. It was quite impressive, until the performance hit .... 840 times slower!

Pramod Jamkhedkar and Gregory Heileman presented their paper next, and their DRM project is very similar to mine; and we have been presenting or discussing similar ideas for the past three years. This year, they discussed, what they considered fundamental flaws in Rights Expression languages. In a few ways, their arguement was flawed, because it discussed mainly the flaws of XrML and did not consider the fact that some of the issues are being addressed or have been addressed in other RELs like ODRL. However, the issues raised are correct and needed to be recognised.

The next talk on interoperability, was a bit of a miss; simply because a lot of the content seemed to be contrary to the issues raised earlier; and the underlying details were hazy at best. The talk following it was very interesting; discussing some of the background to Intel's LeGrande architecture. Bascially, the OS is going to be dead - instead, the CPU itself will have a trusted OS base; complete with drivers and firmware. Applications will run on top of this base; in a completely protected environment, similar in operation to Multics. I am not sure of the maturity of the solution, but both Intel and AMD, together with other interested parties, have been pouring money into similar projects; so something is bound to come up.

The next paper, from Phillips Labs, discussed ideas on how to lower consumer anger and better ways to handle consumers who make use of pirated DVDs; or more appropriately Blu-Ray discs. Much of the work presented revolved around the use and operation of blacklists in Blu-Tay discs. It was really interesting; especially on the changing position.

The last paper of the workshop on watermarking presented nothing new; and in fact I have seen many better applications of watermarking.

Skype Conference and Laura Croft

So I had the Skype conference this morning, and it really went well. At least 3 hours of video conferencing with minimal lag (a few dropped packets here and there) - it was a pleasure. Presenting a 19 slide slideshow from 12 000 Km away was also very interesting, and it all went well. Off course having a receptive conference organiser was also part of the deal, and my thanks to the DMP for great organising!

As for Laura Croft ... totally unrelated really. I read an article at Wired today, where the writer discussed the idea that the success of Laura Croft is not necessarily due to horny teenage guys lusting over big boobs but more of the thrill of rescuing a woman from danger. It's quite an interesting read - and does ring true somewhat. But I still think, that the big boobs do have a big factor ... I don't think small boobs and an ugly face would have sold as well ....

Skype

So I have finally joined the Skype revolution, and boy was I impressed. Helped with the extra bandwidth allocation from ITS (I think) I had a long (over 30 minute) video call with absolutely no problems. My friend on the other end (Tobias) actually commented on the smoothness of my video link!

Anyway, the whole point of this Skype exercise is to participate over the Internet in the Digital Media Project (DMP)'s 10th General Assembly, where I have submitted a proposal that will hopefully be adopted as a standard! Due to financial reasons (cost was estimated about R15 000, which I had to pay by myself, and did not have at the time) I could not attend physically - so this Skype solution was proposed by the organisers.

Which brings me to my next pet project ... there are a lot of conferences in the world, and due to financial reasons, student participation from UCT at these conferences are minimal, restricted usually only if the student is presenting a paper (and even then I have known students not to get funding!). But, if research is to be truly "world class", participation at major conferences is a priority in many fields. And this is where Skype comes in. Skype seems very good at video (can even do full screen), and there is usually good bandwidth availability at conferences. Surely, it would therefore be easier to hookup a connection at these conferences and "broadcast" it back to UCT, where interested parties can then take part in the presentations and even forward questions to the speakers! This would be a step up from the blogging that Carl and I did from Siggraph and ACM-CCS respectively last year, and certainly more useful.

I know a few conferences might object, but assuming we have their blessing, this could certainly be a good step forward in engaging researchers around the world! So, as a start, I would like to invite anyone who is interested in the DMP to come around and join me (but I think it would be rather boring for most people). I am also willing to do a Skype broadcast from ISSA if anyone is interested and I am allowed to ...

The Big DRM Mistake?

In his column, Scott Granneman calls DRM a mistake; mainly because of its many current shortcomings and also because of the restrictions posed by DRM to consumers. In my opinion, that is not the big mistake about DRM - the mistake is how badly DRM has essentially been marketed, including its vilification in the GPL 3 draft.

Fundamentally, DRM is a about persistent access control - it is a term for a set of technologies that allow for data to be protected beyond the file system of the original machine. Thus, for example, the read/write/execute access control on most *nix file systems will not only be applicable to the original machine but to all machines. DRM is not perfect yet - that is the reason it is still an active research area; but a claim like "it will never be perfect" should not be a reason to investigate and prove that such a claim is false.

And most of the problems with DRM is not about technological failure - but a failure of communication and bad marketing. Granted The SONY-BMG saga was about technological failure - because fundamentally it was bad technology. But it was also about a miscommunication - customers should be told that they are buying a DRM enabled CD. Similarly, my criticisms on Vodafonelive (which I made to the INDICARE Workshop in Budapest this year, and in a law paper I co-wrote with Thomas Bechle last year) are based on the failure of Vodafone to make the consumer aware.

And fundamentally - many of the fair use issues are not a matter of given right. Just because a traditional CD allows me to give to a friend should not imply that any future format will allow me the same freedoms. Fundamentally, DRM enabled CDs are not the same thing as non DRM enabled CDs and should be labeled as such. It is like selling a German book sealed in an English cover without warning that the contents are in German. It is a case of bad trade practices and bad communication - and if consumers don't like the restrictions, they shouldn't buy it, but they need to be given the choice.

At the end of the day I believe that DRM does have a place - it can be used to protect sensitive data that needs to be highly regulated - for example, your health records. trying to advocate the DRM should not be researched because of possible misuse is just plain wrong.

5th INDICARE Workshop

So yesterday, I was the first speaker at the 5th Indicare workshop. Unlike the other workshops/conferences I have been to - this was a different experience; and was quite refreshing in some ways. This was not an academic conference but was much more of an interaction session between academics, industry, consumer organisations and specialist groups. The format was a bit similar to panel discussions - 2 or 3 presenters gave a 20-30 minute presentation which was then followed by a panel discussion of about 15 minutes.

But the best part was the interaction with the consumer organisations and specialist groups - interaction that is not present at academic conferences. For example, there were two presentations from blind associations (one from Hungary, another from England). In most cases, software developers completely ignore disabled people during their designs - and even though computers can help empower the disabled and let them overcome much of their disabilities, much of the software lets them down. A very positive feedback in this regard, is that one of my key contributions to the field - negotiations - can be an effective solution to much of the problems posed by accessibility.

I also had a chance to talk to Martin Springer from DMP - a sort of rival project to my PhD project. We had some very long chats, and on many different aspects of DRM and computer security in general - I think this was probably the most useful part of the trip.

So a valuable trip overall - and many thanks to INDICARE for inviting me and for funding the trip!