February 8, 2005 8:40 AM PST

EU steps into digital rights debate

The European Union has issued a draft document on the implications of the spread of digital rights management, which is often used to protect copyrighted material such as software and music.

The EU's advisory body on data protection and privacy is specifically concerned about the way that digital rights management (DRM) can be combined with digital watermarks tags to identify individuals and thus track people unfairly or unnecessarily.

According to the EU's recently released "working document on data protection issues related to intellectual property rights," new technologies to identify or trace people "are being established at the level of exchange of information as well as at the platform level."

The public has until March 31 to comment on the document.

The working document adds that where information is exchanged over the Internet, more and more digital watermarks tags are being used to track people and their preferences--for example, when a music track is purchased online, the purchaser has to enter account information and a unique identifier. That information--identity and musical taste--is then used in some cases to target marketing campaigns.

"Electronic copyright management systems (ECMS) are being devised and offered which could lead to ubiquitous surveillance of users by digital works," according to the document. "Some ECMS are monitoring every single act of reading, listening and viewing on the Internet by individual users thereby collecting highly sensitive information about the data subject concerned."

One example of how data has been collected and then used to track individuals, the document states, relates to file swappers. File sharers have found their identities shared with record industry watchdogs as a result of information gathered by their Internet service providers.

"The research conducted by rights holders is usually based on the collection of the IP address of the users. This information is then combined with users' data as detained by ISPs; in some cases the rights holders directly request the identity of the user to the ISP in order to send cease and desist letters to the users," the report states.

This practice, the EU notes, varies from country to country.

The document "deems it necessary, in this changing context, to recall the main data protection principles and the extent to which they apply in the framework of digital right management."

Jo Best of Silicon.com reported from London.

2 comments

Join the conversation!
Add your comment
DRM implications
The EU take an interesting stance when they note that DRM companies routinely collect and collate much more information than EU law may permit - the Data Protection Directive makes it clear that you cannot collect information that is not critical to the business process you are following.

What they have missed is that some DRM approaches actively prevent the public from using rights that are recognized in international law - such as fair rights. These allow people to study works for a variety of reasons, to quote a % of them without the need for authority, and when the copyright period has expired, to have unfettered access to the work(s).

It is not for us as DRM product providers to say how public policy should respond to the current approach by many industries that may appear to circumvent existing law, but it would be extremely helpful to have an informed debate involving all parties, and not just the powerful entertainments and software industries, to clarify how to develop DRM products that will provide comlinace with laws and international treaties.

Peter Ratcliffe
Locklizard
Posted by (1 comment )
Reply Link Flag
How does DRM accomplish its claimed goals?
I have submitted a request to the Canadian privacy comissioner to do a report on Digital Rights Management (DRM) and related implications of unaccountable and non-transparent "software code". <a class="jive-link-external" href="http://www.flora.ca/russell/drafts/code-is-law.html" target="_newWindow">http://www.flora.ca/russell/drafts/code-is-law.html</a>

One of the problems with this area of technology policy is that most of the discussion is happening in the absence of the question "how does this technology accomplish its claimed goals", and what are the unintended consequences of the methods used. While most discussions talk about the privacy and other implications of a copyright holder having too much control, the reality is that this technology is unable to grant direct control to copyright holders at all.

At the point where an Information and Communications Technology device copies something (or not) only 3 entities can have control: the owner of the device, the operator of the device, or the manufacturer of the device (author of the DRM software). A copyright holder can only encode their content and copyright license and deliver it (using TPMs to stop third party reception) to one or more of these 3 entities.

Once this important fact is understood the privacy, competition, human rights and other implications can be adequately evaluated. Believing that the copyright holder is in control of DRM and discussing the implications is like discussing the implications in physics or astronomy of the world being flat.
Posted by Russell McOrmond (63 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.