EU investigates DRM privacy threat
Summary: The European Union is wading into the sticky issue of intellectual-property management online with a new DRM working group
An EU working party is looking into the implications of the spread of DRM which is often used to protect copyrighted material such as software and music. The EU believes that the way DRM can be combined with tags that uniquely identity individuals could lead to people being unfairly or unnecessarily tracked.
The 'working document on data protection issues related to intellectual property rights' says: "As regards the development of digital rights management, the WP [working party] notes that new technologies to identify and/or trace users are being established at the level of exchange of information as well as at platform level," i.e. verifying software and hardware.
The working document adds that where information is exchanged over the internet, more and more digital watermarks tags are being used to track users and their preferences -- for example, when a music track is purchased online, the purchaser has to enter their account information and unique identifier. That information -- identity and musical taste -- is then used in some cases for targeting marketing information.
The report says: "Electronic copyright management systems (ECMS) are being devised and offered which could lead to ubiquitous surveillance of users by digital works. Some ECMS are monitoring every single act of reading, listening and viewing on the internet by individual users thereby collecting highly sensitive information about the data subject concerned."
One such example of where data has been collected and then used to track individuals, the report says, is that of file-swappers. Music pirates have found their identities shared with record industry watchdogs as a result of information gathered by their ISPs.
"The research conducted by rights holders is usually based on the collection of the IP address of the users. This information is then combined with users' data as detained by ISPs; in some cases the rights holders directly request the identity of the user to the ISP in order to send cease and desist letters to the users," the report continues.
This practice, the EU notes, varies from country to country.
The working party "deems it necessary, in this changing context, to recall the main data protection principles and the extent to which they apply in the framework of digital right management".
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
ACTUALLY ITS NOT RIGHT IF SOME WILL DICTATE TO ME WHICH PLAYER I NEED TO USE AND WHICH SOFTWARE I NEED TO USE.
If it will be helpful and have benefits for users - than it will be ok.
BUT IF IT WILL BE BENEFITS FOR THE CREATORS OF DRM??????
I AM NOT AGREE - AND MILLIONS OF USERS WILL NOT AGREE,IF THEY WILL BE FORCED TO USE PROGRAMS WHICH THEY DON'T WANT.
Best Regards
Nick Niceman
www.getpaid.eu.tt
www.eurovive.com
Example: suppose that most of your data is locked and controlled by some vendor's software that's almost impossible (e.g.: financially speaking) to migrate to a competitive alternative. Then the vendor in question decides to no longer support your version of the 'lock and control' software and only offers an upgrade with several strings (one of them being a huge claim on your budget) attached. What are you going to do then?
Another example: your choice of 'lock and control' software requires from the clients (e.g.: your customers, your citizens, your employees, etc) that you electronicly communicate with to download and install 'lock and control' client software. First thing that comes to mind is: how are your clients going to authenticate themselves as being the correct client and what kind of strings are attached to that? Second thing that comes to mind is: what if the 'lock and control' client software drasticly changes its requirements?
Are you going to help each and every client to regain access?
Yet another example: what if you or your client somehow looses the key to unlock the data? How will access be restored again in ways that can't be abused nor exploited? Or what if one of your administrator changes the lock on all your data and suddenly demands a huge salary increase?
Remember that before you can do something with data you must first access it.
Final example: what if you want to get rid of your 'lock and control' software? What would it take? How long would it take? What would be lost?
Also, how long before DRM is cracked, bypassed or something and thus rendered into yet another thing that needs to be dealth with and budgetted for by those who are unaware or ignorant about the reality of the security it provides?
In short. He who controls access to the data effectively controls the data. And given that information (data) is everything being the one that controls access to data everywhere is in a very good position to be in. A very powerfull position even. Such power shouldn't be in the hands of just a few vendors or even just a few governments. And most definitely, it shouldn't be patented in what ever way for whatever part or else the laywers and the lobbiests will have a field day with it someday (he who owns the way in which access to data is controlled...).