Sign In

Communications of the ACM

Digital rights management and fair use by design

Encouraging Recognition of Fair Uses in Drm Systems

View as: Print Mobile App ACM Digital Library Full Text (PDF) Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook

Current digital rights management (DRM) systems take a very limited view of the set of rights they need to manage. Typically, they make decisions using a closed-world assumption: Only actions explicitly authorized by content owners or their delegate(s) are allowed, and the only "rights" are those explicitly granted by them and presented to the DRM system. Most DRM systems do not even acknowledge the possible existence of rights other than the content owner's to license a particular work. They simply facilitate the execution of a contract between the content owner (licensor) and a consumer (licensee), represented by a set of authorizations (licenses) specifying which actions the owner sublicenses to the consumer with respect to a particular work.

This viewconsidering only the rights explicitly granted by the content owner to the consumerserves the interests of builders of DRM systems in two ways: First, since the system's policy-evaluation algorithm evaluates only affirmative grants issued by the content owner, there is no danger the DRM system will "make a mistake" and allow an action not expressly enumerated. And second, it is easier to build systems that rely on only a single source of authorizations. Thus, there is no incentive for DRM architects to try to model fair use rights1 in their systems, as any attempt to do so puts them at risk of contributing to an infringement.

Needed, therefore, is a set of incentives that encourage DRM system builders to experiment with modeling and implementing subsets of fair use rightsa safe harbor protecting systems and their users from infringement claims.

DRM system designers would be protected from charges of contributory infringement with respect to any action grounded in the safe harbor rights.

While the reach of DRM systems extends far beyond entertainment-related content, it is illustrative to consider the growth of DRM applications for digital video distribution. At the low end of the functionality curve are copy-protection systems that simply mark the content and compel manufacturers of consumer electronics, through legislation or regulation, to build devices that recognize the mark and comply with its policy. In the U.S., the Digital Millennium Copyright Act of 1998 stipulated that, for example, "automatic gain control technology" be supported in videocassette recorders. Such copy-protection systems assume every possible copy is an infringement waiting to happen and thus take the most conservative route possible; if the specific trigger signal is present, all potentially infringing functions are disabled, even if it is possible to prove that use in the particular context of interest would be a fair one. (Note that the Broadcast Protection Discussion Group Final Report replicates this strategy for unencrypted, terrestrial broadcast digital television.)

The two most sophisticated deployed systems for protecting entertainment content today are Digital Visual Interface/High-bandwidth Digital Content Protection (DVI/HDCP) (see and Digital Transmission Content Protection (DTCP, a.k.a. 5C). They protect transmission to, respectively, digital displays and to other digital devices across the IEEE 1394 (Firewire) interface. Neither precludes copying per se, relying instead on policy evaluation engines to interpret "encoding rules" affixed to the content. These rules are fairly simplistic: "no copy" for pay-per-view and video-on-demand; "one generation" for subscription channels; and "copy free" for free (advertiser-paid) broadcast. Assuming a DRM system allows copying of content marked as copyable by attached encoding rules, and assuming that a substantial amount of content is accurately marked as copy free, the system provides more access to that portion of a digital video than blunt copy-protection systems. A no-copy-encoding rule attached to the content is indelible; even if the copyright term expires, the content cannot be copied.

No matter how rich the encoding rules are in a content-marking system, simply being able to express fair use rights (or even a portion of them) in a policy language is not sufficient to ensure the rules would ever be used. Consumer advocates would argue, correctly, there is no incentive for content owners to incorporate any notion of fair use in the encoding rules they author. In fact, the focus on content owners as protectors of fair use rights is misplaced; it is the builders of DRM systems who likely need to incorporate conflict-resolution algorithms and expressions of fair use rights into their policy systems.

For any specific content item there are always at least two authorized issuers of permissions for that digital work: the content creator and the legislative authority that establishes fair use rights (in the U.S. the will of Congress as first expressed in Section 107 of the Copyright Act of 1976 (17 U.S.C. 107). For example, two valid licenses over the same content can be expressed as:

  • Content Owner grants permission to <MAKE_AN_ EPHEMERAL_COPY> of the Content <MOVIE> for the purpose of watching it contemporaneously to the copy.
  • Congress grants permission to <MAKE_A_PERSISTENT_COPY_ONCE> of the Content <MOVIE> for personal use.

To the extent that fair use rights can be encoded as generalized grants from Congress that always exist in the evaluation space of a DRM system's policy evaluator, they can always be considered when determining whether a particular action is allowed.

In looking at this problem, intellectual property experts might caution that fair use is not an affirmative right but a defense against infringement claims that can (and rightfully should) be determined only by the courts on a case-by-case basis. Technologists counter that to make DRM systems recognize even the most obvious permissions that should be granted under the doctrine of fair use, such permissions must be codified explicitly in some machine-interpretable form (such as a license).

The two open issues in establishing a safe harbor are: how to create machine-interpretable expressions that adequately model a set (or subset) of fair use rights; and how to get the stakeholders (content owners, DRM system builders, and Congress, as the representative of the people's interest in the social bargain of copyright) to work together on defining the boundaries of a subset of fair use rights that would be safe to implement. We envision a safe harbor for DRM system designers whereby implementing the fair use features defined there are a priori declared noninfringing, thus protecting the designers from charges of contributory infringement with respect to any action grounded in the safe harbor rights. We would also need to build-in incentives to motivate DRM system builders to take advantage of the safe harbor (or rely on market forces to make them do so from a purely economic perspective).

It seems fairly certain that no one can mathematically model fair use, as it is understood today, because the legal definition of fair use is fuzzy and imprecise. However, this limitation should not stop us from attempting to identify a useful subset we might approximate in code. That is, we can take a purely pragmatic engineering approach to what is on its face an "irresistible force meets immovable object" paradox: Focus first on defining and modeling a useful subset of fair use rights in some policy language, then add these expressions to the policy evaluators of DRM systems. This set of "always available" licenses then becomes the first safe harbor for DRM implementers.

A possible starting place for the set of permissions first designated as residing within the safe harbor might be to permit a single copy of a digital work (exclusively for personal use) to a designated and verifiable network of devices. The security and auditability of such a "personal domain" could be guaranteed by the required presence of a secure hardware component (such as a USB token or smart card) acquired via a license. Admittedly, in this context it is a stretch to use the term "guarantee," as there is significant, measurable cost of fraud, but the fraud can be quantized and the risk of compromised content accounted for in the overall architecture. From a technical perspective, the mechanics of making a copy, whether over a cable in the home or over the Internet, do not matter. The problemauthenticating the copying device and ensuring that only one copy can be madeis clearly difficult but not insurmountable.

Our proposal, or dare, is that we, as representatives of the combined technical and legal communities, form a partnership to model and ultimately create a series of expanding safe harbors for modeling larger and larger subsets of fair use rights in DRM systems. As the implementers of the rights expression languages and policy evaluators within DRM systems, we have the opportunity, and obligation, to attempt to replicate and enforce the delicate balance that is copyright law in the DRM systems we build.

Back to Top


Barbara L. Fox (, is a senior fellow at the John F. Kennedy School of Government, Harvard University, Cambridge, MA, and a software architect in the Windows Trusted Platform Technologies group at Microsoft Corporation, Redmond, WA.

Brian A. LaMacchia (, is a software architect in the Windows Trusted Platform Technologies group at Microsoft Corporation, Redmond, WA.

Back to Top


The views expressed here are those of the authors and are not necessarily those of Microsoft Corporation or Harvard University.

The authors thank Daniel Weitzner, Director of the Technology & Society Domain at the World Wide Web Consortium, for the conversation that led to their writing this article.

1We use the phrase "fair use rights" to refer to the set of activities that are defined by Section 107 of the U.S. Copyright Act (17 U.S.C. 107) as noninfringing."

©2003 ACM  0002-0782/03/0400  $5.00

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2003 ACM, Inc.


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
Article Contents:
  • Article
  • Authors
  • Footnotes