Opinion
Computing Applications Inside risks

DRM and Public Policy

Posted
  1. Article
  2. Author

Digital rights management (DRM) systems try to erect technological barriers to unauthorized use of digital data. DRM elicits strong emotions on all sides of the digital copyright debate. Copyright owners tend to see DRM as the last defense against rampant infringement, and as an enabler of new business models. Opponents tend to see DRM as robbing users of their fair use rights, and as the first step toward a digital lockdown. Often the DRM debate creates more heat than light.

I propose six principles that should underlie sensible public policy regarding DRM. They were influenced strongly by discussions within USACM (ACM’s U.S. Public Policy Committee), which is working on a DRM policy statement. These principles may seem obvious to some readers; but current U.S. public policy is inconsistent, in various ways, with all of them.

Competition. Public policy should enable a variety of DRM approaches and systems to emerge, should allow and facilitate competition between them, and should encourage interoperability among them. In a market economy, competition balances the interests of producers and consumers. The market, and not government or industry cartels, should decide whether and how DRM will be used. Government should not short-circuit competition by mandating use of DRM, or by allowing industry groups to use DRM "standardization" as a pretext for reducing competition.

Copyright Balance. Since lawful use, including fair use, of copyrighted works is in the public interest, a user wishing to make lawful use of copyrighted material should not be prevented from doing so by any DRM system. DRM systems should be seen as a tool for reinforcing existing legal constraints on behavior (arising from copyright law or by contract), not as a tool for creating new legal constraints. Traditionally, copyright has reflected careful public-policy choices that balance competing rights and interests. DRM should shore up this balance, not override it. DRM can reinforce legal rights, but it must neither create nor abridge them; that is the province of policymakers.

Consumer Protection. DRM should not be used to restrict the rights of consumers. Policymakers should actively monitor actual use of DRM and amend policies as necessary to protect these rights. In an ideal world, the first two policy principles would make this one unnecessary: competition and copyright balance would protect users’ interests. But real-world experience shows that imbalances of power often require regulation to protect consumers.

Privacy. Public policy should ensure that DRM systems collect, store, and redistribute private information about users only to the extent required for their proper operation, that they follow fair information practices, and that they are subject to informed consent by users. DRM must not become a platform for spying on users or for gathering records of what each user reads or watches. If a system must gather private information, for example to process payments, the information should be handled according to accepted privacy principles.

Research and Public Discourse. DRM systems and policies should not interfere with legitimate research or with discourse about research results or other matters of public concern. Laws concerning DRM should contain explicit exceptions to protect this principle. Laws designed to bolster DRM, such as the anti-circumvention provisions of the Digital Millennium Copyright Act (DMCA), must not hinder research or public discussion. Important public-policy debates, about topics such as e-voting, content filtering, and DRM itself, rely on accurate information about the design and efficacy of particular technologies. When the law blocks the discovery and dissemination of such information, public debate suffers. Existing law does not do enough to protect research and discussion, as my colleagues and I learned in 2001 when the recording industry tried to use DMCA threats to stop us from publishing a scholarly paper about DRM technology. The law should explicitly protect research and debate.

Targeted Policies. Policies meant to reinforce copyright should be limited to applications where copyright interests are actually at stake. Creative lawyers have tried to use the DMCA (a law intended to protect copyright owners) to block third-party remote controls from working with garage-door openers (Chamberlain v. Skylink) and third-party toner cartridges with printers (Lexmark v. Static Control). The courts wisely rejected these attempts, observing that there was no risk of copyright infringement. Similar limits should apply to other areas of DRM policy.

Changing public policy can be difficult, especially on a topic as contentious as DRM. Agreeing on policy principles is a good way to start.

Back to Top

Join the Discussion (0)

Become a Member or Sign In to Post a Comment

The Latest from CACM

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved

Communications of the ACM (CACM) is now a fully Open Access publication.

By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.

Learn More