Legal/Technical Architectures of Cyberspace

Digital Rights Architectures for Intellectual Property Protection

Team Members
Jason Chicola
Dawn Farber
Mami Karatsu
Joe Liu
Karl Richter
John Tilly
Executive summary by Karl Richter
Oral presentation by Karl Richter


Until very recently the law has been able to balance the public and private interests surrounding intellectual property. Laws have evolved to achieve a delicate balance that promotes progress in science and the useful arts, ensures broad access to information, rewards creators with limited monopoly rights, and spurs innovation and sharing.

With the rise of the Internet and new technologies, however, this delicate balance has been suddenly disturbed. New technologies -- trusted systems -- are outweighing the law's ability to maintain a stable equilibrium. With its ever-increasing capabilities, technology is tipping the scale away from the public interest and towards private control. This fundamental shift is already having many implications for the way that we innovate, share, and distribute knowledge. Soon, technology might tip the balance too far, and break the scale. It is conceivable (some might say inevitable) that the architecture of trusted systems - also called electronic copyright management systems - will replace the law in offering protection for intellectual property.

The technology of trusted systems allows computers to protect and distribute information in more secure and reliable ways. At its heart, a trusted system is a perfect access control system which uses technology as a lock. The technology of trusted systems brings many benefits. Trusted systems allow the bundle of property rights to be split -- such as the right to read, the right to prepare derivative works, the rights to copy, etc. -- and facilitate on-line payment schemes for each of these rights. However, along with the clear benefits, the technology of trusted systems enables exclusion, limitations on distribution, consumer tracking, and invasions of privacy.

An appropriate balance for the future must weigh the opportunities (and present capabilities) that trusted systems offer against the threats to the public goods of broad dissemination and incentives for innovation. As we develop proposals for the future of intellectual property, we need to guard that the dropping pan from the broken scale does not flatten the poor, the academics, and the critics, but that it serves to bring even greater knowledge to these special and vital members of our society. While we find social benefits in reporting, teaching, scholarship, parody, sharing, negotiating, and contracting, trusted architectures -- which represent a more thorough way to guard private intellectual property than law -- are increasingly threatening these social values.

We face the challenge of recommending the best form of future architectures for intellectual property to preserve these values in the future and return the scale to careful balance. A critical first step is to decide which aspects of the existing intellectual property law structure should be adapted to new technology of trusted systems, and which aspects of it are outmoded by trusted systems. In the recommendations we propose, we conclude that in most cases existing legal structure can be appropriately extended to Internet technology; but, that in some other cases the constructs of the real space law should not apply to cyberspace, and that the law should act to regulate trusted architecture.

We find social benefit in the "fair use" of information for criticism, comment, news, reporting, teaching, scholarship, research, and parody. Trusted systems can dictate the possibility of users having access to content material. Indeed, trusted systems enable copyright owners to choose readers. A trusted system that enables this sort of discrimination in audience limits criticism, comment, and parody. Copyright holders will probably not want to release protected works to those they suspect will criticize it. Trusted systems also can make copying and transferring material difficult and expensive. Unchecked, and without specific provisions built-in to protect fair use, the technology of trusted systems can quash fair use.

There are several potential and complementary solutions to protect fair use. The Digital Millenium Copyright Act White Paper suggests that for some fair use purposes it is not illegal to circumvent the technological protection of digital copy of every work. However, in the event that technologies become so efficient as to make any unauthorized circumvention impossible, there is no legal support for fair use. Another alternative is to use the law to impose legal requirements on trusted systems to include certain provisions that allow fair use. For example, the government can require that all trusted systems allow free access to students, teachers, and scholars, and that any agreement that prohibits this fair use would be invalid. Tax treatment could even be used to further encourage trusted systems to allow fair use, beyond minimal compliance with the law. Perhaps the government could grant tax deductions to firms that significantly facilitate the fair use of their protected works.

Another architectural solution would be a fair use site, which could be maintained by either the government or a non-profit entity. If providers did not want to build-in fair use to their own trusted systems, they could provide their materials on an outside system which scholars, teachers, and students could apply for passwords to access. This fair use site could set a limit of a certain dollar amount of access per year. If users wanted to extend this limit, they would need to demonstrate the purpose for allowing them access to more protected material. In this system, users would be hesitant to share passwords because this would limit the future amount of access they would be allowed. A digital library is another possible solution. Users would be allowed to "borrow" read-only materials for a limited time. After the time expires, the digital copy would be erased on their computers.

Sharing is another concern. Trusted systems have the potential to limit the sharing of information, but the value of sharing is worth protecting in cyberspace. In copyright law, the First Sale Doctrine limits the control that a copyright owner has over the public distribution of copyrighted work. While First Sale works well in real space, where there are physical obstacles to reproduction and distribution, it makes any transmission of data in cyberspace illegal by the letter of the law. When computers transmit data they make copies of the data which first sale prohibits. First sale, as a construct, is therefore not appropriate for extension into cyberspace.

A technical architecture that can preserve the values of sharing and fair use is more appropriate. There are many options for the form that architectures that preserve First Sale values might take. For works of authorship, it might be appropriate for the trusted architecture to allow a certain degree of copying, by allowing for a certain number of copies to be made of the original work. The architecture could even allow for a certain number of copies to be made from the original, but prevent copies from being made from copies. Perhaps this architecture could even be complemented with another provision which would preclude simultaneous use of more than one copy at a time, or which would only allow the copy to exist for a certain length of time before the trusted architecture denies access. In combination these provisions could come close to replicating the real world lending process that First Sale protects. The caveat for any trusted architectures we propose is that they in some way preserve the real world barriers of sharing and lending intellectual property. We need to make sure that sharing in cyberspace does not become so easy that it destroys the market or the incentives to create in the first place.

Time limits on protection are another concern with trusted systems. Copyright has a limited duration of the life of the author plus 50 years or 75 years for work-for-hire. (Note: Legislation passed this year extends this to life of author plus 70 years and 95 years) The concern is that trusted systems have the potential to control access to information for an infinite duration. If trusted systems were the only way to access the information, this could potentially keep expressive works and even knowledge from benefiting the public for an unreasonable length of time. The time limits on traditional intellectual property legal constructs are designed to offer incentives to produce original works by offering limited-in-time rewards to innovators. Traditional copyright protection for authors relates to the authors' lifetimes and can be justified by natural property rights. The infinite protection period that trusted systems could enable would not measurably increase incentives to create; quite the opposite, infinite protection would harm society by restricting information.

Some solutions to this for trusted systems include building into the architecture a tag to mark contents with an expiration date. Like a form of watermarking, this tag could release the content from protection after a certain time. This would be easy to extrapolate from existing copyright law for works-for-hire since duration is fixed, but more difficult for works of authorship since those are dependent on the life of the author. The expiration dates, therefore, should have a dynamic quality. Perhaps living authors or creators should have the option to choose to protect distribution rights, copying rights for any time up to a prescribed maximum duration measured from the time of creation.

Privacy is another value that trusted systems threaten. The Fourth Amendment -- which protects against unscrupulous search and seizure -- embodies the American belief in the importance of privacy. As with fair use, we need to carve into trusted system architecture provisions to ensure that we continue to protect privacy. In the specific context of access to copyrighted works, the ability to access works anonymously encourages wide-ranging consumption of intellectual material, without concerns and potential risks about centralized monitoring of access.

As a first step, providers should be required to disclose the extent to which their trusted systems protect privacy. This disclosure could be in the form of a tag which reveals how information provided by a user will be used by the provider, and very importantly whether the provider will grant access to private information to others outside the trusted system. We also think that the government should require that all trusted systems protect privacy, and actively prosecute the owners of trusted systems that do not provide adequate privacy protection. Certainly the government can set the standards for trusted systems by requiring companies which contract with the government to protect privacy to a specified degree. In pressing criminal charges against firms for failing to adequately protect privacy we need to guard that the government does not impede the development of potentially valuable technologies. The government should only press for criminal liability when the suspect trusted systems are widely deployed and operational. We need to be careful that litigation does not interfere with the process of innovation.

Another important force in privacy protection is to let consumers actively protect their own privacy. To encourage this, the government should allow and support the use of anonymous e-cash, especially for purposes of accessing reading materials about political issues or controversial topics. There are some types of goods for which the ability to trace sales to individuals finds compelling support. However, for the domain of editorial or literary materials the greater benefit to intellectual life of anonymous access outweighs the concerns about police enforcement, national defense, and terrorism that may have some validity in other domains.

Additionally, the government should play a part in informing consumers about the benefits to anonymous payment architectures. Presently there seem to mounting trends that favor building this sort of privacy provision into trusted systems. The European Community, for example, may not allow its members to trade electronically with American companies unless the U.S. firms strengthen the privacy protection they offer to electronic consumers. As a global leader, the United States needs to strengthen its support for privacy protection and set a better example for the rest of the world.

The right to contract is also challenged by trusted systems. The specific issue of concern regards adhesion contracts, or standard form contracts. While these sorts of contracts can reduce the costs of contract formation, the unilateral decisions favor the copyright owners, and are not subject to judicial oversight and may have negative implications for first sale and fair use. Trusted systems can require that users submit to terms of an agreement without bargaining in the exchange. Adhesion contracts confront with arguments for convenience and ease of use, the long-held values of freedom to contract and freedom to negotiate at the base of traditional contract law.

Solutions to remedy these issues include at a base level include some sort of clear notice requirement on all contracts. This is important in any contract, but especially so when there might be non-standard terms in a long adhesion contract. It would be appropriate for such non-standard terms to require an extra sign-off or confirmation by the user to ensure that the user is aware of their effect. New technologies, like DIVX for example, should clearly state the technological limitations they impose. Technical restrictions of the trusted system -- like a restriction on the ability to copy and paste or to print -- need to be disclosed and understood by users in advance. There are some potential judicial remedies. The courts should invalidate certain technical limitations enforced by trusted systems. By keeping an eye out for trusted systems which impose unreasonable terms, terms which conflict with fair use for example, the courts can be ready to ban these trusted systems.

While the law becomes less and less a means for intellectual property protection, it remains a crucial instrument to regulate the characteristics of the technical architectures which are replacing it. The law needs to set the requirements for trusted systems in order that the values of fair use, first sale, limited duration, contracting, and privacy are not quashed. To return a delicate balance to the public and private interests in intellectual property protection, we must ensure that provisions for important social values are incorporated into the technical architectures that control information. The law must prosecute and hold criminally liable any trusted architecture providers who fail to protect these values.


Return to conference page


Send comments about this site to 6805-webmaster@martigny.ai.mit.edu.


Last modified: December 2 1998, 10:35 PM