CHAPTER 42

PROTECTING DIGITAL RIGHTS: TECHNICAL APPROACHES

Robert Guess, Jennifer Hadley, Steven Lovaas, and Diane E. Levine

42.1 INTRODUCTION

42.1.1 Digital Rights

42.1.2 Patent, Copyright, and Trademark Laws

42.1.3 Piracy

42.1.4 Privacy

42.2 SOFTWARE-BASED ANTIPIRACY TECHNIQUES

42.2.1 Organizational Policy

42.2.2 Software Usage Counters

42.3 HARDWARE-BASED ANTIPIRACY TECHNIQUES

42.3.1 Dongles

42.3.2 Specialized Readers

42.3.3 Evanescent Media

42.3.4 Software Keys

42.4 DIGITAL RIGHTS MANAGEMENT

42.4.1 Purpose

42.4.2 Application

42.4.3 Examples

42.5 PRIVACY-ENHANCING TECHNOLOGIES

42.5.1 Network Proxy

42.5.2 Hidden Operating Systems

42.6 FUNDAMENTAL PROBLEMS

42.7 SUMMARY

42.8 GLOSSARY

42.9 FURTHER READING

42.10 NOTES

42.1 INTRODUCTION.

Ever since publishing and commerce were introduced to the digital world, the risks to intellectual property and to personal privacy in cyberspace have steadily escalated on comparable but separate paths. These paths have now converged. Unfortunately, many times, antipiracy efforts lead to possible breaches in personal privacy.

Efforts to stem the flow of pirated software worldwide remain mediocre in efficacy; piracy is still proving to be big business in the new millennium. According to the Business Software Alliance (BSA), a 2006 study shows that “thirty-five percent of the packaged software installed on personal computers (PC) worldwide in 2005 was illegal, amounting to $34 billion in global losses due to software piracy.”¹ This single-year loss equals 57 percent of the total for years 1995 to 2000 combined. Although the methods the BSA used to make this estimate have been criticized,² the problem is nevertheless significant for the software industry. Continuing piracy means lost jobs, wages, tax revenues, and a potential barrier to success for software start-ups around the globe.

At the same time, freedoms inherent in the Internet have made maintaining privacy of personal information a true challenge. Identity theft keeps rising, as more and more companies actively engage in the accumulation of customer data through e-commerce. By paying bills, checking medical insurance accounts, or completing taxes online, people are making their personal information available to be stockpiled, shared, and regurgitated to the point that simply “Googling” one's identity can be a real eye opener. Technologies that aim to prevent piracy have the potential to use this wealth of available personal information in a way that significantly erodes personal privacy. In particular, some of these technologies send personally identifiable information to servers on a routine basis (see, e.g., Section 42.4.2). The idea that a corporation—or a government—could be scanning what a specific person reads, listens to, or views is grounds for concern to civil libertarians.

42.1.1 Digital Rights.

In this environment of rapid change in both piracy and privacy, even the term “digital rights” is ambiguous. When software companies and music producers talk about digital rights, they mean the kinds of rights long protected by copyright, trademark, and patent law. When privacy advocates argue about digital rights, however, they may be talking about a completely different thing: that an individual does not forfeit personal rights, including the right to privacy, merely by turning on a computer. This chapter's primary focus is on technologies designed to protect traditional rights of content producers, but it also enumerates areas where those technologies threaten personal privacy.

42.1.2 Patent, Copyright, and Trademark Laws.

There are differences among the applicable laws and the materials they protect.

Patents give owners exclusive rights to use and license their ideas and materials; patents generally protect nonobvious inventions in mechanical and electrical fields, as well as those that can be embodied in computer software and hardware.

Copyrights give owners the exclusive rights to create derivative works, to reproduce original works, and to display, distribute, and conduct their works. Copyrights apply to original works of authorship including paintings, photographs, drawings, writings, music, videos, computer software, and any other works that are fixed in a tangible medium. Copyrights, their infringement, and remedies are described in the Copyright Act of 1976.

Trademarks give owners the right to restrict the use of distinctive marks in certain contexts. These rights may apply to words, sounds, distinctive colors, symbols, and designs.

For an extensive discussion of intellectual property law, see Chapter 11 in this Handbook.

42.1.3 Piracy.

Once thought of as a mere copyright infringement of printed matter or production of a counterfeit audiotape, piracy has grown with technology and has expanded to encompass intellectual property, digital data, DVDs, CDs, VHS, analog and high-definition TV, and streaming media.

There are several types of piracy. End user piracy occurs when end users use a single copy of software to run on several different systems, or when they distribute copies of software to others without permission of the software manufacturer. Reseller piracy occurs when unscrupulous resellers distribute multiple copies of a single software package to multiple customers, preload the same software on multiple systems, or knowingly sell counterfeit software to customers. Internet and bulletin board (BBS) piracy occurs when users download and upload copyrighted materials and use it or make it available for use by others without proper licenses.

To understand why and how piracy occurs and the enormous impact on society worldwide, we need to have a clear understanding of what we mean by the word “piracy.” Whenever information is created and published in print, on the Internet, or incorporated into software, that information may be protected by copyright, patent, or trademark law. This principle applies to a broad spectrum of material that includes, for example, the Wright Brothers' specifications for their “Flying Machine”; Microsoft Windows software; the icon Mickey Mouse and all related materials; television shows, plays, movies, and music created and performed live and on recordings. Making unauthorized copies of such material in any medium is referred to as piracy.

In 2000, the Software & Information Industry Association (www.siia.net) found that 91 percent of software for sale on Internet auction sites like Yahoo!, eBay, Excite, and ZDNet is pirated. SIIA initiated action against a total of 1,016 companies during that year. Enforcement efforts have grown more effective recently; in 2006, two major data pirates were given record jail terms and fines. One was given 7 years 3 months in jail and was ordered to pay $5.4 million in restitution for illegally selling over $20 million in copyrighted software via text ads on Google.³

42.1.4 Privacy.

As in many aspects of security, end users are now being called on to protect their online (and off-line) identities through diligent monitoring of financial activities and through awareness programs focused on personal rights, laws, and obligations of Internet use. The average Web user today can create and publish a blog or personal video to the Web faster than that same user can apply software patches to a desktop PC. So widespread is this new facility that the law has yet to catch up with the needs and expectations of the users in online society. It is difficult to keep data private when—with a mouse click—it is easy to share personal information with the whole world.

Beyond bad personal habits that reduce privacy, however, a whole new class of applications termed “Digital Rights Management” (DRM) collects more personal in-formation than ever before in an effort to reduce improper use of copyrighted material. DRM products may record and report on an individual's Web-browsing habits, types of files created and accessed by a particular program, number of uses of a particular file or program, source IP address of the user's system, and presence (or absence) of a license for a program. In the name of protecting digital rights for content producers, the consumers of this content are being cataloged and tracked in a way that the framers of copyright laws would have been hard-pressed to imagine.

For extensive coverage of privacy issues on the Internet, see Chapter 69 in this Handbook.

For a glossary of terminology used in discussing digital rights management, see Section 42.8.

42.2 SOFTWARE-BASED ANTIPIRACY TECHNIQUES.

A variety of software-based technical approaches are used to prevent inappropriate use of copyrighted and otherwise protected material in an organization's networks and on the public Internet. Current methods include ensuring proper configuration of operating systems, monitoring of installed software, encryption of content, and insertion of some sort of key or identifier in the digital product itself.

42.2.1 Organizational Policy.

Controls in free-standing commercial applications represent only one of the technical means to protect digital content. Existing system controls are also useful in this regard. Operating system access controls can specify who can access particular content, while encryption supported by the OS and other applications can limit access to users who possess the appropriate key. More generally, organizational policy should specify good practices in configuring operating systems and applications in order to help protect content. Such policy includes:

• Allow users to install only software that is necessary.
• Encrypt information that should not be publicly viewable.
• Install software with the lowest possible privilege consistent with the ability to do its job.
• Disable active content (Java, JavaScript, ActiveX, cookies, etc.) wherever feasible.
• Use network operating system access controls to limit access to shared, copyrighted media to members of the organization for whom licenses are purchased.

42.2.2 Software Usage Counters.

Software metering has been popular for several years. Special software monitors system usage and inventories the software on the system or network. This type of software also can be used to block or limit the use of specific software, such as browsers and games. In addition to fighting piracy, it can reduce the load on IT personnel by reducing complications due to use of unauthorized software.

42.2.2.1 Controlling Concurrent Installations.

Software metering products can monitor concurrent installations even on networks used by people in different geographic areas who have different requirements and different software installed. The metering software permits an administrator to maintain a live and updated inventory of the software installed at different locations on the network. The logs show where installation has taken place, when the licenses expire, and when updates are necessary. Alerts can be set to notify system administrators when a license is about to expire or when an update has been accomplished.

42.2.2.2 Controlling Concurrent Usage.

Software metering allows net-work administrators to identify and resolve cases of illegal installation of unauthorized copies of authorized software and also to catch people who install unauthorized software on the organization's computers. Metering software also allows a company to report and analyze logon and logout times, track software usage, and meter software licenses to keep those in the company legal. In addition to avoiding legal entanglements, monitoring can reduce the demand on system resources, network bandwidth, and technical support staff.

42.2.2.3 Examples and Implementation.

Microsoft announced in 2000 that to combat piracy, new releases of the Office 2000 program would include a counting feature making the programs malfunction if the owner had not registered the software after launching it 50 times.⁴ Prior to this announcement, Microsoft published antipiracy literature and provided a great deal of consumer education regarding the effects of software piracy on society; it established, as well, a piracy hotline (1-800-RU-LEGIT). Novell (1-800-PIRATES), Adobe, and Xerox are other companies that have vigorous antipiracy programs in place, although they have not yet announced that they are building metering into their products.

Metering software requires a bona fide license in order for it to be implemented. Typically, companies establish CD-ROM keys that are printed on legitimate copies of their product installation discs or jewel cases. The keys include checksums or message authentication codes that can be checked by the installation routines. The algorithms for the checksums are intended to cause difficulty for people trying to create counterfeit keys. The security of such measures depends on the cryptographic strength of the validation keys.

Software counters for controlling concurrent usage need to store information securely so that each load operation increments a counter and each unload operation decrements it. However, the security problem is to store this information in such a way that unauthorized people cannot modify it easily. Encrypting the data in a complex sequence of operations can stop most abuses of the system by making the effort required for circumventing the mechanisms more costly than buying a license.

More recently, copies of the Windows Vista operating system must be registered (Microsoft calls this “activating” a copy) soon after installation, or they will go into “reduced functionality mode,” in which basic functions are available for only an hour of operation before logging on again.⁵ For single-copy home use, Vista relies on a license key encoded on the installation medium. For enterprise deployments of Vista, an organization needs to run key servers to allow the registration to occur.⁶

42.3 HARDWARE-BASED ANTIPIRACY TECHNIQUES.

Working on the theory that software is prone to misconfiguration and compromise, antipiracy groups and researchers have experimented with a variety of hardware-based approaches to preventing inappropriate use of protected content. These techniques include dongles and specialized readers attached to the reading hardware, evanescent media designed for viewing or playing only a limited number of times, and software keys incorporated into the media and the reading hardware.

42.3.1 Dongles.

Dongles are hardware lock devices or modules that connect to a computer and communicate with software running on the computer. Without a dongle in place, the external device or regulated software does not work fully, or at all.

Initially, dongles controlled printing. With a dongle installed on the computer, no one could print data from the computer without authorization. However, there is now a necessity for protecting all types of devices. Now dongles are used to protect scanners; external drives (e.g., ZIP drives); CD-ROMs and rewritable CD-ROMs; DVDs and DVD-Rs; VHS recorders; Playstation, Nintendo, and Sega video gaming systems; and even personal digital assistants (PDAs).

The most common type of dongle provides a pass-through port to connect a device cable. Generally a dongle incorporates some type of algorithmic encryption in its onboard microelectronic circuitry. The sophistication of the encryption varies depending on the manufacturer and the device. Many dongles provide additional onboard nonvolatile memory for the software to access. Some models even have real-time checks that keep track of date and time information, including when an application's license (temporary or leased) is set to expire.

Dongles provide some definite advantages:

• Because a dongle is an external device, it is fairly simple to install and uninstall. Early dongles used serial or parallel ports, but USB has become the norm in recent years. In most cases, since manufacturers support their devices, an ordinary user can install and use a dongle without help from an IT department.
• Dongles also require registration, which provides adequate control over the use of the dongle and thus provides legitimacy to both the device and the users. Registration (dependent on the contract in place) may provide support for both the software and the hardware.
• Dongles that support encryption provide an extra layer of protection by making transmitted data indecipherable until it reaches its destination, unless the hardware is in place.

There are also disadvantages to using dongles:

• Consumers resist the requirement for installation, maintenance, and additional cost. Most large corporations do not use dongles for their products.
• Dongles can be lost or stolen, and they also may fail.
• Sometimes a dongle will work well with a slow computer but cause errors when installed on a faster computer.
• Since not every manufacturer automatically replaces lost or stolen dongles without charge, there may be additional costs involved in getting replacements.
• Dongles can present a serious risk-management problem for critical applications where delays in obtaining replacements or registering them may be unacceptable.
• As with any device, there can be a serious problem if the dongle manufacturer ceases to support the model of dongle a company has installed or if the manufacturer goes out of business entirely.
• Laws regarding encryption usage differ in various countries. Specialized dongles that may be legal to use in the United States may be illegal in another country.

42.3.2 Specialized Readers.

One of the impediments to illegal copying used to be the difficulty and cost of obtaining specialized hardware and software for reading and copying proprietary materials with fidelity. However, today such copying equipment is inexpensive and easy to find. In addition, the media for distributing illegal copies are less expensive than ever.

42.3.2.1 Audio.

According to the Recording Industry Association of America (RIAA), the global audio industry loses in excess of $4 billion every year to piracy worldwide.⁷ RIAA says that $1 million a day, in just physical product, is lost in the United States alone. The loss of ancillary revenues drives the figures higher. But the RIAA claims that these figures are low, since it estimates that in some countries up to 98 percent of the music in use comes from illegal copies.

As part of an industry-wide, organized approach to highlighting and reducing the music piracy problem, the RIAA has taken a very active role in pursuing legal action against suspected pirates. Through the 1990s and continuing into the current decade, the biggest problem with audio piracy was illegally copied CDs. In 1998, for example, the RIAA confiscated 23,858 illegal CDs in the first half of the year. In that same year, Operation Copycat—a joint investigation by RIAA, the Motion Picture Association of America (MPAA), and the New York Police Department—saw the arrest of 43 CD pirates and the shutdown of 15 illegal manufacturing locations. Many of the CDs seized in these types of operations apparently came from Asia and Eastern Europe, financed by organized crime operations with ties to drugs and prostitution.⁸ By 2002, even corner convenience stores were contributing to the problem, providing coin-operated CD copying machines akin to photocopiers, along with the familiar posted warning transferring liability to the user.⁹ Given the enormous profits involved, the problem has been simply too large and widespread for law enforcement to control. In 2005, the RIAA seized approximately 5 million illegal CDs.¹⁰

More recently, the RIAA has focused on the problem of music files illegally shared across the Internet. Using free software, sometimes already bundled into commercial operating systems, anyone can download music tracks and burn CDs. The MP3 music file format has become a ubiquitous way to share music with others. The RIAA originally protested against MP3 players, but the phenomenal success of personal digital music players, particularly the Apple iPod, has rendered such efforts futile. Some musicians and independent record labels have adopted the MP3 format to promote their records, showing that the technology itself has no inherent ties to piracy. These musicians and recording studios claim that they are happy with consumers downloading the music, and they are at odds with the RIAA.

Some musical groups have even experimented with severing ties with the traditional music industry altogether, using Web sites and social networking services to advertise and distribute digital music files directly to their listeners.¹¹ As more musicians begin to use the Internet either in addition to or in lieu of traditional distribution models, the very model of music distribution is in flux.

Meanwhile, the music industry continues to face serious financial loss due to illegal downloading. The industry, through the RIAA, has been pursuing legal remedies. Some major lawsuits have achieved significant press coverage and have been instrumental in enforcing or changing existing laws or in helping develop new laws. For instance, deliberate copyright violations resulted in an award of $50 million in statutory damages and $3.4 million in legal fees to Universal Studios in a suit against the MyMP3.com music service. MyMP3 created a database of over 80,000 albums, which, when combined with the MyMP3 software, let users access and store music digitally, without paying a fee.

Perhaps the most recognizable name in the music field in regard to piracy at one time was Napster, a site that enabled individuals to share tracks of music via the Internet. The site provided free downloadable software for downloading and playing MP3 files. Essentially, Napster software turned a user's PC into part of a distributed server network that published available music files. It did not take long for the site to acquire a user group of millions of people who after “sampling” the music might then go to a store and buy the entire CD.

However, since the Napster site did not limit the length of the download, many users simply downloaded the entire track. Most never bought the commercial version of the music. Adding to successful piracy attempts was the development and ready availability of rewritable CD drives. More and more Napster users decided to download the music tracks they wanted and then burn their own CDs without ever purchasing the CDs made by the recording artists and music companies.

Creating a stir in the industry and ultimately a landmark judicial case, Napster was forced to radically alter operations in March 2000 after protracted court proceedings. Upon the verdict, Jack Valenti, president and chief executive officer of MPAA, commented that the consumer would benefit most from the court's decision because “You cannot take for free what belongs to someone else.”¹² But the subject of Napster and audio piracy remains highly controversial. Although some people argued that little-known artists received exposure that they may never have gotten without the free file-sharing service, others, especially large music companies and recording artists, argue that they were being denied the royalties they deserve.

Napster attempted to re-create itself as a pay-for-subscription music download service but found record labels unwilling to work with it. In 2002, Napster folded; the name was eventually purchased by Roxio, Inc. to rebrand its own subscription service. In the meantime, other peer-to-peer (P2P) file-sharing protocols and applications appeared to fill the void left by Napster. By the time the iTunes Music Store emerged as a powerful contender with music company backing and with copyright protection, the world of free file sharing was reinvigorated by names such as Gnutella, FastTrack, Grokster, Limewire, and Kazaa.

Over the last few years, the music industry has identified universities as fertile ground for pursuing illegal downloading activities. In 2007, the RIAA launched a new round of attempts to bring music pirates to justice, sending letters offering to settle with students identified as probably sharing copyrighted files, in advance of any trial.¹³ The RIAA's tactics have been raising hackles in the higher education community, with opponents criticizing the letters as bordering on extortion. Some universities are refusing to forward the letters to students; one university agreed to forward the letters, but promised to bill the RIAA $11 for every letter to pay for its staff time.¹⁴

42.3.2.2 Video.

On the video side, Scour, Inc., provided free downloads of digital movies as well as software allowing users to share the downloaded files among themselves without the use of a central server. With an easy-to-use interface and quick response time, Scour.com became quite popular in a short period of time. Launched in 1997, with a Web search feature added in 1998 and a subsequent P2P tool, Scour eventually attracted negative attention from the movie and music industries. In July 2000, MPAA, RIAA, and the National Music Publishers Association (NMPA) sued Scour, accusing it of large-scale theft of copyrighted material and of trafficking in stolen works. By November 2000, the company was out of business.¹⁵

This case did not stop the counterfeiting of video media. Despite increasingly steep fines, judicial rulings, and even raids by various law enforcement agencies, counterfeit video is readily available. Along Fifth Avenue in New York City, for $5 to $10 anyone can buy the latest films and DVDs; in markets in Hong Kong, Southeast Asia, and India, the copies are even cheaper. It is true that some of the copies available may have been “legally produced,” but it is more than likely that the counterfeit or bootleg copies were made illegally from a master copy that was either borrowed or stolen.

Advances in consumer electronics help the trend, as many PCs now come with a recordable/rewritable DVD player as a standard component. Arguments about legality of time-shifting and space-shifting that once defended the practice of making personal mixes on audiocassette have now moved to the realm of digital video.

42.3.2.3 Television (Analog).

Broadcast television has been one of the most successful technologies in history, and financial interests are still huge, despite the growth of cable and satellite services. In January 2000, major television companies, the National Football League, and the National Basketball League all filed complaints against iCraveTV, a Canadian company that had been in existence for only a year.

According to the complaints, iCraveTV was illegally using broadcast television signals without authorization or payment and streaming the signals to the iCrave Internet site for viewing free of charge. Although this practice apparently did not violate Canadian copyright laws at the time, U.S. judges ruled in February 2000 that the unauthorized transmissions of broadcast signals into the United States via the Internet were a direct violation of U.S. copyright law, and iCraveTV was ordered to stop the practice. Shortly after iCraveTV agreed to an out-of-court settlement, the Web site was shut down and iCraveTV went out of business.¹⁶

Hacking cable decoders is another technique for obtaining services without paying for them. Although it is not illegal to buy, install, or modify equipment for converting encoded cable TV signals from pay-per-view or other commercial suppliers, it is illegal to use such set-top decoders to obtain services without paying for them.

In the United States, Congress has mandated that after February 17th 2008 all TV stations must transmit in digital format (DTV) only.

42.3.2.4 Television (HDTV).

The first television image was created in 1884 when Paul Nipkow created a mechanical scanning disk. With only 18 lines of resolution, the picture was poor. Current National Television System Committee (NTSC) standard TV transmissions are done with bandwidth that does not exceed 6 MHz. The current analog system broadcasts 30 frames per second and 525 lines per frame.

High-definition television (HDTV) is a digital television system that offers twice the horizontal and vertical resolution of the current TV system. HDTV has the ability to deliver a video composed of approximately 1,125 lines per frames and 60 frames per second. Viewers then see a picture quality close to that of 35mm film. Obviously, transmitting images containing that large amount of audio and video information requires wide bandwidth, actually about 18 MHz. Such bandwidth would permit the transmission of 1,050 lines of 600 pixels per line. However, the Federal Communications Commission (FCC) decided to limit HDTV to a 6-MHz maximum bandwidth. In order to meet that requirement, MPEG compression would be used.

MPEG compression applies algorithms to pixel groups and records information that changes within a frame, rather than all of the information in all of the frames. Audio is synchronized to the video. Using MPEG saves storage space and transmission requirements while retaining high image and sound quality. According to the Advanced Television Committee Standard (ASTC), the FCC will require that audio and video compression as well as the transmission of HDTV terrestrial signals follow this standard.

As with all other transmissions and media, there are serious concerns about piracy of HDTV transmissions and programs. At the present time, even though many TV transmissions are scrambled in order to thwart reception, it is fairly simple, although illegal, to purchase a descrambler and unscramble the transmissions. It is, however, legal for home viewers to record programs for their own personal use.

The HDTV market space has been evolving, and consumer demand for HD-capable devices has exploded over the past several years. Attempts by U.S. television producers to protect themselves and their content using a variety of scrambling and encryption schemes, including content scrambling systems (CSSs), have been made difficult by the frequent changes in hardware and signal formatting that have accompanied this rapid market expansion.

Encrypting terrestrial broadcast television programming would secure the transmissions, but according to the Home Recording Rights Coalition (HRRC), such encryption will threaten established home recording rights. The HRRC contends that Section 1202 (k) of the Digital Millennium Copyright Act provides a carefully balanced approach to analog home recording rights and stipulates that mandated technology may not be applied to interfere with consumer recording of free, over-the-air terrestrial broadcasts.

Furthermore, the HRRC contends that encrypting the free television broadcast content will create very little incentive for consumers to switch from regular analog to digital television. Instead of thwarting digital pirates, the HRRC contends that strong encryption will impose unfair and even illegal restrictions on consumers.

42.3.2.5 Consumer Acceptance of Specialized Readers.

Illegal sharing of copyrighted content is common across the Internet. When the Software Publishing Association (SPA) was first formed, the group, together with law enforcement agencies, raided the physical premises of companies believed to be using pirated software. As a result of finding quantities of the pirated software, SPA won many legal actions and related settlements.

Some people see encryption as a challenge and work at breaking the algorithms so they can pirate the data—digital, video, or audio. In addition, the lack of standardization of laws throughout industries and countries has led to controversy and ongoing piracy.

Although average consumers do not think of themselves as intellectual property pirates, many otherwise honest citizens do get and use illegal programs, applications, games, audio tracks, CDs, DVDs VHS, and television signals. This situation might be attributed to a lack of ethical education, but many people like to save money and simply do not believe they will be caught and punished for such pilfering. A 2001 study by the Pew Internet & American Life Project, based on phone interviews with 4,205 adults 18 and over, some 2,299 of whom were Internet users, suggested that around 30 million U.S. residents had downloaded music from the Internet.¹⁷ At that time, the phrase “had downloaded music from the Internet” was basically equivalent to “had illegally downloaded music from the Internet,” since legal means of doing so had yet to evolve.

Since that report, Apple's 2001 announcement of its iTunes and iPod products, and the 2003 launch of the iTunes Music Store, began a movement to provide consumer-friendly ways of downloading music that also give compensation to copyright owners. iTunes uses device authentication and proprietary encoding formats to limit redistribution of downloaded songs and videos. Despite—or perhaps because of—Apple's attempts to comply with copyright laws, it is clear that Apple filled a perceived need in the market, as it has generated both a host of competitors and substantial sales. Consumers downloaded the first million songs from the iTunes Store in five days, and the overall market for digital music has grown to at least $790 million per year. At $0.99 per song, downloads from the iTunes Music Store passed the $1 billion mark on January 23, 2006.¹⁸

42.3.3 Evanescent Media.

There are many interpretations of the term “evanescent media.” The broad interpretation includes digital imaging, optics, multimedia and other electronic art, and data that are short-lived or transitory. When such media are original, creative works, society has an interest in protecting them against piracy.

Since most evanescent media involve some visual aspects as well as text, antipiracy techniques now being used or considered for other types of data may be applicable. Such techniques include previously discussed dongles, software keys, watermarks, encryption, and digital rights management. Part of the problem in electing and implementing a solution is the lack of existing standards that specifically deal with this new area of art and science.

42.3.4 Software Keys.

Software keys of various kinds are used to secure data and equipment. A software key is generally a string of numbers that is used for identification purposes, either to allow access to the use of equipment or to permit authorized printing, processing, or copying of data. As described earlier in the discussion of dongles, most anticopying hardware devices are accompanied by software that works in tandem with the hardware. A software key activates or deactivates the hardware lock. When the software is working perfectly, there are generally no difficulties. However, all software can malfunction, and when that happens, there can be serious problems in getting equipment to work. Additional problems occur when the computer containing the software key malfunctions, and the software key cannot be made to work on a replacement machine.

42.3.4.1 Videocassettes versus Copy Machines.

Watermarking is one of the techniques being seriously considered for protecting videocassettes and DVDs. In 1995, the ASTC formed a Copyright Protection Technical Working Group, which spun off a special Watermarking and Embedded Data Encoding subgroup. The group has broad representation including representatives from the PC market, the Macintosh market, the MPAA, the Consumer Electronics Manufacturers Association (CEMA) and related manufacturers, technicians, and users. Their task is to look for technologies and services that might use hidden data clues as a means of inhibiting or barring digital piracy. Using a hidden watermark that can be embedded in the content would then prevent machines from making copies or would alert the operator that the videocassette is marked and that unauthorized copies would be considered pirated.

42.3.4.2 DVD Area Encoding.

Digital video requires very large storage space—too large for a single CD to hold. However, by applying compression techniques, the digital video can be compressed to fit into the digital videodisc's maximum capacity of 17 gigabytes. Two different types of compression are used for encoding audio and video content for DVD: constant bit rate (CBR) and variable bit rate (VBR) compression.

In order to prevent piracy of the content of the DVD, many companies are turning to encryption. The compressed data are encapsulated through a mathematical algorithm that can be decrypted only through the use of a decryption key.

42.3.4.3 Implementation.

For shorter programs, CBR is ideal. Based on MPEG-2 encoding, CBR compresses each frame of audio and video by a user-selected amount. This degree of compression is then applied to the entire program. Using VBR, it is possible to create a database of video content based on the amount of change in each frame or scene. This is particularly useful in programs with a long format. To construct the database, the encoding software does several analytical passes of the master footage and then makes a final digitizing pass. From the created database, the computer can encode the video with a variable data rate allowing a higher bit rate for scenes with pans, zooms, and fast motion and giving scenes with little or no motion low data rates. By greatly compressing the areas of lower detail, areas of higher details can be allocated more space and use less compression.

42.3.4.4 Watermarks.

Watermarking involves embedding one set of data inside a larger set of data. The embedded set of data identifies the origins or ownership of a specific work, just as a watermark does on paper.

Using digital watermarks can help copyright owners track the use of anything digital, including music, movies, photographs, and clip art. Digital watermarking is widely used for protecting images. For instance, photographers often post low-resolution (low-res) versions of their photos on public Web sites and use visible digital watermarks to clearly label the low-res images as copyrighted. Upon payment of the appropriate fee, the customer receives the high-resolution version of the photo, presumably with at least any visible watermarks removed. The use of invisible watermarks to prevent undetected sharing after purchase of digital content is more controversial and more prone to questions about reliability of detection; for instance, how many false positives and false negatives will occur? Additionally, there is the question of survivability of the mark itself as it is run through various transformations.

The music industry flirted with digital watermarking to protect music files beginning in 1998 with the formation of the Secure Digital Media Initiative (SDMI), a consortium of technology, security, and music organizations. The SDMI developed several watermarking schemes, and in 2000, it offered a reward to anyone who could crack the code and remove the watermark from a song protected by SDMI's technologies. The Electronic Frontier Foundation asked the Internet community to boycott the contest, stressing that the use of DMAT (Digital Music Access Technology) would mean that manufacturers and users would be forced to adopt the DMAT format in equipment and would create additional costs for manufacturers and consumers. A team of researchers, led by Princeton professor Ed Felten, was able to remove the invisible watermarks. When Felten attempted to publish the results of his process, attorneys for SDMI threatened to sue him under the Digital Millennium Copyright Act (DMCA). SDMI never filed suit, but Felten himself sued for a declaratory judgment to clarify the matter. Felten's suit was dismissed by a federal judge, but not before the government and the RIAA agreed that researchers should not be punished under the DMCA for testing technologies to protect copyright.¹⁹ The SDMI has been inactive since 2001.²⁰

42.3.4.5 Resistance to Reverse Engineering.

Reverse engineering allows a programmer to work backward from the finished program or product. Encryption keys can be extracted by reverse engineering playback software. Reverse engineering can circumvent most antipiracy solutions. As a result, manufacturers of antipiracy software and hardware are strongly opposed to permitting reverse engineering. The DMCA does allow reverse engineering, but the provisions of DMCA were not intended to enable the circumvention of technical protection measures (TMPs) in order to gain unauthorized access to or to make unauthorized copies of copyrighted works.

42.3.4.6 Published Attacks.

The most notable attack on a software key took place when a licensee of CSS neglected to encrypt a decryption key. Obtaining a key by reverse engineering the XingDVD from Xing Technologies, the hackers were then able to guess many other keys. This left the hackers with a collection of decryption keys; even if the XingDVD key was removed, they could still copy DVDs by using the other keys. Using the results of this compromise, a group of people including the Norwegian teenager Jon Lech Johansen developed a program called DeCSS to decrypt CSS-encrypted DVDs and play them on Linux machines.

A variety of groups, including the DVD CCA, sued Johansen for publishing tools to subvert copyright protection. Johansen was acquitted twice in Norwegian courts. As of 2007, all remaining lawsuits against him have been dropped,²¹ and a number of programs like DeCSS are freely available across the Internet.

42.4 DIGITAL RIGHTS MANAGEMENT.

Recognizing that piracy is a huge moral and financial problem, software developers have adopted and modified another type of system that can be applied to print, audio, video, and streaming media. Called Digital Rights Management (DRM), the system was originally devised to protect proprietary information and military information. The idea behind the system is to protect all types of intellectual digital content from anyone who would take it without the consent of the developer(s) or owners. Major companies like Microsoft, Adobe, and IBM are developing and marketing DRM systems, and dozens of smaller companies are springing up.

42.4.1 Purpose.

The purpose of DRM is to protect all digital content that originators or owners want protected. DRM permits distributors of electronic content to control viewing access to that content. The content can be text, print, music, or images. Basically, DRM systems use a form of customized encryption. When an end user purchases viewing, listening, or printing rights, an individual “key” is provided. The system works on rules, meaning that although a key is provided, it generally comes with limitations regarding the copying, printing, and redistribution.

Unfortunately, there is no agreement on a DRM solution. Lack of standards is hampering businesses from moving forward with online business initiatives. Because there are so many companies promoting their own incompatible forms of DRM, customers will have to download megabytes of code for each version. Maintaining, upgrading, and managing all of those different versions are major headaches for customers. There does not appear to be a simple solution; rather than being a technology issue, it is really a matter of business and politics.

42.4.2 Application.

Typically, when users become prospective owners of digital rights, they download a content file. The DRM software does an identity check of users, contacts a financial clearinghouse to arrange for the payment to be made, and then decrypts the requested file and assigns users a key. The key is used for future access to the content.

Because the system works on rules, it is possible to impose restrictions. One user might pay just to view material, while another user might want to have printing privileges. A third user might want to download the content to his or her own machine, and, finally, a fourth user might want to have viewing privileges for a specified time. The four different authorized users would thus use the same content, and each would pay according to a rate scale established by the content distributor. Throughout all of the transactions, each user would need a mechanism that allows secure transmissions and identifies that user and the associated level of access privileges.

Although this approach to publishing may sound fairly simple, it is really quite complex. In addition to arranging for different users to access material according to the set rules and to pay according to a rate schedule, it is also necessary for content distributors to handle the back end of the application. Everyone involved in the creation, production, and distribution of the content has to be paid fairly for the use of the content.

Payment is especially important as more and more content providers digitize materials that they can show or print on demand. Many users will read books online, but some physical printing on paper will continue. However, publishers will be able to print precisely those volumes that are requested. This approach will provide customized printing (e.g., large-print editions) as well as saving paper and physical warehouse storage space.

42.4.3 Examples.

Several different types of DRM systems exist. Experts agree that the best DRM systems combine both hardware and software access mechanisms. With the advent of the eBook, the digital pad, PDA modems, Internet access devices, and increasingly smaller laptop computers, tying access rights directly to storage media gives publishers and distributors control of where the content is being used as well as by whom.

With the passage of the Electronic Signatures in Global and National Commerce Act, referred to as the E-Sign Bill and the increasing use of digital signatures, original documents (e.g., legal, medical, or financial) will be stored digitally. President Clinton signed the E-Sign Bill on June 30, 2000, in Philadelphia's Congress Hall using a ceremonial pen and a digital smart card. The bill went into effect on October 1, 2000. The E-Sign Bill gives an online signature (a John Hancock) the same legal status as a signature etched on paper and makes the digital document the original. Any printout will be considered a copy so the ability to view documents and videos (e.g., living wills) digitally will actually give the viewer access to the original. Eventually, records for medical treatment and documents for trials may be totally digital and may require submission and viewing digitally. When this becomes the norm rather than the exception, strict adherence to DRM in order to maintain privacy, as well as to provide restitution, will be paramount. In addition, such content-protection schemes will prevent unauthorized modifications of the digital data that would otherwise contribute to fraud.

For example, IBM has released antipiracy technology called the Electronic Media Management System that allows for downloading music tracks but puts controls on how many copies can be made or allows for a copy length limitation to be inserted. Thus, a minute of music could be downloaded to give a listener a taste, but not a chance to pirate the entire music track. To obtain the entire track, the user would be required to pay a fee.

Microsoft distributes free software that embeds metatags in each audio file. The metatags refer back to a central server in which the business rules are stored. This approach requires that material be tagged as it is created; otherwise, if it is released without the embedded tags, it can be illegally copied.

Major companies like Xerox, Microsoft, IBM, and Adobe got heavily involved producing and using this software in the 1990s, and many smaller firms opened shop. As with other new technology launches, eventually many of the small entrants went out of business or were bought by larger firms. Some of the small companies, such as ContentGuard (www.contentguard.com) and Pay2See (www.pay2see.com), continue to exist independently, as of this writing.

42.5 PRIVACY-ENHANCING TECHNOLOGIES.

Although DRM may seem to be a valid solution for the piracy problem, dissenters feel that DRM and other antipiracy measures give producers and distributors too much control. The rationale is that excessively restrictive rights management may undermine the fair use rights of consumers and academics. Partly as a result of these conflicting viewpoints, many consumers are making increasing use of privacy-enhancing technologies (PET), abroad term for a range of technologies designed to hide the identity and activities of individual users and computers as their traffic traverses the Internet.

42.5.1 Network Proxy.

One broad class of tactics and tools used to enhance privacy is based on the concept of a network proxy. In its most general form, a proxy takes a network connection request from a client and redirects it to the ultimate destination, changing the address headers to make it look like the original request came from the proxy itself. When the destination server responds, the proxy returns the results to the requesting client. Proxies have long been used within organizations, both to protect internal users as they make requests to untrusted networks and to track and sometimes block access to undesirable content. For more details on the use of proxies in Web content filtering and monitoring, see Chapter 31 in this Handbook.

More recently, proxies have been employed outside the bounds of corporate networks to allow anonymous connections across the Internet. These so-called anonymizing proxies sometimes use encryption to hide the traffic in transit and so also provide protection from traffic analysis. Anonymizing proxies are a serious threat to organizations that desire (or are required by law) to monitor and block users from accessing certain kinds of information. More advanced versions of this concept use multiple routers to hide the path that a request takes through the public network. As a general class, these are known as mixing networks. One example described as early as 1981 is the Chaum Mix.²² Recently, a concept known as onion routing has become popular in its incarnation as TOR (The Onion Router), which uses nested layers of traffic encryption as a session travels from one router to the next.²³ See Chapter 70 in this Handbook for further information about anonymity on the Internet.

42.5.2 Hidden Operating Systems.

Rather than relying on network technologies, some users are choosing to make their actions on the network private by using hidden operating systems. Two basic approaches are common: the virtual machine and the bootable system.

A virtual machine is a system that runs within another operating system. Long used for cross-platform compatibility and the ability to run multiple systems on a single hardware platform, virtual machines, such as Java Virtual Machine, VirtualPC, and VMware, are also used to hide activity from those who would disapprove of it (system administrators, parents, law enforcement, etc.), since the activities of the virtual machine can be made invisible to the host machine.

The bootable system approach, however, stores an entire operating system on some sort of bootable medium, such as a CD or USB device. If a computer can boot from such media and store downloaded content to a peripheral device rather than the host operating system's hard drive, then no record of the usage will remain when the host is next booted up.²⁴

42.6 FUNDAMENTAL PROBLEMS.

A number of experts have pointed out that there are fundamental flaws in all the methods for preventing illegal copying of digital materials as described in this chapter. Bruce Schneier, a respected cryptographer, has repeatedly explained that all digital information must be converted to a cleartext (unencrypted) form before it is displayed or otherwise used. Schneier calls this “the Achilles' heel of all content protection schemes based on encryption.”²⁵ Because the cleartext version has to reside somewhere in volatile or nonvolatile memory for at least some period of time to be usable, it is theoretically possible to obtain a copy of the cleartext version regardless of the complexity of the methods that originally concealed or otherwise limited access to the data. For example, if a DVD movie using complex regional encoding is to be seen on a monitor, at some point the hardware and software that decoded the DVD have to send that data stream to a monitor driver. The decoded data stream is vulnerable to interception. By modifying the low-level routines in the monitor driver, it is possible to divert a copy of the raw data stream to a storage device for unauthorized replay or reconstitution. Similarly, a system may be devised to prevent more than one copy of a document from being printed directly on a printer; however, unless the system prevents screen snapshots, a user can circumvent the restrictions by copying the screen as a bit image and storing that image for later, unauthorized use. Although hardware devices such as dedicated DVD or CD players may successfully interfere with piracy for some time, the problem is exacerbated under the current popular operating systems that have no security kernel and thus allow any processes to access any region of memory without regard to security levels.

42.7 SUMMARY.

Piracy is a rapidly growing societal problem affecting a multitude of people and industries. Although producers may suffer the greatest financial losses, there is a substantial impact on consumers. Pirated copies are generally inferior in quality and are sometimes defective. If anything goes wrong, pirated copies, being illegal, are unsupported. Additionally, producers' financial losses due to pirated copies may push the cost of legitimate copies up. Retailers and distributors also suffer due to the loss of sales to pirates. Illegal copies generally are sold more inexpensively than legitimate copies, so retailers and distributors cannot compete on price.

Creative talent, whether software developers, writers, musicians, artists, or performers, plus all the people who helped create the book, magazine, record, performance, painting, concert, or other media, are cheated out of their royalties by pirates. Frequently, because of the amount of time and effort needed to create the end product, the creators depend on the royalties for their livelihood. In addition, poor quality of stolen concepts can irreparably damage the reputation of the creative talent.

Publishers, record companies, art dealers, and other individuals and companies that invest artistic and technical skill along with money and effort to create an original work also lose revenues when that work is pirated. Because of the expenses already laid out to create the original product, companies frequently have to recoup their losses by raising prices for the consumer.

Due to the sophistication of systems and the increased use of the Internet, piracy has become more widespread and has an even greater financial impact worldwide. Many different types of antipiracy systems and techniques have been developed and implemented in an effort to cut down on the ever-increasing instances of piracy. One drawback to all of the systems is the lack of standards applied to software, audio, video, and other media. One of the most promising antipiracy systems is digital rights management. However, even DRM systems are not yet standardized, thus creating even more confusion regarding which is best and what to use.

The media industry is still working out which DRM solution it likes best, or whether it likes DRM at all. As this book was going to print, Apple's Steve Jobs was announcing that a large portion of EMI's song catalog will be available for DRM-free download from the iTunes Music Store, at a price per song just $0.30 higher than the standard $0.99. Previously downloaded songs, with DRM, will be upgradeable to a DRM-free version for the difference in the two prices.²⁶ This move echoes Jobs's recent comments encouraging the music industry to move away from DRM. Apple's actions notwithstanding, some consumers and privacy organizations continue fighting what they see as serious threats to individual privacy in nascent DRM efforts. The use of network proxies and hidden operating systems is adding to the difficulty of discovering inappropriate use of content, much less preventing or prosecuting it. As the balance between content producers and consumers works itself out, it seems likely that many more technologies will come and go, and DRM may be the harbinger of things to come or an unfortunate choice on the way to a bold, new business model for the media industry.

42.8 GLOSSARY.

Discussions of piracy and privacy often are riddled with a confusing array of terms and acronyms. Some of the most commonly used terms, organizations, and acronyms are listed in this glossary.

AAC—Advanced Audio Coding. A standardized, lossy compression and encoding scheme for digital audio. Most commonly used format for compressing audio CDs for Apple's iPod and iTunes.

ACATS. Advisory Committee on Advanced Television Service.

Anti-Bootleg Statute (Section 2319A). A U.S. federal statute that criminalizes the unauthorized manufacture, distribution, or trafficking in sound recordings and music videos of “live” musical performances.

ATSC. Advanced Television Systems Committee.

ATV. Advanced Television.

Bootleg recordings. The unauthorized recording of a musical broadcast on radio or television, or at a live concert or performance. These recordings are also known as underground recordings.

BSA—Business Software Alliance. A consortium of major software developers, including IBM, Microsoft, Novell, Apple, Dell, and Sun Microsystems, that is attempting to stem lost revenues from pirated computer software. BSA educates computer users on software copyrights and fights software piracy. Individual members, such as Microsoft and Adobe, have their own antipiracy programs in addition to belonging to the BSA.

CEA. Consumer Electronics Association.

CEMA. Consumer Electronics Manufacturers Association.

CSS—Content Scrambling System. A form of data encryption used to discourage reading media files directly from the disc, without a decryption key. Descrambling the video and audio requires a 5-byte, 40-bit key.

DeCSS—Descrambling Content Scrambling System. A utility developed by Norwegian programmers via reverse engineering and posted on the Web. This utility decrypts CSS and allows individuals to make illegal copies of DVD movies.

DFAST. Dynamic Feedback Arrangement Scrambling Technique.

DMAT. Digital Music Access Technology.

DMCA. The Digital Millennium Copyright Act signed into law October 28, 1998. Designed to implement World Intellectual Property Organization (WIPO) treaties (signed in Geneva in December 1996); the DMCA strengthens the protection of copyrighted materials in digital formats.

DivX. A brand name of products created by DivX, Inc. (formerly DivXNetworks, Inc.), including the DivX Codec. Known for its ability to compress lengthy video segments into small sizes, it has been the center of controversy because of its use in the replication and distribution of copyrighted DVDs. Many newer DVD players are able to play DivX movies.

DRM—Digital Rights Management. Refers to any of several technologies used by publishers or copyright owners to control access to, and usage of, digital data or hardware and to restrictions associated with a specific instance of a digital work or device.

DVD CCA—DVD Copy Control Association. A not-for-profit corporation that owns and licenses CSS. DVD CCA has filed numerous lawsuits against companies and individuals that make pirated copies of films.

EFF—Electronic Frontier Foundation. A nonprofit organization working in the public interest to protect fundamental civil liberties, including privacy where computers and the Internet are concerned. The organization frequently disagrees with the steps that other organizations and corporations want to take to protect copyrighted materials.

EPIC—Electronic Privacy Information Center. A public interest research group established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values.

FairPlay. A digital rights management (DRM) technology created by Apple Inc. (formerly known as Apple Computer), built in to the QuickTime multimedia technology, and used by the iPod, iTunes, and the iTunes Store. Every file bought from the iTunes Store with iTunes is encoded with FairPlay. It digitally encrypts AAC audio files and prevents users from playing these files on unauthorized computers.

FAST—Federation Against Software Theft. A group headquartered in Great Britain represents software manufacturers and works with law enforcement agencies in finding and stopping software pirates in Europe.

FCC. Federal Communications Commission.

grpff. A 7-line, 526-character program of Perl code developed by two students at the Massachusetts Institute of Technology. More compact than DeCSS, the program descrambles DVDs but does not contain a decryption key. The code is readily available on the MIT campus via hats, T-shirts, business cards, and bumper stickers.

Hard disk loading. PCs with unlicensed software preinstalled. Use of a single copy of a software program but installed illegally on many machines. The original disks and the documents that should come with the PC are often missing or incomplete.

HDTV—High-Definition Television. Digital television transmissions are mandated in the U.S. to be the standard.

HRRC—Home Recording Rights Coalition. A coalition representing consumers, retailers, and manufacturers of audio and audiovisual recording products and media. The HRRC dedicates itself to keeping products free of government-imposed charges or restraints on the products' distribution or operation.

IFPI—International Federation of the Phonographic Industry. An organization that promotes the interests of the international recording industry worldwide. Its mission is to fight music piracy; promote fair market access and good copyright laws; help develop the legal conditions and the technologies for the recording industry to prosper in the digital era; and promote the value of music.

IIPA—International Intellectual Property Alliance. A private-sector coalition formed in 1984. The organization represents the U.S. copyright–based industries in efforts to improve international protection of copyrighted materials.

MP3. A technology for downloading music files using the MPEG format via the Internet.

MPAA—Motion Picture Association of America. Composed of member companies that produce and distribute legitimate films and videos. This organization serves as the official voice and advocate of the American motion picture industry. MPAA also assists law enforcement in raids and seizure of pirated videocassettes and DVDs.

MPEG—Moving Pictures Experts Group. A generic means of compactly representing digital video and audio signals for consumer distribution. MPEG video syntax provides an efficient way to represent image sequences in the form of more compact coded data.

NMPA—National Music Publishers Association. A trade association that represents 700 U.S. businesses that own, protect, and administer copyrights in musical works.

NTSC. National Television System Committee.

PET—Privacy-Enhancing Technologies. The general term for a variety of new technologies and Internet protocols designed to enhance online privacy; includes anonymizing proxies, mixing networks, and onion routing.

Pirated recordings. Unauthorized duplicates of the sounds of one or more legitimate recordings.

RIAA—Recording Industry Association of America. The group has an antipiracy unit that handles initial examination of product on behalf of the recording industry. Pirates can be turned in by calling RIAA at 1-800-BAD-BEAT.

SAG—Screen Actors Guild. The union for screen actors. Members do not get residuals from pirated films, as they do from authorized copies.

SDMI—Secure Digital Music Initiative. A forum of 200 companies from the electronics, music, telecommunications, and information technology industries and the RIAA. The group was active from 1998 to 2001.

SIIA—Software & Information Industry Association. A trade organization of the software and information content industries representing over 800 high-tech companies that develop and market software and electronic content. The organization provides policies and procedures for dealing with software and Internet use within businesses. SIIA also provides guidelines for telling if software is pirated or counterfeited. The SIIA Anti-Piracy Hotline is 1-800-388-7478.

SPA—Software Publishers Association. This association, a division of SIIA, assists in enforcement in dealing with software piracy and also provides education about software piracy. SPAudit Software is one of the first software audit and inventory tools made available for use by companies (in the 1980s). Improved versions of the software are now available.

Trademark Counterfeiting—Title 18 U.S.C. Section 2320. A federal statute that deals with sound recordings that contain the counterfeit trademark of the legitimate manufacturer or artists.

Trafficking in Counterfeit Labels—Title 18 U.S.C., Section 2318. A federal statute that covers counterfeit labels printed for use on a sound recording.

U.S. Copyright Law (Title 17 U.S.C.). A federal law that protects copyright owners from the unauthorized reproduction or distribution of their work.

WGA—Writers Guild of America. The union for writers of television, video, and film scripts.

WMA—Windows Media Audio. A proprietary compressed audio file format developed by Microsoft Corporation.

42.9 FURTHER READING

Business Software Alliance-USA Homepage. Anti-Piracy Information, 2007, www.bsa.org/usa/.

Cohen, Julie E. “DRM and Privacy.” Berkeley Technology Law Journal, 2003, www.law.berkeley.edu/institutes/bclt/drm/papers/cohen-drmandprivacy-btlj2003.html.

Copyright Act of 1976 (Public Law 94-553); Title 17 U.S.C. Sections 101-120, www4.law.cornell.edu/uscode/html/uscode17/usc_sec_17_00000101—000-.html.

Electronic Freedom Foundation home page: www.eff.org.

Electronic Privacy Information Center (EPIC) home page: www.epic.org.

Gross, T. “The Music Industry, Adapting to a Digital Future: Terry Gross interviews Eliot Van Buskirk.” Fresh Air podcast, March 13, 2008, www.npr.org/templates/story/story.php?storyId=88145070.

Harte, L. Introduction to Digital Rights Management (DRM); Identifying, Tracking, Authorizing and Restricting Access to Digital Media. Fuquay Varina, NC: Althos, 2006.

May, C. Digital Rights Management: The Problem of Expanding Ownership Rights. Oxford, UK: Chandos Publishing, 2006.

Recording Industry Association of America: www.riaa.com/default.asp.

Schneier.com: www.schneier.com/index.html.

Zeng, W., H. Yu, and C-Y. Lin, eds. Multimedia Security Technologies for Digital Rights Management. New York: Academic Press, 2006.

42.10 NOTES