Category: DRM

Health Privacy Paradigm Shift: From Consent to Reciprocal Transparency

Computational innovation may improve health care by creating stores of data vastly superior to those used by traditional medical research. But before patients and providers “buy in,” they need to know that medical privacy will be respected. We’re a long way from assuring that, but new ideas about the proper distribution and control of data might help build confidence in the system.

William Pewen’s post “Breach Notice: The Struggle for Medical Records Security Continues” is an excellent rundown of recent controversies in the field of electronic medical records (EMR) and health information technology (HIT). As he notes,

Many in Washington have the view that the Health Insurance Portability and Accountability Act (HIPAA) functions as a protective regulatory mechanism in medicine, yet its implementation actually opened the door to compromising the principle of research consent, and in fact codified the use of personal medical data in a wide range of business practices under the guise of permitted “health care operations.” Many patients are not presented with a HIPAA notice but instead are asked to sign a combined notice and waiver that adds consents for a variety of business activities designed to benefit the provider, not the patient. In this climate, patients have been outraged to receive solicitations for purchases ranging from drugs to burial plots, while at the same time receiving care which is too often uncoordinated and unsafe. It is no wonder that many Americans take a circumspect view of health IT.

Privacy law’s consent paradigm means that, generally speaking, data dissemination is not deemed an invasion of privacy if it is consented to. The consent paradigm requires individuals to decide whether or not, at any given time, they wish to protect their privacy. Some of the brightest minds in cyberlaw have focused on innovation designed to enable such self-protection. For instance, interdisciplinary research groups have proposed “personal data vaults” to manage the emanations of sensor networks. Jonathan Zittrain’s article on “privication” proposed that the same technologies used by copyrightholders to monitor or stop dissemination of works could be adopted by patients concerned about the unauthorized spread of health information.
Read More


Future of the Internet Symposium: (Im)Perfect Enforcement

Prohibition wasn’t working. President Hoover assembled the Wickersham Commission to investigate why. The Commission concluded that despite an historic enforcement effort—including the police abuses that made the Wickersham Commission famous—the government could not stop everyone from drinking. Many people, especially in certain city neighborhoods, simply would not comply. The Commission did not recommend repeal at this time, but by 1931 it was just around the corner.

Five years later an American doctor working in a chemical plant made a startling discovery. Several workers began complaining that alcohol was making them sick, causing most to stop drinking it entirely—“involuntary abstainers,” as the doctor, E.E. Williams, later put it. It turns out they were in contact with a chemical called disulfiram used in the production of rubber. Disulfiram is well-tolerated and water-soluble. Today, it is marketed as the popular anti-alcoholism drug Antabuse.

Were disulfiram discovered just a few years earlier, would federal law enforcement have dumped it into key parts of the Chicago or Los Angeles water supply to stamp out drinking for good? Probably not. It simply would not have occurred to them. No one was regulating by architecture then. To dramatize this point: when New York City decided twenty years later to end a string of garbage can thefts by bolting the cans to the sidewalk, the decision made the front page of the New York Times. The headline read: “City Bolts Trash Baskets To Walks To End Long Wave Of Thefts.”

In an important but less discussed chapter in The Future of the Internet, Jonathan Zittrain explores our growing taste and capacity for “perfect enforcement.” Read More


Has the Future of the Internet happened?

I wrote the Future of the Internet — And How to Stop It, and its precursor law review article the Generative Internet, between 2004 and 2007. I wanted to capture a sense of just how bizarre the Internet — and the PC environment — were.  How much the values and assumptions of, metaphorically, dot-org and dot-edu, rather than just dot-com, were built into the protocols of the Internet and the architecture of the PC.  The amateur, hobbyist, backwater origins of the Internet and the PC were crucial to their success against more traditional counterparts, but also set the stage for a new host of problems as they became more popular.

The designers and makers of the Internet and PC platforms did not expect to come up with the applications for each — they figured unknown others would do that.  So, unlike CompuServe, AOL, or Prodigy, the Internet didn’t have a main menu.  And once for-profit ISPs started rolling the Internet out to anyone willing to subscribe, there came to be a critical mass of eyeballs ready to experience varieties of content and services — the providers of which didn’t have to negotiate a business deal with some Internet Overseer the way they did for CompuServe et al.  Some content and services could be paid for, at least as soon as credit cards could function cheaply online, and other could be free — either because of a separate business model like advertising, or because the provider didn’t feel inclined to monetize visiting eyeballs.  Tim Berners-Lee could invent the World Wide Web and have it run as just another application, seeking neither a patent on its workings nor an architecture for it that placed him in a position of control.  Today, of course, the Web is so ubiquitous that people often confuse it with the Internet itself.

When bad apples emerge on an unmediated platform — and they do as soon as there are enough people using it to make it worth it to subvert it — it can be difficult to deal with them.  If someone spams you on Facebook, the first step is to make it a customer service issue — complain to Facebook, and they can discipline the account.  If someone spams you on email, it’s much trickier, because there’s no Email Manager — just lots of email servers, some big, some little, and many of them with accounts hacked by others.  That’s one reason why a newer generation of Internet users prefers Facebook or Twitter messaging to old fashioned email.  Same for the PC itself: with no PC Manager, there’s no easy way to get help or exact justice when exposed to malware.  I worried that malware in particular, and cybersecurity in general, would be a fulcrum point in pushing “regular” people away from the happenstance of generative platforms designed by nerds who figured they could worry about security later.  Hence a migration to less generative platforms managed like services rather than products.

I understand and sympathize with that migration.  But it’s important to recognize its downsides — particularly if one is among the libertarian set, which has been comprised some of the most vocal critics of the Future of the Internet.  Whether software developer or user, volunteering control over one’s digital environment to a Manager means that the manager can change one’s experience at any time — or worse, be compelled to by outside pressures.  I write about this prospect at length here.  The famously ungovernable Internet suddenly becomes much more governable, an outcome most libertarian types would be concerned about.  Many Internet freedom proponents aren’t willing to argue for or trust those freedoms to a “mere” political process; they prefer to see them de facto guaranteed by a computing environment largely immune to regulation. Read More

More on Verizon/Google

Having written a long post on the topic, I just wanted to recommend a few pithier takes on the issue:

Bill McGeveran, “the Google defection:”

Google’s defection from the supporters of an open internet changes the political dynamics for the worse, opens the door to creation of a second-class internet for non-corporate content, and tries to disable the FCC’s ability to do anything about it.

Marvin Ammori, “makes BP look good:”

Last week I wrote up a guide of the FCC negotiations on net neutrality, setting out all the loopholes, and noting that the carriers needed only one loophole to kill an open Internet. Verizon and Google announced their pact two days ago. Rather than including one loophole, they went down the checklist and included just about every loophole they could.

Read More


To Rent or Own? SpiralFrog Closes; Customers Lose Access to Music

CNET reports that SpiralFrog, a company that was, yes was, in the online music game is closing its doors. If one was a customer, music covered by SprialFrog’s DRM software will be unusable 60 days from the closing date which seems to have been on March 20, 2009. This problem looks a little like Zittrain’s concern about tethered devices and perfect enforcement. For me Spiral Frog’s shut down and resulting denial of access is part of the problem with cloud computing and what I call technological mediation in my paper Property, Persona, and Preservation. As more and more material is mediated or put at a distance, the more one must navigate second and third party software, hardware, and contracts just to access and use information and material that one ought to be able to reach directly.

SpiralFrog highlights the problems of the DMCA and DRM approaches to protecting information. The access to knowledge movement and commentary on the DMCA specifically examine these questions. I suggest that online storage poses additional issues. Material that was once on one’s computer is now stored elsewhere. So even if one had the key for the software, one cannot get to it. In SpiralFrog’s case, the material seems to be on one’s computer but inaccessible unless some new company buys SpiralFrog’s assets and unlocks the RM once more.

In addition, as this article points out, the company’s demise does not necessarily show that ad-supported music is a dead business model. Spiral Frog had management, funding, and deal problems. Now, it may also be that it was pursuing DRM solutions when others were moving away from that model for music. Nonetheless, as the FTC notes DRM “is expected to become increasingly prevalent in the U.S. marketplace in the coming years” and it must address “the need to improve disclosures to consumers about DRM limitations.”

Ah understatement, the lifeblood of press releases.


Late Recap of the Southwestern Conference About Copyright Reform, Panel 1

A few weeks back, I wrote a post about my views on a big issue in copyright reform and my paper, Copyright’s Hidden Assumption: A Critical Analysis of the Foundations of Descendible Copyright, which addresses what I think will yet again be a major theme in copyright reform: term extension justified as way to provide for heirs. My paper argues that the idea lacks both a historical and theoretical grounding.

As I noted in that post, copyright refrom is on many folks’ minds. Southwestern Law School put on a full day conference, Reforming Copyright: Process, Policy and Politics, on the topic.

Here is a recap of the first panel. I do not have Rebecca Tushnet’s skill at live blogging (waiting a few weeks to post this material is evidence of that). The following is what I heard people to say.

The first panel at the Southwestern conference on Copyright Reform framed their topic as: What’s Wrong? The Need to Reform the 1976 Copyright Act: “This panel will consider whether the 1976 Act needs to be reformed and, if so, what form the revision should take. In particular, it will focus on whether reform should take place via gradual increments, as it currently has, or whether it would be superior to scrap the current version of the Copyright Act altogether and begin from a blank slate.”

David Nimmer began the session. He surveyed the history of reform and offered some interesting points. For one thing, the Copyright Office used to studies authorized by Congress to understand how to update the copyright. Nimmer argued that film studios, authors, publishers, music publishers, record labels all influenced the draft bill but broadcasters, juke box owners, and cable television had other interests that stopped a full revision from being passed. Today Consumer electronics, tech companies telcos, amateur authors, bloggers, EFF, ACLU, other NGOs, broadcasters, ISPs, privacy, consumers pull away from the film, professional authors, record labels, music publishers, who move towards a new copyright act.

I understood Nimmer to say that some forces converged on a central point that could agree on reform but there is a “high ratio of centrifugal forces pulling away” from that center. He further suggested that small reforms, what I might call tinkering, allow for a small, defined group of players willing to compromise and in those cases, Congress tends to act and reform/amend the Act. But when diverse, divergent interests are in play, (Markets and social norms at odds), Congress is less likely to act.

He offered that Congress may still be the conduit to achieve informed and balanced copyright legislation, favored new national commissions to evaluate how to proceed, and wondered whether one central person (e.g., the IP Tsar under the Pro IP act) would be able to handle the task of reform.

Read More


Doctorow’s Discontent with Content

content cover-small.jpgReaders of this blog know that I am a fan of Cory Doctorow’s work. In addition to his fiction, Cory writes nonfiction. His main topics are technology, creativity, copyright, and the future of the future. I know this because I read his work and his latest book, ©ontent, gathers his thoughts on these topics and says so right on the cover. Ah it is so easy. Maybe too easy. Deceptively easy. And that is also Cory’s gift.

©ontent sings. From the opening where Cory tells Microsoft’s Research Group why DRM is foolish to his thoughts on protecting artists to his views on the information economy to his idea that giving away his work is the best thing he can do, Cory offers detailed yet accessible arguments about the way technology, creativity, copyright will affect the future of the future. The essays span several years of writing. Cory makes bold claims about DRM and the market. He presents a rallying call for the United States to keep pace with the changes in information economy lest the rest of the world surpass us. Reading the essays provides insight about his ideas and how they evolved. Remember Cory writes for Boing, Boing, writes science fiction, lectures, and more. His livelihood is at stake here.

Now I can’t say I agree with everything Cory says, but I think what he says merits consideration. Sure, he is in a rarefied world. Maybe he can give away work and still make money. Maybe he is just an evangelist and should be distrusted on those grounds. Then again, read the book. Cory identifies real changes in how our creative system operates and the way in which adherence to the old one could harm us. The last essays grapple with the problems of security and control. They present the possibilities that await us. And that is the point. Cory is speaking of possibility. As he says “We choose the future we want to live in.” ©ontent helps us understand what that future could be and how to have a say in it.


Public Service — Cool Job Opening at Creative Commons

ccl-title-d.JPG Looking to work at a place with smart people who encourage you to use your legal skills to support and really grow a long-term project? Well, if you love education and have a law degree, your time may be now. Creative Commons, one of the coolest non-profits out there, has project called ccLearn. ccLearn has a mission:

ccLearn is a division of Creative Commons which is dedicated to realizing the full potential of the Internet to support open learning and open educational resources (OER). Our mission is to minimize barriers to sharing and reuse of educational materials — legal barriers, technical barriers, and social barriers.

They are looking for someone to be ccLearn Counsel and Assistant Director.

NOW there have been several posts about how to think about a law job. So before you flood the contact below, I urge you to read the job description, write a targeted letter, and polish that resume to show how you fit. As with many of these jobs, the candidate may not have all the desired experience. But often you can show that you excel in a couple core areas and have aptitude in others with some chance of getting the job. Also make sure you know as much as you cna about CC–its history, mission, and how you think ccLearn fits CC in general. Someone who says this job looks cool but has no idea about the work and overall nature of the place will not be likely to get the job.

Here is how to apply:

“If interested, please submit:

Cover Letter explaining your relevant interest in ccLearn and in the position.


Three References; please include email and phone number.

Applications and questions can be sent to:

Jennifer Yip

Operations Manager

jennifer [at]

fax: 415.278.9419”

NOTE; I am not the contact in any way, shape, or form. This post is truly a public service announcement.

Hat tip: Mike Carroll (If you like law, technology, music, and copyright, read Mike’s blog. It is excellent, and Mike has always been someone worth listening to and engaging with.)


E-Books and Their Potential Impact on Book Law

sonyreader.jpgThe New York Times reports that Amazon’s Kindle may be the sign of a tipping point for e-books. My previous posts about Kindle have expressed some praise but a fair amount of skepticism too. The device allows for too much control. Zittrain explores this issue as one of perfect enforcement. As my other post noted, the ability to manipulate text at any time poses wild possibilities about what text is and who should control or manipulate it. The Times’ piece points to a perhaps simpler problem: what will happen to the book industry?

E-book device sales are growing at wild rates (doubling and so on) but that is expected in a young industry and distorts the current raw numbers of for example $1 million in e-books compared to $1 billion (see what a difference one letter makes?) for Simon & Schuster. The most interesting thing is that with the advent of Sony eReader and Kindle the upswing in e-books being used may signal a shift in reading habits in general. A few professors I know use only electronic versions of articles, and Sony offers 100 classics preloaded onto its device (A so-called “$199 value” for many public domain titles). Maybe more folks will stop using print. Devices such as iRex’s iLiad (which I saw someone using at Law & Society) seem great: it is a reader with a big screen, AND one can take notes which can be transferred back to one’s computer, AND it has access to Web content. I would love to play with one of these and look forward to finding a store model (It is $600 to $700 so I will not be buying one just yet). So e-book devices have grown and there are threats to publishers because of this shift. But before turning to that question (which will be a separate post), the implications for book sellers is important too.

Read More


DRMbarassment for Us Law Professors?

In my first post about DeCSS, I gave the conventional law professor’s description of how it works, and then pointed out an obvious-in-hindsight problem with that description. In my second post, I delved (a little) deeper into the specifics of how DVDs work and showed how the explanatory hole can be plugged with some facts not normally in evidence. Along the way, we saw that the effectiveness of DVD anti-copying protections depends just as much on patent-enforced standards as it does on copyright and the DMCA.

Here are the results of some searches I ran on Lexis’s “US Law Reviews and Journals” database:

  • DVD and “title key”: 2 results, neither relevant
  • DVD and “disc key”: 0 results
  • DVD and “disk key”: 1 result, a student note (Peter Moore, Notes & Comments: Steal This Disk: Copy Protection, Consumers’ Rights, and the Digital Millennium Copyright Act, 97 Nw. U.L. Rev. 1437 (2003)), containing the following text in a footnote: “One might wonder why a DVD burner capable of copying the disk key table could not be produced. It is likely that the owners of patents on DVDs are very careful to ensure, with licenses, that such devices are not made.”
  • DVD and CSS and pressing: 34 results, only one of which distinguishes “pressing” from “burning.” That one, also by a student (Nika Aldrich, An Exploration of Rights Management Technologies Used in the Music Industry, 2007 B.C. Intell. Prop. & Tech. F. 624), points out, again in a footnote: “‘Burning’ compact discs actually requires a different technology than ‘pressing’ (replicating) discs, which is used in commercial manufacturing plants. ‘Burning’ involves putting the pits and lands on the disc by burning holes in a layer of substrate with a laser. In a ‘pressed’ disc the pits and lands are molded into the disc.’”
  • DVD and CSS and (press! w/p burn!): 18 results, the only one of which using the words in this sense is the same article from the previous search.
  • DVD and CSS and lead-in: 20 results, only one of which uses is talking about the location of CSS disc keys. That article—yet another student piece (Eric W. Young, Note: Universal City Studios Inc. v. Remeirdes: Promoting the Progress of Science and the Useful Arts by Demoting the Progress of Science and the Useful Arts?, 28 N. Ky. L. Rev. 847 (2001))—proceeds to assert: “These types of pirates do bitwise copies, which means that their pirate copies are precise duplicates of the originals, including the CSS encryption. The DVD player will notice no difference between such a copy and the original version. CSS cannot stop this kind of piracy.”
  • DVD and leadin: 0 results

But compare:

  • DVD and DMCA: 731 results
  • DeCSS: 390 results

This disproportion is not healthy. We’ve collectively spilled a lot of ink over DeCSS. One might think it worthwhile to make sure that CSS actually matters, first. It does, but that fact is not at all obvious from the conventional stories. Even the exercise I’ve gone through here is itself a fairly half-assed effort. Bruce caught an important fact I didn’t get quite right. Just in doing the research for this series of posts I’ve learned all sorts of things that seem awfully relevant to any careful analysis of the role of law in controlling the distribution of media on shiny discs, and I’ve barely even scratched the surface, so to speak.

We law professors who regularly opine on high technology are often dangerously blasé about the details of the technology we’re opining on. We get caught up in the minutiae of 1201(a)(1) versus 1201(a)(2) versus 1201(b), and we don’t pay anywhere near as much attention to the surrounding web of other kinds of IP, business arrangements, and especially technical specifications as we ought to. Consider these posts another plea for better interdisciplinarity. Our students are doing a better job of it than we are.