DRM of the mirror universe
Hello, I had this idea about reversing the roles of the actors in a typical DRM system, and thinking about where it might lead. I hope the idea will stimulate some discussion: is the idea dead on arrival? Does it have merit? Is it feasible? Is there something like this being built today? Here goes... The main idea is this: the ordinary consumer (you or me) becomes the content provider. The content provider (the corporation) becomes the consumer. Thus, we have now reversed the roles. But what content could the consumer-become-content-provider, the ordinary person, you or me (let's call this actor the user), produce? What could be interesting and rare for the corporation but found in abundance from the user? One answer is personal data. Upon request by some corporation, the user decides to accept the request. The user creates a DRM-protected file containing the personal data the user wishes to reveal. When proper DRM technology is being used (the same technology used to protect e.g. movies), the user can be sure that the corporation is not able to * use the personal data after the license period (e.g. 2 hours) has expired * share the personal data with third party companies without permission * do other non-authorized nasty stuff with the personal data Using the evil DRM technology a very good (good and evil is subjective!) purpose can be achieved: the preservation of the user's privacy. The user gets to decide who can receive and use the information in the first place. The user can disallow use by companies the user considers not to be trustworthy, or who he considers to be immoral, or annoying, or who have the most idiotic advertisements. This kind of application of DRM would probably guarantee privacy of the personal data of each individual person, while at the same time allow companies access to that data with the consent of the user. To me this seems like best of both worlds. The role-reversal idea could help in achieving balance between the concerns of the corporation and the concerns of the consumer, and benefit all parties involved. At the very least, the idea can offer possibilities for stimulating and interesting discussion. (Note: I wrote this originally as a blog article, and it's mostly copy + paste from there with minor editing.. and some attitude removed :-) ) -- GPG 0x6EE92B3E - http://www.lut.fi/~jnurmine/ signature.asc Description: This is a digitally signed message part
Re: DRM of the mirror universe
Jani Nurminen wrote: [...] But what content could the consumer-become-content-provider, the ordinary person, you or me (let's call this actor the user), produce? What could be interesting and rare for the corporation but found in abundance from the user? One answer is personal data. Upon request by some corporation, the user decides to accept the request. The user creates a DRM-protected file containing the personal data the user wishes to reveal. When proper DRM technology is being used (the same technology used to protect e.g. movies), the user can be sure that the corporation is not able to * use the personal data after the license period (e.g. 2 hours) has expired * share the personal data with third party companies without permission * do other non-authorized nasty stuff with the personal data Using the evil DRM technology a very good (good and evil is subjective!) purpose can be achieved: the preservation of the user's privacy. Welcome to ACME.com. In order to do business with ACME.com we require that your personal data be provided without restriction. If you don't like that, no problem. Feel free to do business with others. (Don't believe that? Gee, how many websites require javascript, java, activeX?) Paul - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: DRM of the mirror universe
On Tue, Apr 13, 2004 at 11:05:10PM +0300, Jani Nurminen wrote: But what content could the consumer-become-content-provider, the ordinary person, you or me (let's call this actor the user), produce? What could be interesting and rare for the corporation but found in abundance from the user? One answer is personal data. Upon request by some corporation, the user decides to accept the request. The user creates a DRM-protected file containing the personal data the user wishes to reveal. When proper DRM technology is being used (the same technology used to protect e.g. movies), the user can be sure that the corporation is not able to * use the personal data after the license period (e.g. 2 hours) has expired * share the personal data with third party companies without permission * do other non-authorized nasty stuff with the personal data DRM only works because the supplier of the content has itself certified the software used to process the content, or trusts the entity that has certified the software. Who would you trust to certify the software that some corporation will use to process your personal data? Another issue is that DRM works best to protect massive content. For example, whether you are HIV-positive is a single bit. How would you prevent me from capturing that bit from my screen with a camera? If the DRM prevents any association of your data with your identity, the data will not be worth much to me. Also, even assuming the DRM works, what prevents the user from presenting false data? The only data I can't lie about is what I generate as a side-effect of something else, for example a click-stream. But that's already available reliably to the server(s) now, without DRM. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: DRM of the mirror universe
Jani Nurminen wrote: I had this idea about reversing the roles of the actors in a typical DRM system, and thinking about where it might lead. [...] This kind of application of DRM would probably guarantee privacy of the personal data of each individual person, while at the same time allow companies access to that data with the consent of the user. This kind of idea has been discussed before. Personally, I'm not convinced we're likely to see this take off any time soon. There are some technological barriers, but a bigger one may well be incentives. I'd argue the true source of many privacy problems may be more from the imbalance in bargaining power between the consumer and the corporation (the corporation can often more or less dictate terms -- or, at least, there is not much room for personalized negotiation and bargaining). Fixing the power imbalance may well be a precondition to deploying technology-based privacy defenses (be it DRM, or anything else). - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
