On Tue, Apr 13, 2004 at 11:05:10PM +0300, Jani Nurminen wrote:
> But what content could the consumer-become-content-provider, the
> ordinary person, you or me (let's call this actor the "user"), produce?
> What could be interesting and rare for the corporation but found in
> abundance from the user? One answer is personal data. 
> Upon request by some corporation, the user decides to accept the
> request. The user creates a DRM-protected file containing the personal
> data the user wishes to reveal. When proper DRM technology is being used
> (the same technology used to protect e.g. movies), the user can be sure
> that the corporation is not able to 
>   * use the personal data after the license period (e.g. 2 hours) has
> expired
>   * share the personal data with third party companies without
> permission
>   * do other non-authorized nasty stuff with the personal data 

DRM only works because the supplier of the content has itself certified
the software used to process the content, or trusts the entity that
has certified the software.  Who would you trust to certify the software
that some corporation will use to process your personal data?

Another issue is that DRM works best to protect massive content.  For
example, whether you are HIV-positive is a single bit.  How would you
prevent me from capturing that bit from my screen with a camera?  If
the DRM prevents any association of your data with your identity, the
data will not be worth much to me.

Also, even assuming the DRM works, what prevents the user from presenting
false data?  The only data I can't lie about is what I generate as a
side-effect of something else, for example a click-stream.  But that's
already available reliably to the server(s) now, without DRM.

Barney Wolff         http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to