DRM-roll for consumer privacy protection

* Digital rights management could enable consumer control over privacy

The Norwich University MSIA program is blessed with gifted students who become gifted alumni. Robert Guess is an assistant professor of Information Systems Technology at Tidewater Community College and an information assurance / computer security consultant. He has earned more than a dozen industry certifications and graduated with a Master’s of Science in Information Assurance at Norwich University in June 2006.

He recently sent me this interesting article that he has kindly agreed to share with readers of this column. The punning title is mine; the remainder of today’s item is entirely Robert’s work (with minor edits).

* * *

Digital rights management (DRM) refers to the technologies and methods for controlling access to digital data and tracking their use. DRM supports mandatory access controls through cryptographic protocols and other protection measures. Producers of entertainment content, software and other forms of intellectual property use DRM technologies to limit the ability of both consumers and would-be thieves to copy and redistribute intellectual property.

The next phase in the evolution of this technology should be the utilization of DRM in Web, e-commerce and database applications to protect consumer data from unauthorized use or redistribution.

Intellectual property rights holders perennially lobby for governments to mandate and regulate the adoption of DRM. For example, at the request of a Hollywood interest group, the FCC has repeatedly proposed limiting the ability of consumers to record television content at home and the ability of companies to produce digital video recorders by imposing a mandate called the “Broadcast Flag.” Governments, vendors, and rights holders should approach this matter carefully as government mandates limit the ability of innovators to introduce new technologies as well as the ability of consumers to purchase goods on the free market. In addition to being anti-market, mandates may be technically unwise. Mandating a potentially broken content-protection system would not be in the interests of any party.

Much of the commentary on DRM technologies from consumer and privacy-rights advocates focuses on threats such as the disclosure of consumer data or the erosion of fair-use rights. Although the risks associated with DRM are real, it is possible that consumer privacy could also benefit from DRM technologies.

If DRM mandates appear to be inevitable, consumer and privacy rights advocates may want to calculate a shift in strategy. If it is reasonable to limit the ability of consumers to copy digital data by requiring manufacturers to embed DRM capabilities into new products, it may also be reasonable to implement DRM in Web, e-commerce and database applications so that the personal information of consumers can also receive protection.

At this time, most corporate privacy policies are all-or-nothing affairs that act to deprive consumers of any right to control personal information once remitted. To receive services one must typically agree to elaborate corporate policies that, in some cases, act to deprive consumers of any rights regarding privacy, product liability and merchantability of goods. Even when such contracts border on the unconscionable, consumers feel forced to agree to the terms in order to receive services. Consumers should have the right to delegate privileges regarding their personal information more finely than currently possible when engaging in such contracts.

Through DRM technologies, consumers engaging in electronic commerce could grant vendors and suppliers a license to access and utilize certain aspects of the consumers’ data. This would enable a consumer to grant a read/write license to some creditors, perhaps as a function of a mortgage agreement, and provide a read-only license to a limited subset of the data for simple transactions such as shipping agreements and online orders. Such a license would empower consumers to prevent entities from misusing or reselling consumer information.

There are both positive and negative consequences to any technological change. Because producers need to protect themselves from intellectual property theft, DRM technologies appear to be here to stay. Instead of fighting against all change in this matter, privacy rights advocates should take a seat at the negotiating table and attempt to ensure that vendors implement DRM technology in a manner that protects and serves consumer privacy rights.

* * *

You can reach Robert Guess by e-mail.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)