TO OBSERVE AND PROTECT? How Digital Rights Management Systems Threaten Privacy and What Policy Makers Should Do About It
By: Ian Kerr
PENULTIMATE DRAFT of a chapter forthcoming in Intellectual Property and Information Wealth: Copyright and Related Rights (vol.1), Edited by Peter Yu, Praeger Publishers, 2007.
A dominant strategy for protecting copyright in digital works employs “technological protection measures” [TPMs] and “digital rights management” [DRM] systems. In many jurisdictions, it also includes a new layer of legal protection that prohibits the circumvention of the technologies designed to protect copyright. While TPMs and DRM automatically enforce copyright by monitoring and restricting the use of digital material, their excessive use poses serious threats to personal privacy. This chapter examines the privacy implications of anti-circumvention laws. The author argues that many of the proposed or enacted anti-circumvention laws around the globe fail to adequately address key aspects of the privacy implications of DRM.
The author begins by distinguishing between technological protection measures (TPMs) and digital rights managements (DRM) systems, examining how such technologies are used to enforce corporate copyright policies and express copyright permissions imposed by a DRM through a registration process that requires purchasers to hand over personal information. Given DRM’s extraordinary surveillance capabilities, the author argues that anti-circumvention laws must contain express provisions and penalties to protect citizens from organizations using TPMs and DRMs to pirate personal information, engage in excessive monitoring, and preclude people from exercising their right to access and control personal information. In determining an appropriate balance, the author introduces three public policy considerations: (i) the anonymity Principle; (ii) individual access; and (iii) freedom from contract. The author concludes by providing three recommendations that would provide the sort of counter-measures necessary to offset the new powers and protections afforded to TPM and DRM.