Internet Newsletter for Lawyers
July/August 2003, by Delia Venables

The legal conflict between the creator’s rights, the consumer’s rights and the community at large.

Digital Rights Management
by Laurence Kaye

The current debate about digital rights management (DRM) has all the best and worst features of modern politics. There is no shared understanding of DRM but everyone seems certain that it is either a very good, or a very bad, thing.

Although DRM is concerned with technical standards and technical protection measures, it is really part of a wider, web-driven re-thinking of how copyright could and should work in a networked world.    

Technical Standards

Standards make it possible for digital content to be created, distributed and “consumed” (i.e. viewed on screen, stored, printed etc.) using different technical devices and platforms. They specify how to describe content and rights by using defined grammars and vocabularies such as XML. By doing so, it becomes possible for content to move from machine to machine and, whatever the machine, it can understand what the content is and what permissions attach to the use of the content e.g. “read only”, “copy three times” or even “read, copy and freely distribute.”

There is nothing really controversial here. Everyone would agree that common standards are a “good thing.” Visionaries like Tim Berners-Lee, the inventor of HTML and widely recognised as the inventor of the Web, are talking increasingly about the “Semantic Web”, the next generation of the Web. This is about tools that convert all of the information on the net into machine readable form. These tools, such as a rights data dictionary, are based on standards. In terms of creating an overall framework for DRM, the most important body is probably MPEG-21, a subcommittee of the International Organisation for Standardisation (ISO),

Above all, standards are intended to be technology neutral. It is perfectly feasible for documents marked up in XML to move around the web in an unencrypted, unrestricted form.    

Technical Protection Measures

The DRM controversy surrounds its second component – technical protection measures used to enforce rights. An example is SealedMedia’s technology that “seals” (i.e. encrypts) content. Their system allows content owners to revoke or modify individual or group permissions to access sealed content after it has been distributed. In the music industry, Apple Computer uses technical protection measures to limit how customers can reuse music that is downloaded from the iTunes music store.

At one level, the ability of rights owners to use technology to control the access and use of their works in the digital environment is uncontroversial. The losses suffered by the audio-visual industries as a result of the online distribution of pirate copies of their materials are well documented. The law, as noted below, therefore provides remedies for rights owners to combat the unauthorised circumvention of technical protection measures and the removal or tampering with rights management information embedded in digital content.

However, at the heart of the controversy is the fact that the use of technical protection measures may prevent consumers from accessing and using copyright works for “fair use” or other lawful purposes.    

Peer to Peer – muddying the waters

The DRM debate is further confused by the ongoing legal controversy about copying of materials over “peer to peer” networks (P2P) such as Napster and Grokster. In the recent US District Court (California) decision in MGM v. Grokster, The Court held that Grokster was neither guilty of contributory or vicararious copyright infringement. Although users of Grokster’s P2P software had infringed the plaintiff’s works, Grokster itself was not liable for contributory infringement because, under that theory, they must have actual knowledge of infringement at a time when they can use that knowledge to stop the infringement. The Court found that they could not stop the infringement by consumers. The court also concluded that, unlike Napster, Grokster did not contribute toward infringement by providing support services, such as a files directory, to enable users to find and download the music they wanted.

Napster, Grokster and the other P2P cases are not about DRM per se but they are about re-defining the boundaries of copyright infringement on the Web. By raising questions about copyright’s “jurisdiction” on the Web, they inevitably raise questions in the public mind about the legitimacy of technical means of controlling the copying and distribution of copyright works over the Internet.    

DRM law

DRM law, if one can call it that, is not all that new. Under the World Intellectual Property Organisation (WIPO) Copyright Treaty of 1996, Article 11 requires contracting parties to provide “..adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors under this Treaty or the Berne Convention and that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by law.” So, by implication if the act is permitted by law, for example fair dealing or use within a library exemption, those legal remedies are not available. There is a corresponding provision (Article 12) that deals with rights management information.

Articles 11 and 12 of the WIPO Treaty are also reflected in Articles 6 and 7 of the EU Copyright Directive (still not implemented into UK Copyright law!) and in the US in Section 1201 of the Digital Millennium Copyright Act.

Article 6 of the EU Copyright Directive is broader than its US counterpart. This is because it creates a legal sanction against the circumvention of “effective technical measures”. These include measures which control the access or use of a work. In contrast, section 1201 of the DMCA applies to access only, leaving open the issue of whether the “post circumvention” use of the work is, or is not, lawful.

Whither the “lawful user”?

To answer the question it is probably helpful to distinguish between fair use exceptions such as research and private study and the vexed question of digital private copying of consumer works.

For the “fair user”, the copyright law position is more clear cut in the EU than in the US. Fair use under US copyright law is a broad concept. It includes such use for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research. The anti-circumvention provisions contain an express exemption for non profits libraries, archives and educational institutions who gain access to a work to decide whether or not to buy it.

US Copyright law, unlike many continental European countries, contains no exception for private copying of audio-visual works. Accordingly, a consumer only becomes a lawful user by acquiring the material with the copyright owner’s consent e.g. by buying a copy in digital or analog form. As a result, the consumer lobby in the US argues that the rights of the “fair user” (e.g. a researcher or student in a library), and the lawful user of audio-visual works, to gain access and use of technically protected material should be enshrined in law.

The Digital Choice & Freedom Act of 2002 was introduced by Congressman Zoe Lofgren. To paraphrase her words, the Bill re-affirms the application of the principles of fair use to analog and digital transmissions. It would allow lawful consumers to make backup copies and display digital works on the devices of their choice. It also provides that lawful consumers can sell or give away their copies of digital works, in the same way that they can with traditional hard media. It also permits lawful consumers to bypass technical measures that impede their rights and expectations.

In the EU, the onus remains with the rights holders, with back-up legal powers of compulsion. Article 6.4 of the EU Copyright Directive gives member states the power to take compulsory measures against rightsholders if they fail to take voluntary measures to “unlock” material protected by technical protection measures for the “fair user”.

In relation to consumer copying of audio-visual material, the position is essentially the same. However, it should be appreciated that not all member states (e.g. the UK) will enact an exception to allow consumer copying of these works. If the member state does not allow this private copying exception, it leaves the rights owner free to use technical protection measures to prevent unauthorised copying. Equally, the rights owner in these member states will not enjoy any form of compensation such as levies that applies in those member states that do permit consumer copying of audio-visual materials.

However, the lawful user in the EU is still in a position of uncertainty. If he or she has lawfully acquired a technically- protected work, what rights, if any, does he have to deal with it e.g. making back-ups or passing a copy to a friend?

In Norway, Jon Leech Johansen (alias “DVD Jon”) was recently cleared by the Oslo District Court on charges of unauthorised data access. This case pre-dates the implementation of the Copyright Directive but the Court’s approach is nonetheless important to note. The charges stemmed from his participation in decoding the Content Scrambling System (CSS) technical protection system. This system is licensed by DVD Copy Control Association Inc to protect DVD movies produced by Motion Picture Association against copying. Johansen admitted to using a decoding program on the movies The Matrix and The Fifth Element. But the court found that he had bought both movies legally in stores, and thus he could not be convicted for his own use of the program. The Court concluded that he had not committed a crime by developing and distributing the program.

DRM – a technical issue with a non-technical solution

Everyone in the content chain, from creators to distributors, publishers and users, has a vested interest in the development of the standards component of DRM. There is an irresistible demand across the entire spectrum for content to move seamlessly and interchangeably across networks and technical platforms.

But the debate about technical protection measures is not essentially about technology nor will their future role depend solely upon the legal measures that underpin them.

In a networked world, rights owners have to reinvent their content distribution and licensing models. The common denominator is finding the appropriate model that meets customer needs, is perceived as fair and enables rights owners to receive an appropriate return on their investment.

For some, DRM in the sense of technical protection measures play no role or only a minor role. Taking their cue from open source software, Creative Commons ( have made available on the web a set of licences intended to encourage a more open approach. Those using the licences can stipulate qualifying conditions, including that use is only permissible for non-commercial purposes.

For other publishers, contractual arrangements rather than technical protection arrangements will continue to be the basis of their business. Site licences between publishers and library consortia or academic institutions are examples.

On the other hand, it is clear that for the audio-visual industries, technical protection measures will still remain an indispensable part of their online distribution strategies. The challenge for them is to build sustainable and viable business models that fulfil customer expectations in terms of choice of product, price and scope of use.

The Digital Citizen

And lastly, what of the digital citizen? Let us not forget that the starting point of all of the P2P cases was that consumers were infringing copyright by distributing and copying works over the networks. Those cases turned on whether the P2P network was contributing to, or was vicariously liable for, those infringements.

Whilst it is all well and good to talk about the challenges that the content industries face, and the need to fulfil the consumers’ legitimate expectations, it is also true that the digital citizen has also to accept his or her responsibilities to use copyrighted material in a responsible way.

© Laurence Kaye 2003

Laurence Kaye,, runs a niche legal practice focused on electronic publishing, e-commerce, technology and intellectual property law. His clients range from SME companies to multi-nationals. In addition to his transaction-based work, he also advises a number of media industry bodies on digital media and e-commerce legal issues, including the European Publishers Council and the Digital Content Forum. He has recently worked on the E-Commerce and Copyright Directives.

Back to Contents.