[OT] RFC for DRM replacement

James Michael DuPont mdupont777 at yahoo.com
Thu Aug 14 19:46:36 UTC 2003 

Dear all, 
this is a bit off topic, but it applies to free software licensing
becuase it will need a license written to upload it.
Please review and comment.

The argument of the DRM proponents is that it is not possible to
protect their content without taking away the rights of the students.
That is why I have sought to design a solution for content distribution
based on free software and open standards that still protects the
content from illegal distribution.

I seek with this proposal to address these issues in the context of
free software without violating the rights of the students.

Lets say that we have some content that an author worked hard on, and
it should be distributed to people who decide that paying a reasonable
fee.

Now the one issue is that even if the users should have the right to
examine the source code of the software, we still need a way to prevent
them from extracting the content out of that software.

If you allow the user to modify the viewing software as to create an
human readable and machine processable of the content instead of
displaying it, then you are opening up the content for further
duplication. Now we are precluding screen shots and OCR software here.
Lets say that you want to deliver a rastrasterizedy of the content to
the user at an agreed upon resolution. Vector graphics would again
allow too much export control.

So we have an agreement between a content provider and a content
consumer for a delivery of a certain amount of content that meets a
certain level of quality to a viewer that limits the users rights in a
predefined manner.

Now, the viewer cannot store the content in a internal data format that
is readable by an debugger, because it would be too easy to snarf that
data out.

So, I think we can solve this problem very simply : You need to trust
that the user will only use an agreed upon version of the viewer
software. This software can be free software, and the full source code
may be made available, but the content provider does not agree to
provide the content to any but an specified and verified set of modules
to the user.

So I proposed the following architecture :

1. The users are to be validated by a chip-card system, each user must
have a way to authenticate their identity using a card issued by the
content provider or a certificate authority. Simple PGP PGP SSH
certificate can also be agreed here.

2. The users agree to have a free software client module installed that
is of a specified version. This software is able to make a network
connection to the content provider and send a digitally signed and
encrypted signature of itself to the content provider by a secure
channel. This creates a secure session that can only be understood by
the client module. The user agrees that he does not have the right to
intercept this content which uses open and free software that he can
inspect on his leisure. The session however is only good for one set of
package, because the user might swap out the software once the session
is set up. Hardware based checksumming might help speed up this
signature process. BSD has such a software signature built in as well.
The user agrees to allow the server to re-check/audit the validity of
the client software on its leisure on a predefined interval,that way
the server administrator and users can agree on a set of security
levels that are appropriate for the given application performance
requirements.

3. The user uses this session to request content that is sent securely
to him/her. The content is encrypted with an agreed upon encryption
standard that will prevent the user from viewing the content. Only the
client software session, given an authentication token from the
provider and from the client will be able to for one time be able to
decode the content. The software then deletes that content according to
the agreed procedure.

4. The user can then view the rastrasterizedge. That image could also
be water-marked and Id-ed. The agreement between the content provider
and the user may define various rules preventing the removal of the
various security water-marks. Of course the user can take that one
raster and distribute it illegally. There is nothing that any of the
DRM DRM do to prevent that.

You see, this is a consent based security system that requires no
freedoms are removed from the user. The content provider reserves the
right to refuse delivery of content to any other version of the
software, the client however has the freedom to modify this software
and submit it to content providers for certification.

I think such an consent based content management is much saner than
using non-free file formats and non-free software.

What do you think? 

=====
James Michael DuPont
http://introspector.sourceforge.net/

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
--
license-discuss archive is at http://crynwr.com/cgi-bin/ezmlm-cgi?3

More information about the License-discuss mailing list