In their Research & Innovation Annual Review the BBC provided a good description of what is DRM and why DMP is useful

The Internet revolution encourages media businesses to find new ways to exchange content with their customers and between themselves. Digital Rights Management (DRM) is important in controlling and protecting these exchanges. However; some of the systems in use are proprietary, and as the number of connections multiplies, failure to develop interoperable solutions could be a major obstacle to the growth of the industry.

The requirements of DRM vary from limiting access, through ‘copy control’, to much more flexible permissions. In some cases DRM is used simply to protect the integrity of the content or authenticate authorship rather than limit distribution or collect remuneration.

BBC R&I has been working with partners in industry and academia to develop open DRM solutions.We have supported the broadcast technology providers through the DVB organisation as they specify the technologies for protecting content delivered over broadcast networks.

We also participate in the Digital Media Project (DMP) as it develops specifications and builds software prototypes from its ‘Primitive DRM Tools’. These smaller DRM related functions can be used to assemble a variety of value chains according to individual business needs.The DMP aims to provide the technological means and organisational framework to allow participation in the media industry both by large content distributors and individual media creators wishing to distribute content with varying degrees of security.The DMP specifications bring a more inclusive model for all players in the value chain, from authors, performers, adapters and producers through to content providers and home users.

In reply of my posting on Bitfrost Phil, an independent DMP contributor asked me whether DMP should get on board as part of a “One DMP Per Child program”.

Currently the OLPC developers are more concerned with the security of devices and applications than with copyright. If the copyright of the content on OLPCs were an issue it would make sense for them to have a look at the DMP specifications.

But why should DMP think about a “One DMP Per Child program”? For many children the OLPC will be their first digital communication tool. They have certainly more important issues than copyright.

On the other hand, some value-chain users (creators and producers) are hoping that one day these children will understand the concept of copyright and accept that several “kinds” of data exist on the net: free content and content encumbered with different restrictions. For those people it would be wise to support the development of an Open Source implementation of the DMP specs for the OLPC. However, it appears that most major rights holders still think that it is more profitable to invest their money into campaigns against filesharing.

Like the developers of Bitfrost I suggest that the end-users who “own” the OLPC can authorize the subset of “rights” to applications or external providers of services. The default set of “rights” providers of external services have on my machine should be empty.

In general the “authorized subset of the user’s rights” depends on the business model or on the models of communication that are legal within a jurisdiction. As long as digital communication can take place between peers (a person who is of equal standing with another in a group) we don’t need intermediaries. Initially all OLPC users will be peers.

OLPC users can create/exchange/consume content without taking notice of copyright. This is what I mean when I write that the OLPC’s approach “you need not sign anything to use your own machine” can create a safe environment for free software and open content.

Rights and value-chains are “artificial” layers on top of the communication between peers. Sooner or later governments or rights holders will require the OLPC users to accept a “hierarchy of rights”. There will be different strategies to intercept the communication between OLPC users. Advertisers will offer me “free” content in exchange for my use data. Some governments may want to install a backdoor on my system… However, if the Krstić’s security model works all strategies to intercept communication between OLPC peers will fail.

It’s up to the OLPC users to decide who (e.g. governments, rights holders) can access their machines and whether or not to install a software to negotiate their rights with service providers. The only chance for an “intermediary” is that she is trusted by the OLPC users. Currently I see no reason why anybody should access the personal data of our children.

For a better understanding of the OLPC approach towards security I read the Bitfrost platform specification. Some of Ivan Krstic’s ideas resemble the DMP’s approach to create a secure environment by setting up Certification and Registration Authorities.

Krstic writes:

The crux of the problem lies in the assumption that any program executing on a system on the user’s behalf should have the exact same abilities and permissions as any other program executing on behalf of the same user.

I agree with Krstic’s approach to enable by default a stringent security policy that is appropriate even for the youngest user, and to provide a simple graphical interface for interested users to disable any of these protections, allowing the user to tailor the security level to match her interest in hacking her machine.

However, for setting up such an infrastructure an environment will be be needed for developers (authors of code) to register new software and authorities to assess and certify the security of the code. It depends on what is considered an “authorized subset of the user’s rights” and who authorizes this subset.

On my MacBook all applications run in user space, but some applications (e.g. OSX software updates) can ask me for root privileges. So Apple’s security policy requires that I grant all rights to Apple in order to have a stable system. Of course I have to trust Apple that they don’t spy on my personal data during a system software update.

Krstic writes:

As an example, if a program is found attempting to violate a security setting, the user will not be prompted to permit the action; the action will simply be denied. If the user wishes to grant permission for such an action, she can do so through the graphical security center interface.

One difference to the security policy of my MacBook is that per default OLPC will never ask for a password. This is new. A computer which is not constantly opening message boxes asking “can I do this?”…”Do you want that?”… “Enter your password here”… is a real progress.

Children will learn that computers just work without asking stupid questions. They will really “own” their OLPCs. Programs attempting to violate security simply won’t run. Hopefully children will understand that it is not necessary to sign dubious “End User License Agreements (EULA)” for upgrading their devices.

Another advatage is the OLPC’s “system of rights“:

Every program, when first installed, requests certain bundles of rights, for instance “accessing the camera”, or “accessing the internet”. The system keeps track of these rights, and the program is later executed in an environment which makes only the requested resources available. This is implemented by a fully-fledged, container-based virtual machine.

By default, the system denies certain combinations of rights; for instance, a program would not be granted both the right to access the camera and to access the internet. Anybody can write and distribute programs that request allowable right combinations. Programs that require normally unapproved right combinations need a cryptographic signature by some authority. The laptop’s user can use the built-in security panel to grant additional rights to any application.

When a user first installs a piece of software she can see and understand which parts of the system it accesses. Applications are only allowed to execute the functions (e.g. access the network) that are authorized by the OLPC user. Hopefully children will learn that it is not necessary to install applications which require unusual rights settings.

My conclusion is that the OLPC’s you need not sign anything to use your own machine approach can create a safe environment for free software and open content.

DMP GA14 in Bellaterra. It seems that Chillout is about to enter the physical space. The DJ plays UK techno. The implementation has made good progress.

A definition of peer is “one that is of equal standing with another”. This article from Farook Hussain’s Internet Peering Archive contains an interesting piece of internet history describing the influence of money on the relationships between peering network service providers:

Financial considerations often play a role in routing policies. In the “old days” of federal subsidies this was not much of an issue, and there were always grants available for continuing support for the research and educational network. Now the ISPgrid net has raised issues as ISPs installed POPs in many regions and countries. ISPs can have their own customers, but they can also be customers of other ISPs as well. Who pays whom, and how much?

[...] Peering is often a political issue. The politics of peering more or less began in 1997, when a large ISP informed about 15 other ISPs that their current easy-going peering arrangements would be terminated. New agreements for transit traffic were now required, the ISP said, and the former peers were effectively transformed into customers. As the trend spread among the larger ISPs, direct connections were favored over public peering points such as the NAPs or CIX.

[...] Naturally, no ISP wants to be a customer of another ISP. All ISPs want to be peers, and peers of the biggest ISPs around. When it comes to peering, bigger is definitely better, so a series of mergers and acquisitions (although it is often claimed that there are really no mergers, only acquisitions) among the ISPs took place as each ISP sought to become a bigger peer than another. This consolidation has decreased the number of Tier 1 ISPs and reduced the number of potential peers considerably.

It seems that in the days of public funding the size of the peers did not matter, but as soon as Commercial Internet Exchange (CIX) was introduced the insight when it comes to peering, bigger is definitely better started to prevail. The example of the ISPs indicates that for-profit business relationships do reduce the number of people who can be of equal standing with each other.

Sam Rose writes about P2P Business models:

The OpenBusinessModel can be for-profit or not-for-profit.

It would be interesting to examine if and how the consolidation of ISPs after 1997 could have been prevented by peering policies applying his proposed OpenBusinessModel.

The UK Office for Communication (OFCOM) has published a consultation on “a new approach to public service content in the digital media age”. Some of the responses to the call are enlightening. One of my favourites is Mark Splinter’s piece “A horse designed by committee“. Mark, an independent designer, observes that

the internet is dominated by large corporations who own the very blogging and social networking services that are supposedly destroying them. The Suits don’t know how to create, but they try anyway… if a concept is being discussed by The Suits, it is probably already out of date…

and the effect establishing the proposed public service provider (PSP) will be:

To legitimise your ludicrous and counterproductive system of “backscratching and corruption” you are suggesting the creation of a ludicrous and counterproductive system of backscratching and corruption which will produce “interactive content” about backscratching and corruption. How darling.

Therefore Mark recommends:

My proposal is that you split the money into tiny amounts and spread your risk. Instead of employing a couple of large agencies to agree with you and produce bloated rubbish, give the money to a thousand internet punks. Find projects you don’t understand. Find things that make you say “that will never work!”. Find people who just need a couple of months and a web server to get going. Find things that cost very little money to start, but which the commercial sector are ignoring. Find things that are just downright WRONG. Because one or two of those wrongs are just waiting to become the buzzwords of tomorrow.

… Trust the punks, the mavericks, the lunatics, the fringe of the fringe. Use public money to help them fight against the bland requirements of corporations and venture capitalists. Be not afraid of 1000 failures. Be bold, or you are being superfluous and irrelevant, and perhaps ridiculous.

… you cannot recognise the next Big Thing, and you certainly cannot create it yourself. Only by limiting the dominance of lowest-common-denominator commercial thinking, and offering a leg-up to those creative people without the bureaucratic knowledge to progress, can you nurture true innovation.

But who exactly are these creative people without the buerocratic knowledge to progress? It’s the dilemma of a state or any other central authority in charge of spending money for the public benefit that they don’t know who they can trust. If they hire a group of “creative experts” to distribute the funds it is likely that these experts pipe the money in the pockets of their friends. And who are “a thousand internet punks”? The chance is big that many of them would use the money for upgrading the hardware instead of producing something valuable to the public. Meanwhile the large media corporations are taking over the internet replacing creativity by “lowest denominator commercial thinking”. “Lowest denominator commercial thinking” rules the world and the dilemma of authorities in charge of public services is a result of it.

My recommendation to break this vicious circle is:

• Mistrust central authorities (e.g. “creative experts”)
• Foster open standards and Open Source software projects which aim to decentralize digital communication environments
• Make sure that creators and producers can use a public service infrastructure to control the copyright of their Works and Productions in the digital space. Such an infrastructure could be based on Open Source software and open standards.
• Break the monopolies created by the players who collect the money from the consumers (e.g. operators of mobile networks, manufacturers of operating systems, content aggregators cooperating with advertisers) by promoting an open platform for the payment of digital media services (e.g. dmin.it).

Zwischen Bodensee und Alpenrand habe ich wieder einmal eine dieser “Lücken” entdeckt, durch die ich im physical space auftauchen kann, ohne den digital space verlassen zu müssen. Hoch über den Dächern von Dornbirn befindet sich das net.culture.lab. Zur Grundausstattung des Labors gehören eine voll ausgestattete Bar mit grosszügigen Fensterfronten für den Rundblick und den dazugehörigen Sonnendecks. Hacker, Nerds, Netzkünstler und andere kohlenstoffbasierte Lebensformen landen hier, um durch ultrabreitbandige “reality interfaces” miteinander zu kommunizieren, Projekte zu entwickeln, die den “digital space” mit dem “physical space” verbinden, oder einfach nur um zu chillen. 24/7.

Auch wer den Geheimcode der Vorarlberger nicht beherrscht, kann seinen Babelfisch stecken lassen – im net.culture.lab spricht jeder Englisch und Roland, der Kurator, spricht fliessend Morse.

Das Bild zeigt einen Netzkünstler beim Bombenbauen.