One of the major advantages of the DMP/ MPEG approach compared to many other DRM specificatons is that it is possible to express Creative Commons licenses. An interesting question is whether the mobile phone industry’s DRM systems will support the use of content with CC licenses or not.

One could claim that as long as End-users pay for their services of delivering Content between mobile handsers the providers don’t mind whether the content is CC or not.

On the other hand, if the mobile service providers take over the role of content aggregators (e.g. broadcasters, providers of portal services like e.g. search, metadata,…) the exclusive right to broadcast and retransmit third party content matters. Intellectual property rights for broadcasters are subject of the current WIPO negotiations on a draft text for a new treaty on “broadcasting” (see James Love’s brilliant blog posting). If this new draft becomes law, a mobile service provider could legally enforce that P2P distribution of his Content is prohibited.

It seems that broadcasters arm themselves for protecting their traditional digital media business models (DMBM) in an environment of interoperable digital media. However, I predict that they will lose this battle against licensing models that allow retransmission of content. Ad personalisation is the business model of Youtube where a relatively weak content protection is combined with personalized Ads. This business model seems to be more efficient than protecting each content item with strong encryption, because P2P content distribution of content could save bandwidth.

Moreover, many rights holders provide valuable content under an Open Content (e.g. CC) license in order to promote other services (e.g. live events). The business model for this content is promotion. If the mobile industry excluded the CC licensing schemes completely they would shoot themselves in the foot.

The most active project for Creative Commons Tools is called ccHost. The project includes the PHP scripts that power ccMixter. A quick summary of what these tools do is provided by Jon Phillips: “ccHost enables you to ‘run your own flickr or youtube while having an infrastructure for legally sharing audio, video, text, and other media.“.

In their tech blog the Creative Commons developers state that “There’s a mess of formats to embed licenses into and a mess of ways to embed them“. However, my impression from browsing through the CC Developer mailing list is that many Creative Commons services are using Adobe’s XMP specification for embedding licenses. Adobe has recently released their XMP Toolkit under the BSD license – which is compatible with software development for proprietary (e.g. Microsoft Windows) as well as Open Source applications. On their website Adobe proudly states that a number of Industry standards groups, including Creative Commons are using XMP as their framework of choice for implementation.

XMP could be a major competitor for the Chillout implementation of the DMP specifications. The XMP specification contains a section on Rights Management (p.42):

xmpRights: Certificate URL External Online rights management certificate

My interpretation of the spec is that their governed content contains a URL pointing to an external certificate and this external certificate can be a license issued by the licensor.

xmpRights:UsageTerms Lang Alt External Text instructions on how a resource can be legally used.

They seem to express the human readable license as a text array, but they do not express the permissions and contstraints of a license in a machine readable way. Initially their technology will not allow for automatic license enforcement. Of course this technology is sufficient for CC and other Open Release scenarios.

On the other hand, at a later stage, when the Internet community will have adopted XMP, Adobe can always extend their XMP specification and include proprietary REL statements in their xmpRights text array (similar to protected PDF documents). And possibly Adobe owns essential patents for the XMP technology.

Apparently Adobe is following a strategy that is similar to PDF and SVG (Scalable Vector Graphics): once the XMP format will be used by many users, commercial application providers will have to license essential patents.

I am not really happy with what is happening here. Adobe released an Industry Standard under a BSD license and the Open Content community happily embraces it. They seem not to understand that a single company (Adobe) controls the development of the XMP standard they are using to express the copyright of Open Content in a machine readable way. Open Source developers promote a format that will make them dependent on the standardisation policy of a single company. This is counter productive – even if the implementation of this technology is available for free.

Bill Rosenblatt wrote an interesting piece about the question ‘What Does “DRM-Free” Mean?‘. When an iTunes file is copied Apple embeds the user ID in the copied song as header metadata in cleartext. If a user were to purchase a “DRM-free” on iTunes and publish it on a p2p network he could be identified and traced by the Rights-holders. This example proves that DRM and “DRM-free” are relative terms.

I suppose the average Apple user wouldn’t even know how to remove the ID from a copied song, even though it is cleartext. Is it considered “encryption” when Apple hides an ID in the metadata of a song? Moreover I am asking myself if Apple’s “DRM-free” copy protection could be considerd an “effective technical protection measure” in the sense of the DCMA. Probably courts will have to decide if Apple’s technology is “DRM-free” or not.

Bill Rosenblatt also made a discovery in connection with the new online music service lala.com:

The information we have gleaned thus far leads us to suspect that it’s similar to LWDRM — in other words, that the “DRM-free” epithet the company uses to tout its service may also be a bit of an overstatement.

The principle of LWDRM is simply: “who copies signs”. A quick search in the European patent database proves that Karlheinz Brandenburg and his team from Fraunhofer have made their homeworks (search the DPMA patent database for DE 102 20 925 B4).

I agree with Bill – what lala.com and to a certain degree also Apple are doing to protect the copyright of content they are calling “DRM-free” resembles LWDRM. At least in Germany they should prepare themselves to pay license fees to the inventors.

On the DMP mailing list we were discussing if Chillout, the Open Source reference implementation of the DMP’s interoperable DRM platform would be compatible with the GPLv3.

My interpretation is that GPLv3 software can be used to apply technical protection (e.g. encryption, access control, rights metadata) to content if this software is not deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures.

Let’s have a look at article 11:

Contracting Parties shall provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty or the Berne Convention and that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by law.

Who defines what is an effective technological measure? In my opinion the creator of the software that is used by authors in connection with the exercise of their rights may decide in a license if his technological measure is deemed effective or not.

Assume I am the creator of a DMP Tool and I want to use GPLv3 code. Then I will write in the license of my code:

A DMP/ Chillout implementer can use GPLv3 software, since her implementation (Tool) is not an effective technological measure. This DMP Tool will not be legally protected (art. 11) against people who want to hack it. If a Chillout implementer uses GPLv3 code, she and her customers accept the “Freedom to Tinker“.

In my opinion there is no security through obscurity. Anybody can review the source code of the DMP Tools or try to hack the DMP Devices. If they work at all they will be more robust than their proprietary counterparts.