February 04, 2004

DRM - False Privacy Savior

On the Moore's Lore blog Dana Blankenhorn makes the provocative claim that DRM will be useful as a privacy protection measure (Mobile DRM Argument Misses The Point). Dana points out a major issue the world of "always on" raises, that of privacy. When almost everything we do is generating wireless data, such as our blood sugar levels, refrigerator contents, and garden soil moisture levels, we will certainly want to protect much of that information from prying eyes. Dana's response is to promote the use of DRM as a privacy protection measure.

This is not such a good idea for a variety of reasons.

First, it would essentially propertize our privacy. There are a number of major concerns regarding propertizing privacy, especially the fact that it is unlikely to solve many of our problems. Without going into a major critique here, Pam Samuelson has written a good introduction to many of the issues involved: Privacy as Intellectual Property? [PDF].

Second, enabling DRM in everything is far more likely to be privacy corroding. Anonymity would be very difficult to assure when everything is digitally signed and encrypted.

Third, DRM is a technical solution, not a policy or social solution. Dana claims that,

Under DRM the holder of the content has the absolute right to control where it goes, and the conditions under which it is used. Right? Isn't that what you want, when the content is personal, even intimate, knowledge about you, your body, your possessions? Isn't that the very basis of privacy?

But this isn't true. My ability to control information about me has far more to do with my ability to negotiate with those who will have access to information about me then the technical protections I choose. For example, people can choose not to use a grocery store card that tracks their purchases, but that is going to have a significant impact on their wallets (which leaves no choice for many people). I can choose not to enable cookies on my browser (yeah, right). Each of these privacy-protection solutions is technologically impeccable and completely within my theoretical power, but their ability to protect practically non-existent. DRM will not change this.

There is also a strange dissonance in Dana's position. Dana says that, "Once you buy something, whether it's a can of peaches, a microwave, or a song by Nelly, it's yours." However, why wouldn't the same apply when the grocery store "buys" my grocery-shopping habits in return for everyday lower prices? Why wouldn't the grocery store "own" that data? After all, that data was generated with the grocery store, they are partially responsible for generating that data in the first place.

Privacy is an important issue in the "always on" world, and DRM may play some role in the solution with regard to particular problems and specific threat concerns. However, there is simply no reason to believe that DRM should be "baked into the World of Always-On" in order to protect privacy.

Posted by Ernest at 6:18 PM

I agree that Blankenhorn went off track when he wrote that once you buy something, it's yours. The whole point of DRM is to provide a degree of shared control over data.

However I think his idea does have merit, and it's actually very consistent with Samuelson's essay. DRM is not a matter of propertizing data; rather, it provides for a contractual framework for limiting how the data is used. DRM is fundamentally a matter of using technology to enforce a mutual agreement about manipulating data. It is, in the words of Nick Szabo, a "smart contract", i.e. a technologically enforced contract. If people were honest and always kept their word, we'd have the effects of DRM already, without the technology. But in the real world we need hardware and software for people to credibly commit to observing DRM restrictions.

This contractual view of DRM is well aligned with Samuelson's recommendation, which is to treat private information in contractual terms. "One of the virtues of a contractual approach to protecting information privacy is that it can accommodate the multiple interests people have in personal information.... Oddly enough, it may more easily be achieved in cyberspace than in meatspace..." because of technology. She is looking primarily at the web, but DRM can extend technological protection into other kinds of data manipulation.

This idea about DRM was advanced a couple of years ago in the first blush of controversy over Trusted Computing. Microsoft and some of the other TCPA companies had suggested that the technology could allow customers to be assured that companies were running software that would handle their data appropriately. It remains to be seen whether TC technology will be used in this way; but if customers really care about privacy, TC potentially offers a tool to help them keep track of how their personal information is used.

Posted by Cypherpunk on February 5, 2004 03:20 AM | Permalink to Comment

First, I did note that there might be specific uses for this technology in protecting privacy. However, it is no general solution.

Frankly, I'm not really worried about companies obeying the contracts that they sign with consumers. Usually, the contracts favor the company to a huge extent. Even where they don't, the threat of a major lawsuit by many customers will be a deterrent to breeching the contract. This is unlike the situation of the companies trying to constrain the behavior of thousands of customers.

Will DRM really make companies more likely to obey their privacy policies? Unlikely.

Posted by Ernest Miller on February 5, 2004 06:13 PM | Permalink to Comment

  Post a Comment
  Remember personal info?
  Email this entry to a friend
Email this entry to:   
Your email address:   
Message (optional):   

  Related Entries