Top Banner
Lift Asia, Sept 16-17, 2009 Lift Asia 09 Jeju, Korea Jean-Henry Morin University of Geneva – CUI Dept. of Information Systems [email protected] http://jean-henry.com/
17

Lift Asia09 Morin

May 26, 2015

Download

Technology

DRM : From Dydtopia to (serious) fun ? Talk given at Lift Asia 09 in Jeju, South Korea, Sept 16, 2009.
http://liftconference.com/lift-asia-09
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Lift Asia09 Morin

Lift Asia, Sept 16-17, 2009

Lift Asia 09 Jeju, Korea

Jean-Henry Morin University of Geneva – CUI

Dept. of Information Systems

[email protected] http://jean-henry.com/

Page 2: Lift Asia09 Morin

J.-H. Morin

New Media Warrants New Thinking

© Chappatte in "Le Temps" (Geneva), Jan 21, 2006

Page 3: Lift Asia09 Morin

J.-H. Morin

How did we get here… … a dystopian scenario ?

http://www.flickr.com/search/?q=DRM

Page 4: Lift Asia09 Morin

J.-H. Morin 4

Remix et ©

Mannie Garcia, 2006 Shepard Fairey

Universal Music VS dancing toddler

VS

Page 5: Lift Asia09 Morin

J.-H. Morin

Where did we go wrong?

•  Where did User Experience go ?

•  Where did Superdistribution go ?

•  Where are the innovative Business Models, the Real-time Marketers, etc. ?

•  Did DRM curb those that it meant ?

•  Wasn’t DRM supposed to be an enabler ?

Page 6: Lift Asia09 Morin

J.-H. Morin 6

Can we finally make DRM “FUN” (i.e., User Friendly ;-) ?

•  Assuming : •  DRM is likely to stay and be needed (managed content) •  Absolute security is neither achievable nor desirable

•  Given the right User Experience and Business Models most users smoothly comply (e.g., iTunes)

•  Most users aren’t criminals

•  We needed to take a step back to : •  Critically re-think DRM •  Reconsider the debate outside the either/or extremes of

total vs. no security •  Re-design DRM from ground up

Page 7: Lift Asia09 Morin

J.-H. Morin 7 7

Rethinking & Redesigning DRM

•  Acknowledge the Central role of the User and User Experience •  Reinstate Users in their roles & rights •  Presumption of innocence & the burden of proof

•  Fundamental guiding principle to Rethink and Redesign DRM : Feltens’ “Copyright Balance” principle (Felten, 2005)

“Since lawful use, including fair use, of copyrighted works is in the public interest, a user wishing to make lawful use of copyrighted

material should not be prevented from doing so by any DRM system.”

•  Claim and Proposition : •  Put the trust back into the hands of the users •  Reverse the distrust assumption •  Requires a major paradigm shift

Page 8: Lift Asia09 Morin

J.-H. Morin 8 8

Rethinking & Redesigning DRM (cont.)

•  Exception Management in DRM environments, mixing water with fire ? Not necessarily !

•  Reversing the distrust assumption puts the user “in charge”, facing his responsibilities

•  Allow users to make Exception Claims, granting them Short Lived Licenses based on some form of logging and monitoring

•  Use Credentials as tokens for logging to detect and monitor abuses

•  Credential are Revocable in order to deal with abuse and misuse situations

•  Mutually acknowledged need for managed content while allowing all actors a smooth usability experience

(Morin and Pawlak, 2007, 2008); (Morin 2008, 2009)

Page 9: Lift Asia09 Morin

J.-H. Morin 9

Exception Management in DRM Environments

•  What is an Exception ? •  A claim made by a user wishing to rightfully access /

use content •  Based on « real world » credential patterns

•  Delegation model based on chained authorities •  Credential authorities closer to the users •  Locally managed and held by users (credential store) •  Short lived or fixed life time •  Revocable •  Late binding (enforcement point)

•  Model is auditable for abuse and includes revocation capabilities •  Burden of proof on the party having a justifiable reason

to claim abuse (presumption of innocence) •  Monitoring in near real time of security policies

(Morin and Pawlak, 2007, 2008); (Morin 2008, 2009)

Page 10: Lift Asia09 Morin

J.-H. Morin 10

A “Serious” problem in Social Networks and Services

Socially-Responsible Management of Personal Information •  Personal Information

• Different from Personally Identifying Information (PII) •  Subject to legal frameworks in most countries

•  Increasingly shared on social networks •  Blurring boundaries between private and public life

Legitimate concern (i.e., rights) over our information in terms of lifetime, usage purposes, access, etc.

Page 11: Lift Asia09 Morin

J.-H. Morin 11

Problems and Issues

• Publish / share once, publish / share forever • Indexing and searching

• Who “owns” and manages YOUR information (SLAs) ? Raging debates. • Who’s information is it ? • Do you retain control ?

• Semantic searching capabilities

Page 12: Lift Asia09 Morin

J.-H. Morin 12

The Right to Forget

• Right to Forget : fundamental human right threatened by the digital nature of information (i.e., searchable)

• Traditional Media (i.e., non digital) “Memory” erodes over time • Labor and cost intensive

• Digital Media, requires explicit human intervention to “make forget” information (Rouvroy, 2007)

Page 13: Lift Asia09 Morin

J.-H. Morin 13

Anonymity and Privacy

• Anonymity and Privacy are fundamental to social networking • It’s not a “bug”, it’s a feature ! • It’s not schizophrenia !

• Multiple legitimate personas (e.g., work, family, communities, etc.)

• How do we deal with it in a socially-responsible and ethically sustainable way ?

• Cyber bullying (e.g., Akple in Korea)

Requires traceability and accountability of information (i.e., managed information)

Page 14: Lift Asia09 Morin

J.-H. Morin 14

Key Question

• Is Privacy and personal information threatened by current social networking services ?

• We contend there is a need for Managed Personal Information • Socially-responsible and sustainable

How can we retain an acceptable (by all) level of control over our personal information ?

Page 15: Lift Asia09 Morin

J.-H. Morin 15

Proposition

• Personal Information should be augmented with a layer accounting for its management

• Alongside other metadata increasingly used in addressing the semantic dimension of our electronic services

• We argue DRM combined with Exception Management may be a promising path towards : • Socially-Responsible management of personal

information in social networks and services

(Morin, 2009)

Page 16: Lift Asia09 Morin

J.-H. Morin 16

Conclusion

•  Can DRM “go green” before we all “go dark” ?

•  If so, we might be able to address some “Serious” societal issues while having “Fun” along the way !

Page 17: Lift Asia09 Morin

J.-H. Morin 17

Security is bypassed not attacked

Inspired by Adi Shamir, Turing Award lecture, 2002

Jean-Henry Morin University of Geneva – CUI

Dept. of Information Systems

[email protected] http://jean-henry.com/

귀하의 관심에 감사드립니다

Thank you