[A2k] Paris TACD Meeting: Draft 'understanding' on RMI and TPMs

Nick Ashton-Hart nah.maillist@fastmail.net
Tue Jun 6 10:47:24 2006 

Philippe, many thanks for the kind words :)

As regards the below, I have some questions and points:

Most broadly, I have very deliberately referred almost entirely to
RMI and TPMs, and not DRMs for a very specific reason:

(What follows is not meant to be pedantic or condescending ... for
those who are well-versed in the law my apologies in advance.)

RMI and TPMs are what is actually protected in law; DRMs are market
implementations of the two combined - but it is worth stressing that
DRMs are not directly protected.

It seems to me that any call for limitations and rules for use of
these technologies should be in relation to what the law actually
protects. This can only help reduce the confusion which legislators
will otherwise face if they are presented with an orange by us, which
relates to apples in existing law. It would just raise questions in
the minds of policy makers which are a distraction from what we want
them to do.

For these reasons, I submit that it is important to define our
positions on RMI and TPMs separately. This doesn't mean that the
provisions we recommend would actually have materially different
effects - on the contrary, what I'm suggesting is simply
presentationally different than your list.

Further, RMI is ONLY information. Providing it is accurate,
information is not, by itself, harmful. In fact, in this instance, a
large part of the protected RMI in relation to a song, for example,
is highly useful and informative. Also, performers and composers
quite naturally are very keen to see that their works are associated
with them. RMI, in respect of much of the information that is
protected, has the effect of extending the moral right of attribution
to composers and performers in the digital environment.  RMI is
completely separate from the terms of trade related to use of music,
for example; an artist can quite happily give music away (and almost
every one of them does to one extent or another) - yet be very
adamant that they remain credited with the song in whatever
capacities they serve (composer, performer, both, etc). I would very
much hope that this is something that we can all agree on - that
those who make a recording should be able to insist that the
information which makes their involvement clear should accompany the
recording. Note that I said "should be able" - if they don't care,
then they can say so - but the choice should be the creator.

TPMs may rely on RMI to work - but again, these are legally
completely separate and I would submit to you that the real problem
with DRM is in relation to the TPM part of it, not the RMI.

Now on to my queries:

Point 1: What does "freely endorsed social contract" mean?
Point 2: Firstly using 'works' leaves out performances; I take it
that isn't what you mean to accomplish? Secondly, what are
'commercial media carriers' - CDs and DVDs I'm guessing?

In respect of other provisions: your points below actually leave out
a number of things which I suggested, which I presume are actually
important to civil society groups such as: fair use, and no TPM
protections on public domain works/performances.

Finally, I believe that the vast majority of the points you raise are
incorporated in my draft, though in different ways than what you have
suggested. I think this is very positive, as to me it suggests that
we are getting somewhere!

I will incorporate your points and also Michelle's and put something
new out :) Many thanks again for commenting :)

Nick

On 3 Jun 2006, at 14:39, Philippe Aigrain wrote:

> Further to exchanges betwene Nick and Michelle on this subject. My
> impression
> is that Nick's proposal intention is good, but that it takes a too
> specialised approach, not addressing some major concerns related to
> TPM, DRMs
> or compulsory RMI. Here is a proposal for a streamlined set of points,
> including one on this last aspect (impact on the freedom in the
> overall
> information infrastructure) :
> ----
> 1- Rights information should be the enabler of a freely endorsed
> social
> contract between creators and users, not a vessel to force TPMs and
> DRMs on
> them. Thus, there should be no compulsory implementation of rights
> information related checks, and no associated locks on usage.
>
> 2-  TPM systems must be submitted to the a priori check of the
> relevant
> information security and privacy or data protection authorities,
> and can not
> be applied to works without the informed consent of their creators.
> Commercial media carriers and services must provide adequate
> information to
> consumers about usage limitations introduced by TPMs and DRMs.
>
> 3- Legal usage rights, for instance those expressed as exceptions or
> limitations to copyright, should always be immediately effective in
> relation
> to TPMs : any TPM must implement such rights, and TPMs should not be
> protected against circumvention when such circumvention is needed to
> legal or contractually authorised usage.
>
> 4- The protection of interoperable access to works (accross
> devices, accross
> software platforms) must be such as to guarantee:
> - the ability of creators to make their works accessible to the
> widest public
> including under licenses that grant free access and/or usage
> rights, and
> without losing the benefit of redistribution of fees collected
> under legal
> licensing schemes
> - the freedom of software writers to disclose and license under the
> license of
> their choice the source code of software that achieves this
> interoperability.
> ----
> Re the comments of Nick on compatibility with existing legal
> treaties and
> laws: the only possible problem is with the first part of my point
> 3 (TPM must
> a priori ...) and EUCD. Leaving aside the fact that we should never
> stop at
> considering needed changes in treaties and laws, the actual
> transpositions
> for EUCD show that there is a wide margin of interpretation in
> implementation. Ireland has implemented this first part of point 3,
> and
> several other countries the second part.
> --
> Philippe Aigrain
>
> Le Vendredi 2 Juin 2006 18:29, nah.maillist@fastmail.net a =E9crit :
>> Firstly thanks very much for such a comprehensive reply and for
>> what it
>> is worth I think these are all good points.
>>
>> With respect to point 1, you understand corrrectly.
>>
>> I do understand that there are many groups which object to RMI, TPMs,
>> and DRMs completely. Basically the point underlying the first
>> draft is
>> that it isn't realistic for countries to un-ratify the Internet
>> Treaties
>> (and certainly many representatives of music constituencies would not
>> wish for that to happen), and therefore in those countries there
>> will be
>> protections of RMI and TPMs. The question is whether or not we can
>> agree
>> some common-sense regime to regulate the use of these technologies so
>> that the positive outweighs the negative.
>>
>> 1(a) Of course. The use or non-use of RMI and TPMs is entirely
>> separate
>> from any other issue. If services want to use them, they'd have to
>> 'follow the rules'. If they don't wish to, then they wouldn't. That
>> said, RMI is just information and since quite a lot of that
>> information
>> could - and indeed is - of interest (artist name, composer,
>> performers,
>> date recorded, etc) providing it is accurate having RMI attached to a
>> song isn't actually harmful, which leads us to point 1(b)
>>
>> 1(b) Of course we could put something in to cover the privacy
>> issue. It
>> may be useful to state that a model which relies upon actual usage to
>> determine the level of royalties which go to which artists does not
>> require information about the individuals who use a song. However,
>> I do
>> take the point that information on users would be held somewhere -
>> and
>> the disclosure of that information should be regulated. Could you
>> perhaps provide some language that covers this? I know that you're
>> far
>> more familiar with this area than I am unfortunately.
>>
>> 1(c) Completely understand what you mean. My language here is
>> frankly a
>> bit cumbersome anyway. As with 1(b), could I bother you for
>> replacement
>> language?
>>
>> 1(d) Personally I agree completely. The question is: would such a
>> requirement actually fulfil the legal obligations that WPPT/WCT
>> parties
>> have to one another? And, in the EU, would the requirement breach the
>> provisions of Directive 2001/29/EC? If the answer to  is yes,then we
>> cannot ask states to go this extra step. We'd have to come at this a
>> different way.
>>
>> 1(e) Sorry to do this to you again, but any chance for a sentence
>> that
>> would work for you?
>>
>>
>>
>>
>> ----- Original message -----
>> From: "Michelle Childs" <michelle.childs@cptech.org>
>> To: "Nick Ashton-Hart" <nah.maillist@fastmail.net>
>> Date: Tue, 30 May 2006 08:46:06 -0400 (EDT)
>> Subject: Re: [A2k] Paris TACD Meeting: Draft 'understanding' on
>> RMI and
>> TPMs
>>
>> Nick
>> Thanks for this helpful first draft. I have a couple of initial
>> comments:
>>
>> 1) This is intended to be a section in a wider document, but it may
>> nonetheless be helpful to put it in context.  A number of groups are
>> opposed to the use of TPMs or RMI's at all. This section, as I
>> understand
>> it is drafted on the basis that where they are used( and there are
>> many
>> on
>> the market now) , these principles should apply, rather than a
>> wholesale
>> endorsement of their use?
>>
>> 2) I think it would be helpful to add a few things to the
>> principles you
>> set out:
>>
>> a) A caveat that nothing in these principles would prevent the use of
>> alternative models. For example some providers are using flat fees.
>>
>> b)In relation to RMI's the issue may not be restricting access but it
>> does
>> raise quite profound privacy issues. There needs to at least be a
>> reference to data protection principles. For more on this see the
>> TACD
>> resolution on TPMS.( www.tacd.org)
>>
>> c) you refer to 'Be used to prevent access, or make access
>> unreasonably
>> difficult, for a use that is covered by an exception or limitation to
>> copyright in connection with the works and/or performances in
>> question
>> were they acquired in any non-digital form;' I am concerned that
>> using
>> as
>> a benchmark what is allowed for a non digital form may lock in
>> current
>> non
>> digital usage ( which are already inadequate for some digital uses)
>> rather
>>  than anticipate new uses- this can be dealt with by drafting. Either
>> remove ref to non- digital form or preferably expand to cover broader
>> consumer usage. See beuc digital rights  campaign for examples of
>> what
>> some EU cosnumer orgs have been calling for in this area. Or are you
>> intending this borader usage issue to be covered by the fair use
>> principle?
>>
>>
>> d) Remedies for breach. I  think the current draft misses one of the
>> most
>> important points  behind the  pre registration regulatory regime
>> idea,
>> which is that unless the TPM passes this clearance procedure they
>> DO NOT
>> BENEFIT FROM THE LEGAL PROTECION AGAINST CIRCUMVENTION. The draft
>> does
>> not
>> mention this but instead introduces a new idea that there should be a
>> trustmark to show that it does comply. Leaving aside whether such a
>> trustmark is necessary, such an omission  weakens the idea, which
>> is to
>> both provide a process for review and wide public debate but also an
>> incentive to comply with public interest and copyright exemptions.
>>
>>  Under the US and EU copyright laws DRMs automatically aquire legal
>> protection against circumvention.  The regulatory clearance idea
>> is that
>> instead of provding automatic legal protection to DRM regimes,
>> vendors
>> of
>> DRM regimes or publishers  are required to  first register their
>> systems,
>> in order to apply for protection.  Only registered systems would
>> benefit
>> from the anti cirumvention protections under copyright law.
>> Regsitration would not be automatic and would involve an
>> evaluation of
>> the
>> system and negotiations over features of the system to protect user
>> rights.
>>
>> For example, Adobe might apply for anti-circumvention protection
>> for a
>> particular version of its ebook publishing technologies. In doing
>> so, it
>> could be asked to explain how the DRM regime will respond to
>> legitimate
>> uses of the works under public (rather than private) standards for
>> access.
>> The legal protection would not then be forthcoming, until the
>> regulator
>> was satisfied that the DRM regime did not inappropriately restrict
>> access
>> to the work
>>
>> Its therefore important that the link between registration and
>> protection
>> is restored in the draft.
>>
>>
>>  e) While I support the call for a simplified and effective adr
>> system,
>> under the anti-circumvention provisions in EU and US law the
>> burden is
>> now on users to enforce their rights if a DRM scheme infringes them,
>> rather than on rights holders to respect exceptions and prove breach,
>> which is why its important to reverse some of the incentives as
>> above.I
>> also think that as a last resort, there should be the legal right to
>> circumvent such drm, to make use of exceptions and limitations .
>>
>>
>> I hope these comments are helpful.
>> Michelle
>>
>>> --
>>> [ Picked text/plain from multipart/alternative ]
>>> Good morning A2Kers everywhere!
>>>
>>> For those that do not know me, I'm helping the TACD Secretariat
>>> with the
>>
>> drafting of the Paris Accord for that meeting as it relates to
>> music. My
>> background is as a music manager, and also the former
>>
>>> Executive Director of the International Music Managers Forum (which
>>
>> represents the managers of popular featured artists worldwide);
>>
>>> during my time at the IMMF - and I'm glad to say that the current
>>
>> management of the IMMF have continued to work in this area - I was a
>> strong proponent of the audience - represented by consumer groups
>> - and
>> the artists - represented by themselves and by those who they have
>> charged with protecting their interests - working together for their
>> mutual interests.
>>
>>> I believe that consumers and creators are natural allies who
>>> should work
>>
>> together to see that the commercial exploitation of music serves
>> the two
>> ends of the "product chain" rather than serving those in the
>> middle who
>> are supposed to make the music of the world as accessible as they
>> can.
>>
>>> In January of this year, I was asked to speak to the Legal Affairs
>>
>> Committee of the EU Parliament in a debate on the forthcoming
>>
>>> directive on IP enforcement. The speech that I made was written by
>>
>> myself but substantial elements were contributed by the
>>
>>> representatives of audiovisual performers (FIA), independent record
>>
>> producers (IMPALA) and music managers (IMMF). Part of that speech
>> was a
>> rather pointed condemnation of the way in which DRMs are being
>> used by
>> intermediaries not for ends which actually work for anyone, but
>> for ends
>> which don't really work - and do harm the interests of many.
>>
>>> Out of that grew an interest by NGOs connected with the music
>>> world to
>>
>> seek a dialogue with consumer representatives on whether we can
>> jointly
>> agree an approach, politically, in relation to DRM technologies.
>>
>>> As a part of the drafting work I'm helping with for the TACD
>>> Conference, I have prepared the text below as a starting place
>>> for that
>>
>> discussion. The principles behind it come out of the speech I
>> mentioned,
>> but at this point it is time to see what others think of it.
>>
>>> It would clearly be a major thing if we could come out of the Paris
>>
>> meeting with some kind of common understanding of how to deal with
>> DRMs,
>> and the protection of RMI and TPMs which underpin them. I offer
>> the text
>> below to you in the hope that it may get us at least part of the way
>> "there".  If we can get something that we can agree on, we can of
>> course
>> attach this to the Paris Accord, though I would submit that the
>> issues
>> surrounding these technologies are so contentious and important
>> that it
>> merits a separate document of this kind as well.
>>
>>> This text is not sponsored by any NGOs, nor has it been reviewed or
>>
>> agreed by any of them;  It has been drafted by me, though I have
>> tried
>> to keep in mind the interests and views of both creators and
>> consumers
>> in drafting it. I'm sure that all will be very happy to tell me just
>> what they think!
>>
>>> I'm forwarding the text to CPTech and TACD so that it can be made
>>
>> available for download since the A2K list doesn't allow attachments.
>>
>>> -------------------------------------------
>>>
>>> Rights Management Information (RMI) and Technical Protection
>>> Measures
>>
>> (TPM) when applied to works and performances under copyright are
>> increasingly protected by law in countries throughout the world, to
>> comply with the provisions of the WIPO Internet Treaties of 1996.
>> These
>> technologies when used together are most commonly known as Digital
>> Rights Management (DRM) and have frequently been implemented in ways
>> both Consumers and Creators see as harmful to their interests.
>>
>>> Instead of being used to provide essential information about
>>> creative
>>
>> goods, and provide an interoperable infrastructure for the
>>
>>> development of new business models to make more flexible access to
>>
>> cultural goods possible, these technologies are used by
>>
>>> intermediaries to unreasonably restrict legitimate use by the public
>>
>> without the consent or involvement of the creators.
>>
>>> There is a clear failure of the marketplace to provide
>>> implementations of these technologies that are constructive,
>>> interoperable, reasonable, and equitable. Despite repeated calls
>>> for a
>>
>> rethink of the current uses of these technologies by the consumer
>> movement, creators themselves, and even independent phonogram
>>
>>> producers, the abuse of these technologies continues =96 indeed, in
>>> many
>>
>> countries, the abuses continue to become more serious.
>>
>>> Creators and Consumers agree on the following principles and believe
>>
>> that they should be given the force of law in any part of the world
>>
>> where RMI and TPMs are themselves the subject of legal protection:
>>> That the use of RMI to provide information about a work or
>>> performance, those who created it, and their rights in their
>>> creations, is useful, as long as:
>>> The information is accurate, and;
>>> The RMI is used to provide information, not as the basis for a
>>> TPM. That
>>
>> RMI be used constructively =96 such as providing the
>>
>>> =91informational backbone=92 facilitating the development of new
>>> business
>>
>> models that make creative goods available more flexibly, to more
>> of the
>> public, by helping the development of systems to equitably
>>
>>> remunerate creators and rights-holders based upon actual uses of
>>
>> cultural goods in the digital environment equitably and
>> transparently.
>> That the abusive use of TPMs be prevented by obligating vendors of
>> these
>>
>> technologies to assure that they cannot:
>>> Prohibit, or limit, access and/or use which is lawful with
>>> respect to
>>
>> the works and/or performances being protected,
>>
>>> Be used to prevent access, or make access unreasonably difficult,
>>> for a
>>
>> use that is covered by an exception or limitation to copyright in
>> connection with the works and/or performances in question were they
>> acquired in any non-digital form;
>>
>>> Prohibit, or limit, access and uses which would be possible when the
>>
>> same materials are acquired in physical form,
>>
>>> Prohibit, or limit, access and uses which would be viewed as
>>> =93fair use=94
>>
>> or =93fair dealing=94 by a reasonable person;
>>
>>> Be deployed without the active, informed consent of the creators and
>>
>> relevant rights-holders;
>>
>>> Fail to interoperate across devices like personal computers, mobile
>>
>> communications devices, and consumer electronics which might
>>
>>> reasonably be used by the public;
>>> Prevent access and use, or make access and use difficult, to
>>> anything
>>
>> that is in the public domain;
>>
>>> The extent and nature of any limitations these technologies may
>>> impose on the user should be clearly visible on any product or
>>> service so that the members of the public may make informed choices;
>>>
>>> We believe that an essential component of giving legal effect to the
>>
>> above is the following:
>>> A regulatory regime that requires the application for advance
>>> registration and testing of new TPMs by an independent agency to
>>> ensure
>>
>> that they comply with the rules governing their use as
>>
>>> outlined above. Successfully passing the tests should allow the
>>> vendor of the TPM to display a mark that makes clear that the TPM
>>> has
>>
>> been approved and certified, giving the public, and the creator
>>
>>> community, confidence that any restrictions imposed by the TPM
>>> are both
>>
>> within the law and reasonable;
>>
>>> In the instance that, despite the safeguards above, a TPM is used
>>> which
>>
>> breaches the above principles, an affordable, expeditious, and
>> transparent complaint mechanism is available for members of the
>>
>>> public and the creator community to use. The process should be
>>> capable of requiring that breaches of the above principles by
>>> vendors
>>
>> and/or those who make use of infringing TPMs must be remedied, and
>> where
>> relevant, egregious infringements allow for fines to be levied
>> which are
>> sufficient to form a deterrent to future infringements.
>>
>>> --
>>> Regards,
>>>
>>> Nick Ashton-Hart
>>> PO Box 32160
>>> London N4 2XY
>>> United Kingdom
>>> Tel: +44 (20) 8800-1011
>>> Fax: +44 (20) 7681-3135
>>> mobile: +44 (7774) 932798
>>> email: nashton@spamcop.net
>>> Win IM: ashtonhart@hotmail.com / AIM/iSight: nashtonhart@mac.com /
>>
>> Skype: nashtonhart
>>
>>> Online Bio:   https://www.linkedin.com/in/ashtonhart
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> A2k mailing list
>>> A2k@lists.essential.org
>>> http://lists.essential.org/mailman/listinfo/a2k
>>
>> --
>> Michelle Childs -Head of European Affairs
>> Consumer Project on Technology in London
>> 24, Highbury Crescent, London, N5 1RX,UK.
>> Tel:+44(0)207 226 6663 ex 252.
>> Mob:+44(0)790 386 4642. Fax: +44(0)207 354 0607
>> http://www.cptech.org
>>
>> Consumer Project on Technology in Washington, DC
>> 1621 Connecticut Ave, NW, Washington, DC 20009 USA .Tel.:
>> +1.202.332.2670,Fax: +1.202.332.2673
>>
>> Consumer Project on Technology in Geneva
>> 1 Route des  Morillons, CP 2100, 1211 Geneva 2, Switzerland
>> Tel: +41 22 791 6727
>>
>>
>>
>>
>>
>> _______________________________________________
>> A2k mailing list
>> A2k@lists.essential.org
>> http://lists.essential.org/mailman/listinfo/a2k
>> ---------------------------------------------------------------------
>> ------
>> ------------ Orange vous informe que cet  e-mail a ete controle par
>> l'anti-virus mail. Aucun virus connu a ce jour par nos services
>> n'a ete
>> detecte.
>
> --
> Philippe Aigrain
> (message personnel)