LawMeme: "The true awesome difficulty of the DRM problem first starts to become apparent during Brian LaMacchia’s tutorial presentation. We’re accustomed to thinking about “digital rights” as reasonably simple things: “I can play this song ten times, but not copy it.” But that’s just one loop of the Loch Ness Monster. After all, the record label would be perfectly happy to send you the song if you promise to play it only five times. Conversely, your player may be a handheld with no digital output, so you’ll accept content without needing to check its copying policy.

The cryptographic handshake is more than just comparing two policies to make sure they’re identical. And, of course, if the content owner has built in an escape hatch to allow key revocation for security lapses, I’d better have some kind of strong assurance that they won’t decide to hold my music collection for ransom five years down the line.

But it gets worse. If that song is copyrighted – which, after all, is the putative basis for this whole game – that copyright will expire at some point. That means you need to build an expiration date into the rights grant (just in case your handheld is still around in 2098). Once you’ve done that, well, the device needs to be secure against rolling its clock forward to 2099; if it gets a time from a central server, that server had better be secure and trusted both by content owners and consumers.

Unfortunately, I’m simplifying the problem, because copyright law changes with monotonous regularity. After all, in 2096, Congress may well pass the Aristotle Timberlake-Bono Copyright Term Extension Act and extend copyright another half century. Which means your original rights grant needs to refer to some “Congress” entity with the authority to change the terms of the rights in various ways. That means infrastructure for Congress to sign and distribute these changes; it also means all of this infrastructure needs to be coded for in every DRM system that ships. Oh, joy. Have I mentioned that no one has yet produced a key-distribution infrastructure that has caught on? " [Link through The Bottom Line]

9:25:49 PM