8.1 Intellectual Property

Ownership confers the right to control the dissemination and use of information and software, or the ideas incorporated therein, and is an essential underpinning of the commercial relationships described in chapter 6. Information and software present some special challenges, because they are nonrival in use and easily replicated and distributed at low cost. Thus, ownership in this context assumes a different form from ownership of material goods. Distributing information or software for use intrinsically provides the buyer with a replica that can be further copied or replicated and passed on to third parties, although digital rights management technologies can interfere with this. Government laws on intellectual property protection and their enforcement play an essential role in preserving ownership rights in software (Dam 1995), and therefore in preserving incentives for investments in software research and development (R&D). The four forms of intellectual property protection—trade secret, patent, copyright, and trademark—are complementary.

8.1.1 Trade Secrets and Patents

The trade secret laws protect proprietary information. If the holder of a trade secret can prove that proprietary information (the trade secret) was obtained by others through an act of malfeasance, it can obtain a court injunction against the use of the trade secret and possibly compensatory and punitive monetary damages. The trade secret does not prevent others from exploiting the same information or ideas developed independently. In the software industry, it is especially common for workers to switch employers, and trade secret laws are a primary protection for firms in preventing proprietary knowledge gained in one firm from being exploited in another.

A patent grants the limited-term (roughly two decades) exclusive right to make, use, or sell products incorporating an invention, a practically useful idea that is both novel and nonobvious. Unlike the holder of a trade secret, the patent owner can preclude others from using an invention even if others later discover the invention independently.

Software is implicitly divulged as it is used—or at least its possibilities are revealed—and it is nonrival in use, making it a poor investment without property rights that preclude others from simply appropriating and exploiting ideas or techniques embodied in the software code. Patents encourage investment in R&D by promising a period of exclusivity but also divulge inventions (rather than keeping them secret), allowing others to improve upon them whether they are used or not.

The theoretical interchangeability of hardware and software was the original basis of software patents. Prior to the 1980s, software inventions were not patentable because they were deemed to be expressions of a mathematical algorithm and scientific principles, and mathematical formulas were specifically not eligible for patenting. This restriction broke down because if it is reasonable to allow hardware inventions to be patented, then it should be equally reasonable to allow patents for functionally equivalent inventions embodied in software. Patents have also recently been permitted on business processes, which underlie some software applications, particularly enterprise and e-commerce applications.

Example In the first major business process patent case, the courts upheld the right of Signature Financial Group to exclude other firms from using a patent on "hub and spoke" structure for mutual funds. Later, Amazon successfully kept Barnes and Noble Booksellers from adopting its "one-click" checkout scheme. Priceline.com patented its reverse-auction business model in which customers bid a price they are willing to pay and sellers take it or leave it. The latter two patents dealt directly with software systems, and can be considered a hybrid between a software and business process patent.

Software and business process patents are controversial. Some argue that the software industry changes much faster than the patent system can accommodate (both the time to issue a patent and the lifetime of the patent). The main difficulty is that the state of the art has not been captured through the five decades of the software industry, reducing the completeness and accuracy of the patent office reviews of prior art and obviousness. It is important to evaluate software and business process patents in terms of the original justification for the patent system—encouraging investments in R&D and discouraging trade secrets. It has been argued that software and business process inventions (unlike implementation) require far smaller investments than other areas of technology (like electronics and pharmaceuticals) and thus necessitate milder incentives, and also that trade secrets make less sense because to use these types of inventions is to reveal them, and therefore the fundamental justification for patenting these types of inventions is weaker.

Firms must make difficult tactical choices between employing the trade secret, the patent, or neither for each individual innovation (Shapiro 2001b). While the trade secret excludes others, there is the danger that another firm may file a patent, which the trade secret would then infringe. A patent filing is expensive and reveals the innovation but also opens the possibility of excluding competitors or extracting license royalties. Publication of an innovation (placing it clearly in the prior art) may forestall others from filing a patent but precludes any form of exclusivity. Important considerations include how fundamental the innovation is, how difficult it would be to circumvent it, whether there would likely be license royalties, how important the innovation is to future business plans, and how easy it would be to detect infringement. Compared to some other areas of technology (such as biotechnology or semiconductors), software patents tend to be less fundamental and more easily circumvented. Nevertheless, there are circumstances where they are considered crucial.

Example A patent for a specific encryption/decryption algorithm may be difficult to circumvent in that it is difficult to perform a compatible encryption or decryption without infringement. However, it is easy to circumvent by choosing (or inventing) an alternative and incompatible encryption algorithm. Encryption per se would be considered today a prior art. A patent is an important element of a standardized system for rights management (see section 8.1.5), because an adversary who pirates information by reverse-engineering and copying the system can likely be sued for patent infringement (Traw 2001). This adversary cannot use an alternative encryption algorithm and still be standards-compatible.

The general approach to patents is also an important strategic decision for software firms. An offensive strategy is to extract royalties for use of the invention or gain competitive advantage by excluding others. A defensive strategy is to build a large patent portfolio to defend against a competitor who sues for patent infringement, since an infringement countersuit may be possible based on other patents held by the defendant. Large software firms are increasingly aggressive in building a patent portfolio, largely for defensive purposes. With this portfolio in hand, it makes sense to avoid litigation by negotiating blanket cross-licensing agreements with other large firms. In terms of social policy, this has the desirable outcome of discouraging trade secrets without creating monopoly positions in particular technologies. Overall, the exclusionary use of patents is less common in software than in some other industries, like biotechnology or pharmaceuticals, in part because patents offer less fundamental protection.

Patent infringement suits from individuals, universities, or small firms without significant revenues are to be feared more because infringement countersuits are unlikely to be effective and blanket cross-licensing agreements make little sense in these cases. Small firms, especially startup companies, consider patents an important asset that can exclude large competitors or derive royalty revenue. Patents are an important enabler for venture capital investments to the extent that they can preclude or slow down competition. Defensive patent strategies thus predominate for large firms and offensive strategies for individuals and small firms.

8.1.2 Copyrights

Historically, inventions were thought to be embodied in physical processes but not in information. A different form of intellectual property right—the copyright—was created for information goods, and patents were reserved for physical processes. The copyright protects an original collection of information (called a work) by granting the creator exclusive control of the work (including the right to sell or license) and precluding others from appropriating, replicating, or selling the work without permission. Because it protects the expression of facts or ideas, not those facts or ideas themselves, a copyright (like a trade secret) does not prevent others from independently developing a similar work based on the same ideas or intended purposes.

Example Software, especially application software, reveals its capabilities when it is used, and in the case of a standard or an application programming interface (API) is associated with a detailed specification. Another organization can legally reproduce the same capabilities or specification unless there is also patent protection. This is often done in a cleanroom, a project team isolated from all knowledge of or access to the original code. Careful documentation is kept of who worked on the project and what information they had available as a defense against future claims of copyright or trade secret infringement.

Before software patents, the law recognized software as an economic good similar to information, and the copyright was a primary grant of property rights in a collection of software code. Thus, the copyright can exclude others from replicating and distributing code but cannot prevent someone from independently developing software with similar or even identical capabilities. The copyright also grants the original creator the exclusive right to control derivative works, which in the case of software includes reuse of the code in other projects (possibly after modification) or modification of the code in new versions. Although the copyright expires after a fixed period of time (much longer than the lifetime of a patent), lifetime is less an issue for software because of the rapid changes in the industry and the necessary maintenance and upgrade cycle.

With the advent of software patents, more fundamental exclusionary property rights may be granted an invention embodied in software, allowing the patent holder to prevent others from using that invention even if their embodiment is created and developed independently. With the software patent, the law recognizes software as an economic good distinct from information, the distinction being that software embodies behaviors rather than insights or knowledge (see chapter 9 for further consideration of the differences between information and software). Other provisions of copyright law, such as second-copy and fair use, limit the rights of the copyright holder. Fair use is particularly significant, since it may grant users the right to make replicas of information or software for their own use.

As with information, exact replicas of software are easily created, and these replicas are nonrival in use. Security schemes can discourage unauthorized replication and distribution, but they inhibit usability and are thus unpopular with users. They also cannot deter well-funded attacks (see section 8.1.4). Only social constructs such as established ethics, legal restrictions, and active law enforcement can prevent piracy—large-scale unauthorized manufacture and sale of software—and, it is argued, thereby encourage substantial investments in the creation of software. The community-based software development movement demonstrates that it is possible to develop software without financial incentives but only in limited circumstances (see section 4.2.4).

8.1.3 Software Licensing

Software is normally licensed to whoever provisions and operates it. The license allows a holder (licensor) of intellectual property rights (any of the four forms) to grant to a second party (the licensee) the right to use. The license usually specifies the conditions under which the software can be used or disseminated to third parties, payments to the licensor, whether modifications of the software are allowed, the risks and liability each party assumes, representations and warranties, and promises of support and maintenance (Chavez, Tornabene, and Wiederhold 1998). Many other types of terms and conditions are possible (Katz and Shapiro 1986a), such as who owns the source code if the licensor goes out of business.

Although copyrights can protect the property rights for either source code or object code, in practice both are copyrighted, but it is usually object code that is distributed and licensed (see section 4.4). This is a form of encapsulation that allows the licensee to execute the code without easily examining its design or modifying it. Object code constitutes an obstacle (not insurmountable) to reverse engineering, which can uncover ideas and techniques, increasing the expense of a rival wishing to reproduce similar capabilities. Object code also inhibits passing unauthorized copies of software to others because it will usually fail after a while to run on upgraded platforms or to interoperate with complementary software. Ongoing releases resulting from continued maintenance and upgrade are thus a practical deterrent to illegal copying and piracy. Another is the common practice of offering substantial discounts on upgrades, provided a proof of payment for the original version can be presented. Most important, object code is much more difficult to modify: customer modifications would effectively invalidate warranties and preclude customer support. Source code is sometimes licensed (at a much higher price than object code) in instances where a customer may want or need the right to modify or at least to inspect for security reasons. In this case, the licensor's support and maintenance obligations must be appropriately limited. In other cases, the source code copyright may be sold outright, as is common for outsourced development.

Because replication and distribution costs are low, some unusual licensing terms become economically viable. Freeware involves no payment and allows the user to replicate and distribute the software freely. While this provides no revenue, neither does it represent a financial burden as long as the license absolves the licensor of liability and offers no warranties. Shareware is provided free, but a voluntary payment is requested if the user puts the software to productive use.

Source code licenses, those that grant access to source code to the licensee, are a particularly interesting case because many more things can be done with source code and licenses could vary depending on the objectives and business model of the licensor. The term open source license usually refers to a specific set of terms and conditions that meet the requirements for certification by the Open Source Initiative (OSI), including the right to read, modify, redistribute, and freely use the source code. Some examples of source code software licenses are listed in table 8.1. The primary issues in choosing license terms and conditions are whether the licensor wants license revenues, whether it wants to allow the source code to be used for proprietary purposes, whether it wants to allow modifications to the source code and whether it allows the source code to be "forked" into different versions or requires that all modifications of the code be arbitrated by the licensor or some third party to maintain a single version.

Table 8.1: Generic Types of Source Code Software Licenses
License Type	General Terms and Conditions	Motivation

Public	Source code may be freely modified and/or incorporated into proprietary products. No attribution of original creator is required.	Licensor desires no interest in (or liability for) the source code's creation; this is a no-strings-attached contribution of source code to the community.
University	Source code may be freely modified and/or incorporated into proprietary products as long as the original copyright notice and attribution remain attached.	Licensor wants to encourage technology transfer through incorporation into commercial products but also wants to be credited for its contribution.
Copyleft	Source code can be freely modified but cannot be incorporated into proprietary products. Any derivative software must retain the original copyright terms and conditions.	Licensor wants to ensure that its software is not used for commercial gain but also to encourage improvements or modifications for specific environments.
Community	Right to improve code is conditional on passing a set of compliance tests and contributing the modifications to the community, proprietary extensions are allowed, and commercial deployment triggers royalties to the licensor.	Licensor wants to remain the primary developing organization that manages the project, maintain control over compatibility of different versions through compliance test suites, and ultimately derive royalties but also invites others to join in the development and contribute improvements and extensions to the collective benefit.
Examination	Source code can be examined but not modified. Suggested improvements may be donated to the licensor, who has the option to incorporate them into future versions.	Licensor wants to maintain control over a single source code distribution but encourage others to examine the code for flaws or to encourage extensions. This form of license has been called shared source when the licensees include select customers of a commercial project.

While source code licensing was once restricted to software created and maintained outside the commercial environment, there is increasing commercial interest in this type of license. The copyleft license essentially precludes the ability to gain revenues from the code itself but still admits other business models, such as paid training, support, and consulting services for users. This type of license seems especially appropriate for technology- and application-independent infrastructure software (see section 7.1.1), where there is a collective interest in providing a common reliable and secure technological underpinning for other commercial software. The community license and examination license approaches are interesting for paid software licenses as a way of garnering customer or community assistance in improving software and encouraging complementary research activities (particularly in academe).

Example The Sun Community Source License has been adopted by Sun in promulgating its Java technology, such as Jini, its platform that allows appliances to interoperate opportunistically (Sun Microsystems 1996). This license follows the community model, and its license specifies three levels of participation: research use (examination and evaluation of the source code), internal deployment (right to manipulate the code during development and testing), and commercial use (use of the code in a commercial product triggering royalties back to Sun). Licensees must contribute maintenance improvements to the community but are free to make proprietary improvements or extensions as long as they have open interfaces. Sun's motivation is to gain wide participation in advancing and promulgating the platform, while still maintaining a degree of control and achieving revenues. Similarly, Microsoft offers a shared source license for the .NET Common Language Infrastructure and associated C# compiler (now also adopted as ECMA standards).

8.1.4 Trademarks

The trademark is a visible sign or device used to identify goods and distinguish them from those made or carried by others. The trademark helps a business build a brand identity. The societal interest is in encouraging firms to invest in high-quality products by allowing them to benefit from a positive reputation based on past products. In software, given the nature of copyright protection, the trademark can also preserve a single unified distribution by preventing copying of capabilities and features.

Example The ability to recreate the functionality of software in a cleanroom or the ability to modify source code in a copyleft license can result in "forks"—independent but distinctive versions of what is essentially the same software. This happened with the UNIX operating system, which was promulgated by AT&T and also through several derivatives of university versions, resulting in fragmentation of the UNIX market and ultimately stifling that market (especially on the desktop) through the negative feedback of network effects. Learning from this example, Sun Microsystems utilized the Java trademark to establish name recognition for Java and prevent others from creating incompatible versions. Of course, firms would be free to independently create similar functionality to the extent they did not infringe on Sun patents; however, these alternatives could not legally carry the Java trademark. Compliance tests were defined that had to be passed by implementations claiming to be Java.

All four forms of intellectual property can be invoked in complementary ways depending on the particular circumstances. A public, university, or copyleft licensed software project is the most complex situation because of the possibility of many people's modifying source code for various purposes.

Example The originator of a hypothetical copyleft project OpenCode, Software4U, establishes the ground rules through the original copyright license. Anybody examining or modifying the OpenCode source must adhere to the license terms and conditions set by Software4U. Others may independently create the same capabilities and features, but confusion is avoided since they cannot attach the name OpenCode, which was trademarked by Software4U. Software4U also obtained a patent for an invention it incorporated into OpenCode. Anybody who bases a commercial product on OpenCode under the terms of the copyright license must also license this patent and pay royalties to Software4U, unless they manage to change the capabilities or implementation in a way that avoids infringement. Others creating an independent product must do the same. OpenCode also created a commercial package based on OpenCode and incorporated some proprietary ways to improve its performance (thus distinguishing it from other versions) that it maintains as a trade secret.

8.1.5 Rights Management

The challenge in rights management is to enforce the terms and conditions of a license for information or software. For example, the terms of the license may prohibit the licensee from making a replica and giving that replica to a third party or from going into business producing many replicas and selling them. These terms and conditions are limited by any fair use provisions of the copyright law, which may grant limited rights to licensees to create replicas exclusively for their own benefit.

There are two complementary ways to enforce a copyright: through technology and through legal mechanisms. Considering first technology, from a security perspective rights management is a twofold problem: the first part is conditional access control (see section 5.4), where the objective is to allow a licensee to access information or run software but prevent a nonlicensee from doing the same. Conditional access can be accomplished by standard authentication and conditional access techniques. The second part is copy protection, which prevents a licensee from replicating and disseminating to others the information or software it legally possesses and uses. Without copy protection, the licensor is dependent on the honesty and good will of the licensee to avoid further distribution. Unfortunately, copy protection can never be fully effective, because legitimate access and use of information or software inherently makes it susceptible to copying or replication.

Example Once a picture or document reaches the eyes, it is possible to capture it with a camera, and once audio reaches the ears it is possible to capture it with a microphone. In order to run a software program, its instructions must be available to the computer in an executable form, and that same executable form could in principle be replicated and run on another identical computer.^[1]

Copy protection can never prevent the copying of information on the screen or through a speaker, so it focuses instead on preventing replication of the original digital representation of the information or software (see section 2.1.2). Encryption, such as is used in confidentiality, is a useful tool (see section 5.4.5), although copy protection is fundamentally different from confidentiality. In confidentiality, each party trusts that the other will reveal neither secret keys nor plaintext to third parties; the two parties have a mutual interest in preventing disclosure of the information. Copy protection is appropriate when the licensor does not trust the licensee to keep secrets or worries that the licensee will reveal plaintext to others.

Example If a content provider encrypts a digital representation and simply provides the decryption key to the user (as in a confidentiality protocol), the user could provide a replica of the plaintext, or alternatively both the ciphertext and decryption key, to a friend.

Some common approaches to copy protection are described in table 8.2. None is foolproof, and each has its disadvantages (Wallach 2001). The incompatibility approach can be annoying to users, including those wanting to exercise legitimate fair use rights. The service provider approach is most applicable to a specific model for selling software, and the license server approach requires full-time Internet access. The trusted system approach introduces the additional cost of an information appliance but is attractive where that appliance is required anyway.

Table 8.2: Approaches to Copy Protection
Approach	Description	Scope and Limitation	Example

Incompatibility	Replication of digital information or software is deterred because of incompatibility with standard tools for replication (such as copying the contents of one disk to another).	Useful for the distribution of information or software on recordable media; however, sophisticated users (such as those capable of programming) can easily circumvent.	The Sony PlayStation has its games stored on standard CDs, but in a way that is incompatible with widely available CD-ROM burner software on personal computers (Wallach 2001).
Service provider	The user accesses information or makes use of software through a trusted service provider. Information content is made available only by query or streaming, not by replication.	Useful for making the capabilities of software available to the user without access to source or object code. Allowing the user to query a database to extract specific information makes it difficult to replicate the entire database, and providing video or audio by streaming avoids giving the user an entire replica at once.	The application service provides (ASP) model avoids making software code available to the user. Many Web pages are generated dynamically using information extracted from a database. Many audio/video content suppliers provide only streaming media.
License server	Software execution is made conditional on permission of a remote license server.	Useful where the platform has a full-time network connection and unique identifier.	Microsoft Windows XP generates a platform signature based on hardware configuration, and requires a network registration procedure called Product Activation.
Trusted system	Information can only be accessed using a licensed information appliance that can be trusted to enforce license terms and conditions.	Useful for information, where only the trusted system can decrypt the digital representation, and for software, where the source or object code is encapsulated within the system.	The signal sent to satellite TV receivers is encrypted; only licensed receivers possess an encapsulated secret decryption key; they output only an analog representation.

In general, copy protection schemes that rely on special hardware are more secure than software-only solutions. By its very nature, software (including object code) can be reverse-engineered and modified by a sophisticated individual. On the other hand, there are techniques for encapsulating information within hardware (such as unique identifiers or secrets) that make it difficult and expensive to extract. For example, such information can be hard-wired into integrated circuits so that an attempt to extract the information (by removing the protective casing) will destoy it. Thus, most trusted system approaches are at least partly hardware-based. However, it is important to realize that an adversary willing to expend sufficient resources can defeat even such a scheme.

Software has always been digitally represented, but the trend is toward end-to-end digital representations of information as well because this preserves high quality and is efficient in its use of resources. This has brought information into the same league as software in terms of the importance attached to copy protection.

Example Satellite and increasingly over-the-air and cable television use compressed digital representations, principally because the compression can increase the number of TV channels available within a given communication channel (such as radio spectrum). Similarly, the analog VCR is being displaced rapidly by the digital DVD as a recording medium. In order to preserve quality, this digital representation is increasingly preserved all the way to the television monitor.

Content providers are reluctant to make their copyrighted material available in this increasingly digital environment without strong copy protection. The trusted system approach is attractive, particularly where information appliances are the norm anyway (as in consumer audio or video). Since users are accustomed to exchanging information among different appliances, and making copies for their own use, copy protection relies on coordination of the industry through standardization (see section 7.2).

Example In the TV example, a user will typically have a satellite TV receiver or set-top box, a recording appliance, and a monitor. The user and the industry want to preserve the ability for the consumer to mix and match options from different manufacturers. If these are all digital, the content provider wants to ensure that the digital signal cannot be captured and replicated as it passes from one appliance to another. The content supplier will thus require that each licensed appliance be a trusted system compliant with a copy protection scheme, and that each makes content available digitally only to other compliant appliances. Further, the license will specify connections to other licensed appliances use encryption on all open interfaces. To thwart the capture, replication, and playback of the encrypted signal, the encryption keys used on these open interfaces must be changed often. This can be accomplished by using the certificate infrastructure and session key approach described in section 5.4.7, for example. Two standard open interfaces for this purpose are illustrated in figure 8.1, one between a satellite TV receiver and a digital recorder, and the second between the recorder and a digital TV. The first two are interfaced with the IEEE 1394 (Firewire) using Digital Transmission Copy Protection (DTCP) and the second Digital Video Interface (DVI) with High-Bandwidth Digital Copy Protection (HDCP). In each case, the license requires a compliant device to interoperate with another device only after determining that it is also compliant and establishing a one-time session encryption key.

click to expand
Figure 8.1: A chain of copy protection between information appliances.

Because a recording medium is passive, and a recording and playback appliance can communicate only through information stored on the medium, challenge-response authentication as described in this example is not possible for recordable media. Thus, more complicated copy protection mechanisms are necessary to prevent the unauthorized replication of digital recordings. An objective in this case is to prevent bit-by-bit copies of information on one medium being recorded on another medium and then played back. This implies that each instance of a copy-protected recording medium must have a unique identifier, and the recording must ensure that changing the identifier prevents playback.

Example The Copy Protection for Removable Media (CPRM) standard allows users to make recordings of digital content, but without allowing copies of those recordings to be made (Traw 2001). The standard is licensed to manufacturers of both removable media and recording and playback appliances. Licensees are issued the information illustrated in figure 8.2. Each compliant appliance is issued device-specific secrets that must be encapsulated within the appliance (usually in hardware) so that they cannot be easily extracted by a cracker. Each compliant recording medium has a read-only section that cannot be modified, and that section includes an identifier (like manufacturer identifier and a serial number) unique for each medium (tape or disk). If content is bit-by-bit copied from one medium to another, the different identifier will preclude playback in a compliant appliance. The medium also includes a large readable table of values called the Media Key Blocks (MKB) containing public corroboration information for the secrets within the appliances (similar to the public key in an asymmetric encryption system; see section 5.4). The MKB is actually a large table of data covering all present and future compliant appliances. The copy protection scheme then works as shown in figure 8.3. Each appliance calculates a Media Key (MK) based on its own secrets, the MKB, and the medium identifier. Because (and only because) both appliances use the same medium identifier, the MKs they calculate are identical. A random Title Key (TK) is generated, encrypted using MK, stored in encrypted form on the writable portion of the disk, and later decrypted on the playback device. TK is also used to encrypt the content, which is stored on the writable portion and decrypted in the playback device. Crackers, lacking access to the device-specific secrets, cannot determine MK and hence TK.

click to expand
Figure 8.2: The appliance- and media-specific information supporting CPRM.

click to expand
Figure 8.3: The CPRM copy protection scheme supports renewability.

Another capability of the most modern copy protection schemes is renewability. Most such schemes are eventually cracked, so they have a finite lifetime. Renewability extends the lifetime by allowing revocation or upgrading. Revocation means that the privilege of a specific compliant appliance to participate in copy protection can be revoked, and upgrading means its internal software can be upgraded to change the scheme even after it is in the hands of the user. Revocation without upgrading requires the user to return the appliance for replacement.

Example The privileges of either the recording or playback appliances in figure 8.3 can be revoked by deliberately introducing errors in MKB for all future manufactured media. Previously manufactured recordable media will continue to work, but all media manufactured post-revocation will not work with the revoked appliances. Of course, it is a difficult step in the marketplace to revoke the privileges of an appliance in the hands of the user through no fault of their own. Thus, upgradeability is a better approach, one that is available to appliances that routinely have phone or Internet access, like satellite TV receivers.

Copy protection schemes are effective against casual infringers or users who may not be cognizant of the relevant laws; this is exactly the situation where legal remedies are not effective. On the other hand, copy protection can never be effective against a well-funded adversary who is willing to reverse-engineer and manufacture clones; fortunately, these are the adversaries who are more susceptible to legal action and law enforcement. Thus, copy protection and legal remedies are complementary, and both are considered essential by content providers (Traw 2001).

Example An adversary could clone recordable media as shown in figure 8.2 by simply capturing the public information on the disk. By manufacturing cloned disks all with the same (supposedly) unique identifier, mass reproduction of digital content that would play on compliant devices would be possible. However, such an adversary would either have no license to CPRM or would be violating the license terms, and could be pursued by legal means.

While popular with content providers, copy protection is not popular with consumers (Shy and Thisse 1999), and software suppliers (in contrast to content providers) have been relatively inactive in strengthening the laws against piracy (Garcia 1998). Copy protection is controversial among civil libertarians for a couple of reasons. First, copy protection as a means of enforcing a copyright may be more restrictive than the copyright laws and hence interfere with legally sanctioned rights of the user.

Example Under the fair use provisions of copyright law, users may have a right to make copies of information content to access it on different devices and appliances that they own. Thus, the law may align fair use rights with a person or a household rather than with a device. A copy protection scheme that is clearly person-based (recalling that approaches like passwords are not suitable because they could be given away along with content) is biometric authentication, but this is difficult in practice because it requires a trusted system to collect and report the biometric data on all devices, an infrastructure that does not exist at present. A viable alternative is the smartcard, in which authentication is based on possession of a hard-to-forge artifact, although this still requires a trusted system authentication mechanism.

Second, recognizing that copy protection is imperfect and can always be circumvented given sufficient time and effort, content providers may seek to criminalize efforts to undercut copy protection, and this may in turn limit civil liberties.

Example In the United States, the Digital Millennium Copyright Act (DMCA) of 1998 includes an anticircumvention provision that prohibits "any technology, product, service, device, component, or part thereof, that …is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner." Many civil libertarians object to this law because it may outlaw various activities that have no relation to copyright infringement and are protected under other laws (Samuelson 1999). For example, a researcher who examines a copyright mechanism, finds a flaw, demonstrates that flaw with a software program, and publicly divulges that program may run afoul of the DMCA even if the intent is not to enable copyright infringement or if the intent is to enable allowable replication of information under fair use. This activity is also desirable because strength of security measures is enhanced by public scrutiny, useful knowledge about strong security may be gained, and this researcher may be exercising her right to free speech guaranteed under the U.S. Constitution. Proponents of the DMCA argue that it is necessary to protect the rights of copyright holders to prevent widespread copyright infringement in ways that are not easily countered by other legal means.

Even effective copy protection is at best a partial solution for information (in contrast to software) because it cannot prevent analog copies of works from being captured from video screens or speaker jacks. A secondary technological protection for copyright holders is the watermark (Lanqelaar, Setyawan, and Laqendijk 2000; Macker, Park, and Corson 2001; Podilchuk and Delp 2001). A watermark is information that is imperceptibly embedded in an information representation that may specify the copyright ownership of that work or identity of the party to whom the work has been licensed. An ideal watermark would be imperceptible to the user (so that it doesn't interfere with legitimate uses), would be robust to legitimate operations like analog-to-digital-to-analog conversion and digital compression (so it would be preserved in all representations, including analog), and would be difficult to remove deliberately. Watermaking technologies utilize signal-processing techniques similar to military communication techniques (e.g., spread spectrum) that are difficult to detect and do not interfere with other communication. However, like other forms of technological rights management, watermarks today fall short of meeting all these objectives. Worse, there is a simple technique that is likely to eliminate watermarks, assuming access to multiple legitimate copies, each with their own watermark. By simply taking the signal average (sum of all copies' signals divided by number of copies), the original content prevails while the watermarks are averaged out. There are sophisticated watermarking approaches that require access to an immense number of legitimate copies, but these are in early research stages only.

^[1]While the challenge that anything that reaches the ears or eyes of a human could be recaptured digitally is fundamental because humans cannot be modified for technological or business convenience, the challenge of identical computers is not fundamental. For example, each piece of computer hardware could encapsulate a unique secret key and run only appropriately encrypted object code.