13.2 Usage control

13.2    Usage control

As mentioned above, usage control requires some hardware or software that is able to control and approve the usage of the protected material. In the past, the computer and software industries have developed and deployed many technologies that are based on usage control. For example, we all remember the ongoing competition between software vendors trying to protect their software products with new and innovative protection schemes on the one hand, and software pirates trying to bypass or circumvent the schemes on the other. A similar competition is going on between pay TV companies that scramble or encrypt data streams and pirates trying to illegitimately descramble or decrypt the data streams. More recently, the DVD industry has developed, implemented, and deployed a Contents Scramble System (CSS) that allows them to protect films distributed on DVDs. In 1999, the 15-year-old Jon Johansen created the DeCSS program so that he could view CSS-protected DVDs on a Linux machine. In fact, DeCSS was published as part of an open source development project to build Linux DVD players called LiViD, or Linux Video. More recently, several CSS Descramblers have become available and you may refer to http://www.cs.cmu.edu/~dst/DeCSS/Gallery for a corresponding overview.

All of these examples suggest that usage control is seldom successful and even more seldom successfully deployed on the large scale. ^[1] Nevertheless, many people intuitively think that usage control is a powerful technology that can be very strong and made difficult to bypass or circumvent. For example, usage control was also recommended by the Working Group on Intellectual Property Rights for the U.S. National Information Infrastructure in 1995 [3]. Unfortunately, usage control has many (legal and practical) problems, and most of these problems are related to the restrictive nature of usage control.

In theory, there are many possibilities to design, implement, and deploy technologies for usage control on the WWW. For example, a technology could use a PICS-like rating scheme specifically designed for intellectual property protection. As of this writing, however, there is neither such a scheme available, nor any publicly announced plans to standardize such a scheme. Another technology could use proprietary software modules that implement usage control. For example, a few years ago a group of IBM researchers developed a usage control scheme that was intended to be used to sell copyrighted material on the WWW [4]. The material would be packaged in a so-called cryptolope , and this cryptolope could only be opened by a helper application that controls operations, such as save, print, copy, and view. Similar work is reported in [5]. Unfortunately, such technologies make it difficult to use commercial off-the-shelf software on the user side. Against this background, it is not likely that we will see usage control on the WWW widely deployed anytime soon.