[Opensim-dev] Interrelated difficult problems related to asset portability

[Kyle Hamilton]

DRM doesn't work.  Period.  I'm not trying to find any kind of way to
prevent things from being copied -- I'm trying to find a way for
people who own things that are copied to find out about it.

(There are two concepts here, related but not identical. The
difference between "classic copyright" and "DMCA copyright" is this:
In classic copyright, you have to trust that the law provides enough
deterrent for anything that isn't fair use.  'fair use' is a very
slippery concept to define, and an even more slippery concept to try
to encode.  The content creator trusts that its stuff won't be misused
-- or if it is, that it would be more expensive to litigate it than
would be awarded for damages.  It has always relied on the copyright
owner/content creator becoming aware of the misuse of its property,
and has always relied on the copyright owner itself initiating a legal
action to stop any given misuse.

DMCA copyright, on the other hand, reaches out the Technological Hand
of God to prevent it from being used in ways that aren't preapproved.
This generally means "no frame-stills, no clips, no text-copy, no
audio-copy, no video-copy, no copy at all because you COULD be
attempting to misuse it"... but which prevents things like 'lending a
book to a friend', 'copying a portion of a song into an audio
presentation to compare or critique it', etc.  It's like having
someone constantly looking over your shoulder and saying "you can't do
that", regardless of what the purpose for "that" is.  In effect, it
removes the judicial review process -- and then, to add insult to
injury, the DMCA makes it a felony to bypass, explain how to bypass,
or create tools used to bypass the Technological Protection Measure.)

The reason I started thinking about this was related to the Stroker
Serpentine US District Court case seeking a restraining order
preventing his animations from being sold by someone who claimed he
was an authorized reseller.  I started thinking about two interrelated
issues:  1) the viewer must have access to the data at some point, and
2) the viewer already copies the data.  Anyone can -- with a little
bit of C++ hackery -- redirect the copies to an easily-accessible
datastore, or even write code to pull stuff out of the LLVFS caches
directly.  DRM would require that the viewer never store the data, or
never see any kind of unencrypted version of it (which is impossible,
since the viewer is released under GPL) -- so I started thinking about
how things work.

All I could come up with was a realization that computers are already
extremely good at, among other things, data comparisons, and there's
already a common codebase which is run everywhere -- the Linden
Viewer.  The Linden Viewer is used to stress-test OpenSim, among other
things -- which means that it already sees content that it's exposed
to on the main grid, as well as seeing the assets from the asset
servers on the private grids that it connects to.

DRM can't work in this environment.  If nothing else, this is simply a
proposal for something which has a chance of working more than
minimally.

Now, I'm noticing that you're completely ignoring a fourth class of
content producer: those who make their money solely from the license
fees they receive in exchange for right-to-use that content.  With
some of the stuff that's going on in Linden's grids, I can only see
that smaller realms will be the norm and not the exception.  This
means that these splinter realms will have their own view of their
assets, their own assetservers, and no means of knowing that the
assets that are uploaded to them are not authorized-under-copyright.
Without any kind of means for people who create content and sell
licenses to use that content to learn about these copyright violations
I fear that nobody will want to create premium content for use in
these grids.

I had mentioned that there were social problems involved... well, this
is one of them.

-Kyle H

On Fri, May 23, 2008 at 8:30 AM, Diva Canto <diva at metaverseink.com> wrote:
> People have different needs when it comes to asset protection, and one model
> doesn't fit all. This should be configurable at server init time. Here are
> three of the most prevalent models, the third one being a hybrid.
>
> 1 - People want all their inworld assets protected from being copied. This
> means that there should be a lot of guards upfront. It's conceivable that
> someone might develop a DRM module for OpenSim; but I don't think that
> should be in the OpenSim core, because this kind of protection, besides
> being a conceptual quagmire, is not a universal need. A more lightweight
> manner of addressing this need is to use the walled-garden model of grids,
> which somewhat restricts who has access to the inworld assets, and then have
> people sign a very strict ToS, and enforce that with severe real-world
> penalties. Example on the Web: facebook.
>
> 2 - People don't care much about their inworld assets being copied by
> hackers, what they care most is to attract lots of visitors to their sites,
> or even just expressing themselves in public. So free access to images, etc,
> are a tool for traffic, it puts their message out there; not just people
> traffic but all sorts of backend info gathering traffic, for example
> crawlers for search engines. In this scenario, there is no need for backend
> asset copy-protection mechanisms, just front-end protection and declarations
> of copyrights. This is the prevalent model of the [public] Web.
>
> 3 - People care somewhat about their inworld assets being copied, while at
> the same time caring to attract visitors, therefore benefiting from
> operating in open grids and open sims. A lot of web sites fall on this
> category. This is the model that would benefit from having open access to
> assets along with a monitoring system for detecting copyright violations. As
> Dr. Scofield said, some people care to do this on the public web too.
>
> Note that all of these models can work with the techniques that we were
> talking on this thread -- REST access, pulling UAI out of the OpenSim core.
> For walled-gardens, it's "just" a matter of authenticating the callers. This
> kind of ACL is routine on the Web, session keys, etc., so it should be
> feasible in OpenSim too. I think this is possible without having to change
> the viewer.