[Opensim-dev] Interrelated difficult problems related to asset portability

[Kyle Hamilton]

On Wed, May 28, 2008 at 1:09 AM, Antti Ilomäki
<antti.ilomaki at adminotech.com> wrote:
> Hmm sorry to cut in like this, but I'd like to voice my opinion on a couple of points here.
>
> Kyle: "There are situations where multiple people do have independent right
> to sell or distribute precisely the same content without needing
> permission of any of the other copyright holders.  Why should the
> first one to get the drop on the network get the Sanctioned Right?
> How can the system know that the first copy on the network is actually
> legitimately there?"
>
> The system would not only include stuff you need to pay for. The creator of an object could release it for public use and it would be categorized as such in the content ID database. Of course there would inevitably be some misuse, but this is where I think the legal entities could step in. The legal entities could also step in in case of infringements in the form of derivative works when and if someone notices that a newly registered object clearly resembles an earlier work. Since the earlier work would already be in the database for comparison purposes and its entry date would precede the derivative work, this kind of matters might actually be solvable.

You have completely ignored the questions I asked, and the point that
I brought up.  There are situations where there is not only a single
instance of 'entity with the right to copy' (a partnership, for
example, which then dissolves -- but every partner still has the right
to copy and the right to bind the other partners to a license
granted).  How would your system handle that circumstance?

You've stated before that you are not a 'data security professional'.
You're trying to engage in discourse about your design, and I'm trying
to tell you, as gently as I can, that any and all DRM systems are
flawed in one or more major regards -- including your proposal.  Have
you ever heard of Gödel's Theorems of Incompleteness?  In this case,
they essentially boil down to "if you try to build a model of possible
valid states in an already-existent system, your model will
necessarily invalidate some already-valid states."

Furthermore, related to 'derivative work'... determining if something
is a derivative work is something which is in the exclusive domain of
the courts.  Evidence may exist in the global asset cache, but even
then there's no trustable timestamp from anywhere which leaves the
precise ordering up to interpretation.

My system relies as little as possible on 'trustworthy data' -- in
fact, the only 'trust' that's given is credence to the squawk URL
(which is added to the set of URLs to notify, regardless of whether
it's good or not) and the actual content data (and its provable
derivatives, the content hashes).)

> "The system doesn't know whether something is creative-commons, whether
> something is public-domain, whether something is GPL, whether
> something is all-rights-reserved.  The system doesn't transmit enough
> (cryptographic) evidence of licensure to be able to make any decision.
>  The system doesn't know whether the initial uploader is telling the
> truth about the license that the work is supposed to be under (for
> example, look at the PDF e-books of various public domain things that
> Adobe put out that put use restrictions on, such as 'no copying text'
> and 'no speaking text'.  The system can't determine whether any given
> use is in compliance with any given license.  The system doesn't know
> whether the initial uploader is truly the one who is supposed to have
> the copyright in the first place.  With all these unknowns, it's
> absolutely foolhardy to assume anything about any rights that any
> party may have, and I'm rather unenthused about propagating that
> error."
>
> The licenses such as public domain or pay-to-use and many variations would be stored in the database and I don't know if the system would actually pay attention to anything else than simply wearing or using an object in a certain server. The initial loader-problem is always there, but there should be fewer of those than there are users of objects. The real problem is who would actually check the objects (for example can a giant dildo have "suitable for kids" in the metadata) to see if they're ok and what they claim to be. For payware stuff it shouldn't be impossible as someone would profit from doing so, but how about public domain stuff? Will have to think about that a bit more.

Even in the greater Web, these types of problems have not been
adequately addressed -- there have been some experiments with
community reputations, but they haven't worked as well as anyone
hoped.

But -- the idea of licenses such as public-domain or pay-to-use would
be stored in the database, you say.  Where is that information
propagated from?  The initial uploader?  That presents a potential
denial of service attack to content owners who are trying to delay a
release to correspond with external factors.  (for example, a CD
that's ripped and uploaded ahead of retail release.  While currently
there's no 'music' asset type, that doesn't mean that there won't be
down the road, and I'm trying to keep the lessons learned from the web
firmly in mind in the design of a content protection system that
doesn't rely on secrets being kept or capabilities being lost.)

Further, if the data is being stored in the database, there comes the
temptation to try to encode the use of the information -- remember,
one of the rights of copyright is "the right to create derivative
works".  Would that be a 'modify' permission on the asset?  How would
the possible rights -- and possible restrictions thereon -- be
encoded?  Would there be any attempt to enforce them?  (hint:
'enforcement' is something that the system really cannot do, not
without stepping into the domain of the courts.)

> "er, you just said that the viewer /is/ the correct place to do it, and
> now you're saying it doesn't need to?  Remember, the viewer is the
> only thing that does cross the grid boundaries.  If we rely on grid
> operators to connect to the network solely for the purposes of
> copyright notification for purposes of changing their users'
> experiences, you can bet that they won't and that they'll disable the
> system entirely."
>
> Well in the realXtend architecture the avatar and authentication services cross grid boundaries as well, but I'm not sure those would be the place to implement data checks etc. The motivation for grid runners to use a "DRM" system would be to support the market of virtual goods. And quite probably many of the larger grids that make money from selling stuff to the users (Habbo for example) very well might.

Regardless of whether the 'avatar' and 'authentication' services cross
grid boundaries, the fact is that those services don't touch the
assets.  The assets are the only things that truly matter in this
environment.  (Since 'asset' and 'inventory' are two separate things,
even having a cross-grid inventory service wouldn't really help.)

The only real chance to notice these things is in the actual loading
of the scene -- be it on the region server or by the viewer.  The
region is only ever able to see itself and its own grid; the viewer is
the only piece of the puzzle which can see assets in a manner that
transcends grid boundaries.

As for "would be to support the market of virtual goods": I challenge
you to come up with one single instance where the availability of a
DRM system has improved the market.  The only thing that DRM systems
have done is made certain skittish content producers willing to put
their catalogs on the services that use it -- but the only truly
successful one of those has been iTunes, and that's only because they
never tried to open it up to anyone else -- and it is actually Steve
Jobs who wrote, "DRM relies on keeping secrets."  Microsoft's WMA DRM
scheme, "PlaysForSure", was an abject failure.  (I should know.  I'm
one of the PlaysForSure victims.)

One of the things that I firmly believe is something that Jim Baen
(may he rest in peace), founder and publisher of Baen Books, bet his
business on.  "Most people would rather be honest than dishonest."
(Baen Books was the one company which had a successful electronic book
program which added to the bottom line -- simply because of a lack of
DRM in any of the electronic titles.)  For more information about the
Great Experiment (also known as the Baen Free Library) which ended up
adding to the authors' bottom lines, please check
http://www.baen.com/library/ .

Eric Flint, the Librarian of the Free Library, made a rather crude
analogy.  "Any retailer in the world, after all, can put an ABSOLUTE
stop to ANY shoplifting INSTANTLY. Just require your customers to
undergo a full search when they leave your premises -- including body
cavities. Yup, no more shoplifting. Congratulations.  Oh -- and, yup.
No more customers. Congratulations."


> "(I tend to be somewhat libertarian/conservative when it comes to
> making systems small and workable.  I don't want to have to pass new
> laws to get something to work.  I don't want to waste money or time
> designing something that reduces capability.  I don't want to damage
> anyone's online experience.  I don't want to impose Yet Another
> Limitation.  I just want to do my part to ensure that people who have
> intellectual property rights under the current regime can have a bit
> of help in reaping the benefits of their work.)"
>
> A worthy goal if I may say.
>
> One thing I'm a bit puzzled with is your vision of court involvment. So far they've been pretty powerless against piracy and that's not tneirely bad, because they'd have to be targeting individual people a lot, and with virtual reality objects you would usually be talking about less $ than in software and films, for example. The professional distribution sites have their servers somewhere far out of the reach of IP laws so they're not a very good target either. Could yo uplease elaborate a little more on your ideas?

Regardless of whether there's a "professional distribution site"
outside the realm of current enforcement, anyone within the reach of
the current IP law who buys a digital "gray-market" copy is going to
end up with that copy in an area which is within the reach of
enforcement.  That person can be tapped for proper licensing, perhaps
with a good-faith discount if they didn't know they weren't buying
from someone authorized for it.

Another model that this would support would be a "try-before-you-buy"
approach, that could be followed up, and followed up afterward with
the "DMCA Hammer of Doom" to forcibly remove it if the person doesn't
actually want to license it.

At this point, I've restated my point over and over again: DRM does
not work, DRM is a long dark scary road to nowhere, DRM simply fails
to do what it's supposedly designed to do.  DRM stands for 'digital
rights management', but its true nature is better stated by a
different acronym expansion: 'digital restriction mandate'.  It is an
attempt to limit capability, rather than expanding capability.  I am
not interested in limiting the capability of any project I work with.
A friend of mine says, "My feeling has always been that every dollar
added to technology for the purpose of subtracting capability has been
a complete waste. I'd actually be curious to know how many tons of
coal have been burned to fuel electricity to compute AES keys in
schemes like AACS."

I want data to be freely accessible.  I also want content owners to be
able to get paid for their work, and to be able to use the legitimate
systems that already exist to enforce it.  Court systems exist for
enforcement, at least within their own jurisdiction.  This means that
people in those jurisdictions can be made to pay, or made to stop
benefitting from the copies they made.  The rest of the world?  Sooner
or later, it will catch up.  Or it won't.  That is completely outside
the scope of the problem.

-Kyle H