DigiRight: NoE Proposal for a Framework for Policy, Privacy, Security, Trust and
advertisement
DigiRight: NoE Proposal for a Framework for Policy, Privacy, Security, Trust and Risk Management for DRM First International MobileIPR workshop August 27 – 28, 2003 HIIT, Helsinki, Finland Habtamu Abie et al. Norwegian Computing Centre http://www.nr.no/ Norsk Regnesentral Norwegian Computing Center My Usual Disclaimer In the nature of things proprietary name will necessarily be mentioned. The inclusion or omission of such name should not be interpreted as a recommendation or criticism of any product. Norsk Regnesentral Norwegian Computing Center Outline • Motivation • Objectives • Integrated DRM research framework • Scenario methodology • Integrating process • Establishing a lasting virtual DRM research centre • Relevance and potential impact • Conclusions Norsk Regnesentral Norwegian Computing Center Motivation • Protection of IPR of digital assets – Prevent mass piracy, or deter it • Establishing and increasing – Security, trust, and privacy of digital assets • Enabler for mutually beneficial IPR businesses • Ubiquity of digital content – DRM concerns everyone – All stakeholders must be winners • Laws and policies pertaining to the protection of IPR vary widely between countries and are likely to remain different, notwithstanding EU’s and other co-ordinated efforts to harmonise them • Different national laws, policies and practices must interoperate and be reconciled Norsk Regnesentral Norwegian Computing Center Motivation... • Today, technical DRM solutions, models of human interaction, legislation and business models are produced by technology providers, social scientists, legislators and economists who co-exist without fully considering the side-effects on other domains • Factors that affect the uptake of DRM – Legal, regulatory, private and public policies – Societal questions – Business processes and models – Technology Norsk Regnesentral Norwegian Computing Center Motivation... • What Europe really needs to strengthen and to reinforce DRM excellence is – an inter-domain and multidisciplinary approach that can be achieved by a specific restructuring of all existing research capacities and the way research is carried out • The Network aims at making easier the process of multi-domain communication, sharing and understanding of results and concepts Norsk Regnesentral Norwegian Computing Center Objectives • Integrate the traditionally separated DRM research communities – technology, business, law, ethics and social science • Stimulate scientific research projects – gain insights into issues and challenges – harmonize DRM technologies, solutions, learning programs at the European level • Create a self-sustainable set of knowledge-spreading activities – liaison with end-user communities, industries, standard bodies, governments • Establish a lasting virtual DRM research center Norsk Regnesentral Norwegian Computing Center Stakeholders: IP content producers, owners, distributors, consumers, technology providers etc e/mBusiness e/mLearning Entertainment e/mHealth IP Asset Creation & Capture (Rights Creation,Rights IP Asset Management (Repository,Trading, Validation, Rights Workflow) Payments, Metadata) e/mGovernment IP Asset Usage (Permission Mgmt, Tracking Mgmt) Common Domain Platform Technology Business Social science & Ethics Legal & Regulatory DRM Research Framework: Security, Trust, Policy, Privacy, Risk Management Common Concepts, Methodologies and Tools Spread excellence: Training researchers/key staff, knowledge transfer to industry, raise awareness, etc Common DRM Services: interoperability, standardisation DigiRight Consortium, user communities, industries, standardisation Integrated Framework Norsk Regnesentral Norwegian Computing Center Integrated Framework... • Common concepts, methodologies and tools – – – – jurisprudence social sciences business theory and economics science and technology • Legal, regulatory, private and public policies – interoperate and reconciled – obtain relevant consent from a data subject – alternatives in obtaining rights for the processing of personal data involved – restrictive ethical rights • Societal questions – – – – privacy, information access, digital divide fair-use, private-use, community-use cultural issues, freedom of speech general use acceptance or customer’s Norsk Regnesentral benefits from DRM Norwegian Computing Center Integrated Framework... • Business processes and models – fine-grained usage control: fair use, private use, super-distribution, payment – IPR negotiation, contracting, licensing – usage tracking and monitoring • Technology – Trust • providers need to establish trust and confidence in their products and services • consumers need to trust providers, and protect their privacy and information – Privacy • individuals, groups, organisations – Security architecture and infrastructure • create, store, distribute, manipulate – Digital Policy Management • relevant rules and policies – Risk Management • framework for identifying, assessing and controlling risks relevant to digital content Norsk Regnesentral Norwegian Computing Center Integrated Framework... – Protection mechanisms • encryption • watermarking • fingerprinting – Information representation semantics • IPR metadata • IPR semantic approach • IPR ontology • Rights Data Dictionary • Rights expression languages – Standardisation • IPR protocols • rights languages • metadata • interoperability – Openness and interoperability • valuable framework for seamless interconnection and co-operation Norsk Regnesentral Norwegian Computing Center Application Domains • Inter-domain communication and co.operation – abstract concepts and ideas from one domain and apply them to another – avoid reinventing the wheel • Pay special attention to the following application domains – – – – – – e/m-Business e/m-Entertainment e/m-Education e/m-Health e/m-Government e/m-Generic-services Norsk Regnesentral Norwegian Computing Center Habtamu Abie (abie@nr.no), DigiRight, MobileIPR, 27-28/08-2003, Helsinki All Stakeholders are winners • Content creators/owners – (artists, authors) win by getting fairly paid for their efforts • Content distributors – (publishers, retailers) win by getting paid to distribute content. • Technology Providers – (Telecos, ISPs, DRM providers: IBM, Sony, Microsoft, InterTrust, ContentGuard, Adobe) win by getting paid for enabling distribution of content • Manufactures – (soft + hardware) win by getting paid for producing end-devices (Computers, PDA, CD-Player, Mobile phones) • Users/Consumers – (businesses, schools, libraries) win by getting good and authentic service at a reasonable price. • Education and learning sector – double winner for being the major creator Norsk Regnesentral and consumer of IPR Norwegian Computing Center Scenario Methodology • Scenarios are useful to describe what the world will be like – what DRM services will look like in years from now • Scenarios provide us with adequate research method • Scenarios are excellent means of integrating and communicating ideas, views and concepts Norsk Regnesentral Norwegian Computing Center Integration Process Management activities • Executive Board/General Assembly • Executive committee • Advisory committee Beyond the Network Input from the outside world Spreading excellence • Communications and news services • Education and training • Dissemination and communication Joint research activities • Road mapping • Scenario building • Joint research task force Integrating activities • Research Portal • Exchange of Personnel • Joint research infrastructure Technology research task force Business research task force Legal & Societal research task forces Norsk Regnesentral Norwegian Computing Center Establishing a Virtual DRM Research Centre • Ensure that the necessary steps are taken towards forming a selfsustainable virtual organisation • Important questions to be addressed – ensure that the Network becomes the preferred unit of co-operation within DRM research in Europe – create services that will lead to selfsustainability of the Network – ensure sufficient anchoring to international organisations that run conferences, standardisation work and other scientific activities, within partners in DRM research • Create one single virtual research organisation in DRM issues across Europe in order to co-ordinate DRM future research Norsk Regnesentral Norwegian Computing Center Relevance and Impact • An integrated approach to address the IST trust and confidence vision in building the future e-Europe by – providing a common background and basis for combined research and facilitate the exploitation of the synergy of the various projects, areas of expertise and stakeholders • Developing innovative tools for protecting digital assets will contribute to a better social cohesion by – providing efficient, secure and private systems for communication, business, health, transport, risk management, learning and cultural heritage Norsk Regnesentral Norwegian Computing Center Relevance and Impact... • Contribution to European Research Area – mobilising DRM researchers across Europe and networking the effort necessary to address the relevant challenges – contributing to the European leadership in DRM technologies at the heart of the knowledge economy – mobilising the industrial and research communities around longterm goals facilitating the aggregation of public and private research effort on European scale – reinforcing European strengths in DRM research Norsk Regnesentral Norwegian Computing Center Relevance and Impact... • Interact with other projects active in the standardisation processes • Propose standards in trust, policy, privacy, security, trust and risk management, and metadata and its interpretation to relevant standardisation bodies, particularly – CEN/ISSS, – CEN/ETSI, – ISO/IEC – W3C – OASIS – OMA – MPEG Norsk Regnesentral Norwegian Computing Center Relevance and Impact... • Integration internally – create Special Interest Group (SIGs) • work on a specific inter-related tasks • contribute to common goals and start to establish closer links between their respective organisations – other activities such as meetings, workshops, conferences, summer schools, will also contribute to the fusion of entities • Integration externally – establish links with various research institutions in the various fields of interest – Create industrial board and increasing industrial participation • provide guiding input • facilitate knowledge transfer to the Norsk Regnesentral industry Norwegian Computing Center Conclusions • Merge European laboratories in DRM into a single research group • Stimulate research projects to gain a breadth and depth understanding of DRM systems and the relationships between DRM technology and people, organisation and society • Develop and synthesise common concepts, methodologies and tools from components taken from different disciplines necessary for a holistic view and understanding of DRM Norsk Regnesentral Norwegian Computing Center Conclusions... • Develop a network of usability test facilities and establish an assessment methodology • Develop a common distributed software platform available for researchers and the public at large • Establish a scientific foundation that will manage an international journal, run especial session at existing conferences Thanks for your attention ! Norsk Regnesentral Norwegian Computing Center
