Active forum topics
Alphabet soup of acronyms: TPM, DRM, TCPA, RMS, RMI
There is an alphabet soup of acronyms people use when talking about some of the controversies around copyright related issues. While learning the acronyms are hard enough, we also have to deal with the fact that different communities are using the terms in different ways. I have had the opportunity to interact with technical, legal and law making communities and will try to make sense out of a few most often heard acronyms.
This acronym is most often used to mean Technical Protection Measure. Whenever you hear the word "protection" you should be thinking of what is being protected from who? This is a policy question, and the policy questions are often far more important than the technology being used.
The technical community uses this term in a very generic way to refer to any technology used to protect something from some sort of attack. It can refer to cryptography, which allows for confidentiality (a third party could see the encrypted message, but only those with the right digital keys can access the unencrypted message), authenticity (digital signatures), integrity (you can detect if changes were made), and similar features. It can also refer to simple passwords, which are another method of authenticity.
Many critical online technologies make use of TPMs, such as the HTTPS (Secured Hypertext Transfer Protocol) used for secure web transactions with your bank, PGP/GPG (Pretty Good Privacy, GNU Privacy Guard) and other technologies used to secure and digitally sign documents including emails, and a wide variety of methods for people to indicate who they are to a website or computer so that only authorized people are able to gain access.
The legal community often uses the term TPM to refer to the specialized policies that copyright holders might be using technology to implement, as referenced in the 1996 WIPO (World Intellectual Property Organization) treaties. For instance, the WIPO Copyright Treaty says:
Legal people will often include all uses of technology by copyright holders, not differentiating between the very different types of policies that can be protected by these technologies. Some of the policies are supported by the technical community, and some of the policies are strongly opposed. It is quite possible for the WIPO treaty to be narrowly read to only include the non-controversial uses of technologies by copyright holders, but unfortunately it is most often read to include the controversial abuses of technology by copyright holders which circumvent other peoples rights.
To add to the confusion, TPM can also refer to Trusted Platform Module which is a type of chip documented by the Trusted Computing Platform Alliance (TCPA). This chip, and the TCPA are very controversial. Like the other meaning of TPM, it is the policy that is being implemented that is the root of the controversy. While the trusted platform module has uses which protect the rights of the owners of the computers they are embedded within, providing important security features, this chip can also be used to protect a third party (such as the manufacturer, or a software vendor) from the owner. Whether this technology is used to protect the owner, or treat the owner as the threat, is a matter of policy and not technology.
Please see: [LAFKON] A movie about "Trusted Computing"
This acronym can refer to Digital Rights Management, or Digital Restrictions Management.
The technical community uses this acronym to refer to a specific subset of policies which a technology can be used to try to protect. Examples included Microsoft's Plays-For-Sure and the new (incompatible) Zune DRM, Apple's FairPlay DRM, the disastrous Sony/BMG RootKit, and many others. In all of these cases the technology is being used to protect against the person who physically possesses (and often owns) what is being protected, whether it be legally acquired encrypted content that is intended to only be able to be accessed using "authorized" devices, or devices which are locked down to protect the interests of the manufacturer against the owner.
The Defective By Design organization, which was formed from the Free Software and related technical communities, explains it this way:
For many technical people the terms Computer Security and DRM have the opposite meaning. Both of these terms refer to a use of similar technologies, but the policy being implemented have opposing goals: one is aimed to protect the owner of a computer from some third party, and the other is aimed at protecting a third party (the device manufacturer) from the owner. A computer can't have two masters if the policies they are trying to implement conflict in any way, so a system with a strong DRM will not be able to be secured by its owner.
This is an increasingly important conflict for consumers to be aware of as they purchase new hardware and software, given there is a growing amount of consumer technology (Apple's iTunes and iPod, Microsoft Windows Vista) that has DRM as a core design feature.
The easiest way to understand when a use of a TPM is going to be controversial or not is to think of the old phrase: Your right to swing your cane ends at my nose. To put it in this context, a copyright holders right to protect their copyright ends at the circumvention of someone elses rights. The rights being circumvented might be property rights (IE: people who own devices have rights), they can be privacy rights, or other rights. It is never fair to "Rob Peter to pay Paul" by circumventing one type of right in order to allegedly protect another, so this type of policy will always be controversial whether it relates to copyright or any other type of conflict.
It is quite possible for copyright holders to choose business models where their interests and the property rights and other interests of their customers are not in conflict, with the problem of DRM largely being a problem of bad business model choices. There is nothing inherent with protecting copyright which puts it at odd with protecting tangible property rights.
The legal community uses the acronym DRM to include a larger set of tools used to manage copyright. This can include include technologies like those described above, but it can include non-controversial technologies such as databases of information about works under copyright, tools to allow copyright holders to more easily license their works to others, and information embedded within content to indicate who the copyright holder is and other related metadata (information about the work under copyright).
Access Copyright has a Rights Management System (RMS) which allows copyright holding members to add information about copyrighted works which they wish to offer through the RMS where they can clearly document many aspects of the work, as well as offers users of the works a "license wizard" to quickly get a license for the works they want. The technical community would not consider this database and licensing tool offered by Access Copyright to be a DRM system, and it contains none of the features that make DRM systems controversial.
RMI is an acronym for Rights Management Information. This term is defined in the WIPO Copyright treaty as follows.
When someone from the technical community reads this, we understand it as a form of metadata attached to content which better documents the content. It is attached to the content by the copyright holder (or authorized distributor), and it seems obvious that it would be inappropriate for a third party to modify this information and redistribute.
Unfortunately some people in the legal community believe RMI can also refer to information about uses of a work. For instance, it could include the number of times that a song has been listened to, who has been listening to the song, or other potentially privacy invasive knowledge that might be relayed back to a copyright holder by some software running on the users own devices.
This technique of storing personal information, or of "calling home" and relaying information about the use of a copyrighted work, is a feature that a technical person would include within the meaning of DRM, and would not be included within the meaning of RMI.
Trying to make sense out of it all
Reading the descriptions above I believe you will notice we have the legal community referring to TPMs in a way that is similar to how the technical community refers to DRM. We also have some in the legal community referring to RMI as including the collection of information that the technical community would only refer to as one of the many controversial features of a DRM. We then have the legal community using the term DRM to include many non-controversial technologies which the technical community would not recognize as being part of DRM at all.
One way to manage this problem is to guess what community the person using the term is from, but this is going to lead to many misconceptions. While it would be ideal if more clear terms were being used, there are lobbiests in this debate that are trying to deliberately confuse the terms for their own political aims. The terms are in such wide use today that it is not going to be possible to discourage people from using these confusing terms.
If it is important for you to be clear about your meaning, it is best to use different terminology. As the policy coordinator for CLUE: Canada's Association for Free/Libre and Open Source Software I authored a Copyright Policy Summary that was used in a presentation to the Copyright Policy Branch of Heritage Canada. This document included commentary on this language issue.
In the document I was very clear what techniques we were opposed to, to ensure that these policy makers didn't confuse our intentions. As suppliers of technologies which protect the interests of our customers and users of our software, we want to make clear we are not opposed to technologies such as cryptography, but are opposed to specific abuses of these technologies.
Be part of Canada's open source community
Support the use of open source in the private and public sector
Help to balance the power grabs of the content industry
Canadian LUG News
Open Source in Canada News
Open Source Blogs