Re: [dvd-discuss] A TPM without use limitations -- thoughts?

["John Zulauf" <johnzu(at)ia.nsc.com>]

Steve Stearns wrote:
> 
> On Wed, 2002-11-06 at 16:17, David Wagner wrote:
> 
> > And what if future Morpheus or Gnutella clients automatically include
> > code to strip fingerprints?  Just trying to understand the risks from
> > the point of view of the record companies.
> 
> Those Morpheus and Gnutella clients would get busted under the DMCA for
> circumventing the fingerprinting of course.

I think this is a lot more subtle that the quick answers would suggest.

First, I think that a P2P client that automatically suppresses copyright
tagging information (which is all a fingerprint is), is probably the
least defensible category of software we've discussed so far.  It
explicitly copies, and masks the copyright tag.  Aside from unauthorized
copying, there can be little purpose to the software.  If DeCSS had
(instead of just decrypting), had decrypted and posted the DVD to
alt.movies.binary newsgroup, then the case for contributory copyright
infringement would be pretty clear.  It would have one purpose, to
decrypt and disseminate.  That would be materially different from the
real DeCSS (same logic would apply with the power book reader -- if it
decrypted and disseminated it clearly would be liable).

Now... contrast that with a P2P client that provides tools for managing
shared content s.t. copyright content is not shared over public P2P
nets.  A "Tools->Audit" menu feature could check that one's public
folders are clear of copyright works.  An automated "right
clearinghouse" could validate the sharing-rights granted (for example
"all rights reserved" (no sharing), "any two works from this album can
be shared publicly" (the "radio rule")  or "this work may be shared
publicly" (for a promotional track) ).  

What is the value of adding such features to a P2P client?  How about
defensibility in court?  "Your honor, these are the features
incorporated into the software to ensure that unintentional or
unauthorized public sharing of works is not done."  Private sharing of
fingerprint works is opaque to the copyright holder, as it should be to
preserve privacy and the spirit of the AHRA.  The finding of
contributory copyright infringement becomes much harder for software
that includes copyright detection and audit features.

BTW, assuming the fingerprint can be made of perceived value to the
user, the hits on the fingerprint to meta-data website would give a very
clear indication of the sales to sharing ratio even with only private
sharing.

.002