Tag Archives: drm

Why DRM is not a technical solution to privacy

Recently I’ve heard a number of people suggest that personal data might be protected using ‘digital rights management’, the same technology that some copyright owners use to ‘protect’ ‘their’ content (apologies for excessive scare-quotes but I think they are necessary in this instance). The idea is that content or data is transferred to the user in a proprietary format (often with encryption), which can only be played or used by related proprietary software or hardware and relevant decryption keys. Thus, in theory, the content ‘owner’ (or the individual data subject, in the privacy protection scenario) is able to ensure the content/data is only accessible to licensed users for a restricted range of uses. In practice, DRM content is invariably cracked and unlocked, after which it can be copied, shared and used without restriction.

I’m sceptical as to whether ‘DRM for privacy’ could ever really work as a purely technical fix to the privacy problem. As far as I can see, the proposals either amount to simple encryption of user data (which certainly has a role in protecting privacy, but has existed for years without being called ‘DRM’), or else they involve some additional policy proposal or trust arrangement which goes beyond the technology and enters into the contractual / legal / regulatory arena.

For instance, a recent DRM-for-privacy proposal from a Microsoft Research engineer Craig Mundie goes something like this. Personal data (e.g. health records) are encrypted before being sent to a third party (let’s say, a medical researcher) for processing. The encrypted package comes with some additional metadata wrapper, explaining the terms and conditions for use, and some kind of consent mechanism so the data processor can express their consent, whereafter the data becomes accessible.

This sounds nice in theory but in order to work, the terms would need to be legally binding and enforceable. Unless there is some sort of audit trail, and a credible threat for non-compliance, there’s nothing to stop the processor simply clicking ‘I agree’ and then ignoring the terms. Encryption only protects the data up to the point at which the data’s terms-of-use clickwrap is ripped open. And if the whole motivation for adopting DRM in the first place was that you don’t trust the entity you’re giving data to, it becomes pointless. Cory Doctorow put it thus;

For “privacy DRM” to work, the defender needs to be in a position to dictate to the attacker the terms on which he may receive access to sensitive information. For example, the IRS is supposed to destroy your tax-records after seven years. In order for you to use DRM to accomplish the automatic deletion of your records after seven years, you need to convince the IRS to accept your tax records inside your own DRM wrapper.

But the main reason to use technology to auto-erase your tax-records from the IRS’s files is that you don’t trust them to honor their promise to delete the records on their own. You are already adversarial to the IRS, and you are already subject to the IRS’s
authority and in no position to order it to change its practices. The presence or absence of DRM can’t change that essential fact.

Talking about encryption, ‘metadata wrappers’ and DRM makes Mundie’s proposal sound like a nice, stand-alone technical solution, but ultimately it relies on further legal, social and technical infrastructure to work in practice. All the encryption does is protect your data while it’s in transit, and all the terms-of-use wrapper does is let them know your preferences. Unless there’s something in current DRM-for-privacy proposals that I have missed – in which case, I’d be very keen to learn more. But I can’t find any more detailed proposals from Mundie or anyone else.

As well as being a little misleading on a technical level, I’m also suspicious about the motivation behind slapping the DRM label onto this proposal. Those who would like protect their business models with DRM have a vested interest in classifying any kind of socially useful technology which vaguely resembles it as such. That way they can refer to ‘enhanced privacy’ as one of the consumer benefits of DRM, whilst sweeping its more damaging aspects under the carpet.