July 8, 1996

This week, the focus is on the protection of copyright on the Internet, taking a look at two early efforts in this direction. The first is a program by the Association of American Publishers to develop a standard Digital Object Identifier. The second is a commercial product, LicensIt, which has some features that would be useful in a DOI.

---

Making the Internet safe for copyright

Publishers weigh technology, legislative approaches

Copyright reform is both practical and necessary for the future of online publishing. Many publishers refuse to make content available to Internet users who, bloated from one free lunch after another, view intellectual property theft as some sort of game. Until publishers have the protection they need, they will continue to keep important material off the Internet. We suspect, however, that online copyright protection, like adult-oriented content, is a problem best addressed with technical, rather than legal, solutions. Right now, several firms are working along these lines with varying degrees of success, introducing products designed to keep online content safe from the "finders-keepers" crowd.

Hard sell. Even without the technical glitches, products emphasizing copy protection are going to have a hard time on the Internet. Many computer users remember the debate over software copy protection in the 1980s, when consumers rejected such schemes as intrusive and impractical. Software producers decided at the time that small-scale piracy was the price they paid to keep the goodwill of their legitimate customers. (Large-scale piracy is a different matter, of course.) This whole process now seems to be repeating itself on the Internet, as publishers find that technical problems and consumer opposition are making robust copy protection a hard sell.

One way to handle this problem is to keep a work linked to secure, accessible copyright information without preventing access to the work itself. Rather than relying upon copy protection schemes, developers look for ways to make copyright compliance easier and to ensure that a thief cannot easily claim someone else's work as his or her own. Given the state of Internet culture, in which free and open access to information is a prime virtue, such methods may have the best chance of striking a balance between openness and protection.

AAP searches for a standard. Over the past several months, the Association of American Publishers has worked to develop a Digital Object Identifier (DOI) that would serve exactly this purpose. According to Carol Risher, the association's vice president of copyright and new technology, the AAP is now hearing proposals from vendors interested in implementing a DOI standard. Risher says the association plans to award a single vendor a five-year contract to develop and maintain a system for assigning unique DOI codes to copyrighted works. The AAP expects to have a prototype in place by the end of the year. According to the AAP proposal, the main purpose of the DOI will be to provide an easy way for a user to access authorship information, permissions and other copyright data for a given object. A user downloading an image, a document or any other online content will be able to access the content's DOI, which can then be used to query a central directory under the control of either the vendor or a subcontractor. The directory can, in turn, point to the appropriate database containing the content's copyright data. Individual publishers and authors could maintain their own databases under the proposal, or they could place the information in third-party databases. The master directories would be more centralized, perhaps with a regional or topical (images, video, etc.) emphasis. The vendor selected to administer the project will also select the DOI format, a method for assigning DOIs and standards for open, nonproprietary access to directories and databases.

The AAP proposal is interesting. It shows great potential for providing accurate, easily available copyright information. Any would-be Internet standard, however, faces major obstacles. Bureaucratic wrangling, technical shortcomings and inadequate marketing can all conspire to kill a standard before it ever has a chance to gain acceptance.

One issue a DOI developer must address is how to apply the standard consistently across a number of formats -- some of which do not yet exist. One solution, which the AAP appears to prefer, is to work with each and every standards organization or vendor to include the DOI in their format specification. Another solution is to develop a container that wraps around any other object and includes the DOI. Each approach has its problems. The first raises the specter of death by committee, while the second will probably have to rely upon some sort of proprietary container format, plug-in or operating-system extension.

To achieve widespread acceptance, the standard will probably have to run across multiple platforms and be a specification that is freely published. But given the problems of approaching both existing and future format bearers and securing their agreement on anything, it may be more practical to work from the basis of a vendor-developed solution, rather than to develop a specification without an accompanying reference implementation.

Another problem is authentication and security. In addition to serving as a pointer to copyright information, a DOI will have to protect both itself and the object against unauthorized manipulation. The AAP proposal recognizes this issue, but it does not consider authentication an essential part of the DOI specification. We disagree with this appraisal; without including a robust authentication system and a privilege management standard from the beginning, the DOI will probably fall victim to competing systems that offer these features.

Finally, some of the AAP's initial proposals for the DOI seem rather clumsy. The current specification, for example, would require a user to enter the DOI manually in an online search form to receive copyright information. No copyright information besides the ID number would travel with the content, making the process more cumbersome than it really needs to be. A more attractive alternative would be a way to attach the copyright information itself to the content, and to allow searching the database by copyright fields, such as author, date, subject or publisher, rather than just by ID numbers.

Part of a larger picture. According to Risher, the AAP was scheduled to hear DOI presentations from seven vendors during the last week in June, in anticipation of a late-summer decision on a standard. Risher would not confirm which vendors were scheduled to present proposals, but it seems logical that firms such as IBM and EPR, both of which currently offer rights management systems, would want to make DOI proposals.

In fact, the selection of a vendor to develop the DOI will probably have a great impact on how the standard evolves. Some existing systems, such as IBM's Secure Container and EPR's DigiBox, emphasize opaque containers designed under the assumption that a user will have to pay before viewing their contents. This makes a great deal of sense when a work loses much of its value after an initial use -- a first-run movie, for instance, or a newsletter containing timely information.

For many publishers, however, strict rights management is actually a liability. A museum, for instance, may want to put online, free of charge, low-resolution versions of its collection, while still ensuring that ownership rights and other information remain securely tied to the high-resolution images. Artists may want to encourage users to browse their portfolios while making sure that their authorship is recognized and that browsers know how to get in touch if they need more information, such as how to obtain high-resolution copies of a work or how to commission custom work. The current DOI proposal seems more focused on this approach, and the AAP should ensure that a vendor will not steer the standard toward more restrictive purposes. While there is no reason the DOI could not coexist with more restrictive management systems, this should not be its primary purpose.

The DOI proposal clearly has its problems, and there are no guarantees that it will ever gain wide acceptance as a standard. The AAP's approach to copyright management, however, is basically sound. If and when a workable DOI is implemented, it will provide crucial middle ground between pay-before-you-view management systems and the de facto surrender of one's intellectual property rights. And while this middle ground will not satisfy everyone, it will encourage more content creators to take a positive view of the Internet.

---

LicensIt: kinder, gentler copyright?

Copyright management system links content, authorship information

Four-part answer. LicensIt includes four distinct parts:

• The Creator's Toolbox allows content creators to take virtually any type of multimedia content and convert it to a proprietary LicensIt format.
• For larger publishers, an Express Packager system serves the same function as the toolbox, but it also includes a batch mode for automatically converting large numbers of objects.
• The LicensIt Registration Server is a repository for copyright "metadata," including authorship data, contact information, pricing, team credits or virtually any other data the publisher wishes to associate with the object.
• The LicensIt operating-system extension functions as a plug-in module for identifying and handling converted objects.

The first version of LicensIt, using Microsoft's ActiveX object technology, will work with Windows 95. A subsequent OpenDoc version is planned for the Apple OS, although Hunt says Apple's OpenDoc technology has not yet advanced to the point where it can support LicensIt.

Security and consistency. The challenge NetRights faced was how to develop a system that was both secure and consistent across virtually any type of data -- two goals that HTML's simple hyperlinking could not achieve. By using ActiveX, LicensIt is able to handle content independently of its data type; the content becomes a standard container, on which LicensIt inscribes copyright data.

Just as important, however, is the digital signature LicensIt attaches to each object. The signature, based upon standard RSA encryption, becomes invalid if a user alters the object or its associated copyright information without permission. If the altered object then comes in contact with either the OS plug-in or the author's LicensIt server, the system can warn that the object has been illegally altered. For content creators, LicensIt does provide a limited degree of active protection. A creator can, for example, set the "minimum permissions" on an object to allow read-only or read-copy-print access. And the authentication feature guarantees that when a user accesses a protected object, the server can confirm whether the object is in its original, unaltered state.

Hunt, however, acknowledges that active security of any sort is no more than a "speed bump," slowing down but not stopping unauthorized use.

LicensIt's real value is in making it easy for consumers to obtain copyright data -- and copyright permissions. A user viewing a photo in LicensIt format, for instance, might be able to access the creator's name, contact information, guidelines for publication or reuse, or even a catalog of related works. An AVI music clip might include similar data, as well as a list of the musicians involved and the instruments used. Even for material accessed offline, LicensIt will provide bare-bones copyright data that follow the object wherever it goes.

Status. According to Hunt, the LicensIt Express Packager and server will be available in prerelease form in October, priced anywhere from $700 to $20,000, depending on the size of the customer. The Creators' Toolbox, priced around $125, will follow in the first quarter of 1997. The freeware OS extension, which is necessary to open LicensIt objects, will be in controlled release as early as August.

For small users that do not want to set up their own servers, NetRights is working with a number of established royalty administration firms to set up third-party servers, on which content creators can store their information for a nominal fee. NetRights is also working with Infonautics, which provides online searching and royalty management services for publications, to present LicensIt to the Association of American Publishers as a candidate for their Digital Object Identifier (DOI) standard (see previous story).

Obstacles. Since LicensIt has not yet reached commercial release, it is premature to call it a genuine contender for any copyright management standard. At the very least, it faces the standard obstacle of bringing enough large users onboard to give it contender status, when those users themselves prefer to stay with well-known, established products.

LicensIt also faces a problem common to any application that requires a plug-in to operate: Downloading and installing the necessary software, however simple that may be, is still an inconvenience for users.

Another shortcoming, according to Hunt, is the fact that once a user receives permission to open an object, there are no guarantees that it will remain in LicensIt format. While NetRights is working on a "once LicensIt-always LicensIt" formatting system, right now it remains up to the author and the licensee to agree that the object will remain in LicensIt format when it is republished.

Advantages. LicensIt has several advantages, however, that may help it along the road to wide acceptance. Unlike conventional protection technologies, such as IBM's Secure Container system, LicensIt does not expect users to pay for or even to apply for a decryption key before viewing an object. Copyright information, permissions and the object's signature are secure, but the object "payload" itself is always freely available, at least for viewing. A related advantage is LicensIt's ability to ease communication between content creators and potential customers, making the process of contacting an author, obtaining clearances or paying royalties as transparent as possible. Finally, NetRights has the advantage of staking an early claim in territory no one has thoroughly explored, even as the debate over online copyright continues to grow.

We find LicensIt interesting not because it relies upon new technology, but rather because it is targeted at content creators occupying the middle ground in the copyright debate. Some publishers, particularly those in professional reference markets, are looking for a system that guarantees a "pay-per-view" standard for online content. Many others, however (we venture to say the majority), are looking for a system that adds flexibility and openness to the traditional rules of exchange, without forcing them simply to abandon their works in cyberspace and hope for the best. LicensIt seems to strike this balance. We suspect that whether or not the AAP settles on LicensIt for its DOI standard, this system and others like it will have a major impact on the future of Internet publishing.