Usual disclaimer: This is a personal opinion piece, it represents my views alone and may not represent that of any colleagues. It’s fairly long and rambling too.
No, I’m not going to be discussing DRM / Copy protection’s feasibility again – I’ve done that enough lately, and really there’s not a whole lot new to say on the matter – if you can put it in a contract, you can then enforce it. I’ve spelled that one out before.
This post is to explore some options for some permissions that can realistically survive other people hosting regions for themselves, and stand a reasonable chance of being respected. The inspiration to this post being a musing on the validity of ‘no-mod’ and ‘no-copy’, in both cases these permissions tend to stick in the way of what a consumer wants to do with a piece of content, and in both cases the permissions are fairly arbitrary.
I’m looking a lot at the past for ideas here – the web itself actually has some very strong analogues to where virtual worlds are heading, and surprisingly enough these kinds of permission games have been played out before there.
As with everything there is a bit of a balance here – evading the permissions model is always going to be fairly trivial for someone with a few skills, video game piracy still occurs – even when the copy protection schemes get so onerous that there have been claims it’s physically damaged hardware. If one makes the permissions too tight, it’s going to dissuade legitimate consumers, and inspire others to break it.
Thou shalt not modify.
Let’s start with no-mod, and first examine why creators use this permission. There are two big reasons that seem to spring up when discussing this permission with content creators. First – any object with mod permissions can be cloned via scripts (or manual copy-by-numbers), and Second – the creators have a desire to develop a brand image around their products being recognizable, or have a secondary market for product modifications.
The first reason is more of a problem for “no-copy” – I’m going to leave that for when I touch on no-copy, since it’s fundamentally that trait they want, not denying consumer customization rights. The second is potentially more understandable – consider the example of a major motion picture company offering free content – for their intents they want it to stay the same, keep logos and trademarks, etc.
So what can you replace this with? Well first the potential exists for marking whether something is original or not – that much can be done with a form of ‘object hashing’ (or fingerprinting), determining whether something is identical to as it was shipped is actually a lot easier than determining if something is a derivative of it.
This means that potentially if you ‘travel’ with the modified component, recipient servers can say “Hey, this looks unauthorized. I’m not letting you bring that in here”. These checks being easy and hopefully efficient enough to do.
When on a users own server in their own environment however this one is effectively unenforceable – trying to prevent users modifying content on their own servers is akin to trying to prevent someone from modifying an image that’s stored on your local machine.
Sure modifying it might be more difficult than the original creation (without layered source files, etc), but all the pieces are there and certainly a degree of blunt force can be applied.
On the inverse however – I’d like to suggest that perhaps this isn’t something you actually want to do 90% of the time. Returning to my analogues – let’s assume you are producing landscaping objects, something to decorate a scene with. The closest equivalent is that of the website template or stock imagery. While the composition is an important factor in the development of the scene, most people are going to want to customize it slightly – the best users are going to be the ones who do major customizations and bring their own flair into the design. It’s possible to then point to these customized versions in your own marketing (Hey you can do this!).
So expressing this in permissions, we have a few new options potentially for legitimizing user behavior while at the same time marking what the creator will/will not allow.
Please note – by suggesting these I am not saying anything different to what I have before. Permissions are at their heart completely unenforceable without legally binding contracts dictating their use, in which case those contracts are enforceable, not the permissions.
- Plain No Modifications Allowed – This one is pretty broad, but it’s still somewhat valid in it’s construction. Enforcement requires some legal magic – but technical enforcement alone is a toothless tiger.
- No Transmit Modify – Consider this the situation above where you can customize it on your own space legitimately. The permission is you cant transmit it to other servers or users in a modified state.
- Attribution Required – Modified objects must contain an original creator tag that can be examined by visitors and observers. Any attribution built into the objects themselves should not be removed.
- Modification Limited To – A list of attributes on the object which can be modified (such as say color, size/dimensions, etc) but leaves the rest of it marked as no-mod.
Thou shalt not copy.
This one is a little tougher to enforce, and I’ve gone into great detail about copy protection before. The heart of this permission is to make sure that content is licensed for a single usage at a time – traditionally there is two types of enforcement on this in Second Life: “no-copy+trans”, being there is a singular copy of this item which can be transfered to another user and “copy+no-trans” the inverse, you are allowed unlimited copies, but not allowed to transmit them to other users – in both cases the goal being that only one user can use the content at a time, and if more want it they need to pay for it.
It’s possible here to think of some new permissions which actually fit these roles better – consider the idea of a license. You have a license to use piece of content X. This license can be transfered to another user, however you then lose the ability to use “X” until you acquire another license.
No-copy doesn’t have many analogues with the web itself, the major reason being that on digital computers it’s actually impossible to “move” something. “Moving” is actually “make a copy, then delete one”, enforcing singular copies of a license is very difficult.
The closest we can find is content protection used on Video, Audio and similar – be it through iTunes or somewhere else. In this case, the analogue isn’t very good since in those cases you are explicitly denied from transferring the content to another user. Full stop, end of discussion.
Perhaps a better analogue comes from cryptographic keys – companies such as VeriSign maintain something called a “Key Revocation List” which is the list of keys that they have removed from active service – while those keys still work, if someone does a look on the KRL for it they will say “Hey wait a moment, that’s not valid.”
Licenses then become something that is authorized through a monolithic provider (either run or contracted by the original copyright holder to handle the licenses). If you wish to transfer a piece of content, you let the provider know you are transferring it to X. The provider revokes your license and grants a new one to the new holder – licenses can be checked before content is transmitted to a new server, and the server can decide whether to accept it or not based on the results of the license server’s check. (Of course the server might just ignore those results too.)
It is also possible to consider some alternate “no copy” bits here too – such as allowing the content to be licensed on a “per-server” rather than “per-user” basis. Certainly commercial content is likely to be licensed in such a manner since it handles ‘group usage’ better.
Potential permissions?
- Singular Usage Only – Only a single copy of the item may exist. To enforce this serial numbers will be required on the item (This is #17). This is equivalent to the “no-copy+trans” permission in SL today, of course there is the concern about content being deleted accidentally, etc, so mechanisms need to exist to replace lost content.
- Singular User Only – This content is licensed to a single specific named user. No other users may use this license, however this use may make copies for their personal use.
- Singular Server Only – This content is licensed to server the server located at W.X.Y.Z, or addresses in the range W.X.Y.Z/24. In English – a single server or group of servers only. Transferring out of this range is explicitly not allowed. Within this range unlimited copies may be allowed.
Thou shalt not transfer.
The last permission is the concept of transferring your license to other users. Secondary resale markets, etc. Certainly a number of creators embrace the resale model and provide bulk packs of content for resellers.
This is pretty simple and I’ve described it above. The permission is pretty simple too – and potentially you could enforce more complex licenses (such as say a viral license) through this mechanism.
The permissions here?
- Transfer not allowed – License transfer is expressly forbidden.
- Unmodified Transfer Allowed – License transfer forbidden if content is modified
- Modified Transfer Allowed – License transfer only allowed if the content is sufficiently modified (the “stock photos” license)
- Transfer allowed only under these terms – You cannot modify the permissions if you wish to transfer his item.
On the inability to express every scenario with permissions
One of the problems with the above is that you simply cannot express every possible legal license with a few check boxes. While it does make it easy to generate a license from these (in the way that Creative Commons does with 3 check boxes), in these cases it would be nice to be able to provide a custom string that can let you define custom permissions and actions and have it interpreted on the server.
At risk of seeing everything a nail (if all one has is a hammer) – a highly limited interpreted programming language may actually be a more flexible solution here. Especially if the language is close enough to English that it’s understandable to the casual observer.
Consider something akin to the following paragraph
COPY:
IF USER HAS LICENSE AND
COUNT OF OBJECT IN REGION IS LESS THAN TEN AND
TODAY IS MONDAY
THEN
ALLOW
ELSE
DENY
MODIFY:
DENY
TRANSFER:
IF OBJECT IS MODIFIED
THEN
DENY
ELSE
ALLOW
While slightly less than perfect English – it’s relatively understandable. Copying of the object is allowed on Monday and only if you have less than ten copies of the object in this region. Modification of the object is always denied, and transfer is limited only to the original unmodified object.
In this manner, a complex license such as the GPL could have a programatically interpreted helper to assist in license enforcement (although the legal bindings behind the GPL are the real teeth). Such a license would look very simple: “COPY: ALLOW, MODIFY: ALLOW, TRANSFER: ONLY UNDER THESE TERMS: ALLOW.”
Server side Enforcement
Servers ultimately have the final abitration on whether to enforce these or not. If Joes server decides not to use these permissions, well there’s not much you can do if you dont have a contract with Joe forcing him to. (Of course if he gets your content unlicensed – then that’s copyright infringement.)
It should be noted that it should be possible to design a server that will also expressely refuse content marked under certain permissions. (That is it will not rez), for instance if the server is unable to prevent someone from modifying something, then the server may say “Well, I’m not going to touch anything that could get me in legal trouble – public domain content is the only type accepted here.”
There’s actually a number of reasons why people would want to be able to mark those kinds of permissions – the legal angle is definitely one, ideological is another – a group may want to only allow Public Domain or F/OSS content. Another group might want to avoid the problems with viral licenses and simply deny access to virally licensed content, ultimately the flexibility to decide should be in place.
At the heart with this issue – flexibility is king. Permissions managers, etc should be designed under the implication that they need to support a wide variety of models – and ultimately it will be the market and users that decide which models succeed and which do not, there is probably going to be a lot of ideas surfacing over the next 12 months on how to handle this. This is merely one of them.
You know, I didn’t think i’d end up commenting here like this, but I really like that idea of a limited scripting language for permissions. It quite beautifully bridges the gap between simple flags and the more expressive (but not automatically enforceable without actual AI) license documents.
It would be interesting to flesh out this language a bit more as I could see it working beautifully for intergrid perms too, rather than the ACL type methods which have been discussed.
Gareth Nelson
18 Aug 08 at 3:49 am
“Another group might want to avoid the problems with viral licenses and simply deny access to virally licensed content”
Of course, i’ll refrain from commenting here other than pointing out freud
Gareth Nelson
18 Aug 08 at 3:49 am
Haha, yeah. Well – it would be really nice if we could automatically tag code from the viewer and say ‘Oi, outta here.’ when working on this code.
Adam Frisby
18 Aug 08 at 6:32 pm