A. DRM: The concept
2. The content management/rights management distinction in practice
In examining if and how certain generally accepted rules of copyright law might be implemented through automated, machine-based rights management systems, the approach must be, of necessity, as much a practical one as it is theoretical.
關於檢討著作權法上普遍接受的特定規則,如何以由自動化、機械式權利管理系 統加以執行,其研究取向必須能夠兼顧理論與實務。
Consider first of all how a technologist might view the functioning of copyright law.
For the most part copyright law provides general indications – in the form of a specific right or set of rights – as to the scope of rights management available to the rightsholder in relation to a particular unit of content and then leaves it to the rightsholder to define specific usage rules in favour of specific users, usually via contractual mechanisms. In some instances copyright law carves out exceptions and limitations to certain of the rightsholder’s normal rights thus inserting a basic statutory or regulatory framework for the rights management process as between the rightsholder and user.
首先考慮一下一位技術人士如何看待著作權法的運作。著作權法大致上規定了一 般性的指示,以特定權利或權利集合的型態,指定了權利人對於特定內容單元的權利 管理範圍,之後則是任由權利人對特定使用者界定特定的使用規則,而這通常經由契 約機制完成。在某些情形下,對於權利人的某些正常權利,著作權法創設了例外與限 制規定,因此在權利人與使用者之間的權利管理程序,加入了一個基本上屬於法定或 管制性的架構。
In both cases, but particularly in the latter, what is specified as a matter of law in terms of the rights management process, whether on a statutory or contractual basis, often does not circumscribe the full extent of the content management activity which occurs. An example of this is the case of private copying: in most circumstances, without the authorisation of the rightsholder, private copying of protected works is, under the United Kingdom copyright law, an infringing act. And yet, of course, private copying of protected works is as prevalent in the United Kingdom as it is anywhere else in the world.
在以上二種情形,而尤其是後者,在權利管理程序中的法律問題,不論是基於法 定或契約基礎,通常不會限制所發生內容管理行為的完整範圍。這種情形的一個例子 是私人複製:根據英國著作權法,在大多數情形下,私人複製受保護著作構成了侵權 行為。當然,針對受保護著作的私人複製,不論在英國或世界其他地區都是一樣廣泛。
In the traditional content and rights management world, accommodations are made where content management activity occurs beyond the reach of the rights management process. In some instances the law responds to this process with ex post facto adjudication:
the fair use mechanism in the United States copyright law illustrates that approach. These are important response mechanisms which enable the system overall to function.
在傳統的內容與權利管理領域,當內容管理行為超出了權利管理程序的範圍,便 會有調整作法。在某些情況下,法律以事後裁判回應這個過程:美國著作權法的合理 使用機制表現了這個取向。這些是使得著作權整體系統得以運行的重要回應機制。
In the digital environment the situation is entirely different. The content management process and the rights management process, while capable of functioning independently of each other, have to remain synchronized. There can be no significant legitimate content management activity without corresponding rights management activity; the “tolerated”
content activities which occur beyond the reach of the rights management process in the traditional world are simply not possible in the digital, machine-based environment.
在數位環境下,局面則是全然不同。內容管理程序及權利管理程序,雖然能夠互 相獨立運行,卻必須加以同步化。如果沒有相對應的權利管理活動,則不會有多少正 當的內容管理行為,傳統上能發生於權利管理程序範圍之外的「可容忍」內容行為,
在數位、機械式環境下卻不可能發生。
The balance between the interests of rightsholders and users which every traditional rights management (copyright) system strives for is arguably supported in part by the marginal content management activity which occurs, for whatever reason – absence of control mechanisms, high transactions costs – beyond the practical reach of the rights management process. The binary nature of the environment in which digital content management processes occur render all unauthorised uses of content intolerable. Accordingly, in that environment the copyright balance must be established exclusively through codified rights management propositions. This in turn requires a closer examination of both the policies and mechanisms establishing that balance. It also explains the divide between proponents of DRM mechanisms and those attacking the so-called “digital lock-up” of content: now that rightsholders are able to reclaim the areas of unauthorised (yet tolerated) content management activity, users protest what they consider to be an expropriation of their rights.
每一個傳統式的權利管理(著作權)系統,都在追求權利人與使用者的利益平衡 , 不論是出於缺乏控制機制或高交易成本,這個平衡在某部分上來自於超出權利管理程 序實際範圍的內容管理行為。數位內容管理程序所發生的環境具有二元性,使得一切 未經授權的內容使用不被容忍。而這回過頭來要求針對建立平衡的政策與機制進行更 密切檢討。這也解釋了 DRM 機制支持者與所謂內容「數位鎖定」攻擊者之間的分裂:
現在權利人能夠收回未經授權(但被容忍)的內容管理行為區域,使用者認為他們的 權利被沒收而加以抗議。
The arguments against digital lock-up are often based on different views of non-specific privileges claimed by users in the area of unauthorised but previously uncontrollable content management activity. The issue is just as critical, however, in areas where the law is specific about the user’s privileges. In respect of limitations and exceptions Article 6(4) of the European Union Copyright Directive of 2001 essentially provides that where, in the digital environment, a particular DRM mechanism restricts access to and use of content in a way which is inconsistent with a rights management proposition embodied in the law – i.e. a DRM mechanism denies a user the ability to perform some content management activity guaranteed by an express exception or limitation – then some process has to be found allowing the user to perform the content management activity provided for in the exception or limitation.
在 原 先 未 經 授 權 但 不 受 控 制 的 內 容 管 理 行 為 領 域 , 使 用 者 主 張 他 們 有 優 惠 (privileges),而通常將反對數位鎖定的論點建立在這些看法之上。然而,在法律明文規 定使用者優惠的領域中,這個議題便具有關鍵性。關於限制與例外規定,2001 年歐洲 聯盟著作權指令第 6 條第 4 款基本上規定了,在數位環境下,當特定 DRM 機制限制了 內容的取用與使用,以致於不合法律中的權利管理規定,例如 DRM 機制讓使用者無法
從事限制或例外規定所明文認可的內容管理行為,則必須有某些程序能讓使用者從事 例外或限制規定所許可的內容管理行為。
One approach, of course, would be simply to force the release of the content in question from the DRM mechanism in question. The “non-digital” rights management process, as ordained by the law could then come into play facilitating a “non-digital” content management activity to occur.
當然,方法之一可能是強制系爭 DRM 機制釋出系爭內容。如法律所規定的「非 數位」權利管理程序,將可派上用場,以促成「非數位」內容管理行為發生。
This approach would seem generally unsatisfactory, because the availability of the content in a non-digital format means that the possibility of sustaining a digital rights management process in relation to that content in respect of other uses, not the subject of exceptions or limitations, is greatly reduced if not eliminated. While traditional and machine-based rights content and rights management systems will continue to coexist for many years to come, there will be an increasing reliance on the latter in respect of commercially produced content. Like it or not, technically-protected content will become the norm.
一般而言,這個方法並不令人滿意,因為取得非數位格式內容意味著,關於其他 使用的內容,而非例外或限制規定的客體,維持數位權利管理程序的可能性,即使沒 有消失,也會大幅縮減。即使傳統式與機械式權利內容與權利管理系統將持續並存多 年,但是關於商業性生產的內容,將會日益倚賴於後者。不論喜歡與否,受技術保護 的內容將會是常態。
The alternative approach, therefore, is to provide ways in which the law can impose an alternative digital rights management proposition in respect of the content management activity which the exception or limitation is intended to allow.
因此,關於例外或限制規定所意圖允許的內容管理行為,另一個替代方案則是提 供法律能夠制訂另一種數位權利管理規定的方法。
With this approach, the complexity lies not, of course, in the definition of the imposed digital rights management proposition from a legal perspective: it lies almost entirely in the effective implementation of the imposed rights management proposition:
當然,使用這個替代方案時,複雜性就不在於由法律觀點對數位權利管理規定加以
「定義」:而幾乎完全在於所制訂的權利管理規定有效「執行」。
– How is the imposed rights management proposition expressed in a way which can be applied in an automated environment?
– 應如何表達權利管理規定,而能夠適用於自動化環境?
– How is the content to which it is applied, identified?
– 如何識別所適用的內容?
– How are the uses to which the content can be put expressed?
– 如何表達內容上的使用?
– How are the users to whom the benefit of the imposed rights management proposition is applied, identified?
– 如何識別權利管理規定所適用的使用者?
– What are the necessary content management controls?
– 必要的內容管理控制為何?
– What are the mechanisms for ensuring that content is made available by the rightsholder, and is made available in accordance with the imposed rights management position?
– 確保權利人供應內容的機制為何?以及內容供應如何符合權利管理規定?
– What are the implications in terms of infrastructure and cost in organizing and operating systems which are able to implement the imposed rights management proposition?
– 關於執行權利管理規定,其組織與運作系統的基礎建設及成本,將有何
問題?
– What are the risk management considerations that arise in relation to the implementation of the imposed rights management proposition?
– 關於執行權利管理規定,將發生哪些風險管理考量?
To answer these questions we must first look in more detail at how DRM tools and systems work.
為了回答這些問題,首先我們必須針對 DRM 工具與系統的運作進行深入觀察。
B. How DRM works?
DRM 如何作用?
One way of organising rights management in a digital environment is to attach the usage rules permanently to the content, either as part of the metadata defining the content or by incorporating the usage rules in the encrypted package in which the content resides.
Locking content to a particular machine to enforce a fixed set of usage rules is another possible implementation of a digital rights management system. This is the approach which has been used to date in many so called “thin client” devices such as mobile telephones.
在數位環境下,組織權利管理的一個方法,是將使用規則永久附著於內容上,這 些使用規則或者是界定使用內容的後設資料(metadata)之一部分,或者是連同內容一起 合併於加密包裹(encrypted package)之中。將內容鎖定於特定機器,以實施特定的使用 規則集合,則是另一個數位權利管理系統的可能作法。截至目前,這個方法曾經用於 許多所謂的「精簡型」(thin client)設備,如行動電話。
The rights management system used for DVD Video discs is another example of the basic approach: the usage rules applied to the content of the DVD Video disc are fixed and cannot be varied regardless of the usage context or identity of the user. The undoubted success of the DVD Video format as a vehicle for the delivery of high quality home entertainment (as well as many other possibilities) illustrates clearly that for some content management environments, fixed rights management systems are perfectly adequate.
用於 DVD 影像碟片的權利管理系統,則是這個基本方法的另一個例子:適用於 DVD 影像碟片的使用規則屬於固著性,不會因為使用情境或使用者身分而有差別。
DVD 影像格式成功地成為了高品質家庭娛樂(以及其他可能性)的載體,清楚顯示了 在某些內容管理環境下,固著性的權利管理系統相當完美。
The challenge to find dynamic rights management systems remains, however, because there is an infinite number of instances where the nature of the content or the usage context demand flexibility.
不過,尋求動態性權利管理系統的挑戰依然存在,因為在無數情形下,內容的性
不過,尋求動態性權利管理系統的挑戰依然存在,因為在無數情形下,內容的性