Digital Rights Management Conference

Select 'Print' in your browser menu to print this document.

Feb. 28
Andersen Auditorium, Haas School of Business

11-12:30
Impacts of DRMs on innovation, competition, & security
Hal Varian, SIMS, UC Berkeley (moderator)
David Farber, Computer Science, University of Pennsylvania
John Manferdelli, Microsoft Corp.
Lucky Green, cypherpunks.to
Alex Alben, RealNetworks, Inc.

Hal Varian:

I'm Hal Varian. I'm the moderator for this next group. We have a smaller number of people, so we're going to try to have a little more audience interaction. The plan is that John Manferdelli will speak on principles guiding trustworthy computing, kind of lay out some of the technology and some of the principles that should apply. Lucky Green will talk about who should you, the computer, trust-who should the computer trust. And Dave Farber will talk about some of the privacy and security of the digital rights management issues that arise in the technology. Then I'll chime in and say a few words about some of the economic and business issues and then Allan Adler will wrap up with some issues, some discussion of government policies towards DRM. Then we'll fight a little bit among ourselves for a few minutes and then try to open it up for discussion, so we will have a chance for people to bring in some comments more than we did have time for in the last session. OK, so John, …

John Manferdelli:

While they're dimming the lights … The last time I was in this place, I was a student at Berkeley. It was in my early 20s and this used to be Cal hospital, we used to come here for medical services. I hope that's not a bad sign, and I went to the dentist here and the woman looked at me and she was very solicitous, way out of proportion of what you should be with a 21 year old graduate student, and she ran in and out of the room a few times, and finally she said to me, " You're not really 45 years old, and you didn't just have a heart attack, did you?" Which explained the solicitousness and things change; I expect neither the solicitation nor do I expect the confusion about my age, unfortunately. But it's good to be back.

I'm going to talk about the principles of digital rights management, and I'm actually going to follow up on a theme that Allan mentioned, that it's not exactly one size fits all. Fortunately, most of the groundwork for this has been laid by Brian in the talk that he did yesterday. I hope you all had an opportunity to hear that. He described what we're thinking about for what we think of as trustworthy computing and digital rights management. So, I'm actually going to sort of assume you've heard that talk, but if you don't, and I can clarify something with a few questions, that'd also be great.

So, you know the quick story is digital. We think of rights management as a way to have rights persist with the thing they're trying to protect. That's lots of stuff; it's to protect and to share assets both with customers, vendors, and other employees, just colleagues. It's also to protect personal information, personal photos. So there's a wide range of things not only in the pure commercial space, which I think most of the discussion has focused on today, but in other spaces. And all the attack models, everything Bob said about thinking about it carefully, you have to think about it in each of the domains carefully. That what you are trying to do is very different in all of those domains.

So, one of the areas which most people spend all their time doing, which I think of as classic DRM, is audio-video protection. Actually, I might mention mass-market e-books, but there's a difference. Mass-market e-books really sort of have a different attack model. And that's basically people thinking of, you know, we're going to sell audio files and video files to people over the Internet. Just think about that in contrast to e-books, and I think Allan pointed that out. An e-book has a completely different way to steal it. If you wanted to steal an e-book you just sort of type it in. That'd be the easiest way to do it.

So it is not the purpose of a DRM system to have provided a perfect protection mechanism. In fact, it cannot ever possibly do that. I guess there's some question as to whether any system could possibly do that. But lets look at a very different application. I think last week we announced something we call enterprise rights management, and that's to protect documents for a corporation. And there, the issues are completely different. Privacy issues are much reduced and you know, what you think of as fair rights doesn't come into it. It's roughly the same technology. It's basically a way to authenticate the thing you're granting rights to and authorize it, but it's a very different application domain.

Similarly, personal rights management, and actually this can be two fold. One is the sort of, "Honey I'm going to protect my daughters pictures so that somebody can't steal it and post it somewhere else." And again, that's very imperfect protection, in a sense, because what people could do is take a picture of that. And then finally, privacy rights management, you know, and this actually happens both in the enterprise and for people, from trying to protect my e-mail or documents or having a conversation with my lawyer or my doctor-I have more with my lawyers these day than my doctor; that's probably a good sign. That's a very different kind of protection, has a very different attack model, and what you're trying to prevent is actually quite a bit different.

Let's just talk about why we decided to focus upon that first. Actually, it was what customers wanted most, people who were clearest about what they wanted and wanted it right now were in the enterprise. So we have done audio-visual video protection systems. I did the e-book solution for Microsoft a year or two ago. But this is a very different kind of thing. It's for corporations who don't have the issues, or don't have all the issues, that mass market DRM has.

But all these systems have a lot in common. I think I want to go back to Brian's talk and talk about what the principles are. One of the things we're trying to do, I just want to sort of reiterate what Intel is trying to do, we have a very clear focus, and the focus is not to restrict what people can use their computers for. We don't want to restrict it in anyway. What we want to do is enable new stuff. And we want to enable them to get things on their computer that people would be unwilling to let them have now. It would not risk, in the situation PCs are used in rightnow.

So I think one sort of key aspect, and I think something nobody is sort of focused on in a very clear way, is whatever the mechanism you use it cannot impose policy. It's very difficult to anticipate the policy needs of a DRM system. They change all the time, and they change with application, so whatever the system is, it has to have this sort of 360 degrees of policy.

It has to be an opt in model. One of the issues with mandated DRM is users don't have the option to decide whether they want it or not. And I think, one of the firm principles is it really ought to be an opt in user control. That is the user ought to decide whether he is willing to go along with this.

It really ought to benefit both the corporation and the user. Everybody sort of has their own side of this. It should be a positive user experience. And the commercial space, I actually think what is going to happen is not … I would love it if someone raised their hand and say here's the perfect solution that addresses all policy issues and is just OK with everybody. I'd love to hear that, but I'm really not expecting that. I expect it to evolve over time; and I expect that will be a matter of negotiated equilibrium; and as a technology provider, I can't be in the middle of that. It just won't work, for two reasons. One is it'll take me six months, a year to get out the next release that does the next thing you want in policy management and the other reason is that you won't trust me to do it. You have to be able to specify what you want and get that to happen.

So, I do think much of what we talk about is, as it settles down, is going to be a matter of negotiated equilibrium in the application spaces that the DRM or rights management system are used.

I think there are some principles that go along with that and actually, I want to keep my presentation brief, because I think the questions will be the most interesting. Don't censor or disable content. Stuff that works on a PC now, it's a bad idea to go around and try to disable it. That goes against the principle of enabling you stuff, and if you ever blow it, you're in deep trouble. There's this story which I wish I could understand as head of the group that does both the next generation secure computing base and the DRM systems in Microsoft. DRM, the intention is not to lock out the vendors or format. In fact the whole idea is the DRM layer ought to be interoperable in that 360 degrees of policy dimension. There ought to be a standard to say what you want and have it both be extensible when you think of new stuff and have it enforced whether it's your technology or not that's doing the enforcing.

Completing end user control, one of the sort of common questions is who owns the key and the answer is nobody. The machine acts on behalf of the user. If the user allows a certain set of operations to take place protecting a certain set of content, it does that. If the content is the user's, the user's content, it acts on behalf of the user. If it's somebody else's content and the user's said, "Go ahead and protect it the way I've agreed to," it acts on behalf of the user; but there's no key that's owned by somebody. There oughtn't be in such an operation and I think Brian, I hope, made that point yesterday while I was in the air flying down.

It won't be perfect. It can't be perfect. Bob's right. There's a sort of famous, … a guy I like a lot at Microsoft called Butler Glanson who, … one of his favorite aphorisms is, the enemy of good security is the demand, not the quest, for perfect security. All these systems are trying to do something.

They're not, none of them are trying to achieve perfect security. They're trying to provide a benefit, some sort of describable benefit for the people who use it. In the case of enterprise documents, that's to keep documents from leaking, either accidentally or in some cases on purpose. In the case of video and for consumers, it's to try to have a reasonable sales model so that people can a.) use their PCs to do what they want, which sometimes, believe it or not, is to look at videos; and b.) not destroy your entire business model. So it won't be perfect.

I've heard two comments on the "Dark Net" Paper, and I sort of have to confess that I had a hand in that "Dark Net" Paper. I do want to correct a couple of almost misimpressions. The purpose of the paper was not to say that DRM, you should just abandon it; nor was it to say you shouldn't do enforcement on a client machine. There are lots of reasons you want to do that, just for pure computer science reasons. There's a lot of things you do which you may or may not think of as DRM, to do authentication and authorization that has to be offline, where what's being protected is not from inside a domain you control-web services is one-that you want to use a very similar mechanism. The purpose of "Dark Net" was not to say that DRM wasn't useful in all these domains; it was to say wake up, be realistic. If you're selling a book, that somebody could type the book in; and arguing over whether the system was perfect was a little bit useless because there's already a medium for injecting that content into the Internet, and you don't solve it simply by doing client enforcement, and in fact, the best thing to do is offer customers good legal, reasonable choices, probably with DRM, maybe without it, but maybe with DRM that actually compete, that do a good job for the user, and there are lots of things that you can do there-you know, library usage. I sort of … when I talked to Hal last fall, I said, "My favorite example is I wanted to carry all my Shpringer books," and Hal was talking to me about how it generally benefited things to be open and you could make stuff in advertising, and I said, "I don't think on Shpringer books there'd be a lot of money in advertising."

So there are a lot of models this enables, and I think the thing … I want to make a slightly arrogant, technical statement and a very humble policy statement and that is I think we can build systems that give the user control, that let people achieve this negotiated equilibrium, but I don't think, as technology providers, we know the answer to how the policy is going to evolve. That's my key message, and that's the thing I think has driven most of our designs. It's policy neutral. The person it's protecting is person it's protecting and it won't do that unless the user says so.

An now, guess where I work ….

Lucky Green: Hello everybody. I would like today to focus on one aspect of digital rights management and it's bigger and somewhat meaner brother trusted computing. One of the subjects of my talk here is whom do you trust and why should you trust entities that perhaps may not trust you.

Let me tell you a story. In the fall of 2000, I worked at the time for a fairly sizable vendor of securities products used throughout the industry and received an invitation from this new association that I'd never heard of called The Trusted Computing Association. It sounded really good. What this invitation said is that, hey we would like you to join us; we've been founded some of the largest players in the computer industry, and what we would like to offer you is secure boot. Now secure boot, as I understood it at the time, would enable my applications that are running on top of an operating system to not just know what operating system they are running on, but also what is running underneath the operating system; for example, has my hardware been compromised given the applications that we did, this seemed quite important.

I attended some of the formative meetings, and at one meeting, one of the principles, the founding principles, of this Trusted Computing Association, TCPA, after we were discussing secure boot said … through the middle of the presentation seemingly prompted by nothing-one important thing you need to remember is that they were not building a DRM system-why was he talking about a DRM system when we were here to talk about secure boot. I let it go for a moment, but a few minutes later, he again said, "It's important to prevent the public from thinking that we are building a DRM system." After two or three such remarks, I started to wonder what is going on here; what are these people really up to. During a break, I took aside one of the other founding members of the Trusted Computing Platform Alliance, in fact, a fellow who works for a well known, large vendor of operating systems and office productivity software, and asked him, "So fill me in; what's going on here? Why are we here today?" And he told me, "Listen, it's very simple; our operating system platform, on a general peer purpose PC, currently does not have server content available, such as for example high quality streaming video, that our customers demand. The content owners, or I should say the accumulators and distributors, have told us that they will not make this content available until such time that we have these features available on our platform. We don't have much of a choice, we have to solve this problem one way or another." While I understand that the future for digitally released content certainly in the home environment-as more and more devices become intelligent, more and more things will be PCs-is of importance to future business models, it still didn't quite explain to me why some of the largest companies in the business here not only were in the process of implementing new hardware based digital restrictive management technology, but actually at this point in time really had conspired to keep the public and the customers in the darkest of the true purpose which was DRM. I'd like to address some this today because after a few years, I and some of the others in the industry believe we finally figured out why.

First, however, I need to somewhat definitely define what the word trust means when used in the context of trusted computing. It does not exclusively mean that you as the owner can trust the processes running on your machine. It also, and perhaps for the purposes of our discussion today, more importantly means that third parties can trust that your computer will disobey your wishes. Third parties by means of trusted computing will know that your computer will implement whichever digital rights management system the producer of the content has placed on the content. The analog to this in the analog world as opposed to the digital world will be that a book vendor will know that you can read a book only once and then only with a special light that will also happily sell you.

However, that is certainly the classic DRM application. There is another side to this. Providers of trusted computing products, especially if they're in a dominant market position, can trust that potential competitors will be prevented from competing in the future ever.

Some of the obvious business objectives of trusted computing and the DRM it implements are of course the usual-prevent CD ripping and DiVX creation. Something that hasn't been talked about much is the plugging of the analog hole. What's the analog hole? Well, today's computers are high quality, the sound cards are high quality. Even with the best digital rights management system, you can still feed the speaker output right back into the sound card and digitize, which will give you a darn good copy, one that will certainly sound fine on the computer speakers on which most people probably listen to their MP3s. Having listened to MP3s, I don't understand why anybody would; the sound quality just doesn't meet my requirements, but then, I have a thousand CDs.

Another issue is enabling flow control, information flow control, which I won't get into today. It allows the application provider to prevent the use of unlicensed software. Now this is something of more interest to application providers, if you're an application provider. It thereby is, as I mentioned earlier, as this gentleman from this operating system and office productivity company told me, it will allow the PC to become the core for home entertainment center, growing a new market. The PC industry fully understands that at the core of your future home entertainment system there will be some device processing data, and that device can either be manufactured in a Playstation-like fashion by Sony or it come from the usual vendors in the PC industry. The PC industry does not want to lose this market to Sony. They need to compete and this is fairly understandable.

And lastly, it creates new market opportunities in the governmental sectors. Government employees are notorious for leaving laptops with top secret data on buses and in train stations. This is repeatedly being reported in the press. Having hardware security that prevents third parties from getting at this data obviously is a good thing and a clear and very legitimate market for it.

So, let's look at some of the upcoming hardware/software DRM features in office productivity software, and here I would like to quote Bill Gates with Microsoft, "We came at this thinking about music, but then we realized that email and documents were far more interesting domains." Why is that?

Rather than hoping for a potential market expansion in the home entertainment system market, there certainly is a current clear market for office productivity software-word documents, e-mail documents, what have you. And there is at least some demand, and certainly some vendors believe there is a massive demand, for this technology, and to have technology that restricts what you can do with certain documents. For example, you can't forward this word document outside the company or I should say you can perhaps forward it, but nobody else at the company will be able to open it. Or you have some e-mail that only can be displayed on your screen and by the way, we're disabling screen copy so you can't just dump it to a graphics file. Or a document as was also stated would only be valid for so long and then will no longer be readable regardless of what PC you copy it to because you have a secure clock, there's no such thing as setting back the date.

If you are the CEO of Enron, you would just absolutely love this technology, because there would be no evidence left for discovery. If you're a manager, and I once had a manager many years ago that made it a point never send any controversial instructions that would come back to bite him in e-mail, but always called me, and that was the only time he called me; now with this technology, he would be able to send these controversial instructions in email because I would never be able to use it against him. So yes, there's clear benefits. It's not clear that these are clear benefits to society.

Let's have a quick quiz. We have a lot of lawyers here in the audience, so how does the law help trusted computing and the DRM it enables to stifle competition? Application vendors intend to wrap the content with files such as office productivity software documents with digital rights management features. Question: what does the federal prosecutor call a third party application that is compatible with the proprietary DRM format? Any lawyers in this audience? Come on, somebody …

An illegal circumvention device. If you build compatible software that can read a DRM wrapped file format, you, at least as long as the software is open, thereby enable third parties to infringe on this such digitally right managed content. One hypothesis, an certainly my hypothesis and I believe it is the vendor hypothesis, is that this will make it illegal to create interoperable software in the United States, interoperable with software that has DRM features enabled … oh, I'm out of time; I apologize … subjecting software authors to substantial penalties.

So what are the choice. Don't create interoperable software or spend five years in prison. As a product manager for software, this does not sound very appealing. And lastly … I apologize, I'm out of time … you will hear that DRM is voluntary; that is absolutely true. It will be voluntary. You do not have to turn on your computer; you do not have to power it up; you do not have to read the documents that are DRM wrapped and that will be sent to you which if it becomes enabled in office productivity software, of course, will be something that you will probably have to do to do your day job, but you don't need to do that. Nobody is forcing you with either the law or physical force. Thank you very much.

David Farber: …start with some miscellaneous comments just while I have the microphone. One of the things that over the last couple of years, ever since this issue of rights management has come to the forefront, at least, in the technical community I think we've suffered incredibly from having a marvelous religious war and not paying any attention to understanding very clearly and articulating those things of what the technology is capable of doing, what it isn't capable of doing, what it's limitations are in a technically valid way, arguing that the world is going to collapse or the world will be sunny is real good for some newspaper reporters but it doesn't help at all in understanding really where we are. I recommend strongly we stop having religious discussions for the time being at least.

The other observation for those who don't have historical perspective is rights management is not a new idea. It's been tried ever since I've been in the computer business, and I go back quite a ways. It's always suffered from the fact that in general, it's been a software product, and software products are easy to break, very easy to break; in spite of standing on your head, they are easy to break, and that means that in fact they've been not very useful things.

A couple of systems have hardware protection in it. Luckily or unluckily, take your choice, they never quite made market. Certainly when we designed the original MOTEX system, I was part of it, that was an issue; it wasn't rights management; it was protection of documents, protection of private information.

I also should comment … or … on the issue, in that I was an advisor to TCPA since its beginning. Along with some other people, I have no benefit from it, I haven't even gotten a trip out of it, but I had some interesting discussions in the very early days. I fell out of active role largely because one of my students and I and another colleague did some of the research on secure boot systems, which by the way is not what's often in the current proposals. And finally before I get down to the meat of things, let me make two other things while I've got the microphone and then I'll get to the meat.

The ARPANET was not built to survive a nuclear attack and I wish people would stop saying that. It would not; it never was an intention of it to do that. And finally, anybody who would like the FCC to be in a regulatory position of new business models deserves what they'll get. I served there for a year and a half and tomorrow in fact, we're having a conference down in Stanford, which, whole intention is to get the FCC out of the spectrum regulatory thing which made a god-awful mess over the years.

Let me punch in some stuff. I'm not going to spend a huge amount of time. A lot of what I was going to say has been well said, but I think it is important to push down on the issue of security, and I understand the lack of perfect security. I agree with Butler. If we look for perfect security, we'll be here for the next 500 years; however, an acceptable level of security is getting more and more important in the world we live in. It's important for individuals; it's important corporations; and it's going to be increasingly important for nations. Things which increase the level of security are very hard to turn down, realizing that of course they're never perfect.

When you have a relatively secure system, I would hold that it is very difficult for you to keep out a rights management system, especially if you don't own the machine down at the gut level, and we can have again a discussion of how much you have to own and what rights you have as the owner.

But in fact if you have anything other that boot privileges, the equivalent which most of us have, it's reasonably hard to not host the right's management system, and that always led me to the strong belief that if you say by law somehow, you're going to in the computer environment, at least, not in the media environments, that you are going to say that you can't implement rights management, you are essentially saying by the time you're done that you are not going to be able to build or at least market a secure system, and I think that's a bad trade-off. The details of that, I think, deserves study and deserve careful looking at. I may be wrong, but I've tried it on enough people when I haven't been thrown off the stage quite yet, but I probably will be someday.

The other thing that I'm less interested, and always have been less interested, in protecting media companies against people quote illegally using their material. I would never do that, of course. But I am very much interested in, progressively interested in, having people not gain access to my personal information, and I don't … that is getting to be a serious problem, and it's going to be an even more serious problem in the future. I should have worn my TAA T-shirt.

And protection mechanisms-and I'll avoid to word right's management-have a very important goal in protecting my information, and being able to find out whose looked at it, whose made copies of it, who passed it to who. The same type of stuff the media companies claim they would like to know for their own market purposes, I want to know for the protection of my own data, and I want mechanisms which enable me to do that. Whether those mechanisms are used by other things is going to be an interesting issue that's going to have to, at some point, be decided by legislatures, by courts, and the marketplace-you don't have to buy it.

Let me switch modes for a few seconds. Down at the FCC, I spent a fair amount of time being in the middle of long discussions the other type of right's management, things that sometimes show up as broadcast flags and other various schemes designed to protect the transmission of high quality … digital video largely, the Disney problem, I used to call it or sometimes the Mickey Mouse problem, but that's another story.

There was a terrible tendency, and I certainly do not speak for the FCC, not long involved with them directly, there was a terrible tendency for people to walk in with technologically inferior solutions, solutions that often when you looked at them, you asked, well, how good are these? In fact, I remember one conversation, how good are these solutions? Answer: Pretty good. I come back: nine months to break. Mmmmm … maybe six. That type of solution, when put on the marketplace just causes a conflict, causes the FBI to be engaged in trapping people or arresting people. My personal feeling is that the FBI ain't very good at it and has other things to do that may be more profitable. Maybe, actually, that's a good place to have them spend their time, but anyway …

The unwillingness of the media companies to pay for good protection, assuming that we want it and assuming they want it, is distressing because it give you these Mickey Mouse solutions. I strongly think that that is a serious, serious problem.

I'm far from convinced, to throw another thing in, this whole issue of fair use comes out, very strongly when you have any discussion of right's management. I'm just not convinced that you can't have a reasonable, rationale balance, a term I like to use, that gives different forms of fair use that in fact rationale people could agree is appropriate and still have right's management systems. I'm not recommending we have right's management systems; I'm just trying to lay out the framework, but I think the exploration of just what can you do in right's management system to give us maybe better fair use than we have now, at least in the media stuff might be an interesting place to do some research, maybe, and some explorations, and to articulate what we find as technical people down to the policy arena in Washington, where, believe me, there are precious few technical people. I'll yield my one minute to somebody else. Thank you …

(35:25) (3:30 hours)
Hal Varian: OK, thank you Dave. I'm going to spend a few minutes talking about some economic issues in DRM and basically I just want to lay out some points for discussion. I'm not going to express any strong opinions here, but I'm going to try to bring out some phenomena that I think are interesting.

One is we have heard a lot of talk about business models, and the question is what are the business models that are out there; and these are the seven that I know about. Maybe there's a few more and obviously there are higher levels of detail, as well.

So one thing you can do is you can advertise yourself, and that's the Grateful Dead model-give away the music in order to sell the concerts.

Or you can advertise other stuff, and that's, of course, what most media does-radio, TV, newspapers, magazines, and I include product placement in that where you try to integrate the ad so completely into the content that they can't really be separated without destroying the content. I actually think that's one of the stronger forces that's at work these days and we're going to be seeing a lot of experimentation with product placement in the next year or two.

Bundle the content with other things, like T-shirts, prizes, liner notes, chances to win a talk with a band, or whatever; there's all sorts of ways you can take products that are apparently scarce and bundle them with the product that is inherently not scarce and then charge for the bundle.

Subscription, versioning, non-linear prices, these are all ways of dealing with something other than a paper use or paper piece structure, and it's attractive because from the viewpoint of economics, what's interesting about information booths is that they have zero marginal cost, so you'd like to have a zero marginal price, and there are various ways you can do that, from an economics point of view.

That and the other thing is that, of course, you could just have much lower prices and higher quality for the legitimate version than for the illegitimate copies, and we've heard some discussion of that, as well.

Micropayments is another thing that I think people are very skeptical about micropayments these days, and when you have technology that enables micropayments, like cell phones which allow for the billing as part of the service, then you see a lot of content that can be offered there, and we've seen that happening particularly in Japan.

And finally, the digital rights management which is controlling the terms and conditions under which the product is consumed.

So that's my list of seven, and maybe other members of the panel and members of the audience can contribute more, but I think it's important to start thinking about these business models, and really laying out what's in their pluses and minuses are. For example, product placement, obviously, there are a lot of bad things about product placement as well, but still, it's something that enables certain kinds of behavior.

Now when we look at this digital rights management and the choice of terms and conditions under which the product is consumed, it's important to understand that a rational seller, profit maximizing seller, will want to choose the bundle of rights that maximizes the value of the product, there's a typo, of the product, not maximizing the protection, and the trade off here is that the more rights you give the consumer, the more valuable the product is to the consumer, because they can do more things with it, but of course, it may be that you have fewer sales, because of leakage and sharing and copying and other things like this. So the trick is to choose the right tradeoff and the short and long-run issues in doing this. So examples, you look at libraries and book purchases. For libraries, for-profit libraries sprung up in England in the mid-seventeen hundreds and early eighteen hundreds. The publishers hated this idea; they thought it was terrible that you would have these libraries spring up and of course, the availability of the low cost literature increased literacy and increased the number of habitual readers and created a much larger market than they'd had before. Pretty much the same story happened, the video machines, a couple of hundred years later where there was a lot of fear and loathing of video machines. Of course, we all know that's created massive new markets; and when the DVD came out, it was quite interesting that the DVD was targeted from the very beginning at a purchase market, to make the price low enough to discourage rebels and encourage purchases, and the DVD has been a hugely successful technology, in part, because of the economic model that they used, that very motivation.

I want to say a word or two about home copying and this just emphasizes the point I made earlier about the, … about maximizing the value, not the protection. Economist like to do little models, so here's a little toy model. Think about somebody, a bunch of consumers, they all have the same value for some copy protected CD and I'd like to have one for my home, I'm willing to pay ten bucks for that, and I'd like one for my car, I'm willing to pay six bucks for that-I have a CD player in my car. So if it's copy protection, you can't copy it, the profit maximizing price here is to set a price of six bucks, and then everybody buys two of them, and you make twelve dollars per consumer. If you think about it for a minute, you'd be better off selling a copyable CD for sixteen dollars minus epsilon, where epsilon is the cost of copying, because then what you are doing is you are selling it to the full value. You're getting both … you buy this disk and you make one copy for your car, and now you have your two copies, and you're getting sixteen dollars per consumer by selling a copyable version.

Now, of course, the problem is that if it's copyable, you may lose some copies due to sharing, so you have to look at that leakage; but the right trade-off is to say we've created a more valuable product for the user, but on the other hand, by giving them these more rights, we might lose a few sales, so you want to compare the extra value you can get from the users to the lost sales that we have incurred by offering those additional rights and that's the kind of calculation that's important.

Now, you can do a little variation on this model. You can change the numbers and say that the value of the CD for home use is ten dollars, and the value for car use is four dollars, and now the right thing for the seller to do is set the price at ten dollars, and then they only sell the one CD and nobody gets to listen to it in their car. So there's a lot of social loss in that context. But you could sell the copyable CD for fourteen dollars and, you know, minus the cost of copying to each consumer, and notice that what happens is you may have some larger temptation to share in this context, so you have to think about … the point is if you sell it for a high price and it has a lot of rights, well then, the trouble is you might increase the incentive to try to share among consumers, in that context.

So the lesson is that cripple ware is not the best thing to do necessarily. It inherently reduces the value of the product and of course when there's competition, it's even worse than it is in those examples since it's easy to compete away copy protection; I mean, some of us are old enough to remember back to the early 1980s and there was this software and they had key disks and you had to stick your key disk in to get your Lotus 1 2 3 to work, and then a bunch of competitors came out and started providing versions that were not copy protected and they just ate up the market because it was much more convenient to use the product. So whenever you do have a, kind of, lot of competition out there, as we do in content provision, it's very hard to enforce solutions that inherently make the product more difficult to use.

Now, I want to say one last, one bit about innovation because innovation is in the title of this meeting. Nobody's mentioned it up until now. There are very interesting kinds of protection out there, not just for information, but for other kinds of physical products. For example, Epson makes a printer that has an inkjet cartridge. The inkjet cartridge has a chip in it, and the chip says, "You can't refill me." It'll count down, when the ink is all gone, and when the ink is all gone, it can't be re-used. Now actually, on the Internet for 25 bucks, you can buy a device that will reset this chip, but leave that aside for the moment. There are cell phones; Motorola makes a cell phone that only allows certain batteries, has to be a Motorola battery, because it has a chip in it that says, "I only want to connect with Motorola phones," and Motorola phones only want to connect to this battery. And then, of course, there's CDs that have been out there that don't allow ripping, or at least make ripping a little bit harder.

But then there are interesting innovations around each of these technologies. We have some people over in Computer Science and Electrical Engineering that are printing integrated circuits using off the shelf inkjet printers with magnetic ink and metal-coated plastic. So you can just take an off the shelf ink jet printer and hack at it a little bit, modify the ink and print out integrated circuits. So it's quite a nice technology, totally changes the economics of that business if they can ever get it to work successfully. There's some people that are making generators in your shoes, so you walk along, and you can charge up your cell phone, you know, and charge up these other devices. Just put a little generator in your heel and as you walk around, you can create a charge. And finally, the last example is last summer in England, the number one song in most of Europe was this thirty year old B-side single from Elvis called "To Much Conversation" that Nike had used in its sponsorship of the World Cup. This had been re-mixed by a Dutch disk jockey who added some techno beat to it and hepped it up and made this new kind of music that people really loved

Now, each of these technologies, each of these innovations, would have been very difficult to do if you had really perfect copy protection. If you have these non-refillable ink cartridges, you can't adapt them to different purposes. If you have these cell phones that only accept certain batteries, then you can't build this charger that runs through walking around, and if you make it very difficult to RIP the CD, then you can't modify the music and update it and change it and use it as an input to further innovation.

And there's a lot of this stuff because a lot of times, you as a producer want your consumers to use the product in innovative ways and find out new uses for it. One of the best things you can do as a business is try to draw on your user experimentation. There's a very nice set of work by Erik von Hipple at MIT about how strong this force of customer innovation is, and he has dozens and dozens and dozens of examples where you learn a lot about how your product can be used by making it, by providing tool kits, and making it easy for people to modify it; and so if you restrict the way products are used, in some cases, you can lose the benefit of that kind of innovation. So that's a danger that may be outweighed by other benefits, but it's just something people should be aware of. OK, thank you …

Question from audience: I'm very sympathetic to what Dr. Farber said about the notion of protection being a double edged ….

Audience: I couldn't hear that.

Hal Varian: You can repeat it.

Dave Farber: I said you could always buy a Mac.

Hal Varian: Alright, Allen Alben.

Alex Alben: Alex Alben

Hal Varian: Alex, sorry, excuse me …

Alex Alben: Is there a person at this conference who knows the password to this PC since it's copy protected? It's an example of rights management. OK

Digital Rights Management, this could be it. Takes a minute. Alright. Naw, it's booting up. I'll start my presentation while the mobile connection manager's working … here we go. Whoever invented the hour-glass icon might think of modifying it sometime … OK … Wow, this is a slow lap-top … OK …

I'm Alex Alben with RealNetworks. I'll start with a confession which was when I took real property from Paul Goldstein down at Stanford, he spent the first day of the session talking about a bundle of sticks, and I didn't understand. I was thinking of real property, and he kept talking about sticks, and it actually kept me for the next twenty weeks stymied, and I wasn't able to get to springing rights and flowing rights and the other things, and I ended up not doing very well in the class which led me to my career, ultimately, I guess, in the software business where we don't deal with real property, but it really came home to me that what he was talking about in that first class of real property was that intellectual property can be split into bundles of sticks; and I think we should change the metaphor for our world into bundles of splinters because you can take the digital product and obviously parse it in the ways I'm suggesting. Now this has come into conflict with people's expectations of property and copyright because when you buy a CD, you don't think about well I'll only use this CD and this one CD player; or I'll only use my CD on Sundays and that's the only time that we'll play on this device; or I'll only play it three times and then it will disappear. Actually it will still be locked onto my hard drive or whatever but the rights to it will disappear and I'll have to circumvent and commit a crime in order to listen to it a fourth time. This has become a very real problem for our society and I think for the industries that are thinking of building this digital marketplace; and I'll be a little less abstract than some of the other presentations and talk about the problems that we've encountered in the real marketplace, the early marketplace, for creating digital distribution of media.

I have a thesis which is we need to maintain both a personal use right and copy protection in order to build a marketplace that works. Now, we know that DRM enables business models, and Hal I think did a good job with some creative examples of business models and price points. It's happening with music subscription, video subscription in an early way. It's happening in general entertainment for some products that we and other companies have put out.

The problem is not so much is there DRM technology. We don't pretend to have a perfect DRM and if anyone sold you a perfect DRM, you should probably pay at least a dime for it. We have a reasonably good DRM that is protecting content in the marketplace, making it difficult for the average user to circumvent or break the DRM, therefore supporting the business model and the price point. If you're offering something for ten dollars a month, you might not need a DRM that a team of scientists led by Ed Felton or somebody at Berkeley could spend, you know, three months with twelve supercomputers arrayed and eventually break. It would be easier maybe to go and spend the twelve dollars at Tower Records. So, we have a reasonably good DRM, and there are other companies in the market place such as IBM, such as Microsoft, InterTrust, who also have reasonably good DRMs for the purposes that the content is being distributed today.

The issue, I think, is not whether the consumer's are enabled or whether the technology exists, but one of the issues is what's the price point because we have split the bundle of sticks into the bundle of splinters and toothpicks and other things that consumers no longer recognize. What's the price point of a thirty-day download that's tethered to a single computer? Now we've run into this issue directly with MusicNet and some of the other services that we've brought to market. If you talk to the music publishers, the people who administer the rights in the composition that is embodied in the sound recording that is being distributed in that digital download, they'll say well it's about seven and a half cents. Funny that they should come up with seven and a half cents because that is exactly the same price that they get when a CD is sold.

Now you can say, "Hmmmm … do we live in a parallel universe?" A CD has a life-time of what? Let's say ten years; it's really, you know, until somebody in your house scratches it or you lose it or you move, but ten years with how many unlimited number of plays? How many months is ten years? A hundred and twenty months, right. So, you're getting one-hundred and twentieth of that value and of course, you can only play it on one device in my scenario. So let's say you discount it further so maybe you should pay one-two hundred and fortieth of the price of seven and a half cents. I'd say that's reasonable; at least that's supported by the differences in the technologies, but if you talk to some of the publishers, they'll say, "Well, we'd be happy to license this to you but at seven and a half cents per copy per month."

I want to talk about what we need to build the marketplace, which doesn't involve everybody taking; it actually involves everybody giving a little to make it work. For content owners, not just the record industry but the entertainment industry and anybody else who has valuable content to protect. I think the requirement is that they put the product into the marketplace.

And the second is that in order to effect the licensing of that product, we need licensing mechanisms that allow for mass distribution of content, and I'll pick on the music publishers again because after a time, the industry, the tech industry with Microsoft and RealNetworks and others were able to convince record labels and work with them in partnership to create some systems. You can say they're imperfect; you can say the rights aren't there; you can say the Beatles aren't there-and I wish they were.

But the problem is that another set of rights was necessary for licensing and if you address the music publishers, they'll say, "We're happy to license this to you. Give us the form."

We'll say, "Well we have a hundred thousand songs we want to license tomorrow."

"Well, we can't accept that in electronic form."

"Well, can we send you a spread sheet?"

"We're working on that."

"What do you want to do in the mean time?"

"Well, could you send us some written, per request of what you need to get per song, and then we'll try to identify the right's holder."

I said, " This isn't going to scale." We have the rights already to distribute a hundred thousand songs from the labels but we don't have a licensing mechanism that is easy enough to support the business model that we have built; and this, I challenge the audience, is where we should pressure our legislators to actually do something. It's worthless to create a quasi-compulsory license for one half set of rights without another compulsory license to effect the purpose of that compulsory license.

Maybe we don't have to call it a compulsory license because that's a loaded word. Maybe we should call it a safe-harbor. Maybe we should call it a notice provision. Whatever it is, we want pay the songwriter. We want to pay Lenin and McCartney, or Michael Jackson or whoever owns that catalogue of Beatles' songs, right. And we're willing to put money into a pot, but what we want to say is, we want to put this in the marketplace tomorrow so that then we can collect the revenue and divvy it up according to usage. It's an important gating item for this marketplace to work.

Consumers have to use products in way that are consistent with personal use. If I went in my neighborhood in Seattle and took my CD burner and had a stack of a thousand CDs and stood on the corner and said, put up a sign that said, "CD Burns Free," everyone would come buy, and I'd just say, "Here's the CD; there's one for you and one for you and one for you." Eventually, I'd cause a traffic jam, but the point is it's not legal activity within the scope of accepted personal use, and file sharing to a thousand people that you don't know is also not personal use, and we need to disabuse ourselves of a concept that just because the user may not know that the default setting on their PC is to share to the rest of the world that that is somehow justified behavior. It isn't justifiable behavior. If consumers want reasonably placed product in the marketplace, if they want to encourage content providers to put that product in the marketplace, then they need to act in a way, we need to act in a way, that's consistent with our traditional rights in personal use.

Tech companies, we need to enable the business models, make DRMs transparent to consumers and not make them jump through twelve hoops in order to authenticate content and get rights.

For the government, we would say and I'm really happy that RealNetworks and Microsoft and Intel and other companies will violently agree on this point, please don't regulate this industry, please don't mandate, and please don't choose winners. That is not a formula for innovation. You know, the government in India has the spec for automobiles, and they say in India you can buy the best 1950s car on the market today.

We need to live in an industry with a vibrant society, creating new technologies, and constantly innovating. It's not going to happen if we have to go to an FCC rule making every time we need to change the spec for a product. To thinkers, such as people in this audience and the people who put together this conference, we do need to create this intellectual framework for the new paradigm.

What are the challenges that remain? Crafting a fair use exemption for distribution of a circumvention tool that does not swallow the rule. This is a hard problem. I don't know how to figure it out. I would love for a product of this conference to be a variety of proposals and papers that allow this.

The second is limiting application of the DMCA to protecting valuable media … John, can I take your minute that you didn't use? OK … Thank you … So, was the DMCA intended to protect the distribution of garage door openers and printer cartridges? So I was told today, Mr. Carson told me during the break, there was an injunction issued this morning in the printer cartridge case, the LexMark case against the company that was distributing substitute printer cartridges because it read a bit of code on the header file, or inside the printer, that enabled them to substitute.

Now, I would say this is out of scope of the DMCA. It was not what we intended when we were drafting the provisions of the DMCA. I think that we need to come back to reality because we do not want to live in a society whereby putting five bits of code in front of any product you are not allowed, and you are committing a crime, from using a product. This is a travesty and this needs to be addressed legislatively because in fact the law here is not at all clear.

The second thing is that, the last thing I am going to talk about, is the broadcast flag. We have a modest proposal on the flag. I think that, in the interest of what Mr. Farber said and I take him seriously, we have to stop with the religious objection to something just because it's proposed from one side or the other. We really have to try to listen to what they are trying to effect.

Now, I have a paper, and I have copies of it outside if you want it, describing the broadcast flag and the technical challenges to it, but the point of the broadcast flag is that it is a very limited technology. The way it is proposed today you can make unlimited physical copies of television programs it that's your desire. You can also circulate it within a home network. I think if we religiously oppose the broadcast flag as an industry, we are going to be sending the message to the entertainment industry that we're not willing to cooperate on anything; and that is going to lead to a Hollings type approach which I think we can all agree is anathema and is going to retard innovation in our industry for years and years to come.

We do have questions about how a broadcast flag would be implemented. We would prefer that the FCC not take jurisdiction over this because we think it is the thin edge of a wedge for government to start regulating the network. But if we don't listen to the concerns of copyright owners and effect reasonable rules for distribution of content within a home network, then we're not doing our part as an industry.

So, there are challenges for all of us, but DRM is here today, in the marketplace. DRM is an abstract concept. It's just a set of technologies. It can be used for good or for ill, and as always, the challenge is to craft the balance that will enable us to move forward. Thanks …

Varian: Let me offer the panel a chance to respond to each other. Anybody like to … Dave, you look like you're ready to speak.

Farber: No, I pass, but I reserve the right at the end.

Varian: OK. Maybe John.

Manferdelli: A couple of things. I agree about the ink jet example, and I actually agreed with most of what you said, and if I can think of something I disagree with, I'd get back with you later.

Alben: Send me an e-mail.

Manferdelli: Yeah; the other vendors in apps, actually I think one of the key tenants which I may have mentioned briefly is that DRM systems should be indifferent to the applications that use them. I don't mean they don't look at them. I mean any application vendor should play in that space so the idea that a DRM system should be used to prevent people from using another program actually I think is not within the scope of DRM.

The person who says what programs can use as a content provider not the technology should be silent on the policy of what application should use it. I actually … I was tempted when Bob Blakely talked about the DRM fairy to say that you really need to address all these questions and that the DRM fairy ought to have a back bench, but I thought in this crowd it might have meant the Supreme Court, so I'm not going to say anymore about that.

Varian: Lucky …

Green: I would like to make one comment to Alex's statement regarding LexMark. I think most consumers and most rationale, reasonable people probably would agree that the uses to which the DMCA has been put to by the industry were not in scope at the time the legislative passed this law. I'm … at least not to the lawmakers. However, while everybody, certainly those pushing DRM onto the consumer will all readily agree that DMCA has been overused, and some of these uses of it have really been an abuse. For example, we had the printer cartridge. Another one that you may not be aware of, which hasn't been litigated yet, is the cell phone batteries in your phone, many of them, not only do cell phones not accept some third, some after market batteries, but the ones you are getting from your vendor in many cases have secure chips in them that keep track of how many times the battery has been recharged and as this counter goes up, the battery will accept less and less charge, not because the battery's running out but because the chip counter tells it to accept less charge so you get to buy a new one.
Alben: This means you need to reset your shoes so that when they are self charging …

Green: In summary here, it really does not matter what the proponents and providers of DRM believe that DRM should be placed to or what the DMCA should be placed; all that matters is what the courts believe, and the courts believe that these uses of DRM and the DMCA are legitimate. I would like to echo what Alex said unless the law is changed, these abuses will not … unlikely to diminish but only likely to increase. So let's be careful with what we're asking for.

Manferdelli: Actually Hal, there was one other thing I forgot; I wanted to respond to the first comment, and my answer is not buy Mac, but I think the idea of the hilt and the sword is your on the hilt side sometimes, and really, it's not only a double edged sword, you get to pick the hilt or the sword … sometimes … in practice you do, in principle and practice you do.

Farber: Two things. One, something I forgot to mention. I think it's very important to what the person who is going to accept the material state their … have a policy way of describing what they are willing to accept. If somebody offers me something with inappropriate rights, I want to be able to automatically, if I so choose, reject those. I don't want to touch them. Proof in advertising essentially, and I think we're going to have a big problem there.

Also, I'd like to get rid of the word consumer. I think that gives everything the wrong tilt. I try very hard not to use that word. Citizen isn't quite it; user isn't quite it. Good contest in which Dan Gilmore and I would like to sponsor as a better word so we get out of this mentality of use by, we consume.

And finally, on the charger, sir. It'll probably get confiscated at the airports …

Varian: Well, let me open up the floor for questions; we have a couple of microphones there and there, and maybe the best thing to do would be just line up behind the microphone, so we can take your comments and questions. Up there …

Audience: Hi, I'm an engineer and I'm strictly non-religious about technology. The thing I'm religious about what's the budget for implementing it, and I want to point out two things in Alex's excellent talk which conflict with one another. One of them is the idea that DRM is only for protecting valuable content and the other one was his number which is that the download of a CD is something like thirty milli-cents.

The problem here is that the people who own the content have a vastly inflated idea of what it's worth, and the budget for implementing DRM does not exist.

Alben: Can I ask you one question? When you say budget, do you mean the budget to the user or the budget for the over …

Audience: Yeah, I mean, you're going to implement this massive billing system and so on and charge people thirty milli-cents for downloading a CD. That's vastly less than they're paying the ISP for the bandwidth.

Alben: OK. I understand your question. What we call that in our industry is forward investing. We have built a system, Rhapsody has built a system, PressPlay has built a system, there are others coming in where we have spent the time to do the downloading and streaming in a package. The way that we can make it work economically for us is to offer a subscription. The problem with a subscription is that the rights are only for thirty day increments unless we get rights from the right's holders to extend the rights our for a longer period of time; but if you had a system … so it's really hard for us to start pricing what's the value of three hundred streams, what's the value for three hundred downloads a month. If they get erased on your hard drive, consumers are going to have a revolution. If you don't erase them on the hard drive, then after a while, the three hundred songs are going to start accumulating over the year and your going to have thirty-six hundred songs in a year for that price; and what I was trying to get at, and maybe I didn't articulate clearly, is that the thing we need to grapple with is give the consumers a sense that they are getting real value and don't play games, and don't erase the stuff from their hard drive because in the long run that's not a formula for building a real business.

Hal: Deirdra …

Deirdra (in the audience): Hi, I guess I wanted to push a little bit. Alex, you talked about the fact that, you know, we don't want to stifle innovation, and I think that everybody agrees around that, and I think that everybody agrees that legislation is something that is unlikely to allow innovation; that it might lock down a whole bunch of different things that we want to see happen, but I think that the notion that private sector standard setting organizations are necessarily going to value the things that consumers do, it's difficult to see how that's going to play out either. I mean right now … and I have to say that if you look at … we listened to John talk about all the various areas where DRM can come into play … you look at the right's expression language under development, and you can see that a majority of them are targeted particularly at mass market consumer distribution of content, and that's where the vertical integration is happening as well; and so that it's very nice to think about us having hold of the hilt, but the fact of the mater is that most of the applications that we're going to see coming to market, we're definitely on the sword end, and so how do thing this is going to resolve? How do you think … Are consumers going to have a voice? How are … and I agree with you, Dave, that consumers is not the right term, but it's in many ways the one that we're stuck with right now. How is that supposed to happen in this particular market where there isn't all that much competition, at least in some of the areas-publishing, book publishing-maybe more competition, music, video-much less there. So, I'd be interested in everybody's comments.

Alben: Well, I take your point, and certainly, it could be very imperfect in any standard's setting body, which are not as monolithic and secretive as actually people assume. The CPTWG is open to people; I think you have to pay seventy five dollars to attend the CPTWG session …

Audience: It's not open to the press.

Audience: It's a hundred bucks.

Alben: It's only to the press? A hundred bucks for everyone else?

Audience: It's not open to the press.

Alben: Not open to the press. Well, it should be. As between a private standard setting body, like the Five C or the CPTWG, or Senator Hallings, who I guess now after thirty-seven years is the senior senator from South Carolina, I would choose the CPTWG. I think that the problem with the government regulation is that it politicizes the process, it slows time to market, and basically, we don't want to put this into the hands of politicians who really are not the best people to make these judgments.

Now, you're right. There's always the potential for companies to come up with solutions and standards that thwart consumer rights or somehow have results that are bad for the market place. Generally, though, it's in the interest, you know, the economic interest of these companies to come to workable solutions.

Varian: Let me say one word about this competition point because I think we will see a lot more competition, we are seeing more competition because the competition is for attention, and if you've got TV channels churning out mediocre content, you're going to see people turning to other sources for information and entertainment; and the same thing with music. If people don't like the music that's turned out, they're going to look elsewhere for other kinds of entertainment. So one of the driving forces with the digital revolution is you're pushing down the fixed cost of producing content and you're opening up new channels for marketing content. I think we will see a lot more competition in the future. And actually, in my mind, that's the biggest threat to the industry incumbents that's around. Now that may be a leap of faith there, but that's may opinion.

Let's take a question up here …

Audience: Yeah, Hal Ables at MIT. This is a quick for John on your comments on Microsoft's desire to promote a digital rights framework that allows interoperability in which as many people as possible can play; and the question is will XMRL be available to everyone on a royalty free basis or are there parties that have proprietary interest in it.

Manferdelli: So … Microsoft does not own XMRL, so I can't answer that question. XMRL has been submitted to a standards group under the usual terms of standards groups which generally, I think, require reasonable and non-discriminatory terms, but I can't answer that question for them.

Audience: So Microsoft is backing a standard that is not necessarily royalty free.

Manferdelli: That's right.

Varian: Pam.

Samuelson: My question, actually, is similar. I would like the panelist to talk a little bit about patents on DRM technology. It's my understanding that there are two seemingly conflicting, since there's a lawsuit about it, patents, one owned by InterTrust and one owned by ContentGuard, and I can't believe that John Manferdelli doesn't know more about this patent than the last answer suggested; but I …

Manferdelli: You'd be surprised by how little John knows.

Samuelson: But it seems to me that when we're talking about competition and innovation, if you have two … the InterTrust patent as I understand it has recently been acquired by, I think, Sony and Philips, so some other big players, and I'm sort of thinking about, you know, how does an open source developer who might want to do DRM, which is what I think the royalty free question was partly about, or where does the sort of the individual author, who might want to self publish and use a DRM system but finds him or herself in a marketplace where only the big players are licensed to use these patents. It seems to me that there's some interesting issues, and I'd just like to see what, if any, comments you might have about that.

Farber: Yeah, they're more than just those two in the rights management patent game and it's going to be some interesting battles on those. That's a big problem. A lot of those patents in my humble opinion aren't worth the paper they're written on, but that doesn't prove very much in the courts. My main observation is it's more than two; there are a number that have patents that are put in this area and a lot of old technology that I think is prior art.

Manferdelli: I would say so, the InterTrust one, we're the one being sued, so I'm not going to say a word about that. I know that much. I don't think ContentGuard is in any litigation at all. I do think that whatever the terms of use are quite important; I think, you know, there are several levels of use. There'll be many vendors selling DRM systems, and my expectation is that after the mess quiets down, they'll be licensed one way or another and the publisher, whoever is trying to publish the content, whatever it is, will most likely use one of them under reasonable terms, but it's got to settle down first. I'm not sure what else to say since I can't tell you what the patents are going to cost under certain circumstances, and as I said, in the particular circumstance you brought up, I don't control that. Microsoft does own a part of ContentGuard, but it's a minority share. Patents are a difficult issue, period. You could probably have several conferences on that with not a complete resolution of the details. And I don't know what else to say, except we all in technology, period, not DRM, we live in that patent environment that we're just going to have to muddle through for a while.

Farber: Makes for long term careers for expert witnesses.

Varian: Lucky

Green: Certainly patents by their very nature are intended to prevent competitors from producing products that will compete with the offerings that you are making. One interesting patent … now, of course, if a company chooses to not license a patent that's underlying some dear and near technology that … and thus, prevents, for example, open source competitors for whom it is very difficult to license patents on anything other than a world-wide, royalty-free basis, I would contend that the not licensing and thus preventing the open-source competitor from entering a market is not necessarily incompatible with the business models of the patent holders.

One patent that springs to mind here, that actually I haven't heard much about and maybe John can enlighten us here, the new DRM technology, formerly called Palladium, now an acronym nobody can pronounce-Next Generation Secure Computing Base-is based on a patent that Microsoft holds called the Digital Rights Management Operating System patent. In the past, and certainly in the present, Microsoft has frequently stated that one could build an open source implementation on top of the underlying technologies, build their own secure micro-kernel on a technology on which Microsoft holds the patent, as an open source application.

What I haven't seen so far is a public statement by Microsoft that Microsoft intends to license this patent world-wide on an open source development, on a royalty-free, in perpetual, basis. Is that's Microsoft's intent?

Manferdelli: So, there are two answers to that question. Let me first of all, the technology whose name I'm not going to try to re-pronounce is not based solely on that patent. There are … and in fact, had we named that patent, the technology generally, we'd probably name it differently than we did for that patent, not just for … because it would have sounded better … what we're thinking of doing with it is a bit different.

You're right, though, Microsoft has not announced any patent licensing policy on that particular patent. I can't tell you anything other than I hope they do soon. We do soon.

Varian: Let's take another question from the floor.

Audience: Another question related to Lucky Green about the … whether you could comment on what the real novelty about these copyright and competition related questions are related to TCPA and trusted computing, in general, in comparison to DRM as we know it. I mean, you've talked about this, and I mean, even with current software-based DRM systems, you could wrap data objects in an encryption wrapper and thereby prevent competitors from accessing your content. So from my understanding, what these trusted computing architectures really provide is, because they have hardware based temporary systems, platform state adaptations, front data storage, stuff like this, is that basically they increase the security level. So from my understanding, the only difference is that the tension between competition policy, copyright policy and these technologies becomes stronger because the protection by these technologies becomes stronger. So for me, it seems only to be, kind of a quantitative difference or at least do you think that there is something else going on there?

Green: Yes, I agree with you that certainly office productivity software vendors at this point in time could wrap their software in DRM and just fall as much under the MC as they do at the moment; however, while it would provide the vendor with protection against competition, it wouldn't add any of the other features such as digital rights management that actually works; so yes, you could roll it out at the moment. All you would get is protection against competition which would probably make that roll-out a little bit suspicious. If down the track you are, however, able to hardware enforce digital rights management that will work across the board for all applications, having this nice side benefit is … will less strike the public as odd, that's I believe is one reason it hasn't been ruled out yet.

Varian: OK, we'll take one last question.

Audience: I was hoping that Lucky would have put the question to Alex when Alex mentioned LexMark versus StaticControl. Alex reasonably observed that it's not appropriate for LexMark to be able to decide who can interoperate with LexMark printers. So I was hoping that Lucky would have asked Alex why it's appropriate for RealNetworks to decide who can interoperate with the RealMedia server.

Alben: I'd be delighted to talk about that. We invested tens of millions of dollars in a technology that allows people to transmit content over the net, and if a company spoofed the product and replaced our products interface with their own advertising and replaced our products search bar with their own search bar and diverted the traffic and then allowed people to copy things when we had held out to rights holders that there would be a copy control, we would take strong objection to that, as the courts, I think, appropriately ruled.

Varian: Very last question.

Audience: Several hundred thousand Americans, myself included, have spent an aggregate several hundred million dollars on high definition TV tuners. Will RealNetworks give me a perpetual service contract for free so that my tuner still works.

Manferdelli: You want to speak to your lawyer.

Alben: I think that there is a very big concern over whether legacy devices people have invested, people who are-I hope I'm not using a pejorative term-early adopters into the HDTV market need to be able to receive the digital signals and without buying a little, you know, hundred dollar device. The question on the broadcast flag, as I make further comments in my paper, is that it doesn't solve the problem if somebody wants to copy a broadcast digital signal. It responds to a very narrow set of inputs and establishes, what we hope, are a narrow set of rules; but the whole HDTV debate is really being spurred by, I think, a failure on the part of the FCC that Mr. Farber alluded to earlier. Someone decided that Americans had a deadline for buying new two thousand dollar, you know, television sets, by which time, if sixty million of us bought them would go down to, you know, maybe eight hundred dollars. Something happened in the interim, and that was the Internet, and all of a sudden, the demand for your perfect digital picture morphed into people wanting to get audio and video in other ways, whether it's from Microsoft or us or Apple, and that I think has satiated consumer demand; but you've still got the FCC and Billy Toesand of the House Energy and Commerce Commission with a huge whip on our tails saying you've got to get this done; you've got to get this done; and in order to get it done, you've got to implement a broadcast flag. The original reason behind it is no longer consonant with the reality of the marketplace.

Varian: Alright; I've promised Dave one last word, so let's hear it.

Farber: With my former FCC hat on, it's much more complicated than that. The last time the FCC mandated a tuner we didn't get UHF; remember UHF? It's still sitting unoccupied. There's some anecdotal stuff in the record that indicates, I wasn't there, that the whole HDTV thing was somehow lost control. What they wanted was digital TV, and HDTV was a way of illustrating what you could get, but if you look at a lot of the literature, people hoped that the broadcast industry would use that extra bandwidth for something interesting, not for Disney, you know Mickey Mouse and HDTV …

Varian: Dave, that was more than one word