Skip to main content
SpringerLink
Log in

Privacy Engineering for Digital Rights Management Systems

  • Conference paper
  • First Online:
Book cover Security and Privacy in Digital Rights Management (DRM 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2320))

Included in the following conference series:

Abstract

Internet-based distribution of mass-market content provides great opportunities for producers, distributors, and consumers, but it may seriously threaten users’ privacy. Some of the paths to loss of privacy are quite familiar (e.g., mining of credit-card data), but some are new or much more serious than they were in earlier distribution regimes. We examine the contributions that digital-rights-management (DRM) technology can make to both compromising and protecting users’ privacy. We argue that the privacy-enhancing technology (e.g., encryption, anonymity, and pseudonymity) that absorbs most of the attention of the security R&D community cannot by itself solve the privacy problems raised by DRM, although it can play a role in various solutions. Finally, we provide a list of “privacy engineering” principles for DRM systems, some of which are easy to implement and potentially quite effective.

Supported in part by ONR grants N00014-01-1-0795 and N00014-01-1-0447 and NSF grant CCR-0105337.

This work was largely done while the author was visiting InterTrust STAR Lab.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ross Anderson. Why information security is hard-an economic perspective, January 2001. http://www.cl.cam.ac.uk/~rja14/.

  2. BBBOnLine. Privacy seal. http://www.bbbonline.com/privacy/.

  3. R.M Brady, R.J. Anderson, and R.C. Ball. Murphy’s law, the fitness of evolving species, and the limits of software reliability. Technical Report 476, Cambridge University Computer Labority, 1999.

    Google Scholar 

  4. Stefan Brands. Rethinking Public Key Infrastructures and Digital Certificates; Building in Privacy. The MIT Press, Cambridge, MA, August 2000.

    Google Scholar 

  5. Jason Catlett, Marc Rotenberg, David Banisar, Ed Mierzwinski, Jeff Chester, and Beth Givens. Open letter to Kevin Ryan, June 2001. http://www.junkbusters.com/doubleclick.html.

  6. Electronic Privacy Information Center and Junkbusters. Pretty poor privacy: An assessment of p3p and internet privacy, June 2000. http://www.epic.org/reports/prettypoorprivacy.html.

  7. Lorrie Cranor, Marc Langheinrich, Massimo Marchiori, Martin Presler-Marshall, and Joseph Reagle. The Platform for Privacy Preferences 1.0 (P3P1.0) Specification, W3C Candidate Recommendation, December 2000. http://www.w3.org/TR/P3P/.

  8. Wei Dai. Crypto++ 4.0 benchmarks. http://www.eskimo.com/~weidai/benchmarks.html.

  9. Complaint, DeLise vs. Fahrenheit Entertainment, No CV-014297, Sup. Ct. Cal. Marin County, September 2001. http://www.techfirm.com/mccomp.pdf.

  10. John D. Dingell, Edolphus Towns, and Edward J. Markey. Letter by House Democrats asking FTC to investigate TiVo, March 2001. http://www.house.gov/commercedemocrats/press/107ltr30.htm.

  11. Economist. Keeping the customer satisfied, July 2001.

    Google Scholar 

  12. Organisation for Economic Co-operation and Development. Guidelines on the protection of privacy and transborder flows of personal data, September 1980. http://www.oecd.org/dsti/sti/it/secur/prod/PRIV-EN.HTM.

  13. FTC advisory committee on online access and security: Final report, May 2000. http://www.ftc.gov/acoas/.

  14. Kevin Fu, Emil Sit, Kendra Smith, and Nick Feamster. Dos and don’ts of client authentication on the web. In Proceedings of the 10th USENIX Security Symposium, Washington, D.C., August 2001.

    Google Scholar 

  15. Ian Goldberg and Adam Shostack. Freedom network 1.0 architecture, November 1999. http://www.freedom.net/.

  16. Carl Gunter, Stephen Weeks, and Andrew Wright. Models and languages for digital rights. Technical Report STAR-TR-01-04, InterTrust STAR Lab, March 2001. http://www.star-lab.com/tr/.

  17. Dana Hawkins. Gospel of privacy guru: Be wary; assume the worst. USNews.com, June 2001.

  18. Kelly Jackson Higgins. PKI: DIY or outsource? InternetWeek.com, November 2000.

  19. Mark Hochhauser. Lost in the fine print: Readability of financial privacy notices, July 2001. http://www.privacyrights.org/ar/GLB-Reading.htm.

  20. David Karger, Eric Lehman, Tom Leighton, Rina Panigrahy, Matt Levine, and Danny Lewin. Consistent hashing and random trees: Distributed caching protocols for relieving hot spots on the world wide web. In Symposium on Theory of Computing, 1997.

    Google Scholar 

  21. German Legislator. German Teleservices Data Protection Act.

    Google Scholar 

  22. German Legislator. Gesetz zu dem Staatsvertrag über Mediendienste.

    Google Scholar 

  23. David Mazieres and M. Frans Kaashoek. The design, implementation and operation of an email pseudonym server. In 5th ACM Conference on Computer and Communications Security, 1998.

    Google Scholar 

  24. R. Morris and K. Thompson. Password security: A case history. Comm. of the ACM, 22(11), November 1979.

    Google Scholar 

  25. Stefanie Olsen. Accounting companies tackle online privacy concerns. CNETNews.com, September 2000.

  26. Stefanie Olsen. Earthlink promises’ anonymous’ web surfing. CNETNews.com, March 2001.

  27. National Research Council Panel on Intellectual Property (R. Davis chair). The Digital Dilemma: Intellectual Property in the Information Age. National Academy Press, Washington, D.C., 2000.

    Google Scholar 

  28. Carl Shapiro and Hal R. Varian. Information Rules: A Strategic Guide to the Network Economy. Harvard Business School Press, Boston, 1999.

    Google Scholar 

  29. P.F. Syverson, D.M. Goldschlag, and M.G. Reed. Anonymous connections and onion routing. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, May 1997.

    Google Scholar 

  30. TRUSTe. Seal programs. http://www.truste.org/programs/.

  31. The European Union. Directive 95/46/ec on the protection of individuals with regard to the processing of personal data and on the free movement of such data, July 1995.

    Google Scholar 

  32. David Wagner and Bruce Schneier. Analysis of the ssl 3.0 protocol. In 2nd USENIX Workshop on Electronic Commerce, 1996.

    Google Scholar 

  33. Willis W. Ware. Records, computers, and the rights of citizens. Advisory Committee on Automated Personal Data Systems, July 1973.

    Google Scholar 

  34. Alma Whitten and J.D. Tygar. Why johnny can’t encrypt. In USENIX Security, 1999.

    Google Scholar 

  35. Tim Wilson. E-biz bucks lost under ssl strain. InternetWeek.com, May 1999.

Download references

Author information

Authors and Affiliations

  1. Computer Science Dept., Yale University, PO Box 208285, New Haven, CT, 06520, USA

    Joan Feigenbaum

  2. MIT Lab for Computer Science, 200 Technology Square, Cambridge, MA, 02139, USA

    Michael J. Freedman

  3. InterTrust STAR Lab, 4750 Patrick Henry Drive, Santa Clara, CA, 95054, USA

    Tomas Sander

  4. Zero-Knowledge Labs, 888 Maisonneuve East, Montreal, Quebec, H2L 4S8, Canada

    Adam Shostack

Authors
  1. Joan Feigenbaum
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael J. Freedman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tomas Sander
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Adam Shostack
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. InterTrust STAR Lab. - New Jersey, 821 Alexander Rd., Princeton, NJ, 08540-6303, USA

    Tomas Sander

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Feigenbaum, J., Freedman, M.J., Sander, T., Shostack, A. (2002). Privacy Engineering for Digital Rights Management Systems. In: Sander, T. (eds) Security and Privacy in Digital Rights Management. DRM 2001. Lecture Notes in Computer Science, vol 2320. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-47870-1_6

Download citation

  • DOI: https://doi.org/10.1007/3-540-47870-1_6

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-43677-5

  • Online ISBN: 978-3-540-47870-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation