Monday, November 5, 2007

Degrees of access control

Following on to the previous post, I wanted to explore just what kinds of control one currently has over one's data and could potentially have. Here are some possibilities:
  • None. If I post an anonymous comment somewhere, anyone can read it, copy it, quote it or whatever they want. If I've been careful, it can't be traced back to me, so conversely I (generally) have no claim to it.
  • Open access, but traceable origin. This blog is strongly tied to my online identity, which in turn is more-or-less strongly tied to my real identity. If I were to write something libelous, I would have to answer to it, but on the other hand if someone were to try to pass something here off as their own, I would have a believable claim to authorship. Note that an anonymous message can still be traceable, if it's digitally signed but the identity behind the signature is kept secret.
  • Access by software key. Now things get interesting. If I send you an encrypted message, only you have access to it. But once you decrypt it for your own access, there is nothing technically preventing you from doing whatever you want with it. For example, you could charge people to look over your shoulder and read it off your screen, without giving them permanent access to it. As always, copy protection works by tying information to a physical object. This leads to ...
  • Access via dedicated hardware. This is access by key, but the key is strongly tied to a physical device, which presents the data only in analog form. One successful example of this is the set-top box. If "trusted" hardware devices are widespread, this actually gives quite a bit of flexibility -- to whoever holds the keys. One could grant permission to a group of devices (say, all of my family's music players), or transfer permission between devices.
The point of that last point is that DRM is not binary. There is quite a bit of potential for flexibility in control. The contentious issue is not control per se, but whose control.

No comments: