Page 152

5 —
Protecting Digital Intellectual Property:
Means and Measurements

Recent years have seen the exploration of many technical mechanisms intended to protect intellectual property (IP) in digital form, along with attempts to develop commercial products and services based on those mechanisms. This chapter begins with a review of IP protection technology, explaining the technology's capabilities and limitations and exploring the consequences these capabilities may have for the distribution of and access to IP. Appendix E presents additional technical detail, attempting to demystify the technology and providing an introduction to the large body of written material on this subject.

This chapter also addresses the role of business models in protecting IP. Protection is typically conceived of in legal and technical terms, determined by what the law permits and what technology can enforce. Business models add a third, powerful element to the mix, one that can serve as an effective means of making more digital content available in new ways and that can be an effective deterrent to illegitimate uses of IP.

The chapter also considers the question of large-scale commercial infringement, often referred to as piracy. It discusses the nature of the data concerning the rates of commercial infringement and offers suggestions for improving the reported information.

The chapter concludes with a discussion of the increasing use of patents to protect information innovations such as software and Internet business models, and explores the question of whether the patent system is an appropriate mechanism to protect these innovations.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 152
Page 152 5 — Protecting Digital Intellectual Property: Means and Measurements Recent years have seen the exploration of many technical mechanisms intended to protect intellectual property (IP) in digital form, along with attempts to develop commercial products and services based on those mechanisms. This chapter begins with a review of IP protection technology, explaining the technology's capabilities and limitations and exploring the consequences these capabilities may have for the distribution of and access to IP. Appendix E presents additional technical detail, attempting to demystify the technology and providing an introduction to the large body of written material on this subject. This chapter also addresses the role of business models in protecting IP. Protection is typically conceived of in legal and technical terms, determined by what the law permits and what technology can enforce. Business models add a third, powerful element to the mix, one that can serve as an effective means of making more digital content available in new ways and that can be an effective deterrent to illegitimate uses of IP. The chapter also considers the question of large-scale commercial infringement, often referred to as piracy. It discusses the nature of the data concerning the rates of commercial infringement and offers suggestions for improving the reported information. The chapter concludes with a discussion of the increasing use of patents to protect information innovations such as software and Internet business models, and explores the question of whether the patent system is an appropriate mechanism to protect these innovations.

OCR for page 152
Page 153 Technical Protection The evolution of technology is challenging the status quo of IP management in many ways. This section and Appendix E focus on technical protection services (TPSs) that may be able to assist in controlling the distribution of digital intellectual property on the Internet.1 The focus here is on how technical tools can assist in meeting the objectives stated throughout the report, as well as what they cannot do and what must therefore be sought elsewhere. Appendix Explores how the tools work, details what each kind of tool brings to bear on the challenges described throughout the report, and projects the expected development and deployment for each tool. For ease of exposition,m the presentation in this chapter is framed in terms of protecting individual objects (texts, music albums, movies, and so on); however,many of the issues raised are applicable to collections ( e.g., libraries and databases),2 and many of the techniques discussed are relevant to them as well. A number of general points are important to keep in mind about TPSs: • Technology provides means, not ends; it can assist in enforcing IP policy, but it cannot provide answers to social, legal, and economic questions about the ownership of and rights over works, nor can it make up for incompletely or badly answered questions. • No TPS can protect perfectly. Technology changes rapidly, making previously secure systems progressively less secure. Social environments also change, with the defeat of security systems attracting more (or less) interest in the population. Just as in physical security systems, there are inherent trade-offs between the engineering design and implementation quality of a system on the one hand and the cost of building and deploying it on the other. The best that can be hoped for is steady improvement in TPS quality and affordability and keeping a step ahead of these bent on defeating the systems. 1Note that the phrase "technical protection services" is used deliberately. Although it is tempting to talk about technical protection systems—packages of tools integrated into digital environments and integrated with each other—the committee believes that such systems are difficult to implement reasonably in the information infrastructure, an open network of interacting components, lacking boundaries that usefully separate inside and outside. In this environment it is better to talk about technical protection services; services; each service will be drawn on by information infrastructure components and will generally interact with other services. 2For example, as reported by a committee member, in February 1999 the special assistant to the director of Chemical Abstracts Service (CAS) indicated that there were one to three "hacking" attempts per day to get into the CAS database.

OCR for page 152
Page 154 • While technical protection for intellectual property is often construed as protecting the rights of rights holders to collect revenue, this viewpoint is too narrow. Technical protection offers additional important services, including verifying the authenticity of information (i.e., indicating whether it comes from the source claimed and whether it has been altered—either inadvertently or fraudulently). Information consumers will find this capability useful for obvious reasons; publishers as well need authenticity controls to protect their brand quality. • As with any security system, the quality and cost of a TPS should be tailored to the values of and risks to the resources it helps protect: The newest movie release requires different protection than a professor's class notes. • Again, as with any security system, there are different degrees of protection. Some TPSs are designed to keep honest people honest and provide only a modest level of enforcement; more ambitious uses seek to provide robust security against professional pirates. • As with any software, TPSs are subject to design and implementation errors that need to be uncovered by careful research and investigation. Professional cryptologists and digital security experts look for flaws in existing services in order to define better products. • TPSs almost invariably cause some inconvenience to their users. Part of the ongoing design effort is to eliminate such inconvenience or at least to reduce it to tolerable levels. • The amount of inconvenience caused by a TPS has been correlated historically with its degree of protection. As a result, in the commercial context, overly stringent protection is as bad as inadequate protection: In either extreme—no protection or complete protection (i.e., making content inaccessible)—revenues are zero. Revenues climb with movement away from the extremes; the difficult empirical task is finding the right balance. • Protective technologies that are useful within special-purpose devices (e.g., cable-television set-top boxes or portable digital music players) are quite different from those intended for use in general-purpose computers. For network-attached general-purpose computers, software alone cannot achieve the level of technical protection attainable with special-purpose hardware. However, software-only measures will doubtless be in wide use soon. Here (and in more detail in Appendix E) the committee provides a layman's description of the most important technical protection mechanisms, suggesting how each can be fit into an overall protection scheme, describing the limitations of each, and sketching current research directions. There are several classes of mechanisms:

OCR for page 152
Page 155 • Security and integrity features of computer operating systems include, for example, the traditional file access privileges enforced by the system. • Rights management languages express in machine-readable form the rights and responsibilities of owners, distributors, and users, enabling the computer to determine whether requested actions fall within a permitted range. These languages can be viewed as an elaboration of the languages used to express file access privileges in operating systems. • Encryption allows digital works to be scrambled so that they can be unscrambled only by legitimate users. • Persistent encryption allows the consumer to use information while the system maintains it in an encrypted form. • Watermarking embeds information (e.g., about ownership) into a digital work in much the same way that paper can carry a watermark. A digital watermark can help owners track copying and distribution of digital works. For effective protection, the developer of an IP-delivery service must choose the right ingredients and attempt to weave them together into an end-to-end technical protection system. The term ''end-to-end" emphasizes the maintenance of control over the content at all times; the term "protection system" emphasizes the need to combine various services so that they work together as seamlessly as possible. Protecting intellectual property is a variant of computing and communications security, an area of study that has long been pursued both in research laboratories and for real-world application. Security is currently enjoying renewed emphasis because of its relevance to conducting business online.3 While security technology encompasses a very large area, this discussion is limited to describing generally applicable principles and those technical topics relevant to the management of intellectual property.4 As cryptography is an underpinning for many of the other tools discussed, the following section begins with a brief explanation of this technology.5 Next, the techniques that help manage IP within general- 3As the technology needed for IP may not be affordable for IP alone, there is the possibility of a useful coincidence: The technology needed for IP may be largely a subset of what will be needed for electronic commerce. One concrete example is the Trusted Computing Platform Alliance discussed below. 4For example, the committee passed silently over a concern closely related to IP—the effect of the digital world on personal privacy—because, although there is some intersection of the two sets of issues, they are sufficiently separable and sizable that each is best addressed in its own report. 5A closely related topic, the Public Key Infrastructure—a set of emerging standards for distributing, interpreting, and protecting cryptographic keys—is primarily of technical interest and is discussed in Appendix E.

OCR for page 152
Page 156 purpose computers are described. Finally the discussion turns to technology that can help in consumer electronics and other special-purpose devices.6 Encryption: An Underpinning Technology for Technical Protection Service Components Cryptography is a crucial enabling technology for IP management. The goal of encryption is to scramble objects so that they are not understandable or usable until they are unscrambled. The technical terms for scrambling and unscrambling are "encrypting" and "decrypting." Encryption facilitates IP management by protecting content against disclosure or modification both during transmission and while it is stored. If content is encrypted effectively, copying the files is nearly useless because there is no access to the content without the decryption key. Software available off the shelf provides encryption that is for all practical purposes unbreakable, although much of the encrypting software in use today is somewhat less robust. Many commercial IP management strategies plan a central role for what is called "symmetric-key" encryption, so called because the same key is used both to encrypt and decrypt the content. Each object (e.g., movie, song, text, graphic, software application) is encrypted by the distributor with a key unique to that object; the encrypted object can then be distributed, perhaps widely (e.g., placed on a Web site). The object's key is given only to appropriate recipients (e.g., paying customers), typically via a different, more secure route, perhaps one that relies on special hardware. One example of an existing service using encryption in this way is pay-per-view television. A program can be encrypted with a key and the key distributed to paying customers only. (The special hardware for key distribution is in the set-top box.) The encrypted program can then safely be broadcast over public airwaves. Someone who has not paid and does not have the key may intercept the broadcast but will not be able to view it. There is, of course, an interesting circularity in symmetric-key encryption. The way to keep a message secret is to encrypt it, but then you also have to send the decryption key so the message recipient can decrypt the message. You have to keep the key from being intercepted while it is 6Where the text that follows identifies specific commercial products and services, it is solely for the purpose of helping to explain the current state of the art. The committee does not endorse or recommend any specific product or service.

OCR for page 152
Page 157 being transmitted, but if you have a way to do that, why not use that method to send the original message? One answer is hinted at above: speed. The key (a short collection of digits) is far smaller than the thing being encrypted (e.g., the television program), so the key distribution mechanism can use a more elaborate, more secure, and probably slower transmission route, one that would not be practical for encrypting the entire program.7 Another answer has arisen in the past 20 years that gets around the conundrum—a technique called public-key cryptography.8 This technique uses two different keys—a public key and a private key—chosen so that they have a remarkable property: Any message encrypted with the public key can be decrypted only by using the corresponding private key; once the text is encrypted, even the public key used to encrypt it cannot be used to decrypt it. The idea is to keep one of these keys private and publish the other one; private keys are kept private by individuals, while public keys are published, perhaps in an online directory, so that anyone can find them. If you want to send a secret message, you encrypt the message with the recipient's public key. Once that is done, only the recipient, who knows the corresponding private key, can decrypt the message. Software is widely available to generate key pairs that have this property, so individuals can generate key pairs, publish their public keys, and keep their private keys private. As public-key encryption is typically considerably slower (in terms of computer processing) than symmetric-key encryption, a common technique for security uses them both: Symmetric-key encryption is used to encrypt the message, then public-key encryption is used to transmit the decryption key to the recipient. A wide variety of other interesting capabilities is made possible by public-key systems, including ways to "sign" a digital file, in effect providing a digital signature. As long as the signing key has remained private, that signature could only have come from the key's owner. These additional capabilities are described in Appendix E. Any encryption system must be designed and built very carefully, as there are numerous and sometimes very subtle ways in which information can be captured. Among the more obvious is breaking the code: If 7The most basic form of "separate mechanism" to send the key is having a codebook of keys hand-carried to the recipient, as has been done for years in the intelligence business. This is not feasible where widescale distribution is concerned. 8The technique was first brought to practical development by R.L. Rivest, A. Shamir, and L.M. Adelman in Rivest et al. (1978). RSA Security (see <http://www.rsa.com> produces software products based on this development.

OCR for page 152
Page 158 the encryption is not powerful enough, mathematical techniques can be used to decrypt the message even without the key. If the key-distribution protocol is flawed, an unauthorized person may be able to obtain the key via either high technology (e.g., wiretapping) or "social engineering" (e.g., convincing someone with access to the key to supply it, a widely used approach). If the system used to read the decrypted information is not designed carefully, the decrypted information may be left accessible (e.g., in a temporary file) after it has been displayed to the user. The point to keep in mind is that cryptography is no magic bullet; using it effectively requires both considerable engineering expertise and attention to social and cultural factors (e.g., providing incentives for people to keep messages secret).9 Access Control in Bounded Communities Perhaps the most fundamental form of technology for the protection of intellectual property is controlling access to information (i.e., determining whether the requester is permitted to access the information). A basic form of such control has been a part of the world of operating systems software almost from the time operating systems were first implemented, offering limited but useful security. In its simplest form, an access control system keeps track of the identity of each member of the user community, the identities of the data objects, and the privileges (reading, altering, executing, and so on) that each user has for each object. The system consults this information whenever it receives a service request and either grants or denies the request depending on what the privilege indicates. Existing access control, however, offers only a part of what is needed for dealing with collections of intellectual property. Such systems have typically been used to control access to information for only relatively short periods such as a few years, using only a few simple access criteria (e.g., read, alter, execute), and for objects whose owners are themselves users and who are often close at hand whenever a problem or question arises. In contrast, access control systems for intellectual property must deal with time periods as long as a century or more and must handle the sometimes complex conditions of access and use. A sizable collection—as indeed a digital library will be—also needs capabilities for dealing with hundreds or thousands of documents and large communities of users (e.g., a college campus or the users of a large urban library). Such systems will thus need to record the terms and conditions of access to materials for decades or longer and make this information acces- 9See, for example, CSTB (1996).

OCR for page 152
Page 159 sible to administrators and to end users in ways that allow access to be negotiated. This raises interesting questions of user authentication: For example, is the requester who he says he is? Does he have a valid library card? It also raises issues of database maintenance: For example, collections change, rights holders change, and the user community changes as library cards expire. Many other questions must be addressed as well so that systems work at the scale of operation anticipated. Some work along these lines has been done (e.g., Alrashid et al., 1998), but a considerable amount of development work is still needed. Some attempts have also been made to represent in machine-readable form the complex conditions that can be attached to intellectual property. This is the focus of what have been called rights management languages, which attempt to provide flexible and powerful languages in which to specify those conditions.10 DPRL (Ramanujapuram, 1998), for example, attempts to offer a vocabulary in which a wide variety of rights management terms and conditions can be specified. An important characteristic of these languages is that they are machine-readable (i.e., the conditions can be interpreted by a program that can then grant or deny the desired use). This is superficially the same as a traditional operating system, but the conditions of access and use may be far more complex than the traditional notions used in operating systems. In addition, as will be shown below, these languages are quite useful outside the context of bounded communities. Finally, although large-scale systems have yet to be deployed, rights management language design is not perceived as a roadblock to more robust TPSs. Enforcement of Access and Use Control in Open Communities Access control systems of the sort outlined above can be effective where the central issue is specifying and enforcing access to information, 10MPEG-4 offers a general framework of support for rights management, providing primarily a structure within which a rights management language might be used, rather than a language itself. It is nonetheless interesting, partly because it represents the growing recognition that rights management information can be an integral part of the package in which content is delivered. The standard specifies a set of IP management and protection descriptors for describing the kind of protection desired, as well as an IP identification data set for identifying objects via established numbering systems (e.g., the ISBN used for books). Using these mechanisms, the content providers can specify whatever protection strategy their business models call for, from no protection at all to requiring that the receiving system be authorized via a certified cryptographic key, be prepared to communicate in an encrypted form, and be prepared to use a rights management system when displaying information to the end user. For additional information on MPEG-4, see Konen (1998) and Lacy et al. (1998).

OCR for page 152
Page 160 as is typically true in bounded communities represented by, for example, a single corporation or a college campus. In such communities much greater emphasis is placed on questions of original access to information than on questions of what is done with the information once it is in the hands of the user. The user is presumed to be motivated (e.g., by social pressure or community sanctions) to obey the rules of use specified by the rights management information. A larger problem arises when information is made accessible to an unbounded community, as it is routinely on the Web. The user cannot in general be presumed to obey rules of use (e.g., copyright restrictions on reproduction); therefore, technical mechanisms capable of enforcing such rules are likely to be needed. A variety of approaches has been explored. The simpler measures include techniques for posting documents that are easily viewed but not easily captured when using existing browsers. One way to do this uses Java routines to display content rather than the standard HTML display. This gives a degree of control over content use because the display can be done without making available the standard operating system copy-and-paste or printing options. A slightly more sophisticated technique is to use a special format for the information and distribute a browser plug-in that can view the information but isn't capable of writing it to the disk, printing, and so on. Knowledgeable users can often find ways around these techniques, but ordinary users may well be deterred from using the content in ways the rights holder wishes to discourage. There are also a number of increasingly complex techniques for controlling content use that are motivated by the observation made earlier, that digital IP liberates content from medium—the information is no longer attached to anything physical. When it is attached to something physical, as in, say, books or paintings, the effort and expense of reproducing the physical object offers a barrier to reproduction. Much of our history of and comfort with intellectual property restrictions is based on the familiar properties of information bound to physical substrates. Not surprisingly, then, some technical protection mechanisms seek to restore these properties by somehow "reattaching" the bits to something physical, something not easily reproduced. The description that follows draws on features of several such mechanisms as a way of characterizing this overall approach. Encryption is a fundamental tool in this task. At a minimum, encryption requires that the consumer get a decryption key, without which a copy of the encrypted content is useless. Buy a digital song, for example, and you get both an encrypted file and a password for decrypting and playing the song. But this approach secures only the original access to the content and

OCR for page 152
Page 161 its transit to the consumer. Two additional problems immediately become apparent. First, the content is still not "attached" to anything physical, so the consumer who wished to do so could pass along (or sell) to others both the encrypted content and the decryption key. Second, the consumer could use the key to decrypt the content, save the decrypted version in a file, and pass that file along to others. There are several ways to deal with the first problem that involve "anchoring" the content to a single machine or single user. One technique is to encode the identity of the purchaser in the decryption key, making it possible to trace shared keys back to their source. This provides a social disincentive to redistribution.11 A second technique is for the key to encode some things about the identity of one particular computer, such as the serial number of the primary hard drive, or other things that are unlikely to change.12 The decryption software then checks for these attributes before it will decrypt the content. A third technique calls for special hardware in the computer to hold a unique identifier that can be used as part of the decryption key. Some approaches call for this hardware to be encased in tamper-resistant cases, to discourage tampering even by those with the skill to modify hardware. One form of tamper resistance involves erasing the key if any attempt is made to open or manipulate the chip containing it. Whatever the approach, the intended result is the same—the content can be decrypted only on the machine for which the decryption has been authorized. But even this protection alone is not sufficient, because it is not persistent. The consumer may legally purchase content and legally decrypt it on her machine, then (perhaps illegally) pass that on to others who may be able to use the information on their machines. The final technological step is to reduce the opportunities for this to happen. Two basic elements are required: (1) just-in-time and on-site encrypting and (2) close control of the input/output properties of the machine that will display the content. Decrypting just in time and on site means that the content is not decrypted until just before it is used, no temporary copies are ever stored, and the information is decrypted as physically close to the usage site as possible. An encrypted file containing a music album, for instance, would not be entirely decrypted and then played, because a sophisticated pro- 11This also has privacy implications that consumers may find undesirable. 12Hard drives typically have serial numbers built into their hardware that can be read using appropriate software but cannot be changed. However, because even hard disks are replaced from time to time, this and all other such attempts to key to the specific hardware will fail in some situations. The idea of course is to select attributes stable enough that this failure rarely occurs.

OCR for page 152
Page 162 grammer might find a way to capture the temporary decrypted file. Instead, the file is decrypted "on the fly" (i.e., as each digital sample is decrypted, it is sent to the sound-generation hardware), reducing the ease with which the decrypted sample can be captured. On-site decryption involves placing the decryption hardware and the sound-generation hardware as physically close as possible, minimizing the opportunity to capture the decrypted content as it passes from one place to another inside (or outside) the computer.13 Some playback devices are difficult to place physically near the computer's decryption hardware. For example, digital camcorders, digital VCRs, digital video disk (DVD) movie players, and so on all require cables to connect them to the computer, which means wires for interconnection, and wires offer the possibility for wiretapping the signal. One approach to maintaining on-site decryption for peripheral devices is illustrated by the Digital Transmission Content Protection (DTCP) standard, an evolving standard developed through a collaboration of Hitachi, Intel, Matsushita, Sony, and Toshiba (see Box 5.1). The computer and the peripheral need to communicate to establish that each is a device authorized to receive a decryption key. The key is then exchanged in a form that makes it difficult to intercept, and the content is transmitted over the wire in encrypted form. The peripheral device then does its own on-site decryption. This allows the computer and peripheral to share content yet provides a strong degree of protection while the information is in transit to the decryption site. But even given just-in-time and on-site decryption, a sophisticated programmer might be able to insert instructions that wrote each decrypted unit of content (e.g., a music sample) to a file just before it was used (in this case sent to the sound-generation hardware). Hence, the second basic element in providing persistent encryption is to take control of some of the routine input and output (I/O) capabilities of the computer. There are a number of different ways to attempt this, depending partially on the degree to which the content delivery system is intended to work on existing hardware and software. The largest (current) market is of course for PCs running off-the-shelf operating systems (such as Windows, Mac, and Linux). In that case the content delivery system must use the I/O routines of the existing operating system. The difficulty here is that these routines were not designed to hide the information they are processing. As a result, using an existing operating system opens another door to capturing the decrypted content. 13Information may be captured by physically wiretapping the cables that route signals inside and outside the computer.

OCR for page 152
Page 188 mittee considers here some of the issues that arise in collecting and analyzing such data, in part to inform the reader about those issues, and in part as the basis for a recommendation about how such information might reliably be assembled and analyzed. In exploring these issues, the committee takes a strictly economic view, focusing on profits lost from piracy. Lost profits are not the only cost of piracy, nor are the economic consequences the only rationale for enforcing antipiracy laws. But the figures widely circulated by trade organizations are intended to be economic analyses of profits lost, hence it is appropriate to explore these figures and their methodology from a strictly economic viewpoint. One concern is that those who read figures of the sort found in the IIPA report may infer that all or most of the copyright industries' contribution to the GDP depends on copyright policy that protects works to at least the current degree and that perhaps the contribution now requires still greater copyright protection as a consequence of digital information and networks. However, within the economics community, the specific relationship between the level of IP protection and revenue of a firm in the copyright industries is unclear.38 A second problem is the accuracy of estimates of the costs of illegal copying. A number of difficulties arise here. One difficulty is that the needed data have to be based on extrapolation from very limited information, because illegal sales and distribution are frequently private acts. A second difficulty is determining the extent to which illegal copies are displacing sales. One widely quoted study, by the SIIA, estimates the number of illegal copies and then derives the net loss to the industry by assuming that each illegal copy displaces a sale at standard market prices39 (other studies appear to rely on more complex formulations). This approach is problematic because it is unlikely that each illegal copy displaces a sale at the market price (some people will buy at the pirate price but not the legal market price) and because it estimates reduction in gross revenues rather than net loss to the copyright industries (see Box 5.4). Consequently, these estimates may be taken to represent an upper bound on the reduction in gross revenues by these industries. There is, as shown in Box 5.4, disagreement about the economic impact of piracy on the copyright industries. It is clear, however, that there 38See, for example, Shy (1998) and the works cited in that article. 39Testimony at the July 9, 1998, committee meeting by a representative of the Software Publishers Association (now SIIA) indicated that they did this when calculating piracy estimates. In addition, the BSA/SIIA's 1999 Global Software Piracy Report indicates that this is still the approach: "By using the average price information from the collected data, the legal and pirated revenue was calculated. This is a wholesale price estimate weighted by the amount of shipments within each software application category" (p. 12). Pirate revenue is then taken to be equivalent to a loss to the legal sellers.

OCR for page 152
Page 189 BOX 5.4 Estimating Losses from Piracy The economic significance of pirating to rights holders is appropriately measured by the net ioncome lost by rights holders as a consequence of reduced sales of legal copies. As suggested in the text, some of their methodology. A variety of problems arise: • The loss to rights holders is not equal to the street price; it is instead the fraction of the wholesale price that represents pretax profits and royalties to the manufacturers, producers, and talent whose incomes depend on the number of authorized sales. Other aspects of manufacturing and distribution costs are just that—costs that the industry avoids if fewer copies are sold (though these costs may be small compared with the cost of original production and distribution). While piracy creates economic consequences for individuals other than rights holders, such as the loss of profits by retailers and sales tax revenue for government, the net loss due to each of these is a small fraction of the gross sales price of copyrighted products.1 • The number of additional authorized copies that would be sold is not equal too the number of illegally duplicated copies. Pirates typically sell their wares at prices substantially discounted from street prices; the substantial price discounts induce some people to purchase the product who would not otherwise do so. In addition, some unauthorised copies are produced for noncommercial reasons (e.g., making a copy for a friend). There is a substantial difference between getting a copy for free from a friend and having to pay the street price; hence some of these copies would not be purchased if the consumer had to pay something approximately the street price. • Street prices are affected by the extent of illegal commercial copying. The availability of inexpensive, high-quality illegal copies to the extent that some users buy illegal copies instead of legal ones. Interestingly, the effect on the street price of legal copies can either be positive or negative. The street price will rise if most price-sensitive consumers switch to illegal copies while the price-insensitive consumers do not. The resulting market for legal copies will have less price-sensitive demand, thereby causing the manufacturer's profit-maximizing price to increase, which partially offsets the reduction in sales attributable to piracy.2 • By contrast, the street price will fall if consumers do not differ very much in price sensitivity. In this case all consumers are equally likely to buy from a pirate if given a chance, so that the effect of piracy is to make the demand for legal copies more price elastic.3 If demand is more elastic, the profit-maximizing monopoly price falls and the proper calculation of the loss of the rights holders must include 1Retail profits are approximately 2 percent of retail prices, and studies of tax incidence indicate that about half of the producers rather than consumers. 2"Elasticity" is the precise term in economics for price sensitivity. 3"Consumers" here is taken in the purely economic senses, aside legal and ethical questions for the moment. continued (text box continued on next page)

OCR for page 152
Page 190 (text box continued from previous page) BOX 5.4 Continued profits lost on legally sold copies (because piracy forced the price down), as well as profits lost from pirated copies. • Assigning that the extent of unauthorised copying can be estimated with reasonable accuracy—a nontrivial assumption—one should not assume that all unauthorised copies are illegal and, hence, represent piracy. The proper scope and legal definition of illegal copying is a matter of some disagreement and controversy, so different parties produce different estimates of this number. For example, most authorities agree that it is legal to make a backup copy of software (in case the original is damaged or destroyed). More controversial is whether is consumer can legally copy material for multiple uses, such as making a copy of a videotape they own in order to have a copy for personal use near each of two VCRs in their houses.4 Different opinions on the legally of these actions leads to different statistics on the extent of and hence economic consequences of piracy. • This preceding analysis provides an appropriate foundation for building an estimate of the loss of profits from illegal copying. One first calculates the profit per unit sale for products in the absence of any illegal duplication (call it P), and then multiplies it by the number of unit sales (S) to derive the total profit for rights holders under no piracy (T=P×S).5 Then, one adjusts the net profit per unit of sale to account for price changes because of illegal copying (P), and multiplies this number by the new number of legal copies sold (S) to derive the total profit for rights holders with piracy occuring (T'=P'×S'). The difference between these numbers (T-T) id the basic profit lost to rights holders from illegal duplication. • Additional profit losses can also accrue. The expectation of illegal copying may cause some products not to be marketed at all, because the manufacturer does not believe that legal sales would be sufficient to recover the costs of production and distribution. In this case the loss to rights holders is the profits and royalties that would have been earned had the product been created and brought to market. Consumers also suffer a cost in this situation, equal to the difference between the value they would have placed on this product less the price they would have paid for it.6 4The 9th Circuit court decision in Recording Industry Association of America v. Diamond Multimedia Systems in June 1999 gave recognition in passing to the notion of "space-shifting" of music for personal use (i.e., an individual making a copy of a legally owned musical work in order to use the copy in a different place). No such position is currently on record for videos. 5By substituting "royalty" for "profit," one can derive analogous numbers for creators. 6There are of course also losses from piracy that do not (directly) concern profits. Counterfeits, for example, result in a loss of reputation for the author whose work has been copied. Counterfeit copies of movies can degrade the reputation of the movie maker in the eyes of viewers who sees those badly made copies, while counterfeit softwares can result in harm to the reputation of the software maker when the unsuspecting purchaser is denied technical support. Here we are concerned solely with lost profits and their appropriate measurement, as such figures are the focus of reports widely circulated by trade organizations. NOTE: Several committee members who earn their livelihoods in the copyright industries believe strongly that although the text in this box may reflect economic theory, it does not reflect the realises of their industry. For example, no motion picture distribution would reduce the terms of its licenses to theatres because pirated videos were on the street.

OCR for page 152
Page 191 are significant losses that, if avoided, might result in increased production. It is also clear that uncontrolled digital dissemination could have very serious repercussions for the copyright industries. A number of committee members conclude that, despite the extensive statistics available, there is a paucity of reliable information of the quality that might be generated if the subject were investigated by a disinterested third party. They conclude that such information is sorely needed. However, even given the caveats above concerning methodology, the committee believes that the available information suggests that the volume and cost of illegal copying is substantial. Although this section is concerned with the economics of piracy, the committee also believes that, regardless of whether the extent of illegal copying is financially significant to all industries that produce copyrighted products, the laws against illegal copying should be strictly enforced. Economic harm, after all, is not the only reason for enforcing copyright protection (or any other law with economic consequences). In a 1983 address and article, "The Harm of the Concept of Harm in Copyright," David Ladd, then the United States Register of Copyrights, expressed the following view: "The notion of economic 'harm' as a prerequisite for copyright protection is mischievous because it disserves the basic constitutional design which embraces both copyright and the First Amendment." Mr. Ladd argued for recognition of the fact that copyright protection is a sine qua non of a civilized society and, accordingly, merits recognition independent of economic impact. This view is not unanimously endorsed by the committee, as some committee members believe that the constitutional basis for intellectual property protection in authorizing laws was meant to encourage strictly instrumental purposes. Even so, the committee as a whole recognizes that many creators believe that their works, as expressions of their individuality, deserve to be protected and controlled by rights holders, quite independent of the economic consequences. Because people differ in the weight they give to this argument, the committee believes that copyright policy will never be resolved solely by appeal to facts about its economic effects. Despite the difficulty of finding a universally accepted copyright policy, the committee believes that it is important to conduct research in an attempt to better assess the social and economic impact of both commercial illegal copying for profit and noncommercial personal-use copying.40 The committee believes that reducing the current state of uncer- 40The rationale for greater research on noncommercial copying for personal use is discussed in Chapter 4. The issue is raised here because the two spheres interact. For example, social norms and the easy availability of other copying alternatives (e.g., from a friend) affect an individual's likelihood of purchasing an illegal commercial copy.

OCR for page 152
Page 192 tainty about the impact of these various phenomena will be important to policy makers and entrepreneurs. Clearly, there are multiple phenomena at work in both the commercial and noncommercial copying spheres, and perhaps there are differing behaviors among different demographic groups, geographic locations, and, perhaps, even cultures.41 These multiple phenomena may include how much the difficulty of making the illegal copy affects the frequency of copying, the effect on consumer decision making of the price and availability of legitimate copies, the personal sense of the moral or ethical dimensions of the copying involved, the degree of law enforcement or legal scrutiny directed at the behavior, peer group or social opprobrium or encouragement, and so on. Society needs to understand better what these multiple phenomena are and how they operate in the real world, so that appropriate responses can be formulated. The Impact of Granting Patents for Information Innovations Historically, information innovations have been excluded from the purview of patent law, based on a notion that Congress had meant for only industrial processes to be patented. Documents were deemed unpatentable, as were improved ways for calculating, organizing information, and managing organizations. However, a great deal has changed in recent years, and it seems that nearly all information innovations may now be patented, as long as they meet the patent law's requirements for novelty, nonobviousness, and utility and can be precisely defined in claims. Computer software was the first digital information product to challenge the traditional interpretation of patent concepts because of its dual nature as both a literary work (the textual source code) and a machine (i.e., a useful device). Programs have a dual nature because they are textual works created specifically to bring about some set of behaviors. They have been characterized as "machines whose medium of construction happens to be text" (Samuelson et al., 1994).42 The "printed matter" and "mental process" rules were initially invoked to deny patent protection to computer software, as on occasion was the "business method" rule. In its 1972 Gottschalk v. Benson decision, the U.S. Supreme Court ruled that an innovative method for transforming binary coded decimals into pure binary form could not be patented, even 41For example, see Chapter 1, Box 1.6, "A Copyright Tradition in China?" 42See Intellectual Property Issues in Software (CSTB, 1991b) for a greater articulation of the issues and implications concerning the use of the patent regime for software.

OCR for page 152
Page 193 though the patent applicant intended to carry out the method by computer and one of the two claims before the Court was limited to computer implementations.43 Drawing on the "mental process" line of cases, the Supreme Court announced that mathematical algorithms could not be patented. One factor that clearly disturbed the Court about the prospect of patenting the Benson algorithm was that a patent would preempt all uses of it, including apparently the teaching of it. In 1978, the Supreme Court in Parker v. Flook denied patent protection for an algorithm useful for calculating "alarm limits" (i.e., dangerous conditions) for a catalytic converter plant.44 The Court did not think that this algorithm, any more than the Pythagorean theorem or any other purely mathematical method, could become patentable merely because it might be applied to a particular useful end. The turning point in the long struggle over patents for information inventions came with the Supreme Court's 1981 decision in Diamond v. Diehr, which upheld the patentability of an improved rubber curing process, one step of which required a computer program.45 Because Diehr involved a traditional technological process and had so deeply divided the Court, patent administrators and the courts continued to struggle over how broadly to construe the Diehr decision. In the late 1980s, the tide turned in favor of patents for computer-program-related inventions because of their technological character. Source code listings might still be regarded as unpatentable under the printed matter rule, but as soon as a program has been put in machine-readable form, recent precedents would seem to regard it as patentable subject matter. Most recent program-related patents are, however, for more abstract design elements of programs. In the late 1980s and through the 1990s, it became increasingly common for courts to uphold patents for data structures, applied algorithms, information retrieval, and business methods carried out by computer programs. The denouement of the legal controversy over software-related patents in the courts and in the U.S. Patent and Trademark Office (PTO) may be the U.S. Supreme Court's decision in early 1999 not to review the State Street Bank decision. The Court upheld a patent attacked on grounds that the claims covered an algorithm and a business method. However, patents continue to be controversial in the information technology industry (Box 5.5). In State Street Bank and Trust Co. v. Signature Financial Group, the U. S. Court of Appeals for the Federal Circuit issued an opinion that has been 43Gottschalk v. Benson, 409 U.S. 63, 34 L. Ed. 2d 273, 93 S. Ct. 253 (1972). 44Parker v. Flook, 437 U.S. 584, 57 L. Ed. 2d 451, 98 S. Ct. 2522 (1978). 45Diamond v. Diehr, 450 U.S. 175, 67 L. Ed. 2d 155, 101 S. Ct. 1048 (1981).

OCR for page 152
Page 194 BOX 5.5 SightSound.com There is an interesting between the controversy surrounding the practice of parenting Internet business models and the uploading and downloading of musical recordings in digital formats, including MP3. An internet multimedia distributor, SightSound.com, has claimed that two parents it holds (U.S. Patent 5,191,573 filed in 1990 and granted in 1993, and Patent 5,875,734 filed in 1996 and granted in 1997) cover the digital distribution of audio and video recordings. SightSound has claimed that its ownership of the patents for the sale and distribution of the music and video content over the internet gives it the right to prevent any third party from exploiting a business model involving the selling, via download, of digital content sound files. SightSound has sent legal demand notices claiming that its patents "control, among other things, the sale of audio video recordings in download fashion over the Internet," and demanding that digital music site, such as MP3.com, Platinum Entertainment, Amplified.com, and GoodNoise Corp. (now Emusic, Inc.), enter into patent licenses with SightSound that would give SightSound a royalty of 1 percent of the price per transaction, as charged to the customer, for all such Internet sales AT&T's a2b Music has reportedly already entered into such a patent license with SightSound.The chief technology officer of AT&T's a2b Music has stated, "We licensed our technology to them, and as part of that deal we protected ourselves against patent claims. This whole area of patenting Internet business models is becoming scrutinized. I have trouble seeing how an auction on the Internet could get a patent." Currently, SightSound has sued music site NK2, Inc., for alleged patent infringement.The Recording Industry Association of America, through its spokesperson Lydia Pelliccia, has stated, "The validity of the patents is certain to be challenged." In an interesting intersection between patent law and the concerns of copyright proprietors about the protection of content in cyberspace, SightSound has suggested that the enforcement of its patents could aid copyright owners in other protection efforts such as the Secure Digital Music Initiative. In the patent infringement claim letters that SightSound has recently sent out, it has demanded that "if [MP3.com] does not become an authorized licensee, it must immediately cease and desist from selling music, or other audio recordings over the Internet in download fashion," thus using patent infringement claims to "enforce" the potential claims of music copyright owners for contributory or vicarious copyright infringement (Lemos, 1999; Business Wire, 1999a,b). widely regarded as vastly increasing the scope of patent protection available for software,46 and which led the PTO to begin issuing a number of quite broad patents covering methods for conducting business. In the State Street case, the patent in question covered a "hub and spoke" com- 46State Street Bank and Trust Co. v. Signature Financial Group, 149 F.3d 1368, 47 U.S.P.Q.2d 1596 (Fed. Cir. 1998).

OCR for page 152
Page 195 puterized business system, which allowed mutual funds (spokes) to pool their assets into an investment portfolio (the hub). The court held that the calculation by a machine of a mathematical formula, calculation, or algorithm is patentable if it produces a "useful, concrete and tangible result." In reaching this conclusion, the court rejected what it termed "the ill conceived [business method] exception" to patentability. Patents that were issued in the wake of State Street that attracted widespread public attention include Patent No. 5,794,210, which was issued to an online Internet marketing company, Cybergold, and covers the practice of paying consumers to view advertisements on the Internet. Other examples include a patent issued to Priceline.com covering reverse sellers auctions (which allow potential purchasers to specify the various items they wish and terms on which they are willing to purchase and then allows Priceline to find a seller) and a patent issued to cover a method for embedding Web addresses in e-mail and news group postings (see Box 5.6). The effects of this substantial de facto broadening of patent subject matter to cover information inventions are as yet unclear. Because this expansion has occurred without any oversight from the legislative branch and takes patent law into uncharted territories, it would be worthwhile to study this phenomenon to ensure that the patent expansion is promoting the progress of science and the useful arts, as Congress intended. There are many reasons to be concerned. There is first the concern that the U.S. Patent and Trademark Office lacks sufficient information about prior art in the fields of information technology, information design, and business methods more generally to be able to make sound decisions about the novelty or nonobviousness of claims in these fields.47 47On August 31, 1993, the PTO issued U. S. Patent Number 5,241,671 for a multimedia search system to Compton's NewMedia. Not long after the patent was issued, Compton's announced at the Comdex trade show in the fall of 1993 that it had acquired the patent and intended to enforce it and to collect royalties and licensing fees from independent and third-party multimedia developers who utilized a multimedia search system claimed in the Compton's patent. On December 17, 1993, the Commissioner of Patents and Trademarks, in the wake of numerous multimedia developers' complaints about the Compton's patent, took the fairly unusual step of requesting reexamination of the patent. Third parties submitted new prior art references to assist the PTO in determining whether there was a substantial question as to the patentability of the 41 claims granted under the patent. The PTO's examination concerned the issue of whether the 41 claims filed in the patent application were novel and not obvious to someone skilled in the relevant art. The PTO concluded that Compton's claimed inventions had been disclosed or taught in prior art references, and, accordingly, on November 9, 1994, the PTO issued a press release announcing it had formally canceled all 41 claims granted in the Compton's patent. Many commentators believe the Compton's case strongly underscores their concerns regarding the qualifications of the PTO to effectively evaluate prior art in the information technology field.

OCR for page 152
Page 196 BOX 5.6 Cybergold and Princeline.com Nate Goldhaber, the founder and CEO of Cybergold, describes the inspiration behind the company by saying, "The fundamental premise of our company is that attention is valuable commodity. With literally millions of pages on the Web and hundreds of advertisements vying for people's attention, attention is one of the Internet's great acarcities. Cybergold allows marketers to pay consumers directly for their time and active attention." In its most basic terms, Cybergold is a Web site that has registered over 1 million "members," who can earn cash and enter sweep-stakes by visiting Web sites, trying free products, signing up for services, playing games, purchasing goods, and more. Cybergold holds a number if U.S. patents, including U.S.Patent 5,794,210, issued August 11, 1998, which covers a system "which provides the immediate payment to computer and other users for paying attention to an advertisement or other 'negatively priced' information distributed over a computer network such as the internet.... This is the business of brokering the buying and selling of the 'attention' of users.... Private profiles may be maintained for different users and user information may be released through advertisers and other marketers only based on user permission. Users may be compensated for allowing their information to be released." Priceline.com is a Stamford, Connecticut-based Web site launched in April 1998, consisting of a buying service through which consumers name the price they are willing to pay for goods and services ranging from airline tickets to automobiles. The company holds U.S.Patent No. 5,794,207, which covers a system that lets buyers name their price for goods and services while sellers decide whether or not to accept the offers. Priceline.com's name-your-price service for leisure airline tickets sold more than 100,000 tickets between its launch in April 1998 and the end (text box continued on next page) A related concern is the insufficient number of adequately trained patent examiners and inadequate patent classification schemata to deal with this new subject matter. The success of the patent system in promoting innovation in a field depends on the integrity of the process for granting patents, which in turn depends on adequate information about the field. Serious questions continue to exist within the information technology field about the PTO's software-related patent decisions. A number of legal commentators have pointed out that allowing these kinds of patents potentially makes concepts, not technology, the protectable property of the patent holder, "allow[ing] virtually anything under the sun to win patent protection."48 48See, for example, Goldman (1999), Scheinfeld and Bagley (1998), Sandburg (1998), and Sullivan (1999).

OCR for page 152
Page 197 (text box continued from previous page) of 1998.1 A second name-your-price service for hotel rooms is now available in approximately 200 U.S. cities,2 as well as name-your-price service for all-cash new car buyer in the New York metropolitian market. The company has announced plans to launch name-your-price home mortgage services and to branch out into vacation packages and other online financila services. Priceline launched an initial public offering (IPO) in March 1999, at one point reaching a market capitalization in excess of $18.5 billion. Like other highly sought-after IPOs for Internet start-ups, much of the perceived value of the company has no earnings in September 1999, Cybergold conducted an initial public offering (Bauman, 1999).3 1In September 1999, priceline proposed the expansion of their business to include groceries (Wingfield, 1999) 2In September 1999, Expedia, Microsoft's travel site, beingallowing customers to name their price on hotel rooms (Wolverton, 1999). In October 1999, October 1999, Priceline initiated patent infringement litigation against Microsoft (Bloomberg News, 1999) 3Othewr noteworthy patents that have been issued in recent years, and which arguably illustrate the general expansion of patent protection for software and Internet business methods, include the following patents and patent holders; Amazon.com (U.S Patent Number5,727,163)(covering secure method for communicating credit card data when placing an order on a nonsecure network); juno Online (U.S Patent Number 5,848,397) (covering method and apparatus for scheduling the presentation of messages to computer users); Egendorf (U.S Patent Number 5,794,221) (covering Internet billing method); The AG Group (U.S Patent Number 5,787,253) (covering apparatus and method of analyzing Internet activity); Interactive Media Works (U.S Patent Number 5,749,075) (covering method of analyzing Internet activity); Interactive Mdeia Works (U.S Patent Number 5,749,075) (covering method for providing prepaid Internet access and/or long-distance calling, including the distribution of specialized calling cards); and Excite (U.S Patent Number 5,577,241) (covering information retrieval system and method with implementation extensible query architecture). Second, the tradition of independent creation in the field of computer programming may run counter to assumptions and practices associated with patents as they are applied to its traditional domains. When someone patents a component of a manufactured system, for example, it will generally be possible for the inventor to manufacture that component or license its manufacture to another firm and reap rewards from the invention by sale of that component. Rights to use the invention are cleared by buying the component for installation into a larger device. But there is little or no market in software components. Programmers routinely design large and complex systems from scratch. They do so largely without reference to the patent literature (partly because they consider it deficient), although they generally respect copyright and trade secrecy constraints on their work. With tens of thousands of programmers writing code that could well infringe on hundreds of patents with-

OCR for page 152
Page 198 out their knowing it, there is an increased risk of inadvertent infringement.49 An added disincentive to searching the patent literature is the danger that learning about an existing patent would increase the risk of being found to be a willful infringer. The patent literature may thus not be providing to the software world one of its traditional purposes—providing information about the evolving state of the art. Much the same could be said about the mismatch between patents and information inventions in general. Third, although patents seem to have been quite successful in promoting investments in the development of innovative manufacturing and other industrial technologies and processes, it is possible that they will not be as successful in promoting innovation in the information economy. One concern is that the pace of innovation in information industries is so rapid, and the gears of the patent system are so slow, that patents may not promote innovation in information industries as well as they have done in the manufacturing economy. The market cycle for an information product is often quite short—18 months is not unusual; thus, a patent may well not issue until the product has become obsolete. If information inventions continue to fall within the scope of patents, then, at a minimum, the patent cycle-time needs to be improved significantly. Patent classification systems for information innovations may also be more difficult to develop and maintain in a way that will inform and contribute to the success of the fields they serve. One final reason for concern is that developing and deploying software and systems may cease to be a cottage industry because of the need for access to cross-licensing agreements and the legal protection of large corporations. This in turn may have deleterious effects on the creativity of U.S. software and Internet industries. 49This is in contrast to the copyright framework, where infringement requires a demonstration that some (conscious or unconscious) plagiarism has occurred. For example, independent creation is a defense. Two people could write original but very similar stories (or programs) independently; both would be copyrightable, and neither would infringe upon the other, because the standard for copyright protection is originality, not novelty. Thus an author is not responsible for knowing the entire corpus of literature still within copyright so as not to infringe on it.