杏吧原创

Publish and Be Robbed?

Distributing your work on the Internet may seem like the best way to reach a wide audience. But can musicians, photographers and publishers repel the digital pirates?

WHEN editors at a small British publishing company heard that one of their electronically distributed newsletters had a direct competitor in the US, they sent off for a copy, thinking perhaps that they might swap subscriptions. But when it arrived in the post several days later, they got a shock: large chunks of text, and in some cases whole articles, had been lifted from their titles without permission, and were being resold as original material.

The publishers had fallen victim to 鈥渄igital piracy鈥 鈥 the instantaneous and unauthorised reproduction of copyrighted material using digital methods. They took it philosophically: as more information is distributed electronically, especially over the Internet, unauthorised copying has become almost a matter of routine. Many publishers who use the Internet to send their text, software or video to specific destinations have later found their material being circulated on this global network of networks without their permission.

Part of the problem is that the material distributed across electronic networks is in digital form, which means that the process of copying is as easy as moving a file onto a floppy disc 鈥 and the actual copies themselves are always perfect. Anyone armed with a personal computer and a modem can put material on the Internet, and anyone else can just as easily copy that material onto their computer and then redistribute it. And that data can be in any form 鈥 music, video, text, software, or a mixture.

Even before the dramatic popularisation of the Internet in the last two years, the unauthorised reproduction of software, music and videos and text held on floppy discs or hard discs had become a major problem (鈥淲hose copyright is it anyway?鈥, New 杏吧原创, 24 July 1993). But the sheer scale of the Internet takes the problem into a new dimension: it is like a vast, unattended shopping mall, full of goods which are freely available, or at best tied down by the flimsiest of knots.

The problem is all the more frustrating for publishers because of the opportunity which the Internet presents. Anything from 10 million to 25 million people are said to be connected to the Internet today, and the independent association of Internet users known as the Internet Society estimates that by 2001 there will be over five billion computers connected to the network. This is a potentially huge market which can be reached at relatively low cost. That publishers of everything from software to hard news magazines are taking this potential seriously is clear. Over the past year publications such as Time and a wide range of newspapers including the San Francisco Examiner and The Daily Telegraph have produced whole editions or tailored excerpts for the World Wide Web 鈥 the software interface that weaves together the wide array of digital material held on computers linked into the Internet. MIT Press is about to launch an academic journal that will be both sent to specialists for peer review, and distributed to readers over the network. A growing number of software publishers, and a few far-sighted music publishers now use the Internet for distribution, and the signs are that the video producers are not far behind.

But all these publishers recognise that there are dangers to using the Internet for the distribution of any material with commercial value. Anything that goes on the Internet could attract the interest of commercial rivals, jealous colleagues, professional bootleggers, plagiarists and counterfeiters. The most obvious way to fend them off is to encrypt the information. Most encryption systems involve the sender using a piece of software to convert the text or software into a string of letters, numbers or symbols that can be converted back into a form readable by humans when it is de-encrypted using another piece of software.

More recently, people sending confidential or commercially valuable information over the Internet have used Pretty Good Privacy (PGP) (鈥淣etwork Confidential鈥, New 杏吧原创, 8 October 1994). This cryptography software, which is free to anyone with access to the Internet, uses two keys: the public key which the person sending the information uses to encode the confidential material and the separate private key which decodes the message. The person receiving the message keeps the private key on their computer.

But secure as this way of passing digital publications may seem, encrypting the material sent over the Internet is only a partial solution to the publishers鈥 problem. Encryption only prevents unauthorised access to the information on the Internet: once someone has gained legitimate entry to the document or music file, there is nothing stopping them making illegitimate use of the material. Once the protected material is decoded it can be copied and distributed to friends and colleagues like any other computer file.

Cable Television companies have already discovered this. Their programmes are often transmitted in encrypted form, so that only paying viewers can view them, but once a programme has been received, it can be immediately copied or redistributed 鈥 for example, across a campus or throughout a block of flats.

Easy access

This strikes at the heart of the problem which computer scientists are now trying to solve: it is relatively easy to control the first 鈥減oint-to-point鈥 distribution of material, but extremely difficult to control or monitor onward transmission. And what if the owner of the copyright wants to encourage onward transmission, or will allow viewing but not reprinting or recopying? How can he or she know who has access to what material so that they can be billed? And what if a publisher wants to send research papers out over the Internet, but normally charges some readers 鈥 say students 鈥 less than others from the commercial sector?

In the past year, several technological solutions have been mooted. All are in the early stages and therefore not foolproof. Often the published material is linked to a computer program that contains the code which enables you to view the text and graphics, or listen to the music. To gain access to this program you need to have a special key, which ensures that only people with that key 鈥 which may be a password or a pin number 鈥 can see or hear the published material.

One company that is putting its money behind this approach is London-based Cerberus Sound and Vision. Cerberus is one of the first commercial outfits to attempt to distribute music over the Internet. The company鈥檚 copyright protection plans turn on a software program known as a 鈥減layer鈥. The idea is that each subscriber to the service will receive their own personalised piece of software that will find, pay for and download music from a central computer based at the Cerberus headquarters. Once the music is stored on the hard disc of the subscriber鈥檚 computer, the program will act like a conventional CD-player and convert the bits of data into tunes.

The first step to getting hold of one of these players is straightforward: fill in an application form, which will soon be available both on the Internet and on floppy disc, giving credit card number, address and musical preferences. The next time the customer logs into the Internet, the software will connect them to the Cerberus computer which contains a program that will encrypt the information on the application form into the player software. The player is then sent to the customer along with a personal identification number (PIN) that allows access to that particular player. When the customer requests a piece of music, a message is sent to the Cerberus computer where a program searches for and extracts the music requested, works out which artists should be paid, and then compresses and encrypts the data. The result is a computer file that it is practical to distribute over the Internet, and which will only work with the player that made the request.

Ricky Adar, the company鈥檚 managing director, is keeping the exact details of the encryption and compression techniques secret. But he will say that the compression system is loosely based on the Huffman technique, a statistical compression method which is often used with text and which replaces frequently occurring groups of letters with a code. Cerberus, however, intends to replace common sound patterns with such codes, so reducing the size of the data file and, at the same time, making the music unplayable to anyone without the necessary decompression software.

It鈥檚 not perfect, says Adar, but it could take months for someone to find a way of copying the software, and even then all that they will have achieved is to have gained access to one person鈥檚 copy of the music. Some experts have, however, pointed out that it might be possible to break into the software and find a way of capturing the songs digitally as they are played. This could be done, for example, by intercepting the digital feed between the processor in the customer鈥檚 computer and the sound card on the computer, or even by digitally rerecording the output. Adar鈥檚 response to this criticism is that the uncompressed files would be so large 鈥 perhaps 40 megabytes per song as to make this impractical.

Adar also says that Cerberus is still far more secure than any other music delivery medium. Britain鈥檚 Mechanical Copyright Protection Society appears to agree, and has approved the system, while the Performing Rights Society is interested in the system鈥檚 potential for collecting royalties. There is also some interest from the video industry.

Cerberus, of course, is not alone in its drive to protect copyright and the livelihood of artists and contributors. For the past two years the European Union provided funding of around 拢2.7 million through its Esprit programme for the Copyright in Transmitted Electronic Documents (CITED) project. The partners in this project, which included the British Library, Oxford University Press and the French computer company Bull, revealed their proposals for a copyright protection scheme in mid-1994.

Code and decode

These proposals went further than merely specifying ways of encrypting information so that only authorised key holders can grab an electronic document from the Internet and convert it into a usable form. CITED tackled the tricky problem of what happens after the material has been decoded. If a computer file containing music, or the page of a journal is sitting on the hard disc of a computer that is hooked up to a local area network, with basic encryption systems there is nothing to stop the authorised user from redistributing, or even printing those files.

The model that the pan-European team has come up with is built around a tamper-proof software module which acts rather like the indestructible tachometers installed on long-distance coaches and lorries, recording everything that happens to the copyrighted or commercially valuable material. As with the Cerberus approach, the basic idea is that the valuable material is linked to a specific piece of software. This software is required to gain access to the material, and it can only be converted into its usable form by someone in possession of the right key or password.

The difference with the CITED approach is that, when the authorised user requests a piece of software or some pages of a report or journal, he or she will have to key in a password. From then on, each time a program is run or a print of a page is made, the associated software module sends a message back to the secure database stored on the computer. The database can then track every activity carried out by the organisation鈥檚 software modules, so providing an audit trail which shows whether pages are being printed or copied electronically. Eventually, it may be possible to forward this information to rights societies to help them determine how much artists, authors and publishers should be paid.

It is also possible to use this information to ensure that users get what they pay for. If, for example, a user of a games program has only paid for four hours usage, the module will prevent access after four hours. But by calling the rights holder over the Internet, credits could be bought and extra hours programmed into the tamper-proof module. Similarly new users can be licensed to use the material 鈥 which would go some way toward solving the problem of monitoring 鈥渙nward transmission鈥.

Jean Fran莽ois Boisson, the chairman of the CITED project, admits that there are several problems: the software is complex, takes a long time to install, and all material to be controlled through CITED must be specially adapted 鈥 or 鈥淐itedised鈥 鈥 in order to work with the system. But, he says, 鈥渃opyright management is a very long-term process. You have to start somewhere鈥.

The CITED team believes that its approach 鈥 or a form of it 鈥 could become an internationally adopted standard for controlling access to copyrighted material over the Internet. But first, they have to prove it works. This is one of the goals of a new European project, Computer Ownership Protection in Computer Assisted Training (COPICAT), which involves building a secure CITED system to protect a computer-aided training package.

Mari, a Newcastle-based software company and member of the COPICAT consortium, is playing a key part in this development. It has developed a program which should help to prevent onward transmission of material. Using the computer-aided training package, which is essentially an interactive teaching system that runs on a computer and often includes video and music as well as text, Mari has found a way to ensure that once the package is 鈥渙pened鈥 and used, it cannot be saved or retransmitted, except as part of the whole COPICAT package. This is done by writing commands that intercept and prevent routine computer messages such as 鈥渃opy鈥 and 鈥渟ave鈥 from working unless the CITED system gives permission. This would remove the possibility of saving some of the interactive training material at another location outside the tight control of the COPICAT/CITED program.

If the system works, says Sarah Keates of the British Library, then the principles can be extended to cover all forms of digitally stored media. But even if the COPICAT security program fails to withstand the tricks and hackery of students at University College Dublin, who will be testing the program later this year, it will not invalidate the approach, says Peter Bennett of Mari. 鈥淲e鈥檙e not trying to make it impossible to get at data [without permission], we鈥檙e trying to make it not cost-effective鈥.

In the US, several companies are working on commercial solutions to the same problem, mainly concentrating on how to prevent the copying of information stored on CD-ROM, often using 鈥渂lack box鈥 encryption systems which attach to the computer. The International Federation of Reproduction Rights Organisations (IFFRO), an association of organisations involved in protecting intellectual rights, is interested in one such system being developed by a small Californian company, Electronic Publishing Resources. Its patented model bears some resemblances to the CITED initiative: the publisher of, for example, a scientific text, puts both the content of the article and all the control information into a 鈥渃ryptographic envelope鈥 鈥 a computer file which cannot be opened without the necessary passwords. This envelope can then be distributed across any electronic media. During the process of 鈥渟tuffing the envelope鈥, rights clearing houses, which handle royalties on behalf of copyright owners, may also be notified. When the recipient gets the electronic package, full access can be gained by electronically reporting back to a financial clearing house or a publisher via the Internet.

Joe Alen, chairman of IFFRO鈥檚 committee on new technologies, believes that cryptographic envelopes will play a key role. However, he emphasises that once an envelope has been opened, then it can be copied, changed and redistributed.

This is one of the reasons why there is great interest in a second stream of research which aims to encode a 鈥渄igital signature鈥 into electronically distributed material. This way, whatever happens to the material, its origins will always be known. It is not a new idea: in the Middle Ages artists and authors would sometimes bury samples of almost invisible microwriting into their works.

This is the approach that has been taken by Laurence Turner, professor of electrical and electronic engineering at Imperial College, London, who has developed the Universal Data Identifier (UDID), a method of stamping digital codes into a piece of data, rather like putting an ISBN code onto a book. For digital information this coding is done using 鈥渋nvasive code鈥, which changes the underlying structure of the data.

Using a simple sampling technique, a computer is used to select a series of relatively insignificant 鈥渂inary words鈥 鈥 a series of digits holding information such as a musical note. The computer then substitutes the insignificant digits with a significant digit or series of digits, so building a code that can be spotted by another computer program. This code is unique and can be used to identify even the smallest quantities of data. Turner鈥檚 work was originally funded by the music industry, which was anxious to stop counterfeiting, but the patents are now in the public domain.

Douglas Armati, a consultant in intellectual property rights who advises the Scientific, Technical and Medical Association, an international organisation for scientific publishers, believes that this idea can be applied to text, music, video, graphics or even photographs. The key to UDID is that it is robust. Because it is an invasive code, it is able to withstand compression, which involves removing redundant bits of code rather than the data itself. It is also able to withstand digital to analogue conversion, so the code would persist even if digitally recorded material were to be recorded from the radio using a conventional tape recorder.

Code invaders

Turner uses two separate techniques to achieve this. The first is the straightforward use of invasive code to which a further analogue identifier can be added. The analogue identifier is inserted by analysing the structure of, for example, a series of sounds. The analysis involves ascribing a digital value to the analogue sound waves in, for example, a short burst of music. The digital version of the analogue sounds can then undergo a process similar to that used to insert invasive codes in digital material. Representatives from the MCPS have listened to digital recordings with and without UDID and found no sound deterioration.

According to Armati, the main problems with UDID technology are not technical but in getting it adopted as a standard for all media. 鈥淎s part of the design, the hooks will be there for systems to be designed around it. If there is no unique identifier, there is nothing to hook onto鈥, says Armati. And he suggests that the makers of recording equipment, for example, could incorporate a UDID function that would automatically insert the code without harming the quality of the work.

A similar idea has recently been put forward by a small British company, MOR. MOR founder Rod Borland, a professional photographer, wanted to find a way of digitally identifying photographs before they are distributed electronically. Borland, with the help of MOR co-founder Otso Paatelma, has developed a method of distributing a digital code across an image using invasive coding technology similar to that used for UDlD.

So have companies such as MOR and Cerberus, and projects such as CITED cracked the problem of electronic copyright? Yes and no appears to be the consensus. No one is prepared to describe their technology as invincible. In MOR鈥檚 case, says Borland, 鈥渢he code is as secure as it can be in the computer environment. But you never know what is coming up. The whole idea is to make finding and removing the code too much trouble for someone to bother with.鈥

Even if today鈥檚 encryption and copyright protection technologies prove effective, their developers are realistic about the likelihood of widespread adoption. To be truly effective, the technological solutions must have widespread, international support, from both the commercial sector and the reproduction rights organisations. Because this has yet to happen, it is too early to assess the impact of all or any of these technologies.

But it is already clear that no single technology will provide a global solution. 鈥淎 lot of people have patents, some pretty serious-looking ones. But the fact is, technology alone is not going to be the solution,鈥 says IFFRO鈥檚 Alen.

More from New 杏吧原创

Explore the latest news, articles and features