Slide #3 (Introduction to Rights Management) At the current stage of Information Age, information can be much more easily copied than it could be before. This worries writers and artists, because their intellectual properties can now be hard to protect. What rights management tries to do is to protect the intellectual property rights holder from fraud. Rights management defines the relationship between "Intellectual Property", its "Creator", and the "Consumer". It specifies what the consumer is allowed to do with the data (to view, to print), and how much each of these usages costs. Slide #4 (Case Analysis - Document Distribution) Next, let us look at an example scenario. Alice is an artist, and sells Bob a digital document over the Internet. Bob's concerns are, as a buyer, whether or not the information received is what he wanted, and also if the information is correct. His concerns can be addressed by non-repudiation. The bigger problem here, however, is what to do to protect the artist or the seller, in this case, Alice. Alice is interested in controlling the distribution of her art, protecting herself from fraud or copyright infringements, and defining allowed usage patterns. To address these concerns, she can attach copyright information to the digital data. This information should be separate, but not separable from the data. As a safety net, Alice is also interested in legal protection, in case of fraud. One of the problems is that, in the real world, we have third party attackers. They can, for example, eavesdrop a line, and distribute the stolen information. They can also change the information (for instance, stock market data), or commit plagiarism (we have seen examples of plagiarism of papers authored by people here at CMU), and redistribute the material under their own names. Slide #5 (Case Analysis - Protecting Images and Text) We have two cases here, depending on what we want to protect. Let us go over the list for image watermarking briefly. As I said before, we would like the copyright information to be separate from the content. In fact, we would like it to be invisible. But we would like also to keep it inseparable from the image, so that nobody can remove the watermark. This leads us to the second point, which says that if you remove the watermark, then, with high probability, you will make changes to the image. These changes result in low quality images, which do not sell as well as the original ones. We would like also to have robustness, which means that we would like watermarks to survive common image manipulations, such as lossy compression, cropping, filtering, etc. In the case of text, things become more difficult. In the past, people have used different methods. One possibility is to treat text as an images. We can embed the data by changing the inter-line spacing, or spacing between characters or words. But this is not robust against attacks where the text is submitted to an OCR (Optical Character Recognition) system, and reprinted. This method is not useful for searching or handling texts either. We will see later how current schemes protect text. Slide #6 (Unsolved Copyright/Legal Issues) In the real world, we have other problems. Even if we had perfect technical solutions, people can still infringe copyright laws and get away with it. For instance, we can have a server on the Internet, and a country that does not follow the Berne convention will allow anyone to freely distribute the information on the server, without any legal action taken against the criminal. This happens, for instance, in Indonesia, where complete tracks of audio CDs are extracted and used illegally. Slide #7 (Different Models and Discussion of Problems) Next, we show different models to deal with the problem. First, we have the electronic commerce framework, which does not really deal with the problem. Second, we have super-distribution. The idea there is that anybody can acquire or distribute copyright protected information. But you are charged as soon as you use the information. This is called usage-based revenue collection scheme. In the super-distribution scheme, we also have the idea of "composite objects", where an object can have different parts (images, text, audio, etc), and the viewer pays for what he or she chooses to use. And lastly, we have the Intertrust approach, which uses language features to express things that can be done with a document, and uses tamper-resistant boxes for secure executions. (The audience was skeptical about how well this scheme could work.) (The details of the second and the third approach were not given in the talk.)