Privacy Engineering in Digital Rights Management Systems

Full textClick to download.
CitationProceedings of the 2001 ACM Workshop on Security and Privacy in Digital Rights Management, Lecture Notes in Computer Science, vol. 2320, Springer, Berlin, 2002, pp. 76-105.
AuthorsJoan Feigenbaum
Michael Freedman
Thomas Sander
Adam Shostack


Internet-based distribution of mass-market content provides great opportunities for producers, distributors, and consumers, but it may seriously threaten users' privacy. Some of the paths to loss of privacy are quite familiar (e.g., mining of credit-card data), but some are new or much more serious than they were in earlier distribution regimes. We examine the contributions that digital-rights-management (DRM) technology can make to both compromising and protecting users' privacy. We argue that the privacy-enhancing technology (e.g., encryption, anonymity, and pseudonymity) that absorbs most of the attention of the security R&D community cannot by itself solve the privacy problems raised by DRM, although it can play a role in various solutions. Finally, we provide a list of ``privacy engineering'' principles for DRM systems, some of which are easy to implement and potentially quite effective. Note: This paper preceded the PORTIA project, but we have included it on this site, because it provides a good introduction to some of the main PORTIA themes.

Back to publications
Back to previous page