| Full text | Click to download. |
| Citation | Proceedings of the 2001 ACM Workshop on Security and Privacy in Digital Rights Management, Lecture Notes in Computer Science, vol. 2320, Springer, Berlin, 2002, pp. 76-105.
|
| Authors | Joan Feigenbaum
Michael Freedman Thomas Sander Adam Shostack |
Internet-based distribution of mass-market content provides great opportunities for producers, distributors, and consumers, but it may seriously threaten users' privacy. Some of the paths to loss of privacy are quite familiar (e.g., mining of credit-card data), but some are new or much more serious than they were in earlier distribution regimes. We examine the contributions that digital-rights-management (DRM) technology can make to both compromising and protecting users' privacy. We argue that the privacy-enhancing technology (e.g., encryption, anonymity, and pseudonymity) that absorbs most of the attention of the security R&D community cannot by itself solve the privacy problems raised by DRM, although it can play a role in various solutions. Finally, we provide a list of ``privacy engineering'' principles for DRM systems, some of which are easy to implement and potentially quite effective. Note: This paper preceded the PORTIA project, but we have included it on this site, because it provides a good introduction to some of the main PORTIA themes.