The technical and legal dangers of code-based fair use enforcement

Digital rights management (DRM) mechanisms, built upon trusted computing platforms, promise to give content providers the ability to impose rules reliably and deterministically on end-user experiences with information resources ranging from literary works and scholarly publications to a vast array of entertainment content. DRM represents just the first wave of a class of technologies that aspire not only to implement copyrightprotecting usage controls on computing devices, but increasingly to take on the enforcement of a broader set of organizational and public policies. The paper focuses on policy enforcement in the specific context of content use. It reviews the concepts and architecture of policy specification and enforcement, citing examples from the special case of DRM, and provides a detailed discussion of how usage control policies are evaluated in DRM systems. Since the expression and interpretation of policies is only one "layer" of the general problem of persistent policy enforcement, we consider the role that trusted computing systems can play in ensuring that computing agents interpret policies in reliable and deterministic ways. Finally, we consider the challenges inherent in the construction of technical mechanisms that mimic social policies.