Stanford Center for Internet and Society

Digital Rights Management in the United States and Europe, 52 American Journal of Comparative Law 323-382 (2004).

Trusted Computing - Whom do we trust? Different versions of a talk at the CIS at Stanford Law School, March 28, 2005: slides, audio version, synchronized audio & slides version (for more information, click

The slides of my recent talk about trusted computing at the CIS in Stanford are now available online.

Some information about digital rights management systems used in computer games may be found here.

One of the features offered by TC is that it transforms trust in entities into trust in components (see here on pp. 644-645 for an explanation). In such an approach, it becomes of utmost importance how these entities (which I will call "trust anchors" in the following, but you could also call them "ultimate Roots of Trust") are designed. In an overview paper by TCG, one can read (on pp. 45-46) the following:"Anybody may assume authority to certify. The objective of certification is to provide credible reference for accreditation, hence customers of certified products determine which organizations are credible. TCG feels credibility may be found among many organizations from ranging from product manufacturers / vendors, product consumers and consultants. The product owner ultimately decides which certifier best contributes to assurance and risk management calculations."

One of the criticisms raised against trusted computing is that it solves some potential problems of the future without doing the homework first that precedes these problems. Trusted computing, these critics argue, provides an elaborate mechanism for remote attestation, but it does not provide well-functioning mechanisms for local attestation. Therefore, with trusted computing, I am able to determine the state of a remote platform in a trustworthy manner, but I am unable to do the same for my own local platform.This argument may be a little bit extreme, as some functionalities of trusted computing could be used for local attestation. As an Intel paper on LaGrande Technology points out (on pp. 7-8), there are at least three ways to perform a local attestation:

So, today, the U.S. Supreme Court will hear two cases that may profoundly shape U.S. cyberlaw and may also affect cyberlaw in other countries. For more information, see here.

So here is another potential example of an application of P2P systems that might even be helpful from the music industry's perspective.

Indicare has an interesting article written by Natali Helberger about the advantages and limitations of
labeling requirements as an answer to DRM. Such labeling requirements can be found, e.g., in the revised German Copyright Act, and are also being discussed in the U.S. Congress. In certain aspects, they remind of Judge Easterbrook's well-known phrase in ProCD v. Zeidenberg and the discussions surrounding ProCD: "Competition amon

At the 3rd DRM conference this January in Berlin, Ross Anderson gave a dinner speech in which he envisaged a world suffused by region-coding technology (imagine region-coding in RFID-equipped jeans, e.g.). While we are not at this stage yet (at hopefully will never be), here is just another example of the increasing use of this technology:

"HP has quietly begun implementing 'region coding' for its highly lucrative print cartridges for some of its newest printers sold in Europe. Try putting a printer cartridge bought in the U.S. into a new HP printer configured to use cartridges purchased in Europe and it won't work. Software in the printer determines the origin of the ink cartridge and whether it will accept it. The company introduced region-coding on several printers in the summer so it won't have to keep altering prices to keep pace with currency movements, says Kim Holm, vice president for HP's supplies business in Europe, the Middle East and Africa. HP eventually plans to introduce the concept across its entire line of inkjet printers, he adds." (This is an excerpt from a very interesting Wall Street Journal story).