By Dennis D. McDonald

When Bob Weber published his post-CES DRM 3.0 Has Arrived he made the point that, while DRM for music may be dying, the entertainment industry’s interest in Digital Rights Management is still quite strong. This got me to wondering whether this “next generation DRM” might have some relevance to current interest in social network portability.

According to Weber, industry interest in DRM is shifting to network based security via monitoring of file exchange traffic and to use of technologies such as “watermarking” that aid in the identification and tracking of files that may be subject to rights management.

Sources such as the New York Times are reporting similar stories about the interest of communication providers such as AT&T in “filtering” network traffic for possible copyright violations. Vendors such as Comcast are already targets of complaints that they are “throttling” the exchange of large files. Google’s intentions about all the personal network traffic data it collects are frequently the subject of intense interest.

I asked in a comment to Bob’s post, “Did any of the industry folks you talked with say anything about possible privacy implications for ‘DRM 3.0’ applications?”  He answered my question here.

I was thinking about the issues not only of whether “user generated content” contained previously copyrighted content — an issue frequently raised with respect to services such as YouTube — but also of current efforts to define “data portability standards” covering the personal relationship data that the DataPortability Workgroup is developing.

The DataPortability Workgroup is attempting to address an issue with respect to online social networks: the ability to transfer data on personal relationships that one generates as a member of one network to another network.

One of the questions the Workgroup is attempting to answer is whether it is possible to design a data standard to facilitate the exchange of social relationship data from one network to another, even when the networks in question offer significantly different user experiences and functionality. It is clear from the group’s public discussion group that members are already wrestling with definitional issues related to data ownership and privacy. For example, who “owns” an email address? When should that address be made publicly available? What responsibility does the operator of an online social network have to protecting member privacy given the wide range of interests members have in maintaining so many different types of relationship and levels of privacy?

The topic of “personal data ownership” has long interested me. At one time I felt that any third party gathering data about my online behavior and selling it for profit should, at the least, give me a share of the revenue that my behavior helped generate. I even suggested — somewhat naively — that an agency be established to facilitate licensing and payments related to the publishing of personal financial, medical, and behavioral data.

One of the main reasons that DRM and social data portability are such complex topics is that how they operate in the real world of social relationships, fileseharing, electronic commerce, and legislative involvement in intellectual property and privacy administration is becoming increasingly complex. Many different “cultures of sharing” need to interact in order for today’s systems to operate efficiently. For example, some people care passionately about personal privacy and limit their online behavior accordingly, while others believe in and open and free exchange of the most personal and private information.

One question the DataPortability Group must wrestle with is whether it is even possible to develop a “standard” that can address both ends of this privacy spectrum. Given such different outlooks on ownership and privacy, I have my doubts, but I hope I am wrong.

I am hopeful that such industry efforts can remain industry efforts without the involvement of government agencies. I would hate to see a situation where network operators were required by law to monitor network traffic not only for transfer of copyrighted works but for transfer of private communications covering certain types of user data. Such monitoring would have profoundly negative implications for personal freedom and a great potential for political misuse.