Environmental Resources Information Network GPO Box 787 Canberra, ACT 2601
Intellectual property law is designed to protect the legitimate rights of those who produce original works and thus provide incentives for that work. Intellectual property is protected through laws on copyright, patents and trademarks.
Emphasis on the requirement for copyrighted material to be original and involve a creative process was emphasised in a 1991 US Supreme Court case (Feist Publications, 1991).
The primary objective of copyright is not to reward the labor of authors, but "to promote the Progress of Science and useful Arts." To this end, copyright assures authors the right to their original expression, but encourages others to build freely upon the ideas and information conveyed by a work.... This result is neither unfair nor unfortunate. It is the means by which copyright advances the progress of science and art.
There are a number of major challenges facing us as to how we may protect intellectual property in the expression of ideas and information in an electronic world as compared with the traditional expression of those ideas by material means. Information and ideas are different from material goods in that they they can be shared, sold, copied and used without at the same time consuming them. John Perry Barlow, founder of the Electronic Frontier Foundation (EFF), in a paper on the Economy of Ideas (Barlow, 1994a) poses the question: "If our property can be infinitely reproduced and instantaneously distributed all over the planet without cost, without our knowledge [and] without its even leaving our possession, how can we protect it? How are we going to get paid for the work we do with our minds? And, if we can't get paid, what will assure the continued creation and distribution of such work?"
Until now almost all ideas and information have had to be expressed in material form - usually as published books, magazines, photographs or film. Because of this linking, copyright laws have been built around the assumption that there is a one-to-one relationship between an idea and its physical expression. This is exemplified in the so-called 'Idea of Expression' merger doctrine of US copyright law which holds that if the expression is the same as the physical fact, then no original expression is made and the work cannot be copyrighted (Mason v. Montgomery Data, 1992).
New and emerging technologies, however, are causing that link to be broken for an increasingly large set of ideas and information sources. Many of these information sources, especially in the biodiversity arena, are just beginning to assert their importance as providers of the underlying information upon which much of our future life and existence will be based. The Internet poses interesting challenges for owners, creators, sellers and users of intellectual property. It allows us to copy information essentially for free and it is often easier to copy information than it is to find it. How we go about protecting intellectual property rights without restricting access to core vital information provides us with a number of challenges.
The fact that these challenges have arisen has presented an opportunity to re-think the way we look at intellectual property and copyright. This re-thinking has caused a divergence into two broad schools of thought - viz, the 'radicals' such as Barlow and Dyson, who say we should start again (see Barlow, 1994a, 1994b, Dyson, 1995) and the 'conservatives' who believe we can modify existing systems.
Powerful industry, commerce and law groups are behind the idea of modifying the present system. A manifestation of this approach can be seen in recent US pressure in trade forums for Japan, China and India to prosecute CD 'pirates'. A recent meeting of OECD countries in Canberra (IPTF 1996) largely supported this approach.
The two rulings mentioned above (i.e. Feist Publications and Mason v. Montgomery Data), when taken taken together, will play an important role in assessing the eligibility for copyright protection of biodiversity databases in the short term, at least in the United States (Busby et al., 1995). The European Union has taken a slightly different route with a directive on databases which addresses the 'right to prevent unfair extraction' (Busby, et al. 1995). This arose out of the CITED (Copyright In Transmitted Electronic Documents) initiative which aims at preventing re-publication of works downloaded from a network. The associated Copinet project in the US and Canada is trialling the use of digital billing engines enabling publishers to authorise and receive on-line payments for works accessed from the Internet. To what extent these rulings will influence the way Australia and other countries treat this issue in the longer term has yet to be determined. Australia is now in the process of choosing the direction it wishes to take.
This paper explores a number of alternatives as to where we may go in the future, and how, in the short period, we may best protect copyright using existing methods.
Protecting one's intellectual property is important but is not always an easy thing to do. This is especially so where the information is in an electronic form and is made available over the Internet. Not only is illegal copying easy, but the decentralised nature of the Internet and the fact that it transcends international boundaries makes it difficult to enforce existing copyright laws. It is interesting, however, that the "friends" network on the Internet does often quickly let one know if someone is copying ones material illegally. In the UK this approach has been taken one step further with the UK Copyright Licencing Agency (CLA) initiating a COPYWATCH program to dob-in-a-pirate for businesses, libraries and other consumers. Funded by major publishers and organisations such as the Society of Authors, COPYWATCH features a publicity campaign and hotline for alerting the CLA about unlicensed photocopying of books, journals and magazines. I believe that a similar system could also be developed for use with biological data distributed on the Internet.
To find information on copyright and the Internet is easy - to sort out the valuable from the not so valuable information is, however, much more difficult. A number of discussion groups have been set up on the Internet to discuss issues of copyright and electronic publishing and these produce thousands of pages of discussion each year. There are also a large number of references on the Internet that deal with copyright in a multimedia environment (e.g. Brinson and Radcliffe 1994a and 1994b, Greguras et al. 1994, Lehman and Brown 1994). One of the best overviews, with links to further information, is the Institute for Learning Technologies' ILT Guide to Copyright (Institute of Learning Technologies 1995). Although it has an American bias it does touch on issues of International Law.
A number of meetings, workshops and international fora have also been held to discuss the issue of Copyright in a digital world. In February 1995, an International meeting was held in Geneva to discuss Copyright on the Internet. OECD countries met in Canberra in February 1996 (IPTF 1996) to try and seek a coordinated approach among those countries to security, privacy and intellectual property issues on the Internet. There will be many more such meetings before these issues are resolved to the satisfaction of all concerned.
Throughout history Copyright and patent law have focused not on ideas themselves but on the expression of those ideas (Barlow, 1994a, 1994b). One could, for example, claim copyright only on the precise turn of phrase used to convey a particular idea, or on the order in which certain facts were presented. It has been likened to a bottle of wine whereby the label on the bottle could be copyrighted but not the wine within the bottle. The point at which copyright came into effect was when the idea entered into a physical form, be it a book or tape, etc. This form of copyright worked well in the past, as books froze their contents into a condition which was difficult to alter or reproduce without loss of quality or in some other way making it obvious that a change had occurred and, more importantly, in which the cost of reproduction approached the cost of buying the original.
Patents work in a similar way with the added protection that a patent is not accepted if the invention doesn't work. Thus, the rights of invention and authorship are linked to the physical world. One does not get paid for ideas, but for the physical expression of those ideas. For all practical purposes the essentially one-to-one relationship between an idea and its physical expression means that the value is in the conveyance of an idea and not in the thought or idea conveyed.
With the coming of the Internet and electronic techniques such as digital scanning and digital photography, difficulties in copying and distributing information in forms unrecognisable from the original have disappeared. It is now possible to convey ideas from one mind to another without ever making them physical. Attempts are now being made to own ideas themselves and not just their physical expression. If taken to its extreme, one could claim, with respect to copyright, that merely thinking about a product is somehow as good as manufacturing, distributing and selling it (Barlow, 1994).
Proponents of the more radical school suggest that any attempt to extend present laws into the realm of cyberspace will only lead to bigger problems than those that already exist. They suggest that new ways to protect intellectual property need to be found that don't, at the same time, restrict the free flow of ideas or restrict the freedom of expression of ideas through free speech, etc. Dyson (1995) suggested that the best course of action for content providers is to exploit the situation and to distribute intellectual property free in order to sell services. For example, a museum may decide to make specimen information available free over the internet in order to publicise its identification or consultancy services. The band, Grateful Dead, have put this into practice by encouraging people to tape their performances and spread them around. Enough of those who copy and listen to the Grateful Dead tapes purchase hats, T-shirts and live-performance tickets to more than cover any lost revenues from record sales (Barlow, 1994a, 1994b). The trick, Dyson (1995) suggests, is to control not the copies of your work, but your relationship with your customers.
The idea that intellectual property on the internet can lose its value horrifies most of its owners and creators, but it is happening and is not new. Most software products are becoming commodities not because they are easy to duplicate (which is illegal) but because they are easy to imitate (Dyson, 1995). A good original product will retain its value only if it is maintained and up-to-date. How many copies of software are pirated every day, and how many successful prosecutions are there? Who can honestly say that they don't have or haven't used pirated software on their own machines? Industry is making huge investments in an attempt to restrict copyright breaches in this way. The US Government has recently brought pressure to bear on Chinese pirate CD plants and is likewise looking at other large scale pirating operations.
Owning intellectual property is somewhat like owning land; you need to keep investing in it to get a reward (Dyson, 1995). You can't simply sit back and collect the rent. To some this way of looking at intellectual property may seem unfair, particularly if you have grown up with the old rules. The new rules, however, have a certain moral grounding - people will be rewarded for personal effort, not just the mere ownership of assets (Dyson, 1995). As with land, there must be a continual investment in data to ensure that its quality and currency are maintained. Much of the chargeable value of information may well be in its authenticity and reliability rather than its content. This is very important with respect to biological data. It could mean that we must spend resources in the short term to improve the reliability of the data in order to give it a real value in the longer term - i.e., further invest in the "land" itself.
It may also mean that we need to look at making certain information broadly available on the Net in order to develop specific markets for services that may individually package customised information for specific customer needs.
What can we do now to best protect the information we have?
There are several ways of protecting the data on a Web server. One practical way is to make the data difficult to download as a whole - i.e. break it up into lots of small files that make it a big process to download the entire dataset. However, modern robot programs (see, for example, Koster, no date) can easily overcome any difficulties in downloading lots of files.
The Web also allows for the use of simple password protection, or allows the ability to limit access to certain Internet domains. For example only domains that have `*.gov.au' could be allowed access to certain files.
The simplest way to protect intellectual property and copyright on the Internet is to attach a copyright infringement notice with the data, similar to that included on books. This won't prevent someone from infringing the copyright but it does provide a possible recourse through the courts and makes users aware that the data is copyrighted. Generally these methods won't dissuade the dishonest user.
An example of a copyright notice used in ERIN for point biological data is:
This data is copyright - for holders of copyright, see individual records. The data is made available for the purposes of research, environmental information and educational activities. Any use of the data for other purposes, including for all commercially related activities, must have permission of the individual data custodians. Any use of the data must acknowledge the holder of copyright as data custodian.
In addition, all individual records extracted from the ERIN database have an additional brief copyright statement attached to the effect that "The title and intellectual property (including copyright) in this record vest in [name of organisation]"
The encryption of digital documents so that sensitive information cannot be decoded even if messages are intercepted is now becoming available, for example for the transmission of credit card information. The technology can be used in the same way for the transmission of sensitive environmental information. The Internet's de facto standard for encryption is PGP which stands for "Pretty Good Privacy" (Kantor 1995). PGP enables the encryption of a message so that only the intended recipients can read it. There are also protocols that allow a message to be signed so that recipients can verify that it came from the supposed sender. PGP is available for a range of platforms including DOS, Macintosh and Unix. Encryption works by using coding and decoding keys, copies of which are (securely) sent to designated people that you want to be able to read your encrypted messages. There is some doubt about the legality of using public domain versions of PGP outside of the USA but commercial versions are available. Encryption is increasingly being used on the Internet for banking transactions, and an "Internet Bank" has already been set up using this type of technology for transferring information.
The benefits of cryptography are well recognised. Encryption can protect communications and stored information from unauthorised access and disclosure. Less well recognised, however, are cryptography's limitations. Encryption has often been oversold as the solution to all security problems and threats, many of which it does not address. Encryption does not protect against many of the common methods of attack including such things as bad default settings or vulnerabilities in network protocols or software (Denning 1996). Moreover, the protection provided by encryption can be illusory. If the system where the encryption is performed can be penetrated, then the intruder may be able to bypass and subvert the encryption process. For example PGP could be replaced with a "Trojan Horse" which collects passwords (Denning 1996) thereby allowing open access to the encrypted information. Thus encryption should not be regarded as suitable security on its own. Good design, firewalls and good security practices such as security auditing are a few of the other techniques needed to enhance the value of encryption (see for example, Galvin 1996 for a paper on Security of Web servers using the Solaris Operating Systems). Other techniques, such as digital signatures can protect against spoofing and message forgery.
A variety of technological solutions are now available which can give Web users a measure of security that was lacking earlier. Several of the World Wide Web Graphical interface providers such as Mosaic and Netscape are developing secure transmissions via the World Wide Web. Secure HTTP (Enterprise Integration Technologies, 1994) is an interoperable extension of the World-Wide Web's existing HyperText Transfer Protocol that provides communication and transaction security for WWW clients and servers. Secure HTTP works by a user clicking a "secure submit" button which causes a client program to generate encryption for the information on the form using the client's public key. The Netscape Web server provides an encryption system called Secure Sockets Layer (SSL) (Netscape Communications, 1995) based on the RSA Data Security's public-key algorithm to scramble sensitive data. Basically, the SSL is a protocol layer that sits between the TCP/IP and HTTP protocols. SUN Microsystems have also developed a key-management scheme with a simple extension to provide scalable group key-management for Internet multicasting protocols. SKIP (Simple Key Management for Internet Protocols) is designed to be plugged into the IP Security protocol (IPSP) or IPv6 (Sun Microsystems 1995). Photuris (Simpson 1995,Karn 1996) isanother protocol intended for Internet nodes that frequently access or are accessed by a large and unpredicatable number of other nodes. It features defense against resource clogging, perfect forward secrecy, and party anonymity. It is independent of any particular party identification method or certificate format. Photuris is primarily used for creating virtual private networks, operating over bandwidth-limited links, establishing privacy sessions for mobile users and networks, and short-lived sessions between numerous clients and servers. A list of other protocols can be found in the paper on Cryptographic Protocols and Standards (Yl�nen 1996). The International Protocol Security Working Group (Atkinson and Lambert 1996) within the Internet Engineering Task Force (IETF) is presently looking at developing standards for the incorporation of authentication, message integrity, and privacy.There are some suggestions that the overuse of encryption could lead to "Crypto Anarchy" (May 1995) whereby any material, including harmful material, could be transmitted securely and without any means of safeguard. There has been much heated debate around the world about restrictions on the use of encrypted technology to enable law enforcement and national security agencies to intercept communications. One alternative to general encryption is key escrow encryption or escrowed encryption (Denning and Branstad 1996, Denning 1995a, b) which allows the combination of strong encryption with an emergency decryption capability. This is carried out by linking encrypted data to a data recovery key. A copy of the key could be held in trust by a government agency, a court or bonded private organisation.
As can be seen, encryption offers a technical approach to copyright protection (Liu et al. 1994), but there is still a long way to go to achieve a reliable system. Strong cryptographic algorithms can give an electronic publisher even stronger control than that exercised by most traditional publishers. The use of encryption technology allows copyright statements to be encrypted into a document and thus be transferred with the document wherever it goes. An extension of this is the incorporation of digital watermarks into graphic images. Private sector projects such as SysCoP (System for Copyright Protection) are looking at copyright-labelling tools that allow information providers to embed indelible digital signatures or watermarks into structured text, images or video data. This technique is particularly useful for formatted images such as GIFs which are frequently used for transmitting biological information over the Internet. The digital signature does not prevent illicit copying and dissemmination but discourages infringement by providing an audit trail and supplying proof consistent with legislation currently being developed, for example by the European Union.
Although encryption offers a solution for most data types, there is only one way to completely protect highly sensitive data against breaches of Copyright and that is to not make the data available over the Internet at all.
If you are going to use material on the Internet for which you do not own
copyright, then permission must be obtained from the copyright holders.
This usually means contacting the copyright holder and obtaining permission,
in writing, to use the material. There may sometimes be a charge involved
for this to happen. For material subject to US copyright law an OnLine Copyright
Clearance Centre has been set up to help with obtaining permissions and
to "ease permissions burdens and consolidate payments for rightsholders".
(Copyright Clearance Center, 1995).
There are a number of ways that intellectual property on the Internet can be protected in the short term. None of these are fool-proof. To a large extent the use of copyright, even in traditional publishing, is a bluff which will seldom deter the dishonest user. The widespread availability of electronic scanners means that previous difficulties in copying tranditional publications and distributing reproductions everybit as good as the original, are no longer difficult. The only true way to stop copyright infringement is to not make the information available at all, but this goes against the very reason most of us carry out our work, i.e., to improve the global knowledge base.
The introduction of digital technology and especially of the Internet means that we must re-examine the whole concept behind the use of copyright for the protection of intellectual property in information and data, and to examine what it is we are really trying to protect. Only then can we determine the best and most appropriate way of protecting that information.
The level of activity in Australia over the last three years has been frenetic
(Ricketson 1996). Much of this is now being coordinated
with the activities of other OECD countries. For example, the recent joint
Australian-OECD conference in Canberra on Security, Privacy & Intellectual
Property Protection in the Global Information Infrastructure (IPTF
1996) examined many of these issues in detail. There is little doubt
that the momentum will increase in the near future.
A number of staff members of ERIN and of the Department of the Environment, Sport and Territories have provided valuable comments on this paper.
Atkinson, R. and Lambert, P. (1996). IP Security Protocol (ipsec) Charter. [Published electronically at: http://www.ietf.cnri.reston.va.us/html.charters/ipsec-charter.html].
Barlow, J.P. (1994a). The Economy of Ideas. WIRED 2(03): 84-. [Also available electronically at: http://www.hotwired.com/wired/2.03/features/economy.ideas.html].Barlow, J.P. (1994b). Selling Wine Without Bottles: The Economy of Mind on the Global Net. [Available electronically at: http://www.eff.org:80/pub/Publications/John_Perry_Barlow/HTML/idea_economy_article.html].
Brinson, J.D. and Radcliffe, M.F. (1994a). Intellectual Property Law Primer for Multimedia Developers. [Published electronically at: http://www.eff.org/pub/CAF/law/ip-primer].
Brinson, J.D. and Radcliffe, M.F. (1994b). The Multimedia Law Handbook: A Practical Guide for Developers and Publishers [Published electronically at: http://www.eff.org/pub/CAF/law/ip-primer].
Busby, J.R., Canhos, D.L., Canhos, V., Cavalcanti, R., Chapman, A.D., Dansby, B., Harrison, J., Hernandez, M., Jensen, M., Lanou, S.M., Los, W., Olivieri, S., Stein, B., Tangley, L. and Uhlir, P. (1995). Data and Information Management and Communication (coord. S. Olivieri, J. Harrison and J.R. Busby) Chapter 9: 607-670 In. Global Biodiversity Assessment (ed. V.H. Heywood). Cambridge, UK: Cambridge University Press.
Copyright Clearance Center (1995). Creating Copyright Solutions. Copyright Clearance Center, Inc.
Denning, D.E., (1996). The Future of Cryptography. pp. 85-94 In an Intellectual Property Task Force Report: Joint Australian-OECD Conference on Security, Privacy & Intellectual Property Protection in the Global Information Infrastructure. Canberra, 7-8 February 1996. Canberra: Department of Communications and the Arts.
Denning, D.E., (1995a). Key Escrow Encryption: The Third Paradigm. Computer Security Journal Summer, 1995.
Denning, D.E., (1995b). Critical Factors of Key Escrow Encryption Systems. Proc. National Information Systems Security Conference October, 1995.
Denning, D.E. and Branstad, D.K., (1996). A taxonomy of Key Escrow Encryption. Comm. of the ACM March, 1996. [See also other papers on the same topic published electronically at http://guru.cosc.georgetown.edu/~denning/crypto/]
Dyson, E. (1995). Intellectual Value. WIRED 3.06: 136-141, 182-184.
Enterprise Integration Technologies (1994)
Feist Publications (1991). Inc. v. Rural Telephone Service Co., 111 S.Ct. 1282.
Galvin, P. (1996). Secure your Solaris Web server from the perils of the Void. SunWorld Online. April 1996. [Published electronically at: http://www.sun.com/sunworldonline/swol-04-1996/swol-04-security.html]
Greguras, F., Egger, M.R. and Wong, S.J. (1994). Multimedia Content and the Super Highway: Rapid Acceleration or Foot on the Brake? [Published electronically at: http://www.eff.org/pub/CAF/law/multimedia-copyright].
Institue for Learning Technologies (1995). The ILT Guide to Copyright. Institute for Learning Technologies, Columbia University. [Published electronically at: http://www.ilt.columbia.edu/projects/copyright/index.html].
IPTF - Intellectual Property Task Force (1996). Joint Australian-OECD Conference on Security, Privacy & Intellectual Property Protection in the Global Information Infrastructure. Canberra, 7-8 February 1996. Canberra: Department of Communications and the Arts.
IETF (1996). Internet Engineering Task Force Home Page [Published electronically at: http://www.ietf.cnri.reston.va.us/].
Kantor, A. (1995). An Introduction to the Internet. Mecklermedia. 51pp.
Karn, P. and Simpson, W.A. (1996). The Photuris Session Key Management Protocol. Draft Network Working Group Document (6 month expiry from January 1996). [Published electronically at: ftp://ftp.ietf.cnri.reston.va.us/internet-drafts/draft-ietf-ipsec-photuris-09.txt].
Koster, M. (no date). World Wide Web Robots, Wanderers, and Spiders. NEXOR, UK. [Published electronically at: http://www.nexor.co.uk/mak/doc/robots/robots.html].
Lehman, B.A. and Brown, R.H. (1994). Intellectual Property and the National Information Infrastructure - A Preliminary Draft of the Report of the Working Group on Intellectual Property Rights. Information Infrastructure Task Force (IITF).
Liu, C., Peek, J., Jones, R., Buus, B. & Nye, A. (1994). Managing Internet Information Services. Sebastapol, CA: O'Reilly & Assoc.
Mason v. Montgomery Data (1992). 967 F.2d 135 (5th Cir. 1992).
May, T. (1995). Crypto Anarchy and Virtual Commmunities. Internet Security April 1995 pp. 4-12.
Netscape Communications (1995). Secure Sockets Layer (SSL). Netscape Communications Corporation. [Published electronically at: http://www.netscape.com/newsref/ref/netscape-security.html#ssl].
Ricketson, S. (1996). The Challenges to Copyright Protection in the Digital Age - an Australian Perspective. pp. 201-239 In an Intellectual Property Task Force Report: Joint Australian-OECD Conference on Security, Privacy & Intellectual Property Protection in the Global Information Infrastructure. Canberra, 7-8 February 1996. Canberra: Department of Communications and the Arts.
Simpson, W. (ed.) (1995). Photuris Extensions. Draft Network Working Group Document (6 month expiry from November 1995). [Published electronically at: ftp://ftp.ietf.cnri.reston.va.us/internet-drafts/draft-ietf-ipsec-photuris-ext-01.txt].
Sun Microsystems (1995). Simple Key-Management for Internet Protocols. [Published electronically - in Postscript - at: http://www.sun.com/950523/skip_wp.ps
Tatu Yl�nen (1996). Cryptographic Protocols and Standards. [Published electronically at: http://www.cs.hut.fi/crypto/protocols.html