Towards A Digital Rights Management Framework Olli Pitkänen * Helsinki Institute for Information Technology P.O. Box 5400, FIN-02015 HUT, Finland olli.pitkanen@hiit.fi Mikko Välimäki * Helsinki Institute for Information Technology P.O. Box 5400, FIN-02015 HUT, Finland mikko.valimaki@hiit.fi Abstract : One way to extract value from information products is to implement a digital rights management system. The aim of this article is to eliminate common confusions and direct future work among experts with different backgrounds. We introduce a framework to define concepts in this field. According to the framework, an entity may have legal rights in an information product in a certain jurisdiction at a certain time. The entity also has requirements how to manage its rights. Based on the legal rights and requirements, the entity has activities and its products have properties that are called rights management. The entity uses both technical and legal tools to manage its rights. Key words : Digital rights management (DRM), control metadata, information products, e-books. 1 Introduction One of the fastest growing and most profiting sectors of today’s economy is information industry. Its success has in short time brought new opportunities to do business with digital information products. Entities have learned methods to commercialize their intangible assets to markets. Still, it is not well known how an entity could extract the most value from the information it possesses. (Sullivan, 2000) Distributing information in digital forms presents also numerous legal concerns. In general, it is very easy to reproduce digital information. The copies are as good as the originals. Especially on the Internet, it is difficult for the information providers to control what the others do with the information. The Internet enables all new business opportunities but they are vulnerable to the unauthorized use of information. Digital rights management is an essential part of implementing the selected business model. Digital rights management is not quite a new concept. Only the name has changed. A few large companies and public entities started research in Electronic Copyright Management in the early 1980’s. Later in the 1990’s, especially European Union funded several notable projects such as IMPRIBATUR and COPEARMS, which tried to study the whole field from legal, technical and business perspectives. However, digital mass-markets had not yet developed and, hence, the results of these project did not lead to direct market applications. In any case, the understanding of the field increased and the last few years we have discussed of first Electronic and then Digital Rights Management. It is now clear that Digital Rights Management covers also other rights than copyright and even the management of such information assets, which lack legal definition. (Dusollier, 1999; Möschel & Bechtold, 1998) Recently several companies and organizations have published products to manage rights in digital information. Those companies include for example Adobe, IBM, InterTrust, Liquid Audio, and Xerox ContentGuard (see the referred web pages). However, there seems to be a lack of common understanding what this area includes. All the companies have different concepts. This paper presents a framework that aims at eliminating common confusions and helping the discussion on rights management, how the products in this field could be made interoperable, and where the work should be focused on. The framework defines the concept of digital rights management, its central parts, and relations between those parts. * Currently, visiting scholars at University of California, Berkeley.