[Air-L] drm a grave threat to privacy (report from cippic)

Jeremy Hunsinger jhuns at vt.edu
Sat Sep 22 09:30:28 PDT 2007

some of you may find this useful

Our assessment of the compliance of these DRM applications with  
PIPEDA led to a number of general findings:
• Fundamental privacy-based criticisms of DRM are well-founded: we  
observed tracking of usage habits, surfing habits, and technical data.
• Privacy invasive behaviour emerged in surprising places. For  
example, we observed e-book software profiling individuals. We  
unexpectedly encountered DoubleClick - an online marketing firm - in  
a library digital audio book.
• Many organizations take the position that IP addresses do not  
constitute "personal information" under PIPEDA and therefore can be  
collected, used and disclosed at will. This interpretation is  
contrary to Privacy Commissioner findings. IP addresses are collected  
by a variety of DRM tools, including tracking technologies such as  
cookies and pixel tags (also known as web bugs, clear gifs, and web  
• Companies using DRM to deliver content often do not adequately  
document in their privacy policies the DRM-related collection, use  
and disclosure of personal information. This is particularly so where  
the DRM originates with a third party supplier.
• Companies using DRM often fail to comply with basic requirements of  

jeremy hunsinger
Information Ethics Fellow, Center for Information Policy Research,  
School of Information Studies, University of Wisconsin-Milwaukee  

() ascii ribbon campaign - against html mail
/\ - against microsoft attachments

http://www.aoir.org The Association of Internet Researchers
http://www.stswiki.org/ stswiki
http://cfp.learning-inquiry.info/  LI-the journal
http://transdisciplinarystudies.tmttlt.com/  Transdisciplinary  
Studies:the book series

More information about the Air-L mailing list