Almost always attributed (without any source) to Stewart Brand, Electronic Frontier Foundation Board member, and founder of the Whole Earth Catalog and the WELL. See later concerning the full quote.
 See Part II of Greenleaf 1998.
 Barlow 1993
 'Digital works' is used loosely in this article to refer to any digital artefact that could embody copyright subedit matter.
 `Code Replacing Law: Intellectual Property' in Lessig 1998
 There is no widely-accepted terminology for individual technologies that protect digital content. I use 'CPT' to refer to 'content protecting technologies' rather than 'copyright-protecting', because they protect content which copyright does not protect.
 DRMS were also known as electronic copyright management systems ('ECMS')., but DRMS is the more current terminology.
 One list of famous quotes adds `Among others. No telling who really said this first.' - <http://world.std.com/~tob/quotes.htm>. However, John Perry Barlow insists (though he still doesn't give a source) that the full version of Brand's quote is: 'Information wants to be free -- because it is now so easy to copy and distribute casually -- and information wants to be expensive -- because in an Information Age, nothing is so valuable as the right information at the right time.' (Barlow, in an Atlantic Monthly Roundtable - at <http://www.theatlantic.com/unbound/forum/copyright/barlow2.htm>). I'll stick to my imaginary version.
 The following description was largely true in relation to the 'end users' of copyright artefacts, consumers, but was less true of various categories of intermediaries who licensed the uses of copyright works.
 See Bygrave and Koelman 1998 [5.2] for examples.
 Bygrave and Koelman 1998 Chapter 5 stresses this reason, giving too little weight to the factors mentioned earlier.
 As Bygrave 2001 notes, part of the function of privacy laws is to protect 'the incentive to participate in a democratic, pluralist society by securing the privacy, autonomy and integrity of individuals'.
 The summary o f these arguments on which this is based are from Bechtold 2001, part 6.1.1
 The conclusion reached by Bechtold 2001.
 Kelly 1997
 Apple's iMusic software and its use of the CDDB database is one example.
 The following analysis is influenced most strongly by Bechtold 2001, though many other authors have argued similarly. Bechtold adds the emphasis on technology licensing of hardware manufacturers to previous analyses. I have generalised the approach he takes at a number of points.
 A contract entered into by the consumer being required to agree to contractual terms, by clicking an 'I agree' button with a mouse, before the consumer can access the digital work.; see ProCD, Inc v Zeidenberg, 86 F.3d 1447 (7th Cir. 1996) for the most significant US decision.
 See Bechtold 2001, part 3 and part 5.1.2 for a summary of this argument.
 Bechtold 2001, part 4
 Bechtold 2001, part 8
 Koelman and Helberger 1998, part 2
 This summary draws on discussions in from the following articles: Koelman and Helberger 1998; Clarke and Dempsey 1999; Stefik 1997; Cohen 1997a; IFRRO
 For example, works protected by Softlock are freely copyable and partially readable 'demos', but become full-featured once a password is purchased. They automatically revert to demos when copied to another machine. Softlock's advertisement says: 'turn pirates into distributors.' (Was on <http://www.softlock.com/> June 1998, now deleted.)
 See Cox 1994.
 See Stefik 1997, Stefik 1999
 Mann 1998
 "A cookie is information that a Web site puts on your hard disk so that it can remember something about you at a later time." (from Whatis?com definition) - see <http://searchSecurity.techtarget.com/sDefinition/0,,sid14_gci211838,00.html>.
 "A Web bug is a file object, usually a graphic image such as a transparent one pixel-by-one pixel GIF, that is placed on a Web page or in an e-mail message to monitor user behavior, functioning as a kind of spyware. Unlike a cookie, which can be accepted or declined by a browser user, a Web bug arrives as just another GIF on the Web page. A Web bug is typically invisible to the user because it is transparent (matches the color of the page background) and takes up only a tiny amount of space." - (from Whatis?com definition) - see <http://searchWebManagement.techtarget.com/sDefinition/0,,sid27_gci341290,00.html>.
 International Federation of Reproduction Rights Organisations (IFRRO) - see <http://www.ifrro.org/>.
 Was on Australia's Cultural Network site at <http://www.acn.net.au/resources/ip/ecms.htm>, but now deleted.
 In Europe the Imprimatur project, sponsored by the European Commission, developed the Imprimatur Business Model. Bygrave and Koelman describe the actors and inter-relationships in the model (Bygrave and Koelman 1998, p3):
In brief, the role of the creation provider (CP) is analogous to that of a publisher; ie, he/she/it packages the original work into a marketable product. The role of the media distributor (MD) is that of a retailer; ie, he/she/it vends various kinds of rights with respect to usage of the product. The role of the unique number issuer (UNI) is analogous to the role of the issuer of ISBN codes; ie, it provides the CP with a unique number to insert in the product as microcode so that the product and its rights-holders can be subsequently identified for the purposes of royalty payments. The role of the IPR database provider is to store basic data on the legal status of the products marketed by the MD. These data concern the identity of each product and its current rights-holder. The main purpose of the database is to provide verification of a product's legal status to potential purchasers of a right with respect to usage of the product. As such, the IPR database is somewhat similar in content and function to a land title register. The role of the monitoring service provider (MSP) is to monitor, on behalf of creators/copyright-holders, what purchasers acquire from MDs. Finally, the certification authority (CA) is intended to assure any party to an ECMS operation of the authenticity of the other parties whom he/she/it deals. Thus, the CA fulfils the role of trusted third party (TTP).Bygrave and Koelman 1998 at p7.
 Gervais 1998
 "A DOI (digital object identifier) is a permanent identifier given to a Web file or other Internet document so that if its Internet address changes, users will be redirected to its new address. You submit a DOI to a centrally-managed directory and then use the address of that directory plus the DOI instead of a regular Internet address. The DOI system was conceived by the Association of American Publishers in partnership with the Corporation for National Research Initiatives and is now administered by the International DOI Foundation. Essentially, the DOI system is a scheme for Web page redirection by a central manager. " -(from Whatis?com definition) - see <http://whatis.techtarget.com/definition/0,,sid9_gci213897,00.html>
 "Functionally, a PURL is a URL. However, instead of pointing directly to the location of an Internet resource, a PURL points to an intermediate resolution service. The PURL resolution service associates the PURL with the actual URL and returns that URL to the client. The client can then complete the URL transaction in the normal fashion. In Web parlance, this is a standard HTTP redirect." (from PURL Home Page) - see <http://www.purl.org/>
 Dublin Core, US MARC, INDECS Project, Stanford Digital Library Metadata Architecture, BIBLINK/NEDLIB
 Julie Cohen, speaking mainly of the IFRRO's notion of an ideal DRMS, concludes (Cohen, 1996):
These capabilities, if realized, threaten individual privacy to an unprecedented degree. Although credit-reporting agencies and credit card providers capture various facets of one's commercial life, CMS raise the possibility that someone might capture a fairly complete picture of one's intellectual life.Bygrave and Koelman, 1998, while not opposed to DRMS, stress that the surveillance dangers are one of the most significant obstacles to their acceptable operation:
Reading, listening, and viewing habits reveal an enormous amount about individual opinions, beliefs, and tastes, and may also reveal an individual's association with particular causes and organizations. Equally important, reading, listening, and viewing contribute to an ongoing process of intellectual evolution. Individuals do not arrive in the world with their beliefs and opinions fully-formed; rather, beliefs and opinions are formed and modified over time, through exposure to information and other external stimuli. Thus, technologies that monitor reading, listening, and viewing habits represent a giant leap--whether forward or backward the reader may decide--toward monitoring human thought. The closest analogue, the library check-out record, is primitive by comparison. (And library check-out records are subject to stringent privacy laws in most states. (footnotes omitted) 
... such systems could facilitate the monitoring of what people privately read, listen to, or view, in a manner that is both more fine-grained and automated than previously practised. This surveillance potential may not only weaken the privacy of information consumers but also function as a form for thought control, weighing down citizens with "the subtle, imponderable pressures of the orthodox", and thereby inhibiting the expression of non-conformist opinions and preferences. In short, an ECMS could function as a kind of digital Panopticon. The attendant, long-term implications of this for the vitality of pluralist, democratic society are obvious.Gervais 1998 describes the role of pseudonymity in the proper operation of DRMS:
A related issue is how to identify individual digital copies (which presumably have been sold to a specific user), without creating a risk to privacy or confidentiality. If indeed individual copies are identified, using a watermark containing a transaction code for instance, a viable solution could be to number individual copies, without including data identifying the user who "ordered" the copy in question. Copy numbers could be linked, in a secure database, to the individual users. Should there be a good reason to make the link between the copy number and the user -- for instance, under court order -- that link could be made. The role of trusted third parties acting as aggregators of usage data might be especially important to users. An aggregator or collective management organization using an electronic copyright-management system could thus maintain the confidentiality of the link (if any) between a given copy delivered on-line and a specific user. The content owner would receive with the payment for use of his works a report on the number of uses, possibly with an indication of the type of users concerned, but no information about individual users. Without this type of confidentiality guarantee, it may be very difficult for electronic copyright commerce to prosper. In other words, properly tuned electronic copyright-management systems that aggregate data so as to protect privacy and confidentiality are probably essential ingredients of the success of electronic copyright commerce.Gervais, 1998, a proponent of DRMS, emphasises the crucial role that DRMS intermediaries (such as MSPs and CAs in the Imprimatur model) will have in the protection of privacy:
An electronic copyright-management system does not in and by itself protect privacy, but it is probably the best tool to do so. If the rules under which the electronic copyright-management system operates are correctly designed, the system would return to rights holders aggregated information on use of his/her works. For example, the system could say that clearance was granted to use "Scientific Article X" to "11 pharmaceutical companies in the last month", or that "2,345 users in this part of Chicago" downloaded a given musical work. The rights holder thus gets market data without violating anyone's confidentiality or privacy. Even now the Copyright Clearance Center in the U.S. does not report to rights holders which articles from medical or scientific journals are used by individual users (eg., pharmaceutical companies). It only tells rights holders how often a work was used by, say, the pharmaceutical industry as a whole. Most collective management organizations aggregate information in this way and this is perhaps a function whose value has thus far been underestimated by users. Lessig 1998, at `Code Replacing Law: Intellectual Property'. Lessig also notes extensive argument in the USA as to whether "the fair use exceptions to copyright protection are not affirmative rights against the copyright holder, but instead the consequence of not being able to efficiently meter usage. Once that technical limitation is erased, then so to would the fair use rights be erased".
 Lessig 1998, at `Code Replacing Law: Contracts'.
 They are also an instance of laws facilitating surveillance which we can describe as 'data surveillance law'.
 Koelman and Helberger 1998, part 3.1 note a number of US, UK and EU provisions which deal only with some types of circumvention, or specific types of works.
 The WIPO Performances and Phonograms Treaty A 18 is a very similar provision, but the discussion in this paper will only refer to the WCT A 11.
 See Commonwealth Attorney-General's Discussion Paper The Digital Agenda (1998) `Part 5 - Proposed scheme for new technological measures and rights management information provisions' - <http://law.gov.au/publications/digital.htm#anchor1565870>. See also Speech by Attorney-General D Williams 'Copyright and the Internet: New Government reforms' para 35, 30 April 1998, Murdoch University - <http://law.gov.au/articles/copyright_internet.html>.
 Proposed European Commission (EC) Directive on the harmonisation of certain aspects of copyright and related rights in the Information Society - see Articles 6 and 7 - now Directive 2001/29/EC
 Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society (O.J. L 167, 22.6.2001, p. 10 et seq.); for analysis, see Bygrave 2001 and Koelman 2000.
 Section 116A(1) sets out the scope of the right: s116A(1) Subject to subsections (2), (3) and (4), this section applies if:
(a) a work or other subject-matter is protected by a technological protection measure; and
(b) a person does any of the following acts without the permission of the owner or exclusive licensee of the copyright in the work or other subject-matter:
(i) makes a circumvention device capable of circumventing, or facilitating the
circumvention of, the technological protection measure;
(ii) sells, lets for hire, or by way of trade offers or exposes for sale or hire
or otherwise promotes, advertises or markets, such a circumvention device;
(iii) distributes such a circumvention device for the purpose of trade, or for any
other purpose that will affect prejudicially the owner of the copyright;
(iv) exhibits such a circumvention device in public by way of trade;
(v) imports such a circumvention device into Australia for the purpose of: [OMITTED];
(vi) makes such a circumvention device available online to an extent that will affect
prejudicially the owner of the copyright;
(vii) provides, or by way of trade promotes, advertises or markets, a circumvention
service capable of circumventing, or facilitating the circumvention of, the
technological protection measure; and
(c) the person knew, or ought reasonably to have known, that the device or service would be
used to circumvent, or facilitate the circumvention of, the technological protection
 s10 defines 'circumvention device':
circumvention device means a device having only a limited commercially significant purpose or use, or no such purpose or use, other than the circumvention, or facilitating the circumvention, of an effective technological protection measure.Section 10 defines 'circumvention service':
circumvention service means a service, the performance of which has only a limited commercially significant purpose, or no such purpose or use, other than the circumvention, or facilitating the circumvention, of an effective technological protection measure.
 References following are to the Copyright Ordinance Cap 528.
Australian Video Retailers Association Ltd v Warner Home Video Pty Ltd  FCA 1719
 It seems unlikely that an implied licence would still operate under circumstances of attempted circumvention.
 Section 23(6) 'Copying in relation to any description of work includes the making of copies which are transient or are incidental to some other use of the work.'
 Sections 60-61 Hong Kong and ss47AB - 47H Australia
 The scope of the 'computer crime' laws of Australia and Hong Kong is not covered in this article.
 Koelman 2000
 I am indebted to John McPhail on this point: perso.nal communication on file with author.
 If a device is intended to protect copyright works, but is in fact quite ineffective to do so, is it still a 'technological protection measure'? This does not matter because, following the WTO Treaty, there is only a 'circumvention device if it has the purpose of circumventing an 'effective technological protection measure' (s10 definition of 'circumvention device').
 See s116A(3)-(4A) and (7)-(9). There is a separate national security exemption in s116A(2).
 Compare Cohen 1996 Part V 'The First Amendment Case Against the Proposed Anti-Tampering Law'
 cf Koelman 2000, 'Preparatory activities'
 For a review and current status of all of the 'DeCSS cases' see the 'OpenLaw: Open DVD' forum at <http://eon.law.harvard.edu/openlaw/DVD/> (Berkman Centre, Harvard Law School).
 A16(3), s8 Hong Kong Bill of Rights, Bill of Rights Ordinance (Cap 383)
 McLean and Flahvin 2001
 "The files you automatically request by looking at a Web page are stored on your hard disk in a cache subdirectory under the directory for your browser (for example, Internet Explorer). When you return to a page you've recently looked at, the browser can get it from the cache rather than the original server, saving you time and the network the burden of some additional traffic." (from Whatis?com definition of 'cache') - see <http://searchWebManagement.techtarget.com/sDefinition/0,,sid27_gci211728,00.html>
 The Robot Exclusion Protocol is observed voluntarily by most commercial web spiders - see A Standard for Robot Exclusion - <http://www.robotstxt.org/wc/norobots.html>, and `A Method for Web Robots Control' (an `Internet Draft', a working documents of the Internet Engineering Task Force, 1996, expired June 1997) - <http://www.robotstxt.org/wc/norobots-rfc.html>. Site administrators have the technical capacity to exclude specific robots from their site compulsorily if they do not obey the Protocol.
 Bygrave 2001 says the Directive 'provides no obvious answer'.
 See US Code Title 17Sec 1201 (i) Protection of Personally Identifying Information, providing that it is not a breach to circumvent 'the capability of collecting or disseminating personally identifying information reflecting the online activities of a natural person' if the following conditions are satisfied:
"(a) the access controls collect or disseminate information about the online activities of a person; (b) conspicuous notice about this information processing is not given; (c) the data subject is not provided the ability to prevent the information being gathered and disseminated; and (d) the disabling of the controls has the sole effect, and is solely for the purpose, of preventing the collection and dissemination. "s132(5D) provides:
(5C) A person must not remove or alter any electronic rights management information attached to a copy of a work or other subject-matter in which copyright subsists, except with the permission of the owner or exclusive licensee of the copyright, if the person knows, or is reckless as to whether, the removal or alteration will induce, enable, facilitate or conceal an infringement of the copyright in the work or other subject-matter.Though the Australian provision conjoins (a)(i) and (a) (ii) with 'and', not 'or'.
 WIPO Performances and Phonograms Treaty
 s274(3) References in this section to rights management information means-
(a) information which identifies the work, the author of the work, the owner of any right in the work, the performer, or the performance of the performer; (b) information about the terms and conditions of use of the work, the person having fixation rights in relation to the performance, or the performance; or (c) any numbers or codes that represent such information, when any of these items of information is attached to a copy of a work or a fixed performance or appears in connection with the making available of a work or a fixed performance to the public.Bygrave and Koelman 1998 at p53
 cf Bygrave and Koelman1998 at p53
 See US Code Sec 1202 Integrity of copyright management information, providing that 'copyright management information' includes 'terms and conditions for use of the work' and 'such other information as the Registrar of Copyrights may prescribe by regulation, except that the Registrar of Copyrights may not require the provision of any information concerning the user of a copyright work'.
 Bygrave and Koelman 1998 at p53; see also Koelman 2000
 New Zealand and Canada are the other significant examples.
 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (O.J. L 281, 23.11.1995, p. 31 et seq.)
 See Bygrave and Koelman, 1998, particularly Chapter 2; Koelman, 2000; and Bygrave 2001.
 Froomkin 1999
 Cohen 1996
 In many other countries, there is likely to be less reluctance to interfere in 'private orderings' of transactional relationships concerning intellectual property by legislation, for example by compulsory licensing schemes. Even in the USA, compulsory terms in such contractual relationships are not so unusual. William W Fisher stresses that compulsory terms in contracts are not at all unusual in the USA., and proposes a set of such compulsory contractual terms for contracts concerning intellectual property rights: see Fisher 1998
 Froomkin 1999
 Section 2 defines 'personal data':
'"personal data" means any data- (a) relating directly or indirectly to a living individual; (b) from which it is practicable for the identity of the individual to be directly or indirectly ascertained; and (c) in a form in which access to or processing of the data is practicable ' (s2)Greenleaf 1996
 Bygrave and Koelman at p14
 See Greenleaf 1998, Part F 'Stopping Searching - Robot Exclusion Standards' for discussion.
 See for example Greenleaf 1999a; Weinberg 2000,
 Its Australian origins lie in Principle 10 of the Australian Privacy Charter (1994): `People should have the option of not identifying themselves when entering transactions' (see Australian Privacy Charter Council (1994) Australian Privacy Charter - at <http://www.anu.edu.au/people/Roger.Clarke/DV/PrivacyCharter.html>). In 1998 the Australian Privacy Commissioner's National Principles for the Fair Handling of Personal Information included Principle 8 as now appears i n the Act (with 'should' in place of 'must').
 See below
 There is debate within the European Commission as to whether it is implied by the Directive (personal communication with Lee Bygrave); see Bygrave 2001 for discussion
 Schedule 1
 `s4(1) The provider shall offer the user anonymous use and payment of teleservices or use and payment under a pseudonym to the extent technically feasible and reasonable. The user shall be informed about these options.'
 Article 29 Committee 1997a; They recommend that where appropriate the 'minimum necessary collection' principle 'should specify that individual users be given the right of anonymity'. A surprising limitation of the Working Party's approach is that it does not adequately distinguish anonymity and pseudonymity, nor pursue the extent to which pseudonymity should be offered where anonymity is not practicable. The following main conclusions are relevant here:
International Working Group on Data Protection in Telecommunications, 1999. For the importance of the distinction between anonymity and pseudonymity, see Clarke 1999 and Smith and Clarke 1999
* The ability to choose to remain anonymous is essential if individuals are to preserve the same protection for their privacy on-line as they currently enjoy off-line.
* Anonymity is not appropriate in all circumstances. Determining the circumstances in which the 'anonymity option' is appropriate and those in which it is not requires the careful balancing of fundamental rights, not only to privacy but also to freedom of expression, with other important public policy objectives such as the prevention of crime. ...
* Wherever possible the balance that has been struck in relation to earlier technologies should be preserved with regard to services provided over the Internet.
* The ... purchase of most goods and services over the Internet should all be possible anonymously. ...
* Anonymous means to access the Internet (eg. public Internet kiosks, pre-paid access cards) and anonymous means of payment are two essential elements for true on-line anonymity. 
 See Greenleaf 2001 for related discussion
 For discussion, see Bygrave and Koelman at p16-, also p 27
 February 1999 They have not yet been implemented. The recommendations are expressed as applying to 'internet hardware and software products'. It would be better if they also applied expressly to digital works, as the issues are the same, but it is straining language to call a digital artwork 'software'. I have substituted 'digital works' for 'software' in discussing them.
 Article 29 Committee 1999a
 See Greenleaf 1998
 Bygrave and Koelman p23
 see Bygrave 2000
 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (O.J. L 281, 23.11.1995, p. 31 et seq.)
 See Bygrave and Koelman pgs 29-31 for detailed analysis.
 Hong Kong appears to be waiting until it is clearer how the EU and its member States will interpret and enforce the data export provisions in the Directive.
 US Department of Commerce 'Welcome to the Safe Harbor' website < http://www.export.gov/safeharbor/>
 Bygrave 2001 Processing Of Personal Data - see 'Article 29 Committee'