Since my post last Friday about alternatives to SOPA/PIPA, I have started to talk to a bunch of people about the idea of a decentralized content registry.  Here are some thoughts and questions that I have been kicking around since then.

A decentralized system could offer a new revenue stream for existing registrars and certificate authorities who are already at least partially equipped to deal with issues of verification.  By having a competitive situation from the start the price for content registration can be determined by the market rather than set by the government.

We should figure out how to leverage DNS and DNSSEC in this context.  The direction in which I am thinking is some kind of analogy to DKIM.  Part of what this would require is an efficient way to create signatures even for large pieces of content, such as a feature length movie.

The scheme should probably specifically *not* support DRM and the idea of windowing either by time or geography.  Why? Because those are exactly the types of artificial scarcity that piracy exploits.  Instead all the content in the registry should be unencumbered and even externally cacheable.

Here then are some of the big questions to consider:

1. If the registry allows content owners to set a price (and likely a separate price for download versus streaming), then how does that money get remitted to the content owners? And how/where does usage get metered?

2. What is an efficient method for discovering copies that are not participating in the scheme?  One idea here would be that content that participates in the registry gets fingerprinted.  That would enable third parties to build services that report (presumably unsigned or mis-signed) copies that match the fingerprints.  To that end it might be worthwhile considering a NIST competition for a publicly available content fingerprint technology (similar to NIST’s hash function competition).

I would love to hear from people who have thought about content rights registries before and/or work with some of the existing centralized ones.  For this to work at Internet scale whatever solution comes out cannot be centralized.