Digital rights management: Difference between revisions

	Main Article	Discussion	Related Articles  [?]	Bibliography  [?]	External Links  [?]	Citable Version  [?]
	This editable Main Article is under development and subject to a disclaimer. [edit intro]

This article is currently being developed as part of an Eduzendium student project. The project's homepage is at CZ:CIS 700 Special Topics 2008. One of the goals of the course is to provide students with insider experience in collaborative educational projects, and so you are warmly invited to join in here, or to leave comments on the discussion page. However, please refrain from removing this notice. Besides, many other Eduzendium articles welcome your collaboration!

Digital Rights Management (DRM) refers to the laws and technologies which provide intellectual property owners control over the distribution and use of their digital property by defining consumers' rights in its usage. DRM's primary function is to restore control over copying digital media and to restrict access and content use beyond what is granted by copyright law^[1].

Legal Background

The copyright since its formal creation in 1710 by the British Statute of Anne and its inclusion in the first article of the U.S. Constitution^[2] has been the main protection scheme for intellectual property rights for creative information goods and services. Copyright law grants exclusive legal ownership of information under specific conditions and terms. Through two major revisions of U.S. copyright law in 1909 and 1976,^[3] the range of content and media forms covered by legislation were expanded.

During the pre-digital era, large-scale copying was expensive and usually resulted in degraded content. The development of electronic and digital media transformed the production and distribution of information goods and services. In digital form, the content could be copied perfectly or easily converted to another form or format, and thus lifted the physical constraints of copying. The rise of digital media and networks made sharing and copying not only easier for traditional information "pirates", but also made it easier for individuals. Unlike the "pirates" whose unauthorized copies were for commercial gain, individual copying stems from behavioral norms from traditions of fair use and first-sale rights.

The rise of unlicensed and illegal copying and distribution of intellectual property casted doubts on whether a copyright provided enough protection in the wake of continued digital innovations. Copyright owners responded by developing technological copyright protection mechanisms (CMP) in order to make copying more costly and difficult. For CPM to succeed, legal enforcement was needed to ensure the uniform adoption of technologies and that any attempt to circumvent them would be criminalized. The U.S. 1998 Digital Millennium Copyright Act (DMCA) provided for enforcement of copyright protection mechanisms. The development of schemes that were capable of not only preventing or limiting copying, but also controlling the distribution and uses of digital media eventually became collectively known as digital rights management^[1].

DRM Approaches

Encryption

Early DRM relied on security and encryption to combat illegal copying by using a content encoding system and then limiting access to the decoding technology. But all control over future use was lost once the content was decoded. This approach relies on copyright law to protect against further illegal copying.

An example is the DVD Forum's Content Scrambling System (CSS) which provided a common means of encoding for all movies on DVD. Any firm producing players or software to view the encoded movies had to license the decoding system from the forum. This scheme was unable to prevent piracy as it was easily bypassed using the open source decoder known as DeCSS.^[1]

One of the great problems with encryption is hiding decrypted content. In order to hide it from user applications, DRM-enabled players decrypt content in kernel mode and check for unsigned drivers. Some DRM developers suggest using TPM chip to insure that operation system is genuine and only signed drivers can be loaded. In such systems DRM drivers can control computer completely and perfectly hide the decryption process.

Marking

This DRM approach entails the encoding of markers into the digital content that can be used for description, identification, protection, monitoring, tracking, and limiting uses of intellectual property. Combining this approach with the technology to read the markers and abide by the markers allows for even greater control over management of digital content than just limiting the ability to copy as in the encryption approach.

Examples of the marking approach to DRM can be found in downloaded music from content providers such as Apple, Microsoft, RealNetworks, and Sony. A future example is the broadcast flag system which is being proposed for U.S. digital television which would allow cable networks to limit the copying or distribution of their programming.^[1]

Rights Locker

The "rights locker" approach drastically changes the way in which digital content can be owned. Instead of owning copies of the digital media, the consumer owns a set of rights to access the content from a central digital network using a specified range of devices.^[1]

Difficulties of DRM

Consumer attitudes

Many people find DRM systems to be a hindrance to the use of the media they have purchased, and some consumers actively boycott companies and products that use DRM. Many consumers express a preference for material that is not 'hindered' with DRM protections. DRM also seems to be doing very little to stop unauthorized copyright infringement: "today, infringement is more widespread than ever"^[4].

Access and Usage Concerns

Consumers have many concerns in regards to access and usage of various content due to DRM systems/restrictions. Consumer opinions are to keep the rights of the consumer from the analogue realm to be the same in the digital realm. Some rights that users are concerned about losing are their abilities to create private backup copies, excerpt, transition data from one device to another, record for future use, and editing content for personal use.

More explicitly, consumers worry about the loss of data because of restrictions on transferring from one format to another. This may force consumer into repurchasing digital data in another format, when they can easily have the capability of transitioning the format themselves. Another outside concern consumers ask is how do DRM Systems handle the expiration of copyright terms. Do DRM systems release their restrictions when the copyright term expires?^[5]

Privacy Concerns

The main user concern in regards to privacy is the ability for the DRM systems to record and transmit consumer usage of particular products and digital data. This becomes a double edged sword. Some users enjoy this feature; for instance, recommended music/videos/books appeals to some users when trying to find something new to experience. Other users complain about this claiming they are being targeted more easily by data/media providers. This is a difficult concern to balance for DRM systems.^[5]

Interoperability Concerns

Security Concerns

Business Concerns

Legal problems

There is a basic principle of copyright law, called "fair use" ^[6] in US law. For example, copyright does not prevent quoting a work in a review or analysis; nor does is prohibit a blind user from using software that will read an e-book aloud for him. However, some DRM systems block those.

The principle is clear, but the border is by no means sharply delineated. Between the black of copyright infringement and the white of perfectly legal fair use, there is a large grey area. This is being narrowed down by various court rulings and sometimes altered by new legislation, but will likely never go away entirely.

That principle greatly complicates the design of DRM systems. Copyright law has exceptions for fair use; can you build those into DRM software? What do you do about the grey areas? If you ignore fair use, or just misjudge some grey areas, you will infringe on the users' legal rights; what are the market or legal consequences of that? How will your DRM system adapt to changes in the law?

One case that was fought all the way to the US Supreme Court may be relevant to DRM. The court ruled [4], that recording TV programs for home use did not violate copyright, so Sony could not be held to be contributing to copyright infringement by selling VCRs. That decision appears to mean that, for example, it is legal for users to copy songs from their CDs into a music archive on their hard drives. In another case [5], the court ruled that the Rio, "a portable digital audio device which allows a user to download MP3 audio files from a computer and to listen to them elsewhere.", is also legal fair use.

However, if the DRM allows those applications, how can it prevent the users from sharing the files? If it does not allow such things, can users legally break the DRM to enforce their rights? Will they just avoid your DRM-protected products?

Technical problems

DRM is attempting a fundamentally difficult task. Security author Bruce Schneier states of DRM: "Trying to make digital files uncopyable is like trying to make water not wet."^[7]

In particular cases, the costs may be quite high. Peter Gutmann, commenting on Microsoft DRM efforts, wrote "The Vista Content Protection specification could very well constitute the longest suicide note in history"^[8].

Why is this so difficult? Assume you are a totally legal user of the material protected by DRM, and all the security tests for your music, or your software, are successful. To hear the music, it has to be put into a form the speakers will reproduce. At some point between the DRM-protected recording and the speaker, the signal has to be put into a useful form. Once it is in that form, how does the DRM enforcer prevent it from being copied?

The problem of protecting material on a DVD or other physical storage device are simple when compared to delivering content across the Internet. Think of pay-per-view television. Even in encrypted form, it has to pass through intermediate distribution points on the Internet; the general distribution problem here is part of inter-domain multicast routing (IDMR). How do the legal users get the decryption key for the program for which they have paid, and only for that program? Can anyone along the path from content user to content buyer intercept that key and use it? If so, will the legitimate user still be able to use it? Alternatively, can the stolen key be distributed?

References