Digital Rights Management

Digital Rights Management (generally abbreviated to DRM) is any of several technologies used by publishers (or copyright owners) to control access to and usage of digital data (such as software, music, movies) and hardware, handling usage restrictions associated with a specific instance of a digital work. The term often is confused with copy protection and technical protection measures (TPM). These two terms refer to technologies that control or restrict the use and access of digital media content on electronic devices with such technologies installed, acting as components of a DRM design.

Digital Rights Management is a controversial topic. Advocates argue DRM is necessary for copyright holders to prevent unauthorized duplication of their work to ensure continued revenue streams. Some critics of the technology, including the Free Software Foundation, suggest that the use of the word "Rights" is misleading and suggest that people instead use the term Digital Restrictions Management. The position put forth is that copyright holders are attempting to restrict use of copyrighted material in ways already granted by statutory or common law applying to copyright. Others, such as the Electronic Frontier Foundation consider some DRM schemes to be anti-competitive, citing the iTunes Store as an example.

Enterprise Digital Rights Management (E-DRM or ERM) refers to the use of DRM technology to control access to corporate documents (Word, PDF, TIFF, AutoCAD files, etc), rather than consumer playable media. The technology usually requires a Policy Server to authenticate users' rights to access certain files. EDRM vendors include Microsoft, Adobe Systems, EMC Corporation/Authentica and several smaller companies. There are open source implementations as well. EDRM is generally intended to apply to trade secrets, which are much different from copyrighted material (though there is sometimes an overlap with material being both copyrighted and a trade secret — eg, source code of proprietary software), and for whom the primary issue is industrial or corporate espionage or inadvertent release. In most jurisdictions, there is no notion of fair use of trade secrets as there is for copyrighted material. Trade secrecy confidentiality measures are less controversial than DRM applied to copyrighted material, which is commercially sold in many copies.

DRM vendors and publishers coined the term digital rights management to refer to the types of technical measures discussed here, applying it only to digital media (and analog media that has been released in digital form). There is a long history of objection on the part of copyright holders (often music distributors or broadcasting companies) to copying technology of any kind. Examples have included player piano rolls (early in the 20th century), audio tape recording (after WWII), video tape recording (eg, in the famous Betamax case in the US), etc. Digital copying raised concerns to a higher pitch. While analog media loses quality with each copy generation, and often even during normal use, digital media files may be copied an unlimited number of times without degradation in the quality of subsequent copies. Digital Audio Tape, thought by many observers of the time to be a probable replacement / improvement for the audio cassette, was a market failure in part due to opposition on grounds of the potential for piracy. The advent of personal computers, combined with the Internet and popular file sharing tools, have made unauthorized sharing of digital files (often referred to as digital piracy) possible and profitable.

Although technical controls on the reproduction and use of software have been intermittently common since the 1980s, the term DRM has come to primarily mean the use of similar measures to control artistic works or content. Beyond the existing restrictions imposed by copyright law, most DRM schemes are able to enforce additional restrictions at the discretion of the content's publisher, which may or may not be the same entity as the copyright holder.

DRM may be enforced by numerous technologies, such as special modifications to digital media player software. Since such implementations can be reverse engineered, they are not effective as an inherent part of the design. This fact has resulted in a general move toward Mandatory Access Control systems (as opposed to Discretionary access control) wherein usage restrictions are enforced by software buried in hardware, working with software provisions in operating systems, media playing software, or both. However, some implementations of this type of DRM are vulnerable to an additional class of attacks, due to a requirement to run on tamper-resistant hardware. There has been pressure (largely successful) for legislation and regulation creating new offenses (ie, controlling or prohibiting examination of DRM schemes, or possession of any tools (eg, software) which might interfere with the operation of a DRM scheme.) An example is the DMCA.

While digital rights management is most commonly used by the entertainment industry (films and recording), it has found use in other media as well. Many online music stores, such as Apple’s iTunes Store, as well as certain e-books producers, have adopted various DRM schemes in recent times. In recent years, a number of television producers have begun demanding implementation of DRM measures to control access to the content of their shows in connection with the popular TiVo system, and its equivalents.

An early example of a DRM system is the Content Scrambling System (CSS) employed by the DVD Forum on movie DVDs since circa 1996. The scheme used a simple encryption algorithm, and required device manufacturers to sign a license agreement restricting the inclusion of certain features in their players, such as a digital output which could be used to extract a high-quality digital copy of the movie. Thus, the only consumer hardware capable of decoding DVD movies was controlled by the DVD Forum, restricting the unauthorized use of DVD media until the release of DeCSS by Jon Lech Johansen in 1999. An unsuccessful variant of this scheme is the now-defunct DIVX format.

Digital Rights Management holds an uncertain legal status in most countries, as the rights of users and producers regarding content are rarely defined clearly enough currently for the legal situation to be widely agreed upon. In most countries, particularly those without a fair use doctrine, users' ability to use copyrighted material is ill-defined and so difficult to enforce.

The 2001 European directive on copyright forces member states of the European Union to implement legal protections for DRM. In 2006, the lower house of the French parliament adopted such legislation as part of the controversial DADVSI law, but added that protected DRM techniques should be made interoperable, a move which caused widespread controversy in the United States.

Problems associated with some well-known systems include:

* DIVX: Proposed as a rental-only system, DIVX required a phone line, and thus inhibited the use of media offline. To relocate a work for which unlimited plays had been purchased (called DIVX Silver), it was necessary to carry the DVD player that first played the disk with it, or manually request that another player be authorized to play that disc. Consumers were denied certain fair use rights in countries with such a doctrine, such as the ability to create compilations of purchased material and to re-sell their copy. DIVX should not be confused with DivX.

* CSS: Restricts owners' use of purchased content, such as the creation of compilations or full quality reproductions, where such actions would ordinarily be permissible in certain countries as fair use. The system also prevents the user from playing encrypted DVDs on any computer platform, although this restriction can be easily circumvented at the risk of prosecution under laws such as the DMCA. CSS is an example of certificate-based encryption.

* Product activation: Restricts a product's functionality until it is registered with a publisher by means of a special identification code, often recording information about the specific computer the software it is installed on to prevent its use across multiple machines. Activation schemes may place some users at risk by incorrectly identifying their purchased software as unauthorized. An example of this vulnerability occurred in 2003, when Intuit's use of a flawed product activation scheme angered thousands of customers who were denied legitimate use of the product, resulting in a formal apology by Intuit and their cancellation of the system.

* Digital watermarking: Allows hidden data, such as a unique disc ID, to be placed on the media. The system allows such information as the name and address of the purchaser to be taken at the point of sale, and entered into a database along with the unique disc ID. This system does not prevent copying, but ensures that any copies made of the media will be traceable to a particular copy and perhaps to a particular user. However, the scheme relies largely on authenticating the purchaser's identity at the point of sale, and can be easily circumvented by a customer who provides false information.

Digital Millennium Copyright Act:

The Digital Millennium Copyright Act (DMCA) is a United States copyright law passed unanimously on May 14, 1998, that criminalizes the production and dissemination of technology that allows users to circumvent copyright protection methods, rendering all forms of DRM-stripping and circumvention software illegal. On 22 May 2001, the European Union passed the EU Copyright Directive, an implementation of the 1996 WIPO Copyright Treaty that addressed many of the same issues as the DMCA.

The DMCA was largely ineffective in enforcing DRM systems, as software allowing users to circumvent copyright restrictions remains readily available over the Internet. However, the Act has been used to restrict the spread of such software by limiting its distribution and development, as in the case of DeCSS.

The arrest of Russian programmer Dmitry Sklyarov in 2001, for alleged infringement of the DMCA, was a highly publicized example of the law's use in preventing the further development of anti-DRM measures. While working for Elcomsoft, he developed The Advanced eBook Processor, an application that allowed authorized users to strip usage restriction information from protected e-books. Sklyarov was arrested in the United States after presenting a speech at DEF CON, and subsequently spent several months in jail. The DMCA has also been cited as detrimental to legitimate users, such as students of cryptanalysis, and security professionals such as Niels Ferguson, who declined to publish information about vulnerabilities he discovered in an Intel secured computing scheme because of his concern about being arrested under the DMCA when he travels to the US.

While DRM systems are ostensibly designed to protect an owner's right to control copying, after a statutorily-defined period of time any copyrighted work becomes part of the public domain for anyone to use freely. DRM systems currently employed are not time limited in this way, and although it would be possible to create such a system (under compulsory escrow agreements, for example), there is currently no mechanism to remove the copy control systems embedded into works once the copyright term expires and they enter the public domain.

Furthermore, copyright law does not restrict the resale of copyrighted works (provided those copies were made by or with the permission of the copyright holder), so it is perfectly legal to resell a copyrighted work provided a copy is not retained by the seller—a doctrine known as the first-sale doctrine in the US, which applies equally in most other countries under various names. Similarly, some forms of copying are permitted under copyright law, under the doctrine of fair use (US) or fair dealing (many other countries). DRM technology restricts or prevents the purchaser of copyrighted material from exercising their legal rights in these respects.

Moreover, the scope of legal rights cannot, in principle, be fully encoded in technical access/copying restrictions. For example, a photograph generally falls under the copyright of its photographer, and may not be reproduced in an unlimited way by other persons. A photographer wishing to enforce her copyright might attach some DRM codes to a digital version of her photograph that indicate "may not be copied." However, the photographer might subsequently sign an agreement with another party authorizing such duplication (the reason for doing so is irrelevant). Under law, the moment such an agreement is signed, copying (under the new terms) becomes legal; but the DRM software will not (has not so far, in any case) be adjustable to reflect the new legal reality established by those whose choice it is.

An oft-cited example of DRM overreach is Adobe Systems' release in 2000 of a public domain work, Lewis Carroll's Alice in Wonderland, with DRM controls asserting that "this book cannot be read aloud" and so disabling use of the text-to-speech feature normally available in Adobe's eBook Reader.

DRM has been used by organizations such as the British Library in its secure electronic delivery service to permit worldwide access to substantial numbers of rare (and in many cases unique) documents which, for legal reasons, were previously only available to authorized individuals actually visiting the Library's document centre at Boston Spa in England. This is an interesting case, one in which DRM has actually increased public access to restricted material rather than diminished it.

An early example of a DRM scheme is one that is currently being used on textbooks required in some American Dental Schools including New York University College of Dentistry. The textbooks are available only on DVD and students are forced to purchase the DVD. The DVDs are readable only on an authorized computer and only for a limited time, after which the DVD "expires" and the information in the "DVD book" becomes unavailable. Some of these books are not available on paper at all.

Some DRM advocates have taken the position that the operational contexts and design goals of DRM, security, software engineering and cryptography are sufficiently well understood that it is already possible to achieve the desired ends without causing unrelated problems for users or their computers.

Others have taken the position that creators of digital works should have the power to control the distribution or replication of copies of their works, and to assign limited control over such copies. Without this power, they argue, there will be a chilling effect on creative efforts in the digital space. This has been and remains the underlying argument for copyright. DRM is one means by which creators of digital works may obtain this power.

A similar view states that DRM's advent is the first time large-scale digital distribution has been reasonably achievable, which proponents claim to be a benefit both to content creators and their customers that far outweighs the typical problems that arise. This argument cannot be applied to physical media, however.

Furthermore, advocates of DRM believe that its opponents advocate the rights of hardware and media owners, but at the expense of the privileges of artists and their designated copyright holders. Consumers of hardware and media voluntarily and knowingly agree to the grant of limited use of the content exhibited using their physical media.

Many organizations, prominent individuals, and computer scientists are opposed to DRM. Two notable DRM critics are John Walker in his article, The Digital imprimatur: How big brother and big media can put the Internet genie back in the bottle, and Richard Stallman in his article/story The Right to Read and in public statements "DRM is an example of a malicious feature - a feature designed to hurt the user of the software, and therefore, it's something for which there can never be toleration". Professor Ross Anderson of Cambridge University heads a British organization which opposes DRM and similar efforts in the UK.

The Electronic Frontier Foundation and similar civil rights organizations, including and, also hold positions which are characterized as opposed to DRM.

The Foundation for a Free Information Infrastructure criticizes DRM's impact as a trade barrier from a free market perspective.

The GNU General Public License version 3, released by the Free Software Foundation, prohibits using DRM to restrict free redistribution and modification of works covered by the license, and has a clause stating that the license's provisions shall be interpreted as disfavoring usage of DRM. Also, in May 2006, FSF launched a "Defective by Design" campaign against DRM.

Free Creations has published a license against DRM: Against DRM 2.0.

In France, in order to inform the consumers about DRM, the citizen group StopDRM is regularly organizing protests in general stores (like Virgin or La Fnac) in different cities.

As already noted, many DRM opponents consider Digital Rights Management to be a misnomer. They argue that DRM manages rights (or access) the same way prison manages freedom. A common alternative is Digital Restrictions Management. Alternatively, ZDNet Executive Editor David Berlind suggests the term Content Restriction, Annulment and Protection or CRAP for short.

The use of DRM may also be a barrier to future historians, since technologies designed to permit data to be read only on particular machines may well make future data recovery impossible - see Digital Revolution. This argument connects the issue of DRM with that of asset management and archive technology.

DRM opponents argue that the presence of DRM infringes private property rights and restricts a range of normal user activities. A DRM component would take control over the rest of the user's device which they rightfully own (such as an MP3 player) and restricts how it may act, regardless of the user's wishes (for example, preventing the user from copying a song). All forms of DRM depend on the DRM enabled device (eg, computer, DVD player, TV, ...) imposing restrictions that cannot be disabled or modified by the user, regardless of existing rights. In other words, the user has no choice.

Most internet music stores employ DRM to restrict the usage of music purchased and downloaded online. There are many options for consumers buying digital music over the internet, in terms of both stores and purchase options. Two examples of music stores and their functionality follow:

* The iTunes Music Store, the industry leader, allows users to purchase a track online for under a dollar, to burn that song to an unlimited number of CDs, and transfer it to an unlimited number of iPods. The purchased music files are encoded as AAC, a format supported by iPods, and DRM is applied through FairPlay. Many music devices are not compatible with the AAC format, and only the iPod itself can play FairPlay-encoded files. Apple also reserves the right to alter its DRM restrictions on the music a user has downloaded at any time. For example, Apple recently decided to restrict the number of times a user can copy a playlist from ten to seven. Songs can be played on only five computers at a time, and users cannot edit or sample the songs they purchased (though copies can be used and edited in Apple's iMovie). Despite these restrictions, the iTS DRM is often seen as lenient. Previously, it was possible to bypass the DRM through programs such as Hymn but Apple has altered its systems to close such loop holes. Apple provides iTunes software for copying the downloaded music to iPods in AAC format or to conventional music CD (CDDA format). No copy restrictions are recorded onto the CD and many programs can read and convert music from CD to other music formats, such as MP3 used by competing digital music players.

* Napster music store, which offers a subscription based approach to DRM alongside permanent purchases. Users of the subscription service can download and stream an unlimited amount of music encoded to Windows Media Audio (WMA) while subscribed to the service. But as soon as the user misses a payment the service renders all music downloaded unusable. Napster also charges users who wish to use the music on their portable device an additional $5 per month. Furthermore, Napster requires users to pay an additional $.99 per each track to burn a track to CD or to listen to the track after the subscription expires. Songs bought through Napster can be played on players carrying the Microsoft PlaysForSure logo (notably excluding iPod players and Microsoft's own Zune).

The various services are currently not interoperable, though those that use the same DRM scheme (for instance the various Windows Media DRM stores, which include Napster) all provide songs that can be played side by side through the same program. Almost all stores require client software of some sort to be downloaded, and some also need plug-ins. Several colleges and universities, such as Princeton University, have made arrangements with assorted Internet music suppliers to provide access (typically DRM protected) to music files for their students, to less than universal popularity, sometimes making payments from student activity fee funds. (See Nick Timeros's article in the WSJ: Free Legal, And Ignored) One of the problems is that the music becomes unplayable after leaving school, unless the student continues to pay individually. Another is that few of these vendors are compatible with the most common portable music player, the Apple iPod.

Denver Public, Cuyahoga County and San José Public libraries join Cleveland Public Library, King County Library System, Public Library of Youngstown & Mahoning County, Wright Memorial Public Library and many others who enable the downloading of best-selling eBooks 24/7 from their library websites using the OverDrive service. The service features a growing collection of best-selling eBooks from popular authors and publishers including HarperCollins, Time Warner, McGraw-Hill, Zondervan, Scholastic, John Wiley and Sons, and more. These audio books are downloadable in the WMA DRM format.

Several DRM schemes have been implemented. Many see them as "abuse" of copyright (often called eSlavery in Europe); DRM proponents have seen them as a "reasonable balance of consumer concerns and artist rights."

Examples include:

* Digital imprimatur
* Inclusion of commercials on the "unskippable track" on DVDs reserved for the copyright notice;
* Using the DMCA to restrict access to items that do not qualify for copyright, such as garage door openers and printer ink cartridges;
* Adding restrictions on text-to-speech conversion in the EULA of e-books;
* BBC IMP trial for downloads of DRM-encrypted audio and video files; uses the Kontiki peer to peer file distribution system. Allows no user control of the background up and downloading, leading to considerable slowing of user PCs and potential exhaustion of allowed data transfers without warning due to the nature of peer to peer type operations, with only the option to shut down the user's computer or disconnect from the Internet. BBC content is time-limited and will only play on the machine to which it was downloaded or an officially authenticated device participating in Microsoft's DRM scheme.
* Sky's 'Sky By Broadband' scheme also uses Kontiki with similar results.
* Using Copy Control schemes to thwart the existing statutory and common law exceptions to copyright holder control (such as fair use), as for instance in regional coding of media (such as in DVDs);
* The possibility of dominant DRM-inclusive recording and playback technology being used uncritically by users unaware of the dangers and consequences thereof, and potentially later locking them out of their own creations, as with SCMS in consumer-grade DAT equipment;
* Preventing academic publication and distribution of information relating to flaws in computer security in the absence of the permission of the creators of said technologies;
* Silencing individuals who have found serious flaws in software used in electronic voting.
* Restriction of medical records and personal financial information using DRM to protect consumer rights. Insurers, lawyers and loan companies have strongly objected to the use of these technologies to prevent patient, hospital and practitioner records being more freely accessible due to copy and forward restriction applied to patient or customer records.
* As of 2005, in American dental schools students are required to purchase textbooks on DVD. The DVDs are readable only on an authorized computer and only for a limited time, after which the DVD expires and the information in the "DVD book" becomes unreadable. Some of these books are not available on paper at all.
* Stopping or making archival of the content, even allowed such like in libraries, hard or impossible to do due to practical and technical reasons - especially when considering that the content should still be accessible even if the publisher disappears (bankruptcies etc).
* TiVo 7.2 OS adds content access restrictions, blocks transfers, and auto-deletes some shows
* The 2005 Sony CD copy protection scandal
* Aesthetic objections to onscreen DRM threats interfering with relaxing and watching a movie.
* The Swedish Pirate Party wants to outlaw most forms of DRM.
* The legal inability to disable DRM restrictions, even if they "threaten critical infrastructure and potentially endanger lives"
* Many DRM systems restrict playback to a single device and, to date, no provider has offered to renew this licence when the device is upgraded.
* Some WMDRM protected files will install spyware such as Zango when the user agrees to retrieve a license to play the file.
* The Playstation 2 version of Ape Escape: Pumped & Primed creates copy-protected game saves which cannot be transferred between memory cards. This is the first known instance where a publisher has enforced DRM on private data, rather than just data copyrighted by the publisher.
* The PlayStation 2 CD-ROM format games are protected and cannot be copied with normal copy software. Curiously, the DVD-ROM format games doesn't have this type of protection.
* The Xbox 360 games has advanced security code which prevents copying of the games.
* The Museum of Just Not Getting It makes an attempt to tabulate the worst DRM-related decisions by media companies.

Copyright law has been defined in terms of general definitions of infringement in any concrete medium. This classic approach focused such law on whether or not there is infringement, rather than focus on particular engineering techniques. Legislators have in several instances chosen not to prohibit new technologies (for example, piano rolls, radio broadcasting, and audio tape recording have not been prohibited, and in fact endorsed by inclusion in copyright legislation or the Courts in the U.S.). Critics of DRM assert that detecting and prosecuting infringement within the social and legal system avoids a legacy of outlawing generic, universal, popular, widespread, useful, and possibly uncontrollable in any case, engineering techniques in response to specific misuses.

In Europe, there are several dialog activities that are uncharacterized by its consensus-building intention:

* Workshop on Digital Rights Management of the World Wide Web Consortium (W3C), January 2001.
* Participative preparation of the European Committee for Standardization/Information Society Standardisation System (CEN/ISSS) DRM Report, 2003 (finished).
* DRM Workshops of DG Information Society, European Commission (finished), and the work of the DRM working groups (finished), as well as the work of the High Level Group on DRM (ongoing).
* Consultation process of the European Commission, DG Internal Market, on the Communication COM(2004)261 by the European Commission on "Management of Copyright and Related Rights" (closed).
* The INDICARE project is an ongoing dialogue on consumer acceptability of DRM solutions in Europe. It is an open and neutral platform for exchange of facts and opinions, mainly based on articles by authors from science and practice.
* The AXMEDIS project is a European Commission Integrated Project of the FP6. The main goal of AXMEDIS is atomating the content production, protection and distribution, reducing the related costs and supporting DRM at both B2B and B2C areas harmonising them.

The European Community is expected to produce a recommendation on DRM in 2006, phasing out the use of levies (compensation to rights holders charged on media sales for lost revenue due to unauthorized copying) given the advances in DRM/TPM technology.

The first proposed draft of the GPLv3 (released on 2006-01-16) contains language intended to neutralize the harmful effects of DRM (interference with users' rights to examine, alter, and redistribute) when implemented using GPL'd software. Although the draft in no way prohibits the use of GPL'd code in DRM systems, it does require binaries (or source code) to be distributed not only with source code, but also with the necessary cryptographic keys and other required mechanisms needed to modify the software and still have it interoperate. It also contains language intended to exclude GPL'd DRM code from the scope of the DMCA (and similar statutes elsewhere) anti-circumvention provisions.Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts.
Virtual Magic is a human knowledge database blog. Text Based On Information From Wikipedia, Under The GNU Free Documentation License. Copyright (c) 2007 Virtual Magic. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License".

Links to this post:

Create a Link

<< Home