posted 17 Dec 2007 in Volume 11 Issue 4
The DRM debate
By Lucy McNulty
When the web browser Mosaic v 1.0 was released into the public domain in late 1993 no one could have predicted the impact it would have on public perception of the Internet. Mosaic encouraged those outside of academia and large industrial research institutions to access the Internet, and by doing so made the web relevant to the general public for perhaps the first time.
This newly networked digital age brought with it new problems, however, as the ability to instantaneously access vast amounts of information pushed the issue of rampant piracy to the fore. Anyone could now lift, copy and re-distribute digital content very easily and at virtually no cost. As a result, access control technologies known as digital rights management (DRM) software began to be developed in an effort to enable the secure creation, management, distribution and promotion of digital content on the Internet.
It was hoped they would provide the much-needed solution to digital piracy. Yet, since its development in the mid 1990s DRM technology has consistently courted controversy and conflicted opinion with some dismissing the software as an innately flawed solution. Others, however, continue to believe incorporating access control technologies into software is key to the prevention of piracy. But who is right? Is DRM software destined for failure or is it in fact an effective disincentive to infringement in the digital age?
How does DRM work?
The term DRM refers to any scheme that aims to control access to copyrighted material using technological means. First-generation DRM systems sought merely to control copying; second-generation DRM schemes, however, are now designed in an effort to control the viewing, copying, printing and altering of digital content in particular digital film, music, eBooks and corporate files.
DRM software can incorporate a number of techniques from encryption technologies and digital watermarking to authorisation systems and disabling equipment. Most organisations, however, now employ a combination of encryption and authorisation systems to both protect content and ensure that only authorised customers can use particular content or unlock encrypted files. When DRM is applied in this manner, the digital data in a file is scrambled rendering the file unreadable to anyone without the correct decryption key.
Authentication systems, which are intended to act as a stand between users and keys, ensure that only people with proper permission can obtain a key to unlock the protected file. A key will not be provided unless the correct username and password is given or if a file in any way contravenes the restrictions a rights holder has in place – for example, if the file has been decrypted too many times.
DRM, therefore, removes usage control from the person in possession of the digital content and puts it in the hands of the computer program or intellectual property (IP) holder. “In deploying DRM technologies rights holders get somewhat more control and they want control for control’s sake,” says Jessica Litman, a professor of copyright law at the University of Michigan Law School. “They are scared of a digital future in which the next generation would rather hang out on YouTube than watch television so the more control they have over their content the less scared they feel they have to be.”
And it is not just control over their content which rights holders can enjoy: DRM technologies also make it possible to find out more about a buyer – watermarking technologies, for example, can track a user’s preferences. Indeed, it seems this is not the only benefit of a fully integrated DRM system.
“DRM places consumers in a position where they must pay for the creative work that a business has invested capital in to create,” says Leigh Ellis, a software engineer, intellectual property and information technology lawyer at Gillhams Solicitors. “The greater revenue companies amass as a result enables businesses to become more competitive in their pricing as their market expands.” It appears, therefore, that consumers can also benefit. For not only do they gain access to cheaper content but they supposedly also acquire the right to use higher quality digital media on the Internet because content providers using DRM will be more willing to make media widely available, safe in the knowledge that their content will not be unlawfully distributed.
How effective is DRM?
To the content owner or distributor DRM technologies evidently appear as the perfect means to prevent misuse of content, increase the scope of control that they assert over and revenue that they receive from their copyrighted IP assets but in practice are they really as effective as they seem?
A look back to one of the earliest examples of DRM software would seem to suggest they are not. The Content Scramble System (CSS), deployed in the late 1990s, used a simple encryption algorithm to protect content on all commercially produced DVD discs and required device manufacturers to sign license agreements that restricted the inclusion of features in DVD players, such as digital outputs that could be used to extract high-quality digital copies of film. Yet by 1999 the software had been compromised by the development of the computer program DeCSS, by a fifteen-year-old Norwegian, which successfully circumvented the technologies employed by CSS by enabling encrypted DVDs to play on computers using the Linux operating systems.
“As with all other DRM systems CSS was and still is easily hackable,” says Litman. “In fact I have yet to hear of any system that is unhackable.” It would seem that DRM technology is by no means as flawless as IP owners would hope to believe. “It is fundamentally a flawed application of cryptography,” explains Becky Hogge, the executive director of the Open Rights Group (ORG), a UK-based organisation that works to preserve digital rights and freedoms. “At the same time as the technology attempts to give the consumer a locked file, it is also giving the consumer’s computer a key to unlock or decrypt the file.”
Clearly no matter how much the DRM software attempts to obscure the key from the end user, it is relatively easy for someone with a degree of technological knowledge to find that key within their computer and upload a decrypted file onto a file sharing platform to make it available to others. Surely this is a clear indication that this technology fails to accomplish what it was developed to do. Maybe so but worryingly to DRM’s critics, the ease with which the software can be circumnavigated is only one of its many flaws. “It has become painfully clear that DRM is not working the way it was imagined,” says Tarleton Gillespie, author of Wired Shut: Copyright and the Shape of the Digital Culture. “It is a costly piece of software that doesn’t only fail to secure copyright but also manages to really irritate consumers.”
Indeed, many argue the software is fundamentally anti-consumer and imposes unfair restrictions on the use of legitimately acquired digital media. “One of the problems with DRM technology is that it isn’t flexible,” says Gillespie. “There is no wiggle room in the software to determine what is or isn’t fair use of content.” This lack of flexibility impacts upon the consumer. A customer who purchases a DRM-restricted music file, for example, may find themselves restricted to making two copies of the file. This is fine, if the user only wanted to copy the file to their MP3 player and laptop, but is it fair that if they then buy a new computer they will find themselves unable to copy their lawfully purchased content onto it? Many would argue it isn’t.
“The restrictions imposed on content by DRM effectively punishes rights holders’ customers, because in the end they are offering consumers who pay to legitimately download files, content that performs worse than that which can be copied for free on file sharing platforms,” says Hogge. Litman reiterates this damning assessment, describing the software as being “completely obnoxious”, owing to its ability to restrict a consumer’s usage of content and its potential to lock the user into using a particular product or download service. “Many successful digital music platforms tie consumers into their product by using one type of DRM that is compatible only with the music player they are associated with,” explains Hogge. “This type of product lock-in does not benefit the consumer at all.”
Worse still, this lack of interoperability among the number of DRM systems in existence has led to the development of differing restrictions concerning how consumers can and cannot use content, leaving the user confused as to what is and isn’t legitimate use of digital files.
In imposing so many limitations on the consumer, DRM technology can in fact alienate the customer to such a degree that it succeeds in encouraging piracy as opposed to preventing it. “A great detriment of this technology is that it results in consumers being able to do less with the stuff that they’ve gotten legitimately,” says Litman. “I think that tempts many users to act illegitimately, and that in turn, breeds disrespect for laws concerning copyright.”
Such criticisms have not gone unnoticed by businesses using DRM technologies. Microsoft chairman Bill Gates spoke out against DRM to an invited party of bloggers and web developers at Microsoft’s Seattle headquarters in late 2006, calling for “more flexible models” to put a stop to a DRM models which “cause too much pain for the legitimate buyer”.
Apple, also expressed its dissatisfaction with the current DRM system with CEO Steve Jobs stating, in an open letter posted on the company website in February 2007, that those who are unhappy with the current situation should “redirect their energies towards persuading music companies to sell their music DRM-free”. And the dissent is not limited to the world of business. Indeed, the need to improve DRM has been acknowledged in the UK by the 2006 release of the Gowers Review of Intellectual Property, an independent report on IP rights in this country.
“The review believes there is a need for clearer guidance on DRM for users,” writes report author Andrew Gowers. “Any future policy formulated on DRM ought to be consulted on widely, with the views of all stakeholders, including consumers, libraries and creators, taken into consideration.”
Yet in spite of the many negative attributes associated with DRM and the many that have criticized the software, access control technologies continue to be deployed. Why?
The answer lies primarily with the rights holders continued confidence in the power of the technology. “In the 1990s rights holders got scared by file sharing platforms and the like,” says Hogge. “They were told DRM technology would prevent their content being unlawfully exploited by such platforms and they continue to believe this today.”
For as long as IP owners remain convinced DRM is key to the prevention of digital piracy, companies and organisations who wish to distribute their content will need to comply with their wish to impose DRM restrictions.
“We implemented DRM within our service to satisfy the rights holders,” says Mat Pfleger, head of marketing and sales at the British Library, in reference to the library’s 2003 launch of a DRM restricted secure electronic document delivery service. “We needed to provide more content through a fast electronic delivery service. In order to for us to provide that across our entire content base we had to deliver some sort of DRM system which would protect the content and thereby appease the rights holders from who we buy the content from.”
If those who own the digital content continue to support DRM and insist on its use, the future of the software could perhaps be secured. But support for the technology cannot detract from its many flaws, and the ease with which DRM can be circumvented. Indeed, surely the mere existence of these weaknesses would indicate a demise of the technology is inevitable. Not so; in fact, copyright legislation such as the Digital Millennium Copyright Act (DMCA), an extension to the US copyright law, and its UK equivalent, the Copyright, Designs and Patents Act, help to further cement the future of DRM technology.
Both contain amendments to prior copyright regulations to ensure any interference with DRM technologies and attempt to circumvent such systems became punishable by law, and thereby made it possible for DRM systems that had already been compromised (such as CSS technology) to continue to be incorporated in to digital media. “Even possessing an article or apparatus that is designed for the purpose of circumventing DRM is contrary to law in this country, in the US and Europe-wide” says Ellis. “It effectively cuts the problems of copyright infringement off at the source. Redistribution is made difficult if not impossible.”
Such measures are apparently enough of a deterrent for most would-be hackers to prevent them from copying content. “De-CSS is widely available but the fact is most people just do not bother,” says Litman. “DRM and the legal measures put in place to support it are enough of a speed bump to discourage most from unlawful copying.”
Gillespie, too, speaks of the “curb high protection” these measures encourage. “The curb doesn’t stop your from driving on the sidewalk if you want to but it stops a lot of people a lot of the time,” he explains.
This “curb high protection” encourages many companies to carry on deploying DRM systems. Adobe, for example, continues to offer consumers DRM products, such as Web Buy (which enables consumers to download encrypted digital works from the Web) and Adobe® ADEPT (a hosted service solution for protecting premium digital content against unauthorized use) and Microsoft Corporation has offered the Windows Media DRM solution to consumers since 1999.
Alternatives to DRM
But can the provision of mere “curb high protection” really justify the continued existence of evidently insecure technology? The increasing number of DRM alternatives in existence would seem to suggest that it cannot. Technology such as watermarking software (which cannot prevent people from doing what they want but “can catch them when they do something illegal” according to Hogge) and measures such as the implementation of innovative business models are, it has been argued, equally if not more effective in preventing the illegitimate copying or redistribution of content.
“The band Radiohead managed to sidestep traditional distribution models by allowing fans to choose how much they wanted to pay to digitally download their album ‘In Rainbows’,” says Hogge. “In implementing this ‘trust your customers’ business model, the band was able to gain a greater cut of generated revenue, attain more knowledge about their customer base and crucially discourage fans from going to file sharing platforms.”
Support for this type of business model is in fact increasing substantially. Executives at EMI Group, for example, recently announced the company would now be selling DRM-free music through Apple’s online music store iTunes “to give consumers the best possible digital music experience”, according to EMI CEO Eric Nicoli.
“Companies are realising that it’s all about IP and how to realise its value in the digital age without irritating your customers,” explains Hogge.
But will DRM technologies ever really be replaced by these models or technologies?
Only time will tell, but what is certain is that some degree of content protection will always be necessary. For, as Litman reveals, “the idea that there will never be a dark net or an illegal distribution network is fantasy”. Whether DRM technologies continue to be deployed to control use of this “dark net” remains to be seen. But, as Hogge indicates, what is evident is that a certain degree of change in access control technologies is inevitable: “Rights holders are finally beginning to listen to the fact that their customers don’t like DRM,” she says. “Now we will just have to wait and see what happens.”