About Opentopia
Opentopia Directory Encyclopedia Tools

Digital rights management

Encyclopedia : D : DI : DIG : Digital rights management

Digital Rights Management (often abbreviated to DRM) is any of several technologies used by publishers to control access to digital data (such as software, music, movies) and hardware. In more technical terms, DRM handles the description, layering, analysis, valuation, trading, monitoring and enforcement of usage restrictions that accompany a specific instance of a digital work.

The term is often confused with copy protection and technical protection measures (TPM). These two terms refer to technologies that control or restrict the use and access of digital media content on electronic devices with such technologies installed.

The topic is controversial. DRM advocates say DRM technologies are necessary to allow rights holders to exercise their rights, prevent revenue loss due to illegal duplication of their copyrighted works, and enable more effective market segmentation. DRM critics argue that the phrase "digital rights management" is a misnomer and the term digital restrictions management is a more accurate characterization of the functionality of DRM systems, since the mechanisms allow the enforcement of any restrictions desired by the publishers, regardless of whether those restrictions actually correspond to the publisher's legal rights. They claim that transferring control of the use of media from consumers to a consolidated media industry will lead to loss of existing user rights and stifle innovation in software and cultural productions.

The European Community is expected to create a recommendation on DRM in 2006, phasing out the use of levies (compensation to rights holders charged on media sales for lost revenue due to unauthorized copying) given the advances in DRM/TPM technology.

Enterprise Digital Rights Management (E-DRM or ERM) refers to the use of DRM technology to control access to corporate documentation (Word, PDF, TIFF, AutoCAD files, etc), rather than consumer playable media. The technology usually requires a Policy Server to authenticate users rights to access certain files. EDRM vendors include Microsoft, Adobe, EMC/Authentica and a number of smaller private companies.

Contents

Introduction

DRM vendors and publishers coined the term digital rights management to refer to the types of technical measures discussed here. As the name implies, it applies only to digital media (and analog media that has been released in digital form). While analog media loses quality with each copy generation, and often even during normal use, digital media files may be copied an unlimited number of times without any degradation in the quality of subsequent copies. The advent of personal computers combined with the popularity of the Internet and file sharing tools have made the distribution of copyrighted digital media files simple.

The availability of multiple perfect copies of copyrighted materials is claimed by much of the media industry to be a threat to its viability and profitability, particularly within the music and movie industries. Digital media publishers typically have business models that rely on their ability to collect a fee for each copy made of a digital work, and sometimes even for each performance of said work. DRM was created by or designed for digital media publishers as a means to allow them to control any duplication and dissemination of their content.

Although technical control measures on the reproduction and use of application software have been common since the 1980s, the term DRM has come to primarily mean the (increasing) use of similar measures to control artistic works/content. Beyond the existing legal restrictions which copyright law imposes on the owner of the physical copy of a work, most DRM schemes can and do enforce additional restrictions at the sole discretion of the media distributor (which may or may not be the same entity as the copyright holder). Several of these restrictions commonly remove or nullify rights specifically assigned to purchasers of copyrighted material by statute or precedent.

DRM has been enforced by assorted schemes, for instance, media player software components. Consider an audio file in a particular format which is playable only by a particular model or brand of media player. Use of the file (playing, copying, ...) can be controlled by DRM measures installed in that media player. Since such formats can be reverse engineered, it is always possible to eventually evade this sort of DRM. Accordingly, new DRM schemes are moving toward the Mandatory Access Control (as opposed to Discretionary access control) wherein a central policy set by an administrator is enforced by fundamental software buried in an operating system, or by hardware, or both. The well-studied theoretical problems of Mandatory Access Control apply equally to this kind of DRM. And some implementations of this type of DRM are vulnerable to an additional class of attacks due to a requirement to run on tamper-resistant hardware.

The case claimed for DRM is that it is required to prevent copying and use by other than paying customers and the belief that without an effective strong DRM system, piracy will run rampant. If this happens, it will cut drastically into profits for producers and distributors, who are therefore seriously motivated to pressure governments to enforce existing copyrights and to add and enforce new ones. In addition, with declining sales, it is claimed that creative output will decrease and the overall quality of media produced will decline.

Advocates for civil liberties and the continutation of existing purchaser rights argue that the use of digital technology should be no more restricted than currently, and that the shift of control to producers even after sales will ultimately hurt creative expression and damage consumer rights. Most media content is subject to copyright, but purchasers have a fair use privilege (under statute and precedent, varying in detail with jurisdiction) which limits copyright holders' control in certain situations. All existing DRM technologies fail to adequately implement such rights (eg, fair use, first sale, etc), leading many civil rights advocates to argue that they impermissibly restrict existing legal use by purchasers.

While DRM has been most frequently used for movies, it is being used for other media as well. Audio files purchased through many online stores, such as Apple’s iTunes Music Store, have various DRM schemes built in to limit the number of devices they may be played on. Many producers of e-books are using a similar implementation of DRM to limit how many computers a book may be viewed on, and even how many times it may be viewed. In mid-2005, a number of content producers for television began demanding implementation of DRM measures to control access to the content of their shows in connection with the popular TiVo system, and its equivalents.

There are signs of what may be a consumer backlash against DRM measures; it may be contributing to the growth of on-line music sales at sites free of DRM measures in preference to those which implement DRM. Sites such as eMusic and AudioLunchBox.com have been able to capitalise on their offer of DRM-free MP3 format. This may have the effect of increasing sales, and exposure to some music titles, later on (ie, The Long Tail).

Security issues, fair use issues, and creative expression issues are all important in the conflict over DRM measures, and DRM technologies will undoubtedly continue to be fought over for many years to come. While many within the media industry believe DRM is the only way to save their existing business model, which is built upon the idea of collecting a fee for each use, a number of innovators have begun exploring alternatives, anticipating an ultimate defeat for DRM.

Many people who have inadvertently bought a DRM crippled CD are familiar with the hassles it can involve. Especially since the infamous Sony rootkit disaster, ending (more or less) in 2005, many consumers have become aware of the implications of buying DRM enforced products.

Content Scrambling System

An early example of a DRM system is the Content Scrambling System (CSS) employed by the DVD Forum on movie DVDs. DIVX should not to be confused with DivX, the popular lossy video compression method. For DIVX the data on DVDs is encrypted so that it can be only decoded and viewed by those in possession of the correct key, which the DVD Consortium kept secret. In order to gain access to that key, a DVD player manufacturer is obliged to sign a license agreement with the DVD Consortium which restricts them from including certain features in their players, such as a digital output which could be used to extract a high-quality digital copy of the movie, as well as alternative menu and content organizing schemes. As important patents are involved, and controlled by the media companies or their allies, this can be a more or less complete control of DVD equipment function. Since the only market hardware capable of decoding the movie was controlled by the DVD Consortium, they hoped to be able to impose whatever restrictions they chose on the playback of such movies. A more restrictive and less commercially successful variant of this scheme is DIVX which is no longer marketed .

Very quickly after CSS DRM was implemented, it was broken. Tools such as DeCSS designed by the famous DVDJon became available for making copies of CSS-encrypted movies and playing them on systems for which commercial implementations were not available (or acceptable) such as linux and other open source operating systems. The Digital Millennium Copyright Act (DMCA) in the United States makes it illegal to bypass DRM limitations or to take steps to do so. Similar acts have since been passed in many countries. Many advocates in the computer science world see the DMCA as a major blow against creative freedom and standard engineering practice because of its overly harsh restrictions.

Legal enforcement of DRM

DRM controls are sometimes proposed to be enforced through so-called trusted computing. However, trusted computing creates the prospect of a computer system which cannot be relied upon to do as its owner wishes, but rather its behavior can be remotely manipulated at any time, regardless of the legal standing of such manipulations. Most opponents have little faith that courts or legislatures will be able to limit those DRM interventions in system function to only that which does not infringe the legal rights of the media owner (such as backups) or computer owner / administrator.

Several laws relating to DRM have been proposed or enacted in various jurisdictions (State, Federal, and non-US). Some of them would require all computer systems to have mechanisms controlling the use of digital media. (See Professor Edward Felten's freedom-to-tinker Web site for information and pointers to the current debate on these matters).

The 2001 European directive on copyright forces member states of the European Union to implement legal protections for DRM. In 2006, the lower house of the French parliament adopted such legislation as part of the controversial DADVSI law, but added that protected DRM techniques should be made interoperable, a move which caused widespread controversy in the United States.

To date, all DRM systems have failed to meet the challenge of protecting the rights of the copyright owner while also respecting the existing rights of the purchaser of a copy of the material. And none has yet succeeded in preventing criminal copyright infringement by organized, unlicensed, large scale, commercial pirates.

Flaws of some well known systems include:

Digital Millennium Copyright Act

The Digital Millennium Copyright Act (DMCA) was passed in the United States in an effort to make the circumvention of DRM systems illegal. It was passed without debate, and without even token opposition, by a Congress which was being lobbied by the content industries. Apparently, they were also under the impression that it was a "technical" enactment, without significant public policy implication. It has been widely imitated by governments elsewhere.

Despite enactment of this statute, which has since received substantial opposition on Constitutional grounds, it is easy to find DVD players which bypass the limitations the DVD Consortium sought to impose. John Hoy, president of the DVD Copy Control Association, in testimony to the Library of Congress in 2003 stated "furthermore, if a consumer in the United States desires to view a DVD disc that has been region coded only for Europe, then that consumer is free to purchase a DVD player (either hardware or software) that is coded to play European DVDs. No legal restrictions apply – either through the CSS license or otherwise – to the importation and use of non-U.S. region players in the United States".

There has been a widely publicized arrest and arraignment of a Russian programmer, Dmitry Sklyarov, for violation of the DMCA. He did the work cited for his employer, Elcomsoft, while in Russia, where it was and remains entirely legal. The product allowed those who were in possession of a password, presumably lawfully obtained along with the encrypted copy of the work, to make copies without encryption locking them to use on a single computer. Sklyarov was arrested on a criminal warrant during a lecture visit to the US, and spent several months in jail until a compromise was reached. The ensuing criminal case against Elcomsoft (for whom Sklyarov did the work) resulted in acquittal. See Professor Edward Felten's freedom-to-tinker Web site for some observations on the DMCA, its proposed successors, and their consequences, intended and unintended.

The DMCA is also causing a chill in the activities of many prominent computer scientists. Professor Felten, of Princeton, has had difficulty publishing papers he and his students have written; they were related to a contest sponsored by a security software company inviting investigation of a product design. (See Internet postings in Felten v. RIAA). Alan Cox, the Englishman who was Linus Torvalds' chief deputy throughout almost the entire first decade of the development of Linux, has resigned his position due to his concern that a criminal charge might be laid against him as a result of some code in the Linux kernel. He has even declined to post explanations of some changes made in the kernel (the changelog is fundamental to the project) because of his concern about his exposure to prosecution and penalty under the DMCA; such explanations might be seen as a DMCA "disclosure". He has also declined to attend US software conferences for similar reasons. Other initiatives propose associating every line of open source code with an audit trail to an author, to prove the negative- that it was never restricted - in contrast to the established history of computer programming. Niels Ferguson, a Dutch cryptography expert and security consultant, discovered a flaw in an Intel security protocol, told Intel about it and was told that Intel had no objection to his publishing a paper about the problem. He has nevertheless decided not to publish due to concern about being arrested under the DMCA.

New and even more controversial DRM initiatives have been proposed in recent years which could prove more difficult to circumvent, including copy-prevention codes embedded in broadcast HDTV signals and Microsoft's Next-Generation Secure Computing Base architecture (formerly known as Palladium). A wide variety of DRM systems have also been employed to restrict access to e-books. See the Trusted Computing (TC / TCG / LaGrande / NGSCB / Longhorn / Palladium / TCPA) FAQ (2003) by Cambridge Professor Ross J. Anderson for a clear discussion of two prominent proposals.

Opponents of DRM, as envisioned and as currently implemented, note that by delegating control of computer access (or control of the ability to execute some programs, or to execute programs only with certain data) to anyone except the user and the machine's administrator(s), there is a very considerable risk of problems caused by such third party interference which go well beyond the enforcement of copyright.

For instance, due to a bug (or misdesign, or misadministration of an otherwise "reasonable" design) the control software (for example, in a trusted computing system) implementing the local part of a DRM scheme may prevent a computer user from using his computer at all, or from using programs (or using data as an input to a program) when such use is actually completely legitimate and not a violation of any copyright holders' rights. Or, for another example, a legally obtained copy of a DVD might be blocked or crippled because it is being used on equipment which doesn't include the DRM function permitting access to it, or which if included, doesn't interoperate correctly. Currently, DVDs legally purchased in some places are not playable in other places for exactly these reasons, although in this case it is marketing considerations, and not "security", which is the reason for the restriction. DRM provisions have appeared in released versions of some subsystems of the Microsoft Windows operating system (for example, Windows Media Player) and are scheduled in more as Palladium is implemented in currently planned, not yet released, versions of Microsoft Windows.

Security protocol, software implementing security protocols, and cryptography have historically proven extremely difficult to design without vulnerabilities due to bugs or design mistakes. This has been true of designs from experienced and well respected professionals; the record is abysmally poor for those inexperienced in cryptography and security protocols.

Other copyright implications

While DRM systems are ostensibly designed to protect an owner's right to control copying, after a statutorily-defined period of time any copyrighted work becomes part of the public domain for anyone to use freely. DRM systems currently employed are not time limited in this way, and although it would be possible to create such a system (under compulsory escrow agreements, for example), there is currently no mechanism to remove the copy control systems embedded into works once the copyright term expires and they enter the public domain.

Furthermore, copyright law does not restrict the resale of copyrighted works (provided those copies were made by or with the permission of the copyright holder), so it is perfectly legal to resell a copyrighted work provided a copy is not retained by the seller—a doctrine known as the first-sale doctrine in the US, which applies equally in most other countries under various names. Similarly, some forms of copying are permitted under copyright law, under the doctrine of fair use (US) or fair dealing (many other countries). DRM technology restricts or prevents the purchaser of copyrighted material from exercising their legal rights in these respects.

Moreover, the scope of legal rights cannot, in principle, be fully encoded in technical access/copying restrictions. For example, a photograph generally falls under the copyright of its photographer, and may not be reproduced in an unlimited way by other persons. A photographer wishing to enforce her copyright might attach some DRM codes to a digital version of her photograph that indicate "may not be copied." However, the photographer might subsequently sign an agreement with another party authorizing such duplication (either for monetary payment, or to serve some other public or private purpose). Under law, the moment such an agreement is signed, copying (under the terms set forth) becomes legal; but the DRM software cannot know that people with pens affixed their name to the contract, and thereby changed legalities.

An oft-cited example of DRM overreach is Adobe Systems' release in 2000 of a public domain work, Lewis Carroll's Alice in Wonderland, with DRM controls asserting that "this book cannot be read aloud" and so disabling use of the text-to-speech feature normally available in Adobe's eBook Reader.

DRM has been used by organizations such as the British Library in its secure electronic delivery service to permit worldwide access to substantial numbers of rare (and in many cases unique) documents which, for legal reasons, were previously only available to authorized individuals actually visiting the Library's document centre at Boston Spa in England. This is an interesting case where DRM has actually increased public access to restricted material rather than diminished it.

An early example of a DRM scheme is one that is currently being used on textbooks required in some American Dental Schools including New York University College of Dentistry. The textbooks are available only on DVD and students are forced to purchase the DVD. The DVDs are readable only on an authorized computer and only for a limited time, after which the DVD "expires" and the information in the "DVD book" becomes unavailable. Some of these books are not available on paper at all.

DRM advocates

Some DRM advocates have taken the position that the operational contexts and design goals of DRM, security, software engineering and cryptography are sufficiently well understood that it is already possible to achieve the desired ends without causing unrelated problems for users or their computers.

Others have taken the position that creators of digital works should have the power to control the distribution or replication of copies of their works, and to assign limited control over such copies. Without this power, they argue, there will be a chilling effect on creative efforts in the digital space. This has been and remains the underlying argument for copyright. DRM is one means by which creators of digital works may obtain this power.

A similar view states that DRM's advent is the first time large-scale digital distribution has been reasonably achievable, which proponents claim to be a benefit both to content creators and their customers that far outweighs the typical problems that arise. This argument cannot be applied to physical media, however.

Furthermore, advocates of DRM believe that its opponents advocate the rights of hardware and media owners, but at the expense of the privileges of artists and their designated copyright holders. Consumers of hardware and media voluntarily and knowingly agree to the grant of limited use of the content exhibited using their physical media.

DRM opponents

Many organizations, prominent individuals, and computer scientists are already opposed to DRM in its various currently proposed forms. Two notable opponents are John Walker in his article, The Digital imprimatur: How big brother and big media can put the Internet genie back in the bottle, and Richard Stallman in his article/story [The Right to Read] and in public statements "DRM is an example of a malicious feature - a feature designed to hurt the user of the software, and therefore, it's something for which there can never be toleration". Professor Ross Anderson of Cambridge University heads a British organization which opposes DRM and similar efforts in the UK.

The Electronic Frontier Foundation and similar civil rights organizations, including http://boycott-riaa.com and http://www.ihatedrm.com, also hold positions which are characterized as opposed to DRM.

The Foundation for a Free Information Infrastructure criticizes DRM's impact as a trade barrier from a free market perspective.

The [first draft] of the GNU General Public License version 3, released by the Free Software Foundation, prohibits using DRM to restrict free redistribution and modification of works covered by the license, and has a clause stating that the license's provisions shall be interpreted as disfavoring usage of DRM. Also, in May 2006, FSF launched a "Defective by Design" campaign against DRM.

[Free Creations] has published a license against DRM: [Against DRM 2.0].

In France, in order to inform the consumers about the DRM threat, the citizen group [StopDRM] is regularly organizing protests in general stores (like Virgin or La Fnac) in different cities.

The use of DRM may also be a barrier to future historians, since technologies designed to permit data to be read only on particular machines may well make future data recovery impossible - see Digital Revolution. This argument connects the issue of DRM with that of asset management and archive technology.

DRM opponents argue that presence of DRM infringes private property rights and criminalizes a range of normal user activities. A DRM component would take control over the rest of the user's device which they rightfully own (for example MP3 player) and restricts how it may act, regardless of the user's wishes (for example, preventing the user from copying a song). All forms of DRM depend on the device imposing restrictions that cannot be legally disabled or modified by the user. In other words, the user has no choice.

DRM and Internet music

Most internet music stores employ DRM to restrict the usage of music purchased and downloaded online. There are many options for consumers buying digital music over the internet, in terms of both stores and purchase options. Two examples of music stores and their functionality follow:

The various services are currently not interoperable, though those that use the same DRM scheme (for instance the various Windows Media DRM stores, which include Napster) all provide songs that can be played side by side through the same program. Almost all stores require client software of some sort to be downloaded, and some also need plug-ins. Several colleges and universities, for example Princeton, have made arrangements with assorted Internet music suppliers to provide access (typically DRM protected) to music files for their students, to less than univerasl popularity, sometimes making payments from student activity fee funds. (See Nick Timeros's article in the WSJ: Free Legal, And Ignored) One of the problems is that the music becomes unplayable after leaving school, unless the student continues to pay individually. Another is that few of these vendors are compatible with the most common portable music player, the Apple iPod.

DRM and Libraries

Denver Public, Cuyahoga County and San José Public libraries join Cleveland Public Library, King County Library System, Public Library of Youngstown & Mahoning County, Wright Memorial Public Library and many others who enable the downloading of best-selling e-book 24/7 from their library website using the OverDrive service. The service features a growing collection of best-selling e-book from popular authors and publishers including HarperCollins, Time Warner, McGraw-Hill, Zondervan, Scholastic, John Wiley and Sons, and more. These audio books are downloadable in the WMA DRM format.

See also: Digital distribution, Perpetual access

Controversies, consequences, and examples

A parodied Home Taping is Killing Music logo from an anti-DRM point of view.
Enlarge
A parodied Home Taping is Killing Music logo from an anti-DRM point of view.
Several DRM schemes have been implemented. Many see them as "abuse" of copyright (often called eSlavery in Europe); DRM proponents have seen them as a "reasonable balance of consumer concerns and artist rights."


Examples include:





Copyright law vs. particular techniques

Copyright law has been defined in terms of general definitions of infringement in any concrete medium.  This classic approach focused such law on whether or not there is infringement, rather than focus on particular engineering techniques.  Legislators have in several instances chosen not to prohibit new technologies (for example piano rolls, radio broadcasting, and audio tape recording in both Congress and the Supreme Court in the US). Critics of DRM assert that detecting and prosecuting infringement within the social and legal system avoids a legacy of outlawing generic, universal, popular, widespread, useful, and possibly uncontrollable in any case engineering techniques in response to specific misuses.



European dialogues on DRM concerns

In Europe, there are several dialog activities that are uncharacterized by its consensus-building intention:


Inclusion within GNU General Public License version 3





Wikinews has news related to:






The first proposed draft of the GPLv3 (released on 2006-01-16) contains language intended to neutralize the harmful effects of DRM (intereference with users' rights to examine, alter, and redistribute) when implemented using GPL'd software.  Although the draft in no way prohibits the use of GPL'd code in DRM systems, it does require binaries (or source code) to be distributed not only with source code, but also with the necessary cryptographic keys and other required mechanisms needed to modify the software and still have it interoperate.  It also contains language intended to exclude GPL'd DRM code from the scope of the DMCA (and similar statutes elsewhere) anti-circumvention provisions.



Quotes








DRM systems and implementations

Examples of existing "digital rights management" and "copy protection" systems:


Related concepts



References









Further reading



External links



Software that removes DRM



Devices that use DRM



Lobbying organizations





































 





From Wikipedia, the Free Encyclopedia. Original article here. Support Wikipedia by contributing or donating.
All text is available under the terms of the GNU Free Documentation License See Wikipedia Copyrights for details.














Search Titles









0123456789
ABCDEFGHIJ
KLMNOPQRST
UVWXYZ?










E-mail this article to:



Personal Message: