DRM: The Rights Way to Go

“Tango to Charlie, come in, do you copy?”

“Tango here...why are you laughing Charlie...over?”

“Tango, the Buddha has smiled...over”

“Copy that Charlie..over”

“Over and out Tango”

You just successfully managed to deliver the message to your army camp at the
border that the headquarters has given permission to prepare to attack. Even if
the enemy intercepts this message and records everything, it doesn't matter.
The message is encrypted. The way to decode it is known only to the recipient(s).

In the morning, you wake up after living the whole night as a soldier,
sending encrypted messages and go to your workplace. When you reach your
workplace, you are confronted with a similar situation. You have to send some
confidential reports to your subordinates by e-mail, but since it has to travel
ISPs the world over, it can be intercepted anywhere and read. So you encrypt it
in such a way that only the intended recipients can make any sense of it. You
then go back home and on your way, pick up some audio CDs from the local music
store. You listen to it in your car stereo on the way, and after reaching home,
try to play it on your PC.

Alas, you can't because it's only meant to be played by audio CD players.
We've taken these two examples because just like the armed forces, there's a
code language that surrounds all of us today. It's called DRM or digital
rights management. The technology provides various solutions that authenticate
only certain users to make use of particular content in a particular manner.

First of all, DRM is not dead. It's very much alive and evolving. In this
story, we'll try to look at the DRM technologies, which can be used by
original content developers, like musicians, artists or even software developers
to prevent illegitimate copies of their IPR from getting created.

To help the owners of original content-audio and/or video-the industry
giants in this business like Real Networks, Sony and Apple have been promoting
the use of their indigenous DRM technologies. Even Microsoft has come out with
Windows Media DRM to stay in the race.

We spend the next few pages as much in telling you what are these available
and upcoming technologies as much we do in bringing to you where the DRM
movement is heading in the light of such regulations and technologies.

Fairplay

This is Apple's digital rights management system that is meant to bring
benefits to the original creator of music, recording companies and the customer.
Fairplay allows you to play music on up to five computers. You can burn
unlimited individual songs and burn playlists up to seven times each. Their
iTunes music store makes use of this.

This DRM technology limits the ways in which you can use the music files and
restricts them to a world of Apple formats and portable audio players.

With this, you can play music on several computers and an unlimited number of
iPod portable players. You can even burn Red Book audio CDs.

As a consequence, it also restricts the fair use (refer to the glossary) of what
iTunes sells by limiting the number of times one can make the copies, even for a
personal use.

Digital watermarking

If you are one of those who spent hours behind a rare dodo in difficult natural
terrains to capture him in your camera or you have just finished creating a
masterpiece on an oil canvas-things that are hard earned intellectual
properties, you need to know about digital watermarks. Mostly used by the
artists and photographers or those who sell their digital art, this is one of
the earlier means of steganographic techniques to protect digital photographs or
art pieces from being replicated or use. Here, the original image is
superimposed with a watermark, visible or invisible, that may contain copyright
information, or a mark. This either makes the image unusable or allows you to
track whether the used image is copyright-protected. Some sites that make use of
digital watermarking include istockphotos, gettyimages and corbis.

In fact, it is also being used to protect the videos from being pirated.
People are running businesses based on copying complete movies from theaters.
They buy one ticket to the cinema hall, and once in they record the movie on a
camcorder that they took in with themselves. But to the owners' respite, there
are now means in which the whole movie/video can be digitally watermarked. There
are technologies available that embed some noise (audio/video) into the original
content. The watermark is at a frequency that cannot be perceived by the human
eye, but the camcorders can catch it. So when someone tries to record it on a
camcorder, the noise renders the video un-usable. In certain other forensic
watermarks, as the CineFence technology introduced by Philips, information about
date, time and place is embedded into the picture and soundtracks of a video
that let you trace an illegal copy back to the cinema hall.

The protected audio files from iTunes can be copied on any number of iPods but only upto 5 authorized computers

Sony's rootkit

You play a CD on your PC, unaware of the fact that there was a spy sitting on
the CD that was transferred to your PC in the process. This one not only aborts
from taking action on some commands like copying, but at the same time connects
the machine on the Internet to the Sony's site, passing all the information
about how many times copies were made and where to. Not just this, if you come
to know of this spy and try to thrash him out, it sabotages your system. That's
what Sony's DRM is up to, thus, making it incredibly restrictive in the way
they let the consumer use a product.

Sony had attracted a lot of anger and lawsuits by putting a rootkit DRM
technology called XCP (Extended Copy Protection) on to a large number of music
CDs in order to prevent disks from being copied.

Sony has called off the production of any such CDs since it announced it in
November 1995, after its XCP move caught it into several lawsuits as it was
proved that it harmed the computers, crashed it at times, ate CPU time, reduced
the hard drive's life and so on. The technology automatically installed itself
when a consumer inserted the CD in their computers and could not be picked up by
conventional anti-spyware or anti-virus software unless they used rootkit
detectors. The rootkit hid itself deep inside the Windows OS mimicing legitimate
files. And once you decided to play one such CD on your Windows machine, a
license agreement popped up. The license only told you that a software (rootkit
and DRM) would be installed but didn't disclose that the rootkit could not be
uninstalled. The company is working afresh to bring new DRM techniques that
would not infringe the security concerns or harm machines.

Windows MediaDRM

This is Microsoft's DRM initiative towards providing quality content to the
legitimate users securely for playback on computer or a portable or nwtwork
device. It aims to benefit both the consumers as well as digital content owners
by providing quality content to all customers by giving them the freedom to play
it wherever and on any device they want. Windows MediaDRM uses encryption
algorithms to protect the digital content without affecting the user experience.
It was released released in August 1999 and the platform includes both server
and client SDKs and 'porting kits' that enable programs to protect and
playback media files. Using the Windows Rights Manager SDK, you can stream or
download the media files in an ncrypted format on the Internet from the owners
or content providers. Also the consumers can find, acquire or play the content
anywhere. WindowsMedia DRM is a lot more flexible than Apple's FairPlay and
works with a wide variety of devices.

Sun's DReaM

This is an open-source DRM project being developed by Sun Microsystems under the
umbrella of Creative Commons. While there is lot of controversy around whether
DRM can be successfully implemented using Open Source, Sun is leading its DReaM
to make it a pleasant experience. The controvery is based on the apprehension
that Open Source would mean that the source code would be available to all for
modifications and tempering, thereby defying the purpose of imposing security
layers over digital content using certain Open DRM tools. Sun Labs is soon to

release version 1.0 of its Open Media Commons DreaM (DRM everywhere, available).
In the meanwhile, they have already come out with two draft specifications for
their content protection technologies-DReaM-CAS (Conditional Access System)
and DReaM-MMI (Mother May I).

The prior one uses AES, ECC (Error Correcting Code), 3DES (Data Encryption
Standard that encrypts the data three times), PKI and SSL technologies to
deliver protected content over IP networks using MPEG-2 Transport System format.
On the other hand, DReaM-MMI lets you manage rights with the underlying
philosophy that states that clients should be able to negotiate for rights
through standardized protocols rather than downloading a license with an
embedded expression of rights. The specification defines the message protocol,
message transport and a list of profiles required to ascertain rights by a DRM
client from a rights server.

Unlike many other DRM solutions, DreaM targets to authenticate not just
devices but also roles and people who would use products/applications/solutions
under the DRM umbrella. This would bring transparency and responsibility amongst
everyone-be it users, content owners or content providers. This is because
being open source everyone including the three mentioned above will be able to
work together to address any problem with the DRM solution.

DRM in Enterprise

We are all skeptical about DRM because of issues that surround it-those of not just security but also obscurity. The reason for this is that most of us do not know the implications and applications or the ways in which it can benefit us? Also whether it can benefit us is a big question. Mostly we associate DRM with music or video download or restricting that but we forget that entertainment is a very small part of general IT. In the enterprise context, it is important to get people thinking beyond protecting mass media content. Here you have equally important, if not more, content to save from unwanted elements that might bring the complete infrastructure down. Therefore, for an organization, the concept of DRM revolves around controlling access to and operations upon critical information. Even in the Enterprise market outside the mass media context, there is a necessity to manage access, maintain integrity and maximize value of digital content whose essential nature is that perfect copies are free to create, modify and share. While DRM doesn't do that by itself, it does propel you in that direction by providing you tools to do that. But, think of another scenario. If you can consume some content, you can capture it (be it in your mind's memory lanes)....and if you can capture the content you can recreate it, distribute it or do whatever you want to if you are outside the constraints of DRM. On the other hand when you make use of a DRM policy, you use either some or the other technique to protect the content. But there is a hitch here. The lockmaker is not only making the locks and the keys, but distributing the keys to atleast some people. That's the irony! But how is that happening? Let us take an example from recent past. MS Office 2003 had some rights management features built into it that defined how the receiver would see the content. The receiver of the content could do what the creator had defined for him, say, he could just view but not be able to copy or print. But that worked only for Office 2003 and above. The makers of Office 2003 thought what if someone did not have Office 2003. Well when such a file was opened on a machine that had something below this version, the permission policies became ineffective. As a result, the concept of DRM had gone for a toss, thus, making DRM to be almost an oxymoron. Today, you can set permissions in most of the mail clients, Office 2007 comes with such abilities and Adobe has been in this game from long back too allowing the sender or content owner to set rights for a particular PDF file. While each DRM architecture differs from the other in terms of how it operates and what it delivers, the basic architecture for most of them is the same as far as the enterprise usage is concerned. Architecture Most enterprise DRM architectures in place today have three basic components-publisher, license server and recipient. The publisher comprises the creator or author of a content and a DRM functionality that encrypts the content and its metadata. It may be the user's PC or a server at which the author is working. The license server is a repository of rights and policies that are to be imposed on the content, encryption keys, identities of users/devices and a license generator that combines all these to create a license that enable the client to unlock the content. The last element in the chain is the recipient that finds the identity-related information, unlocks the license using the key in the key storage and retrieves the content keys from the license to decrypt the content. Furthermore, the decrypted content is passed on the authoring application for viewing, editing, copying etc, based on what has been allowed by the license and the same is done. Also there is a DRM controller that performs checking operations to maintain the integrity of the system. Time to ponder... Still there are some issues to be resolved even at this end. The consumer of content is concerned only about being able to get the content anytime, anywhere in the easiest possible manner. But if the DRM tools make his life troublesome by restraining him to much with his experience, he may not just use that product ever, or buy such device that does that. It remains to be seen which product/service wins in providing the maximum user satisfaction without much deviation from the current way of using them.

Real Helix

Helix is Real Network's Open Source DRM software that was released in 2004.
This is a digital rights management system that, within the parameters of 'fair
use' allows creating copies of books, music and video. 

It allows for the secure playback and storage of digital broadcast content
over a user's trusted local network. It includes the Helix DRM Trusted Recorder,
which allows for recording of broadcast flag-enabled content that can then be
played back using a Helix DRM trusted client.

Licensed under GPL, the Helix DRM technology lets media formats including
RealAudio and Video, be distributed in Linux. It can run on digital devices
including PCs, portable media players and digital TVs. The trusted client player
authenticates itself with the recorder to ensure that content is only copied,
transferred and played over the user's network. Even before its release, both
RedHat and Novell endorsed it.

SPDC

Self Protecting Digital Content or SPDC is an effective method of protecting the
content. It is intended for the high-definition optical disc formats. SPDC discs
can carry title-specific security logic. To enable this capability, players
contain a simple interpreter that runs this logic in an isolated environment
where it cannot harm the player.

Each disc carries all the information required for its own security; an
Internet connection is not required. A disc's security code cannot permanently
modify player behavior and is erased when the disc is ejected.

SPDC offers renewable security as the content holders can deploy updated
security mechanisms on new media without revoking players, affecting other
titles, or affecting the user experience. This technology compliments other
format-security technologies such as AACS (Advanced Access Content System) and
CSS (Content Scramble System). An SPDC enabled disc is marked with a content
code that validates the player and implements title-specific forensic marking
algorithms. If a security problem is identified in a particular disc, subsequent
discs can carry new security logic that addresses the vulnerability while the
new discs are played.

Who decides?

DRM is a boon to the content creators and those who distribute content. It is of
great help to those who are losing revenues due to the illegal distribution and
downloads of their content. But there are certain questions to answer-who will
meter honesty and what would keep an honest person honest?

For instance, I bought my favorite Pink Panther DVD from one of the likes of
Sony or BMG-Crescendo. And then decided that I shall rip its copy to be able to
watch it on a VHS that's in my room. When I tried that, I could not. Thanks to
the DRM system embedded within the DVD that doesn't allow it to be copied to
another media.

Instance 2: I tried to make copy of a music CD I possess to be able to listen
in the MP3 player in my car. While I could do that, I found that I had exhausted
a limit of 5-the number of times I can make a copy of the CD that I bought.

What do you call me? Honest or not? I never intended to put it on a P2P
network. I never wanted to replicate the content with the intent of reselling.

But what is stopping millions of those who are just waiting or the next DRM
to be available in the market so that they can crack it? And while the content
creators, media companies and solution providers are spending millions on
protecting their content from being copied or accessed without their knowledge
or monetary gain, the crackers are doing it just for the sake of doing it.

What about people like Cory Doctorow (a journalist and Science fiction
writer) who upload a free copy of their novel as a PDF on the Internet as and
when they write it? They believe that this is the best possible manner in which
their work can be appreciated by increasing number of people, and more people
buy it this way? Let alone others. Would you buy a book or a novel by someone
who you have never heard about? Well you might consider that or recommend to
others if you have read a copy on the Net.

DRM is not only about building uncrackable systems but how to avoid
monetizing the content and prevent its leakage to those who are not paying (or
are not authorized) and are trying to exploit their legal right and make money
on the copyrighted material that they have.

After all no secret remains a secret forever, and the fact that some one
knows about the key to that secret code itself makes it prone to be cracked. And
who gains the most in this run for supremacy, only time will tell.