Advertisment

Controlling Piracy

author-image
PCQ Bureau
New Update

Digital Rights Management is a tricky area. It’s as if you buy a beautiful rose bush and were allowed to enjoy the fragrance of its roses only through a special password. Also you could create only two more bushes out of it, after which your attempts at making any more will fail. 

Advertisment

In the digital content context, there are three main problems with this analogy. One, that rose-bushes are not a copyrighted creation of one particular mortal. Two, the rose-bush industry compares nowhere to the billions of dollars at stake in the digital content industry. And three, it’s much harder to duplicate rose-bushes. 

In fact, nothing in this world is easier than copying digital content. But that costs the digital content creators a lot of money, and hence new efforts to ensure proper credit and the money for their creation. 

DRM information architecture at work

Advertisment

The approach to Digital Rights Management Systems seems to be two-fold. The first way is to restrict duplication of the content and the second is to implement an access-rules based system that makes sure only valid, authenticated users can use the content. 

Restricting duplication more or less boils down to copy-protecting the medium, often CDs. 

Copy protection



There are audio CDs in the US and European markets that cannot be played on a computer (or can be played only through play-back software, not “ripping” software). The music files will also not play if distributed over the Internet or e-mailed. 

Advertisment

The technology used is proprietary and not published, but researchers have been able to identify a thing or two about it. For audio CDs, it works by deliberately creating errors so as to cripple the CD’s full functionality, notably the CD’s ability to play in PC/MAC CD-drives and get copied. This is achieved by introducing artificial errors in the error correction code data or by including corrupt audio on the disc masked by P subchannel data (the subchannel that marks the division between tracks) or by wrongly marking audio files as data files or forming a bad TOC (Table of Contents). Sony’s key2audio claims to work by placing a special digital signature on the discs while manufacturing which prevents the copies from playing. 

Another way is to put dummy files greater than 600 MB on to the CD. This inflates the CD’s size to over 1 GB. CD-recorders cannot over-burn to this extent and hence the CD cannot be copied.

The effectiveness of the technologies is limited as better error-handling on the software front can restore the full use of these media. There are instances where people have been able to successfully create working copies of these protected CDs by simply writing on the outer shining part with a felt pen, or by covering it with a tape! 

Advertisment

Some of the products being used in this area are Cactus Data Shield from MacroVision (www.macrovision.com), MediaCloQ from SunnComm (www.sunncomm.com) and key2audio from Sony (www.key2audio.com). 

Microsoft has also recently launched its media-protection product called the Windows Media Session Toolkit. Using this, a record company can store music on the CD in various layers. One layer is for the PC, which will allow users to copy the music on to their PCs but sharing it and making CD-copies from it will be restricted or altogether curbed, depending on what the record company wants. 

Windows Media Player 9 is already DRM-enhanced and plays only protected media-files through a license-based authentication system. 

Advertisment

Technologies used for protecting software/data in CD-ROMs/DVD-ROMs are similar as their main aim is to prevent copying. Sony with their SecuROM copy-protection claim to have protected over 100 CD-ROM titles in India over the last two years. SecuROM uses a key-code (an electronic fingerprint to uniquely identify an original disc) and software which authenticates the CD-ROM. The authenticating software works with the main application defined by the software creators.

Key2data is a smart-card solution based on SecuROM which can also be used to protect digital content on

CDs/DVDs.

Then there is the ‘Bongle’–like a dongle or hardware lock, but different because unlike a dongle, which has to be attached to the parallel port or the the USB port, a bongle is put into a CD-ROM drive to enable access to the stuff on a ‘bongled’ CD.

Advertisment

Bongled CDs may be used in a network, where authorized users have to be given bongles which they can insert into their CD-drives to access the data/software contained on the CD.

DVD-protection:



DVDs are copy-protected under a framework called the CPSA (Content Protection System Architecture) developed by the 4C entity–Intel, IBM, Matsushita and Toshiba (www.4centity.com) along with the CPTWG (Copy Protection Technical Workgroup) with technologies like the CSS (Content Scrambling System) that encrypts and authenticates the contents of a DVD. Each CSS licensee is given a key from a master set of 400 keys that are present on all CSS-encrypted discs. DVD players need CSS circuitry to be able to decode and play the contents. To play on computers’ DVD-ROM drives, the DVD-decoder hardware and software include a CSS decryption module and the drives themselves need extra firmware which can exchange the authentication and decryption keys with software module. Incidentally CSS has long been cracked (1999) with the DeCSS that guesses the master keys.

Movies on DVDs are commonly region-protected. That is DVDs coded under say region “one” (US and Canada) will not play anywhere else in the world. There are 8 such regions and region-coding is optional. Of course, there are all-region discs as well as hacks to make region-specific discs work in all the regions. 

Advertisment

Access rules 



Technologies are starting to emerge which try to ensure that the users of a particular digital content are allowed to do with the content only what the content-creator wants. 

TCPA: The Trusted Computing Platform Alliance, at www.trustedcomputing.org, operates in this area. TCPA is an industry alliance of HP-Compaq, IBM, Intel and Microsoft formed in October 1999. It lays out the specifications for an enhanced hardware and OS-based trusted-computing platform. 

TCPA has defined what it calls a ‘general purpose Trusted Subsystem’ that is initially targeted at PCs. Using this system, a computer can have built-in security features incorporated through a mix of hardware and software. On the hardware-front, there is hardware-based key generation, hardware random number generation, protected non-volatile storage and digital signature and protected key exchange. On the software side there are secure OSs being worked upon by the likes of Microsoft (For more details on this, refer to the article on Palladium on page 70 in PCQuest February 2003 issue). 

XrML: Extensible Rights Markup Language is an XML-based specification grammar that can be used to define the rights of the user and the conditions under which those rights are granted. XrML is based on the work by OASIS Rights Language Technical Committee in defining a Rights Markup Language. The language is developed by ContentGuard Inc. backed by acceptance from the MPEG working group (ISO/IEC) and OASIS Rights Language Technical Committee. The website is at www.xrml.org and it has been around since 2001. 

XrML extends the XML grammar to include Digital Rights elements like licenses. In fact, a license forms the central element of the XrML grammar. It has a very simple structure that serves the purpose of ‘identifiying who is granted which right under what condition by whom (issuer).’ 

So we can have a situation where the content-owner (say a musician, Jasmine) wants to allow a particular user, say, Harish, to play her latest composition file my_rights.mp3, 5 times only. Then the elements of the license will be:

Grant



-------------------------------------


Principal:
Harish




Right:
Play




Resource:
my_rights.mp3




Condition:
For 5 times

Issuer



-------------------------------------


Signature:
Jasmine



Time of Issuance: 2003-02-01T15:30:00

This can be written in XrML and used in Digital Rights Management software. There is comprehensive documentation available on the syntax on the xrml website.

Open Digital Rights Language: is open source and is developed by IPR Systems. It is under review by W3C since September 2002 and competes with XrML for use in DRM systems. It is supported by the OMA (Open Mobile Alliance) which uses ODRL (Open Digital Rights Language) as their Download standard. Recently Nokia has adopted this standard in their latest Content Distribution Kit. 

ODRL uses three core entities to describe the XML-based schemas and data dictionary. These are Assets, Rights and Parties. These components interact with one another and can be expressed using other components as shown in the figure. 



Documentation and examples can be obtained from www.ordl. net. 

Digital watermarks and fingerprints



Digital fingerprints or watermarks don’t prevent copying, but ensure that the illegally copied digital content can be tracked down. These technologies also allow verification of the owner of the works, by allowing details like the address and the phone numbers of the authors/content- creators to be embedded. 

The issue of digital rights is social in nature, and solutions are not as easy as implementing some great new technology. Many groups around the world are working on bringing about more fundamental changes by means of appropriate modifications in existing laws and such. A group called the Creative Commons (www.creativecommons.com) that includes amongst its leading stars, Lawrence Lessig the Stanford law professor, is promoting a new license, which adds to a copyright license by expressing intent to allow use of some parts of an original creative work. “Some Rights Reserved” they say. There is the Electronic Frontier Foundation (www.eff.org) that is fighting for “freedom” of sharing on the web and the definition of ‘fair-use’ of digital content. The anti-DMCA group actively fights the Digital Millennium Copyright Act of the USA. For software, there is Copyleft promoted by the Free Software Foundation under Richard Stallman, (www.fsf.org ) which 



promotes freedom from proprietary closed-box softwares. Truly interesting times we live in. And digital rights management is as tricky an area as you can get in recent times. 

Shruti Pareek

Advertisment