DRM: The Rights Way to Go

“Tango to Charlie, come in, do you copy?”



“Tango here...why are you laughing Charlie...over?”


“Tango, the Buddha has smiled...over”


“Copy that Charlie..over”


“Over and out Tango”


You just successfully managed to deliver the message to your army camp at the
border that the headquarters has given permission to prepare to attack. Even if

the enemy intercepts this message and records everything, it doesn't matter.

The message is encrypted. The way to decode it is known only to the recipient(s).

In the morning, you wake up after living the whole night as a soldier,

sending encrypted messages and go to your workplace. When you reach your

workplace, you are confronted with a similar situation. You have to send some

confidential reports to your subordinates by e-mail, but since it has to travel

ISPs the world over, it can be intercepted anywhere and read. So you encrypt it

in such a way that only the intended recipients can make any sense of it. You

then go back home and on your way, pick up some audio CDs from the local music

store. You listen to it in your car stereo on the way, and after reaching home,

try to play it on your PC.

Alas, you can't because it's only meant to be played by audio CD players.

We've taken these two examples because just like the armed forces, there's a

code language that surrounds all of us today. It's called DRM or digital

rights management. The technology provides various solutions that authenticate

only certain users to make use of particular content in a particular manner.

First of all, DRM is not dead. It's very much alive and evolving. In this

story, we'll try to look at the DRM technologies, which can be used by

original content developers, like musicians, artists or even software developers

to prevent illegitimate copies of their IPR from getting created.



To help the owners of original content-audio and/or video-the industry
giants in this business like Real Networks, Sony and Apple have been promoting

the use of their indigenous DRM technologies. Even Microsoft has come out with

Windows Media DRM to stay in the race.

We spend the next few pages as much in telling you what are these available

and upcoming technologies as much we do in bringing to you where the DRM

movement is heading in the light of such regulations and technologies.

Fairplay



This is Apple's digital rights management system that is meant to bring
benefits to the original creator of music, recording companies and the customer.

Fairplay allows you to play music on up to five computers. You can burn

unlimited individual songs and burn playlists up to seven times each. Their

iTunes music store makes use of this.

This DRM technology limits the ways in which you can use the music files and

restricts them to a world of Apple formats and portable audio players.

With this, you can play music on several computers and an unlimited number of

iPod portable players. You can even burn Red Book audio CDs.



As a consequence, it also restricts the fair use (refer to the glossary) of what
iTunes sells by limiting the number of times one can make the copies, even for a

personal use.

Digital watermarking



If you are one of those who spent hours behind a rare dodo in difficult natural
terrains to capture him in your camera or you have just finished creating a

masterpiece on an oil canvas-things that are hard earned intellectual

properties, you need to know about digital watermarks. Mostly used by the

artists and photographers or those who sell their digital art, this is one of

the earlier means of steganographic techniques to protect digital photographs or

art pieces from being replicated or use. Here, the original image is

superimposed with a watermark, visible or invisible, that may contain copyright

information, or a mark. This either makes the image unusable or allows you to

track whether the used image is copyright-protected. Some sites that make use of

digital watermarking include istockphotos, gettyimages and corbis.

In fact, it is also being used to protect the videos from being pirated.

People are running businesses based on copying complete movies from theaters.

They buy one ticket to the cinema hall, and once in they record the movie on a

camcorder that they took in with themselves. But to the owners' respite, there

are now means in which the whole movie/video can be digitally watermarked. There

are technologies available that embed some noise (audio/video) into the original

content. The watermark is at a frequency that cannot be perceived by the human

eye, but the camcorders can catch it. So when someone tries to record it on a

camcorder, the noise renders the video un-usable. In certain other forensic

watermarks, as the CineFence technology introduced by Philips, information about

date, time and place is embedded into the picture and soundtracks of a video

that let you trace an illegal copy back to the cinema hall.

The protected audio files from iTunes can be copied on any number of iPods but only upto 5 authorized computers

Sony's rootkit



You play a CD on your PC, unaware of the fact that there was a spy sitting on
the CD that was transferred to your PC in the process. This one not only aborts

from taking action on some commands like copying, but at the same time connects

the machine on the Internet to the Sony's site, passing all the information

about how many times copies were made and where to. Not just this, if you come

to know of this spy and try to thrash him out, it sabotages your system. That's

what Sony's DRM is up to, thus, making it incredibly restrictive in the way

they let the consumer use a product.

Sony had attracted a lot of anger and lawsuits by putting a rootkit DRM

technology called XCP (Extended Copy Protection) on to a large number of music

CDs in order to prevent disks from being copied.

Sony has called off the production of any such CDs since it announced it in

November 1995, after its XCP move caught it into several lawsuits as it was

proved that it harmed the computers, crashed it at times, ate CPU time, reduced

the hard drive's life and so on. The technology automatically installed itself

when a consumer inserted the CD in their computers and could not be picked up by

conventional anti-spyware or anti-virus software unless they used rootkit

detectors. The rootkit hid itself deep inside the Windows OS mimicing legitimate

files. And once you decided to play one such CD on your Windows machine, a

license agreement popped up. The license only told you that a software (rootkit

and DRM) would be installed but didn't disclose that the rootkit could not be

uninstalled. The company is working afresh to bring new DRM techniques that

would not infringe the security concerns or harm machines.

Windows MediaDRM



This is Microsoft's DRM initiative towards providing quality content to the
legitimate users securely for playback on computer or a portable or nwtwork

device. It aims to benefit both the consumers as well as digital content owners

by providing quality content to all customers by giving them the freedom to play

it wherever and on any device they want. Windows MediaDRM uses encryption

algorithms to protect the digital content without affecting the user experience.

It was released released in August 1999 and the platform includes both server

and client SDKs and 'porting kits' that enable programs to protect and

playback media files. Using the Windows Rights Manager SDK, you can stream or

download the media files in an ncrypted format on the Internet from the owners

or content providers. Also the consumers can find, acquire or play the content

anywhere. WindowsMedia DRM is a lot more flexible than Apple's FairPlay and

works with a wide variety of devices.

Sun's DReaM



This is an open-source DRM project being developed by Sun Microsystems under the
umbrella of Creative Commons. While there is lot of controversy around whether

DRM can be successfully implemented using Open Source, Sun is leading its DReaM

to make it a pleasant experience. The controvery is based on the apprehension

that Open Source would mean that the source code would be available to all for

modifications and tempering, thereby defying the purpose of imposing security

layers over digital content using certain Open DRM tools. Sun Labs is soon to



release version 1.0 of its Open Media Commons DreaM (DRM everywhere, available).
In the meanwhile, they have already come out with two draft specifications for

their content protection technologies-DReaM-CAS (Conditional Access System)

and DReaM-MMI (Mother May I).



The prior one uses AES, ECC (Error Correcting Code), 3DES (Data Encryption
Standard that encrypts the data three times), PKI and SSL technologies to

deliver protected content over IP networks using MPEG-2 Transport System format.

On the other hand, DReaM-MMI lets you manage rights with the underlying

philosophy that states that clients should be able to negotiate for rights

through standardized protocols rather than downloading a license with an

embedded expression of rights. The specification defines the message protocol,

message transport and a list of profiles required to ascertain rights by a DRM

client from a rights server.

Unlike many other DRM solutions, DreaM targets to authenticate not just

devices but also roles and people who would use products/applications/solutions

under the DRM umbrella. This would bring transparency and responsibility amongst

everyone-be it users, content owners or content providers. This is because

being open source everyone including the three mentioned above will be able to

work together to address any problem with the DRM solution.

DRM in Enterprise

We are all skeptical about DRM because of issues that surround it-those of not just security but also obscurity. The reason for this is that most of us do not know the implications and applications or the ways in which it can benefit us? Also whether it can benefit us is a big question. Mostly we associate DRM with music or video download or restricting that but we forget that entertainment is a very small part of general IT. In the enterprise context, it is important to get people thinking beyond protecting mass media content. Here you have equally important, if not more, content to save from unwanted elements that might bring the complete infrastructure down. Therefore, for an organization, the concept of DRM revolves around controlling access to and operations upon critical information. Even in the Enterprise market outside the mass media context, there is a necessity to manage access, maintain integrity and maximize value of digital content whose essential nature is that perfect copies are free to create, modify and share. While DRM doesn't do that by itself, it does propel you in that direction by providing you tools to do that. But, think of another scenario. If you can consume some content, you can capture it (be it in your mind's memory lanes)....and if you can capture the content you can recreate it, distribute it or do whatever you want to if you are outside the constraints of DRM. On the other hand when you make use of a DRM policy, you use either some or the other technique to protect the content. But there is a hitch here. The lockmaker is not only making the locks and the keys, but distributing the keys to atleast some people. That's the irony! But how is that happening? Let us take an example from recent past. MS Office 2003 had some rights management features built into it that defined how the receiver would see the content. The receiver of the content could do what the creator had defined for him, say, he could just view but not be able to copy or print. But that worked only for Office 2003 and above. The makers of Office 2003 thought what if someone did not have Office 2003. Well when such a file was opened on a machine that had something below this version, the permission policies became ineffective. As a result, the concept of DRM had gone for a toss, thus, making DRM to be almost an oxymoron. Today, you can set permissions in most of the mail clients, Office 2007 comes with such abilities and Adobe has been in this game from long back too allowing the sender or content owner to set rights for a particular PDF file. While each DRM architecture differs from the other in terms of how it operates and what it delivers, the basic architecture for most of them is the same as far as the enterprise usage is concerned. Architecture Most enterprise DRM architectures in place today have three basic components-publisher, license server and recipient. The publisher comprises the creator or author of a content and a DRM functionality that encrypts the content and its metadata. It may be the user's PC or a server at which the author is working. The license server is a repository of rights and policies that are to be imposed on the content, encryption keys, identities of users/devices and a license generator that combines all these to create a license that enable the client to unlock the content. The last element in the chain is the recipient that finds the identity-related information, unlocks the license using the key in the key storage and retrieves the content keys from the license to decrypt the content. Furthermore, the decrypted content is passed on the authoring application for viewing, editing, copying etc, based on what has been allowed by the license and the same is done. Also there is a DRM controller that performs checking operations to maintain the integrity of the system. Time to ponder... Still there are some issues to be resolved even at this end. The consumer of content is concerned only about being able to get the content anytime, anywhere in the easiest possible manner. But if the DRM tools make his life troublesome by restraining him to much with his experience, he may not just use that product ever, or buy such device that does that. It remains to be seen which product/service wins in providing the maximum user satisfaction without much deviation from the current way of using them.

Real Helix



Helix is Real Network's Open Source DRM software that was released in 2004.
This is a digital rights management system that, within the parameters of 'fair

use' allows creating copies of books, music and video. 

It allows for the secure playback and storage of digital broadcast content

over a user's trusted local network. It includes the Helix DRM Trusted Recorder,

which allows for recording of broadcast flag-enabled content that can then be

played back using a Helix DRM trusted client.

Licensed under GPL, the Helix DRM technology lets media formats including

RealAudio and Video, be distributed in Linux. It can run on digital devices

including PCs, portable media players and digital TVs. The trusted client player

authenticates itself with the recorder to ensure that content is only copied,

transferred and played over the user's network. Even before its release, both

RedHat and Novell endorsed it.

SPDC



Self Protecting Digital Content or SPDC is an effective method of protecting the
content. It is intended for the high-definition optical disc formats. SPDC discs

can carry title-specific security logic. To enable this capability, players

contain a simple interpreter that runs this logic in an isolated environment

where it cannot harm the player.

Each disc carries all the information required for its own security; an

Internet connection is not required. A disc's security code cannot permanently

modify player behavior and is erased when the disc is ejected.

SPDC offers renewable security as the content holders can deploy updated

security mechanisms on new media without revoking players, affecting other

titles, or affecting the user experience. This technology compliments other

format-security technologies such as AACS (Advanced Access Content System) and

CSS (Content Scramble System). An SPDC enabled disc is marked with a content

code that validates the player and implements title-specific forensic marking

algorithms. If a security problem is identified in a particular disc, subsequent

discs can carry new security logic that addresses the vulnerability while the

new discs are played.

Who decides?



DRM is a boon to the content creators and those who distribute content. It is of
great help to those who are losing revenues due to the illegal distribution and

downloads of their content. But there are certain questions to answer-who will

meter honesty and what would keep an honest person honest?

For instance, I bought my favorite Pink Panther DVD from one of the likes of

Sony or BMG-Crescendo. And then decided that I shall rip its copy to be able to

watch it on a VHS that's in my room. When I tried that, I could not. Thanks to

the DRM system embedded within the DVD that doesn't allow it to be copied to

another media.

Instance 2: I tried to make copy of a music CD I possess to be able to listen

in the MP3 player in my car. While I could do that, I found that I had exhausted

a limit of 5-the number of times I can make a copy of the CD that I bought.

What do you call me? Honest or not? I never intended to put it on a P2P

network. I never wanted to replicate the content with the intent of reselling.

But what is stopping millions of those who are just waiting or the next DRM

to be available in the market so that they can crack it? And while the content

creators, media companies and solution providers are spending millions on

protecting their content from being copied or accessed without their knowledge

or monetary gain, the crackers are doing it just for the sake of doing it.

What about people like Cory Doctorow (a journalist and Science fiction

writer) who upload a free copy of their novel as a PDF on the Internet as and

when they write it? They believe that this is the best possible manner in which

their work can be appreciated by increasing number of people, and more people

buy it this way? Let alone others. Would you buy a book or a novel by someone

who you have never heard about? Well you might consider that or recommend to

others if you have read a copy on the Net.

DRM is not only about building uncrackable systems but how to avoid

monetizing the content and prevent its leakage to those who are not paying (or

are not authorized) and are trying to exploit their legal right and make money

on the copyrighted material that they have.

After all no secret remains a secret forever, and the fact that some one

knows about the key to that secret code itself makes it prone to be cracked. And

who gains the most in this run for supremacy, only time will tell.