|
Digital rights management or digital restrictions management (abbreviated DRM) is an umbrella term for
any of several arrangements which allows a vendor of content in electronic form to control the material and restrict its usage in
various ways that can be specified by the vendor. Typically the content is a copyrighted digital work to which vendor holds rights. The actual arrangements are called technical protection measures, although the
distinction between the two terms is not particularly clear.
Introduction
When data is in analog form, digital management does not apply. Analog copy protection technologies are less useful to
copyright holders for several reasons. It is usually easier to buy a new copy of an analog copyrighted work than to produce an
equivalent copy independently. Producing an analog copy, instead of buying it, is often time-consuming, relatively expensive, and
produces an inferior quality product; making the analog copy process unattractive and marginal.
Copyright holders persistently object to new techniques of copying and reproduction. Examples include controversies
surrounding introduction of audio tape, VCR, and
radio broadcast. The DRM controversy is a continuation of a long standing conflict between copyright holders and the use of any
new technology for copying.
The situation changed with the introduction of digital technologies. It became possible to produce an essentially perfect copy
of any digital recording with minimal effort. With the advent of the personal computer, software piracy became an
issue in the 1970s. Development of the Internet in the 1990s virtually eliminated the need for a physical medium
to perform perfect transfers of data (such as MP3 formatted songs).
Although technical control measures for software have been common since the 1980s, DRM
is increasingly being used for 'artistic' works too. Some would like to use DRM mechanisms to control other "proprietary
information", particularly trade secrets and uncopyrightable facts in
databases (see also database protection
laws).
In contrast to the existing legal restrictions which copyright imposes on the owner of a copy, most DRM schemes would enforce
additional restrictions to be imposed solely at the discretion of the copyright holder.
DRM vendors and publishers originally coined the term "digital rights management" to refer to these types of technical
measures. In contrast, because the "rights" that the content owner chooses to grant are not necessarily the same as the actual
legal rights of the content consumer, DRM opponents maintain the phrase "digital rights management" is a misnomer, and that
"digital restrictions management" is a more accurate characterization of the functionality of DRM systems. They often cite
a famous example of DRM overreach. Adobe Systems released in 2000 a public domain work,
Lewis Carroll's Alice in Wonderland, with DRM controls asserting
that "this book cannot be read aloud" and so disabling use of the text-to-speech feature normally available in Adobe eBook
Reader.
In the extreme, such control is proposed to be enforced through so-called trusted computing. Opponents maintain that this creates the prospect of a computer system which cannot be
trusted by its owner, because its behavior can be remotely manipulated at any time, regardless of the legal merits of such
manipulation. Most opponents have little faith that the courts or legislatures will be able to limit such manipulation to only
that which is legally permitted.
Several laws relating to DRM have been proposed or already enacted in various jurisdictions (State, Federal, non-US). Some of
them will require all computer systems to have mechanisms controlling the use of digital media. (See Professor Edward Felten's freedom-to-tinker Web site for information and pointers to the
current debate on these matters).
An early example of a DRM system is the Content
Scrambling System (CSS) employed by the DVD Forum on movie DVD disks. It was originally developed by Matsushita in Japan. The data on the DVD is encrypted so that it can only be decoded and viewed using an encryption key, which the DVD Consortium kept secret. In order to gain access to the key, a DVD player manufacturer was required to sign a license agreement with the DVD Consortium which
restricted them from including certain desirable features in their players, such as a digital output which could be used to
extract a high-quality digital copy of the movie. Since the only market hardware capable of decoding the movie was controlled by
the DVD Consortium, they hoped to be able to impose whatever restrictions they chose on the playback of such movies. See also
DIVX for a more restrictive and less commercially successful variant of this scheme which
is no longer marketed. That name is also used (DivX), in ironic tribute to the defunct disk
"protection" scheme, for an implementation of the MPEG-4 video compression protocol.
To date, all DRM systems have failed to meet the challenge of protecting the rights of the copyright owner while also
respecting the rights of the purchaser of a copy. None have succeeded in preventing criminal copyright infringement by organized,
unlicensed, commercial pirates. Flaws of some well known systems include:
- Physical protection: Utilizes separate hardware to ensure protection. Examples include hardware dongles that had to be attached to the computer prior to using the content, and USB and smart card devices
working in a similar fashion. Physical protection methods consistently failed in consumer markets due to compatibility problems
and extra level of complexity in content use; however, they did enjoy limited success with enterprise software.
- DIVX: Required a phone line, inhibiting mobile use. To take a work for which
unlimited plays had been purchased (called DIVX Silver) to a friend's home, it was necessary to carry a 30 lb DVD player as well
as the light and compact disc; or to telephone the DIVX service and have the player of the friend transferred to the account of
the purchaser of the work, and then call again to have it switched back. The system prevented certain legal uses such as the
creation of compilations, by the purchaser. The system also prevented the sale or lending of purchased works, by recording the
account information of the original purchaser on the DIVX Silver disk. Under copyright law, the owner of a legally-obtained copy
of a work may create compilations, or re-sell the copy in the secondary (used goods) market. By using these technical measures,
the DIVX system was able to thwart the buyer's right of first sale and other
fair use rights. DIVX is a form of physical protection of the content (see
above).
- CSS: Restricts the ability to buy DVDs
in one country and play them in another, because CSS is also used to enforce Region Coding. It restricts fair use and first purchaser rights, such as the creation of compilations or full
quality reproductions for the use of children or in cars. It also prevents the user from playing CSS-encrypted DVDs on any
computer platform (notably Linux computers). Recently, with the advent of DeCSS and
cryptographic analysis of the CSS algorithm have demonstrated flaws in this system which can be exploited to allow users to
recover some of their fair-use rights. Full quality digital copies can now be easily made, making fair use by normal consumers
easier. Although it has been argued that programs like DeCSS make copyright infringement
easier, this system has never been effective in preventing illegal mass copying of DVDs by criminal gangs, even before the system
was found to be flawed. CSS is an example of certificate-based encryption.
- Product activation: Invalidates or severely
restricts a product's functionality until the product is registered with a publisher by means of a special identification
(activation) code. The process often uses information about the specific configuration of the hardware on which the software
runs, hashing it with the identification number specific to the product's
license. Microsoft was the first company to utilize this method in its Microsoft Reader product.
Activation was later used with Windows XP and then with Office XP. Ultimately, workarounds which bypassed the product activation
system have been developed.
- Digital watermarking: Allows to add hidden
copyright or other verification messages to content. The addition of the hidden
message to the content does not restrict its use, but it provides a mechanism to track the content to the original owner.
Digital Millennium Copyright Act
The controversial Digital Millennium
Copyright Act was passed in the United States in an effort to make
the circumvention of such systems illegal. It was passed without debate, and without even token opposition, Congress being
apparently under the impression that it was a "technical" enactment, without significant public policy implication. It has been
widely imitated elsewhere by other governments.
Despite this law, which has since received substantial opposition on Constitutional grounds, it is still relatively easy to
find DVD players which bypass the limitations the DVD Consortium sought to impose. John Hoy, president of the DVD Copy Control Association, in testimony to the
Library of Congress in 2003 stated "furthermore, if a consumer in the United States desires
to view a DVD disc that has been region coded only for Europe, then that consumer is free to purchase a DVD player (either
hardware or software) that is coded to play European DVDs. No legal restrictions apply – either through the CSS license or
otherwise – to the importation and use of non-U.S. region players in the United States". (reply comments, comment 28, page 4, PDF document (http://www.copyright.gov/1201/2003/reply/028.pdf)).
There has been a widely publicized arrest and arraignment of a Russian programmer, Dmitry Sklyarov, for violation of the DMCA. He did the work cited for his employer, Elcomsoft, while in Russia, where it was and remains entirely legal. The product allowed
those who were in possession of a password, presumably lawfully obtained along with the encrypted copy of the work, to make
copies without encryption locking them to use on a single computer. Sklyarov was arrested on a criminal warrant during a lecture
visit to the US, and spent several months in jail until a compromise was reached. The ensuing criminal case against Elcomsoft
(for whom Sklyarov did the work) resulted in acquittal. See Professor Edward
Felten's freedom-to-tinker Web site [1] (http://www.freedom-to-tinker.com/archives/cat_dmca.html) for some observations on the DMCA,
its proposed successors, and their consequences, intended and unintended.
The DMCA is also causing a chill in the activities of fully legitimate computer scientists. Professor Felten, of Princeton,
has had difficulty publishing papers he and his students have written; they were related to a contest sponsored by a security
software company inviting investigation of a product design. (See Internet postings in Felten v. RIAA). Alan Cox, the Englishman who was Linus Torvalds' chief deputy throughout almost the entire first decade of the development of Linux, has resigned his position due to his concern that a criminal charge might be laid against
him as a result of some code in the Linux kernel. He has even declined to post explanations of some changes made in the kernel
(the changelog is fundamental to the project) because of his concern about his
exposure to prosecution and penalty under the DMCA; such explanations might be seen as a DMCA "disclosure". He has also declined
to attend US software conferences for similar reasons. Niels Ferguson,
a Dutch cryptography expert and security consultant, discovered a flaw in
an Intel security
protocol, told Intel about it and was told that Intel had no objection to his publishing a paper about the problem. He has
nevertheless decided not to publish due to concern about being arrested under the DMCA.
New and even more controversial DRM initiatives have been proposed in recent years which could prove more difficult to
circumvent, including copy-prevention codes embedded in broadcast HDTV signals and the
Palladium operating system. A wide variety of
DRM systems have also been employed to restrict access to eBooks. See the TCPA/Palladium
FAQ [2] (http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html) maintained by Cambridge Professor Ross J. Anderson for a clear discussion of two prominent proposals.
Opponents of DRM, as envisioned and as currently implemented, note that by delegating control of computer access (or control
of the ability to execute some programs, or to execute programs only with certain data) to anyone except the user and the
machine's administrator(s), there is a very considerable risk of problems caused by such third party interference which go well
beyond the enforcement of copyright.
For instance, due to a bug (or misdesign, or misadministration of an otherwise "reasonable" design) the control software (eg,
in a trusted computing system) implementing the local part of a
DRM scheme may prevent a computer user from using his computer at all, or from using programs (or using data as an input to a
program) when such use is actually completely legitimate and not a violation of any copyright holders' rights. Or, for another
example, a legally obtained copy of a DVD might be blocked because it is being used on equipment which doesn't include the DRM
function permitting access to it, or which if included, doesn't interoperate correctly. Currently, DVDs legally purchased in some places are not playable
in other places for exactly these reasons, although in this case it is marketing considerations, and not "security", which is the
reason for the restriction. DRM provisions have already appeared in released versions of some Microsoft Windows operating system subsystems (e.g., Windows Media Player) and are scheduled in more as Palladium is implemented in currently planned, not
yet released, versions of Windows.
Security protocols, software implementing security protocols, and cryptography
have historically proven extremely difficult to design without vulnerabilities due to bugs or design mistakes. This has been true of designs from experienced and well respected professionals; the
record is abysmally poor for those inexperienced in cryptography and security protocols.
Other copyright implications
While DRM systems are ostensibly designed to protect an author's right to control copying, this protection is only half of the
bargain between the copyright holder and the state. The other half of the bargain is that after a statutorily-defined period of
time the copyright work becomes part of the public domain for anyone to
use freely. DRM systems currently employed are not time limited in this way, and although it would be possible to create such a
system (under compulsory escrow agreements, for example), there is currently no
mechanism to remove the copy control systems embedded into works that are entering the public domain, after the term of copyright
expires.
Furthermore, copyright law does not restrict the resale of copyrighted works (provided those copies were made by or with the
permission of the copyright holder), so it is perfectly legal to resell a copyright work provided a copy is not retained by the
seller—a doctrine known as the first-sale doctrine in
the US, which applies equally in most other countries under various names. Similarly, some forms of copying are permitted under
copyright law, under the doctrine of fair use (US) or fair dealing (many other countries). DRM technology restricts or prevents the purchaser of copyright
material from exercising their legal rights in these respects.
DRM has been used by organizations such as the British Library in
its secure electronic delivery
service to allow worldwide access to substantial numbers of rare (and in many case unique) documents which, for legal
reasons, were previously were only available to authorized individuals physically visiting the Library's document centre at
Boston Spa in England. This is an interesting case where DRM has actually increased public access to restricted material rather
than diminished it.
DRM advocates
Some DRM advocates have taken the position, in essence, that DRM / security / cryptography design goals and operational
contexts are sufficiently well understood, and software engineering is also sufficiently well understood and will be so
practiced, that it is already possible to achieve the desired ends without causing unrelated problems for users, their computers,
or those who depend on either. In essence, they claim that there is no technical, nor engineering competence problem foreseeable
with such software.
Others have taken the position that the creators of intellectual property should have the right to chose among keeping their
work for themselves, giving it away, assigning limited control (ex. creative commons license), controlling its distribution, or
selling it. Without that freedom, they argue, there will be a chilling effect on creative efforts in the digital space. DRM is
one means of enabling that choice.
Examples of existing "digital rights management" and "copy protection" systems:
DRM opponents
Many organizations and prominent individuals are opposed to DRM in its various currently proposed forms. Two notable opponents
are John Walker in his article, The Digital
Imprimatur: How big brother and big media can put the Internet genie back in the bottle, and Richard Stallman in his article/story The Right to Read (http://www.gnu.org/philosophy/right-to-read.html). Professor Ross Anderson of Cambridge University heads a British organization which has been
quite active in opposing DRM and similar efforts in the UK.
The Electronic Frontier Foundation
and similar cyber civil rights organizations, including boycott-riaa.com, also hold positions which may be broadly characterized as
opposed to DRM.
Techno-liberals such as FFII criticize DRM's impact as a trade barrier from a free market perspective.
The use of DRM is also likely to be a barrier to future historians, since technologies designed to only allow the data to be
read on specific machines may well make future data recovery impossible - see Digital Revolution.
The use of DRM is a key part of implementation of corporate compliance policies such as the Sarbanes-Oxley Act of 2002, protecting corporate
documents from unauthorized tampering and creating an audit trail which can
be used to determine liability at board level within corporations for misdemeanors. This level of control is obviously unwelcome
at certain levels.
The use of DRM affects private property rights. The DRM part of the device takes control over the rest of the user's device
(e.g. MP3 player) and forces it to act against the user's wishes (e.g. preventing the user from copying a song). All forms of DRM
rely on the device enforcing restrictions against the user's wishes.
Controversies about and consequences of deployed DRM
Several DRM schemes have now been enacted. DRM opponents have seen many of them as "abuse" of copyright; DRM proponents have
seen them as a reasonable balance of consumer concerns and artist rights. Examples include:
- inclusion of commercials on the "unskippable track" on DVDs reserved for the copyright notice;
- using the DMCA to protect items that do not qualify for copyright prevention, such as garage door openers and printer ink
cartridges;
- adding restrictions on reading books aloud in the EULA of Ebooks;
- using copy control schemes to thwart the existing exceptions to copyright (e.g. fair use);
- preventing academic publication and widespread distribution of hacks on computer security without permission of the creators
of that technology
- silencing individuals who have found serious flaws in software used in electronic voting;
- restriction of medical records and personal
financial information using DRM to protect consumer rights. Insurers, lawyers and loan companies have strongly objected to
the use of these technologies to prevent patient, hospital and practitioner records being more freely accessible due to copy and
forward restriction applied to patient or customer records.
European dialogues on DRM concerns
In Europe, there are several dialog activities, that are uncharacterized by its consensus-building intention:
- Workshop on Digital Rights Management of the World Wide Web Consortium (W3C), January 2001. [3] (http://www.w3.org/2000/12/drm-ws/Overview.html)
- Participative preparation of the European Committee for Standardization/Information Society Standardisation System (CEN/ISSS)
DRM Report, 2003 (finished). [4] (http://www.cenorm.be/cenorm/businessdomains/businessdomains/isss/activity/drm_fg.asp)
- DRM Workshops of DG Information Society, European Commission (finished), and the work of the DRM working groups (finished),
as well as the work of the High Level Group on DRM (ongoing). [5] (http://europa.eu.int/information_society/eeurope/2005/all_about/digital_rights_man/index_en.htm)
- Consultation process of the European Commission, DG Internal Market, on the Communication COM(2004)261 by the European
Commission on "Management of Copyright and Related Rights" (closed). [6] (http://europa.eu.int/comm/internal_market/copyright/management/management_en.htm)
- The INDICARE project is an ongoing dialogue on consumer acceptability of DRM solutions in Europe. It is an open and neutral
platform for exchange of facts and opinions, mainly based on articles by authors from science and practice. [7] (http://www.indicare.org)
References
- Lawrence Lessig, "Free Culture", Basic Books, 2004. A legal and social history of copyright, with an account by the man who
argued one side of it of a recent landmark case on use of digital techniques re copyright. Lessig is a Professor of law at
Stanford, and writes clearly enough in this instance, that a non-lawyer can follow the discussion. It is available for free
download in PDF format. [8] (http://free-culture.org/freecontent)
External links
Lobbying organizations
|
