DRM: The Rights Way to Go

DRM has always been at centerstage when you talk about controlling access to or authorization of content. With technologies evolving day in and day out, is it heading somewhere?

Monday, August 14, 2006

“Tango to Charlie, come in, do you copy?”
“Tango here...why are you laughing Charlie...over?”
“Tango, the Buddha has smiled...over”
“Copy that Charlie..over”
“Over and out Tango”
You just successfully managed to deliver the message to your army camp at the border that the headquarters has given permission to prepare to attack. Even if the enemy intercepts this message and records everything, it doesn't matter. The message is encrypted. The way to decode it is known only to the recipient(s).

In the morning, you wake up after living the whole night as a soldier, sending encrypted messages and go to your workplace. When you reach your workplace, you are confronted with a similar situation. You have to send some confidential reports to your subordinates by e-mail, but since it has to travel ISPs the world over, it can be intercepted anywhere and read. So you encrypt it in such a way that only the intended recipients can make any sense of it. You then go back home and on your way, pick up some audio CDs from the local music store. You listen to it in your car stereo on the way, and after reaching home, try to play it on your PC.

Alas, you can't because it's only meant to be played by audio CD players. We've taken these two examples because just like the armed forces, there's a code language that surrounds all of us today. It's called DRM or digital rights management. The technology provides various solutions that authenticate only certain users to make use of particular content in a particular manner.

First of all, DRM is not dead. It's very much alive and evolving. In this story, we'll try to look at the DRM technologies, which can be used by original content developers, like musicians, artists or even software developers to prevent illegitimate copies of their IPR from getting created.
To help the owners of original content-audio and/or video-the industry giants in this business like Real Networks, Sony and Apple have been promoting the use of their indigenous DRM technologies. Even Microsoft has come out with Windows Media DRM to stay in the race.

We spend the next few pages as much in telling you what are these available and upcoming technologies as much we do in bringing to you where the DRM movement is heading in the light of such regulations and technologies.

Fairplay
This is Apple's digital rights management system that is meant to bring benefits to the original creator of music, recording companies and the customer. Fairplay allows you to play music on up to five computers. You can burn unlimited individual songs and burn playlists up to seven times each. Their iTunes music store makes use of this.

This DRM technology limits the ways in which you can use the music files and restricts them to a world of Apple formats and portable audio players.

With this, you can play music on several computers and an unlimited number of iPod portable players. You can even burn Red Book audio CDs.
As a consequence, it also restricts the fair use (refer to the glossary) of what iTunes sells by limiting the number of times one can make the copies, even for a personal use.

Digital watermarking
If you are one of those who spent hours behind a rare dodo in difficult natural terrains to capture him in your camera or you have just finished creating a masterpiece on an oil canvas-things that are hard earned intellectual properties, you need to know about digital watermarks. Mostly used by the artists and photographers or those who sell their digital art, this is one of the earlier means of steganographic techniques to protect digital photographs or art pieces from being replicated or use. Here, the original image is superimposed with a watermark, visible or invisible, that may contain copyright information, or a mark. This either makes the image unusable or allows you to track whether the used image is copyright-protected. Some sites that make use of digital watermarking include istockphotos, gettyimages and corbis.

In fact, it is also being used to protect the videos from being pirated. People are running businesses based on copying complete movies from theaters. They buy one ticket to the cinema hall, and once in they record the movie on a camcorder that they took in with themselves. But to the owners' respite, there are now means in which the whole movie/video can be digitally watermarked. There are technologies available that embed some noise (audio/video) into the original content. The watermark is at a frequency that cannot be perceived by the human eye, but the camcorders can catch it. So when someone tries to record it on a camcorder, the noise renders the video un-usable. In certain other forensic watermarks, as the CineFence technology introduced by Philips, information about date, time and place is embedded into the picture and soundtracks of a video that let you trace an illegal copy back to the cinema hall.

The protected audio files from iTunes can be copied on any number of iPods but only upto 5 authorized computers

Sony's rootkit
You play a CD on your PC, unaware of the fact that there was a spy sitting on the CD that was transferred to your PC in the process. This one not only aborts from taking action on some commands like copying, but at the same time connects the machine on the Internet to the Sony's site, passing all the information about how many times copies were made and where to. Not just this, if you come to know of this spy and try to thrash him out, it sabotages your system. That's what Sony's DRM is up to, thus, making it incredibly restrictive in the way they let the consumer use a product.

Sony had attracted a lot of anger and lawsuits by putting a rootkit DRM technology called XCP (Extended Copy Protection) on to a large number of music CDs in order to prevent disks from being copied.

Sony has called off the production of any such CDs since it announced it in November 1995, after its XCP move caught it into several lawsuits as it was proved that it harmed the computers, crashed it at times, ate CPU time, reduced the hard drive's life and so on. The technology automatically installed itself when a consumer inserted the CD in their computers and could not be picked up by conventional anti-spyware or anti-virus software unless they used rootkit detectors. The rootkit hid itself deep inside the Windows OS mimicing legitimate files. And once you decided to play one such CD on your Windows machine, a license agreement popped up. The license only told you that a software (rootkit and DRM) would be installed but didn't disclose that the rootkit could not be uninstalled. The company is working afresh to bring new DRM techniques that would not infringe the security concerns or harm machines.

Windows MediaDRM
This is Microsoft's DRM initiative towards providing quality content to the legitimate users securely for playback on computer or a portable or nwtwork device. It aims to benefit both the consumers as well as digital content owners by providing quality content to all customers by giving them the freedom to play it wherever and on any device they want. Windows MediaDRM uses encryption algorithms to protect the digital content without affecting the user experience. It was released released in August 1999 and the platform includes both server and client SDKs and 'porting kits' that enable programs to protect and playback media files. Using the Windows Rights Manager SDK, you can stream or download the media files in an ncrypted format on the Internet from the owners or content providers. Also the consumers can find, acquire or play the content anywhere. WindowsMedia DRM is a lot more flexible than Apple's FairPlay and works with a wide variety of devices.

Sun's DReaM
This is an open-source DRM project being developed by Sun Microsystems under the umbrella of Creative Commons. While there is lot of controversy around whether DRM can be successfully implemented using Open Source, Sun is leading its DReaM to make it a pleasant experience. The controvery is based on the apprehension that Open Source would mean that the source code would be available to all for modifications and tempering, thereby defying the purpose of imposing security layers over digital content using certain Open DRM tools. Sun Labs is soon to
release version 1.0 of its Open Media Commons DreaM (DRM everywhere, available). In the meanwhile, they have already come out with two draft specifications for their content protection technologies-DReaM-CAS (Conditional Access System) and DReaM-MMI (Mother May I).
The prior one uses AES, ECC (Error Correcting Code), 3DES (Data Encryption Standard that encrypts the data three times), PKI and SSL technologies to deliver protected content over IP networks using MPEG-2 Transport System format. On the other hand, DReaM-MMI lets you manage rights with the underlying philosophy that states that clients should be able to negotiate for rights through standardized protocols rather than downloading a license with an embedded expression of rights. The specification defines the message protocol, message transport and a list of profiles required to ascertain rights by a DRM client from a rights server.

Unlike many other DRM solutions, DreaM targets to authenticate not just devices but also roles and people who would use products/applications/solutions under the DRM umbrella. This would bring transparency and responsibility amongst everyone-be it users, content owners or content providers. This is because being open source everyone including the three mentioned above will be able to work together to address any problem with the DRM solution.

DRM in Enterprise

We are all skeptical about DRM because of issues that surround it-those of not just security but also obscurity. The reason for this is that most of us do not know the implications and applications or the ways in which it can benefit us? Also whether it can benefit us is a big question. Mostly we associate DRM with music or video download or restricting that but we forget that entertainment is a very small part of general IT. In the enterprise context, it is important to get people thinking beyond protecting mass media content. Here you have equally important, if not more, content to save from unwanted elements that might bring the complete infrastructure down. Therefore, for an organization, the concept of DRM revolves around controlling access to and operations upon critical information. Even in the Enterprise market outside the mass media context, there is a necessity to manage access, maintain integrity and maximize value of digital content whose essential nature is that perfect copies are free to create, modify and share. While DRM doesn't do that by itself, it does propel you in that direction by providing you tools to do that. But, think of another scenario. If you can consume some content, you can capture it (be it in your mind's memory lanes)....and if you can capture the content you can recreate it, distribute it or do whatever you want to if you are outside the constraints of DRM. On the other hand when you make use of a DRM policy, you use either some or the other technique to protect the content. But there is a hitch here. The lockmaker is not only making the locks and the keys, but distributing the keys to atleast some people. That's the irony! But how is that happening? Let us take an example from recent past. MS Office 2003 had some rights management features built into it that defined how the receiver would see the content. The receiver of the content could do what the creator had defined for him, say, he could just view but not be able to copy or print. But that worked only for Office 2003 and above. The makers of Office 2003 thought what if someone did not have Office 2003. Well when such a file was opened on a machine that had something below this version, the permission policies became ineffective. As a result, the concept of DRM had gone for a toss, thus, making DRM to be almost an oxymoron. Today, you can set permissions in most of the mail clients, Office 2007 comes with such abilities and Adobe has been in this game from long back too allowing the sender or content owner to set rights for a particular PDF file. While each DRM architecture differs from the other in terms of how it operates and what it delivers, the basic architecture for most of them is the same as far as the enterprise usage is concerned. Architecture Most enterprise DRM architectures in place today have three basic components-publisher, license server and recipient. The publisher comprises the creator or author of a content and a DRM functionality that encrypts the content and its metadata. It may be the user's PC or a server at which the author is working. The license server is a repository of rights and policies that are to be imposed on the content, encryption keys, identities of users/devices and a license generator that combines all these to create a license that enable the client to unlock the content. The last element in the chain is the recipient that finds the identity-related information, unlocks the license using the key in the key storage and retrieves the content keys from the license to decrypt the content. Furthermore, the decrypted content is passed on the authoring application for viewing, editing, copying etc, based on what has been allowed by the license and the same is done. Also there is a DRM controller that performs checking operations to maintain the integrity of the system. Time to ponder... Still there are some issues to be resolved even at this end. The consumer of content is concerned only about being able to get the content anytime, anywhere in the easiest possible manner. But if the DRM tools make his life troublesome by restraining him to much with his experience, he may not just use that product ever, or buy such device that does that. It remains to be seen which product/service wins in providing the maximum user satisfaction without much deviation from the current way of using them.

Real Helix
Helix is Real Network's Open Source DRM software that was released in 2004. This is a digital rights management system that, within the parameters of 'fair use' allows creating copies of books, music and video. 

It allows for the secure playback and storage of digital broadcast content over a user's trusted local network. It includes the Helix DRM Trusted Recorder, which allows for recording of broadcast flag-enabled content that can then be played back using a Helix DRM trusted client.

Licensed under GPL, the Helix DRM technology lets media formats including RealAudio and Video, be distributed in Linux. It can run on digital devices including PCs, portable media players and digital TVs. The trusted client player authenticates itself with the recorder to ensure that content is only copied, transferred and played over the user's network. Even before its release, both RedHat and Novell endorsed it.

SPDC
Self Protecting Digital Content or SPDC is an effective method of protecting the content. It is intended for the high-definition optical disc formats. SPDC discs can carry title-specific security logic. To enable this capability, players contain a simple interpreter that runs this logic in an isolated environment where it cannot harm the player.

Each disc carries all the information required for its own security; an Internet connection is not required. A disc's security code cannot permanently modify player behavior and is erased when the disc is ejected.

SPDC offers renewable security as the content holders can deploy updated security mechanisms on new media without revoking players, affecting other titles, or affecting the user experience. This technology compliments other format-security technologies such as AACS (Advanced Access Content System) and CSS (Content Scramble System). An SPDC enabled disc is marked with a content code that validates the player and implements title-specific forensic marking algorithms. If a security problem is identified in a particular disc, subsequent discs can carry new security logic that addresses the vulnerability while the new discs are played.

Who decides?
DRM is a boon to the content creators and those who distribute content. It is of great help to those who are losing revenues due to the illegal distribution and downloads of their content. But there are certain questions to answer-who will meter honesty and what would keep an honest person honest?

For instance, I bought my favorite Pink Panther DVD from one of the likes of Sony or BMG-Crescendo. And then decided that I shall rip its copy to be able to watch it on a VHS that's in my room. When I tried that, I could not. Thanks to the DRM system embedded within the DVD that doesn't allow it to be copied to another media.

Instance 2: I tried to make copy of a music CD I possess to be able to listen in the MP3 player in my car. While I could do that, I found that I had exhausted a limit of 5-the number of times I can make a copy of the CD that I bought.

What do you call me? Honest or not? I never intended to put it on a P2P network. I never wanted to replicate the content with the intent of reselling.

But what is stopping millions of those who are just waiting or the next DRM to be available in the market so that they can crack it? And while the content creators, media companies and solution providers are spending millions on protecting their content from being copied or accessed without their knowledge or monetary gain, the crackers are doing it just for the sake of doing it.

What about people like Cory Doctorow (a journalist and Science fiction writer) who upload a free copy of their novel as a PDF on the Internet as and when they write it? They believe that this is the best possible manner in which their work can be appreciated by increasing number of people, and more people buy it this way? Let alone others. Would you buy a book or a novel by someone who you have never heard about? Well you might consider that or recommend to others if you have read a copy on the Net.

DRM is not only about building uncrackable systems but how to avoid monetizing the content and prevent its leakage to those who are not paying (or are not authorized) and are trying to exploit their legal right and make money on the copyrighted material that they have.

After all no secret remains a secret forever, and the fact that some one knows about the key to that secret code itself makes it prone to be cracked. And who gains the most in this run for supremacy, only time will tell.

Page(s)   1