All about Digital Rights Management (DRM)

Digital Rights Management (DRM) refers to any scheme used to protect the copyright of digital content using a system of encryption that often includes remote monitoring and control by the copyright owners. The development of the various forms of DRM has largely been driven by the large media companies as a response, they say, to the effect of large scale copying on their revenues rather than rely on the passive protection of copyright law these companies have gone on the offensive with active digital rights management. DRM encompasses a range of embedded software and hardware measures for all digital media that attempt to physically stop unauthorized use and copying. Since DRM at least appears to be a method of enforcing copyright, any discussion of DRM must include a discussion of copyright itself. The advantages and disadvantages of DRM for the copyright owner and the consumer and the legal, ethical and ideological issues surrounding DRM are by no means clear. In this feature we explore the ins and outs of DRM as they stand today.

What's wrong with DRM?

If DRM was always completely transparent to the end user, was not intrusive, protected copyright in a fashion that all agreed was fair and did not add cost to media hardware, perhaps no-one would find it objectionable. Various media companies have already applied almost draconian measures A further problem with DRM is that of interoperability, that agreeing on and using a standard form of DRM is not always in the media companies interest.

For example, this is true of Apple iTunes because of Apple’s agreements with the content providers that iTunes downloads should not be easy to copy. Some music download sites use license validation servers which validate a users right to play tracks they have downloaded. There have been several recent examples of music download sites closing down with the result that many users are left with tracks they have paid for but can no longer play because the validation servers are no longer available.

DRM has a negative effect on open source development, particularly on projects that are dedicated to pure open source, because all DRM involves proprietary methods and code. At present, playing protected Blu-ray content on a Linux box requires use of a device or player key, none of which have been issued for open source software players.

DRM in Action

The exact form of DRM used depends on the media format and even on the distribution method. Music distribution is moving towards compressed audio file download over the internet, although audio CDs still form a large part of sales. Movies are still mainly sold on disk, either DVD or Blu-ray, and broadcast video is distributed via terrestrial transmission, satellite or cable. Video is appearing on the internet, but for high quality video download or streaming to become a viable reality, a huge increase in bandwidth and capacity will be required. ISPs are already complaining that streaming services, such as the BBCs iPlayer, are causing network congestion. It has been said that, despite trumpeting the high quality of CD Audio when it was first introduced, some elements of the music business always felt nervous about providing the public with studio quality recordings that could be copied digitally with absolutely no loss in quality.

DVDs and CSS

The DRM system used for DVDs is called the Content Scrambling System (CSS). Introduced around 1996, it uses a relatively weak, proprietary 40-bit stream cipher algorithm. The weakness of the cipher is due, in part, to the US government regulations in place at the time the scheme was drafted, which prohibited the export of cryptographic systems using keys greater than 40 bits in length. A further structural weakness in the CSS encryption algorithm reduced the effective key length to only 16 bits, making it very easy to break. In fact this cipher was broken fairly early on and many programs are available for download that will strip out the encryption and produce a disk image for burning a copy. All DVD players or drives include a CSS decryption module and the lead-in areas of all protected commercial DVD disks contain some encryption keys. These keys are stripped inside the drive during playback so a byte-for-byte copy made of the data stream output from a drive playing a commercial protected disk will not play back because the encryption keys aren't reproduced. All the CSS DRM is capable of doing is to provide weak protection against people copying commercial movies.

DRM & Audio CDs

In 2005, the Sony Bertelsmann Music Group (Sony BMG) included a content protection plan on its music CDs that was intended to stop consumers from using a computer fitted with a CD writer from copying Sony BMG music CDs. This caused something of a stink because, not only did the Sony BMG content protection involve planting rootkit code deep inside a PC’s operating system, but it opened up a vulnerability that could be exploited by malware writers. Eventually, under pressure from various lawsuits, Sony BMG was forced to recall all the affected titles. In Europe in 2002, BMG had already caused an uproar by releasing copy protected titles that did not even carry a label stating that the CD incorporated copy protection. Sony BMG employed two types of content protection software: Extended Copy Protection (XCP) and MediaMax CD-3. 52 titles were released with XCP and 50 titles were released with MediaMax. When a PC running a Windows operating system attempted to play one of these titles the Sony BMG software was triggered and would display a EULA message offering the user the option to install a custom Sony BMG player. Apparently the XCP software would install what came to be known as rootkit software, even before the EULA message was displayed. Other criticisms of the Sony BMG software were that it ran as a constant background task, consuming system resources, it had no uninstall and could not be easily removed and that it caused instabilities leading to 'blue screen' crashes. Although Sony BMG did eventually release a supposed removal program, this software was ineffective and actually made things worse. These are the kind of problems that have led to all content protection and DRM getting a bad name.

Blu-ray, Advanced Access Content System (AACS) and HDCP

In theory and to the casual user, HDCP's combination of protected hardware links with encryption handshakes makes it impossible to copy. However the system can be attacked in two ways, either using a stripper box to extract the raw decoded signal, or by physically accessing the encoded data and decrypting it in software. A stripper box consists of some HDMI connectors wired to a circuit containing an HDCP decoder chip, something like the Silicon Image HD Fury chip. The problem with this method is that the particular box used can be remotely disabled by the key revocation tables issued on new media by the content providers. Decryption of the signal is not as difficult as it might have been because the economic burden of building really strong encryption into the hardware was felt by the hardware manufacturers to be too high. Blu-ray disks and players use Advanced Access Content System (AACS) encryption; however as of August 2008 all current AACS decryption keys are available on the internet. BD+ and BD-ROM Mark are other encryption schemes that may be applied to Blu-ray and are tougher to crack than AACS.

Applications Software

It's perhaps overlooked, but most commercial applications software has increasingly restrictive DRM based on a challenge and response scheme. Installation requires entering a serial number that ships with the product. This generates a further code which must be exchanged with the software vendor, either over the internet, or by phone, for a final unlock key. The installations are usually locked in to the PC the software is installed on and the maximum number of installs without further permission from the manufacturer is often limited. This system allows the software vendor to gather certain information about its customers. Software End User Licence Agreements (EULAs) often state that you, as the end user, don't even own the physical software copy and documentation, but have only purchased a licence to use the software within the very narrow limits of the EULA, which the manufacturer and copyright owner may decide to revoke at any time. The final insult is that most software manufacturers include a clause in the EULA which says that they do not guarantee their products to work and that they accept no responsibility for any negative consequences that may result from its use.

In Conclusion

It’s an accepted fact that rarity increases the worth of almost anything. If something is easily copied it is often regarded as being of low value. Also it seems that the ease with which something may be copied is directly related to the respect with which copyright is treated. Because digital assets, in particularly at the moment music tracks, are easy to copy, it has lead to music in general being devalued. Amazingly, many younger people seem to believe that music recordings should be free. What they do not seem to realise is that musicians, like everyone else, have to make a living. The eventual result of placing no value, or even a very low value, on music, or any other art form that can be recorded and copied, is that soon few will bother to make it. There will be no more, or at least very little, new music. So despite their inconveniences, there is an argument for effective forms of DRM and the inconveniences of the current forms of DRM may well be short term. For example, at the moment PC owners, depending on the age of their machines, may need to update more components than just an optical drive to be able to play Blu-ray disks, purely because of High Definition Content Protection. As this technology finds its way onto the market and into new PCs this problem will go away.