Digital Rights Management : Necessary evil or Evil that's not Necessary?

Digital Rights Management (DRM) refers to any scheme used to protect the copyright of digital content using a system of encryption that often includes remote monitoring and control by the copyright owners. The development of the various forms of DRM has largely been driven by the large media companies as a response, they say, to the effect of large scale copying on their revenues. Rather than rely on the passive protection of copyright law these companies have gone on the offensive with active digital rights management.

DRM encompasses a range of embedded software and hardware measures for all digital media that attempt to physically stop unauthorized use and copying. Since DRM at least appears to be a method of enforcing copyright, any discussion of DRM must include a discussion of copyright itself.

The advantages and disadvantages of DRM for the copyright owner and the consumer and the legal, ethical and ideological issues surrounding DRM are by no means clear. In this feature we explore the ins and outs of DRM as they stand today.

The history of information protection and copyright

It may seem that only in the digital age has the protection of data become a problem, but means have always been sought to protect valuable information. The ancient Greeks formed groups that protected their knowledge of physics and geometry by keeping it secret. Secrecy was enforced by ritual and the threat of punishment.

In Europe, in the middle ages, the knowledge associated with various crafts such as gold working was treated as being of great value and was kept secret by organizations known as guilds. These trade guilds flourished between the 11th and 16th centuries, although some of them have survived in attenuated form until today. Similar guilds, known as Shreni and Benin, operated in India as long ago as 300 C.E.

This simple principle of secrecy is still a part of the protection of information today and it ranges from the secret keys used in encryption to proprietary methods and information.

At least until the invention of the moveable type printing press by Gutenburg in 1439, books, paintings and musical performances could be copied, but almost as much knowledge, skill and effort was required as was needed to create the originals. This difficulty in itself provided a fair degree of protection. This illustrates that very often just making something difficult enough to copy provides enough protection, at least for economic purposes.

The first UK laws on copyright on books and other writings were laid down in 1710 with the Statute of Anne, apparently prompted even then by the piracy of printed books. Copyright law in India was first introduced in 1847 under the East India Company’s regime. Relatively recently actions have been taken to attempt to bring copyright laws up-to-date, so they are better able to deal with the issues raised by digital technology. In 1998 America passed the Digital Millennium Copyright Act (DMCA), an act that apparently criminalizes the circumvention of DRM protection, even when there is no infringement of copyright itself. In 2001, the European Parliament passed the European Union Copyright Directive, which addresses some of the concerns of the US DMCA, but leaves one of its principle issues, that of limiting the liability of ISPs to prosecution, to the separate Electronic Commerce Directive. The original form of the DMCA, which illustrates just how convoluted such things can become, appeared to make cryptographic research illegal.

In 2006, the Indian Copyright office posted proposals to amend the Copyright Act of 1957 (last amended in 1999) on its website. One of the proposed amendments seeks to introduce the issue of Digital Rights Management (DRM) into Indian copyright law along the lines of the DMCA.

All of these methods of protection are primarily passive and defensive. Digital technology has finally made it relatively easy for copyright holders to protect their property by active and offensive means. At their most extreme, these measures make it possible to automatically punish anyone who exceeds the limits of the copyright and may no longer adhere to legal, but to almost arbitrary limits, chosen at the whim of the copyright holder and further, to analyses, manipulate and control its customer base.

A further difficulty for the international media companies is that copyright law varies from country to country. In some countries it is perfectly legal to make multiple copies ‘for personal use’. The term ‘fair use’, it seems, is often mis-quoted; in the US it refers to the right to quote short exerts of a copyrighted work for the purposes of commentary, criticism, news reporting, research and other similar purposes. The Digital Millennium Copyright Act (DMCA) has actually reduced the scope of ‘fair use’.

Prosecution of the owners of web sites supporting peer-to-peer networks offering access to illegal music downloads is hampered by the imprecision of current copyright law. Peer-to-peer technology itself is not illegal and the argument centers around whether simply making copyright material available, in a way that makes it easy to copy, can be deemed an illegal act. This has led in some cases to big media making highly publicized prosecutions of individuals they suspect of having made large numbers of illegal downloads.

The arguments over copyright oscillate between two extremes: making any copies of any kind of a copyright work is an infringement of copyright, or — copying of a copyright work by an individual who has paid for a copy, into different formats in order that that individual may make use of the work, is reasonable and permissible. The problem with the first position is that digital technologies routinely make copies as part of their function, for example when reading a web page, the page is copied or cached.

Piracy and the big media companies

The big media companies seem to refuse to believe that falling sales are anything to do with natural market cycles, or changes in society, or to accept that just possibly their own reactionary business practices — diminishing interest in developing new artists, reliance on a few guaranteed high return headliners and re-selling old back catalogue as re-mastered on new media — have caused loss of interest. Instead, they say, it has to be piracy that’s bleeding the life blood out of the already moribund industry. Around eight years ago music industry analysts noticed increasingly sharp drop off’s in sales, following the release of a new CD. In the nineties, second week sales would typically fall by less than 25 per cent. In 2002, second week sales were dropping by over 40 per cent. The music industry took this as a clear sign that small scale piracy — people making copy CDs for their friends — was responsible. This is despite the fact that the same argument — that sales of vinyl LPs were suffering because people were copying them to tape — had been used to raise an indiscriminate blanket tax on blank cassette tapes, back in the 1970s at a time when the music industry was experiencing rapid growth. In India it seems the cassette tape actually created a booming market for pop music.

As we reported in a previous feature (February 2007 issue) on peer-to-peer technology, it has been suggested that DRM should be abandoned and a similar tax or rather levy (to be accurate, a tax is imposed by government, while an industry administered surcharge is more properly called a levy) be placed on broadband connections and recordable CDs, DVDs and BDs. As with many such taxes, or levies, this might be seen as unfair to those who do not indulge in the taxed behavior.

What's wrong with DRM?

If DRM was always completely transparent to the end user, was not intrusive, protected copyright in a fashion that all agreed was fair and did not add cost to media hardware, perhaps no-one would find it objectionable. Various media companies have already applied almost draconian measures

A further problem with DRM is that of interoperability, that agreeing on and using a standard form of DRM is not always in the media companies interest. For example, this is true of Apple iTunes because of Apple’s agreements with the content providers that iTunes downloads should not be easy to copy.

Some music download sites use license validation servers which validate a user’s right to play tracks they have downloaded. There have been several recent examples of music download sites closing down with the result that many users are left with tracks they have paid for but can no longer play because the validation servers are no longer available.

DRM adds complexity and expense to products that implement it. Although adding encryption to individual protected copies costs little, after all a necessary requirement from the replicators and copyright holders, it does affect both hardware, in the form of media players and software in the form of operating systems. A considerable amount of Microsoft’s development effort for the Vista OS went in to implementing DRM to the big media companies’ satisfaction. Vista incorporates what Microsoft calls a Protected Environment (PE) to protect High Definition content. This creates a corridor through the operating system called a Protected Media Path (PMP), which, in theory, cannot be broken into. Device bus communications (which are accessible to users) associated with this process, are encrypted.

DRM has a negative effect on open source development, particularly on projects that are dedicated to pure open source, because all DRM involves proprietary methods and code. At present, playing protected Blu-ray content on a Linux box requires use of a device or player key, none of which have been issued for open source software players. However the keys for the X Box 360 and all of the popular Windows software players are now public knowledge and can be used by Linux players.

Open source opponents of DRM are often the most rabid. The Free Software Foundation (FSF) runs ‘Defective by Design’ campaigns and recently launched such an attack on Apple because the new MacBooks incorporate Apple’s Display Port connector, which includes the use of the optional Display Port Content Protection. Mac owners connecting an older Apple Cinema Display to view an iTunes movie will see an ‘unauthorized display’ message.

Perhaps the biggest disadvantage of DRM to the media companies that implement it is the alienation of customers and the bad publicity it has so far caused.

DRM in action

The exact form of DRM used depends on the media format and even on the distribution method. Music distribution is moving towards compressed audio file download over the internet, although audio CDs still form a large part of sales. Movies are still mainly sold on disk, either DVD or Blu-ray, and broadcast video is 40 DIGIT JANUARY 2009 www.thinkdigit.com Digital Passion l Main Story America passed the Digital Millennium Copyright Act (DMCA), an act that apparently criminalizes the circumvention of DRM protection, even when there is no infringement of copyright itself. In 2001, the European Parliament passed the European Union Copyright Directive, which addresses some of the concerns of the US DMCA, but leaves one of its principle issues, that of limiting the liability of ISPs to prosecution, to the separate Electronic Commerce Directive. The original form of the DMCA, which illustrates just how convoluted such things can become, appeared to make cryptographic research illegal. In 2006, the Indian Copyright office posted proposals to amend the Copyright Act of 1957 (last amended in 1999) on its website. One of the proposed amendments seeks to introduce the issue of Digital Rights Management (DRM) into Indian copyright law along the lines of the DMCA. All of these methods of protection are primarily passive and defensive. Digital technology has finally made it relatively easy for copyright holders to protect their property by active and offensive means. At their most extreme, these measures make it possible to automatically punish anyone who exceeds the limits of the copyright and may no longer adhere to legal, but to almost arbitrary limits, chosen at the whim of the copyright holder and further, to analyses, manipulate and control its customer base. A further difficulty for the international media companies is that copyright law varies from country to country. In some countries it is perfectly legal to make multiple copies ‘for personal use’. The term ‘fair use’, it seems, is often mis-quoted; in the US it refers to the right to quote short exerts of a copyrighted work for the purposes of commentary, criticism, news reporting, research and other similar purposes. The Digital Millennium Copyright Act (DMCA) has actually reduced the scope of ‘fair use’. Prosecution of the owners of web sites supporting peer-to-peer networks offering access to illegal music downloads is hampered by the imprecision of current copyright law. Peer-to-peer technology itself is not illegal and the argument centers around whether simply making copyright material available, in a way that makes it easy to copy, can be deemed an illegal act. This has led in some cases to big media making highly publicized prosecutions of individuals they suspect of having made large numbers of illegal downloads. The arguments over copyright oscillate between two extremes: making any copies of any kind of a copyright work is an infringement of copyright, or — copying of a copyright work by an individual who has paid for a copy, into different formats in order that that individual may make use of the work, is reasonable and permissible. The problem with the first position is that digital technologies routinely make copies as part of their function, for example when reading a web page, the page is copied or cached. Piracy and the big media companies The big media companies seem to refuse to believe that falling sales are anything to do with natural market cycles, or changes in society, or to accept that just possibly their own reactionary business practices — diminishing interest in developing new artists, reliance on a few guaranteed high return headliners and re-selling old back catalogue as re-mastered on new media — have caused loss of interest. Instead, they say, it has to be piracy that’s bleeding the life blood out of the already moribund industry. Around eight years ago music industry analysts noticed increasingly sharp drop off’s in sales, following the release of a new CD. In the nineties, second week sales would typically fall by less than 25 per cent. In 2002, second week sales were dropping by over 40 per cent. The music industry took this as a clear sign that small scale piracy — people making copy CDs for their friends — was responsible. This is despite the fact that the same argument — that sales of vinyl LPs were suffering because people were copying them to tape — had been used to raise an indiscriminate blanket tax on blank cassette tapes, back in the 1970s at a time when the music industry was experiencing rapid growth. In India it seems the cassette tape actually created a booming market for pop music. As we reported in a previous feature (February 2007 issue) on peer-to-peer technology, it has been suggested that DRM should be abandoned and a similar tax or rather levy (to be accurate, a tax is imposed by government, while an industry administered surcharge is more properly called a levy) be placed on broadband connections and recordable CDs, DVDs and BDs. As with many such taxes, or levies, this might be seen as unfair to those who do not indulge in the taxed behavior. What's wrong with DRM? If DRM was always completely transparent to the end user, was not intrusive, protected copyright in a fashion that all agreed was fair and did not add cost to media hardware, perhaps no-one would find it objectionable. Various media companies have already applied almost draconian measures A further problem with DRM is that of interoperability, that agreeing on and using a standard form of DRM is not always in the media companies interest. For example, this is true of Apple iTunes because of Apple’s agreements distributed via terrestrial transmission, satellite or cable. Video is appearing on the internet, but for high quality video download or streaming to become a viable reality, a huge increase in bandwidth and capacity will be required. ISPs are already complaining that streaming services, such as the BBCs iPlayer, are causing network congestion.

It has been said that, despite trumpeting the high quality of CD Audio when it was first introduced, some elements of the music business always felt nervous about providing the public with studio quality recordings that could be copied digitally with absolutely no loss in quality.

Music downloads – Apple iTunes

Apples iTunes is one of the most well-known and arguably most successful, of the digital music download sites. It exists mainly to act as the service site for the various versions of Apple’s portable music player devices, such as the iPod and iPhone. iTunes client software is bundled with every iPod sold. Apple iTunes uses the Advanced Audio Coding (AAC) format for its downloadable audio files. AAC is a lossy compression format intended as the successor to MP3, that has been standardized by ISO and IEC, as part of the MPEG-2 & MPEG-4 specifications. The MPEG-2 standard contains several audio coding methods, including the MP3 coding scheme. Apple iTunes is an application designed to run on an internet-connected PC running either MS Windows or an Apple Mac OS (note there is no version for Linux, although it can be hacked). Apple uses a version of AAC that includes its proprietary DRM extensions it calls FairPlay. This puts iTunes subscribers in the peculiar position of downloading AAC files, with FairPlay DRM extensions, which will only play on their registered version of iTunes on their computer, on an iPod or on an iTunes capable phone. However it is possible to burn the AAC files to a CD-R as MP3 files. The FairPlay DRM is lost during the process, so the MP3 files will play on any MP3 player. This means that anyone with even minimal computer skills can bypass the Apple iTunes implementation of DRM, admittedly with some possible loss in quality.

Apple adopted FairPlay in order to convince its content providers, the record companies that own the mechanical copyrights to the music recordings, that the revenue stream would be protected and that iTunes would not simply expose music tracks to wholesale copying. Comments made by Steve Jobs indicate that Apple would happily drop FairPlay, or any form of DRM, if the record companies would agree. So far Apple has had to put a fair amount of effort into protecting FairPlay just to keep its content providers, the record companies, happy. Other music download companies, such as Real Networks, have made attempts to sell music files from their sites that will play on the iPod and other Apple devices, in effect files containing cracks of the FairPlay system. Apple has taken action against this, because if it doesn’t it could upset its content providers and find itself open to prosecution by the Recording Industry Association of America (RIAA).

Despite all this, in April of 2007, EMI announced it would be dropping DRM for its online music sold through iTunes and Apple has quite recently started offering some files for download, albeit at a higher price, that have no DRM protection.

DVDs and CSS

The DRM system used for DVDs is called the Content Scrambling System (CSS). Introduced around 1996, it uses a relatively weak, proprietary 40-bit stream cipher algorithm. The weakness of the cipher is due, in part, to the US government regulations in place at the time the scheme was drafted, which prohibited the export of cryptographic systems using keys greater than 40 bits in length. A further structural weakness in the CSS encryption algorithm reduced the effective key length to only 16 bits, making it very easy to break. In fact this cipher was broken fairly early on and many programs are available for download that will strip out the encryption and produce a disk image for burning a copy.

All DVD players or drives include a CSS decryption module and the lead-in areas of all protected commercial DVD disks contain some encryption keys. These keys are stripped inside the drive during playback so a byte-for-byte copy made of the data stream output from a drive playing a commercial protected disk will not play back because the encryption keys aren't reproduced. All the CSS DRM is capable of doing is to provide weak protection against people copying commercial movies.

DRM & Audio CDs

In 2005, the Sony Bertelsmann Music Group (Sony BMG) included a content protection plan on its music CDs that was intended to stop consumers from using a computer fitted with a CD writer from copying Sony BMG music CDs. This caused something of a stink because, not only did the Sony BMG content protection involve planting rootkit code deep inside a PC’s operating system, but it opened up a vulnerability that could be exploited by malware writers. Eventually, under pressure from various lawsuits, Sony BMG was forced to recall all the affected titles. In Europe in 2002, BMG had already caused an uproar by releasing copy protected titles that did not even carry a label stating that the CD incorporated copy protection.

Sony BMG employed two types of content protection software: Extended Copy Protection (XCP) and MediaMax CD-3. 52 titles were released with XCP and 50 titles were released with MediaMax. When a PC running a Windows operating system attempted to play one of these titles the Sony BMG software was triggered and would display a EULA message offering the user the option to install a custom Sony BMG player. Apparently the XCP software would install what came to be known as rootkit software, even before the EULA message was displayed.

Other criticisms of the Sony BMG software were that it ran as a constant background task, consuming system resources, it had no uninstall and could not be easily removed and that it caused instabilities leading to 'blue screen' crashes. Although Sony BMG did eventually release a supposed removal program, this software was ineffective and actually made things worse. These are the kind of problems that have led to all content protection and DRM getting a bad name.

In August 2000, in describing how serious Sony was about the copying issue, Sony Pictures Entertainment US senior VP Steve Heckler, told attendees at the Americas Conference on Information Systems. “The industry will take whatever steps it needs to protect itself and protect its revenue streams ... It will not lose that revenue stream, no matter what ... Sony is going to take aggressive steps to stop this. We will develop technology that transcends the individual user. We will firewall Napster at source — we will block it at your cable company. We will block it at your phone company. We will block it at your ISP. We will firewall it at your PC ... These strategies are being aggressively pursued because there is simply too much at stake.”

Another, perhaps rather revealing comment, reportedly made by Peter Lee, an executive at Disney, was “If consumers even know there are a DRM, what it is, and how it works, we’ve already failed,”.

Sony BMG was not the only record label to release copy protected CDs. For example, Reprise Records, a Time Warner company, issued copy protected CDs.

Blu-ray, Advanced Access Content System (AACS) and HDCP

In theory and to the casual user, HDCP's combination of protected hardware links with encryption handshakes makes it impossible to copy. However the system can be attacked in two ways, either using a stripper box to extract the raw decoded signal, or by physically accessing the encoded data and decrypting it in software. A stripper box consists of some HDMI connectors wired to a circuit containing an HDCP decoder chip, something like the Silicon Image HD Fury chip. The problem with this method is that the particular box used can be remotely disabled by the key revocation tables issued on new media by the content providers. Decryption of the signal is not as difficult as it might have been because the economic burden of building really strong encryption into the hardware was felt by the hardware manufacturers to be too high.

Blu-ray disks and players use Advanced Access Content System (AACS) encryption; however as of August 2008 all current AACS decryption keys are available on the internet. BD+ and BD-ROM Mark are other encryption schemes that may be applied to Blu-ray and are tougher to crack than AACS.

Applications software

It's perhaps overlooked, but most commercial applications software has increasingly restrictive DRM based on a challenge and response scheme. Installation requires entering a serial number that ships with the product. This generates a further code which must be exchanged with the software vendor, either over the internet, or by phone, for a final unlock key. The installations are usually locked in to the PC the software is installed on and the maximum number of installs without further permission from the manufacturer is often limited. This system allows the software vendor to gather certain information about its customers.

Software End User License Agreements (EULAs) often state that you, as the end user, don't even own the physical software copy and documentation, but have only purchased a license to use the software within the very narrow limits of the EULA, which the manufacturer and copyright owner may decide to revoke at any time. The final insult is that most software manufacturers include a clause in the EULA which says that they do not guarantee their products to work and that they accept no responsibility for any negative consequences that may result from its use.

In conclusion

It’s an accepted fact that rarity increases the worth of almost anything. If something is easily copied it is often regarded as being of low value. Also it seems that the ease with which something may be copied is directly related to the respect with which copyright is treated. Because digital assets, in particularly at the moment music tracks, are easy to copy, it has lead to music in general being devalued. Amazingly, many younger people seem to believe that music recordings should be free. What they do not seem to realize is that musicians, like everyone else, have to make a living. The eventual result of placing no value, or even a very low value, on music, or any other art form that can be recorded and copied, is that soon few will bother to make it. There will be no more, or at least very little, new music.

So despite their inconveniences, there is an argument for effective forms of DRM and the inconveniences of the current forms of DRM may well be short term. For example, at the moment PC owners, depending on the age of their machines, may need to update more components than just an optical drive to be able to play Blu-ray disks, purely because of High Definition Content Protection. As this technology finds its way onto the market and into new PCs this problem will go away.