Digital Rights Management

Introduction



DRM technologies attempt to control use of digital media by preventing access, copying or conversion to other formats by end users. Long before the arrival of digital or even electronic media, copyright holders, content producers, or other financially or artistically interested parties had business and legal objections to copying technologies. Examples include: player piano rolls early in the 20th century, audio tape recording, and video tape recording (e.g. the "Betamax case" in the U.S.). Copying technology thus exemplifies a disruptive technology.



The advent of digital media and analog/digital conversion technologies, especially those that are usable on mass-market general-purpose personal computers, has vastly increased the concerns of copyright-dependent individuals and organizations, especially within the music and movie industries, because these individuals and organizations are partly or wholly depe ndent on the revenue generated from such works. While analog media inevitably loses quality with each copy generation, and in some cases even during normal use, digital media files may be duplicated an unlimited number of times with no degradation in the quality of subsequent copies. The advent of personal computers as household appliances has made it convenient for consumers to convert media (which may or may not be copyrighted) originally in a physical/analog form or a broadcast form into a universal, digital form (this process is called ripping) for location- or timeshifting. This, combined with the Internet and popular file sharing tools, has made unauthorized distribution of copies of copyrighted digital media (so-called digital piracy) much easier.



Although technical controls on the reproduction and use of software have been intermittently used since the 1970s, the term 'DRM' has come to primarily mean the use of these measures to control art istic or literary content.[citation needed] DRM technologies have enabled publishers to enforce access policies that not only disallow copyright infringements, but also prevent lawful fair use of copyrighted works, or even implement use constraints on non-copyrighted works that they distribute; examples include the placement of DRM on certain public-domain or open-licensed e-books, or DRM included in consumer electronic devices that time-shift (and apply DRM to) both copyrighted and non-copyrighted works.



DRM is most commonly used by the entertainment industry (e.g. film and recording). Many online music stores, such as Apple's iTunes Store, as well as many e-book publishers, have imposed DRM on their customers. In recent years, a number of television producers have imposed DRM mandates on consumer electronic devices, to control access to the freely-broadcast content of their shows, in connection with the popularity of time-shifting digital video r ecorder systems such as TiVo.



Technologies



DRM and film



An early example of a DRM system was the Content Scrambling System (CSS) employed by the DVD Forum on film DVDs since ca. 1996. CSS used a simple encryption algorithm, and required device manufacturers to sign license agreements that restricted the inclusion of features, such as digital outputs that could be used to extract high-quality digital copies of the film, in their players. Thus, the only consumer hardware capable of decoding DVD films was controlled, albeit indirectly, by the DVD Forum, restricting the use of DVD media on other systems until the release of DeCSS by Jon Lech Johansen in 1999, which allowed a CSS-encrypted DVD to play properly on a computer using Linux, for which the Alliance had not arranged a licensed version of the CSS playing software.



Microsoft's Windows Vista contains a DRM system c alled the Protected Media Path, which contains the Protected Video Path (PVP). PVP tries to stop DRM-restricted content from playing while unsigned software is running in order to prevent the unsigned software from accessing the content. Additionally, PVP can encrypt information during transmission to the monitor or the graphics card, which makes it more difficult to make unauthorized recordings.



Advanced Access Content System (AACS) is a DRM system for HD DVD and Blu-Ray Discs developed by the AACS Licensing Administrator, LLC (AACS LA), a consortium that includes Disney, Intel, Microsoft, Matsushita (Panasonic), Warner Brothers, IBM, Toshiba and Sony. In December 2006 a process key was published on the internet by hackers, enabling unrestricted access to AACS-restricted HD DVD content. After the cracked keys were revoked, further cracked keys were released.



DRM and television



The CableCard st andard is used by cable television providers in the United States to restrict content to services to which the customer has subscribed.



The broadcast flag concept was developed by Fox Broadcasting in 2001 and was supported by the MPAA and the FCC. A ruling in May 2005 by a US Court of Appeals held that the FCC lacked authority to impose it on the TV industry in the US. It required that all HDTVs obey a stream specification determining whether or not a stream can be recorded. This could block instances of fair use, such as time-shifting. It achieved more success elsewhere when it was adopted by the Digital Video Broadcasting Project (DVB), a consortium of about 250 broadcasters, manufactures, network operators, software developers, and regulatory bodies from about 35 countries involved in attempting to develop new digital TV standards.



An updated variant of the broadcast flag has been developed in the Content Protection an d Copy Management (DVB-CPCM). It was developed in private, and the technical specification was submitted to European governments in March 2007. As with much DRM, the CPCM system is intended to control use of copyrighted material by the end-user, at the direction of the copyright holder. According to Ren Bucholz of the EFF, which paid to be a member of the consortium, "You won't even know ahead of time whether and how you will be able to record and make use of particular programs or devices". The DVB supports the system as it will harmonize copyright holders' control across different technologies and so make things easier for end users. The CPCM system is expected to be submitted to the European Telecommunications Standards Institute in 2008.



DRM and music



Audio CDs



Discs with digital rights management schemes are not legitimately standards-compliant Compact Discs (CDs) but are rather CD-ROM me dia. Therefore they all lack the CD logotype found on discs which follow the standard (known as Red Book). Therefore these CDs could not be played on all CD players. Many consumers could also no longer play purchased CDs on their computers. PCs running Microsoft Windows would sometimes even crash when attempting to play the CDs.



In 2002, Bertelsmann (comprising BMG, Arista, and RCA) was the first corporation to use DRM on audio CDs.[citation needed] In 2005, Sony BMG introduced new DRM technology which installed DRM software on users' computers without clearly notifying the user or requiring confirmation. Among other things, the installed software included a rootkit, which created a severe security vulnerability others could exploit. When the nature of the DRM involved was made public much later, Sony initially minimized the significance of the vulnerabilities its software had created, but was eventually compelled to recall millions of CDs, and rel eased several attempts to patch the surreptitiously included software to at least remove the rootkit. Several class action lawsuits were filed, which were ultimately settled by agreements to provide affected consumers with a cash payout or album downloads free of DRM.



Sony's DRM software actually had only a limited ability to prevent copying, as it affected only playback on Windows computers, not on other equipment. Even on the Windows platform, users regularly bypassed the restrictions. And, while the Sony DRM technology created fundamental vulnerabilities in customers' computers, parts of it could be trivially bypassed by holding down the "shift" key while inserting the CD, or by disabling the autorun feature. In addition, audio tracks could simply be played and re-recorded, thus completely bypassing all of the DRM (this is known as the analog hole). Sony's first two attempts at releasing a patch which would remove the DRM software from users' co mputers failed.



In January 2007, EMI stopped publishing audio CDs with DRM, stating that "the costs of DRM do not measure up to the results." Following EMI, Sony BMG was the last publisher to abolish DRM completely, and audio CDs containing DRM are no longer released by the four record labels.



Internet music



Many online music stores employ DRM to restrict usage of music purchased and downloaded online. There are many options for consumers wishing to purchase digital music over the internet:



The iTunes Store, run by Apple Inc., allows users to purchase a track online for $0.99 US. The tracks purchased use Apple's FairPlay DRM system. Apple later launched iTunes Plus, which offered higher quality DRM-free tracks for a higher price. On October 17, 2007, iTunes Plus became available at the usual $0.99 price, replacing the non-Plus tracks. On January 6, 2009 Apple announce d at its Macworld Expo keynote that iTunes music would be available completely DRM free by the end of the month. Videos sold and rented through iTunes, as well as mobile software sold through the iTunes App Store for the iPhone and iPod touch, continue to use Apple's FairPlay DRM to inhibit casual copying.



Napster music store, which offers a subscription-based approach to DRM alongside permanent purchases. Users of the subscription service can download and stream an unlimited amount of music transcoded to Windows Media Audio (WMA) while subscribed to the service. But when the subscription period lapses, all of the downloaded music is unplayable until the user renews his or her subscription. Napster also charges users who wish to use the music on their portable device an additional $5 per month. In addition, Napster gives users the option of paying an additional $0.99 per track to burn it to CD or for the song to never expire. Music bought through N apster can be played on players carrying the Microsoft PlaysForSure logo (which, notably, do not include iPods or even Microsoft's own Zune). As of June 2009 Napster is giving DRM free MP3 music, which can be played on iPhones and iPods.



Wal-Mart Music Downloads, another online music download store, charges $0.94 per track for all non-sale downloads. All Wal-Mart, Music Downloads are able to be played on any Windows PlaysForSure marked product. The music does play on the SanDisk's Sansa mp3 player, for example, but must be copied to the player's internal memory. It cannot be played through the player's microSD card slot, which is a problem that many users of the mp3 player experience.



Sony operated an online music download service called "Connect" which used Sony's proprietary OpenMG DRM technology. Music downloaded from this store (usually via Sony's SonicStage software) was only playable on computers running Windows and Sony hardware (including the PSP and some Sony Ericsson phones).



Kazaa is one of a few services offering a subscription-based pricing model. However, music downloads from the Kazaa website are DRM-protected, and can only be played on computers or portable devices running Windows Media Player, and only as long as the customer remains subscribed to Kazaa.



The various services are currently not interoperable, though those that use the same DRM system (for instance the several Windows Media DRM format stores, including Napster, Kazaa and Yahoo Music) all provide songs that can be played side-by-side through the same player program. Almost all stores require client software of some sort to be downloaded, and some also need plug-ins. Several colleges and universities, such as Rensselaer Polytechnic Institute, have made arrangements with assorted Internet music suppliers to provide access (typically DRM-restricted) to music fil es for their students, to less than universal popularity, sometimes making payments from student activity fee funds. One of the problems is that the music becomes unplayable after leaving school unless the student continues to pay individually. Another is that few of these vendors are compatible with the most common portable music player, the Apple iPod. The Gowers Review of Intellectual Property (to HMG in the UK; 141 pages, 40+ specific recommendations) has taken note of the incompatibilities, and suggests (Recommendations 812) that there be explicit fair dealing exceptions to copyright allowing libraries to copy and format-shift between DRM schemes, and further allowing end users to do the same privately. If adopted, some of the acrimony may decrease.



Although DRM is prevalent for Internet music, some online music stores such as eMusic, Dogmazic, Amazon, and Beatport, do not use DRM despite encouraging users to avoid sharing music. Another onlin e retailer, Xiie.net, which sells only unsigned artists, encourages people to share the music they buy from the site, to increase exposure for the artists themselves. Major labels have begun releasing more online music without DRM. Eric Bangeman suggests in Ars Technica that this is because the record labels are "slowly beginning to realize that they can't have DRMed music and complete control over the online music market at the same time... One way to break the cycle is to sell music that is playable on any digital audio player. eMusic does exactly that, and their surprisingly extensive catalog of non-DRMed music has vaulted it into the number two online music store position behind the iTunes Store." Apple's Steve Jobs has called on the music industry to eliminate DRM in an open letter titled Thoughts on Music. Apple's iTunes store will start to sell DRM-free 256 kbit/s (up from 128 kbit/s) AAC encoded music from EMI for a premium price (this has since reverted to the stand ard price). In March 2007, Musicload.de, one of Europe's largest online music retailers, announced their position strongly against DRM. In an open letter, Musicload stated that three out of every four calls to their customer support phone service are as a result of consumer frustration with DRM.



Computer games



Computer games sometimes use DRM technologies to limit the number of systems the game can be installed on by requiring authentication with an online server. Most games with this restriction allow three or five installs, although some allow an installation to be 'recovered' when the game is uninstalled. This not only limits users who have more than three or five computers in their homes (seeing as the rights of the software developers allow them to limit the number of installations), but can also prove to be a problem if the user has to unexpectedly perform certain tasks like upgrading operating systems or reformatt ing the computer's hard drive, tasks which, depending on how the DRM is implemented, count a game's subsequent reinstall as a new installation, making the game potentially unusable after a certain period even if it is only used on a single computer.



One of the earliest prominent uses of online-based DRM technology in a AAA title was the result of Valve's decision to bind Half-Life 2 to the Steam platform. This was met with considerable protest from the gaming community and a number of legal challenges were submitted, including consumer groups. In some cases, retail houses were required to attach labels to the front of the game's cases clearly stating that an Internet connection was required to activate the game.[citation needed]



In mid-2008, the publication of Mass Effect marked the start of a wave of titles primarily making use of SecuROM and Steam for DRM and requiring authentication via an online server. The use of DRM scheme in 2008's Spore backfired and there were considerable protest, resulting in a considerable number of users seeking a pirated version instead. This backlash against SecuROM was a significant factor in Spore becoming the most pirated game in 2008.



Many mainstream publishers continued to rely on online-based DRM throughout the later half of 2008 and early 2009, including Electronic Arts, Ubisoft and Atari. Ubisoft broke with the tendency to use online DRM in late 2008 with the release of Prince of Persia as an experiment to "see how truthful people really are" regarding the claim that DRM was inciting people to use pirated copies. Although Ubisoft has not commented on the results of the 'experiment', the majority of their subsequent titles in 2009 contained no online-based DRM since the release of Prince of Persia - notable examples being Anno 1404 and James Cameron's Avatar: The Game making use of the online version of the TAGES copy protecti on system. An official patch has since been released stripping Anno 1404 of the DRM. Electronic Arts followed suit in June 2009 with The Sims 3, with subsequent EA and EA Sports titles also being devoid of online DRM.



Some most prominent cases making use of online DRM technology SecuROM include Spore, BioShock, Mass Effect and Gears Of War.



E-books



Electronic books read on a personal computer or an e-book reader typically use DRM restrictions to limit copying, printing, and sharing of e-books. E-books are usually limited to a certain number of reading devices and some e-publishers prevent any copying or printing. Some commentators believe that DRM is something that makes E-book publishing complex.



Two of the most commonly used software programs to view e-books are Adobe Reader and Microsoft Reader. Each program uses a slightly different approach to DRM. The first vers ion of Adobe Acrobat e-book Reader to have encryption technologies was version 5.05. In the later version 6.0, the technologies of the PDF reader and the e-book reader were combined, allowing it to read both DRM-restricted and unrestricted files. After opening the file, the user is able to view the rights statement, which outlines actions available for the specific document. For example, for a freely transferred PDF, printing, copying to the clipboard, and other basic functions are available to the user. However, when viewing a more highly restricted e-book, the user is unable to print the book, copy or paste selections. The level of restriction is specified by the publisher or distribution agency.



Microsoft Reader, which exclusively reads e-books in a .lit format, contains its own DRM software. In Microsoft Reader there are three different levels of access control depending on the e-book: sealed e-books, inscribed e-books and owner exclusive e-boo ks. Sealed e-books have the least amount of restriction and only prevents the document from being modified. Therefore, the reader cannot alter the content of the book to change the ending, for instance. Inscribed e-books are the next level of restriction. After purchasing and downloading the e-book, Microsoft Reader puts a digital ID tag to identify the owner of the e-book. Therefore, this discourages distribution of the e-book because it is inscribed with the owner name making it possible to trace it back to the original copy that was distributed. Other e-book software uses similar DRM schemes. For example, Palm Digital Media, now known as Ereader, links the credit card information of the purchaser to the e-book copy in order to discourage distribution of the books.



The most stringent form of security that Microsoft Reader offers is called owner exclusive e-books, which uses traditional DRM technologies. To buy the e-book the consumer must first o pen Microsoft Reader, which ensures that when the book is downloaded it becomes linked to the computer Microsoft Passport account. Thus the e-book can only be opened with the computer with which it was downloaded, preventing copying and distribution of the text.



Amazon.com has remotely deleted purchased copies of George Orwell's 1984 and Animal Farm from customer's Amazon Kindles. Commenters have widely described these actions as Orwellian, and have alluded to Big Brother from Orwell's 1984. After an apology from Amazon CEO Jeff Bezos, the Free Software Foundation has written that this is just one more example of the excessive power Amazon has to remotely censor what people read through its software, and called upon Amazon to free its e-book reader and drop DRM.



DRM and documents



Enterprise digital rights management (E-DRM or ERM) is the application of DRM technology to the control of access to corporate documents such as Microsoft Word, PDF, and AutoCAD files, emails, and intranet web pages rather than to the control of consumer media. E-DRM, now more commonly referenced as IRM (Information Rights Management), is generally intended to prevent the unauthorized use (such as industrial or corporate espionage or inadvertent release) of proprietary documents. IRM typically integrates with content management system software.



DRM has been used by organizations such as the British Library in its secure electronic delivery service to permit worldwide access to substantial numbers of rare (and in many cases unique) documents which, for legal reasons, were previously only available to authorized individuals actually visiting the Library's document centre at Boston Spa in England.[citation needed]



Watermarks



Digital watermarks are unobtrusive features of media that are added during production or distribution. Digital watermarks involve data that is arguably steganographically embedded within the audio or video data.



Watermarks can be used for different purposes that may include:



for recording the copyright owner



for recording the distributor



for recording the distribution chain



for identifying the purchaser of the music



Watermarks are not complete DRM mechanisms in their own right, but are used as part of a system for Digital Rights Management, such as helping provide prosecution evidence for purely legal avenues of rights management, rather than direct technological restriction. Some programs used to edit video and/or audio may distort, delete, or otherwise interfere with watermarks. Signal/modulator-carrier chromatography may also separate watermarks from original audio or detect them as glitches. Use of third party media players and other advanced programs render watermarking useless. Additionally, comparison of two separately obtained copies of audio using simple, home-grown algorithms can often reveal watermarks. New methods of detection are currently under investigation by both industry and non-industry researchers.



Metadata



Sometimes, metadata is included in purchased music w hich records information such as the purchaser's name, account information, or email address. This information is not embedded in the played audio or video data, like a watermark, but is kept separate, but within the file or stream.



As an example, metadata is used in media purchased from Apple's iTunes Store for DRM-free as well as DRM-restricted versions of their music or videos. This information is included as MPEG standard metadata.



Table of DRM technologies and associated devices



Name



Used In



Date of Use



Description



DRM Schemes Currently in Use



Personal computer DRM



Windows Media DRM



Many Online Video Distribution Networks



1999+



WMV DRM is designed to provide secure delivery of audio and/or video content over an IP network to a PC or other playback device in such a way that the distributor can control how that content is used.



FairPlay



The iTunes Store, iPod



2003+



Purchased music files were encoded as AAC, then encrypted with an additional format that renders the file exclusively compatible with iTunes and the iPod. On January 6 2009, Apple announced that the iTunes Store would begin offering all songs DRM-free.



Helix & Harmony



Real Networks services



2003+



A DRM system from Real Networks intended to be interoperable with other DRM schemes, particularly FairPlay. Ultimately used only by Real Networks.



Orion/EasyLicenser



Enterprise, business, networking , financial, telecom and consumer applications



2003+



Restriction for applications written in Java, .Net or C/C++ on Windows, Linux, Solaris and Mac



Excel Software



Business, educational, government and consumer applications



2006+



Protection for Mac and Windows applications, plugins, DLLs, multimedia and documents with manual and automated activation, trial and perpetual licenses, software subscriptions, floating and dynamic licenses, network floating licenses and user friendly license release, restore, suspend and automated feature delivery.



Adobe Protected Streaming



Flash Video/Audio Streaming



2006+



The Media-Streams are encrypted "on the fly" by the Flash Media Server (the protocol used is rtmpe or rtmps). I n addition the client player can be verified via "SWF-Verification", to make sure that only the official client can be used.



PlayReady



Computers, Mobile and Portable Devices



2007+



PlayReady is designed to encrypt WMA, WMV, AAC, AAC+, enhanced AAC+, and H.263 and H.264 codecs files. PlayReady is actually a new version of Windows Media DRM for Silverlight. Silverlight 2-based online content can be restricted using PlayReady and played back via the Silverlight plug-in. PlayReady is promoted by Microsoft



Portable device DRM



Janus WMA DRM



All PlaysForSure Devices



2004+



Janus is the codename for a portable version of Windows Media DRM intended portable devices.



OMA DRM



Implemented in over 550 phone models.



2004+



A DRM system invented by the Open Mobile Alliance to control copying of cell phone ring tones. Also used to control access to media files, such as video.



Storage media DRM



VHS Macrovision



Almost all VHS Video through the end of the 20th Century



1984+



When dubbing a Macrovision-encoded tape, a video stream which has passed through the recording VCR will become dark and then normal again periodically, degrading quality. The picture may also become unstable when darkest.



Content-scrambling system (CSS)



Some DVD Discs



1996+



CSS utilizes a weak, 40-bit stream cipher to actively encrypt DVD-Video.



DVD Region Code



Some DVD Discs



1996+



Many DVD-Video discs contain one or more region codes, marking those area[s] of the world in which playback is permitted. This restriction enforces artificial market segmentation.



ARccOS Protection



Some DVD Discs



1997?



Adds corrupt data sectors to the DVD, preventing computer software implementing computer standards from successfully reading the media. DVD players execute the on-disk program which skips the (corrupt) ARccOS sectors.



OpenMG



ATRAC audio devices (e.g., MiniDisc players), Memory Stick based audio players, AnyMusic distribution service



1999+



A proprietary DRM system invented and promoted by Sony.



BD+



Blu-ray Discs


2005+



A virtual machine embedded in authorized Blu-ray players that runs a security check on the playback environment to ensure that it has not been compromised. It also performs necessary descrambling of the audio/video stream on discs, allowing the content to be rendered.



DRM Schemes no Longer in Use



Extended Copy Protection



Sony and BMG CDs



2005



Also known as the 'Sony Rootkit'. Although not classified as a virus by many anti-virus software producers, it bore many virus-like and trojan-like characteristics, rendering it illegal in some places and dangerous to infected computers in all. After it became publicly known, protests and litigation resulted in withdrawal by Sony. The US litigation was settled by payment by Sony.



Laws regarding DRM



D igital rights management systems have received some international legal backing by implementation of the 1996 WIPO Copyright Treaty (WCT). Article 11 of the Treaty requires nations party to the treaties to enact laws against DRM circumvention.



The WCT has been implemented in most member states of the World Intellectual Property Organization. The American implementation is the Digital Millennium Copyright Act (DMCA), while in Europe the treaty has been implemented by the 2001 European directive on copyright, which requires member states of the European Union to implement legal protections for technological prevention measures. In 2006[update], the lower house of the French parliament adopted such legislation as part of the controversial DADVSI law, but added that protected DRM techniques should be made interoperable, a move which caused widespread controversy in the United States.



Digital Millennium Copyright Act

< br />


Main article: Digital Millennium Copyright Act



The Digital Millennium Copyright Act (DMCA) is an extension to United States copyright law passed unanimously on May 14, 1998, which criminalizes the production and dissemination of technology that allows users to circumvent technical copy-restriction methods. Under the Act, circumvention of a technological measure that effectively controls access to a work is illegal if done with the primary intent of violating the rights of copyright holders. (For a more detailed analysis of the statute, see WIPO Copyright and Performances and Phonograms Treaties Implementation Act.)



Reverse engineering of existing systems is expressly permitted under the Act under specific conditions. Under the reverse engineering safe harbor, circumvention necessary to achieve interoperability with other software is specifically authorized. See 17 U.S.C. Sec. 1201(f). Open-source softwa re to decrypt content scrambled with the Content Scrambling System and other encryption techniques presents an intractable problem with the application of the Act. Much depends on the intent of the actor. If the decryption is done for the purpose of achieving interoperability of open source operating systems with proprietary operating systems, the circumvention would be protected by Section 1201(f) the Act. Cf., Universal City Studios, Inc. v. Corley, 273 F.3d 429 (2d Cir. 2001) at notes 5 and 16. However, dissemination of such software for the purpose of violating or encouraging others to violate copyrights has been held illegal. See Universal City Studios, Inc. v. Reimerdes, 111 F. Supp. 2d 346 (S.D.N.Y. 2000).



On 22 May 2001, the European Union passed the EU Copyright Directive, an implementation of the 1996 WIPO Copyright Treaty that addressed many of the same issues as the DMCA.



The DMCA has been largely ineffective in protecting DRM systems,[citation needed] as software allowing users to circumvent DRM remains widely available. However, those who wish to preserve the DRM systems have attempted to use the Act to restrict the distribution and development of such software, as in the case of DeCSS.



Although the Act contains an exception for research, the exception is subject to vague qualifiers that do little to reassure researchers. Cf., 17 U.S.C. Sec. 1201(g). The DMCA has had an impact on cryptography, because many fear that cryptanalytic research may violate the DMCA. The arrest of Russian programmer Dmitry Sklyarov in 2001, for alleged infringement of the DMCA, was a highly publicized example of the law's use to prevent or penalize development of anti-DRM measures. Sklyarov was arrested in the United States after a presentation at DEF CON, and subsequently spent several months in jail. The DMCA has also been cited as chilling to non-criminal inclined users, such as students of cryptanalysis (including, in a well-known instance, Professor Felten and students at Princeton), and security consultants such as the Netherlands based Niels Ferguson, who has declined to publish information about vulnerabilities he discovered in an Intel secure-computing scheme because of his concern about being arrested under the DMCA when he travels to the US.



On 25 April 2007 the European Parliament supported the first directive of EU, which aims to harmonize criminal law in the member states. It adopted a first reading report on harmonizing the national measures for fighting copyright abuse. If the European Parliament and the Council approve the legislation, the submitted directive will oblige the member states to consider a crime a violation of international copyright committed with commercial purposes. The text suggests numerous measures: from fines to imprisonment, depending on the gravity of the offense.



The EP members supported the Commission motion, changing some of the texts. They excluded patent rights from the range of the directive and decided that the sanctions should apply only to offenses with commercial purposes. Copying for personal, non-commercial purposes was also excluded from the range of the directive.



International issues



In Europe, there are several ongoing dialog activities that are characterized by their consensus-building intention:



Workshop on Digital Rights Management of the World Wide Web Consortium (W3C), January 2001.



Participative preparation of the European Committee for Standardization/Information Society Standardisation System (CEN/ISSS) DRM Report, 2003 (finished).



DRM Workshops of Directorate-General for Information Society and Media (European Commission) (finished), and the work of the DRM worki ng groups (finished), as well as the work of the High Level Group on DRM (ongoing).



Consultation process of the European Commission, DG Internal Market, on the Communication COM(2004)261 by the European Commission on "Management of Copyright and Related Rights" (closed).



The INDICARE project is an ongoing dialogue on consumer acceptability of DRM solutions in Europe. It is an open and neutral platform for exchange of facts and opinions, mainly based on articles by authors from science and practice.



The AXMEDIS project is a European Commission Integrated Project of the FP6. The main goal of AXMEDIS is automating the content production, copy protection and distribution, reducing the related costs and supporting DRM at both B2B and B2C areas harmonising them.



The Gowers Review of Intellectual Property is the result of a commission by the British Government from Andrew G owers, undertaken in December 2005 and published in 2006, with recommendations regarding copyright term, exceptions, orphaned works, and copyright enforcement.



The European Community was expected to produce a recommendation on DRM in 2006, phasing out the use of levies (compensation to rights holders charged on media sales for lost revenue due to unauthorized copying) given the advances in DRM/TPM technology. However, opposition from the member states, particularly France, have now made it unlikely that the recommendation will be adopted.[citation needed]



Controversy



DRM opposition



A parody on the Home Taping Is Killing Music logo.



Many organizations, prominent individuals, and computer scientists are opposed to DRM. Two notable DRM critics are John Walker, as expressed for instance, in his article The Digital Imprimatur: How big brother an d big media can put the Internet genie back in the bottle, and Richard Stallman in his article The Right to Read and in other public statements: "DRM is an example of a malicious feature - a feature designed to hurt the user of the software, and therefore, it's something for which there can never be toleration". Professor Ross Anderson of Cambridge University heads a British organization which opposes DRM and similar efforts in the UK and elsewhere. Cory Doctorow, a prominent writer and technology blogger, spoke on the Microsoft campus criticizing the technology, the morality, and the marketing of DRM.



There have been numerous others who see DRM at a more fundamental level. TechMediums.com argues that DRM-free music allows for viral marketing, arguing that independent artists benefit from "free marketing" and can then focus on revenues from higher margin products like merchandise and concert ticket sales. This is similar to some of the ideas in Mic hael H. Goldhaber's presentation about "The Attention Economy and the Net" at a 1997 conference on the "Economics of Digital Information." (sample quote from the "Advice for the Transition" section of that presentation: "If you can't figure out how to afford it without charging, you may be doing something wrong.")



The Electronic Frontier Foundation and similar organizations such as FreeCulture.org also hold positions which are characterized as opposed to DRM.



The Foundation for a Free Information Infrastructure has criticized DRM's impact as a trade barrier from a free market perspective.



The final version of the GNU General Public License version 3, as released by the Free Software Foundation, has a provision that 'strips' DRM of its legal value, so people can break the DRM on GPL software without breaking laws like the DMCA. Also, in May 2006, the FSF launched a "Defective by Design" campaign against DRM.



Creative Commons provides licensing options encouraging the expansion of and building upon creative work without the use of DRM. In addition, the use of a Creative Commons-licensed work on a device which incorporates DRM is a breach of the Baseline Rights asserted by each license.



Bill Gates spoke about DRM at CES in 2006. According to him, DRM is not where it should be, and causes problems for legitimate consumers while trying to distinguish between legitimate and illegitimate users.



According to Steve Jobs, Apple opposes DRM music after a public letter calling its music labels to stop requiring DRM on its iTunes Store. As of January 6, 2009, the iTunes Store is DRM-free for songs. However, Apple considers DRM on video content as a separate issue and has not removed DRM from all of its video catalog.



Defective by Design member protesting DRM on May 25, 20 07.



As already noted, many DRM opponents consider "digital rights management" to be a misnomer. They argue that DRM manages rights (or access) the same way prison manages freedom and often refer to it as "digital restrictions management". Alternatively, ZDNet Executive Editor David Berlind suggests the term "Content Restriction, Annulment and Protection" or "CRAP" for short.



The Norwegian Consumer rights organization "Forbrukerrdet" complained to Apple Inc. in 2007 about the company's use of DRM in, and in conjunction with, its iPod and iTunes products. Apple was accused of restricting users' access to their music and videos in an unlawful way, and of using EULAs which conflict with Norwegian consumer legislation. The complaint was supported by consumers' ombudsmen in Sweden and Denmark, and is currently being reviewed in the EU. Similarly, the United States Federal Trade Commission is planning to hold hearings in March o f 2009 to review disclosure of DRM limitations to customers' use of media products.



The use of DRM may also be a barrier to future historians, since technologies designed to permit data to be read only on particular machines, or with particular keys, or for certain periods, may well make future data recovery impossible see Digital Revolution. This argument connects the issue of DRM with that of asset management and archive technology.[citation needed]



DRM opponents argue that the presence of DRM violates existing private property rights and restricts a range of heretofore normal and legal user activities. A DRM component would control a device a user owns (such as a Digital audio player) by restricting how it may act with regards to certain content, overriding some of the user's wishes (for example, preventing the user from burning a copyrighted song to CD as part of a compilation or a review). An example of this effect m ay be seen in Microsoft's Windows Vista operating system in which content is disabled or degraded depending on the DRM scheme's evaluation of whether the hardware and its use are 'secure'. All forms of DRM depend on the DRM enabled device (e.g., computer, DVD player, TV) imposing restrictions that (at least by intent) cannot be disabled or modified by the user. Key issues around digital rights management such the right to make personal copies, provisions for persons to lend copies to friends, provisions for service discontinuance, hardware agnosticism, contracts for public libraries, and customers protection against one-side amendments of the contract by the publisher have not been fully addressed.[citation needed] It has also been pointed out that it is entirely unclear whether owners of content with DRM are legally permitted to pass on their property as inheritance to another person.



Tools like FairUse4WM have been created to strip Windows Media of DRM restrictions.



Valve Corporation President Gabe Newell also stated "most DRM strategies are just dumb" because they only decrease the value of a game in the consumer's eyes. Newell's suggests pairing DRM with "[creating] greater value for customers through service value", and stopped short of repudiating Valve's DRM system, known as Steam. However, Mr. Newell's anti-DRM rhetoric flies in the face of Steam's own copy-protection strategy, which is actually a form of DRM.



"DRM-Free"



Due to the strong opposition that exists to DRM, many companies and artists have begun advertising their products as "DRM-Free".



Most notably, Apple began selling "DRM-Free" music through their iTunes store in April 2007. It was later revealed that the DRM-Free iTunes files were still embedded with each user's account information, a technique called Digital watermarking generally not re garded as DRM. In January 2009, iTunes began marketing all of their songs as "DRM-Free", however iTunes continues to use DRM on movies, TV shows, ringtones, and audiobooks.



Impossible task



The famous cryptographer and security guru Bruce Schneier has written about the futility of digital copy prevention and says it's an impossible task. He says "What the entertainment industry is trying to do is to use technology to contradict that natural law. They want a practical way to make copying hard enough to save their existing business. But they are doomed to fail." He has also described trying to make digital files uncopyable as being like "trying to make water not wet".



Both the Association for Computing Machinery and the Institute of Electrical and Electronics Engineers have historically opposed DRM, even going so far as to name AACS as a technology "most likely to fail" in an issue of IEEE Spectru m.



Shortcomings



Methods to bypass DRM



There are many methods to bypass DRM control on audio and video content.



One simple method to bypass DRM on audio files is to burn the content to an audio CD and then rip it into DRM-free files. This is only possible when the software that plays these DRM-restricted audio files allows CD-burning. Some software products simplify and automate this burn-rip process by allowing the user to burn music to a CD-RW disc or to a Virtual CD-R drive, then automatically ripping and encoding the music, and automatically repeating this process until all selected music has been converted, rather than forcing the user to do this one CD (7280 minutes worth of music) at a time.



Many software programs have been developed that intercept the data stream as it is decrypted out of the DRM-restricted file, and then use this da ta to construct a DRM-free file. These programs require a decryption key. Programs that do this for DVDs, HD DVDs, and Blu-ray Discs include universal decryption keys in the software itself. Programs that do this for TiVo ToGo recordings, iTunes audio, and PlaysForSure songs, however, rely on the user's own key that is, they can only process content that the user has legally acquired under his or her own account.



Another method is to use software to record the signals being sent through the audio or video cards, or to plug analog recording devices into the analog outputs of the media player. These techniques utilize the so-called "analog hole" (see below).



Analog hole



Main article: Analog hole



All forms of DRM for audio and visual material (excluding interactive materials, e.g. videogames) are subject to the analog hole, namely that in order for a viewer to play the m aterial, the digital signal must be turned into an analog signal containing light and/or sound for the viewer, and so available to be copied as no DRM is capable of controlling content in this form. In other words, a user could play a purchased audio file while using a separate program to record the sound back into the computer into a DRM-free file format.



All DRM to date can therefore be bypassed by recording this signal and digitally storing and distributing it in a non DRM limited form, by anyone who has the technical means of recording the analog stream. However the conversion from digital to analog and back is likely to force a loss of quality, particularly when using lossy digital formats. HDCP is an attempt to restrict the analog hole, although it is largely ineffective.



Asus released a soundcard which features a function called "Analog Loopback Transformation" to bypass the restrictions of DRM. This feature allows the user to record DRM-restricted audio via the soundcard's built-in analog I/O connection.



DRM on general computing platforms



Many of the DRM systems in use are designed to work on general purpose computing hardware, such as desktop PCs apparently because this equipment is felt to be a major contributor to revenue loss from disallowed copying. Large commercial copyright infringers ("pirates") avoid consumer equipment, so losses from such infringers will not be covered by such provisions.



It has been hypothesized that such schemes, especially software based ones, can never be wholly secure since the software must include all the information necessary to decrypt the content, such as the decryption keys. An attacker will be able to extract this information, directly decrypt and copy the content, which bypasses the restrictions imposed by a DRM system.



DRM on purpose-b uilt hardware



Many DRM schemes use encrypted media which requires purpose-built hardware to hear or see the content. This appears to ensure that only licensed users (those with the hardware) can access the content. It additionally tries to protect a secret decryption key from the users of the system.



While this in principle can work, it is extremely difficult to build the hardware to protect the secret key against a sufficiently determined adversary. Many such systems have failed in the field. Once the secret key is known, building a version of the hardware that performs no checks is often relatively straightforward. In addition user verification provisions are frequently subject to attack, pirate decryption being among the most frequented ones.



A common real-world example can be found in commercial direct broadcast satellite television systems such as DirecTV. The company uses tamper-resistant smart cards to store decryption keys so that they are hidden from the user and the satellite receiver. However, the system has been compromised in the past, and DirecTV has been forced to roll out periodic updates and replacements for its smart cards.



Watermarks



Watermarks can be removed, although degradation of video or audio can occur. In particular, lossy compression methods only retain perceptible features of an image, and if the watermarks are invisible, they are typically removed by compression systems as a side-effect.[citation needed]



Mass piracy failure



Mass piracy of hard copies does not necessarily need DRM to be decrypted or removed, as it can be achieved by bit-perfect copying of a legally obtained medium without accessing the decrypted content. Additionally, still-encrypted disk images can be distributed over the Internet and played on legitimately lice nsed players. Other copy protection methods, such as specific data layout on the medium, perform better in this area.[citation needed]



Obsolescence



When standards and formats change, it may be difficult to transfer DRM-restricted content to new media. Additionally, any system that requires contact with an authentication server is vulnerable to that server becoming unavailable, as happened in 2007 when videos purchased from Major League Baseball (mlb.com) prior to 2006 became unplayable due to a change to the servers that validate the licences.



Microsoft Zune - When Microsoft introduced their Zune media player in 2006, it did not support content that uses Microsoft's own PlaysForSure DRM scheme they had previously been selling. The EFF calls this "a raw deal".



MSN Music - In April 2008, Microsoft sent an email to former customers of the now-defunct MSN Music store: "As of August 31, 2008, we will no longer be able to support the retrieval of license keys for the songs you purchased from MSN Music or the authorization of additional computers. You will need to obtain a license key for each of your songs downloaded from MSN Music on any new computer, and you must do so before August 31, 2008. If you attempt to transfer your songs to additional computers after August 31, 2008, those songs will not successfully play."



However, to avoid a public relations disaster, Microsoft re-issued MSN Music shutdown statement on June 19th and allowed the users to use their licenses until the end of 2011: "After careful consideration, Microsoft has decided to continue to support the authorization of new computers and devices and delivery of new license keys for MSN Music customers through at least the end of 2011, after which we will evaluate how much this functionality is still being used and what steps should be taken next to sup port our customers. This means you will continue to be able to listen to your purchased music and transfer your music to new PCs and devices beyond the previously announced August 31, 2008 date."



Yahoo! Music Store - On July 23, 2008, the Yahoo! Music Store emailed its customers to tell them it will be shutting down effective September 30, 2008 and the DRM license key servers will be taken offline.



Walmart - In August 2007, Walmart's online music division started offering (DRM-free) MP3s as an option. Starting in February 2008, they made all sales DRM-free. On September 26, 2008, the Walmart Music Team notified its customers via email they would will be shutting down their DRM servers October 9, 2008 and any DRM-encumbered music acquired from them will no longer be accessible unless ripped to a non-DRM format before that date.



After bad press and negative reaction from customers, on October 9, 2 008, Walmart decided not to take its DRM servers offline.



Fictionwise / Overdrive - In January 2009, OverDrive informed Fictionwise that they would no longer be providing downloads for purchasers of e-books through Fictionwise as of 31 January 2009. No reason was provided to Fictionwise as to why they were being shut down. This prevents previous purchasers from being able to renew their books on new devices. Fictionwise is working to provide replacement ebooks for its customers in alternative, non-DRM formats, but does not have the rights to provide all of the books in different formats.



Ads for Adobe PDF - Also in January 2009, Adobe Systems announced that as of March 2009 they would no longer operate the servers that served ads to their PDF reader. Depending on the restriction settings used when PDF documents were created, they may no longer be readable.



Historical note



A very early implementation of DRM was the Software Service System (SSS) devised by the Japanese engineer Ryoichi Mori in 1983 and subsequently refined under the name superdistribution. The SSS was based on encryption, with specialized hardware that controlled decryption and also enabled payments to be sent to the copyright holder. The underlying principle of the SSS and subsequently of superdistribution was that the distribution of encrypted digital products should be completely unrestricted and that users of those products would not just be permitted to redistribute them but would actually be encouraged to do so.



See also



Computer Science portal



Related concepts



Compliance and Robustness



Copyleft



Copyright



Cryptography



Data room



Hardware restrictions



ODRL



Privacy enhancing technologies



Product activation



Smart contracts



Smart Cow Problem



Street Performer Protocol



Superdistribution



Tivoization



Trusted Computing



Voluntary Collective Licensing



XrML



Organizations



European Information, Communications and Consumer Electronics Technology Industry Associations



Trusted Computing Group



Motion Picture Association of America



Recording Industry Association of America



Electronic Frontier Foundation



Open Rights Group



Open Mobile Alliance



Defective by Design, a campaign of the Free Software Foundation



Pirate Party, a Swedish political party which is a proponent of free culture and free knowledge



Free Software Foundation Europe



Secure Digital Music Initiative



Open Entertainment Alliance



References



^ "Images and the Internet". http://www.artistscope.com/protection.asp.



^ Christopher Levy (February 3, 2003). "Making Money with Streaming Media". streamingmedia.com. http://www.streamingmedia.com/r/printerfriendly.asp?id=8306. Retrieved 2006-08-28.



^ "Digital Restrictions Management and Treacherous Computing". http://www.fsf.org/campaigns/drm.html. Retrieved 2006-08-04.



^ "FairPlay: Another Anti-competitive Use of DRM ". http://www.eff.org/deeplinks/archives/001557.php. Retrieved 2006-08-01.



^ a b c Cory Doctorow (June 17, 2004). "Microsoft Research DRM Talk" (pdf). craphound.com. http://www.changethis.com/4.DRM. Retrieved 2007-08-17. ""At the end of the day, all DRM systems share a common vulnerability: they provide their attackers with ciphertext, the cipher and the key. At this point,the secret isn't a secret anymore.""



^ Bangeman, Eric (2006-10-28). "TiVo tightens the DRM vise". http://arstechnica.com/news.ars/post/20041028-4358.html. Retrieved 2006-08-11.



^ Xeni Jardin (2006-12-28). "Report: HD-DVD copy protection defeated". BoingBoing. http://www.boingboing.net/2006/12/28/report-hddvd-copy-pr.html. Retrieved 2008-01-01.



^ Cory Doctorow (2007-05-30). "New AACS processing key leaks onto the net". BoingBoing. http://www.boingboing.net/2007/05/30/new-aacs-processing-.html. Retriev ed 2008-01-01.



^ "Who Controls Your Television?". Electronic Frontier Foundation. http://w2.eff.org/IP/DVB/dvb_briefing_paper.php. Retrieved 2008-01-01.



^ Lewis, Rita (January 8, 2008). "What is DRM and Why Should I Care?". Firefox News. http://firefox.org/news/articles/1045/1/What-is-DRM-and-why-should-I-care/Page1.html. Retrieved July 10 2008.



^ McMillan, Robert (May 23, 2006). Article "Settlement Ends Sony Rootkit Case". PC World. http://www.pcworld.com/article/id,125838-page,1-c,unresolvedtechstandards/article.html Article. Retrieved April 8, 2007.



^ Marechal, Sander (January 9, 2007). "DRM on audio CDs abolished". http://lxer.com/module/newswire/view/78008/index.html.



^ Holahan, Catherine (January 4, 2008). "Sony BMG Plans to Drop DRM". http://www.businessweek.com/technology/content/jan2008/tc2008013_398775.htm.



^ "iTunes Plus DRM-free tracks expanding, dropping to 99 cents". Apple News from ARS Technica. 2007-10-16. http://arstechnica.com/journals/apple.ars/2007/10/15/itunes-plus-drm-free-tracks-expanding-dropping-to-99-cents. Retrieved 2007-10-16.



^ Nick Timeraos (July 6, 2006). "Free, Legal and Ignored". WSJ.com (Wall Street Journal). http://online.wsj.com/public/article/SB115214899486099107-vuoIhGUthiYcFwsQK0DjegSRPwQ_20070706.html. Retrieved 2006-11-27.



^ Eric Bangeman (December 6, 2006). "Testing DRM-free waters: EMI selling a few MP3s through Yahoo Music". Ars Technica. http://arstechnica.com/news.ars/post/20061206-8368.html.



^ Steve Jobs. "Thoughts on Music". http://www.apple.com/hotnews/thoughtsonmusic/.



^ Ken Fisher (March 18, 2007). "Musicload: 75% of customer service problems caused by DRM". Ars Technica. http://arstechnica.com/news.ars/post/20070318-75-percent-c ustomer-problems-caused-by-drm.html. Retrieved 2007-03-20.



^ Ernesto (September 13, 2008). "Spore: Most Pirated Game Ever Thanks to DRM". TorrentFreak. http://torrentfreak.com/spore-most-pirated-game-ever-thanks-to-drm-080913/. Retrieved 2008-12-06.



^ Andy Greenberg; Mary Jane Irwin (2008-09-12). "Spore's Piracy Problem". Forbes. http://www.forbes.com/technology/2008/09/12/spore-drm-piracy-tech-security-cx_ag_mji_0912spore.html. Retrieved 2008-12-06.



^ http://arstechnica.com/gaming/news/2008/12/pc-prince-of-persia-contains-no-drm-its-a-trap.ars



^ http://www.1up.com/do/newsStory?cId=3173495



^ TinHat (June 2006). "eBooks and Digital Rights Management (DRM), for ePublishers". tinhat.com. http://www.tinhat.com/ebooks_epublishing/epublishers_drm.html. Retrieved 2008-05-28.



^ a b c d e f Karen Coyle (November 19, 2003). " The Technology of Rights: Digital Rights Management" (PDF). http://www.kcoyle.net/drm_basics.pdf. Retrieved 2008-05-26.



^ Ed Foster (February 19, 2004). "E-Books and DRM". Info World. http://www.gripe2ed.com/scoop/story/2004/2/19/0515/77045=. Retrieved 2008-05-26.



^ Jon Noring (2004). "The Perils of DRM Overkill for Large Publishers". http://www.teleread.org/publishersdrm.htm. Retrieved 2008-05-26.



^ "Amazon Erases Orwell Books From Kindle Devices". New York Times. 2009-07-18. http://www.nytimes.com/2009/07/18/technology/companies/18amazon.html.



^ David Pogue (2009-07-17). "Some E-Books Are More Equal Than Others". New York Times. http://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/.



^ "Why Amazon went Big Brother on some Kindle e-books". arstechnica.com. July 17, 2009. http://arstechnica.com/tech-policy/news/200 9/07/amazon-sold-pirated-books-raided-some-kindles.ars.



^ Pete Cashmore (July 17th, 2009). "Big Brother: Amazon Remotely Deletes 1984 From Kindles". http://mashable.com/2009/07/17/amazon-kindle-1984/.



^ Mark Frauenfelder (July 17, 2009). "Amazon zaps purchased copies of Orwell's 1984 and Animal Farm from Kindles". http://boingboing.net/2009/07/17/amazon-zaps-purchase.html.



^ Ina Fried (July 17, 2009). "Amazon recalls (and embodies) Orwell's '1984'". http://news.cnet.com/8301-13860_3-10289983-56.html.



^ Free Software Foundation (July 23, 2009). "Amazon's CEO Jeff Bezos apologizes for Kindle ebook deletion. Free Software Foundation cal