Digital rights management (DRM) is a generic term that refers to access control technologies used by hardware manufacturers, publishers and copyright holders to limit usage of digital media or devices. The term is used to describe any technology which makes the unauthorized use of media or devices technically formidable, and generally doesn't include other forms of copy protection which can be circumvented without modifying the media or device, such as serial numbers or keyfiles. It can also refer to restrictions associated with specific instances of digital works or devices.

Digital rights management has been and is being used by content provider companies such as Sony, Apple Inc., Microsoft and the BBC.

The use of digital rights management is controversial. Advocates argue it is necessary for copyright holders to prevent unauthorized duplication of their work to ensure continued revenue streams.^[1] Opponents, such as the Free Software Foundation, maintain that the use of the word "rights" is misleading and suggest that people instead use the term Digital Restrictions Management (DRM). Their position is essentially that copyright holders are attempting to restrict use of copyrighted material in ways not covered by existing laws.^[2] The Electronic Frontier Foundation, and other opponents, also consider DRM systems to be anti-competitive practices.^[3] Furthermore, rights, even when not equally granted to people, are granted by a legal or governing body, in most cases with some form of appeals process possible. There is no appeal to DRM.

In practice, all widely-used DRM systems have been defeated or circumvented when deployed to enough customers.^[4] Restricting copying of audio and visual material is especially difficult due to the existence of the analog hole, and there are even suggestions that effective DRM is logically impossible for this reason.

Introduction

Digital rights management technologies attempt to control use of digital media by preventing access, copying or conversion to other formats by end users. Long before the arrival of digital or even electronic media, copyright holders, content producers, or other financially or artistically interested parties had business and legal objections to copying technologies. Examples include: player piano rolls early in the 20th century, audio tape recording, and video tape recording (e.g. the "Betamax case" in the U.S.). Copying technology thus exemplifies a disruptive technology.

The advent of digital media and analog/digital conversion technologies, especially those that are usable on mass-market general-purpose personal computers, have vastly increased the concerns of copyright-dependent organizations, especially within the music and movie industries. While analog media inevitably loses quality with each copy generation, and in some cases even during normal use, digital media files may be duplicated an unlimited number of times with no degradation in the quality of subsequent copies. The advent of personal computers as household appliances has made it convenient for consumers to convert media (which may or may not be copyrighted) originally in a physical/analog form or a broadcast form into a universal, digital form (this process is called ripping) for location- or timeshifting, combined with the Internet and popular file sharing tools, has made unauthorized distribution of copies of copyrighted digital media (so-called digital piracy) much easier. In effect, copyright-dependent organizations regard every consumer with an Internet connection as a potential node of a distribution network that could be used to distribute unauthorized copies of copyrighted works.

Although technical controls on the reproduction and use of software have been intermittently used since the 1970s, the term 'DRM' has come to primarily mean the use of these measures to control artistic or literary content. DRM technologies have enabled publishers to enforce access policies that not only disallow copyright infringements, but also prevent lawful fair use of copyrighted works, or even implement use constraints on non-copyrighted works that they distribute; examples include the placement of DRM on certain public-domain or open-licensed e-books, or DRM included in consumer electronic devices that time-shift (and apply DRM to) both copyrighted and non-copyrighted works.

While DRM is most commonly used by the entertainment industry (e.g. film and recording), it has found use in other situations as well. Many online music stores, such as Apple's iTunes Store, as well as certain e-book publishers, have imposed DRM on their customers. In recent years, a number of television producers have imposed DRM mandates on consumer electronic devices, to control access to the freely-broadcast content of their shows, in connection with the popularity of time-shifting digital video recorder systems such as TiVo.^[5]

Technologies

DRM and film

An early example of a DRM system was the Content Scrambling System (CSS) employed by the DVD Forum on film DVDs since ca. 1996. CSS used a simple encryption algorithm, and required device manufacturers to sign license agreements that restricted the inclusion of features, such as digital outputs that could be used to extract high-quality digital copies of the film, in their players. Thus, the only consumer hardware capable of decoding DVD films was controlled, albeit indirectly, by the DVD Forum, restricting the use of DVD media on other systems until the release of DeCSS by Jon Lech Johansen in 1999, which allowed a CSS-encrypted DVD to play properly on a computer using Linux, for which the Alliance had not arranged a licensed version of the CSS playing software.

Microsoft's Windows Vista contains a DRM system called the Protected Media Path, which contains the Protected Video Path (PVP). PVP tries to stop DRM-restricted content from playing while unsigned software is running in order to prevent the unsigned software from accessing the content. Additionally, PVP can encrypt information during transmission to the monitor or the graphics card, which makes it more difficult to make unauthorized recordings.

Advanced Access Content System (AACS) is a DRM system for HD DVD and Blu-Ray Discs developed by the AACS Licensing Administrator, LLC (AACS LA), a consortium that includes Disney, Intel, Microsoft, Matsushita (Panasonic), Warner Brothers, IBM, Toshiba and Sony. In December 2006 a process key was published on the internet by crackers, enabling unrestricted access to AACS-restricted HD DVD content.^[6] After the cracked keys were revoked, further cracked keys were released.^[7]

The broadcast flag concept was developed by Fox Broadcasting in 2001 and was supported by the MPAA and the FCC. A ruling in May 2005 by a US Court of Appeals held that the FCC lacked authority to impose it on the TV industry in the US. It required that all HDTVs obey a stream specification determining whether or not a the stream can be recorded. This could block instances of fair use, such as time-shifting. It achieved more success elsewhere when it was adopted by the Digital Video Broadcasting Project (DVB), a consortium of about 250 broadcasters, manufactures, network operators, software developers, and regulatory bodies from about 35 countries involved in attempting to develop new digital TV standards.

An updated variant of the broadcast flag has been developed in the Content Protection and Copy Management (DVB-CPCM). It was developed in private, and the technical specification was submitted to European in March 2007. As with much DRM, the CPCM system is intended to control use of copyrighted material by the end-user, at the direction of the copyright holder. According to Ren Bucholz of the EFF, which paid to be a member of the consortium, "You won't even know ahead of time whether and how you will be able to record and make use of particular programs or devices".^[8] The DVB supports the system as it will harmonize copyright holders' control across different technologies and so make things easier for end users. The CPCM system is expected to be submitted to the European Telecommunications Standards Institute in 2008.

In March 2008, the Canadian Broadcasting Corporation announced that it would release a DRM-free version of one of its television programs called Canada's Next Great Prime Minister through BitTorrent.^[9]

DRM and music

Audio CDs

It should be noted that discs with DRM installed are not legitimately standards-compliant Compact Discs (CDs) but rather CD-ROM media. Therefore they all lack the CD logotype found on discs which follow the standard (known as Red Book). Therefore these CDs could not be played on all CD players. Many consumers could also no longer play purchased CDs on their computers. PCs running Microsoft Windows would sometimes even crash when attempting to play the CDs.^[10]

In 2002, Bertelsmann (comprising BMG, Arista, and RCA) was the first corporation to use DRM on audio CDs. In 2005, Sony BMG introduced new DRM technology which installed DRM software on users' computers without clearly notifying the user or requiring confirmation. Among other things, the installed software included a rootkit, which created a severe security vulnerability others could exploit. When the nature of the DRM involved was made public much later, Sony initially minimized the significance of the vulnerabilities its software had created, but was eventually compelled to recall millions of CDs, and released several attempts to patch the surreptitiously included software to at least remove the rootkit. Several class action lawsuits were filed, which were ultimately settled by agreements to provide affected consumers with a cash payout or album downloads free of DRM.^[11]

Sony's DRM software actually had only a limited ability to prevent copying, as it affected only playback on Windows computers, not on other equipment. Even on the Windows platform, users regularly bypassed the restrictions. And, while the Sony DRM technology created fundamental vulnerabilities in customers' computers, parts of it could be trivially bypassed by holding down the "shift" key while inserting the CD, or by disabling the autorun feature. In addition, audio tracks could simply be played and re-recorded, thus completely bypassing all of the DRM (this is known as the analog hole). Sony's first two attempts at releasing a patch which would remove the DRM software from users' computers failed.

In January 2007, EMI stopped publishing audio CDs with DRM, stating that "the costs of DRM do not measure up to the results." EMI was the last publisher to do so, and audio CDs containing DRM are no longer released by any major publishers.^[12]

Internet music

Many online music stores employ DRM to restrict usage of music purchased and downloaded online. There are many options for consumers buying digital music over the internet, in terms of both stores and purchase options.

• The iTunes Store, run by Apple Inc., allows users to purchase a track online for $.99 US. The tracks purchased use Apple's FairPlay DRM system. Starting on October 17, 2007, users can download DRM-free music for the same price as a file with DRM.^[13]

• Napster music store, which offers a subscription-based approach to DRM alongside permanent purchases. Users of the subscription service can download and stream an unlimited amount of music transcoded to Windows Media Audio (WMA) while subscribed to the service. But when the subscription period lapses, all of the downloaded music is unplayable until the user renews his or her subscription. Napster also charges users who wish to use the music on their portable device an additional $5 per month. In addition, Napster gives users the option of paying an additional $0.99 per track to burn it to CD or for the song to never expire. Music bought through Napster can be played on players carrying the Microsoft PlaysForSure logo (which, notably, do not include iPods or even Microsoft's own Zune).Now Napster is giving DRM free MP3 music.

• Wal-Mart Music Downloads, another online music download store, charges $0.94 per track for all non-sale downloads. All Wal-Mart, Music Downloads are able to be played on any Windows PlaysForSure marked product. The music does play on the SanDisk's Sansa mp3 player, for example, but must be copied to the player's internal memory. It can not be played through the player's microSD card slot, which is a problem that many users of the mp3 player experience.

• Sony operated an online music download service called "Connect" which used Sony's proprietary OpenMG DRM technology. Music downloaded from this store (usually via Sony's SonicStage software) was only playable on computers running Windows and Sony hardware (including the PSP).

The various services are currently not interoperable, though those that use the same DRM system (for instance the several Windows Media DRM format stores, including Napster and Yahoo Music) all provide songs that can be played side-by-side through the same player program. Almost all stores require client software of some sort to be downloaded, and some also need plug-ins. Several colleges and universities, such as Rensselaer Polytechnic Institute, have made arrangements with assorted Internet music suppliers to provide access (typically DRM-restricted) to music files for their students, to less than universal popularity, sometimes making payments from student activity fee funds.^[14] One of the problems is that the music becomes unplayable after leaving school unless the student continues to pay individually. Another is that few of these vendors are compatible with the most common portable music player, the Apple iPod. The Gowers Review of Intellectual Property (to HMG in the UK; 141 pages, 40+ specific recommendations) has taken note of the incompatibilities, and suggests (Recommendations 8 -- 12) that there be explicit fair dealing exceptions to copyright allowing libraries to copy and format-shift between DRM schemes, and further allowing end users to do the same privately. If adopted, some of the acrimony may decrease.

Although DRM is prevalent for Internet music, some Online music stores such as eMusic, Dogmazic, Amazon, and Beatport, do not use DRM despite encouraging users to avoid sharing music. Major labels have begun releasing more online music without DRM. Eric Bangeman suggests in Ars Technica that this is because the record labels are "slowly beginning to realize that they can't have DRMed music and complete control over the online music market at the same time... One way to break the cycle is to sell music that is playable on any digital audio player. eMusic does exactly that, and their surprisingly extensive catalog of non-DRMed music has vaulted it into the number two online music store position behind the iTunes Store."^[15] Apple's Steve Jobs has called on the music industry to eliminate DRM in an open letter titled Thoughts on Music.^[16] Apple's iTunes store will start to sell DRM-free 256 kbit/s (up from 128 kbit/s) music from EMI for a premium price (this has since reverted to the standard price). In March 2007, Musicload.de, one of Europe's largest online music retailers, announced their position strongly against DRM. In an open letter, Musicload stated that three out of every four calls to their customer support phone service are as a result of consumer frustration with DRM.^[17]

E-books

Electronic books read on a personal computer or an e-book reader typically use DRM restrictions to limit copying, printing, and sharing of e-books. E-books are usually limited to a certain number of reading devices and some e-publishers prevent any copying or printing. Thus, many consumers have been reluctant to purchase and use e-books. DRM is believed to be one of the main reasons why the E-book has been a marketing failure.^[18]

E-books are finding their place, but it is taking a long time, and taking a toll on the suppliers who were banking on a "boom" to survive.^[19] Many initial e-book publishers and providers have not survived and in 2003, Barnes & Noble ceased to offer e-book content and support. It has also taken several years to produce successful e-book hardware: Sony released the Sony Reader in 2006 and Amazon released the Kindle in 2007.

Two of the most commonly used software programs to view e-books are Adobe Acrobat and Microsoft Reader.^[20] Each program uses a slightly different approach for Digital Rights Management (DRM). The first version of Adobe Acrobat e-book Reader to have encryption technologies was version 5.05. In the later version 6.0, the technologies of the PDF reader and the e-book reader were combined, allowing it to read both DRM-restricted and unrestricted files. ^[21] After opening the file, the user is able to view the rights statement, which outlines actions available for the specific document. For example, for a freely transferred PDF, printing, copying to the clipboard, and other basic functions are available to the user. However, when viewing a more highly restricted e-book, the user is unable to print the book, copy or paste selections.^[22] The level of restriction is specified by the publisher or distribution agency.^[23]

Microsoft Reader, which exclusively reads e-books in a .lit format, contains its own DRM software. In Microsoft Reader there are three different levels of access control depending on the e-book: sealed e-books, inscribed e-books and owner exclusive e-books. Sealed e-books have the least amount of restriction and only prevents the document from being modified.^[24] Therefore, the reader cannot alter the content of the book to change the ending, for instance. Inscribed e-books are the next level of restriction. After purchasing and downloading the e-book, Microsoft Reader puts a digital ID tag to identify the owner of the e-book. Therefore, this discourages distribution of the e-book because it is inscribed with the owner?s name making it possible to trace it back to the original copy that was distributed.^[25]

Other e-book software uses similar DRM schemes. For example, Palm Digital Media, now known as Ereader, links the credit card information of the purchaser to the e-book copy in order to discourage distribution of the books.^[26] The most stringent form of security that Microsoft Reader offers is called owner exclusive e-books, which uses traditional DRM technologies. To buy the e-book the consumer must first open Microsoft Reader, which ensures that when the book is downloaded it becomes linked to the computer?s Microsoft Passport account. Thus the e-book can only be opened with the computer with which it was downloaded, preventing copying and distribution of the text.^[27]

DRM and documents

Enterprise digital rights management (E-DRM or ERM) is the application of DRM technology to the control of access to corporate documents such as Microsoft Word, PDF, and AutoCAD files, emails, and intranet web pages rather than to the control of consumer media.^[28] E-DRM, now more commonly referenced as IRM (Information Rights Management), is generally intended to prevent the unauthorized use (such as industrial or corporate espionage or inadvertent release) of proprietary documents. IRM typically integrates with content management system software.

DRM has been used by organizations such as the British Library in its secure electronic delivery service to permit worldwide access to substantial numbers of rare (and in many cases unique) documents which, for legal reasons, were previously only available to authorized individuals actually visiting the Library's document centre at Boston Spa in England.

Watermarks

Digital watermarks are unobtrusive features of media that are added during production or distribution. Digital watermarks involve data that is arguably steganographically embedded within the audio or video data.

Watermarks can be used for different purposes that may include:

• for recording the copyright owner
• for recording the distributor
• for recording the distribution chain
• for identifying the purchaser of the music

Watermarks are not complete DRM mechanisms in their own right, but are used as part of a system for Digital Rights Management, such as helping provide prosecution evidence for purely legal avenues of rights management, rather than direct technological restriction. Some programs used to edit video and/or audio may distort, delete, or otherwise interfere with watermarks. Signal/modulator-carrier chromatography may also separate watermarks from original audio or detect them as glitches. Use of third party media players and other advanced programs render watermarking useless. Additionally, comparison of two separately obtained copies of audio using simple, home-grown algorithms can often reveal watermarks. New methods of detection are currently under investigation by both industry and non-industry researchers.

Metadata

Sometimes, metadata is included in purchased music which records information such as the purchaser's name, account information, or email address. This information is not embedded in the played audio or video data, like a watermark, but is kept separate, but within the file or stream.

As an example, metadata is used in media purchased from Apple's iTunes Store for DRM-free as well as DRM-restricted versions of their music or videos. This information is included as MPEG standard metadata. ^[29][30]

Table of DRM technologies and associated devices

Laws regarding DRM

Digital rights management systems have received some international legal backing by implementation of the 1996 WIPO Copyright Treaty (WCT). Article 11 of the Treaty requires nations party to the treaties to enact laws against DRM circumvention.

The WCT has been implemented in most member states of the World Intellectual Property Organization. The American implementation is the Digital Millennium Copyright Act (DMCA), while in Europe the treaty has been implemented by the 2001 European directive on copyright, which requires member states of the European Union to implement legal protections for technological prevention measures. In 2006, the lower house of the French parliament adopted such legislation as part of the controversial DADVSI law, but added that protected DRM techniques should be made interoperable, a move which caused widespread controversy in the United States.

Digital Millennium Copyright Act

The Digital Millennium Copyright Act (DMCA) is an extension to United States copyright law passed unanimously on May 14, 1998, which criminalizes the production and dissemination of technology that allows users to circumvent technical copy-restriction methods. Under the Act, circumvention of a technological measure that effectively controls access to a work is illegal if done with the primary intent of violating the rights of copyright holders. (For a more detailed analysis of the statute, see WIPO Copyright and Performances and Phonograms Treaties Implementation Act.)

Reverse engineering of existing systems is expressly permitted under the Act under specific conditions. Under the reverse engineering safe harbor, circumvention necessary to achieve interoperability with other software is specifically authorized. See 17 U.S.C. Sec. 1201(f). Open-source software to decrypt content scrambled with the Content Scrambling System and other encryption techniques presents an intractable problem with the application of the Act. Much depends on the intent of the actor. If the decryption is done for the purpose of achieving interoperability of open source operating systems with proprietary operating systems, the circumvention would be protected by Section 1201(f) the Act. Cf., Universal City Studios, Inc. v. Corley, 273 F.3d 429 (2d Cir. 2001) at notes 5 and 16. However, dissemination of such software for the purpose of violating or encouraging others to violate copyrights has been held illegal. See Universal City Studios, Inc. v. Reimerdes, 111 F. Supp. 2d 346 (S.D.N.Y. 2000).

On 22 May, 2001, the European Union passed the EU Copyright Directive, an implementation of the 1996 WIPO Copyright Treaty that addressed many of the same issues as the DMCA.

The DMCA has been largely ineffective in protecting DRM systems, as software allowing users to circumvent DRM remains widely available, as for instance over the Internet. However, those with an interest in preserving the DRM systems have attempted to use the Act to restrict the distribution and development of such software, as in the case of DeCSS.

Although the Act contains an exception for research, the exception is subject to vague qualifiers that do little to reassure the research community. Cf., 17 U.S.C. Sec. 1201(g). The DMCA has had an impact on the worldwide cryptography research community, because many fear that their cryptanalytic research violates, or might be construed to violate, the DMCA. The arrest of Russian programmer Dmitry Sklyarov in 2001, for alleged infringement of the DMCA, was a highly publicized example of the law's use to prevent or penalize development of anti-DRM measures. Sklyarov was arrested in the United States after a presentation at DEF CON, and subsequently spent several months in jail. The DMCA has also been cited as chilling to non-criminal inclined users, such as students of cryptanalysis (including, in a well-known instance, Professor Felten and students at Princeton^[31]), and security consultants such as the Netherlands based Niels Ferguson, who has declined to publish information about vulnerabilities he discovered in an Intel secure-computing scheme because of his concern about being arrested under the DMCA when he travels to the US.

On 25 April, 2007 the European Parliament supported the first directive of EU, which aims to harmonize criminal law in the member states. It adopted a first reading report on harmonizing the national measures for fighting copyright abuse. If the European Parliament and the Council approve the legislation, the submitted directive will oblige the member states to consider a crime a violation of international copyright committed with commercial purposes. The text suggests numerous measures: from fines to imprisonment, depending on the gravity of the offense.

The EP members supported the Commission motion, changing some of the texts. They excluded patent rights from the range of the directive and decided that the sanctions should apply only to offenses with commercial purposes. Copying for personal, non-commercial purposes was also excluded from the range of the directive.

International issues

In Europe, there are several ongoing dialog activities that are characterized by their consensus-building intention:

• Workshop on Digital Rights Management of the World Wide Web Consortium (W3C), January 2001. http://www.w3.org/2000/12/drm-ws/Overview.html
• Participative preparation of the European Committee for Standardization/Information Society Standardisation System (CEN/ISSS) DRM Report, 2003 (finished). http://www.cenorm.be/cenorm/businessdomains/businessdomains/isss/activity/drm_fg.asp
• DRM Workshops of Directorate-General for Information Society and Media (European Commission) (finished), and the work of the DRM working groups (finished), as well as the work of the High Level Group on DRM (ongoing). http://europa.eu.int/information_society/eeurope/2005/all_about/digital_rights_man/index_en.htm
• Consultation process of the European Commission, DG Internal Market, on the Communication COM(2004)261 by the European Commission on "Management of Copyright and Related Rights" (closed). http://europa.eu.int/comm/internal_market/copyright/management/management_en.htm
• The INDICARE project is an ongoing dialogue on consumer acceptability of DRM solutions in Europe. It is an open and neutral platform for exchange of facts and opinions, mainly based on articles by authors from science and practice.
• The AXMEDIS project is a European Commission Integrated Project of the FP6. The main goal of AXMEDIS is automating the content production, copy-prevention and distribution, reducing the related costs and supporting DRM at both B2B and B2C areas harmonising them.
• The Gowers Review of Intellectual Property is the result of a commission by the British Government from Andrew Gowers, undertaken in December 2005 and published in 2006, with recommendations regarding copyright term, exceptions, orphaned works, and copyright enforcement.

The European Community was expected to produce a recommendation on DRM in 2006, phasing out the use of levies (compensation to rights holders charged on media sales for lost revenue due to unauthorized copying) given the advances in DRM/TPM technology. However, opposition from the member states, particularly France, have now made it unlikely that the recommendation will be adopted.

Controversy

DRM opposition

A parody on the Home Taping Is Killing Music logo.

Many organizations, prominent individuals, and computer scientists are opposed to DRM. Two notable DRM critics are John Walker, as expressed for instance, in his article The Digital Imprimatur: How big brother and big media can put the Internet genie back in the bottle^[32], and Richard Stallman in his article The Right to Read^[33] and in other public statements "DRM is an example of a malicious feature - a feature designed to hurt the user of the software, and therefore, it's something for which there can never be toleration".^[34] Professor Ross Anderson of Cambridge University heads a British organization which opposes DRM and similar efforts in the UK and elsewhere. Cory Doctorow, a prominent writer and technology blogger, spoke on the Microsoft campus criticizing the technology, the morality, and the marketing of DRM.^[35]

There have been numerous others who see DRM at a more fundamental level. TechMediums.com argues that DRM-free music allows for viral marketing, arguing that independent artists benefit from "free marketing" and can then focus on revenues from higher margin products like merchandise and concert ticket sales. This is similar to some of the ideas in Michael H. Goldhaber's presentation about "The Attention Economy and the Net" at a 1997 conference on the "Economics of Digital Information."^[36] (sample quote from the "Advice for the Transition" section of that presentation:^[36] "If you can't figure out how to afford it without charging, you may be doing something wrong.")

The Electronic Frontier Foundation and similar organizations such as FreeCulture.org also hold positions which are characterized as opposed to DRM.

The Foundation for a Free Information Infrastructure has criticized DRM's impact as a trade barrier from a free market perspective.

The final version of the GNU General Public License version 3, as released by the Free Software Foundation, prohibits using DRM to restrict free redistribution and modification of works covered by the license, and includes a clause stating that the license's provisions shall be interpreted as disfavoring use of DRM. Also, in May 2006, the FSF launched a "Defective by Design" campaign against DRM.

Creative Commons provides licensing options encouraging the expansion of and building upon creative work without the use of DRM.^[37] In addition, the use of a Creative Commons-licensed work on a device which incorporates DRM is a breach of the Baseline Rights asserted by each license.^[38]

Bill Gates spoke about DRM at CES in 2006. According to him, DRM is not where it should be, and causes problems for legitimate consumers while trying to distinguish between legitimate and illegitimate users.^[39]

According to Steve Jobs, Apple opposes DRM music after a public letter calling its music labels to stop requiring DRM on its iTunes Store. To date, EMI has complied.^[40] Apple considers DRM on video content as a separate issue.

Defective by Design member protesting DRM on May 25, 2007.

As already noted, many DRM opponents consider "digital rights management" to be a misnomer. They argue that DRM manages rights (or access) the same way prison manages freedom and often refer to it as "digital restrictions management". Alternatively, ZDNet Executive Editor David Berlind suggests the term "Content Restriction, Annulment and Protection" or "CRAP" for short.^[41]

The Norwegian Consumer rights organization "Forbrukerrådet" complained to Apple Inc. in 2007 about the company's use of DRM in, and in conjunction with, its iPod and iTunes products. Apple was accused of restricting users' access to their music and videos in an unlawful way, and to use EULAs conflicting with Norwegian consumer legislation. The complaint was supported by consumers' ombudsmen in Sweden and Denmark, and is currently being reviewed in the EU.

The use of DRM may also be a barrier to future historians, since technologies designed to permit data to be read only on particular machines, or with particular keys, or for certain periods, may well make future data recovery impossible ? see Digital Revolution. This argument connects the issue of DRM with that of asset management and archive technology.

DRM opponents argue that the presence of DRM violates existing private property rights and restricts a range of heretofore normal and legal user activities. A DRM component would control a device a user owns (such as a Digital audio player) by restricting how it may act with regards to certain content, overriding some of the user's wishes (for example, preventing the user from burning a copyrighted song to CD as part of a compilation or a review). An example of this effect may be seen in Microsoft's Windows Vista operating system in which content is disabled or degraded depending on the DRM scheme's evaluation of whether the hardware and its use are 'secure'. All forms of DRM depend on the DRM enabled device (e.g., computer, DVD player, TV) imposing restrictions that (at least by intent) cannot be disabled or modified by the user.

Tools like FairUse4WM have been created to strip Windows Media of DRM restrictions.^[42]

"DRM-Free"

Due to the strong opposition that exists to DRM, many companies and artists have begin advertising their products as "DRM-Free".^[43][44][45]

Most notably, Apple began selling "DRM-Free" music through their iTunes store in April of 2007^[46]. It was later revealed that the DRM-Free iTunes files were still embedded with each user's account information, a form of copy protection generally not regarded as DRM.^[47]

Shortcomings of DRM

Read Only Mechanisms

The read only structures of Digital Rights Management Systems force some limitations on Content Management implementations as they do not allow the protected contents to be changed in their life cycle. Creation of new contents using the managed(protected) ones is also another issue which will get the protected contents out of Digital Rights Management controlling systems.

License/Content Servers Dependencies

Current DRM systems trouble users by forcing them to connect to online license/content servers in order to access protected contents which breaks users privacy rights.

Incompatibility With Old File Formats

Another shortcoming which is common in all current DRM systems is that the file structure and the reader software codes and architectures must be changed in order to apply DRM licensing and protection systems on old file formats which will make them unusable for current working systems.

Methods to bypass DRM

There are many methods to bypass DRM control on audio and video content.

One simple method to bypass DRM on audio files is to burn the content to an audio CD and then rip it into DRM-free files. This is only possible when the software that plays these DRM-restricted audio files allows CD-burning. Some software products simplify and automate this burn-rip process by allowing the user to burn music to a CD-RW disc or to a Virtual CD-R drive, then automatically ripping and encoding the music, and automatically repeating this process until all selected music has been converted, rather than forcing the user to do this one CD (72-80 minutes worth of music) at a time.

Many software programs have been developed that intercept the data stream as it is decrypted out of the DRM-restricted file, and then use this data to construct a DRM-free file. These programs require a decryption key. Programs that do this for DVDs, HD DVDs, and Blu-ray Discs include universal decryption keys in the software itself. Programs that do this for TiVo ToGo recordings, iTunes audio, and PlaysForSure songs, however, rely on the user's own key ? that is, they can only process content that the user has legally acquired under his or her own account.

Another method is to use software to record the signals being sent through the audio or video cards, or to plug analog recording devices into the analog outputs of the media player. These techniques utilize the so-called "analog hole" (see below).

Analog hole

All forms of DRM for audio and visual material (excluding interactive materials, like videogames) are subject to the analog hole, namely that in order for a viewer to play the material, the digital signal must be turned into an analog signal containing light and/or sound for the viewer, and so available to be copied as no DRM is capable of controlling content in this form. In other words, a user could play a purchased audio file while using a separate program to record the sound back into the computer into a DRM-free file format.

All DRM to date, and probably all future ones can therefore be bypassed by recording this signal and digitally storing and distributing it in a non DRM limited form, by anyone who has the technical means of recording the analog stream. However the conversion from digital to analog and back is likely to force a loss of quality, particularly when using lossy digital formats. HDCP is an attempt to restrict the analog hole although it is largely ineffective.

Asus will release a soundcard which features a function called "Analog Loopback Transformation" to bypass the digital restrictions of DRM. This feature allows the user to record DRM-restricted audio via the soundcard's built-in analog I/O connection.^[48]

DRM on general computing platforms

Many of the DRM systems in use are designed to work on general purpose computing hardware, such as desktop PCs apparently because this equipment is felt to be a major contributor to revenue loss from disallowed copying. Large commercial copyright infringers ("pirates") avoid consumer equipment, so losses from such infringers will not be covered by such provisions.

Some ^[4] have suggested that any such scheme can never be secure since the software must include all the information, such as decryption keys, necessary to decrypt the content. It is suggested that one can always extract this information and decrypt and copy the content, bypassing the restrictions imposed by a DRM system.

DRM on distributed purpose built hardware

Many DRM schemes use encrypted media which requires purpose built hardware to hear or see the content. This appears to ensure that only licensed users (those with the hardware) can access the content. It additionally tries to protect a secret decryption key from the users of the system.

While this in principle can work, it is extremely difficult to build the hardware to protect the secret key against a sufficiently determined adversary. Many such systems have failed in the field, and in fact, it is thought that none have yet survived several years of deployment. Once the secret key is known, building a version of the hardware that performs no checks is often relatively straightforward.

In addition user verification provisions are frequently subject to attack.

Watermarks

Watermarks are usually easily removed, although some degradation of video or audio can occur.

In particular, most compression is intended to only retain perceptible features of an image, and hence if the watermarks are invisible, then they are very typically removed by compression systems as a side-effect.

Obsolescence

When standards and formats change, it may be difficult to transfer DRM-restricted content to new media. Additionally, any system that requires contact with an authentication server is vulnerable to that server becoming unavailable, as happened^[49] in 2007 when videos purchased from MLB.com prior to 2006 became unplayable due to a change to the servers that validate the licences.

When Microsoft introduced their Zune^[50] media player in 2006, it did not support content that uses Microsoft's own PlaysForSure DRM scheme they had previously been selling. The EFF calls this "a raw deal".

In April 2008, Microsoft sent an email to former customers of the now-defunct MSN Music store: "As of August 31, 2008, we will no longer be able to support the retrieval of license keys for the songs you purchased from MSN Music or the authorization of additional computers. You will need to obtain a license key for each of your songs downloaded from MSN Music on any new computer, and you must do so before August 31, 2008. If you attempt to transfer your songs to additional computers after August 31, 2008, those songs will not successfully play."^[51]

However, to avoid a public relations disaster, Microsoft re-issued MSN Music shutdown statement on June 19^th and allowed the users to use their licenses till the end of 2011: "After careful consideration, Microsoft has decided to continue to support the authorization of new computers and devices and delivery of new license keys for MSN Music customers through at least the end of 2011, after which we will evaluate how much this functionality is still being used and what steps should be taken next to support our customers. This means you will continue to be able to listen to your purchased music and transfer your music to new PCs and devices beyond the previously announced August 31, 2008 date."^[52]

On July 23, 2008, the Yahoo! Music Store emailed its customers to tell them it will be shutting down effective September 30, 2008 and the DRM license key servers will be taken offline.^[53]

Historical note

A very early implementation of DRM was the Software Service System (SSS) devised by the Japanese engineer Ryoichi Mori in 1983 ^[54] and subsequently refined under the name superdistribution. The SSS was based on encryption, with specialized hardware that controlled decryption and also enabled payments to be sent to the copyright holder. The underlying principle of the SSS and subsequently of superdistribution was that the distribution of encrypted digital products should be completely unrestricted and that users of those products would not just be permitted to redistribute them but would actually be encouraged to do so.

See also

Related concepts

• Compliance and Robustness
• Copyleft
• Copyright
• Copy prevention
• Cryptography
• Data room
• ODRL
• Smart contracts
• Smart Cow Problem
• Street Performer Protocol
• Superdistribution
• Tivoization
• Trusted Computing
• Voluntary Collective Licensing
• XrML

Lobbying organizations

• European Information, Communications and Consumer Electronics Technology Industry Associations
• Trusted Computing Group
• Motion Picture Association of America
• Recording Industry Association of America
• Electronic Frontier Foundation
• Open Rights Group
• Open Mobile Alliance
• Defective by Design, a campaign of the Free Software Foundation
• The Pirate Party, a Swedish political party fronting free culture and free knowledge
• Free Software Foundation Europe
• Secure Digital Music Initiative

References

Further reading

• Lawrence Lessig's Free Culture, published by Basic Books in 2004, is available for free download in PDF format. The book is a legal and social history of copyright. Lessig is well known, in part, for arguing recent landmark cases on copyright law. A Professor of Law at Stanford University, Lessig writes for an educated lay audience, including for non-lawyers. He is, for the most part, an opponent of DRM technologies.
• Rosenblatt, B. et al, Digital Rights Management: Business and Technology, published by M&T Books (John Wiley & Sons) in 2001. An overview of DRM technology, business implications for content publishers, and relationship to U.S. copyright law.
• Consumer's Guide to DRM, published in 10 languages (Czech, German, Greek, English, Spanish, French, Hungarian, Italian, Polish, Swedish), produced by the INDICARE research and dialogue project
• Eberhard Becker, Willms Buhse, Dirk Günnewig, Niels Rump: Digital Rights Management - Technological, Economic, Legal and Political Aspects. An 800 page compendium from 60 different authors on DRM.
• Fetscherin, M., Implications of Digital Rights Management on the Demand for Digital Content, provides an excellent view on DRM from a consumers perspective. http://www.dissertation.de/index.php3?active_document=buch.php3&buch=4731
• Bound by Law, by James Boyle et al, at Duke University Law School (http://www.law.duke.edu/cspd/comics/zoomcomic.html), a comic book treatment of the US Fair Use doctrine (with some relevance to other jurisdictions, for example in the Commonwealth usually called Fair Dealing), that is a license fee or permission free, under statute and common law precedent, use of copyrighted material.
• DRM on Open Platforms - A paper by Hagai Bar-El and Yoav Weiss on ways to partially close open platforms to make them suitable for DRM implementations. It has been released under a Creative commons by NC-SA license.
• The Pig and the Box, a book with colorful illustrations and having a coloring book version, by 'MCM'. It describes DRM in terms suited to kids, written in reaction to a Canadian entertainment industry copyright education initiative, aimed at children.
• Present State and Emerging Scenarios of Digital Rights Management Systems - A paper by Marc Fetscherin which provides an overview of the various components of DRM, pro and cons and future outlook of how, where, when such systems might be used.
• DRM is Like Paying for Ice - Richard Menta article on MP3 Newswire discusses how DRM is implemented in ways to control consumers, but is undermining perceived product value in the process.
• Challenges in Designing Content Protection Solutions - A paper by Hagai Bar-El and Discretix that addresses technical dilemmas and difficulties met when designing DRM products.
• A Semantic Web Approach to Digital Rights Management - PhD Thesis by Roberto García that tries to address DRM issues using Semantic Web technologies and methodologies.

External links

• BBC News |Technology Q&A: What is DRM?
• White Paper: Introduction to Digital Rights Management
• Cory Doctorow's bi-weekly column for The Guardian on DRM and the entertainment industry
• Guardian article
• INDICARE research and dialogue project on consumer issues of DRM
• Windows Media DRM FAQ from Microsoft
• Current Developments in the Field of Digital Rights Management from World Intellectual Property Organisation, Standing Committee on Copyright and Related Rights. SCCR/10/2. August 2003.
• Digital Rights Management from CEN/ISSS (European Committee for Standardization / Information Society Standardization System). Contains a range of possible definitions for DRM from various stakeholders. 30 September 2003
• Defectivebydesign.org, FSF campaign against DRM.
• The Digital Imprimatur - How big brother and big media can put the Internet genie back in the bottle. See also: The Digital Imprimatur.
• The Right to Read by Richard Stallman.
• Music Downloads: Pirates- or Customers?. Silverthorne, Sean. Harvard Business School Working Knowledge, 2004.
• OpenIPMP - an open source DRM project with cross-platform software.
• Advanced Peer-Based Technology Business Models. Ghosemajumder, Shuman. MIT Sloan School of Management, 2002. DRM-free model for distributing digital music.
• Microsoft Research DRM talk by [[Cory Doctorow] June 17, 2004]
• Digital rights management: When a standard isn't, information from IBM.
• A Special Guide to DRM and Software Activation Tools: Protect Data, Enforce Licenses, information about DRM for software
• DRM.info collaboration against DRM
• DRM Watch - Web site with news and commentary about DRM.
• Libraries fear digital lockdown - BBC News Article.
• "Lessons from the Sony CD DRM Episode" (PDF format), by J. Alex Halderman and Edward Felten, February 14, 2006.
• Artist controled rights
• What Colour are your bits? Copyright communication difficulties between lawyers and computer scientists.
• La France v. Apple: who?s the dadvsi in DRMs?, Nicolas Jondet (University of Edinburgh), SCRIPT-ed, December 2006
• What DRM is and how to get around it

bs:DRM bg:Digital rights management ca:Gestió de drets digitals cs:Digital rights management da:Digital Rights Management de:Digitale Rechteverwaltung es:Gestión de derechos digitales eu:Eskubide digitalen kudeaketa fr:Gestion des droits numériques gl:Xestión de dereitos dixitais ko:??? ?? ?? id:Manajemen hak digital it:Digital rights management he:????? ?????? ??????? ms:Pengurusan hak digital nl:Digital Rights Management ja:????????? no:Digital rights management nn:Digital Rights Management pl:Digital Rights Management pt:Gestão de direitos digitais ru:??????????? ???????? ?????? ????????? ???? simple:Digital Rights Management sk:Digital rights management fi:Käyttöoikeuksien hallinta sv:Digital Rights Management th:????????????????????? tr:DRM zh:??????