Wednesday, January 30, 2008


Digital rights management (DRM) is an umbrella term that refers to access control technologies used by publishers and other copyright holders to limit usage of digital media or devices. DRM can also refer to restrictions associated with specific instances of digital works or devices. The term is often confused with copy protection and technical protection measures, which refer to specific technologies that control or restrict the use and access of digital content on electronic devices. Such technologies act as components of a complete rights-management system design.
The use of digital rights management has been controversial. Advocates argue it is necessary for copyright holders to prevent unauthorized duplication of their work to ensure continued revenue streams.

Digital rights management Introduction

Technologies
An early example of a DRM system was the Content Scrambling System (CSS) employed by the DVD Forum on film DVDs since circa 1996. CSS used a simple encryption algorithm, and required device manufacturers to sign license agreements that restricted the inclusion of features, such as digital outputs that could be used to extract high-quality digital copies of the film, in their players. Thus, the only consumer hardware capable of decoding DVD films was controlled, albeit indirectly, by the DVD Forum, restricting the use of DVD media on other systems until the release of DeCSS by Jon Lech Johansen in 1999, which allowed a CSS-encrypted DVD to play properly on a computer using Linux, for which the Alliance had not arranged a licensed version of the CSS playing software.
Microsoft's Windows Vista contains a DRM system called the Protected Media Path, which contains the Protected Video Path (PVP). PVP can prevent DRM-restricted content from playing while unsigned software is running in order to prevent the unsigned software from accessing the content. Additionally, PVP can encrypt information during transmission to the monitor or the graphics card, which prevents unauthorized methods of video recording.

DRM and film

DRM and music
In 2002, Bertelsmann (comprised of BMG, Arista and RCA) was the first corporation to use DRM on audio CDs. This was initially done on promotional CDs, but all CDs from these companies would eventually include at least some DRM.

Audio CDs
Many online music stores employ DRM to restrict usage of music purchased and downloaded online. There are many options for consumers buying digital music over the internet, in terms of both stores and purchase options. Two examples of music stores and their functionality follow:
The various services are currently not interoperable, though those that use the same DRM system (for instance the several Windows Media DRM format stores, including Napster) all provide songs that can be played side-by-side through the same player program. Almost all stores require client software of some sort to be downloaded, and some also need plug-ins. Several colleges and universities, such as Rensselaer Polytechnic Institute, have made arrangements with assorted Internet music suppliers to provide access (typically DRM-restricted) to music files for their students, to less than universal popularity, sometimes making payments from student activity fee funds.
Napster music store, which offers a subscription-based approach to DRM alongside permanent purchases. Users of the subscription service can download and stream an unlimited amount of music encoded to Windows Media Audio (WMA) while subscribed to the service. But as soon as the user misses a payment, the service renders all of the downloaded music unusable. Napster also charges users who wish to use the music on their portable device an additional $5 per month. Furthermore, Napster requires users to pay an additional $0.99 per track to burn it to CD or listen to it after the subscription expires. Songs bought through Napster can be played on players carrying the Microsoft PlaysForSure logo (which, notably, do not include iPods or even Microsoft's own Zune).
Wal-Mart Music Downloads, another online music download store, also uses DRM. It charges $0.88 per track for all non-sale downloads. All Wal-Mart Music Downloads are able to be played on any Windows PlaysForSure marked product. However, this music will not play on the Zune. The music does play on the SanDisk's Sansa mp3 player, for example, but must be copied to the player's internal memory. It can not be played through the player's Micro SD card slot, which is a problem that many users of the mp3 player experience. Internet music
Enterprise digital rights management (E-DRM or ERM) is the application of DRM technology to the control of access to corporate documents such as Microsoft Word, PDF, and AutoCAD files, emails, and intranet web pages rather than to the control of consumer media . E-DRM is generally intended to prevent the unauthorized use (such as industrial or corporate espionage or inadvertent release) of proprietary documents. E-DRM typically integrates with content management system software. An example of an E-DRM system is Microsoft's Rights Management Services. Additional E-DRM vendors include Adobe Systems and EMC Corporation.

DRM and documents
Digital rights management systems have received some international legal backing by implementation of the 1996 WIPO Copyright Treaty (WCT). Article 11 of the Treaty requires nations party to the treaties to enact laws against DRM circumvention.
The WCT has been implemented in most member states of the World Intellectual Property Organization. The American implementation is the Digital Millennium Copyright Act (DMCA), while in Europe the treaty has been implemented by the 2001 European directive on copyright, which requires member states of the European Union to implement legal protections for technological prevention measures. In 2006, the lower house of the French parliament adopted such legislation as part of the controversial DADVSI law, but added that protected DRM techniques should be made interoperable, a move which caused widespread controversy in the United States.

Laws regarding DRM
The Digital Millennium Copyright Act (DMCA) is an extension to United States copyright law passed unanimously on May 14, 1998, which criminalizes the production and dissemination of technology that allows users to circumvent technical copy-restriction methods. Under the Act, circumvention of a technological measure that effectively controls access to a work is illegal if done with the primary intent of violating the rights of copyright holders. (For a more detailed analysis of the statute, see WIPO Copyright and Performances and Phonograms Treaties Implementation Act.)
Reverse engineering of existing systems is expressly permitted under the Act under specific conditions. Under the reverse engineering safe harbor, circumvention necessary to achieve interoperability with other software is specifically authorized. See 17 U.S.C. Sec. 1201(f). Open-source software to decrypt content scrambled with the Content Scrambling System and other encryption techniques presents an intractable problem with the application of the Act. Much depends on the intent of the actor. If the decryption is done for the purpose of achieving interoperability of open source operating systems with proprietary operating systems, the circumvention would be protected by Section 1201(f) the Act. Cf., Universal City Studios, Inc. v. Corley, 273 F.3d 429 (2d Cir. 2001) at notes 5 and 16. However, dissemination of such software for the purpose of violating or encouraging others to violate copyrights has been held illegal. See Universal City Studios, Inc. v. Reimerdes, 111 F. Supp. 2d 346 (S.D.N.Y. 2000).
On 22 May 2001, the European Union passed the EU Copyright Directive, an implementation of the 1996 WIPO Copyright Treaty that addressed many of the same issues as the DMCA.
The DMCA has been largely ineffective in protecting DRM systems,), and security consultants such as Niels Ferguson, who has declined to publish information about vulnerabilities he discovered in an Intel secure-computing scheme because of his concern about being arrested under the DMCA when he travels to the US.
On 25 April 2007 the European Parliament supported the first directive of EU, which aims to harmonize criminal law in the member states. They adopted a first reading report on harmonizing the national measures for fighting copyright abuse.
If the European Parliament and the Council approve the legislation, the submitted directive will oblige the member states to consider a crime an international copyright abuse of intellectual property committed with commercial purposes. The text suggests numerous measures: from fines to imprisonment, depending on the gravity of the offence.
The EP members supported as a whole the Commission motion, changing some of the texts. They excluded patent rights from the range of the directive and decided that the sanctions should apply only to offences with commercial purposes. Piracy for personal, non-commercial purposes was also excluded from the range of the directive.

Digital Millennium Copyright Act
DRM has been used by organizations such as the British Library in its secure electronic delivery service to permit worldwide access to substantial numbers of rare (and in many cases unique) documents which, for legal reasons, were previously only available to authorized individuals actually visiting the Library's document centre at Boston Spa in England.

Other copyright implications
Copyright law has been defined in terms of general definitions of infringement in any concrete medium. This classic approach focused such law on whether there is infringement, rather than focus on particular engineering techniques. Legislators have in several instances chosen not to prohibit new technologies (for example, piano rolls, radio broadcasting, and audio tape recording have not been prohibited, and in fact endorsed by inclusion in copyright legislation or the Courts in the U.S.). Critics of DRM assert that detecting and prosecuting infringement within the social and legal system avoids a legacy of outlawing generic, universal, popular, widespread, useful, and possibly uncontrollable in any case, engineering techniques in response to specific misuses.

Copyright law vs. particular DRM techniques
In Europe, there are several dialog activities that are uncharacterized by its consensus-building intention:
The European Community was expected to produce a recommendation on DRM in 2006, phasing out the use of levies (compensation to rights holders charged on media sales for lost revenue due to unauthorized copying) given the advances in DRM/TPM technology. However, opposition from the member states, particularly France, have now made it unlikely that the recommendation will be adopted.

Workshop on Digital Rights Management of the World Wide Web Consortium (W3C), January 2001. [1]
Participative preparation of the European Committee for Standardization/Information Society Standardisation System (CEN/ISSS) DRM Report, 2003 (finished). [2]
DRM Workshops of DG Information Society, European Commission (finished), and the work of the DRM working groups (finished), as well as the work of the High Level Group on DRM (ongoing). [3]
Consultation process of the European Commission, DG Internal Market, on the Communication COM(2004)261 by the European Commission on "Management of Copyright and Related Rights" (closed). [4]
The INDICARE project is an ongoing dialogue on consumer acceptability of DRM solutions in Europe. It is an open and neutral platform for exchange of facts and opinions, mainly based on articles by authors from science and practice.
The AXMEDIS project is a European Commission Integrated Project of the FP6. The main goal of AXMEDIS is atomating the content production, copy-prevention and distribution, reducing the related costs and supporting DRM at both B2B and B2C areas harmonising them.
The Gowers Review of Intellectual Property is the result of a commission by the British Government from Andrew Gowers, undertaken in December 2005 and published in 2006, with recommendations regarding copyright term, exceptions, orphaned works, and copyright enforcement. International issues
The intent of DRM is to provide technical means to assure that the creators of content such as artistic works maintain appropriate control of their work, including the ability to obtain compensation for their creative investment. This becomes controversial because DRM limits the fair use of legitimately acquired digital media in ways traditionally not restricted in other media, and gives rise to concerns that DRM schemes enormously complicate, and may prevent, effective archive management and historical research. Opponents of DRM base their opposition on one or more of these concerns.

Controversy
Many organizations, prominent individuals, and computer scientists are opposed to DRM. Two notable DRM critics are John Walker, as expressed for instance, in his article The Digital Imprimatur: How big brother and big media can put the Internet genie back in the bottle

Digital rights management DRM opponents

Problems with DRM
All forms of DRM for audio and visual material are subject to the 'analog hole', namely that in order for a viewer to enjoy the material, the digital signal must be turned into analogue signal containing light and/or sound for the viewer.
All DRM to date, and probably all future ones can therefore be bypassed by recording this signal and digitally storing and distributing it in non DRM form. However the conversion from digital to analogue and back may result in a drop in quality, particularly when using lossy formats.

DRM on general computing platforms
Many systems have a distributed media that is encrypted and use purpose built hardware which ensures that only licensed users can access the material; and it additionally tries to protect a secret decryption key from the users of the system.
While this in principle can work, it is extremely difficult to build the hardware to protect the secret against a sufficiently determined adversary; and many such systems have failed in the field. Once the secret is known, building a version of the hardware with the secret that performs no checks is often relatively straightforward.
In addition the user verification system is frequently subject to attack.

DRM on distributed purpose built hardware

See also

Compliance and Robustness
Copyleft
Copyright
Copy prevention
Cryptography
Data room
Glossary of legal terms in technology
ODRL
Smart contracts
Smart Cow Problem
Street Performer Protocol
Tivoization
Trusted Computing
Voluntary Collective Licensing
XrML Lobbying organizations

No comments: