Digital Rights Management (DRM)
Digital Rights Management (DRM) is a term used to describe access rights management, or rather, the control of who can access and view digital media, how and when.
DRM is often refered to as copy protection but it does not in any instance actually prevent anyone from making a copy while on display in a browser or reader. DRM is more about providing and managing the rights or permission to acces and view digital media, without which one can can never view it.
By controlling access rights (the rights of a user to access and view or utilize the media), sharing of the media can be controlled to regulate licensing and unauthorized redistribution. Such control can be applied for the purpose protecting copyright or intellectual property, commercial or military security and compliance to privacy regulations.
DRM solutions typically consist of security measures and are applied according to authorized group level governed by database records or tokens that determine the correct policy to apply to each file and individual user. The security mechanizations and rights database records are typically protected by a cryptographic layer that is usually comprised of the most secure encryption methods of the day.
The use of DRM has been controversial. While its users argue that it is necessary to protect their livelihood, the public generally wants everything for free, opposing anything that gets in their way and will strongly support opponents like the Free Software Foundation, a group mostly comprised of people who have never had an original thought and depend on an employer or ideas of others for their living. As a consequence of the all-in war against protecting one's livelihood, all widely-used DRM systems have been targeted and most have been circumvented.
History
Note that while the history of DRM, according to resources like Wikipedia, can get long winded, and much of it has been fabricated after the fact. Yes there were a lot of patents pending at the time but none of them had been substantiated by proving that it could be done. It doesn't cost much to lodge a patent but it does cost to finalise it if ever the sumission gets accepted. Patents can tend to be a wishlist, much like an imagining of how something can work, but it can be no more than fiction.
In the USA patents are applied for by serial punters trying to cover every horse in the race, with many applications based on the developments of others. In 1997 web searches on DRM and copy protection yielded nothing but a university paper describing a method of protecting links published on the Intenet by delivering them via scripted code that prevented requests without an approved referer. In other words the proposal was intended to prevent hotlinking and leeching. But at the time it was no more than theory and no-one had yet been able put it into practice. That was the first hint of DRM for web content but the first systems for preventing the redistibution of software, games and video were a bigger concern and the need to prevent losses of revenue from piracy was amounting to be millions of dollars. Consequently, huge investments were made in research and development of DRM solutions. The main targets and solutions at the time were either:
- Preventing the duplication of CDroms by using especially formatted
discs with hidden sectors that contained portions of the application so that
making a copy of the CDrom could not include the whole package, thus causing
any duplicates to return errors.
- or, licensing control by requiring a valid licence key for continued use beyond the trial/sample period.
By 1999 DRM and copy protection had became buzzwords and many new startups were floated by public funding. Copy protection was touted as the new gold mine and new companies claiming to have made break throughs relieved enthusiastic investors of many millions of dollars. Investors were so hyped that one new startup secured 26 million dollars to start and then later received another 20 million. Even the copycat following in their footsteps was able to secure 18 million in funding.
But both of those companies disappeared within 2 years without a trace except that another new company was reported to have bought the software rights and patents of the first player. However they did not continue and no product in that vein was ever released, which may suggest that news as being either a smoke screen or the realisation that the product was doomed.
But new DRM companies continue to emerge, some with big plans and big funding and some run out of a shoe box. The bigger ones don't last long, only until their funding runs out because of two major hurdles i) that the return from sales does not cover the cost of developing and maintaining a sustainable solution, and ii) the ever changing sands of the Internet means that DRM developers are building on quicksand. Those that disappear quickest are the larger companies that run out of funds and cannot sustain their workforce and overhead. The executives of those companies will have done well and simply move onto the next watering hole. But the smaller players can last longer because they have little to no overhead. The unfortunate part is that they have weak product but persist in inundating the web with spamvertising.
DRM that works
One example of DRM that has worked and continues to do so is shown by Microsoft's efforts to protect their product by ensuring that only paid software ran longer than an initial evaluation period. Their CDroms were not copy protected so as to enable user's to make backups of the software that they purchased. However licence keys were required to activate the Windows software to enable it to run outside the initial trial period. To activate a licence the computer was required to be connected to the Internet while their database could be checked for authenticity of the licence key and its validity, ie: had not been revoked due to piracy or shared on too many computers.
Another example is the licensing management for the CopySafe solutions which include Copysafe PDF and Copysafe Video. CopySafe was first released in 1999 to provide copy protection for web media with the option of applying DRM to control user access rights. ArtistScope, the developer of Secure Image which was the first image encryption software, had 50% of their sales bounce back as claims of credit card fraud in their first year. In that same year Secure Image licensing was hacked to produce a key generator that was distributed online for free. The hacker was located and all he had to say was "that he had been hired to do it".
With that lesson in mind, to better secure Copysafe licensing and ensure that client content could not be compromised, more stringent DRM controls were sought. Consequently, CopySafe software required call-to-home checks to authenticate the validity of licence keys. Also, CopySafe content being displayed on client websites was similarly authenticated by call-to-home requests for validation. Up till now most DRM solutions relied on tokens (encrypted text files) that approved access rights and some tokens required a matching MAC address.
But requiring call-to-home was new and a major innovation for DRM, especially when considering that the Internet of that day was not like it is today. In those days most users only had 56k modem connections and at best got to use 60% of that download capacity on crowded networks. Connectivity between major networks around the world was also poor, which could result in extremely long delays before displaying CopySafe content. To compensate ArtistScope developed licensing portals which ran on dedicated servers located on all of the major continents.
Network connectivity has improved dramatically over the years, so too have the connections between the continents improved, enabling Copysafe DRM to be run from a single server on the eastern side of USA.
The future of DRM
Forget what the free loaders claim, DRM is here to stay because it is necessary to protect the livelihoods of those who create media and online courses. Without the means to prevent plagiarism, sharing and piracy they would have little hope of ever returning their investment and overhead, or to pay to their living costs.
However the success of any DRM solution and the survival of the company providing it, does depend on keeping abreast of the ever changing IT landscape.
Please report any errors or typos here.