Digital Rights Management (DRM) is an umbrella term referring to any of several technologies used to enforce controlling access to software, media, or other digital data and hardware. On a technical technical level, DRM handles the description, layering, analysis, valuation, trading, monitoring and enforcement of the usage restrictions that accompany a specific instance of a digital work.

There is a lot of criticism that exists concerning digital rights management and much of it has merit.  However, DRM is a technology that is continuing to grow and prosper as technology moves forward and concerns over copyrights, ownership, usage and consumption also grow. Critics argue that the term “digital rights management” is a misnomer, that the term “digital restrictions management” is more accurate.

Definitions 

Public Key Infrastructure:  In cryptography, a public key infrastructure is an arrangement that provides for third-party vetting of and vouching for user identities. It also allows binding of public keys to users. This is usually carried out by software at a central location together with other coordinated software at distributed locations. The public keys are typically in certificates.

DRM (Digital Rights Management):  A PKI-based system of encrypting media and requiring authentication for delivery, play, copying or any other number of usage schemes.

Rights Set: Also known as rights structure.  A rights set defines the rules of the encrypted media and is built into the unique license.  Rights sets include such information as play count, transferability to other devices, whether the media can be burned to CD or DVD, expiration (date) of the license, etc.  The current term for this is “Media Usage Rights”.

DRM, The Simple Scheme

While DRM is overall a very simple scheme, it is not always so easy to implement.  There are a number of factors to consider when deciding if DRM should be implemented and even more factors once the decision to implement is made.

Pre-Implementation Factors	Post-Implementation Factors
Codec support for DRM Strength of DRM system required CDN hosting of DRM Technical capacity of engineering staff Cost of implementation Capacity of viewers/listeners to accept or use DRM Necessity	Rights structure Longevity Tree-leaf implementation Management & maintenance

How DRM Works 

DRM is both simple and complex at the same time.  While the end result and the basic concept is generally similar across all implementations, the steps to implementation differ.

iTunes

Apple uses the AAC file format (a Quicktime variant) with DRM applied through a system known as FairPlay.  FairPlay predicates that:

• The protected track may be copied to any number of iPod player(s)
• The protected track may be played on up to five authorized computers simultaneously
• The protected track may be burned to a CD unlimited times (the resulting CD has no DRM and can be ripped, encoded and played back like any normal CD except there are first sale rights issues so it may not be distributed, and may have lossiness, also known as artifacts of compression)
• A protected track within a specified playlist in iTunes may only be copied to a CD seven times
• FairPlay only manages the decryption of audio content, not the ability of the file itself

The intent of FairPlay is to prevent the use of purchased music on a device other than an iPod.  FairPlay is constrained by incompatibilities with the Creative Commons license.

iTunes uses a regular MP4 container file with an encrypted AAC audio stream using  the Rijndael algorithm and MD5 hashes.  The master key used for decryption is also stored in the MP4 container.  The decryption key, also called a “user key” is provided by the user’s iTunes.  The keys are tied to the GUID of the computer, so when that computer is “de-authorized”, the keys are removed from Apple’s central repository, rendering further use of the file invalid for other computers.  The iPod itself, however, also maintains its own repository, so the file can continue to be played on the device.

iTunes and FairPlay, despite its commercial success, has received widespread criticism, particularly in France and by Real Networks.  The FairPlay system has long been deconstructed (cracked) and is easily removed using any number of publicly available tools.

Napster/PlaysForSure

PlaysForSure is a Windows Media-based system supporting the distribution of WMA files, most notably used in subscription-based approach such as those used by Napster.  The certificate system in PlaysForSure, a variant of the standard Windows Media DRM system, renders files useless if the subscription is expired by doing a continuous certificate check into a central repository every time the file is played.  This is covered more in the next section.

DivX

Introduced in 2006, DivX was once on the hit list for major studios (being a significant distribution container for illegally copied torrents) but is now the darling of the industry because of its ability to maintain high quality video in a relatively compact form factor.  The implementation has gained popularity with firmware manufacturers (such as DVD player makers) but works very similar to FairPlay.

Windows Media DRM

Windows Media DRM, like iTunes, uses a central repository to track the existence of licenses.  When any Windows Media file (note, this is the container, the codec may be any number of acceptable types) is encoded with DRM, an encrypted key is placed inside the header of the file.  The key is half of the PKI match to the certificate server.  The certificate server,  in addition to the remainder of the key, stores the acceptable use characteristics, currently called the “Media Usage Rights” which include any or all of the following:

• Computer Play Count: This field dictates the number of plays a licensed recipient will be able to play the media (on his or her receiving computer only). For example, if you want to restrict a pay-per-view type video to 5 views, change the selection to 5 plays.
• Burn to CD Count: This field indicates the number of times a licensed media may be burned to CD-ROM and still maintain license integrity.
• Portable Transfer Count: This field indicates the number of times a licensed media may be transferred to an SDMI-compatible portable device and still maintain license integrity.
• Grace Period: The number of hours that a device that has lost secure clock time may operate using its “best guess” time.
• Collaborative Play:This field indicates whether the license permits consumers to play protected content in a collaborative peer-to-peer session (messaging session).
• License Backup and Restore: This field indicates whether or not the applicable license can be backed up and restored at a future date. If Not Allowed is selected and the user inadvertently deletes the license certificates from his or her computer, the license for the media file will be automatically expired.
• License Begin Date: In mm/dd/yyyy format, this field set indicates when the media file license can begin. By default, this is set to the current date. If this field set is modified, the license usage date can be modified to a future date.
• License Duration: This field indicates how many days the license will remain applicable in the recipient’s computer once it is generated and stored.
• License Acquisition URL: The License Acquisition URL field requires a fully validated URL. In the case of non-silent delivery, this can provide an error page telling the user that he or she is attempting to play a media file without a valid license

Any individual usage right can override the others.  For example, if the license duration is 30 days and the expiry date has passed, the unlimited computer play count is no longer valid.  Windows DRM requires plug-ins and hence it is not operable on non-Windows platforms.  These plug-ins are ActiveX controls that are resident in all Windows systems.

Here are 3 examples of Windows Media Files.  Download them (right click and ‘Save As’) to your local computer and attempt to play them.  If you are prompted to install the security upgrade, go ahead and do so.  If you would like more information on upgrading or installing the security upgrade to use Windows DRM, go here.

• File 1 – No DRM
• File 2 – DRM Applied with Silent License Delivery
• File 3 – DRM Applied with Challenge

If you attempt to play File 2 (and have already done the security upgrade), you will notice the status bar indicating “Acquiring License” and then begin to play.  In the duration of time between loading the file and when it begins to play, the file itself send a command to a license certificate server and delivered a license silently (in the background) to your computer.  The  file has media usage rights set for only 10 plays and expires in 7 days.

If you attempt to play File 3 (and have already done the security upgrade), you will get a prompted window commonly called the challenge.  The challenge calls an HTML-based web page and allows the owner to collect information or payment to acquire the license.  The data shown in the textarea under the graphic shows the (PKI) private key portion (explained below) of your computer’s WMP security as well as some other information (in XML format).  This file looks like this:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head>   <title>Challenge</title>   <script language="Javascript">   function getClientInfo() {  document.myForm.myString.value = netobj.GetSystemInfo();   }   </script> </head> <body bgcolor="#7391e4" onload="getClientInfo();"> <object classid="clsid:A9FC132B-096D-460B-B7D5-1DB0FAE0C062" height="0" width="0" id="netobj" VIEWASTEXT> <embed MAYSCRIPT type="applicagtion/x-drm-v2" hidden="true"></embed> </object> <div style="text-align:center;font-family:Arial,Helvetica;font-size:11px;"> <img src="path to my image" border="0" /> <br /> <h3 style="font-family:Lucida Grande,Arial,Helvetica;font-size:16px;">Challenge Request From:</h3> <form id="myForm" name="myForm"><textarea name="myString" style="font:11px verdana;width:90%;height:60px;"></textarea></form> </div> </body> </html>

In 2006, Microsoft introduced chaining into its DRM platform.  In chaining, the license has two parts – a root and a leaf.  The root license is bound to the computer or device while the lead contains the content key.  In this scheme, licenses can be chained together by association to a rooted key where the leaf specifically handles the content while the root handles the decryption.

In 2008, Microsoft will release a new version of DRM called PlayReady, largely in response to the ratification of WM9 as VC-1 and changes in business modeling since the release of the original DRM.  PlayReady will expand the DRM implementation significantly, supporting a much wider range of codecs and formats (including AAC and H.264 in addition to WM), be supported by the Silverlight delivery platform, and extend the ability to transfer media from device to device without loss of licensing integrity, as well as remaining backward compatible with WMDRM10.

Windows Media DRM can be used in conjunction with playlists and pointers.  Only when the DRM encoded file in the list is reached will it become activated.

Commonalities

All 3 formats have some things in common which is primarily the intent of protecting the distribution of content and tracking its usage.  The bottom line is that any content provider (an musician, a film studio, etc) has a defined need to protect, under copyright law, original content that it produces and to receive compensation for its distribution.  All formats use some form of encryption to hold some component of data though the media usage rights structures can vary widely.

All 3 formats also have one commonality in structure – they all require some form of GUID tracking.  A GUID (Global Unique Identifier) is a pseudo-random number which usually refers to the Microsoft implementation of UUID (Universally Unique Identifier).  Commonly, this is a 16-byte number (128 bits) and often represented in hexadecimal format such as:

3F2504E0-4F89-11D3-9A0C-0305E82C3301

GUIDs are used for many things, but mostly for identifying unique software applications.  In the case of DRM applications, it is a unique identifier of the software application being used to create the keys, and this information is stored in the certificate server to monitor the usage.

Name	Used In	Circa	Description
FairPlay	iTunes	2003	The purchased music files are encoded as AAC, a format exclusively compatible with Apple products.
3-day-or-3-play	Microsoft Zune	2006	Music files that are received wirelessly from other Zune devices can be played only a maximum of three times on the device, and expire after three days whether they are played or not. Recipients cannot re-send music that they have received via the sharing feature.
Janus WMA DRM	PlaysForSure	2004	Janus is the codename for portable version of Windows Media DRM for portable devices.
Content-scrambling_system (CSS)	DVDs	1996	CSS utilizes a weak, 40-bit stream cipher to actively encrypt DVD-Video.
VHS Macrovision	Almost all VHS Video through the 20th Century	1984	When dubbing a protected tape, the picture that has gone through the recording VCR will get dark and then normal again periodically. The picture may also become unstable when it is at its darkest.
DVD Region Code	DVDs	1996	Each DVD-Video disc contains one or more region codes, denoting the area[s] of the world in which distribution and playback are intended.
OMA	DRM Implemented in over 550 phone models	2004	A DRM system invented by the Open Mobile Alliance to protect cell phone ring tones.
Windows Media DRM	Online media distribution	1999	WMV DRM is designed to provide secure delivery of audio and/or video content over an IP network to a PC or other playback device in such a way that the distributor can control how that content is used.
No longer in use:
Extended Copy Protection	Sony and BMG CDs	2005	Also known as the ‘Sony Rootkit’

As of today, all DRM schemes have been cracked with the sole exception of Windows DRM, largely because it uses the strongest encryption (1024 or 2048 bit keys), though the earlier version (version 1, the current version is 10) was cracked in 2004.

Distribution Platforms

Windows Media uses a wide distribution platform.  In fact, the system is largely free since all components needed to build a distribution system are also free with the sole exception of the licensing server.  Currently the biggest demand for DRM is in the business sector after a significant backlash from the consumer market in 2006 and 2007, and in fact demand for DRM implementations in the business-to-business sector has increased in the last couple of years. 

In 2005, iStreamPlanet proposed (and subsequently filed a patent application) a distribution model whereby licensing could be easily distributed through IP networks by use of Web Services.  The scope of this distribution system is rapidly becoming widely adopted whereby a third-party (such as iStreamPlanet) acting independently of the content provider and the consumer acts as an intermediary solely for the purpose of license distribution and management.  As a value added resource, the system also offer the ability to handle transaction processing and subscription management, all done via Web Service.

Political Issues

In 1998 the Digital Millennium Copyright Act was passed by Congress without even token opposition.  It was produced in an effort to make circumvention of DRM systems illegal.  In 2001 the most publicized case in which the government prosecuted any individual occurred when Dmitry Sklyarov was arrested in conjunction with work done for a Russian company (note that DRM is not enforceable in Russia).  Though acquitted, the case left a lasting impression in the digital community with respect to copyright violations and furthered work done by the RIAA against file-sharing schemes and the anti-hacker movement as a whole.

Why Should We Use Digital Rights Management

On the one side, we can argue that sharing of information is exactly what the Internet was created for and to a degree that’s accurate.  However, publication of information with consent is not the same thing as consumption without royalty.

Artistic works are the lifeblood of their creators.  Therefore, one can easily argue the usage of DRM in entertainment-based media distribution (music, movies, and so forth).  Likewise, however, any form of media can be subject to copyright, and the creators should be entitled to remuneration for consumption, or at the very least be able to protect its usage.  More so, creators of works should be able to protect their media from others claiming it to be their own.  This is the simple argument for using DRM.

What other reasons do you think DRM
should be instituted on a broad scale?

On the other side of the equation, particularly emphasized by recent consumer backlash and even litigation in several countries, is that use of DRM constitutes violations of consumer rights – that it inhibits the distribution and playability of content.  Largely the misconception has led to a general backlash against DRM as a whole but the real issue has more to do with one plaguing problem – interoperability.  In the case of France vs. Apple FairPlay, France argues that FairPlay is not interoperable thereby restricting its use and essentially “shunning out” markets and competitors – in violates anti-trust laws. 

Most consumers do not truly realize that this is the issue at hand – for most consumers, DRM is simply a means by which big business reduces sharing – acts as “Big Brother.”

What reasons would you state arguing
against the institution of DRM?

 

---

• Required Reading: Apple vs. France (BusinessWeek article), Flash DRM could put Dramatic Prairie Dog on endangered list (Ars Technica article), CES: Sony Pictures embraces DivX (Los Angeles Times article), Survey Results: Content Owners Still Believe in DRM (DRMWatch article)

• Recommended Reading: Patent Filing 2006123484 (iStreamPlanet)

• Other Resources: Windows Media Digital Rights Management