Digital rights management (DRM) is a generic term for access control technologies that can be used by hardware manufacturers, publishers, copyright holders and individuals to try to impose limitations on the usage of digital content and devices. The term is used to describe any technology which inhibits uses (legitimate or otherwise) of digital content that were not desired or foreseen by the content provider. The term generally doesn't refer to other forms of copy protection which can be circumvented without modifying the file or device, such as serial numbers or keyfiles. It can also refer to restrictions associated with specific instances of digital works or devices. Digital rights management is being used by companies such as Sony, Apple Inc., Microsoft and the BBC.

The use of digital rights management is controversial. Proponents argue it is needed by copyright holders to prevent unauthorized duplication of their work, either to maintain artistic integrity or to ensure continued revenue streams. Some opponents, such as the Free Software Foundation, maintain that the use of the word "rights" is misleading and suggest that people instead use the term digital restrictions management. Their position is essentially that copyright holders are restricting the use of material in ways that are beyond the scope of existing copyright laws, and should not be covered by future laws. The Electronic Frontier Foundation, and other opponents, also consider DRM systems to be anti-competitive practices.

In practice, all widely-used DRM systems are eventually defeated or circumvented. Completely restricting the copying of audio and visual material is impossible due to the inevitable analog hole.

Introduction

DRM technologies attempt to control use of digital media by preventing access, copying or conversion to other formats by end users. Long before the arrival of digital or even electronic media, copyright holders, content producers, or other financially or artistically interested parties had business and legal objections to copying technologies. Examples include: player piano rolls early in the 20th century, audio tape recording, and video tape recording (e.g. the "Betamax case" in the U.S.). Copying technology thus exemplifies a disruptive technology.

The advent of digital media and analog/digital conversion technologies, especially those that are usable on mass-market general-purpose personal computers, has vastly increased the concerns of copyright-dependent individuals and organizations, especially within the music and movie industries, because these individuals and organizations are partly or wholly dependent on the revenue generated from such works. While analog media inevitably loses quality with each copy generation, and in some cases even during normal use, digital media files may be duplicated an unlimited number of times with no degradation in the quality of subsequent copies. The advent of personal computers as household appliances has made it convenient for consumers to convert media (which may or may not be copyrighted) originally in a physical/analog form or a broadcast form into a universal, digital form (this process is called ripping) for location- or timeshifting. This, combined with the Internet and popular file sharing tools, has made unauthorized distribution of copies of copyrighted digital media (so-called digital piracy) much easier.

Although technical controls on the reproduction and use of software have been intermittently used since the 1970s, the term 'DRM' has come to primarily mean the use of these measures to control artistic or literary content. DRM technologies have enabled publishers to enforce access policies that not only disallow copyright infringements, but also prevent lawful fair use of copyrighted works, or even implement use constraints on non-copyrighted works that they distribute; examples include the placement of DRM on certain public-domain or open-licensed e-books, or DRM included in consumer electronic devices that time-shift (and apply DRM to) both copyrighted and non-copyrighted works.

DRM is most commonly used by the entertainment industry (e.g. film and recording). Many online music stores, such as Apple's iTunes Store, as well as many e-book publishers, have imposed DRM on their customers. In recent years, a number of television producers have imposed DRM mandates on consumer electronic devices, to control access to the freely-broadcast content of their shows, in connection with the popularity of time-shifting digital video recorder systems such as TiVo.

Technologies

DRM and film

An early example of a DRM system was the Content Scrambling System (CSS) employed by the DVD Forum on film DVDs since ca. 1996. CSS used a simple encryption algorithm, and required device manufacturers to sign license agreements that restricted the inclusion of features, such as digital outputs that could be used to extract high-quality digital copies of the film, in their players. Thus, the only consumer hardware capable of decoding DVD films was controlled, albeit indirectly, by the DVD Forum, restricting the use of DVD media on other systems until the release of DeCSS by Jon Lech Johansen in 1999, which allowed a CSS-encrypted DVD to play properly on a computer using Linux, for which the Alliance had not arranged a licensed version of the CSS playing software.

Microsoft's Windows Vista contains a DRM system called the Protected Media Path, which contains the Protected Video Path (PVP). PVP tries to stop DRM-restricted content from playing while unsigned software is running in order to prevent the unsigned software from accessing the content. Additionally, PVP can encrypt information during transmission to the monitor or the graphics card, which makes it more difficult to make unauthorized recordings.

Advanced Access Content System (AACS) is a DRM system for HD DVD and Blu-Ray Discs developed by the AACS Licensing Administrator, LLC (AACS LA), a consortium that includes Disney, Intel, Microsoft, Matsushita (Panasonic), Warner Brothers, IBM, Toshiba and Sony. In December 2006 a process key was published on the internet by hackers, enabling unrestricted access to AACS-restricted HD DVD content. After the cracked keys were revoked, further cracked keys were released.

The broadcast flag concept was developed by Fox Broadcasting in 2001 and was supported by the MPAA and the FCC. A ruling in May 2005 by a US Court of Appeals held that the FCC lacked authority to impose it on the TV industry in the US. It required that all HDTVs obey a stream specification determining whether or not a stream can be recorded. This could block instances of fair use, such as time-shifting. It achieved more success elsewhere when it was adopted by the Digital Video Broadcasting Project (DVB), a consortium of about 250 broadcasters, manufactures, network operators, software developers, and regulatory bodies from about 35 countries involved in attempting to develop new digital TV standards.

An updated variant of the broadcast flag has been developed in the Content Protection and Copy Management (DVB-CPCM). It was developed in private, and the technical specification was submitted to European governments in March 2007. As with much DRM, the CPCM system is intended to control use of copyrighted material by the end-user, at the direction of the copyright holder. According to Ren Bucholz of the EFF, which paid to be a member of the consortium, "You won't even know ahead of time whether and how you will be able to record and make use of particular programs or devices". The DVB supports the system as it will harmonize copyright holders' control across different technologies and so make things easier for end users. The CPCM system is expected to be submitted to the European Telecommunications Standards Institute in 2008.

DRM and music

Audio CDs

Discs with digital rights management schemes are not legitimately standards-compliant Compact Discs (CDs) but are rather CD-ROM media. Therefore they all lack the CD logotype found on discs which follow the standard (known as Red Book). Therefore these CDs could not be played on all CD players. Many consumers could also no longer play purchased CDs on their computers. PC running Microsoft Windows would sometimes even crash when attempting to play the CDs.

In 2002, Bertelsmann (comprising BMG, Arista, and RCA) was the first corporation to use DRM on audio CDs. In 2005, Sony BMG introduced new DRM technology which installed DRM software on users' computers without clearly notifying the user or requiring confirmation. Among other things, the installed software included a rootkit, which created a severe security vulnerability others could exploit. When the nature of the DRM involved was made public much later, Sony initially minimized the significance of the vulnerabilities its software had created, but was eventually compelled to recall millions of CDs, and released several attempts to patch the surreptitiously included software to at least remove the rootkit. Several class action lawsuits were filed, which were ultimately settled by agreements to provide affected consumers with a cash payout or album downloads free of DRM.

Sony's DRM software actually had only a limited ability to prevent copying, as it affected only playback on Windows computers, not on other equipment. Even on the Windows platform, users regularly bypassed the restrictions. And, while the Sony DRM technology created fundamental vulnerabilities in customers' computers, parts of it could be trivially bypassed by holding down the "shift" key while inserting the CD, or by disabling the autorun feature. In addition, audio tracks could simply be played and re-recorded, thus completely bypassing all of the DRM (this is known as the analog hole). Sony's first two attempts at releasing a patch which would remove the DRM software from users' computers failed.

In January 2007, EMI stopped publishing audio CDs with DRM, stating that "the costs of DRM do not measure up to the results." Following EMI, Sony BMG was the last publisher to abolish DRM completely, and audio CDs containing DRM are no longer released by the four record labels.

Internet music

Many online music stores employ DRM to restrict usage of music purchased and downloaded online. There are many options for consumers wishing to purchase digital music over the internet:

• The iTunes Store, run by Apple Inc., allows users to purchase a track online for $0.99 US. The tracks purchased use Apple's FairPlay DRM system. Apple later launched iTunes Plus, which offered higher quality DRM-free tracks for a higher price. On October 17, 2007, iTunes Plus became available at the usual $.99 price, replacing the non-Plus tracks. On January 6, 2009 Apple announced at its Macworld Expo keynote that iTunes music would be available completely DRM free by the end of the month. Videos sold and rented through iTunes, as well as mobile software sold through the iTunes App Store for the iPhone and iPod touch, continue to use Apple's FairPlay DRM to inhibit casual copying.

• Napster music store, which offers a subscription-based approach to DRM alongside permanent purchases. Users of the subscription service can download and stream an unlimited amount of music transcoded to Windows Media Audio while subscribed to the service. But when the subscription period lapses, all of the downloaded music is unplayable until the user renews his or her subscription. Napster also charges users who wish to use the music on their portable device an additional $5 per month. In addition, Napster gives users the option of paying an additional $0.99 per track to burn it to CD or for the song to never expire. Music bought through Napster can be played on players carrying the Microsoft PlaysForSure logo (which, notably, do not include iPods or even Microsoft's own Zune). As of June 2009 Napster is giving DRM free MP3 music, which can be played on iPhones and iPods.

• Wal-Mart Music Downloads, another online music download store, charges $0.94 per track for all non-sale downloads. All Wal-Mart, Music Downloads are able to be played on any Windows PlaysForSure marked product. The music does play on the SanDisk's Sansa mp3 player, for example, but must be copied to the player's internal memory. It cannot be played through the player's microSD card slot, which is a problem that many users of the mp3 player experience.

• Sony operated an online music download service called "Connect" which used Sony's proprietary OpenMG DRM technology. Music downloaded from this store (usually via Sony's SonicStage software) was only playable on computers running Windows and Sony hardware (including the PSP and some Sony Ericsson phones).

The various services are currently not interoperable, though those that use the same DRM system (for instance the several Windows Media DRM format stores, including Napster and Yahoo Music) all provide songs that can be played side-by-side through the same player program. Almost all stores require client software of some sort to be downloaded, and some also need plug-ins. Several colleges and universities, such as Rensselaer Polytechnic Institute, have made arrangements with assorted Internet music suppliers to provide access (typically DRM-restricted) to music files for their students, to less than universal popularity, sometimes making payments from student activity fee funds. One of the problems is that the music becomes unplayable after leaving school unless the student continues to pay individually. Another is that few of these vendors are compatible with the most common portable music player, the Apple iPod. The Gowers Review of Intellectual Property (to HMG in the UK; 141 pages, 40+ specific recommendations) has taken note of the incompatibilities, and suggests (Recommendations 8—12) that there be explicit fair dealing exceptions to copyright allowing libraries to copy and format-shift between DRM schemes, and further allowing end users to do the same privately. If adopted, some of the acrimony may decrease.

Although DRM is prevalent for Internet music, some online music stores such as eMusic, Dogmazic, Amazon, and Beatport, do not use DRM despite encouraging users to avoid sharing music. Another online retailer, Xiie.net, which sells only unsigned artists, encourages people to share the music they buy from the site, to increase exposure for the artists themselves. Major labels have begun releasing more online music without DRM. Eric Bangeman suggests in Ars Technica that this is because the record labels are "slowly beginning to realize that they can't have DRMed music and complete control over the online music market at the same time... One way to break the cycle is to sell music that is playable on any digital audio player. eMusic does exactly that, and their surprisingly extensive catalog of non-DRMed music has vaulted it into the number two online music store position behind the iTunes Store." Apple's Steve Jobs has called on the music industry to eliminate DRM in an open letter titled Thoughts on Music. Apple's iTunes store will start to sell DRM-free 256 kbit/s (up from 128 kbit/s) AAC encoded music from EMI for a premium price (this has since reverted to the standard price).In March 2007, Musicload.de, one of Europe's largest online music retailers, announced their position strongly against DRM. In an open letter, Musicload stated that three out of every four calls to their customer support phone service are as a result of consumer frustration with DRM.

Computer games

Computer games sometimes use DRM technologies to limit the number of systems the game can be installed on. Most games with this restriction allow three or five installs. This limits users who have more than three or five computers in their homes (Seeing as the rights of the software developers allow them to limit the number of installations). Other software (such as FADE) slowly remove and degrade the protected software over time, eventually rendering it unplayable. In 2008 the DRM scheme backfired and a large number of users decided not to pay for the game, seeking a pirated version instead. The most prominent cases involving the DRM technology SecuROM include Spore, BioShock, Mass Effect and Gears Of War. The backlash against SecuROM was a significant factor in Spore becoming the most pirated game in 2008.

E-books

Electronic books read on a personal computer or an e-book reader typically use DRM restrictions to limit copying, printing, and sharing of e-books. E-books are usually limited to a certain number of reading devices and some e-publishers prevent any copying or printing. Some commentators believe that DRM is something that makes E-book publishing complex.

Two of the most commonly used software programs to view e-books are Adobe Reader and Microsoft Reader. Each program uses a slightly different approach to DRM. The first version of Adobe Acrobat e-book Reader to have encryption technologies was version 5.05. In the later version 6.0, the technologies of the PDF reader and the e-book reader were combined, allowing it to read both DRM-restricted and unrestricted files. After opening the file, the user is able to view the rights statement, which outlines actions available for the specific document. For example, for a freely transferred PDF, printing, copying to the clipboard, and other basic functions are available to the user. However, when viewing a more highly restricted e-book, the user is unable to print the book, copy or paste selections. The level of restriction is specified by the publisher or distribution agency.

Microsoft Reader, which exclusively reads e-books in a .lit format, contains its own DRM software. In Microsoft Reader there are three different levels of access control depending on the e-book: sealed e-books, inscribed e-books and owner exclusive e-books. Sealed e-books have the least amount of restriction and only prevents the document from being modified. Therefore, the reader cannot alter the content of the book to change the ending, for instance. Inscribed e-books are the next level of restriction. After purchasing and downloading the e-book, Microsoft Reader puts a digital ID tag to identify the owner of the e-book. Therefore, this discourages distribution of the e-book because it is inscribed with the owner’s name making it possible to trace it back to the original copy that was distributed. Other e-book software uses similar DRM schemes. For example, Palm Digital Media, now known as Ereader, links the credit card information of the purchaser to the e-book copy in order to discourage distribution of the books.

The most stringent form of security that Microsoft Reader offers is called owner exclusive e-books, which uses traditional DRM technologies. To buy the e-book the consumer must first open Microsoft Reader, which ensures that when the book is downloaded it becomes linked to the computer’s Microsoft Passport account. Thus the e-book can only be opened with the computer with which it was downloaded, preventing copying and distribution of the text.

Amazon.com has remotely deleted purchased copies of George Orwell's 1984 and Animal Farm from customer's Amazon Kindles. Commenters have widely described these actions as Orwellian, and have alluded to Big Brother from Orwell's 1984. After an apology from Amazon CEO Jeff Bezos, the Free Software Foundation has written that this is just one more example of the excessive power Amazon has to remotely censor what people read through its software, and called upon Amazon to free its e-book reader and drop DRM.

DRM and documents

Enterprise digital rights management (E-DRM or ERM) is the application of DRM technology to the control of access to corporate documents such as Microsoft Word, PDF, and AutoCAD files, emails, and intranet web pages rather than to the control of consumer media. E-DRM, now more commonly referenced as IRM (Information Rights Management), is generally intended to prevent the unauthorized use (such as industrial or corporate espionage or inadvertent release) of proprietary documents. IRM typically integrates with content management system software.

DRM has been used by organizations such as the British Library in its secure electronic delivery service to permit worldwide access to substantial numbers of rare (and in many cases unique) documents which, for legal reasons, were previously only available to authorized individuals actually visiting the Library's document centre at Boston Spa in England.

Watermarks

Digital watermarks are unobtrusive features of media that are added during production or distribution. Digital watermarks involve data that is arguably steganographically embedded within the audio or video data.

Watermarks can be used for different purposes that may include:

• for recording the copyright owner
• for recording the distributor
• for recording the distribution chain
• for identifying the purchaser of the music

Watermarks are not complete DRM mechanisms in their own right, but are used as part of a system for Digital Rights Management, such as helping provide prosecution evidence for purely legal avenues of rights management, rather than direct technological restriction. Some programs used to edit video and/or audio may distort, delete, or otherwise interfere with watermarks. Signal/modulator-carrier chromatography may also separate watermarks from original audio or detect them as glitches. Use of third party media players and other advanced programs render watermarking useless. Additionally, comparison of two separately obtained copies of audio using simple, home-grown algorithms can often reveal watermarks. New methods of detection are currently under investigation by both industry and non-industry researchers.

Metadata

Sometimes, metadata is included in purchased music which records information such as the purchaser's name, account information, or email address. This information is not embedded in the played audio or video data, like a watermark, but is kept separate, but within the file or stream.

As an example, metadata is used in media purchased from Apple's iTunes Store for DRM-free as well as DRM-restricted versions of their music or videos. This information is included as MPEG standard metadata.

Table of DRM technologies and associated devices

Name	Used In	Date of Use	Description
DRM Schemes Currently in Use
Personal computer DRM
Windows Media DRM	Many Online Video Distribution Networks	1999+	WMV DRM is designed to provide secure delivery of audio and/or video content over an IP network to a PC or other playback device in such a way that the distributor can control how that content is used.
FairPlay	The iTunes Store, iPod	2003+	Purchased music files were encoded as AAC, then encrypted with an additional format that renders the file exclusively compatible with iTunes and the iPod. On January 6 2009, Apple announced that the iTunes Store would begin offering all songs DRM-free.
Helix & Harmony	Real Networks services	2003+	A DRM system from Real Networks intended to be interoperable with other DRM schemes, particularly FairPlay. Ultimately used only by Real Networks.
Orion/EasyLicenser [701897]	Enterprise, business, networking, financial, telecom and consumer applications	2003+	Restriction for applications written in Java, .Net or C/C++ on Windows, Linux, Solaris and Mac
Adobe Protected Streaming	Flash Video/Audio Streaming	2006+	The Media-Streams are encrypted "on the fly" by the Flash Media Server (the protocol used is rtmpe or rtmps). In addition the client player can be verified via "SWF-Verification", to make sure that only the official client can be used.
PlayReady	Computers, Mobile and Portable Devices	2007+	PlayReady is designed to encrypt WMA, WMV, AAC, AAC+, enhanced AAC+, and H.263 and H.264 codecs files. PlayReady is actually a new version of Windows Media DRM for Silverlight. Silverlight 2-based online content can be restricted using PlayReady and played back via the Silverlight plug-in. PlayReady is promoted by Microsoft
Portable device DRM
Janus WMA DRM	All PlaysForSure Devices	2004+	Janus is the codename for a portable version of Windows Media DRM intended portable devices.
OMA DRM	Implemented in over 550 phone models.	2004+	A DRM system invented by the Open Mobile Alliance to control copying of cell phone ring tones. Also used to control access to media files, such as video.
Storage media DRM
VHS Macrovision	Almost all VHS Video through the end of the 20th Century	1984+	When dubbing a Macrovision-encoded tape, a video stream which has passed through the recording VCR will become dark and then normal again periodically, degrading quality. The picture may also become unstable when darkest.
Content-scrambling system (CSS)	Some DVD Discs	1996+	CSS utilizes a weak, 40-bit stream cipher to actively encrypt DVD-Video.
DVD Region Code	Some DVD Discs	1996+	Many DVD-Video discs contain one or more region codes, marking those area[s] of the world in which playback is permitted. This restriction enforces artificial market segmentation.
ARccOS Protection	Some DVD Discs	1997?	Adds corrupt data sectors to the DVD, preventing computer software implementing computer standards from successfully reading the media. DVD players execute the on-disk program which skips the (corrupt) ARccOS sectors.
OpenMG	ATRAC audio devices (e.g., MiniDisc players), Memory Stick based audio players, AnyMusic distribution service	1999+	A proprietary DRM system invented and promoted by Sony.
DRM Schemes no Longer in Use
Extended Copy Protection	Sony and BMG CDs	2005	Also known as the 'Sony Rootkit'. Although not classified as a virus by many anti-virus software producers, it bore many virus-like and trojan-like characteristics, rendering it illegal in some places and dangerous to infected computers in all. After it became publicly known, protests and litigation resulted in withdrawal by Sony. The US litigation was settled by payment by Sony.

Laws regarding DRM

Digital rights management systems have received some international legal backing by implementation of the 1996 WIPO Copyright Treaty (WCT). Article 11 of the Treaty requires nations party to the treaties to enact laws against DRM circumvention.

The WCT has been implemented in most member states of the World Intellectual Property Organization. The American implementation is the Digital Millennium Copyright Act (DMCA), while in Europe the treaty has been implemented by the 2001 European directive on copyright, which requires member states of the European Union to implement legal protections for technological prevention measures. , the lower house of the French parliament adopted such legislation as part of the controversial DADVSI law, but added that protected DRM techniques should be made interoperable, a move which caused widespread controversy in the United States.

Digital Millennium Copyright Act

The Digital Millennium Copyright Act (DMCA) is an extension to United States copyright law passed unanimously on May 14, 1998, which criminalizes the production and dissemination of technology that allows users to circumvent technical copy-restriction methods. Under the Act, circumvention of a technological measure that effectively controls access to a work is illegal if done with the primary intent of violating the rights of copyright holders. (For a more detailed analysis of the statute, see WIPO Copyright and Performances and Phonograms Treaties Implementation Act.)

Reverse engineering of existing systems is expressly permitted under the Act under specific conditions. Under the reverse engineering safe harbor, circumvention necessary to achieve interoperability with other software is specifically authorized. See 17 U.S.C. Sec. 1201(f). Open-source software to decrypt content scrambled with the Content Scrambling System and other encryption techniques presents an intractable problem with the application of the Act. Much depends on the intent of the actor. If the decryption is done for the purpose of achieving interoperability of open source operating systems with proprietary operating systems, the circumvention would be protected by Section 1201(f) the Act. Cf., Universal City Studios, Inc. v. Corley, 273 F.3d 429 (2d Cir. 2001) at notes 5 and 16. However, dissemination of such software for the purpose of violating or encouraging others to violate copyrights has been held illegal. See Universal City Studios, Inc. v. Reimerdes, 111 F. Supp. 2d 346 (S.D.N.Y. 2000).

On 22 May, 2001, the European Union passed the EU Copyright Directive, an implementation of the 1996 WIPO Copyright Treaty that addressed many of the same issues as the DMCA.

The DMCA has been largely ineffective in protecting DRM systems, as software allowing users to circumvent DRM remains widely available. However, those who wish to preserve the DRM systems have attempted to use the Act to restrict the distribution and development of such software, as in the case of DeCSS.

Although the Act contains an exception for research, the exception is subject to vague qualifiers that do little to reassure researchers. Cf., 17 U.S.C. Sec. 1201(g). The DMCA has had an impact on cryptography, because many fear that cryptanalytic research may violate the DMCA. The arrest of Russian programmer Dmitry Sklyarov in 2001, for alleged infringement of the DMCA, was a highly publicized example of the law's use to prevent or penalize development of anti-DRM measures. Sklyarov was arrested in the United States after a presentation at DEF CON, and subsequently spent several months in jail. The DMCA has also been cited as chilling to non-criminal inclined users, such as students of cryptanalysis (including, in a well-known instance, Professor Felten and students at Princeton), and security consultants such as the Netherlands based Niels Ferguson, who has declined to publish information about vulnerabilities he discovered in an Intel secure-computing scheme because of his concern about being arrested under the DMCA when he travels to the US.

On 25 April, 2007 the European Parliament supported the first directive of EU, which aims to harmonize criminal law in the member states. It adopted a first reading report on harmonizing the national measures for fighting copyright abuse. If the European Parliament and the Council approve the legislation, the submitted directive will oblige the member states to consider a crime a violation of international copyright committed with commercial purposes. The text suggests numerous measures: from fines to imprisonment, depending on the gravity of the offense.

The EP members supported the Commission motion, changing some of the texts. They excluded patent rights from the range of the directive and decided that the sanctions should apply only to offenses with commercial purposes. Copying for personal, non-commercial purposes was also excluded from the range of the directive.

International issues

In Europe, there are several ongoing dialog activities that are characterized by their consensus-building intention:

• Workshop on Digital Rights Management of the World Wide Web Consortium (W3C), January 2001. [701898]
• Participative preparation of the European Committee for Standardization/Information Society Standardisation System (CEN/ISSS) DRM Report, 2003 (finished). [701899]
• DRM Workshops of Directorate-General for Information Society and Media (finished), and the work of the DRM working groups (finished), as well as the work of the High Level Group on DRM (ongoing). [701900]
• Consultation process of the European Commission, DG Internal Market, on the Communication COM(2004)261 by the European Commission on "Management of Copyright and Related Rights" (closed). [701901]
• The INDICARE project is an ongoing dialogue on consumer acceptability of DRM solutions in Europe. It is an open and neutral platform for exchange of facts and opinions, mainly based on articles by authors from science and practice.
• The AXMEDIS project is a European Commission Integrated Project of the FP6. The main goal of AXMEDIS is automating the content production, copy protection and distribution, reducing the related costs and supporting DRM at both B2B and B2C areas harmonising them.
• The Gowers Review of Intellectual Property is the result of a commission by the British Government from Andrew Gowers, undertaken in December 2005 and published in 2006, with recommendations regarding copyright term, exceptions, orphaned works, and copyright enforcement.

The European Community was expected to produce a recommendation on DRM in 2006, phasing out the use of levies (compensation to rights holders charged on media sales for lost revenue due to unauthorized copying) given the advances in DRM/TPM technology. However, opposition from the member states, particularly France, have now made it unlikely that the recommendation will be adopted.

Controversy

DRM opposition

Many organizations, prominent individuals, and computer scientists are opposed to DRM. Two notable DRM critics are John Walker, as expressed for instance, in his article The Digital Imprimatur: How big brother and big media can put the Internet genie back in the bottle, and Richard Stallman in his article The Right to Read and in other public statements: "DRM is an example of a malicious feature - a feature designed to hurt the user of the software, and therefore, it's something for which there can never be toleration". Professor Ross Anderson of Cambridge University heads a British organization which opposes DRM and similar efforts in the UK and elsewhere. Cory Doctorow, a prominent writer and technology blogger, spoke on the Microsoft campus criticizing the technology, the morality, and the marketing of DRM.

There have been numerous others who see DRM at a more fundamental level. TechMediums.com argues that DRM-free music allows for viral marketing, arguing that independent artists benefit from "free marketing" and can then focus on revenues from higher margin products like merchandise and concert ticket sales. This is similar to some of the ideas in Michael H. Goldhaber's presentation about "The Attention Economy and the Net" at a 1997 conference on the "Economics of Digital Information." (sample quote from the "Advice for the Transition" section of that presentation: "If you can't figure out how to afford it without charging, you may be doing something wrong.")

The Electronic Frontier Foundation and similar organizations such as FreeCulture.org also hold positions which are characterized as opposed to DRM.

The Foundation for a Free Information Infrastructure has criticized DRM's impact as a trade barrier from a free market perspective.

The final version of the GNU General Public License version 3, as released by the Free Software Foundation, has a provision that 'strips' DRM of its legal value, so people can break the DRM on GPL software without breaking laws like the DMCA. Also, in May 2006, the FSF launched a "Defective by Design" campaign against DRM.

Creative Commons provides licensing options encouraging the expansion of and building upon creative work without the use of DRM. In addition, the use of a Creative Commons-licensed work on a device which incorporates DRM is a breach of the Baseline Rights asserted by each license.

Bill Gates spoke about DRM at CES in 2006. According to him, DRM is not where it should be, and causes problems for legitimate consumers while trying to distinguish between legitimate and illegitimate users.

According to Steve Jobs, Apple opposes DRM music after a public letter calling its music labels to stop requiring DRM on its iTunes Store. As of January 6, 2009, the iTunes Store is DRM-free for songs. However, Apple considers DRM on video content as a separate issue and has not removed DRM from all of its video catalog.

As already noted, many DRM opponents consider "digital rights management" to be a misnomer. They argue that DRM manages rights (or access) the same way prison manages freedom and often refer to it as "digital restrictions management". Alternatively, ZDNet Executive Editor David Berlind suggests the term "Content Restriction, Annulment and Protection" or "CRAP" for short.

The Norwegian Consumer rights organization "Forbrukerrådet" complained to Apple Inc. in 2007 about the company's use of DRM in, and in conjunction with, its iPod and iTunes products. Apple was accused of restricting users' access to their music and videos in an unlawful way, and of using EULAs which conflict with Norwegian consumer legislation. The complaint was supported by consumers' ombudsmen in Sweden and Denmark, and is currently being reviewed in the EU. Similarly, the United States Federal Trade Commission is planning to hold hearings in March of 2009 to review disclosure of DRM limitations to customers' use of media products.

The use of DRM may also be a barrier to future historians, since technologies designed to permit data to be read only on particular machines, or with particular keys, or for certain periods, may well make future data recovery impossible — see Digital Revolution. This argument connects the issue of DRM with that of asset management and archive technology.

DRM opponents argue that the presence of DRM violates existing private property rights and restricts a range of heretofore normal and legal user activities. A DRM component would control a device a user owns (such as a Digital audio player) by restricting how it may act with regards to certain content, overriding some of the user's wishes (for example, preventing the user from burning a copyrighted song to CD as part of a compilation or a review). An example of this effect may be seen in Microsoft's Windows Vista operating system in which content is disabled or degraded depending on the DRM scheme's evaluation of whether the hardware and its use are 'secure'. All forms of DRM depend on the DRM enabled device (e.g., computer, DVD player, TV) imposing restrictions that (at least by intent) cannot be disabled or modified by the user.

Tools like FairUse4WM have been created to strip Windows Media of DRM restrictions.

Valve Corporation President Gabe Newell also stated "most DRM strategies are just dumb" because they only decrease the value of a game in the consumer's eyes. Newell's suggests pairing DRM with "[creating] greater value for customers through service value", and stopped short of repudiating Valve's DRM system, known as Steam. However, Mr. Newell's anti-DRM rhetoric flies in the face of Steam's own copy-protection strategy, which is actually a form of DRM.

"DRM-Free"

Due to the strong opposition that exists to DRM, many companies and artists have begun advertising their products as "DRM-Free".

Most notably, Apple began selling "DRM-Free" music through their iTunes store in April 2007. It was later revealed that the DRM-Free iTunes files were still embedded with each user's account information, a technique called Digital watermarking generally not regarded as DRM. In January 2009, iTunes began marketing all of their songs as "DRM-Free", however iTunes continues to use DRM on movies, TV shows, ringtones, and audiobooks.

Shortcomings

Methods to bypass DRM

There are many methods to bypass DRM control on audio and video content.

One simple method to bypass DRM on audio files is to burn the content to an audio CD and then rip it into DRM-free files. This is only possible when the software that plays these DRM-restricted audio files allows CD-burning. Some software products simplify and automate this burn-rip process by allowing the user to burn music to a CD-RW disc or to a Virtual CD-R drive, then automatically ripping and encoding the music, and automatically repeating this process until all selected music has been converted, rather than forcing the user to do this one CD (72–80 minutes worth of music) at a time.

Many software programs have been developed that intercept the data stream as it is decrypted out of the DRM-restricted file, and then use this data to construct a DRM-free file. These programs require a decryption key. Programs that do this for DVDs, HD DVDs, and Blu-ray Discs include universal decryption keys in the software itself. Programs that do this for TiVo ToGo recordings, iTunes audio, and PlaysForSure songs, however, rely on the user's own key — that is, they can only process content that the user has legally acquired under his or her own account.

Another method is to use software to record the signals being sent through the audio or video cards, or to plug analog recording devices into the analog outputs of the media player. These techniques utilize the so-called "analog hole" (see below).

Analog hole

All forms of DRM for audio and visual material (excluding interactive materials, like videogames) are subject to the analog hole, namely that in order for a viewer to play the material, the digital signal must be turned into an analog signal containing light and/or sound for the viewer, and so available to be copied as no DRM is capable of controlling content in this form. In other words, a user could play a purchased audio file while using a separate program to record the sound back into the computer into a DRM-free file format.

All DRM to date, and probably all future ones can therefore be bypassed by recording this signal and digitally storing and distributing it in a non DRM limited form, by anyone who has the technical means of recording the analog stream. However the conversion from digital to analog and back is likely to force a loss of quality, particularly when using lossy digital formats. HDCP is an attempt to restrict the analog hole, although it is largely ineffective.

Asus released a soundcard which features a function called "Analog Loopback Transformation" to bypass the restrictions of DRM. This feature allows the user to record DRM-restricted audio via the soundcard's built-in analog I/O connection.

DRM on general computing platforms

Many of the DRM systems in use are designed to work on general purpose computing hardware, such as desktop PCs apparently because this equipment is felt to be a major contributor to revenue loss from disallowed copying. Large commercial copyright infringers ("pirates") avoid consumer equipment, so losses from such infringers will not be covered by such provisions.

It is been hypothesized that such schemes, especially software based ones, can never be wholly secure since the software must include all the information necessary to decrypt the content, such as the decryption keys. An attacker will be able to extract this information, directly decrypt and copy the content, which bypasses the restrictions imposed by a DRM system.

DRM on purpose-built hardware

Many DRM schemes use encrypted media which requires purpose-built hardware to hear or see the content. This appears to ensure that only licensed users (those with the hardware) can access the content. It additionally tries to protect a secret decryption key from the users of the system.

While this in principle can work, it is extremely difficult to build the hardware to protect the secret key against a sufficiently determined adversary. Many such systems have failed in the field. Once the secret key is known, building a version of the hardware that performs no checks is often relatively straightforward. In addition user verification provisions are frequently subject to attack.

A common real-world example can be found in commercial direct broadcast satellite television systems such as DirecTV. The company uses tamper-resistant smart cards to store decryption keys so that they are hidden from the user and the satellite receiver. However, the system has been compromised in the past, and DirecTV has been forced to roll out periodic updates and replacements for its smart cards.

Watermarks

Watermarks can be removed, although degradation of video or audio can occur. In particular, most compression only retains perceptible features of an image, and if the watermarks are invisible, they are typically removed by compression systems as a side-effect.

Mass piracy failure

Mass piracy of hard copies does not necessarily need DRM to be decrypted or removed, as it can be achieved by bit-perfect copying of a legally obtained medium without accessing the decrypted content. Additionally, still-encrypted disk images can be distributed over the Internet and played on legitimately licensed players. Other copy protection methods, such as specific data layout on the medium, perform better in this area.

Obsolescence

When standards and formats change, it may be difficult to transfer DRM-restricted content to new media. Additionally, any system that requires contact with an authentication server is vulnerable to that server becoming unavailable, as happened in 2007 when videos purchased from Major League Baseball (mlb.com) prior to 2006 became unplayable due to a change to the servers that validate the licences.

Microsoft Zune -When Microsoft introduced their Zune media player in 2006, it did not support content that uses Microsoft's own PlaysForSure DRM scheme they had previously been selling. The EFF calls this "a raw deal".

MSN Music -In April 2008, Microsoft sent an email to former customers of the now-defunct MSN Music store:"As of August 31, 2008, we will no longer be able to support the retrieval of license keys for the songs you purchased from MSN Music or the authorization of additional computers. You will need to obtain a license key for each of your songs downloaded from MSN Music on any new computer, and you must do so before August 31, 2008. If you attempt to transfer your songs to additional computers after August 31, 2008, those songs will not successfully play."

However, to avoid a public relations disaster, Microsoft re-issued MSN Music shutdown statement on June 19^th and allowed the users to use their licenses until the end of 2011: "After careful consideration, Microsoft has decided to continue to support the authorization of new computers and devices and delivery of new license keys for MSN Music customers through at least the end of 2011, after which we will evaluate how much this functionality is still being used and what steps should be taken next to support our customers. This means you will continue to be able to listen to your purchased music and transfer your music to new PCs and devices beyond the previously announced August 31, 2008 date."

Yahoo! Music Store -On July 23, 2008, the Yahoo! Music Store emailed its customers to tell them it will be shutting down effective September 30, 2008 and the DRM license key servers will be taken offline.

Walmart -In August 2007, Walmart's online music division started offering (DRM-free) MP3s as an option. Starting in February 2008, they made all sales DRM-free.On September 26, 2008, the Walmart Music Team notified its customers via email they would will be shutting down their DRM servers October 9, 2008 and any DRM-encumbered music acquired from them will no longer be accessible unless ripped to a non-DRM format before that date.

After bad press and negative reaction from customers, on October 9, 2008, Walmart decided not to take its DRM servers offline.

Fictionwise / Overdrive -In January 2009, OverDrive informed Fictionwise that they would no longer be providing downloads for purchasers of e-books through Fictionwise as of 31 January 2009. No reason was provided as to Fictionwise why they were being shut down. This prevents previous purchases from being able to renew their books on new devices. Fictionwise is working to provide replacement ebooks for its customers in alternative, non-DRM formats, but does not have the rights to provide all of the books in different formats.

Ads for Adobe PDF -Also in January 2009, Adobe Systems announced that as of March 2009 they would no longer operate the servers that served ads to their PDF reader. Depending on the restriction settings used when PDF documents were created, they may no longer be readable.

Historical note

A very early implementation of DRM was the Software Service System (SSS) devised by the Japanese engineer Ryoichi Mori in 1983

and subsequently refined under the name superdistribution. The SSS was based on encryption, with specialized hardware that controlled decryption and also enabled payments to be sent to the copyright holder. The underlying principle of the SSS and subsequently of superdistribution was that the distribution of encrypted digital products should be completely unrestricted and that users of those products would not just be permitted to redistribute them but would actually be encouraged to do so.

See also

Related concepts

• Compliance and Robustness
• Copyleft
• Copyright
• Cryptography
• Data room
• ODRL
• Privacy enhancing technologies
• Product activation
• Smart contracts
• Smart Cow Problem
• Street Performer Protocol
• Superdistribution
• Tivoization
• Trusted Computing
• Voluntary Collective Licensing
• XrML

Organizations

• European Information, Communications and Consumer Electronics Technology Industry Associations
• Trusted Computing Group
• Motion Picture Association of America
• Recording Industry Association of America

• Electronic Frontier Foundation
• Open Rights Group
• Open Mobile Alliance
• Defective by Design, a campaign of the Free Software Foundation
• Pirate Party, a Swedish political party which is a proponent of free culture and free knowledge
• Free Software Foundation Europe
• Secure Digital Music Initiative
• Open Entertainment Alliance

References

Further reading

• Lawrence Lessig's Free Culture, published by Basic Books in 2004, is available for free download in PDF format. The book is a legal and social history of copyright. Lessig is well known, in part, for arguing recent landmark cases on copyright law. A Professor of Law at Stanford University, Lessig writes for an educated lay audience, including for non-lawyers. He is, for the most part, an opponent of DRM technologies.
• Rosenblatt, B. et al., Digital Rights Management: Business and Technology, published by M&T Books (John Wiley & Sons) in 2001. An overview of DRM technology, business implications for content publishers, and relationship to U.S. copyright law.
• Consumer's Guide to DRM, published in 10 languages (Czech, German, Greek, English, Spanish, French, Hungarian, Italian, Polish, Swedish), produced by the INDICARE research and dialogue project
• Eberhard Becker, Willms Buhse, Dirk Günnewig, Niels Rump: Digital Rights Management - Technological, Economic, Legal and Political Aspects. An 800 page compendium from 60 different authors on DRM.
• Fetscherin, M., Implications of Digital Rights Management on the Demand for Digital Content, provides an excellent view on DRM from a consumers perspective. [701902]
• Bound by Law, by James Boyle et al., at Duke University Law School /www.law.duke.edu/cspd/comics/zoomcomic.html>, a comic book treatment of the US Fair Use doctrine (with some relevance to other jurisdictions, for example in the Commonwealth usually called Fair Dealing), that is a license fee or permission free, under statute and common law precedent, use of copyrighted material.
• DRM on Open Platforms - A paper by Hagai Bar-El and Yoav Weiss on ways to partially close open platforms to make them suitable for DRM implementations. It has been released under a Creative commons by NC-SA license.
• The Pig and the Box, a book with colorful illustrations and having a coloring book version, by 'MCM'. It describes DRM in terms suited to kids, written in reaction to a Canadian entertainment industry copyright education initiative, aimed at children.
• Present State and Emerging Scenarios of Digital Rights Management Systems - A paper by Marc Fetscherin which provides an overview of the various components of DRM, pro and cons and future outlook of how, where, when such systems might be used.
• DRM is Like Paying for Ice - Richard Menta article on MP3 Newswire discusses how DRM is implemented in ways to control consumers, but is undermining perceived product value in the process.
• Challenges in Designing Content Protection Solutions - A paper by Hagai Bar-El and Discretix that addresses technical dilemmas and difficulties met when designing DRM products.
• A Semantic Web Approach to Digital Rights Management - PhD Thesis by Roberto García that tries to address DRM issues using Semantic Web technologies and methodologies.
• Patricia Akester, "Technological Accommodation of Conflicts between Freedom of Expression and DRM: The First Empirical Assessment" available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1469412 (unveiling, through empirical lines of enquiry, (1) whether certain acts which are permitted by law are being adversely affected by the use of DRM and (2) whether technology can accommodate conflicts between freedom of expression and DRM).

External links

• BBC News |Technology Q&A: What is DRM?
• Windows Media DRM FAQ from Microsoft
• Digital Rights Management from CEN/ISSS (European Committee for Standardization / Information Society Standardization System). Contains a range of possible definitions for DRM from various stakeholders. 30 September 2003
• Digital Bits Skeptic DRM technology in media publishing