Electric Fairground

Digital Rights Management (DRM) describes a wind range of technologies used to protect digital media creators’ rights from piracy and illegal file-sharing. DRM is used in several different types of media but most commonly in computer software, videos and music. The unauthorised tampering of software code is called hacking, when applied to breaking copy protection or DRM software this process is called cracking. Nearly all DRM systems which are widely-used have been cracked or otherwise circumvented [1], yet the music industry continues to pump more money each year into producing new, more complex DRM software.

‘Intellectual property’ was a term brought to the public eye in the 1960’s with the formation of the World Intellectual Property Organisation (WIPO). WIPO is a UN organisation created in 1967 with the intention of “promoting the protection of intellectual property throughout the world” [2]. Under intellectual property law, the author has certain exclusive rights to their creative work, commercial symbol, or invention [3]. However, there is much controversy over whether intellectual property laws are in the public interest or not. Intellectual property and copyright laws are often called intellectual protectionism [4] and frequently come under heavy criticism. Under the EU Copyright Directive of 2001 (EUCD) [5] it is illegal to try to circumvent DRM software within some EU member states, including Finland, France and the UK. However, it is very difficult and costly to prosecute somebody for cracking DRM and if it is not done in a state with an implementation of EUCD, it is not even a crime!

DRM was originally implemented because of declining profits in the big corporate media content owners and publishers like Warner, MGM, Columbia Pictures, 20th Century Fox Films, Sony BMG, Universal and EMI. These large companies are fighting a losing battle against a variety of counterfeiters, hackers, bootleggers, pirates, file-sharing internet companies and cryptography enthusiasts, all of whom have more time and expertise than all of the record industry’s DRM experts combined. The major media corporations persist that with declining sales, the quality of the media will also decrease. It is not difficult to see why the big music industry players are so interested in protecting their profit margins as the figures speak for themselves. The sale of compact discs for the first three months of 2008 plunged 20% [6] from the sales figures for the same period last year. Traditionally, university students have been held to blame for the vast majority of piracy. However, the Motion Picture Association of America has admitted that claims that 44% of it’s revenue losses were down to students were in fact overestimated by up to 300% [7]. In fact, just 15% of piracy can be blamed on students.

DRM software has changed rapidly over the last few years. Increasingly, users are required to have an internet connection to authenticate their music files to allow the makers of DRM software to quickly patch any cracks. All media which contains DRM has built-in encryption keys which can prevent anyone without these keys from accessing the media. An encryption key is a piece of data that determines the functional output of a cryptographic algorithm. It specifies the transformation of the file’s data so that it can be played on a user’s computer. These keys are hidden deep within the software so that the end user cannot have access to them and distribute them along with the copied media. I will describe the five stages needed to play a media file which are present in most DRM systems:

Packaging: The media file can only be played if it is first unlocked with an encryption key. This key typically relates specifically to the user’s computer but can also be provided separately (for example in an email).
Distribution: There are many different methods of distributing online media. Common distribution methods include; direct server downloads, optical media (CD’s/DVD’s etc) and files attached to emails. Some DRM systems also allow users to directly share files with friends (usually with a limit to the number of times a file can be shared).
License Serving: Some DRM files are authenticated through a direct connection to an internet server. This can cause the file to “lock up” if the key is invalid. The content publisher provides a License Clearing House (LCH) which stores the media-specific rules of the license. The LCH ascertains if the user’s request for a license is genuine or not. DRMed media files are stored separately from the license keys to make it easier to protect against hackers.
License Acquisition: This describes the process where the user acquires a legitimate encryption key to unlock their media. The user must acquire a license with which to unlock their media file. Often, the license acquisition takes place automatically when a user attempts to access their file. Otherwise, the DRM system either refers the user to a registration page where payment is required or just immediately retrieves a license from the clearing house.
Local Access: As long as the user’s media player of choice conforms to the type of DRM the media file uses, they should then be able to play the file according to the rules of the license they have acquired.

Some users are understandably very unhappy about the widespread use of DRM today. They argue that they are purchasing content which they actually have very limited control over and don’t really own in any conventional sense of ownership. At the best of times there are often compatibility issues with non-DRM content and DRM just serves as an extra hurdle to overcome when it comes to being able to play a file. For example, users of the Napster music download service (www.napster.com) cannot play tracks they purchase on an iPod and due to their DRM software being interlinked with a monthly subscription service, if users stop paying their subscription fees, they lose all of their music. The fast-paced development of media technologies also means that ageing DRM systems can quickly become unsupported and render many files useless, especially if a company goes out of business or no longer supports a type of DRM software. In this case, the user has to either repurchase their entire music library or investigate illegally circumventing the DRM.

The most catastrophic example of bad DRM software was Sony BMG’s XPC software included on 52 CD’s released in 2005. The protected disc is a multisession CD containing unprotected audio and malware that tampers with your computer’s ability to read this unprotected audio. The malware included on XPC DRM CD’s does a number of things, including modifying the user’s operating system kernel to artificially alter how the system sees it’s resources and automatically blocking a predefined list of CD-ripping software. The software contacts Sony via the internet ever time the user plays an unprotected CD, providing information regarding which CD is playing, when it was played and where you live. The software also adds noise to any ripped CD audio if XPC thinks you shouldn’t be ripping. Sony BMG’s directors claims that users don’t care about their computer being taken over if they don’t even know it has happened [7]. Worst of all, the License Agreement for the software has very little mention as to what the software actually does and isn’t available to the user prior to purchase. On top of all that, there was no built-in method for uninstalling their software once it was on your machine. Sony’s first attempt to release an uninstaller to remove the software created an ActiveX backdoor which could be exploited by hackers. Due to copyright laws in America, which make it illegal to reverse-engineer DRM systems, most computer security firms chose to ignore the threat posed by XCP to their customers and only protect their own internal machines.

DRM does not prevent illegal use of files, it just makes it slightly harder for someone to access them. This kind of a deterrent only works as long as the user is unaware how to break the DRM software. A simple search on Google will produce hundreds of guides to breaking DRM and even if this is too much for your average user, in the case of music files, the DRM can be manually circumvented by burning files to removable media and then transferring them back to a computer. This is a particularly important point because as soon as one person realises it is possible to circumvent DRM, they can then share that file with anyone else who doesn’t know how to. CDs have been available for years with no DRM on them. Indeed, you can go to a shop and buy DRM-free music today. So why do the big corporations release their media DRM-free in physical forms but insist on DRM for their digital distribution?

Supporters of DRM argue that it is essential in the fight to protect intellectual rights which are being increasingly ignored with the advent of the internet age. They argue that DRM is a fledgling business and it is inevitable that there will be problems but these problems can be worked through. Users drive improvements in the software and through this feedback a working form of DRM will inevitably be developed. Pro-DRM supporters also say that one size does not fit all, many users don’t mind downloading DRM media if it is cheaper and those that want DRM-free content should be willing to pay extra for the privilege.

However, the massive increase in online piracy is not a problem for the consumer, so why should we have to pay for it? Also, current forms of DRM are understandably not perfect, but a perfect DRM system still restricts the user and is a nuisance. The idea that users wanting DRM-free content having to pay more is ridiculous, as why should we pay more for a system that we don’t want or need, when it’s just as easy to acquire a DRM-free version for no cost?

So what is the future of DRM? It is my opinion that within the next five years we will see a dramatic decrease in the use of DRM, so much so that it will become very rare for downloadable media to have any sort of DRM software by default. After a long wait, the big record companies are realising that, on the whole, consumers don’t like DRM and that if they are to retain any sort of control over digital media distribution they are going to have to scrap these draconian restrictions. In my opinion, some sort of licensing system will be adopted by most countries, similar to the TV licensing system in the UK which forces consumers to pay a subscription fee which is then divided up by a licensing body among the artists and producers. Websites like last.fm (www.last.fm) employ music logging software which allows any user to log every single song they play on their computer. This method is much more sustainable and consumer-friendly than DRM-infested music and will more than likely lead to a fairer distribution of money within the music industry.

References

[1] Cory Doctorow, 2004, Microsoft Research DRM talk, http://www.craphound.com/ msftdrm.txt, Accessed 10/5/08.
[2] What is WIPO?, 2007, http://www.wipo.int/about-wipo/en/what_is_wipo.html, Accessed 10/5/08.
[3] Michael Perelman, 2004, Steal This Idea: Intellectual Property Rights and the Corporate, Palgrave Macmillan.

[4] Wikipedia, 2008, Intellectual Property article, http://en.wikipedia.org/wiki/ Intellectual_property, accessed 11/05/08.

[5] Wikipedia, 2008, EU Copyright Directive article, http://en.wikipedia.org/wiki/ EU_Copyright_Directive, accessed 11/05/08.

[6] Ethan Smith, 2008, Sales of music, long in decline, plunge sharply, http://online.wsj.com/public/article/SB117444575607043728- oEugjUqEtTo1hWJawejgR3LjRAw_20080320.html, accessed 12/05/08.

[7] Kenneth C. Green, 2008, The Movie Industry’s 300% Error, http:// undhon392.wordpress.com/2008/01/29/illegal-movie-piracy-by-college-students- overestimated/, accessed 09/05/08.

[8] Mark Lyon, 2007, http://www.sonysuit.com/, accessed 06/05/08.