Digital rights management: Difference between revisions
imported>Sandy Harris |
mNo edit summary |
||
(75 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
{{subpages}} | {{PropDel}}<br><br>{{subpages}} | ||
{{TOC|right}} | {{TOC|right}} | ||
'''Digital rights management (DRM)''' refers to the laws and technologies which provide intellectual property owners control over the distribution and use of their material by controlling consumers' use of it. The claimed goals are to prevent copying of digital media and to restrict access and content use to what is allowed by [[copyright]] law.<ref name=Bates>Bates, BJ. (2008) 'Commentary: Value and Digital Rights Management-A Social Economics Approach', Journal of Media Economics, 21:1, 53-77</ref> | '''Digital rights management (DRM)''' refers to the laws and technologies which provide intellectual property owners control over the distribution and use of their material by controlling consumers' use of it. The claimed goals are to prevent copying of digital media and to restrict access and content use to what is allowed by [[copyright]] law.<ref name=Bates>Bates, BJ. (2008) 'Commentary: Value and Digital Rights Management-A Social Economics Approach', Journal of Media Economics, 21:1, 53-77</ref> | ||
Critics refer to it as "Digital ''Restrictions'' Management", and argue that many of the restrictions it enforces go well beyond the rights granted by law. | |||
==History== | ==History== | ||
Copyright law is the earliest form of [[intellectual property]] protection. This area of law developed for print media, long before copying machines and digital media, and has not necessarily kept pace with technology. | |||
=== Legal Background === | === Legal Background === | ||
The [[Copyright|copyright]] since its formal creation in 1710 by the British [[Statute of Anne]] and its inclusion in the [[U.S. Constitution]]<ref name=Bennett>Bennett, S. (1999) 'Authors' Rights', Journal of Electronic Publishing, vol. 5, no. 2, Dec., 1999</ref> has been the main protection scheme for intellectual property rights for creative information goods and services. | The [[Copyright|copyright]] since its formal creation in 1710 by the British [[Statute of Anne]] and its inclusion in the [[U.S. Constitution]]<ref name=Bennett>Bennett, S. (1999) 'Authors' Rights', Journal of Electronic Publishing, vol. 5, no. 2, Dec., 1999</ref> has been the main protection scheme for intellectual property rights for creative information goods and services. | ||
Line 42: | Line 45: | ||
* <b>Limited Record Company Adoption</b>: With previous improved formats, such as cassette tapes and CD's, the music industry has been fast to adapt, develop, and switch to these new forms of media to satisfy the demand. However for digital music this was not the case. Although computers with CD burners and MP3 player sales were skyrocketing in the early 90's, from 1999 (the release of Napster) to 2003 (the opening of the Itunes Store), there was no digital music service offering any of the music produced by the big 4 record companies (Warner, Sony BMG, EMI, Universal). As a result, the lack of service drove people to acquire their music via illegal copying. | * <b>Limited Record Company Adoption</b>: With previous improved formats, such as cassette tapes and CD's, the music industry has been fast to adapt, develop, and switch to these new forms of media to satisfy the demand. However for digital music this was not the case. Although computers with CD burners and MP3 player sales were skyrocketing in the early 90's, from 1999 (the release of Napster) to 2003 (the opening of the Itunes Store), there was no digital music service offering any of the music produced by the big 4 record companies (Warner, Sony BMG, EMI, Universal). As a result, the lack of service drove people to acquire their music via illegal copying. | ||
* <b>Development of [[Content delivery and distributed file sharing networks|distributed file sharing]]</b>: Internet-based technologies grew to encompass distributed file sharing, with no central distribution point at which unauthorized distribution could be stopped. | |||
==== The Reaction ==== | ==== The Reaction ==== | ||
Line 76: | Line 80: | ||
Trying to not make the same mistakes as their music counterparts, the film and TV industry is attempting to be faster in the adaptation of digital distribution. | Trying to not make the same mistakes as their music counterparts, the film and TV industry is attempting to be faster in the adaptation of digital distribution. | ||
Forms of DRM were introduced in both the DVD and Blu-Ray formats. The DVD format was cracked in the 90's, and | Forms of DRM were introduced in both the DVD and Blu-Ray formats. The DVD format was cracked in the 90's, and weaknesses in Blu-Ray were found within months of release. <ref>Cory Doctorow 'Blu-Ray AND HD-DVD broken - processing keys extracted'[http://www.boingboing.net/2007/02/13/bluray-and-hddvd-bro.html]</ref> <ref>Gerry Block (Jan 2007) [http://gear.ign.com/articles/758/758675p1.html HD-DVD, Blu-ray AACS Copy Protection Broken]</ref> | ||
However, the industry as a whole is beginning to accept the idea that fewer and fewer consumers are accessing their content via physical media, and more and more are switching to digital or streaming services. | However, the industry as a whole is beginning to accept the idea that fewer and fewer consumers are accessing their content via physical media, and more and more are switching to digital or streaming services. | ||
Line 94: | Line 98: | ||
==== CSS ==== | ==== CSS ==== | ||
An example is the [[DVD Forum]]'s [[Contents Scrambling System]] (CSS) which provided a common means of encoding for all movies on [[DVD]]. Any firm producing players or software to view the encoded movies | An example is the [[DVD Forum]]'s [[Contents Scrambling System]] (CSS) which provided a common means of encoding for all movies on [[DVD]]. Any firm producing players or software to view the encoded movies was supposed to license the decoding system from the forum. Despite industry claims, this scheme was not designed to prevent copying — a bit-for-bit copy of a DVD would play on any player that the original would. | ||
What it did attempt was to control usage of the DVDs. CSS includes a system of region codes such that, for example, a DVD sold in North America (region 1) will not play on a player sold in Europe (region 2).This allows the movie companies more control over their markets, for example charging higher prices in some regions or holding back DVD release for a region until after the cinema release there. There are other controls as well; for example the fast-forward control is locked out during the opening section of the disk so that a user cannot bypass the advertising or movie previews there. | What it did attempt was to control usage of the DVDs. CSS includes a system of region codes such that, for example, a DVD sold in North America (region 1) will not play on a player sold in Europe (region 2).This allows the movie companies more control over their markets, for example charging higher prices in some regions or holding back DVD release for a region until after the cinema release there. There are other controls as well; for example the fast-forward control is locked out during the opening section of the disk so that a user cannot bypass the advertising or movie previews there. | ||
Not all vendors follow the Forum's rules; there are many "region-free" DVD players on the market; see for example, this [http://www. | Not all vendors follow the Forum's rules; there are many "region-free" DVD players on the market; see for example, this [http://www.dvdexploder.com/ site]. Also, some players that normally implement region codes can be set to ignore them, either in software or by replacing a chip; there are guides on the net for that as well. In some markets, such as China, nearly all players are region-free. In others, such as Europe, buyers tend to prefer them. One of Britain's largest retailers, [[Tesco]] found massive demand for such players and asked the movie industry to drop region codes altogether | ||
<ref>{{citation | |||
| author = Linda Harrison & Tony Smith | |||
| url = http://www.theregister.co.uk/2000/02/21/tesco_slams_unnecessary_dvd_zoning/ | |||
| title = Tesco slams ‘unnecessary’ DVD zoning | |||
| date = February 2000 | |||
}}</ref>. [[NASA]] sent [[Sony]] players, modified to be region-free, to the [[International Space Station]] [http://www.faqs.org/abstracts/Telecommunications-industry/NASA-USING-REGION-FREE-DVD-ZENITH-LOSS-GROWS.html]; Sony were not entirely happy about this. | |||
There is a later variant called RCE or "regional coding enhancement" [http://www.dvdtalk.com/rce.html] intended to block play of new discs on region-free players. | There is a later variant called RCE or "regional coding enhancement" [http://www.dvdtalk.com/rce.html] intended to block play of new discs on region-free players. | ||
==== DeCSS ==== | ==== DeCSS ==== | ||
For playing DVDs on a computer, the CSS scheme is easily bypassed | For playing DVDs on a computer, the CSS scheme is easily bypassed; there are a number of programs which do this. The first one to become widespread was a decoder for Windows known as DeCSS.<ref name=Bates /> There was a great deal of controversy on the net and in the courts over this. | ||
* The [[Motion Picture Association of America]] (MPAA) took the position that DeCSS was a "circumvention device" under the US [[Digital Millennium Copyright Act]] and sued many people, including web sites who only linked to the code. These suits succeeded and court orders were issued to take down some copies of the code and links. Of course, copies are still readily available from places outside US jurisdiction. | * The [[Motion Picture Association of America]] (MPAA) took the position that DeCSS was a "circumvention device" under the US [[Digital Millennium Copyright Act]] and sued many people, including web sites who only linked to the code. These suits succeeded and court orders were issued to take down some copies of the code and links. Of course, copies are still readily available from places outside US jurisdiction. | ||
* The [[DVD Content Control Association]] (DVD-CCA) argued that breaking CSS involved misuse of trade secrets and sued on those grounds. These suits failed. | * The [[DVD Content Control Association]] (DVD-CCA) argued that breaking CSS involved misuse of trade secrets and sued on those grounds. These suits failed. | ||
There are archives of documents from both cases at [http://cyber.law.harvard.edu/openlaw/DVD/DeCSS/ Harvard] and [http://w2.eff.org/IP/Video/ EFF]. Harvard also has a [http://cyber.law.harvard.edu/openlaw/DVD/dvd-discuss-faq.html FAQ] document covering both legal and technical issues. | There are archives of documents from both cases at [http://cyber.law.harvard.edu/openlaw/DVD/DeCSS/ Harvard] and [http://w2.eff.org/IP/Video/ EFF]. Harvard also has a [http://cyber.law.harvard.edu/openlaw/DVD/dvd-discuss-faq.html FAQ] document covering both legal and technical issues. | ||
One issue was whether the DeCSS code qualifies as protected speech under the | One issue was whether the DeCSS code qualifies as protected speech under the First Amendment of the [[U.S. Constitution]]. A earlier court ruling in the [[Cryptography_controversy#Bernstein_case|Bernstein case]] over export restrictions on cryptography had set a precedent that those protections sometimes apply to code. However, in the MPAA case, the judge ruled that they did not apply to DeCSS. So some code is protected, other code is not. Computer science professor [[David Touretzky]] has a [http://www.cs.cmu.edu/~dst/DeCSS/Gallery/ Gallery of CSS Descramblers] exploring where the border might lie. | ||
==== CSS analysis ==== | ==== CSS analysis ==== | ||
CSS is obviously a flawed cryptosystem. It is weak in theory — [[David Wagner]] testified in one case that he asks his Berkeley students to break it as a homework assignment — and weak in practice since DeCSS (a reasonably short, simple and fast program) defeats it completely. What went wrong? | CSS is obviously a flawed cryptosystem. It is weak in theory — [[David Wagner]] testified in one case that he asks his Berkeley students to break it as a homework assignment — and weak in practice since DeCSS (a reasonably short, simple and fast program) defeats it completely. What went wrong? | ||
First, CSS was designed to be weak, | First, CSS was designed to be weak; it used a [[stream cipher]] for the bulk data encryption, and some additional things for [[key management]] The system as a whole used only a 40-bit key, to comply with cryptography export laws of the time (mid-90s). For why a short key makes any cipher inherently weak see [[Brute_force#Choosing_key_sizes|brute force attack]]. For discussion of debate about those laws see [[politics of cryptography]]. In this case, it may not have been US law that imposed bad cryptography. CSS was designed by [[Mitsubishi]] engineers and at the time, Japan also had strict export laws. | ||
Second, CSS was designed ''and even standardized'' in secret, without a public review that might have caught various design weaknesses. In some court cases DVD-CCA even claimed its inner workings were trade secrets. This violates [[Kerckhoffs'_Principle]]; no cipher should be trusted until it is published and reviewed. See [[Cryptography#Cryptography_is_difficult|cryptography is difficult]] for discussion of this common problem. | Second, CSS was designed ''and even standardized'' in secret, without a public review that might have caught various design weaknesses. In some court cases DVD-CCA even claimed its inner workings were trade secrets. This violates [[Kerckhoffs'_Principle]]; no cipher should be trusted until it is published and reviewed. See [[Cryptography#Cryptography_is_difficult|cryptography is difficult]] for discussion of this common problem. | ||
For a full paper [[cryptanalysis|cryptanalysing]] CSS, see [http://cyber.law.harvard.edu/openlaw/DVD/resources/crypto.gq.nu.html Cryptanalysis of Contents Scrambling System]. It indicates that CSS did not even achieve 40-bit security, more like 25; this is so weak it can conveniently be broken on demand. | For a full paper [[cryptanalysis|cryptanalysing]] CSS, see [http://cyber.law.harvard.edu/openlaw/DVD/resources/crypto.gq.nu.html Cryptanalysis of Contents Scrambling System]. It indicates that CSS did not even achieve 40-bit security, more like 25; this is so weak it can conveniently be broken on demand. | ||
==== Later DVD encryption ==== | |||
Later DVD products such as [[DVD audio]] use a [[block cipher]] called '''Cryptomeria''' or '''C2'''. It is a [[Feistel cipher]] which uses [[Block_cipher#S-boxes|S-boxes]]. It has ten rounds, 64-bit blocks, and a 56-bit key. | |||
C2 is used in [[Content Protection for Recordable Media]] and [[Content Protection for Pre-Recorded Media]], collectively known as CPRM/CPPM. The cipher itself has been published, but the S-boxes are secret and different for each application. | |||
There has been some published [[cryptanalysis]] of the cipher <ref name=borghoff-et-al>{{cite paper |date= |author=Julia Borghoff, [[Lars Knudsen]], Gregor Leander, Krystian Matusiewicz |title=Cryptanalysis of C2 |work=Extended Abstract |publisher=[[Technical University of Denmark]] |url=http://events.iaik.tugraz.at/weworc09/9aa510c7c7aab1/abstracts/04.pdf }}</ref> <ref name=algebraic-attacks>{{cite paper |author=Ralf-Philipp Weimann |date=2008-03-01 |title=Algebraic Methods in Block Cipher Cryptanalysis |publisher=[[Darmstadt University of Technology]] |url=http://tuprints.ulb.tu-darmstadt.de/1362/1/rpwphd.pdf }} (Abstract is in German, paper itself is in English)</ref>. | |||
==== Blu-ray disks ==== | |||
For the new higher-density [[Blu-ray]] disks, [[Intel]] designed a new DRM system called [[High Definition Content Protection]]; this is administered by [[Digital Content Protection LLP]]. It has been [http://www.pcmag.com/article2/0,2817,2369280,00.asp broken]. | |||
<blockquote>AACS took years to develop, and it has been broken in weeks. The developers spent billions, the hackers spent pennies.</blockquote> | |||
<blockquote> There is no future in which bits will get harder to copy. Instead of spending billions on technologies that attack paying customers, the studios should be confronting that reality and figuring out how to make a living in a world where copying will get easier and easier. They're like blacksmiths meeting to figure out how to protect the horseshoe racket by sabotaging railroads. | |||
The railroad is coming. The tracks have been laid right through the studio gates. It's time to get out of the horseshoe business.[http://boingboing.net/2007/02/13/bluray-and-hddvd-bro.html]</blockquote> | |||
Some have argued that DRM is a major reason Blu-ray is not doing as well as expected in the market<ref>{{citation | |||
| author = Ganesh T S | |||
| url = http://www.anandtech.com/show/5693/cinavia-drm-how-i-learned-to-stop-worrying-and-love-blurays-selfdestruction | |||
| title = Cinavia DRM: How I Learned to Stop Worrying and Love Blu-ray’s Self-Destruction | |||
| date = Mar 2012 | |||
}}</ref>. | |||
===Marking=== | ===Marking=== | ||
Line 127: | Line 162: | ||
Some marking methods hide the markings using techniques from [[steganography]]. In other cases, the markings are quite visible; for example photographs on the web often have the photographer's name or the website URL printed across them to discourage copying. | Some marking methods hide the markings using techniques from [[steganography]]. In other cases, the markings are quite visible; for example photographs on the web often have the photographer's name or the website URL printed across them to discourage copying. | ||
[[NEC]] have announced [http://www.pcauthority.com.au/News/174226,nec-announces-video-checking-technology.aspx] an advanced marking system, to be included in the [[MPEG 7]] standard, that puts a mark on every frame of a video. | |||
===Rights Locker=== | ===Rights Locker=== | ||
Line 132: | Line 169: | ||
== Difficulties of DRM == | == Difficulties of DRM == | ||
{{quotation|Digital rights management, or DRM, is based on the idea that we should design computers that consult an internal policy document written by a third party to check if anything the owner might want to do is a permitted task. If you hit control S or control C to save the work or copy the work, your computer would be able to stop you. I think your computer should never say no, it should always obey you.<ref>{{citation | |||
| author = Jessica Griggs | |||
| date = June 2010 | |||
| title = Cory Doctorow: My computer says no | |||
| journal = New Scientist | |||
| url = http://www.newscientist.com/article/mg20627635.700-cory-doctorow-my-computer-says-no.html?full=true&print=true | |||
}}</ref>}} | |||
=== Consumer attitudes === | === Consumer attitudes === | ||
Line 138: | Line 183: | ||
DRM also seems to be doing very little to stop copyright infringement: "today, infringement is more widespread than ever"<ref>[[Cory Doctorow]], [http://craphound.com/complexecosystems.txt All Complex Ecosystems Have Parasites], [[O'Reilly Emerging Technology Conference]], 16 March 2005.</ref>. | DRM also seems to be doing very little to stop copyright infringement: "today, infringement is more widespread than ever"<ref>[[Cory Doctorow]], [http://craphound.com/complexecosystems.txt All Complex Ecosystems Have Parasites], [[O'Reilly Emerging Technology Conference]], 16 March 2005.</ref>. | ||
One online joke collection includes "Copy Protection: A clever method of preventing incompetent pirates from stealing software and legitimate customers from using it."[http://ftp3.ie.freebsd.org/pub/www.gnu.org/fun/jokes/software.terms.html] | |||
==== Access and Usage Concerns ==== | ==== Access and Usage Concerns ==== | ||
Line 143: | Line 190: | ||
More explicitly, consumers worry about the loss of data because of restrictions on transferring from one format to another. This may force consumer into repurchasing digital data in another format, when they can easily have the capability of transitioning the format themselves. Another outside concern consumers ask is how do DRM Systems handle the expiration of copyright terms. Do DRM systems release their restrictions when the copyright term expires?<ref name=Helberger>Helberger, Natali. (2004) ‘ Digital Rights Management and Consumer Acceptability: A Multi-Disciplinary Discussion of Consumer Concerns and Expectations’, MPRA Paper No. 6641, posted 08. January 2008 </ref> | More explicitly, consumers worry about the loss of data because of restrictions on transferring from one format to another. This may force consumer into repurchasing digital data in another format, when they can easily have the capability of transitioning the format themselves. Another outside concern consumers ask is how do DRM Systems handle the expiration of copyright terms. Do DRM systems release their restrictions when the copyright term expires?<ref name=Helberger>Helberger, Natali. (2004) ‘ Digital Rights Management and Consumer Acceptability: A Multi-Disciplinary Discussion of Consumer Concerns and Expectations’, MPRA Paper No. 6641, posted 08. January 2008 </ref> | ||
In an interesting development, one company removed DRM from their product about a week after releasing it: | |||
<blockquote> | |||
Our approach to countering piracy is to incorporate superior value in the legal version, This means it has to be superior in every respect: less troublesome to use and install, with full support, and with access to additional content and services. So, we felt keeping the DRM would mainly hurt our legitimate users. This is completely in line with what we said before the release .... We felt DRM was necessary to prevent the game being pirated and leaked before release. This purpose has been served, so we are pleased to let our users enjoy the full freedom of game usage they deserve.[http://arstechnica.com/gaming/news/2011/05/the-witcher-2-patch-removes-drm-improves-framerate.ars]</blockquote> | |||
==== Privacy Concerns ==== | ==== Privacy Concerns ==== | ||
Line 159: | Line 211: | ||
=== Legal problems === | === Legal problems === | ||
There are a number of legal issues around DRM. | There are a number of legal issues around DRM. Similar issues turn up in all jurisdictions, but any of them may play out differently in different legal systems. This makes dealing with them immensely complex, especially in designing a DRM system to be used in many countries. | ||
==== Fair use ==== | ==== Fair use ==== | ||
There is a basic principle of [[copyright]] law, called '''fair use''' <ref>Electronic Frontier Foundation 'Fair Use Frequently Asked Questions (and Answers)', 2002 [http://w2.eff.org/IP/eff_fair_use_faq.php]</ref> in US law. For example, copyright does not prevent quoting a work in a review or analysis, or using it in education. Nor does it prohibit a blind user from using software that will read an e-book aloud for him. | There is a basic principle of [[copyright]] law, called '''fair use''' <ref>Electronic Frontier Foundation 'Fair Use Frequently Asked Questions (and Answers)', 2002 [http://w2.eff.org/IP/eff_fair_use_faq.php]</ref> in US law. For example, copyright does not prevent quoting a work in a review or analysis, or using it in education. Nor does it prohibit a blind user from using software that will read an e-book aloud for him. Other legal systems have the same principle, but the name and the details vary from country to country. British and Canadian law call it "fair dealing". | ||
The principle is clear, but the border is by no means sharply delineated. Between the black of copyright infringement and the white of perfectly legal fair use, there is a large grey area. This is being narrowed down by various court rulings and sometimes altered by new legislation, but will likely never go away entirely. | |||
That principle greatly complicates the design of DRM systems. Copyright law | That principle greatly complicates the design of DRM systems. Copyright law allows fair use; how can DRM software manage that? What do you do about the grey areas? If you ignore fair use, or just misjudge some grey areas, you will infringe on the users' legal rights; what are the market or legal consequences of that? Some current DRM software blocks legitimate fair use; for example some DRM systems will prevent a blind use from having software read a book aloud and, if it worked as designed, CSS on DVDs would prevent a reviewer from using an excerpt in a review. Beyond that, how can a DRM system adapt to changes in the law? | ||
Fair use arguably includes the right to '''time shifting''', for example using a VCR to record a TV program to watch later. In [http://caselaw.lp.findlaw.com/scripts/getcase.pl?navby=CASE&court=US&vol=464&page=417 one case] that was fought all the way to the US Supreme Court, the court ruled that recording TV programs for home use did not violate copyright, so Sony could not be held to be contributing to copyright infringement by selling [[VCR]]s. A similar issue is '''space shifting''', for example copying music from a record or CD to cassette tape for listening in the car or copying a DVD to videotape to watch in another room. In [http://cyber.law.harvard.edu/property00/MP3/rio.html another case,] the court ruled that the Rio, "a portable digital audio device which allows a user to download MP3 audio files from a computer and to listen to them elsewhere.", is also legal fair use. Those decisions appear to mean that it is legal fair use for users to copy music from their CDs, or movies from DVD, onto their hard drives and/or into a portable player. | Fair use arguably includes the right to '''time shifting''', for example using a VCR to record a TV program to watch later. In [http://caselaw.lp.findlaw.com/scripts/getcase.pl?navby=CASE&court=US&vol=464&page=417 one case] that was fought all the way to the US Supreme Court, the court ruled that recording TV programs for home use did not violate copyright, so Sony could not be held to be contributing to copyright infringement by selling [[VCR]]s. A similar issue is '''space shifting''', for example copying music from a record or CD to cassette tape for listening in the car or copying a DVD to videotape to watch in another room. In [http://cyber.law.harvard.edu/property00/MP3/rio.html another case,] the court ruled that the Rio, "a portable digital audio device which allows a user to download MP3 audio files from a computer and to listen to them elsewhere.", is also legal fair use. Those decisions appear to mean that it is legal fair use for users to copy music from their CDs, or movies from DVD, onto their hard drives and/or into a portable player. | ||
However, if the DRM allows those applications, how can it prevent the users from sharing the files? If it does not allow such things, can users legally break the DRM to enforce their rights? Will they just avoid DRM-protected products? | However, if the DRM allows those applications, how can it prevent the users from sharing the files? If it does not allow such things, can users legally break the DRM to enforce their rights? Will they just avoid DRM-protected products? | ||
See also our article on [[Fair use]]. | |||
====First sale doctrine==== | |||
Another issue is the legal doctrine of '''first sale''', essentially that once a company sells a product they no longer control it. | |||
The doctrine applies when a company sells to a distributor; the contract may restrict what the distributor then does with the product, but copyright law imposes no restrictions. | |||
The law on this is somewhat complex. In the US, it goes back to a 1908 Supreme Court decision that a publisher (Bobbs-Merrill) could not prevent a department store (Macy's) from offering books at a discount, even though they had printed right on the flyleaf a statement that no-one was authorised to sell the book below their set price. Later, the first sale principle was explicitly written into the 1976 revision of the Copyright Act [http://www.copyright.gov/title17/92chap1.html#109]. Since then, there have been rulings both ways. In a 1998 case [http://www.law.cornell.edu/supct/html/96-1470.ZO.html] involving American-made hair care products that in the US were marketed at premium prices through salons but were sold more cheaply in Europe, the Court made a unanimous decision that the manufacturer had no right to prevent a New york discounter from buying the products from a European distributor and selling them cheaply in the US. However, in a more recent case [http://www.wired.com/threatlevel/2010/12/scotus-first-sale/] the Court upheld a lower court ruling that a retailer (Costco) violated copyright in importing watches made abroad and selling them without authorisation from the manufacturer (Omega). In yet another case, the court ruled that a Thai student who was importing cheap editions of university textbooks from Thailand to the US and selling them on Ebay was not violating the publisher's copyright [http://www.salon.com/2013/03/19/court_sides_with_student_in_case_over_textbooks/singleton/]. | |||
The first sale idea also applies to the consumer. For example, it would be illegal to copy the DVD and give someone else the copy, but once you have bought it you have the right to use it as you please. | |||
Critics of DRM argue that, for example, movie companies simply do not have the right to prevent a user from fast-forwarding past advertising or buying a DVD in the US and playing it in Europe. To the critics, DRM systems that restrict users in such ways are best described as '''BAD''', for '''Broken As Designed'''. There is no technical reason for such "features"; a system without them would actually be simpler; therefore there is no reason to imagine that users ought to put up with them. One anti-DRM website is called [http://www.defectivebydesign.org/ Defective by Design]. | |||
The argument on the other side is basically that the copyright on the content plus the license agreements for the equipment and content give the companies those rights. Some sort of licensing restrictions (or perhaps some other legal mechanism) seem obviously essential — for example, buying a ticket to a concert should not give the right to record it and sell CDs, and movie companies definitely do not want to give anyone who buys a DVD the right to show it in a theater. The movie and record companies believe that various other restrictions are important as well, and that their licenses give them the right to impose those; this notion is quite controversial. | |||
====Other issues==== | ====Other issues==== | ||
Line 174: | Line 244: | ||
All '''copyrights expire'''; they are only created "for limited Times", to quote the US law. Both legal and technical questions come up when copyright on a DRM-protected work expires. | All '''copyrights expire'''; they are only created "for limited Times", to quote the US law. Both legal and technical questions come up when copyright on a DRM-protected work expires. | ||
'''Privacy laws''' may be an issue if a system with DRM "phones home" to provide usage information to a vendor. What information is provided? How is it used? How is it protected? Is the user informed, or asked for permission? This becomes more complex if the information crosses international boundaries in the process. | |||
==== Illegal DRM? ==== | |||
Some DRM may itself violate laws. For example, the "region codes" on DVDs are intended to segment the market, preventing for example a European (region 2) or Australian (region 4) customer from buying cheaper DVDs from US (region 1) vendors. Film companies insist that this is necessary, but nothing in copyright law grants them that sort of control over their market. Critics argue that the whole business of region codes is a conspiracy by a cartel of film companies, violating the competition and price-fixing laws of many countries and the [[WTO]] restrictions on [http://www.adb.org/Documents/Others/OGC-Toolkits/WTO/wto0400c2.asp Technical Barriers to Trade]. | |||
Such arguments appear to carry little weight with governments; no media company has ever been prosecuted for such actions. However, Australia and New Zealand have banned the sale of DVD players unless they are either region-free or come with instructions for disabling region code enforcement. The US government, on the other hand, has passed the [[DMCA]] making it illegal to provide a "circumvention device" which bypasses "technological protection measures". That is, in the US it may be illegal to defeat region codes, while in Australia it may be illegal to implement them. | |||
Similar arguments apply to DRM on video games. In at least one case | Similar arguments apply to DRM on video games. In at least one case | ||
Line 191: | Line 261: | ||
==== The Sony rootkit ==== | ==== The Sony rootkit ==== | ||
Then there was Sony's DRM "rootkit", of which the chairman of the US [[Federal Trade Commission]] said "Installations of secret software that create security risks are intrusive and unlawful" [http://news.cnet.com/2100-1027_3-6154655.html]. This was software on music CDs that secretly, and without asking permission, installed various things on any Windows computer that played the CD, and hid them from the user with "cloaking" techniques that are commonly used by [[Trojan_(computers)|trojan horse]] programs to hide their activites. | Then there was Sony's DRM "rootkit", of which the chairman of the US [[Federal Trade Commission]] said "Installations of secret software that create security risks are intrusive and unlawful" [http://news.cnet.com/2100-1027_3-6154655.html]. This was software on music CDs that secretly, and without asking permission, installed various things on any Windows computer that played the CD, and hid them from the user with "cloaking" techniques that are commonly used by [[Trojan_(computers)|trojan horse]] programs to hide their activites. | ||
Sony took a great deal of media flak [http://news.bbc.co.uk/2/hi/technology/4456970.stm BBC], [http://news.cnet.com/FAQ-Sonys-rootkit-CDs/2100-1029_3-5946760.html CNET] [http://www.usatoday.com/tech/columnist/andrewkantor/2005-11-17-sony-rootkit_x.htm USA Today] over that. There was also a consumer class action suit, [http://www.eff.org/cases/sony-bmg-litigation-info settled] out of court. [[Bruce Schneier]]'s | Mark Russinovich discovered it | ||
<ref>{{citation | |||
| url = http://blogs.technet.com/markrussinovich/archive/2005/10/31/sony-rootkits-and-digital-rights-management-gone-too-far.aspx | |||
| title = Sony, Rootkits and Digital Rights Management Gone Too Far | |||
| author = Mark Russinovich | |||
| date = October 2005 | |||
}}</ref> | |||
while testing a tool designed to find [[Rootkit_(computers)|rootkits]]; the things an attacker leaves behind after breaking into a computer and acquiring root (administrator) privileges. Imagine his surprise when he found one, installed by Sony! | |||
Sony took a great deal of media flak [http://news.bbc.co.uk/2/hi/technology/4456970.stm BBC], [http://news.cnet.com/FAQ-Sonys-rootkit-CDs/2100-1029_3-5946760.html CNET] [http://www.usatoday.com/tech/columnist/andrewkantor/2005-11-17-sony-rootkit_x.htm USA Today] over that. There was also a consumer class action suit, [http://www.eff.org/cases/sony-bmg-litigation-info settled] out of court. [[Bruce Schneier]]'s analysis is interesting: "While Sony could be prosecuted under U.S. cybercrime law, no one thinks it will be." and "What do you think of your antivirus company, the one that didn't notice Sony's rootkit as it infected half a million computers? ... This is exactly the kind of thing we're paying those companies to detect -- especially because the rootkit was phoning home." | |||
<ref name=schneierblog>{{citation | |||
| author = Bruce Schneier | |||
| url = http://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html | |||
| title = Sony's DRM Rootkit: The Real Story | |||
| date = November 2005 | |||
}}</ref> | |||
==== Ubisoft DRM rootkit ==== | |||
In 2012, the DRM system for one edition of the game [[Assasin's Creed]] was found to install a backdoor that allowed remote control of the victim PC. [http://www.geek.com/articles/games/ubisoft-uplay-drm-found-to-include-a-rootkit-20120730/] | |||
==== DRM that violates copyright ==== | |||
Media companies may be quite interested in protecting their own "intellectual property", but in some cases they may not have much respect for other people's. | |||
{{cquote|Sony's rootkit -- designed to stop copyright infringement -- itself may have infringed on copyright. As amazing as it might seem, the code seems to include an open-source MP3 encoder in violation of that library's license agreement. <ref name=schneierblog/>}} | |||
In 2010, a German firm sued Warner Brothers, accusing them of using pirated anti-piracy technology. | |||
{{cquote|"We disclosed our anti-piracy technology to Warner Bros. in 2003 at their request, under strict confidentiality, expecting to be treated fairly," the company said in a statement. "Instead, they started using our technology extensively without our permission and without any accounting to us." <ref name=escapist>{{citation | |||
| author = Andy Chalk | |||
| title = Warner Bros. Sued for Pirating Anti-Piracy Technology | |||
| url = http://www.escapistmagazine.com/news/view/100937-Warner-Bros-Sued-for-Pirating-Anti-Piracy-Technology | |||
|date = May 2010 | |||
}}</ref>}} | |||
=== Technical problems === | === Technical problems === | ||
DRM is attempting a fundamentally difficult task. Security author [[Bruce Schneier]] states of DRM: "Trying to make digital files uncopyable is like trying to make water not wet."<ref>Bruce Schneier | DRM is attempting a fundamentally difficult task. Security author [[Bruce Schneier]] states of DRM: "Trying to make digital files uncopyable is like trying to make water not wet." | ||
<ref>{{citation | |||
| author =Bruce Schneier | |||
| title = Quickest Patch Ever | |||
| url = http://www.schneier.com/essay-126.html | |||
| date = September 2006 | |||
}}</ref> | |||
In particular cases, the costs may be quite high. Another well-known security expert, Peter Gutmann, wrote of Microsoft DRM efforts: "The Vista Content Protection specification could very well constitute the longest suicide note in history"<ref>Peter Gutmann 'A Cost Analysis of Windows Vista Content Protection' [http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.html]</ref>. | In particular cases, the costs may be quite high. Another well-known security expert, [[Peter Gutmann]], wrote of Microsoft DRM efforts: "The Vista Content Protection specification could very well constitute the longest suicide note in history"<ref>Peter Gutmann 'A Cost Analysis of Windows Vista Content Protection' [http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.html]</ref>. | ||
Why is this so difficult? Assume you are a totally legal user of the material protected by DRM, and all the security tests for your music, or your software, are successful. To hear the music, it has to be put into a form the speakers will reproduce. At some point between the DRM-protected recording and the speaker, the signal has to be put into a useful form. Once it is in that form, how does the DRM enforcer prevent it from being copied? | Why is this so difficult? Assume you are a totally legal user of the material protected by DRM, and all the security tests for your music, or your software, are successful. To hear the music, it has to be put into a form the speakers will reproduce. At some point between the DRM-protected recording and the speaker, the signal has to be put into a useful form. Once it is in that form, how does the DRM enforcer prevent it from being copied? | ||
One of the great problems with encryption is hiding decrypted content. In order to hide it from user applications, DRM-enabled players decrypt content in kernel mode and check for unsigned drivers. Some DRM developers suggest using TPM chip to | One of the great problems with encryption is hiding decrypted content. In order to hide it from user applications, DRM-enabled players decrypt content in kernel mode and check for unsigned drivers. Some DRM developers suggest using a [[TPM]] chip to ensure that the operating system is genuine and only signed drivers can be loaded. In such systems DRM drivers can control computer completely and perfectly hide the decryption process. | ||
The problem of protecting material on a DVD or other physical storage device are simple when compared to delivering content across the Internet. Think of pay-per-view television. Even in [[encryption|encrypted]] form, it has to pass through intermediate distribution points on the Internet; the general distribution problem here is part of [[inter-domain multicast routing]] (IDMR). How do the legal users get the [[cryptographic key|decryption key]] for the program for which they have paid, and only for that program? Can anyone along the path from content user to content buyer intercept that key and use it? If so, will the legitimate user still be able to use it? Alternatively, can the stolen key be distributed? | The problem of protecting material on a DVD or other physical storage device are simple when compared to delivering content across the Internet. Think of pay-per-view television. Even in [[encryption|encrypted]] form, it has to pass through intermediate distribution points on the Internet; the general distribution problem here is part of [[inter-domain multicast routing]] (IDMR). How do the legal users get the [[cryptographic key|decryption key]] for the program for which they have paid, and only for that program? Can anyone along the path from content user to content buyer intercept that key and use it? If so, will the legitimate user still be able to use it? Alternatively, can the stolen key be distributed? | ||
The [[ACM]] run an annual [http://www.ece.unm.edu/DRM2008/ workshop on DRM]. | The [[ACM]] run an annual [http://www.ece.unm.edu/DRM2008/ workshop on DRM]. | ||
Line 231: | Line 340: | ||
==References== | ==References== | ||
{{reflist|2}} | {{reflist|2}}[[Category:Suggestion Bot Tag]] |
Latest revision as of 11:00, 7 August 2024
This article may be deleted soon. | ||||||||
---|---|---|---|---|---|---|---|---|
Digital rights management (DRM) refers to the laws and technologies which provide intellectual property owners control over the distribution and use of their material by controlling consumers' use of it. The claimed goals are to prevent copying of digital media and to restrict access and content use to what is allowed by copyright law.[1] Critics refer to it as "Digital Restrictions Management", and argue that many of the restrictions it enforces go well beyond the rights granted by law. HistoryCopyright law is the earliest form of intellectual property protection. This area of law developed for print media, long before copying machines and digital media, and has not necessarily kept pace with technology. Legal BackgroundThe copyright since its formal creation in 1710 by the British Statute of Anne and its inclusion in the U.S. Constitution[2] has been the main protection scheme for intellectual property rights for creative information goods and services. Article I, Section 8, Clause 8 of the U.S. Constitution: "To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries." Copyright law grants exclusive legal ownership of information under specific conditions and terms. Through two major revisions of U.S. copyright law in 1909 and 1976,[3] the range of content and media forms covered by legislation were expanded. During the pre-digital era, large-scale copying was expensive and usually resulted in degraded content. The development of electronic and digital media transformed the production and distribution of information goods and services. In digital form, the content could be copied perfectly or easily converted to another form or format, and thus lifted the physical constraints of copying. The rise of digital media and networks made sharing and copying not only easier for traditional information "pirates", but also made it easier for individuals. Unlike the "pirates" whose unauthorized copies were for commercial gain, individual copying stems from behavioral norms from traditions of fair use and first-sale rights. The rise of unlicensed and illegal copying and distribution of intellectual property cast doubts on whether a copyright provided enough protection in the wake of continued digital innovations. Copyright owners responded by developing technological copyright protection mechanisms (CPM) in order to make copying more costly and difficult. For CPM to succeed, legal enforcement was needed to ensure the uniform adoption of technologies and that any attempt to circumvent them would be criminalized. The U.S. 1998 Digital Millennium Copyright Act (DMCA) provided for enforcement of copyright protection mechanisms. The development of schemes that were capable of not only preventing or limiting copying, but also controlling the distribution and uses of digital media eventually became collectively known as digital rights management[1]. Music: The first to be hitInitially, writing and written works were the primary focus of this legislation: technology, or lack of it, protected other art forms, such as film and music, from being easily copied or distributed in a way that required heavy enforcement. The ConditionsHowever, as technology improved exponentially in the past half century, the copying of these art forms became more and more an issue. Eventually, a tipping point was reached, and music was the form of media that was hit head on with the problem of copying becoming so easy, that copyright violation became an unenforceable law. Although there are many theories as to why music was first, several factors are credited:
The ReactionAs a result of these conditions, starting with the release of the Napster sharing service in 1999, the music industry began to react to the growing amount of file sharing that was occurring via various services. The music industry, through the RIAA, decided on three primary avenues of advance to thwart this growing problem:
Consumer Backlash to the RIAAIn purely economic terms, the record companies were executing textbook strategy: Lower the cost of purchasing a track online, raise the cost of sharing or downloading one, and eventually your consumer base will switch to the cheaper option. However, the RIAA failed to consider the nightmare they could produce by suing their consumers, many of whom were children[8]. As a result, there was a backlash towards the RIAA and big music in general[9], and although sales of digital music rose quickly, the PR of the music industry took a heavy hit. Additionally, the introduction of DRM was not as well received as the industry would have liked. The fact that DRM soiled a product that consumers were used to purchasing without strings drove many away from the services offered by the record companies. Recovery: The movement away from DRMResponding to consumer demand and the practicality of the changing industry, a host of music services have recently begun to sell music that is DRM free. Although the record companies are slow to accept this reality, it is beginning to become an industry trend. [10] Some services to recently offer DRM-Free services are: Film: Learning from Music's MistakesTrying to not make the same mistakes as their music counterparts, the film and TV industry is attempting to be faster in the adaptation of digital distribution. Forms of DRM were introduced in both the DVD and Blu-Ray formats. The DVD format was cracked in the 90's, and weaknesses in Blu-Ray were found within months of release. [13] [14] However, the industry as a whole is beginning to accept the idea that fewer and fewer consumers are accessing their content via physical media, and more and more are switching to digital or streaming services. Rather then fighting the tide of digitization as the music industry did, the film and TV industry is trying to move faster to offer reasonable services to consumers that match the demand:
DRM ApproachesEncryptionEarly DRM relied on encryption, using a content encoding system and then limiting access to the decoding technology. All control over future use was lost once the content was decoded, and any protection against illegal copying still relied on copyright law. CSSAn example is the DVD Forum's Contents Scrambling System (CSS) which provided a common means of encoding for all movies on DVD. Any firm producing players or software to view the encoded movies was supposed to license the decoding system from the forum. Despite industry claims, this scheme was not designed to prevent copying — a bit-for-bit copy of a DVD would play on any player that the original would. What it did attempt was to control usage of the DVDs. CSS includes a system of region codes such that, for example, a DVD sold in North America (region 1) will not play on a player sold in Europe (region 2).This allows the movie companies more control over their markets, for example charging higher prices in some regions or holding back DVD release for a region until after the cinema release there. There are other controls as well; for example the fast-forward control is locked out during the opening section of the disk so that a user cannot bypass the advertising or movie previews there. Not all vendors follow the Forum's rules; there are many "region-free" DVD players on the market; see for example, this site. Also, some players that normally implement region codes can be set to ignore them, either in software or by replacing a chip; there are guides on the net for that as well. In some markets, such as China, nearly all players are region-free. In others, such as Europe, buyers tend to prefer them. One of Britain's largest retailers, Tesco found massive demand for such players and asked the movie industry to drop region codes altogether [18]. NASA sent Sony players, modified to be region-free, to the International Space Station [23]; Sony were not entirely happy about this. There is a later variant called RCE or "regional coding enhancement" [24] intended to block play of new discs on region-free players. DeCSSFor playing DVDs on a computer, the CSS scheme is easily bypassed; there are a number of programs which do this. The first one to become widespread was a decoder for Windows known as DeCSS.[1] There was a great deal of controversy on the net and in the courts over this.
There are archives of documents from both cases at Harvard and EFF. Harvard also has a FAQ document covering both legal and technical issues. One issue was whether the DeCSS code qualifies as protected speech under the First Amendment of the U.S. Constitution. A earlier court ruling in the Bernstein case over export restrictions on cryptography had set a precedent that those protections sometimes apply to code. However, in the MPAA case, the judge ruled that they did not apply to DeCSS. So some code is protected, other code is not. Computer science professor David Touretzky has a Gallery of CSS Descramblers exploring where the border might lie. CSS analysisCSS is obviously a flawed cryptosystem. It is weak in theory — David Wagner testified in one case that he asks his Berkeley students to break it as a homework assignment — and weak in practice since DeCSS (a reasonably short, simple and fast program) defeats it completely. What went wrong? First, CSS was designed to be weak; it used a stream cipher for the bulk data encryption, and some additional things for key management The system as a whole used only a 40-bit key, to comply with cryptography export laws of the time (mid-90s). For why a short key makes any cipher inherently weak see brute force attack. For discussion of debate about those laws see politics of cryptography. In this case, it may not have been US law that imposed bad cryptography. CSS was designed by Mitsubishi engineers and at the time, Japan also had strict export laws. Second, CSS was designed and even standardized in secret, without a public review that might have caught various design weaknesses. In some court cases DVD-CCA even claimed its inner workings were trade secrets. This violates Kerckhoffs'_Principle; no cipher should be trusted until it is published and reviewed. See cryptography is difficult for discussion of this common problem. For a full paper cryptanalysing CSS, see Cryptanalysis of Contents Scrambling System. It indicates that CSS did not even achieve 40-bit security, more like 25; this is so weak it can conveniently be broken on demand. Later DVD encryptionLater DVD products such as DVD audio use a block cipher called Cryptomeria or C2. It is a Feistel cipher which uses S-boxes. It has ten rounds, 64-bit blocks, and a 56-bit key. C2 is used in Content Protection for Recordable Media and Content Protection for Pre-Recorded Media, collectively known as CPRM/CPPM. The cipher itself has been published, but the S-boxes are secret and different for each application. There has been some published cryptanalysis of the cipher [19] [20]. Blu-ray disksFor the new higher-density Blu-ray disks, Intel designed a new DRM system called High Definition Content Protection; this is administered by Digital Content Protection LLP. It has been broken.
Some have argued that DRM is a major reason Blu-ray is not doing as well as expected in the market[21]. MarkingThis DRM approach entails the encoding of markers into the digital content that can be used for description, identification, protection, monitoring, tracking, and limiting uses of that content. Combining this approach with the technology to read the markers and abide by the markers allows for even greater control over management of digital content than the encryption approach. It may also provide ways of tracking down copiers. For example, if a "pirate" DVD version of a film appears when the movie has only been legally released in theaters or as video-on-demand over cable, it maybe possible to find markings in the DVD version that show which theater or which cable customer provided the material. Examples of the marking approach to DRM can be found in downloaded music from content providers such as Apple, Microsoft, RealNetworks, and Sony. A future example is the broadcast flag system which is being proposed for U.S. digital television which would allow cable networks to limit the copying or distribution of their programming.[1] Some marking methods hide the markings using techniques from steganography. In other cases, the markings are quite visible; for example photographs on the web often have the photographer's name or the website URL printed across them to discourage copying. NEC have announced [26] an advanced marking system, to be included in the MPEG 7 standard, that puts a mark on every frame of a video. Rights LockerThe "rights locker" approach drastically changes the way in which digital content can be used. Instead of owning copies of the digital media, the consumer owns a set of rights to access the content from a central digital network using a specified range of devices.[1] Examples of this approach include On-demand TV content and Netflix's watch instantly service where users are allowed temporary local copies while viewing the programming. Difficulties of DRM
Consumer attitudesMany people find DRM systems to be a hindrance to the use of the media they have purchased, and some consumers actively boycott companies and products that use DRM. Many consumers express a preference for material that is not 'hindered' with DRM protections. The attitude of companies that use DRM is widely perceived as "the customer is always wrong". DRM also seems to be doing very little to stop copyright infringement: "today, infringement is more widespread than ever"[23]. One online joke collection includes "Copy Protection: A clever method of preventing incompetent pirates from stealing software and legitimate customers from using it."[27] Access and Usage ConcernsConsumers have many concerns in regards to access and usage of various content due to DRM systems/restrictions. Consumer opinions are to keep the rights of the consumer from the analogue realm to be the same in the digital realm. Some rights that users are concerned about losing are their abilities to create private backup copies, excerpt, transition data from one device to another, record for future use, and editing content for personal use. More explicitly, consumers worry about the loss of data because of restrictions on transferring from one format to another. This may force consumer into repurchasing digital data in another format, when they can easily have the capability of transitioning the format themselves. Another outside concern consumers ask is how do DRM Systems handle the expiration of copyright terms. Do DRM systems release their restrictions when the copyright term expires?[24] In an interesting development, one company removed DRM from their product about a week after releasing it:
Privacy ConcernsThe main user concern in regards to privacy is the ability for the DRM systems to record and transmit consumer usage of particular products and digital data. This becomes a double edged sword. Some users enjoy this feature; for instance, recommended music/videos/books appeals to some users when trying to find something new to experience. Other users complain about this claiming they are being targeted more easily by data/media providers. There are also concerns in passing private information over the internet such as credit card information to make purchases. These are difficult concerns to balance for DRM systems. Consumers recommend the following: DRM Systems should store "no more data than necessary" and store data for "no longer than necessary". These systems should also be complex enough to inform consumers of all data that is shared about them. Consumers should have the opportunity to regulate how much the DRM system can/can't report or share.[24] Interoperability ConcernsInteroperability is a difficult concern to deal with because it tries to balance users being able to use their media on many machines/programs without any problems, but the industry must also worry about how to protect against the distribution to unauthorized users. Some recommendations are to allow for portability and compatibility with multiple devices, an open standard for the various devices, and no platform restrictions for consumers. Consumers should not have to re-purchase media for use on another device.[24] Security ConcernsThere is a concern that some DRM systems will require an internet connection and opening up vulnerabilities to the consumers' computers or limit the ability of current software on their computers. This concern falls mostly with "trusted computing" which in order to work, according to consumers, "trusted computing" providers must be a certified provider and must allow the consumer to set the level of security.[24] Business ConcernsConsumers do not like where some of the business concepts are going such as all post purchase control, inability to share across multiple devices used by the consumer, usage tracking, and file expiration. Some other concerns are the advantages bigger companies have over smaller/medium sized companies in regards to DRM licensing costs, the price control of online products versus conventional counterparts, and technology advances that will be held back by embedded players/devices. [24] Legal problemsThere are a number of legal issues around DRM. Similar issues turn up in all jurisdictions, but any of them may play out differently in different legal systems. This makes dealing with them immensely complex, especially in designing a DRM system to be used in many countries. Fair useThere is a basic principle of copyright law, called fair use [25] in US law. For example, copyright does not prevent quoting a work in a review or analysis, or using it in education. Nor does it prohibit a blind user from using software that will read an e-book aloud for him. Other legal systems have the same principle, but the name and the details vary from country to country. British and Canadian law call it "fair dealing". The principle is clear, but the border is by no means sharply delineated. Between the black of copyright infringement and the white of perfectly legal fair use, there is a large grey area. This is being narrowed down by various court rulings and sometimes altered by new legislation, but will likely never go away entirely. That principle greatly complicates the design of DRM systems. Copyright law allows fair use; how can DRM software manage that? What do you do about the grey areas? If you ignore fair use, or just misjudge some grey areas, you will infringe on the users' legal rights; what are the market or legal consequences of that? Some current DRM software blocks legitimate fair use; for example some DRM systems will prevent a blind use from having software read a book aloud and, if it worked as designed, CSS on DVDs would prevent a reviewer from using an excerpt in a review. Beyond that, how can a DRM system adapt to changes in the law? Fair use arguably includes the right to time shifting, for example using a VCR to record a TV program to watch later. In one case that was fought all the way to the US Supreme Court, the court ruled that recording TV programs for home use did not violate copyright, so Sony could not be held to be contributing to copyright infringement by selling VCRs. A similar issue is space shifting, for example copying music from a record or CD to cassette tape for listening in the car or copying a DVD to videotape to watch in another room. In another case, the court ruled that the Rio, "a portable digital audio device which allows a user to download MP3 audio files from a computer and to listen to them elsewhere.", is also legal fair use. Those decisions appear to mean that it is legal fair use for users to copy music from their CDs, or movies from DVD, onto their hard drives and/or into a portable player. However, if the DRM allows those applications, how can it prevent the users from sharing the files? If it does not allow such things, can users legally break the DRM to enforce their rights? Will they just avoid DRM-protected products? See also our article on Fair use. First sale doctrineAnother issue is the legal doctrine of first sale, essentially that once a company sells a product they no longer control it. The doctrine applies when a company sells to a distributor; the contract may restrict what the distributor then does with the product, but copyright law imposes no restrictions. The law on this is somewhat complex. In the US, it goes back to a 1908 Supreme Court decision that a publisher (Bobbs-Merrill) could not prevent a department store (Macy's) from offering books at a discount, even though they had printed right on the flyleaf a statement that no-one was authorised to sell the book below their set price. Later, the first sale principle was explicitly written into the 1976 revision of the Copyright Act [29]. Since then, there have been rulings both ways. In a 1998 case [30] involving American-made hair care products that in the US were marketed at premium prices through salons but were sold more cheaply in Europe, the Court made a unanimous decision that the manufacturer had no right to prevent a New york discounter from buying the products from a European distributor and selling them cheaply in the US. However, in a more recent case [31] the Court upheld a lower court ruling that a retailer (Costco) violated copyright in importing watches made abroad and selling them without authorisation from the manufacturer (Omega). In yet another case, the court ruled that a Thai student who was importing cheap editions of university textbooks from Thailand to the US and selling them on Ebay was not violating the publisher's copyright [32]. The first sale idea also applies to the consumer. For example, it would be illegal to copy the DVD and give someone else the copy, but once you have bought it you have the right to use it as you please. Critics of DRM argue that, for example, movie companies simply do not have the right to prevent a user from fast-forwarding past advertising or buying a DVD in the US and playing it in Europe. To the critics, DRM systems that restrict users in such ways are best described as BAD, for Broken As Designed. There is no technical reason for such "features"; a system without them would actually be simpler; therefore there is no reason to imagine that users ought to put up with them. One anti-DRM website is called Defective by Design. The argument on the other side is basically that the copyright on the content plus the license agreements for the equipment and content give the companies those rights. Some sort of licensing restrictions (or perhaps some other legal mechanism) seem obviously essential — for example, buying a ticket to a concert should not give the right to record it and sell CDs, and movie companies definitely do not want to give anyone who buys a DVD the right to show it in a theater. The movie and record companies believe that various other restrictions are important as well, and that their licenses give them the right to impose those; this notion is quite controversial. Other issuesAll copyrights expire; they are only created "for limited Times", to quote the US law. Both legal and technical questions come up when copyright on a DRM-protected work expires. Privacy laws may be an issue if a system with DRM "phones home" to provide usage information to a vendor. What information is provided? How is it used? How is it protected? Is the user informed, or asked for permission? This becomes more complex if the information crosses international boundaries in the process. Illegal DRM?Some DRM may itself violate laws. For example, the "region codes" on DVDs are intended to segment the market, preventing for example a European (region 2) or Australian (region 4) customer from buying cheaper DVDs from US (region 1) vendors. Film companies insist that this is necessary, but nothing in copyright law grants them that sort of control over their market. Critics argue that the whole business of region codes is a conspiracy by a cartel of film companies, violating the competition and price-fixing laws of many countries and the WTO restrictions on Technical Barriers to Trade. Such arguments appear to carry little weight with governments; no media company has ever been prosecuted for such actions. However, Australia and New Zealand have banned the sale of DVD players unless they are either region-free or come with instructions for disabling region code enforcement. The US government, on the other hand, has passed the DMCA making it illegal to provide a "circumvention device" which bypasses "technological protection measures". That is, in the US it may be illegal to defeat region codes, while in Australia it may be illegal to implement them. Similar arguments apply to DRM on video games. In at least one case [26] the Australian Competition Commission intervened on the side of someone being sued by Sony for "chipping" a game console, arguing that region codes exist not to prevent copying but to make certain games unplayable. The Sony rootkitThen there was Sony's DRM "rootkit", of which the chairman of the US Federal Trade Commission said "Installations of secret software that create security risks are intrusive and unlawful" [33]. This was software on music CDs that secretly, and without asking permission, installed various things on any Windows computer that played the CD, and hid them from the user with "cloaking" techniques that are commonly used by trojan horse programs to hide their activites. Mark Russinovich discovered it [27] while testing a tool designed to find rootkits; the things an attacker leaves behind after breaking into a computer and acquiring root (administrator) privileges. Imagine his surprise when he found one, installed by Sony! Sony took a great deal of media flak BBC, CNET USA Today over that. There was also a consumer class action suit, settled out of court. Bruce Schneier's analysis is interesting: "While Sony could be prosecuted under U.S. cybercrime law, no one thinks it will be." and "What do you think of your antivirus company, the one that didn't notice Sony's rootkit as it infected half a million computers? ... This is exactly the kind of thing we're paying those companies to detect -- especially because the rootkit was phoning home." [28] Ubisoft DRM rootkitIn 2012, the DRM system for one edition of the game Assasin's Creed was found to install a backdoor that allowed remote control of the victim PC. [34] DRM that violates copyrightMedia companies may be quite interested in protecting their own "intellectual property", but in some cases they may not have much respect for other people's.
In 2010, a German firm sued Warner Brothers, accusing them of using pirated anti-piracy technology.
Technical problemsDRM is attempting a fundamentally difficult task. Security author Bruce Schneier states of DRM: "Trying to make digital files uncopyable is like trying to make water not wet." [30] In particular cases, the costs may be quite high. Another well-known security expert, Peter Gutmann, wrote of Microsoft DRM efforts: "The Vista Content Protection specification could very well constitute the longest suicide note in history"[31]. Why is this so difficult? Assume you are a totally legal user of the material protected by DRM, and all the security tests for your music, or your software, are successful. To hear the music, it has to be put into a form the speakers will reproduce. At some point between the DRM-protected recording and the speaker, the signal has to be put into a useful form. Once it is in that form, how does the DRM enforcer prevent it from being copied? One of the great problems with encryption is hiding decrypted content. In order to hide it from user applications, DRM-enabled players decrypt content in kernel mode and check for unsigned drivers. Some DRM developers suggest using a TPM chip to ensure that the operating system is genuine and only signed drivers can be loaded. In such systems DRM drivers can control computer completely and perfectly hide the decryption process. The problem of protecting material on a DVD or other physical storage device are simple when compared to delivering content across the Internet. Think of pay-per-view television. Even in encrypted form, it has to pass through intermediate distribution points on the Internet; the general distribution problem here is part of inter-domain multicast routing (IDMR). How do the legal users get the decryption key for the program for which they have paid, and only for that program? Can anyone along the path from content user to content buyer intercept that key and use it? If so, will the legitimate user still be able to use it? Alternatively, can the stolen key be distributed? The ACM run an annual workshop on DRM. DRM ImplementationsSeveral music sellers and distributors over the years have tried a number of DRM implementations: Apple iTunesApple was the first company to capitalize on the digital music market by being the first acquire music selling licenses from the big 4 record companies. Apple's Music Service, iTunes Store, has infamously used DRM since it's inception. Although their DRM is easily cracked[32], recently iTunes has introduced a new iTunes Plus service which offers DRM-free music, and Apple is toying with the idea of removing DRM from it's services altogether[33]. RhapsodyRhapsody, the digital music service started by RealNetworks, is one of the most popular online music services with 2.25 million paid subscribers[34]. Rhapsody offers streaming music and DRM music downloads for a monthly subscription fee[35] Napster 2.0Napster 2.0 or the Napster Pay Service, is a DRM-enabled (specically Microsoft's Playsforsure-protected) music licensing service offering unlimited licensed MP3's for a monthly fee. As of April 2007, Napster 2.0 is reported to have 830,000 subscribers[36]. Napster also has a DRM free version of it's music store, which was opened in mid-2008 [37] imeemimeem is a streaming music social network. Until recently, imeem only offered music via DRM, but has recently removed DRM from it's services, reflecting an industry trend[38] References
|