The Publisher over Your Shoulder
By Grant Painter ( bio)
Emerging technologies offer content owners new control over the distribution and use of digital intellectual property. Although these technologies have been slow to develop in the marketplace, their implementation could fundamentally change the distribution and sale of information for publishers, consumers and libraries.
When a library patron pulls a book off the shelf and takes it home to read, there are no obvious strings attached. The reader can examine the item as often as she likes, wherever she likes, and may copy portions of the text for her personal use. As the owner of the book, the library is free to loan or even resell it. Of course, librarians and responsible readers understand that there are invisible restrictions, designed to protect the author and/or publisher by discouraging unauthorized uses. The reader is legally constrained from excessive copying and redistribution of the text, while the library's use may be limited in accordance with license agreements.
With the increasing prominence of the Internet and other methods of digital distribution, content owners are no longer comfortable simply discouraging unauthorized behavior, and are experimenting with new methods to prevent unauthorized uses by technological means. The problems of protecting digital information are well publicized-digital content is easy to copy, manipulate and redistribute. Many content owners now argue that the only way to protect intellectual property from electronic pirates is to exercise complete control over copying and other uses at all times, even after a customer has purchased the content.
The new technologies, often referred to as Digital Rights Management ("DRM"), extend from relatively simple copy control to more ambitious schemes designed to specify 'usage rules'. The implementation of usage rules could allow the content owner to attach many new strings to any purchased digital information product, dictating how often and when the reader may access the text, how much of the text the user may copy, and how the information is redistributed. The comprehensive control offered by DRM technologies opens up many new business possibilities for content owners, including pay-per-use, time-limited rental and copying fees. Although the purpose of DRM technologies is rooted in legitimate security concerns, many DRM companies and content owners have begun to experiment with the technology's new opportunities for extracting value from consumers. While readers may not be reduced by these strings to complete puppets (they can at least interpret the information as they wish) they may soon find that they are no longer purchasing a book or video, but a set of very limited rights to access information.
The simplest technological control measures have been around for years and are familiar to many librarians and researchers. These systems limit access to a class of authorized users through an authentication process, like simple password systems or IP source filtering. Although the content is protected from theft by outside parties, no further barriers prevent unauthorized activity once the user gains access.
More recent technological approaches have focussed on preventing certain behavior by authorized users as well as intruders. Although there are several approaches to this level of control, most DRM technologies share a few common features. First, the DRM technology usually encrypts the information to provide persistent protection. While encryption ordinarily involves exchanging keys to decrypt transmitted files, DRM encryption often conceals the key from the end user, since the user must never have full access to the information. Many DRM systems use encryption as a way of packaging information along with associated rules in a "box" or "envelope". Encryption may also limit content to a particular device by using an identification number in the device as a part of the encryption key.
A second common element in DRM systems is a method for overriding existing operating system capabilities, allowing access to the encrypted text only in accordance with the specified usage rules. This element can be a special software program, a special purpose chip installed in a user device or even a Java application. DRM systems also depend on secure payment methods, including credit cards, micro-payments from an established account (a 'digital wallet'), or pre-charged smart cards. The DRM software or device communicates with an external server or smart card to authenticate the user's purchased rights, selectively decrypts the content in accordance with the rights, and prevents activities not included in those rights. For example, a DRM system can prevent printing, disable copying or prevent cut/paste operations. Alternately, these functions may be allowed for a fee, or for a limited number of uses.
A DRM system also may keep a record of the user's activity. Metering and tracking is essential to DRM technology because it allows the content seller to verify that information is only accessed as specified by the usage rules. The metering and tracking capability allows the DRM to change the status of the content in accordance with user activity, an important feature if access rights are limited to a set number of uses. DRM systems may also include a secure clock, allowing a content owner to set time limitations for access.
The effective copy control promised by DRM technology also allows new ways to sell digital information via subscription, rental, trial offers, etc. One of the most popular buzzwords advertised by new DRM companies is 'superdistribution'. Superdistribution allows content owners to profit every time a user forwards content to a friend or colleague, since the DRM rights are specific to one device and the new recipients would need to purchase access to the file.
To date, DRM systems in the market are primarily concerned with copy control. However, numerous DRM companies offer more ambitious systems, including ContentGuard, IBM, Softlock, and Intertrust. Meanwhile, publishers, record companies and others have expressed interest in comprehensive DRM systems. One prominent attempt to control copying has been launched by the recording industry in response to the perceived piracy threat from the popular MP3 compression method. The Secure Digital Music Initiative (SDMI) is a standards group devoted to developing specifications for protected audio products. The specifications announced so far depend on digital watermarks as triggers to verify the authenticity of SDMI files. Without the trigger, the SDMI compliant device will not play the file. SDMI specifications also provide for copying limitations and, in the future, compliance with usage rules.
Many companies also believe that effective DRM is a prerequisite for the development of a market for electronic books. The recent Stephen King eBook "Riding the Bullet" was sold in various copy-protected formats by DRM companies Softlock, Glassbook, and others. A number of prominent software, publishing and DRM companies have participated in the EBX group to discuss possible standards for protection of electronic books. The draft specification published by the group allows potential usage rules to be specified by the publisher, including limited copying, time-sensitive usage and superdistribution. The EBX draft specification relies on the idea that only one copy of each purchased text can be active at any one time. As a result, the method may allow transfer and loan capabilities crucial to libraries, although these capabilities will be left within the discretion of the publisher.
Outside of EBX, several companies are distributing electronic texts with the aid of DRM technologies. Along with many smaller companies, Microsoft and Adobe have announced new reader software for electronic books, incorporating DRM technology for content protection. Many DRM companies have chosen to make their products compatible with Adobe's very popular PDF file format, allowing easy access to millions of potential customers.
ContentGuard is a DRM subsidiary of Xerox, now being spun off as a separate company with the aid of an investment by Microsoft. The company has entered partnerships with Reciprocal (a DRM tracking company) and several publishers to offer DRM-protected academic texts. ContentGuard is also a central participant in the adoption of the XRML standard. XRML (Extensible Rights Markup language) provides a standard terminology for description of permissible rights attached to digital content.
Intertrust is one of the most established DRM companies, involved in numerous partnerships to offer DRM protection to music, video and text. Like other systems, Intertrust employs cryptographic envelopes, usage rules, and a flexible method for resolving and authenticating purchased rights. Intertrust has recently announced that its DRM solution will be included on millions of disks distributing new AOL software, an important expansion of DRM technology into a popular ISP/content platform.
Although many DRM marketing plans are aimed at mass-market entertainment products, several companies have tailored their business models directly to libraries and research institutions. Netlibrary charges an annual fee for full access to a group of electronic texts selected by the library, although only one copy of a work is available for use at any time. The system discourages extensive copying by rendering texts one page at a time (just-in-time decryption) and detecting suspicious printing patterns. Ebrary, a forthcoming service, will allow full access to a universe of materials, but will charge customers for printing or other additional services through an electronic wallet system. MediaDNA sells access to individual scholarly journal articles from various publisher partners through its "Knowledge Stor" Web site. MediaDNA promises persistent copy control, usage rules specified by the publisher, and the ability to prevent printing or copying in accordance with those rules.
The most urgent advocates of DRM technologies are the industries already involved in mass distribution of digital content-music and video. Although electronic texts have increased in prominence in recent years, digital distribution remains a tiny fraction of the publishing industry. However, the growth of digital distribution combined with the widespread deployment of comprehensive DRM technology could have serious consequences for the pattern of knowledge distribution. If pay-per-use becomes prevalent, public access and use of information could be discouraged, and research could suffer. Customers could pay more for less information, while research institutions might face increased costs.
DRM could also change the role of libraries, reducing their effectiveness by imposing excessive restrictions on the distribution of information. On the other hand, several DRM companies acknowledge the importance of libraries to their strategy, although their approach may try to exploit the library as a retail platform. For example, if the loan period for a library-owned digital text expires, the DRM software may give the patron the option of buying the product. A DRM system might also charge library patrons for printing or copying digital files.
Before any of the dreams or nightmares of DRM are fully realized, numerous obstacles and uncertainties remain. Content sellers will hesitate to adopt DRM technologies if they perceive that the systems aren't really secure. Although DRM systems offer varying levels of protection, most observers agree that existing systems are vulnerable to resourceful and determined hackers. In recent months, access control systems for DVD and music have been compromised by groups of hackers in the U.S. and Europe. Increasingly elaborate DRM approaches could improve security at the expense of easy market deployment and adoption. Instead, DRM companies and content sellers may choose to protect their products only from dishonest uses by 'honest' people (i.e. average users). Unfortunately, if the DRM has any negative consequences for information access and use, then only honest people will suffer.
A more serious obstacle to deployment is consumer acceptance of the new DRM enabled business models. No one can accurately predict which systems and business models will find success, although investors have been willing to bet heavily on Intertrust and other DRM companies. While it is naïve to think that consumers can simply reject DRM and hope it goes away, many of the business models now in the experimental stage will fail. Consumer resistance will certainly derail some sales methods, while confusion over standards and market interoperability will delay deployment of others. While the digital future will certainly include some form of DRM technology, consumers and libraries still have choices about what they buy, and there is hope that the desire to maximize profits might actually limit the strings attached to new digital products.
Grant Painter completed a Master's degree in Communication, Culture and Technology at Georgetown University in 1999. His primary research interests are the social and economic dimensions of electronic commerce and related technologies. He has been tracking developments in digital rights management technology for more than a year.