This note provides an introduction to Digital Rights Management
It covers -
pages in this note examine issues for rights owners, custodians,
manufacturers and consumers. They highlight government, industry
and academic studies. They discuss particular technologies
in more detail and identify some major projects
DRM, sometimes characterised as Electronic Copyright Management
Systems (ECMS) or Technological Protection Measures (TPM),
are viewed by some as a means of enticing the information
genie back within the copyright
bottle, thereby preserving the publishing
industry and underpinning growth of the 'information economy'.
Others characterise them as assaults on fair use that are
doomed to failure because of technological inadequacies or
merely lack of support from hardware vendors.
DRM is a term that is often used loosely, whether because
of confusion, ignorance or in advocacy statements. In principle
it encompasses any scheme that is used to restrict or otherwise
manage electronic content. That content might be audio recordings,
video (broadcast, online, on disk), electronic books, digital
still images or volatile data such as financial and other
information that is updated in real time.
In essence DRM schemes embody two approaches for securing
- typically encrypting content so that it can only be accessed
by authorized users
- inclusion of a 'flag', watermark or tag to signal to a
device that the content/medium is 'copy protected'.
Restriction might be hardware- or software-based. It might
seek to inhibit any copying of a work (including copying permitted
under national fair dealing/fair use law). It might instead
seek to crimp any unauthorised copying and transmission of
a work, for example preventing transfer of a music recording
from one device to another. Some schemes allow a user to view
content but not to print it. Others seek to 'lock' the content
if it copied or even viewed more than a few times, an issue
of particular concern if the content resides on a device such
as an iPod with a short life.
Many DRM schemes are vendor/publisher specific. A consumer
might accordingly end up with several incompatible DRM implementations
on a single personal computer (some potentially conflicting
with each other) and find that particular content/devices
only accommodate some DRM tools.
The more ambitious DRM schemes move beyond basic restrictions
by seeking to associate a work with identifiers on a robust
basis and to use that information for the collection and distribution
of payments (eg from individual consumers and custodians such
as libraries to publishers and even individual authors/performers).
Such schemes feature protocols and databases that automate
existing licensing arrangements. Others - the holy grail of
digital copyright - would integrate online payment systems
with automated rights licensing and measures that both inhibit
misuse of content distributed online and underpin enforcement
action if misuse occurs.
problems and possible solutions
Many publications - including many films, multimedia works
and sound recordings - consist of bundles of intellectual
property, eg the various photographs and other illustrations
in a book or multimedia CD or the bundle of music score and
performance in a sound recording.
Identifying who owns each item, gaining permission for its
use and distributing fees or royalties is a daunting task.
The 'minimalist' ECMS do not attempt to provide technological
protection for content being accessed online or distributed
in media such as CD-ROMs. Instead, they are far less ambitious,
aiming to link existing databases maintained by rights management
bodies and to establish globally-accepted labels for identification
of each bundle and the components of which it's formed.
There is currently little uniformity between databases in
different countries and between industries. Getting the various
computers to talk to each other and encouraging the inclusion
of pertinent information - particularly as metadata - in digital
works (online, in CDs, in broadcasts) is proving to be a major
challenge for administrative as well as technological reasons.
The 'maximalist' ECMS projects, considered by Lessig and others
as probably a defining feature of the next generation of the
web, go well beyond those building blocks. They aim to permanently
identify digital publications (using steganography and other
tools noted in our Security
guide) and to 'wrap' them with encryption or other measures
to inhibit misuse such as unauthorised redistribution and
incorporation in other publications.
Some of the maximalist schemes would involve levels of restriction
(eg view and copy, view and partially copy, view but not copy),
with differential payments being made online in a secure environment.
Some envisage access on a micropayment basis.
Most would allow for seamless online licensing and rights
trading (based on the links set up by minimalist projects),
with royalties being automatically negotiated and distributed
and would be backed up by spiders and other 'smart' tools
for identifying unauthorised redistribution.
On a publication by publication basis administrative costs
would be dramatically lower than at present. ECMS advocates
claim there'd be greater transparency in what money's being
collected when from whom. Use of the publications would be
underpinned by contract law - emerging as an area of concern
within the US and Australia with debate about initiatives
such as UCITA - as well as intellectual property law.
Challenges to DRM begin with the terminology and extent
outwards. Stanford's Peggy Radin for example sniffed in 2006
wish people would drop the term "DRM". It was
coined by those who wish to claim as "rights"
some things which are not actually their rights, or are
at best contested. In other words, the "R" in
the term "DRM" begs an important legal question.
I wish people would instead use the term "TPM"
(Technological Protection Measures) because at least it
is neutral on whether or not those who deploy them have
a "right" to do what they're doing in locking
up information. And TPM happens to be the term used in the
WIPO treaties, too.
have complained that some protection measures are overly restrictive.
Others comment that particular schemes involve a form of spyware,
installed without the permission of the consumer, difficult
to remove and increasing security vulnerabilities.
Some have complained about the lack of interoperability. French
consumer association Union Federale des Consommateurs-Que
Choisir for example launched legal action against Apple and
Sony over their proprietary music formats, claiming that consumer
choice is being severely limited by DRM mechanisms (similar
to those used by Microsoft) that prevent music bought from
the Apple and Sony online music shops from being played on
other manufacturers' media players. It commented
total absence of interoperability between DRM removes not
only consumers' power to independently choose their purchase
and where they buy it from but also constitutes a significant
restraint on the free circulation of creative works
next page (issues)