Why DRM isn’t used (much)

1. The market has not reached critical mass. According to IDC, the worldwide market in 2000 was worth just $96 million and many vendors have left the sector or disappeared entirely as the promised fast growth has failed to materialise.
2. DRM is poorly understood. “There is widespread confusion regarding what benefits DRM provides and how these differ from web content management,” says Giga Information Group analyst Robert Markham.
3. DRM has poor visibility beyond corporate creative and marketing departments. This makes it difficult for vendors to persuade board-level executives to buy into DRM.
4. DRM risks being subsumed into the PC architecture (with initiatives such as Microsoft’s Palladium) and into enterprise content management software.

Search and destroy

Most DRM products aim to control authorised use, or prevent unauthorised use. But what about detecting unauthorised use in the first place? Several products have been developed to deal with this.

Some, such as Authentica, are able to search for hidden tags or ‘watermarks’ that have been buried deep in pictures, sound, video or text, using algorithms that spread the coded tags across the file. But these don’t always work well, especially if the file is converted into a non-digital form and back again. Other products, such as the pattern searching software from UK software company Envisional, are able to search the web for copied files, and compare them with the originals in order to identify copyright infringements.

Key DRM trends

Giga analyst Robert Markham expects to see a number of key trends in the DRM market:

• Increased integration of DRM functions into office application suites.
• Technology will enable more fine-grained control.
• Content management software vendors will increasingly integrate DRM functions into their core software products.

How it works: the pillars of DRM

“DRM is all about persistence, protection, control and tracking of digital information,” says Martin Lambert, founder and chief technology officer of SealedMedia.

Protection means that the content creator can control who has access. Control means that the owner/manager can decide what an end-user can do with a document or file – such as preventing copying. Tracking means that the owner/manager can keep track of the document and revoke access centrally, if necessary.

“But the thing that sets DRM apart is the persistence, which means that the protection, control and tracking stays with the document, even after it has been downloaded and viewed,” says Martin Lambert.

Initially, the media is encrypted on the server and on a user’s PC (or another device) when downloaded. Ideally, decryption keys will be kept separate, as will the access rights, which dictate who is allowed to read the file or document and for how long they can have access to it.

By separating decryption keys and access rights, an organisation has much closer control of the DRM-protected media. But the user needs to be online every time they wish to use the file, or, alternatively, have it cached by the DRM system for a certain period of time.

The creation of the Extensible rights Mark-up Language (XrML) might help to speed up the development and adoption of solutions. This XML dialect, which has been approved by the Organiz-ation for the Advancement of Structured Information Standards (OASIS), is intended to provide a standard means of expressing rights and conditions for the use of digital content.

Throw away the key

Dmitry Sklyarov, a developer at Russian cryptography software company ElcomSoft, is famed for being prosecuted in the US for exposing the flaws in a number of DRM products. In 2001 he unveiled that Adobe system for protecting access to eBooks stored the password in plain text within the software. This meant that anyone could load the code into Microsoft Notepad or a similar text tool, read the password and modify and redistribute the content accordingly. His defence: public interest. A jury cleared Sklyarov in December 2002.

The Redmond Palladium

Palladium is Microsoft’s proposed implementation of the Trusted Computing Platform Architecture (TCPA), an industry-wide standards initiative set up to develop a secure PC architecture. Using Palladium, applications and other digital media can be run within specially created partitions on the hard drive. In these partitions, data is encrypted for protection and access can be strictly controlled. But many people are wary.

“There’s nothing in Palladium that prevents someone else from setting up a partition on your computer and putting stuff there that you can’t get at,” says security consultant Bruce Schneier. Furthermore, the technology could add significantly to the price of a new PC when it ships in 2004.

Key players

SealedMedia
The key differentiator of SealedMedia, says chief technology officer and co-founder Martin Lambert, is that its technology separates the content from the decryption keys and access rights. These are held on a central server. This makes it easier for an organisation to revoke access rights if, for example, an employee leaves the company.

Authentica
Authentica’s flagship product, PageRecall, enables organisations to insert a user-definable ‘watermark’ into Adobe Acrobat files so that a document can be appropriately branded and copying more easily detected. Users include US President Bush, claims the company.

Microsoft
The Microsoft Windows Media digital rights management platform was first released in August 1999. It is intended to secure digital content such as music and video produced for Microsoft’s own MediaPlayer streaming media platform. Microsoft is also working on a broader DRM technology called Palladium (see box above).

Adobe
Adobe’s DRM technology is based on its Acrobat file creation and dissemination application. The strength of this is that Adobe’s Acrobat Reader client software is widely deployed so users do not need to download any additional modules. However, critics say Acrobat’s security is weak.

InterTrust
Recently acquired by a consortium led by electronics giants Philips and Sony for $453 million in cash, InterTrust’s technology is targeted squarely at the media industries. Its flagship product, RightsSystem, separates the content, which is encrypted, from ‘rights packages’ that dictate how the content can be used. Partners include media group BMG, Universal Music and Samsung.

ContentGuard
ContentGuard is a spin-off from Xerox’s Palo Alto Research Center (PARC) and is supported by Microsoft. It develops and licenses a range of DRM technologies and, in particular, was behind the development of the Extensible rights Mark-up Language (XrML). Its licensees include Sony.