Misplaced Pages

Digital rights management: Difference between revisions

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Browse history interactively← Previous editNext edit →Content deleted Content addedVisualWikitext
Revision as of 20:29, 21 July 2003 view sourceFrecklefoot (talk | contribs)Autopatrolled, Extended confirmed users, Pending changes reviewers45,336 editsmNo edit summary← Previous edit Revision as of 15:59, 24 July 2003 view source Ww (talk | contribs)9,812 editsmNo edit summaryNext edit →
Line 1: Line 1:
]] ]]


'''Digital rights management''' or '''digital restrictions management''', commonly abbreviated '''DRM''', is an umbrella term for any of several arrangements by which the usage of ]ed data by someone who has purchased a copy of it may be restricted by the copyright holder. The context is most commonly digital (ie, as in a computer or computerized device), hence the 'digital' in DRM. In contrast to existing legal restrictions which copyright status imposes on the owner of a copy of such data, DRM would allow additional restrictions to be imposed solely at the discretion of the copyright holder, through hardware and software code under the copyright holder's control. In the extreme, such control is proposed within other's computers and computerized devices. The Trusted Computing Platform Architecture scheme proposed by Intel and others is an example. So are several laws proposed or already enacted in various jurisidictions (State, Federal, non-US). Most would include in all computer systems obligatory mechanisms controlling use in ways deemed by copyright holders to be unacceptable. See Professor Edward Felten's freedom-to-tinker Web site for information and pointers. '''Digital rights management''' or '''digital restrictions management''', commonly abbreviated '''DRM''', is an umbrella term for any of several arrangements by which the usage of ]ed data by someone who has purchased a copy of it may be restricted by the copyright holder. Some would like to use DRM mechanisms to protect trade secret and proprietary information as well. The protected context is most commonly digital (ie, as in a computer or computerized device), hence the 'digital' in DRM; the reason is that the ] techniques used and proposed are not directly applicable to analog information.


In contrast to existing legal restrictions which copyrighted status imposes on the owner of a copy of any such data, most DRM schemes would allow additional restrictions to be imposed solely at the discretion of the copyright holder, through hardware and software code under the copyright holder's control. In the extreme, such control is proposed within other's computers and computerized devices. The Trusted Computing Platform Architecture scheme proposed by Intel and others is an example. So are several laws proposed or already enacted in various jurisidictions (State, Federal, non-US). Most would include in all computer systems obligatory mechanisms controlling use in ways deemed by copyright holders to be unacceptable. See Professor Edward Felten's freedom-to-tinker Web site for information and pointers.
An early example of a DRM system is the ] (CSS) employed by the ] on movie ] disks. The data on the DVD is ] so that it can only be decoded and viewed using an encryption key, which the DVD Consortium kept secret. In order to gain access to the key, a DVD player manufacturer would have to sign a licence agreement with the DVD Consortium which restricted them from including certain features in their players such as a digital output which could be used to extract a high-quality digital copy of the movie. Since the only hardware capable of decoding the movie was controlled by the DVD Consortium in this way, they were able to impose whatever restrictions they chose on the playback of such movies. See also ] for a more draconian and less commercially successful variation.

An early example of a DRM system is the ] (CSS) employed by the ] on movie ] disks. The data on the DVD is ] so that it can only be decoded and viewed using an encryption key, which the DVD Consortium kept secret. In order to gain access to the key, a DVD player manufacturer would have to sign a licence agreement with the DVD Consortium which restricted them from including certain features in their players such as a digital output which could be used to extract a high-quality digital copy of the movie. Since the only hardware capable of decoding the movie was controlled by the DVD Consortium in this way, they were able to impose whatever restrictions they chose on the playback of such movies. See also ] for a more draconian and less commercially successful variation which is no longer marketed. The name is also used, in ironic tribute to the defunct disk 'protection' scheme, for a video compression protocol, akin to MPEG-4.


The ] was passed in the ] in an effort to make the circumvention of such systems illegal. Despite this law, which has received substantial opposition on constitutional grounds, it is now relatively easy to find DVD players which bypass the limitations the DVD Consortium sought to impose. The cryptographic keys themselves have been discovered and widely disseminated (see ]). See Professor Edward Felton's freedom-to-tinker Web site (www.freedom-to-tinker.com) for some observations on the DCMA, its proposed successors, and their consequences, intended and unintended hilarious (www.freedom-to-tinker.com/archives/cat_fritxs_hit_list.html/). The ] was passed in the ] in an effort to make the circumvention of such systems illegal. Despite this law, which has received substantial opposition on constitutional grounds, it is now relatively easy to find DVD players which bypass the limitations the DVD Consortium sought to impose. The cryptographic keys themselves have been discovered and widely disseminated (see ]). See Professor Edward Felton's freedom-to-tinker Web site (www.freedom-to-tinker.com) for some observations on the DCMA, its proposed successors, and their consequences, intended and unintended hilarious (www.freedom-to-tinker.com/archives/cat_fritxs_hit_list.html/).
Line 9: Line 11:
New DRM initiatives have been proposed in recent years which could prove more difficult to circumvent, including copy-prevention codes embedded in broadcast ] signals and the ]. A wide variety of DRM systems have also been employed to restrict access to ]s. See the TCPA / Pallidium FAQ maintained by Professor Ross J Anderson on his Web site at www.cl.cam.ac.uk/~rja14/tcpa-faq.html/ for a clear discussion of two prominent proposals. New DRM initiatives have been proposed in recent years which could prove more difficult to circumvent, including copy-prevention codes embedded in broadcast ] signals and the ]. A wide variety of DRM systems have also been employed to restrict access to ]s. See the TCPA / Pallidium FAQ maintained by Professor Ross J Anderson on his Web site at www.cl.cam.ac.uk/~rja14/tcpa-faq.html/ for a clear discussion of two prominent proposals.


Opponents of DRM, as currently envisioned and implemented, note that by delegating access (or control of the ability to execute programs, or to execute protrams only with certain data) to third parties, there is a very considerable risk of problems. For instance, due to a bug (or misdesign, or misadministration of an otherwise 'reasonable' design) the protecting code (which implements the DRM scheme) may prevent a computer user from using his computer at all, or from using programs (or using data as an input to a program) when such use is actually completely legitimate and not a violation of any copyright holders' rights. Or, for another instance, a legitimately purchased copy of <a DVD containing a book or a movie, or a software program, or ...> might be blocked because it is being used on equipment which doesn't include the DRM function. Opponents of DRM, as currently envisioned and implemented, note that by delegating computer access (or control of the ability to execute some programs, or to execute programs only with certain data) to third parties, there is a very considerable risk of problems. For instance, due to a bug (or misdesign, or misadministration of an otherwise 'reasonable' design) the protecting code (which implements the DRM scheme) may prevent a computer user from using his computer at all, or from using programs (or using data as an input to a program) when such use is actually completely legitimate and not a violation of any copyright holders' rights. Or, for another instance, a legitimately purchased copy of <a DVD containing a book or a movie, or a software program, or ...> might be blocked because it is being used on equipment which doesn't include the DRM function. Security protocols, software implementing security protocols, and cryptography generally have proven very difficult to design without vulnerabiltiies due to bugs or design mistakes.
Some DRM advocates have suggested (and some legislation has actually been introduced) that copyright owners be given the ability to remotely delete information from others' computers that, in the view of the copyright holder's software, is not legitimately held. The prospect of a bug or maldesign in the software implementing any such scheme is more than a little disturbing to many. They point out that we have demonstrated (by frequent and long extant virus infestation, system software security error, and application software failure) that we don't currently know how to design software that does something specific. How much less likely are we likely to get right software which must do something quite dangerous (ie, file or program deletion, system interference) in only somewhat foreseeable circumstances. Pattern recognition software is not yet fully capable of even distinguishing the predictable (ie, has this <fingerprint, iris pattern, retinal pattern, face, ...) been seen before; it does not seem likely that it will be able to reliably distinguish between <this class of data> and not yet existing documents, parodies, samplings, and so on, especially when the legitimacy of possession or use depends entirely on extra computer facts such as purchaser, terms of purchase, details of license contracts applicable to this particular situation, and so on. Some DRM advocates have suggested (and some legislation has actually been introduced to authorize) that copyright owners be given the ability to remotely delete information from others' computers that, in the view of the copyright holder (or more accurately the copyright holder's software), is not legitimately held. The prospect of a bug or maldesign in the software implementing any such scheme is more than a little disturbing to many. They point out that we have demonstrated (by frequent and long extant virus infestation, system software security error, and application software failure) that we don't currently know how to design software that does something specific. How much less likely are we likely to get right software which must do something quite dangerous (ie, file or program deletion, system interference) in only somewhat foreseeable circumstances? Pattern recognition software is not yet fully capable of even distinguishing the predictable (ie, has this <fingerprint, iris pattern, retinal pattern, face, ...) been seen before; it does not seem likely that it will be able to reliably distinguish between <this class of data> and not yet existing documents, parodies, samplings, and so on, especially when the legitimacy of possession or use depends entirely on extra computer facts such as purchaser, terms of purchase, details of license contracts applicable to this particular situation, and so on.

DRM advocates have taken the position, in essence, that the situation is sufficiently well understood and software engineering is sufficiently well practiced that it is possible to achieve the desired ends without causing problems for users, their computers, or those who depend on either. DRM advocates have taken the position, in essence, that the design situation is sufficiently well understood and software engineering is sufficiently well practiced that it is possible to achieve the desired ends without causing problems for users, their computers, or those who depend on either.


Thus far, neither side has compelled the other to agree. Thus far, neither side has compelled the other to agree, though there has been much heat and little enlightenment. Legislation to impose, by force majure, a DRM 'solution' on all is under consideration in many jurisdictions. Some has already been enacted.


Examples of existing "digital rights management" and "copy protection" systems: Examples of existing "digital rights management" and "copy protection" systems:

Revision as of 15:59, 24 July 2003


Digital rights management or digital restrictions management, commonly abbreviated DRM, is an umbrella term for any of several arrangements by which the usage of copyrighted data by someone who has purchased a copy of it may be restricted by the copyright holder. Some would like to use DRM mechanisms to protect trade secret and proprietary information as well. The protected context is most commonly digital (ie, as in a computer or computerized device), hence the 'digital' in DRM; the reason is that the cryptography techniques used and proposed are not directly applicable to analog information.

In contrast to existing legal restrictions which copyrighted status imposes on the owner of a copy of any such data, most DRM schemes would allow additional restrictions to be imposed solely at the discretion of the copyright holder, through hardware and software code under the copyright holder's control. In the extreme, such control is proposed within other's computers and computerized devices. The Trusted Computing Platform Architecture scheme proposed by Intel and others is an example. So are several laws proposed or already enacted in various jurisidictions (State, Federal, non-US). Most would include in all computer systems obligatory mechanisms controlling use in ways deemed by copyright holders to be unacceptable. See Professor Edward Felten's freedom-to-tinker Web site for information and pointers.

An early example of a DRM system is the Content Scrambling System (CSS) employed by the DVD Consortium on movie DVD disks. The data on the DVD is encrypted so that it can only be decoded and viewed using an encryption key, which the DVD Consortium kept secret. In order to gain access to the key, a DVD player manufacturer would have to sign a licence agreement with the DVD Consortium which restricted them from including certain features in their players such as a digital output which could be used to extract a high-quality digital copy of the movie. Since the only hardware capable of decoding the movie was controlled by the DVD Consortium in this way, they were able to impose whatever restrictions they chose on the playback of such movies. See also DIVX for a more draconian and less commercially successful variation which is no longer marketed. The name is also used, in ironic tribute to the defunct disk 'protection' scheme, for a video compression protocol, akin to MPEG-4.

The Digital Millennium Copyright Act was passed in the United States in an effort to make the circumvention of such systems illegal. Despite this law, which has received substantial opposition on constitutional grounds, it is now relatively easy to find DVD players which bypass the limitations the DVD Consortium sought to impose. The cryptographic keys themselves have been discovered and widely disseminated (see DeCSS). See Professor Edward Felton's freedom-to-tinker Web site (www.freedom-to-tinker.com) for some observations on the DCMA, its proposed successors, and their consequences, intended and unintended hilarious (www.freedom-to-tinker.com/archives/cat_fritxs_hit_list.html/).

New DRM initiatives have been proposed in recent years which could prove more difficult to circumvent, including copy-prevention codes embedded in broadcast HDTV signals and the Palladium operating system. A wide variety of DRM systems have also been employed to restrict access to eBooks. See the TCPA / Pallidium FAQ maintained by Professor Ross J Anderson on his Web site at www.cl.cam.ac.uk/~rja14/tcpa-faq.html/ for a clear discussion of two prominent proposals.

Opponents of DRM, as currently envisioned and implemented, note that by delegating computer access (or control of the ability to execute some programs, or to execute programs only with certain data) to third parties, there is a very considerable risk of problems. For instance, due to a bug (or misdesign, or misadministration of an otherwise 'reasonable' design) the protecting code (which implements the DRM scheme) may prevent a computer user from using his computer at all, or from using programs (or using data as an input to a program) when such use is actually completely legitimate and not a violation of any copyright holders' rights. Or, for another instance, a legitimately purchased copy of <a DVD containing a book or a movie, or a software program, or ...> might be blocked because it is being used on equipment which doesn't include the DRM function. Security protocols, software implementing security protocols, and cryptography generally have proven very difficult to design without vulnerabiltiies due to bugs or design mistakes. Some DRM advocates have suggested (and some legislation has actually been introduced to authorize) that copyright owners be given the ability to remotely delete information from others' computers that, in the view of the copyright holder (or more accurately the copyright holder's software), is not legitimately held. The prospect of a bug or maldesign in the software implementing any such scheme is more than a little disturbing to many. They point out that we have demonstrated (by frequent and long extant virus infestation, system software security error, and application software failure) that we don't currently know how to design software that does something specific. How much less likely are we likely to get right software which must do something quite dangerous (ie, file or program deletion, system interference) in only somewhat foreseeable circumstances? Pattern recognition software is not yet fully capable of even distinguishing the predictable (ie, has this <fingerprint, iris pattern, retinal pattern, face, ...) been seen before; it does not seem likely that it will be able to reliably distinguish between <this class of data> and not yet existing documents, parodies, samplings, and so on, especially when the legitimacy of possession or use depends entirely on extra computer facts such as purchaser, terms of purchase, details of license contracts applicable to this particular situation, and so on.

DRM advocates have taken the position, in essence, that the design situation is sufficiently well understood and software engineering is sufficiently well practiced that it is possible to achieve the desired ends without causing problems for users, their computers, or those who depend on either.

Thus far, neither side has compelled the other to agree, though there has been much heat and little enlightenment. Legislation to impose, by force majure, a DRM 'solution' on all is under consideration in many jurisdictions. Some has already been enacted.

Examples of existing "digital rights management" and "copy protection" systems:

DRM and document restriction technology

Opponents of DRM have noted that the proposed use of some DRM schemes to restrict the ability to copy and distribute documents can be used by criminals as a means of preventing enforcement of laws against fraud and other wrongdoing. Since DRM is unlikely to be so used by individual criminals, only corporate skullduggery is likely to be concealed this way.

See also: copy protection