Digital rights management (DRM) is a generic term that refers to access control technologies used by hardware manufacturers, publishers, and copyright holders to limit usage of digital media or devices. The term is used to describe any technology which makes the unauthorized use of media or devices technically formidable and generally doesn't include other forms of copy protection which can be circumvented without modifying the media or device, such as serial numbers or keyfiles. It can also refer to restrictions associated with specific instances of digital works or devices.
The use of digital rights management is controversial. Advocates argue it is necessary for copyright holders to prevent unauthorized duplication of their work to ensure continued revenue streams. Some opponents, such as the Free Software Foundation, maintain that the use of the word "rights" is misleading and suggest that people instead use the term Digital Restrictions Management. Their position is essentially that copyright holders are attempting to restrict use of copyrighted material in ways not covered by existing laws. The Electronic Frontier Foundation, and other opponents, also consider DRM systems to be anti-competitive practices.
In practice, all widely-used DRM systems have been defeated or circumvented when deployed to enough customers. Restricting the copying of audio and visual material is especially difficult due to the existence of the analog hole, and there are even suggestions that effective DRM is logically impossible for this reason.
Digital rights management technologies attempt to control use of digital media by preventing access, copying or conversion to other formats by end users. Long before the arrival of digital or even electronic media, copyright holders, content producers, or other financially or artistically interested parties had business and legal objections to copying technologies. Examples include: player piano rolls early in the 20th century, audio tape recording, and video tape recording (e.g. the "Betamax case" in the U.S.). Copying technology thus exemplifies a disruptive technology.
The advent of digital media and analog/digital conversion technologies, especially those that are usable on mass-market general-purpose personal computers, have vastly increased the concerns of copyright-dependent organizations, especially within the music and movie industries. While analog media inevitably loses quality with each copy generation, and in some cases even during normal use, digital media files may be duplicated an unlimited number of times with no degradation in the quality of subsequent copies. The advent of personal computers as household appliances has made it convenient for consumers to convert media (which may or may not be copyrighted) originally in a physical/analog form or a broadcast form into a universal, digital form (this process is called ripping) for location- or timeshifting, combined with the Internet and popular file sharing tools, has made unauthorized distribution of copies of copyrighted digital media (so-called digital piracy) much easier. In effect, copyright-dependent organizations regard every consumer with an Internet connection as a potential node of a distribution network that could be used to distribute unauthorized copies of copyrighted works.
Although technical controls on the reproduction and use of software have been intermittently used since the 1970s, the term 'DRM' has come to primarily mean the use of these measures to control artistic or literary content. DRM technologies have enabled publishers to enforce access policies that not only disallow copyright infringements, but also prevent lawful fair use of copyrighted works, or even implement use constraints on non-copyrighted works that they distribute; examples include the placement of DRM on certain public-domain or open-licensed e-books, or DRM included in consumer electronic devices that time-shift (and apply DRM to) both copyrighted and non-copyrighted works.
While DRM is most commonly used by the entertainment industry (e.g. film and recording), it has found use in other situations as well. Many online music stores, such as Apple's iTunes Store, as well as certain e-book publishers, have imposed DRM on their customers. In recent years, a number of television producers have imposed DRM mandates on consumer electronic devices, to control access to the freely-broadcast content of their shows, in connection with the popularity of time-shifting digital video recorder systems such as TiVo.
An early example of a DRM system was the Content Scrambling System (CSS) employed by the DVD Forum on film DVDs since ca. 1996. CSS used a simple encryption algorithm, and required device manufacturers to sign license agreements that restricted the inclusion of features, such as digital outputs that could be used to extract high-quality digital copies of the film, in their players. Thus, the only consumer hardware capable of decoding DVD films was controlled, albeit indirectly, by the DVD Forum, restricting the use of DVD media on other systems until the release of DeCSS by Jon Lech Johansen in 1999, which allowed a CSS-encrypted DVD to play properly on a computer using Linux, for which the Alliance had not arranged a licensed version of the CSS playing software.
Microsoft's Windows Vista contains a DRM system called the Protected Media Path, which contains the Protected Video Path (PVP). PVP tries to stop DRM-restricted content from playing while unsigned software is running in order to prevent the unsigned software from accessing the content. Additionally, PVP can encrypt information during transmission to the monitor or the graphics card, which makes it more difficult to make unauthorized recordings.
Advanced Access Content System (AACS) is a DRM system for HD DVD and Blu-Ray Discs developed by the AACS Licensing Administrator, LLC (AACS LA), a consortium that includes Disney, Intel, Microsoft, Matsushita (Panasonic), Warner Brothers, IBM, Toshiba and Sony. In December 2006 a process key was published on the internet by hackers, enabling unrestricted access to AACS-restricted HD DVD content. After the cracked keys were revoked, further cracked keys were released.
The broadcast flag concept was developed by Fox Broadcasting in 2001 and was supported by the MPAA and the FCC. A ruling in May 2005 by a US Court of Appeals held that the FCC lacked authority to impose it on the TV industry in the US. It required that all HDTVs obey a stream specification determining whether or not a stream can be recorded. This could block instances of fair use, such as time-shifting. It achieved more success elsewhere when it was adopted by the Digital Video Broadcasting Project (DVB), a consortium of about 250 broadcasters, manufactures, network operators, software developers, and regulatory bodies from about 35 countries involved in attempting to develop new digital TV standards.
An updated variant of the broadcast flag has been developed in the Content Protection and Copy Management (DVB-CPCM). It was developed in private, and the technical specification was submitted to European governments in March 2007. As with much DRM, the CPCM system is intended to control use of copyrighted material by the end-user, at the direction of the copyright holder. According to Ren Bucholz of the EFF, which paid to be a member of the consortium, "You won't even know ahead of time whether and how you will be able to record and make use of particular programs or devices". The DVB supports the system as it will harmonize copyright holders' control across different technologies and so make things easier for end users. The CPCM system is expected to be submitted to the European Telecommunications Standards Institute in 2008.
Discs with digital rights management schemes are not legitimately standards-compliant Compact Discs (CDs) but are rather CD-ROM media. Therefore they all lack the CD logotype found on discs which follow the standard (known as Red Book). Therefore these CDs could not be played on all CD players. Many consumers could also no longer play purchased CDs on their computers. PCs running Microsoft Windows would sometimes even crash when attempting to play the CDs.
In 2002, Bertelsmann (comprising BMG, Arista, and RCA) was the first corporation to use DRM on audio CDs. In 2005, Sony BMG introduced new DRM technology which installed DRM software on users' computers without clearly notifying the user or requiring confirmation. Among other things, the installed software included a rootkit, which created a severe security vulnerability others could exploit. When the nature of the DRM involved was made public much later, Sony initially minimized the significance of the vulnerabilities its software had created, but was eventually compelled to recall millions of CDs, and released several attempts to patch the surreptitiously included software to at least remove the rootkit. Several class action lawsuits were filed, which were ultimately settled by agreements to provide affected consumers with a cash payout or album downloads free of DRM.
Sony's DRM software actually had only a limited ability to prevent copying, as it affected only playback on Windows computers, not on other equipment. Even on the Windows platform, users regularly bypassed the restrictions. And, while the Sony DRM technology created fundamental vulnerabilities in customers' computers, parts of it could be trivially bypassed by holding down the "shift" key while inserting the CD, or by disabling the autorun feature. In addition, audio tracks could simply be played and re-recorded, thus completely bypassing all of the DRM (this is known as the analog hole). Sony's first two attempts at releasing a patch which would remove the DRM software from users' computers failed.
In January 2007, EMI stopped publishing audio CDs with DRM, stating that "the costs of DRM do not measure up to the results." EMI was the last publisher to do so, and audio CDs containing DRM are no longer released by any major record labels.
Many online music stores employ DRM to restrict usage of music purchased and downloaded online. There are many options for consumers buying digital music over the internet, in terms of both stores and purchase options.
The various services are currently not interoperable, though those that use the same DRM system (for instance the several Windows Media DRM format stores, including Napster and Yahoo Music) all provide songs that can be played side-by-side through the same player program. Almost all stores require client software of some sort to be downloaded, and some also need plug-ins. Several colleges and universities, such as Rensselaer Polytechnic Institute, have made arrangements with assorted Internet music suppliers to provide access (typically DRM-restricted) to music files for their students, to less than universal popularity, sometimes making payments from student activity fee funds. One of the problems is that the music becomes unplayable after leaving school unless the student continues to pay individually. Another is that few of these vendors are compatible with the most common portable music player, the Apple iPod. The Gowers Review of Intellectual Property (to HMG in the UK; 141 pages, 40+ specific recommendations) has taken note of the incompatibilities, and suggests (Recommendations 8 -- 12) that there be explicit fair dealing exceptions to copyright allowing libraries to copy and format-shift between DRM schemes, and further allowing end users to do the same privately. If adopted, some of the acrimony may decrease.
Although DRM is prevalent for Internet music, some Online music stores such as eMusic, Dogmazic, Amazon, and Beatport, do not use DRM despite encouraging users to avoid sharing music. Another online retailer, Xiie.net, which sells only unsigned artists, encourages people to share the music they buy from the site, to increase exposure for the artists themselves. Major labels have begun releasing more online music without DRM. Eric Bangeman suggests in Ars Technica that this is because the record labels are "slowly beginning to realize that they can't have DRMed music and complete control over the online music market at the same time... One way to break the cycle is to sell music that is playable on any digital audio player. eMusic does exactly that, and their surprisingly extensive catalog of non-DRMed music has vaulted it into the number two online music store position behind the iTunes Store." Apple's Steve Jobs has called on the music industry to eliminate DRM in an open letter titled Thoughts on Music. Apple's iTunes store will start to sell DRM-free 256 kbit/s (up from 128 kbit/s) AAC encoded music from EMI for a premium price (this has since reverted to the standard price). In March 2007, Musicload.de, one of Europe's largest online music retailers, announced their position strongly against DRM. In an open letter, Musicload stated that three out of every four calls to their customer support phone service are as a result of consumer frustration with DRM.
Computer games sometimes use DRM technologies to limit the number of systems the game can be installed on. Most games with this restriction allow three or five installs. This limits users who have more than three or five computers in their homes (Seeing as the rights of the software developers allow them to limit the number of installations). These technologies tend to benefit publishers from blocking sales in the second hand market more than stopping piracy. In 2008 the DRM scheme backfired and a large number of users decided not to pay for the game, seeking a pirated version instead. The most prominent cases involved the DRM topology SecuROM include Spore, BioShock and Mass Effect. The backlash against SecuROM was a significant factor in Spore becoming the most pirated game in 2008.
Electronic books read on a personal computer or an e-book reader typically use DRM restrictions to limit copying, printing, and sharing of e-books. E-books are usually limited to a certain number of reading devices and some e-publishers prevent any copying or printing. Some commentators believe that DRM is a reason why the E-book has been a marketing failure.
Two of the most commonly used software programs to view e-books are Adobe Acrobat and Microsoft Reader. Each program uses a slightly different approach to content protection. The first version of Adobe Acrobat e-book Reader to have encryption technologies was version 5.05. In the later version 6.0, the technologies of the PDF reader and the e-book reader were combined, allowing it to read both DRM-restricted and unrestricted files. After opening the file, the user is able to view the rights statement, which outlines actions available for the specific document. For example, for a freely transferred PDF, printing, copying to the clipboard, and other basic functions are available to the user. However, when viewing a more highly restricted e-book, the user is unable to print the book, copy or paste selections. The level of restriction is specified by the publisher or distribution agency.
Microsoft Reader, which exclusively reads e-books in a .lit format, contains its own DRM software. In Microsoft Reader there are three different levels of access control depending on the e-book: sealed e-books, inscribed e-books and owner exclusive e-books. Sealed e-books have the least amount of restriction and only prevents the document from being modified. Therefore, the reader cannot alter the content of the book to change the ending, for instance. Inscribed e-books are the next level of restriction. After purchasing and downloading the e-book, Microsoft Reader puts a digital ID tag to identify the owner of the e-book. Therefore, this discourages distribution of the e-book because it is inscribed with the owner’s name making it possible to trace it back to the original copy that was distributed. Other e-book software uses similar DRM schemes. For example, Palm Digital Media, now known as Ereader, links the credit card information of the purchaser to the e-book copy in order to discourage distribution of the books.
The most stringent form of security that Microsoft Reader offers is called owner exclusive e-books, which uses traditional DRM technologies. To buy the e-book the consumer must first open Microsoft Reader, which ensures that when the book is downloaded it becomes linked to the computer’s Microsoft Passport account. Thus the e-book can only be opened with the computer with which it was downloaded, preventing copying and distribution of the text.
Enterprise digital rights management (E-DRM or ERM) is the application of DRM technology to the control of access to corporate documents such as Microsoft Word, PDF, and AutoCAD files, emails, and intranet web pages rather than to the control of consumer media. E-DRM, now more commonly referenced as IRM (Information Rights Management), is generally intended to prevent the unauthorized use (such as industrial or corporate espionage or inadvertent release) of proprietary documents. IRM typically integrates with content management system software.
DRM has been used by organizations such as the British Library in its secure electronic delivery service to permit worldwide access to substantial numbers of rare (and in many cases unique) documents which, for legal reasons, were previously only available to authorized individuals actually visiting the Library's document centre at Boston Spa in England.
Digital watermarks are unobtrusive features of media that are added during production or distribution. Digital watermarks involve data that is arguably steganographically embedded within the audio or video data.
Watermarks can be used for different purposes that may include:
Watermarks are not complete DRM mechanisms in their own right, but are used as part of a system for Digital Rights Management, such as helping provide prosecution evidence for purely legal avenues of rights management, rather than direct technological restriction. Some programs used to edit video and/or audio may distort, delete, or otherwise interfere with watermarks. Signal/modulator-carrier chromatography may also separate watermarks from original audio or detect them as glitches. Use of third party media players and other advanced programs render watermarking useless. Additionally, comparison of two separately obtained copies of audio using simple, home-grown algorithms can often reveal watermarks. New methods of detection are currently under investigation by both industry and non-industry researchers.
Sometimes, metadata is included in purchased music which records information such as the purchaser's name, account information, or email address. This information is not embedded in the played audio or video data, like a watermark, but is kept separate, but within the file or stream.
As an example, metadata is used in media purchased from Apple's iTunes Store for DRM-free as well as DRM-restricted versions of their music or videos. This information is included as MPEG standard metadata.