Digital Rights Management

November 1, 2000

It was only two years ago that I was told that publishing valuable digital content on the Internet would not take off for 10 years. Today it is happening all of the time with MP3 music files being swapped by our children and market research reports openly passed between business colleagues. The problem is that the intellectual property owners lose control of distribution through publishing content on the Internet and then, more often than not, do not get paid for use of a large percentage of their content. The reason is simple – conventional Internet technologies do not have any facilities for enforcing copyright. We can now look back with a sense of irony at straplines from major technology companies saying ‘Information at your finger tips’, ‘Information where and how you need it’. The irony today is that this is exactly what we have now, however what business really needs is a sure way of only giving us the information to which we have a right.

Digital Rights Management is an emergent technology category for products and services that allow digital content to be published on the Internet whilst allowing publishers to maintain their copyright. These technologies predicate a market for digital content on the Internet estimated at $270Bn by 2003. In short this is the next wave of e-commerce. Today large numbers of consumers are coming to terms with purchasing physical goods via catalogue Web sites, ‘The .com revolution’. However, the real revolution for many companies will come when they are not only able to sell a product online but also deliver it online. Digital Rights Management is not about sealing up content on Web sites to which we have free access today, it is about enabling new products and services that can now be delivered online.

The commercial drivers for some form of DRM technology are clear. Technology that maintains copyright control of content has been available for some time. It is matching this technology to business drivers and at the same time maintaining an acceptable consumer experience which defines the frontier. DRM is one of those building block technologies that promise access to new business horizons.

The successful business models of the future will be built on the foundations of the DRM system that is used to implement them. Characteristics of DRM solutions include media types supported and commercial models enabled as well as transactional and account relationships on which the technology is dependent. It is therefore important to have a basic understanding of how DRM technology works and some of the different approaches to its implementation. Without this insight your client could easily end up augmenting the ranks of failed Internet enterprises.

Basic DRM

All DRM technology is based on cryptography techniques. It is impossible to prevent content files being copied from one computer to another. The alternative is to make the files unreadable on anything other than a nominated machine so that, if they are copied, the contents are of no value to the recipient. To do this digital content files are encrypted, scrambling the contents and making them unrecognisable. To access the original contents of the file you need a ‘key’ – a magic number which is used to reconstitute the original document. Conventional DRM technology adds a machine identity to the key, the software used to reconstitute the scrambled file will only do so if the machine identity on which it is running matches the identity provided with the key. Therefore, when you buy or are granted permission to access some digital content, the deliverable is a key, along with the identity of the machine on which you have bought the content. Once you have bought the content your key is stored on your machine along with your content so you can access it whenever you wish. If you copy the key and the content to another machine, the identity of the second machine no longer matches the key and the decryption software will not be able to decrypt the content. Whilst this ignores the possibilities the Internet introduces and is very much a simplified view, it should highlight most of the contentious problems for publishers today.

Some cryptography software needs to run on a consumer’s computer to decrypt the content and manage the machine identities. Regardless of the choice of technology, before a consumer can access copyrighted content they will need to install a DRM client. This means that they must not only be willing to pay for the content, they must want it enough to install some software on their machine. Some DRM technologies have tried to circumvent this with a ‘clientless’ solution. In reality this means that there is a client with every copy of the content making Internet downloads impossibly slow for even a short document. Alternatively the client is based on Java which has some fundamental limitations preventing it from rendering any content securely. A concern is often raised that some consumers will not want to install any software on their machine. This is true in some circumstances, but there is plenty of evidence – like the Acrobat plugin and MultiMedia CDs – that points to a majority of consumers who will do what they have to if they want the content. If this proportion of your customers looks large enough to justify the effort of putting your content on the Internet then it has to be good business. In the end you can be sure that this percentage is only going to increase over time.

Problems and Solutions

The first problem is that PCs do not have identities. Hard disks, processors and network cards have identities but computers as a whole do not. If you pick any one of these components to identify a machine and that component fails or is changed then the content will stop working. With the increased use of PCMCIA and regular upgrades of machines this could actually be quite a frequent event. As a result, if your customer loses their content and is unhappy, they will telephone you, their friends and colleagues and convey their discontent resulting in an administrative overhead and lost business.

One entertaining approach to this problem that thankfully seems to be receiving the lack of attention it deserves is to plug a special piece of hardware into your computer called a ‘dongle’ to give it an identity. With this approach you can get the product immediately over the Internet but the technology to access it has to be sent by snail mail!

Assuming the machine identity issue can be overcome (which to some limited extent it can), the next ‘gotcha’ is that people buy content not computers. Many people have more than one machine and move from place to place to access content. When you buy a book you don’t buy it only for reading in your kitchen and then buy another copy to read the last chapter at work during your lunch hour! When you change jobs and want to hand over documents to your successor, you expect to be able to hand over the relevant documents to them without having to get them re-delivered from the originator. All this highlights the requirement to be able to assign rights from person to person and from machine to machine. Interestingly the ‘first sight’ empowerment of publishers to use the Internet with a basic DRM as described above is probably a false horizon. Consumers are unlikely to accept the usability limitations implied by a simple DRM and still pay cover price for the content. Conversely, whilst publishers might be willing to provide a discount for online subscribers, the percentage implied by the usability limitations above is likely to be unpalatable.

For mainstream applications, consumers will demand at least equivalent functionality to the conventional world. This requires a whole level of technology over and above that of purely locking content to machines. Luckily the Internet is now at hand to help. Without the Internet it is essential a machine ‘knows’ who can and cannot access content. With new technology and connectivity to the Internet, the Net can now act as a central repository for rights. The Internet can be used to check-out and check-in rights on demand. With this approach it is possible to access content on a new machine simply by connecting to the Internet and transparently downloading any rights not currently checked out to another machine you might have been using in the past.

Content can still be accessed offline but being online allows rights to be assigned and transferred. Interestingly, it is not being able to pay for content and download it over the Net that will facilitate this next e-commerce wave, it is the ability for the Internet to ‘know’ what you can and cannot do with content that should drive more general acceptance through usability.

Independent Offspring

Described above is the logical conception of a Net-based DRM. But, as with any birth, the offspring starts to develop a life of its own. Access to content is no longer being granted at the time someone purchases it but at the time they want to view or play it – the point of consumption. We have also separated the rights from the content itself.

These are building block concepts that enable support for subscription access to content, time-limited previews, single purchase access to rich media, pay-per-view, promotional incentives based around readership patterns and referral of new customers. This is but the introduction to a much larger subject, exploring some of these possibilities in real-world business applications.

DRM is good news. Intellectual property owners will now prosper through publishing on the Internet in the knowledge that both their interests and their consumers’ interests can be maintained.

Peter Kumik is the Managing Director EMEA and co-founder of SealedMedia ( He can be contacted on 01494 687200.