Editors Note: Mark Stamp has spent well over a decade working in computer security. He can neither confirm nor deny that for seven years he was a cryptanalyst at the National Security Agency. However, he can confirm that he recently spent two years designing and developing a DRM product at MediaSnap, Inc., a small Silicon Valley startup company. Currently, Dr. Stamp is enjoying life as a college professor and occasional security consultant. His current research interests are security, networks, algorithms and DRM.
Digital rights management, or DRM, is an attempt to maintain “remote control” over digital content. For example, Stephen King might like to sell a new book online (though this is doubtful given his previous online publishing experience). But he might only make one sale, since any purchaser can, with the click of a button, redistribute a perfect digital copy to a large percentage of the population of the earth. To prevent this, Mr. King might like to retain some control–remote control–over what a purchaser can do with his digital book after purchasing it.
Standard cryptographic techniques enable secure delivery of the bits, but provide no restriction on their use after delivery. The additional DRM requirements beyond secure delivery are collectively known as “persistent protection”, that is, protection that stays with the digital content wherever it goes. In contrast to cryptography, the primary purpose of persistent protection is to protect the content from the intended recipient.
What can it do for (or to) me?
If the remote control/persistent protection problem can be solved effectively, the implications are enormous. Of course, copyright holders would be ecstatic since they might be able to stem the tide of online piracy—see RIAA or MPAA for the Hollywood viewpoint. However, its difficult to conceive of any computerized system that could distinguish “fair use” from “security hole” and consequently, many fear that DRM could tilt the scales in favor of copyright holders at the expense of consumers.
There are, however, other less-well-known applications of DRM technology. For example, armed with strong DRM, I could put my personal information online and yet retain my privacy by limiting who can access the information and, more to the DRM point, by restricting what people can do with my information after accessing it.
A privacy example of considerable current interest is medical records. This highly-sensitive information is rapidly moving online in order to satisfy the need for quick and reliable access. It is clearly necessary to protect such information from intentional or accidental disclosure. In fact, the legal penalties for unauthorized disclosure (see HIPPA) are draconian, which has led to much DRM interest in certain corporate circles.
DRM is, therefore, (at least) a two-headed beast. On the one head, the technology can be privacy-enhancing, while on the other it can be copyright-enforcing.
Technical State of the
Art of DRM”>
Unfortunately—or fortunately, depending on your perspective—the level of persistent protection provided by most DRM systems appears to lie somewhere between incredibly weak and really pathetic. DRM offerings from such high-tech luminaries as Microsoft (MS-DRM) and Adobe (eBooks) easily fell to attackers. In fact, there is a widely held belief that robust DRM can not be achieved via any software product. Ironically, this belief may have become a self-fulfilling prophecy.
Based on the available evidence (i.e., broken DRM systems), the persistent protection methods employed to date have been extremely lame. Its difficult to know exactly what protection mechanisms are being employed by most unbroken DRM products, since companies are extremely tight-lipped when it comes to technical details. This secrecy is itself disturbing since one of the fundamental principles of security engineering (Kerckhoffs Principle) states that a system must be open to public scrutiny before it can be trusted. This basic principle is grossly violated by virtually all DRM purveyors today. As far as I am aware, MediaSnap, Inc., is the only DRM company that provides a reasonable technical overview of the security features in their product.
This dearth of technical information should be viewed with considerable suspicion. The likely explanation is that DRM products rely on “security by obscurity“, which, in the eyes of most security experts, is equated with “no security at all.”
Today, I would not entrust my valuable digital content (if I had any) to any well-known DRM product. Content providers obviously feel the same way, otherwise there would be far more non-pirated digital content available online. However, the current state of the DRM art is capable of providing useful protection in certain circumstances. One such example is proprietary corporate documents. In this scenario, a moderate level of persistent protection suffices since there are severe legal consequences for violators. But even here I see no reason to use a weak DRM system when it is possible to build a more robust—though not unbreakable—software-based system.
The hardware solution
The wildcard in the DRM game is the Trusted Computing Group (formerly, the Trusted Computing Platform Alliance, or TCPA), which includes the likes of Intel and Microsoft, and aims to build DRM protection into future generations of hardware. Though not unbreakable, a DRM approach based on tamper-resistant hardware is likely to offer a level of protection far beyond anything possible from software-only systems. Of course, this is appealing to copyright holders in about the same measure that it is unpalatable to those with a passion for fair use (or free use). To learn more about the potential consequences of this approach, see Ross Andersons excellent TCPA/Palladium FAQ.
In any event, the Trusted Computing Group solution is not an option today. And even if comes to fruition, its not clear that consumers will accept it—recall the Pentium III serial number. But the progress of hardware-based DRM bears watching.
The Titanic principle
In 1912, a first-class one-way (part-way, as it turned out) passage on the Titanic cost the modern equivalent of more than $50,000. While it lasts, a round-trip flight across the Atlantic on the Concorde costs less that $6,000 and cheaper first-class rates are available on less prestigious aircraft. Whereas a flight across the Atlantic takes a few hours, the Titanic would have taken about a week. If the Titanic were around today, it would obviously need to set its first-class charge to a small fraction of its 1912 rate in order to compete.
Today, record companies expect consumers to pay $14.95 for a CD that can be had for free online. The online version is of high quality and often more convenient to obtain—particularly for less popular items. Is it reasonable for record companies to demand Titanic rates for music in a technological era that includes the internet, peer-to-peer (P2P) networks and broadband? The record labels (and their lawyers) seem to think so.
If the Titanic were around today and charged $50,000 for a ticket, I doubt that many people would mourn its inevitable financial demise. Of course, if the Titanic were to drastically cut its rates and offer something that the airlines could not (a relaxing week at sea, say), it might survive, or even thrive.
Business Model Matters
The record companies lack strong, watertight DRM. But its not even clear that such DRM would help all that much. No matter how good the DRM technology, The Beatles The White Album will never be DRM-ized—the bits have escaped into the wild, never to be domesticated again.
One potential solution to this dilemma can be summed up as “if you cant beat em, join em.” This concept has been championed by, for example, Exploit Systems. Exploit Systems does not try to eliminate P2P file sharing. Instead, they attempt to gently coerce users to pay a small fee in order to receive a legal version of the content. The legal content is distributed over the same P2P network that distributes the pirated content. In return for paying protection money, a user has fewer hassles to deal with and also obtains extras that are not (yet) available with the free download. However, the freebies still exist, and a user with sufficient tolerance for hassles can obtain his music for free.
Even a relatively weak form of DRM will suffice in the Exploit Systems model. The content obviously must be priced so that a significant fraction of users will deem it worthwhile to pay, even though free copies are available. Its doubtful that this business model supports $14.95 CDs. But assuming the price is right, the DRM system only needs to be more of a hassle to break than the hassle required to find the content for free. This level of DRM protection is clearly possible today.
To date, the record companies dont see things this way. Apparently, they would rather dig in their heels and hope that they can bludgeon the world into accepting strong hardware-based DRM. Via this technical fix, they might hope to effectively roll back the clock to a pre-P2P era. Personally, Ill believe this is possible when I see the Titanic steaming across the Atlantic carrying passengers willing to pay $50,000 for a ticket.