| Introduction | | | | system is not in control (which is almost all the time |
| Most people have heard of software licensing and pay | | | | with the Internet) is encryption. If you don't encrypt |
| per view television, but possibly not connected it with a | | | | (make secret) the thing you are trying to protect then |
| development in technology called Digital Rights | | | | your (lack of) protection mechanism will soon be |
| Management (DRM). To understand what DRM is | | | | detected and either all the works you were trying to |
| trying to achieve you first of all need to understand | | | | protect will suddenly become freely available on the |
| intellectual property. | | | | web (as happens more often than you might think) or |
| Intellectual property | | | | they will be shared amongst private groups of users |
| To understand digital rights you need to remember that | | | | freely. |
| books, plays, pictures, films and so on (including this | | | | Now encryption requires a number of disciplines if it is |
| paper) are subject to copyright or intellectual property | | | | going to be successful. It also imposes quite an |
| rights. By international agreements such as the Berne | | | | overhead on a system. For instance, whilst the user |
| Convention countries recognize these rights and | | | | would not worry about the time it takes to decrypt a |
| provide a framework that allows copyright holders to | | | | file (say a document, spreadsheet, .pdf file) because |
| have uniform rights in different countries and to be able | | | | the amount of information is in reality quite small, but if |
| to enforce them. Whenever you buy a book, hear a | | | | they are waiting for the decryption of streaming video |
| modern recording played on television or see a film a | | | | or voice the heavy encryption currently used can harm |
| payment is being made to the copyright holders of the | | | | performance. Certainly the average DVD would not |
| work. | | | | perform well using a PC to decrypt all its information |
| You will find significantly more detail on intellectual | | | | using, say triple DES. |
| property rights (IPR) on the web site The site provides | | | | Encryption also requires the control of cryptographic |
| a comprehensive information resource about the work | | | | keys. Some people who have installed or re-installed |
| of the World Intellectual Property Organization (WIPO). | | | | Microsoft Windows will have typed in a long series of |
| Now intellectual property rights were important in the | | | | letters and numbers (a.k.a. a cryptographic key). But |
| book and film trades, but television, DVD, computer | | | | DRM system often require you to be in contact with a |
| software and computer games have had such a | | | | server that is monitoring user requests and comparing |
| significant effect on world trade that the World Trade | | | | them with dynamically imposed controls (such as |
| Organization (WTO) has a special section of its | | | | continuing to subscribe to a service). |
| activities devoted to dealing with intellectual property | | | | Cryptography allows strong controls, but it also |
| rights called Trade-Related aspects of Intellectual | | | | imposes overheads and technical difficulties. |
| Property Rights (TRIPS) and more information on the | | | | The early DRM systems failed simply because they |
| world negotiations are at | | | | were too expensive for the amount of money they |
| You can gather from this that several industries | | | | could reasonably collect. This idea of cost may sound |
| consider intellectual property to a very big deal indeed. | | | | rather strange, but the cost of mounting the servers, |
| Demand for Digital Rights Management (DRM) | | | | the processing overhead and the amount of |
| So now when we talk about digital rights management | | | | connectivity required to operate those systems was |
| we are talking about works of intellectual property that | | | | simply too much compared to the amount of money |
| are processed by digital computers (or even analogue | | | | they could realistically collect. |
| ones). | | | | Can you make it work? |
| There are many many industries producing copyright | | | | Cryptography can work effectively in a number of |
| works that are held on and processed by computers. | | | | situations. But at the moment, micro-payments simply |
| That includes anything processing cassette tapes, | | | | isn't one of them. Using cryptography to control the |
| VCR, CD-ROM, DVD, flash cards and so on. There | | | | actions of a user who has paid a substantial amount |
| are even laws that create rights in databases as | | | | of money for the product will work where |
| collections of information. | | | | micro-payments will not. |
| The copyright holders (owners) found that the original | | | | Cryptography will let you control a number of events. |
| computer systems, broadcast television and cassette | | | | But it depends upon how effective your cryptography |
| tapes, records and VCR machines made no attempt | | | | is. A number of disasters have already overtaken |
| to stop people from copying their work and even | | | | those who either chose to implement poor algorithms |
| selling it on with the owner getting paid the royalty that | | | | or failed to understand that you have to do something |
| IPR law gave them. This started in the late 1980's, and | | | | significantly better than password protection if you are |
| grew significantly with the introduction of music | | | | going to protect something that has significant value |
| standards such as MP3 which did not prevent copying, | | | | for your business. It is not necessary for this paper to |
| but did make mass market copying very easy. | | | | do more than state that many of the 'industry |
| Other owners selling 'expensive' works such as | | | | standard' solutions failed to recognize the real |
| financial analyses of companies or markets found that | | | | management issues of cryptography and therefore |
| people would purchase one copy and then make | | | | failed to provide the protection that they seemed to |
| copies of it to pass on to their friends for free. When | | | | claim. |
| the reports were printed they were photocopied, but | | | | Later solutions to DRM implementation have been |
| making them digital made the copying easier and | | | | more successful. Although it is fair to note that right |
| faster. | | | | owners need to think through what it is that they are |
| The IT industry saw a massive opportunity to be able | | | | licensing their customers for. And to make sure that |
| to make significant amounts of money if they could | | | | their licensing is consistent with current international |
| find one or more ways to control what the person | | | | agreements. (Issues of international rights are the |
| who had licensed a digital work (when you buy a book | | | | subject of a separate paper.) |
| in theory you license it, and the same goes with a | | | | Moving forwards |
| picture or a photograph) did with it. | | | | Decoupling DRM from micro-payments has enabled a |
| DRM controls as against IT controls | | | | more effective control suite to be provided that on the |
| Obviously the things that you would want to control | | | | one hand supports industry objectives and on the |
| were any form of access and use, and particularly to | | | | other hand is acceptable to users. Users were not |
| prevent any attempt to remove the controls. | | | | willing to work on the basis of micro-payments, but are |
| So controls often provided are: | | | | more willing to buy a service that is delivered over a |
| - reading the item; | | | | period of time. |
| - number of times; | | | | It seems, from current market feedback, that whilst |
| - start and end dates for reading; | | | | users do not like restrictions on their ability to share |
| - printing the item; | | | | information with others, and to have it locked down to |
| - at all; | | | | a specific computer, they will accept those kinds of |
| - poor quality printing; | | | | limitations. What they are not happy about are |
| - number of copies; | | | | situations where they have to be online to remote |
| - altering the item; | | | | servers before they are able to use information that, |
| - changing information content; | | | | as far as they are concerned, they have purchased, |
| - removing copyright marks; | | | | and should be able to access at any time, and for all |
| - copying the item; | | | | time. |
| - making copies others can use; | | | | These requirements are at odds with the ideas of the |
| - copying parts of the work; | | | | 'pay per view' community from the record and film |
| - taking screen dumps as copies; | | | | industries, who see a massive market opportunity if |
| - running the item as a program; | | | | they can charge for each and every use of an item |
| - running the item on one computer; | | | | as against having sold it to a customer for permanent |
| - only allowing one user to run the item; | | | | use. (In other words they may prefer the model of the |
| - limiting the number of CPUs the item may use. | | | | DVD/Video shop to that of the customer buying a the |
| These controls are a long way from the original IT | | | | item and being able to use it forever thereafter.) |
| type controls on files which (for those not instantly | | | | Conclusion |
| familiar with them) still are: | | | | DRM offers industry information providers, which |
| - read; | | | | include the financial industries, analysts, consultants, |
| - write; | | | | programmers (applications, games) database owners |
| - append; | | | | and so on, as well as the record and film industries, |
| - delete; | | | | with significant potential. DRM significantly extends the |
| - execute. | | | | old IT controls and provides a much finer grained |
| Now as you can see, it's quite a different list of | | | | control over the ability of the user to make use of an |
| controls with quite a significant impact. | | | | item. |
| DRM and charging mechanisms | | | | Attempts to link finer grained control to |
| When DRM systems first came out there was a | | | | micro-payments controls has not been successful so |
| strong move to be able to license significant amounts | | | | far, and may prove to be unattainable in the longer |
| of the information found on the Internet, and to charge | | | | term because the cost of operating the mechanism |
| for every conceivable use of an item, as well be able | | | | exceeds the possible income per transaction. |
| to pass on enforceable rights from one rights holder to | | | | Speculation that web costs are zero may be correct |
| another. | | | | for the end user, but studies have demonstrated that |
| Original owners were also to be recompensed through | | | | information service providers actually pay to have their |
| micro-payments mechanisms that would transfer their | | | | information made available on the web. |
| proportion due each time an aspect of their work was | | | | The correct mechanism to implement DRM will vary |
| sold/licensed. This was proposed so that owners | | | | significantly with the delivery requirement. Services that |
| would receive an accurate payment for use. | | | | require high speed decryption still need to be |
| Did that make it work? | | | | implemented in hardware if they are to work in an |
| Well, this is where the detail gets a bit more | | | | online situation. Realtime services can only be delivered |
| complicated. | | | | using dedicated hardware, and owners requiring this |
| The only mechanism that computer systems have for | | | | service should be aware of this limitation. |
| enforcing controls when the computer operating | | | | |