A complete guide to DRM for beginners
Published by on January 27, 2017 in Information Security

handshake-36806_1280

DRM stands for digital rights management. It’s an umbrella term for any technology used to control access and restrict usage of proprietary hardware and software and copyrighted work. It can prevent the owner of a product from modifying, repairing, improving, distributing, and otherwise using the product in a way not authorized by the copyright holder.

In many countries, circumventing DRM is illegal, as are the creation and distribution of tools used to bypass DRM.

Why DRM?

The stated purpose of DRM is to prevent piracy and protect intellectual property. By restricting what the owner can and cannot do with their product, copyright holders can prevent intellectual property theft, copyright infringement, maintain artistic control, and ensure continued revenue streams. DRM can help ensure owner safety by restricting how it is used.

Copyright holders implement DRM for less scrupulous reasons as well. DRM can stifle competitors from improving on the product. It can make products incompatible with each other, forcing owners to buy only compatible products that benefit the copyright holder. It can force owners to upgrade to the newest product when the DRM scheme changes. DRM can prevent owners from making copies of, selling, giving away, repairing, or modifying their products, leading to increased revenue.

Does DRM work?

DRM can prevent owners from using their products in ways not authorized by the copyright holder. How effective it is depends on the individual DRM technology.

The Electronic Frontier Foundation, a non-profit digital rights group and major critic of DRM, argues that there is no evidence suggesting that DRM prevents piracy or protects users.

The argument against DRM

When a consumer buys a product, full ownership of that product is legally transferred from the manufacturer or retailer to the consumer. DRM interferes with that simple legal premise by retaining certain elements of ownership for the original copyright holder.

Many consumer rights groups, including the Electronic Frontier Foundation, have taken a strong anti-DRM stance. They argue that DRM’s intention is not to protect consumers or intellectual property, but to inconvenience owners, stifle innovation from would-be competitors, hide flaws, and prevent them from truly owning a product.

  • DRM can prevent the owner of a product from reselling it or giving it away. This can bar libraries and rental stores from doing business, for example.
  • Under DRM law, security researchers can be sued if they expose vulnerabilities in a product. A University research team couldn’t publish information about flaw that puts customers’ private information at risk, for example.
  • DRM can prohibit customers from adding or removing features from a product that they own. An inventor might be barred from selling an accessory to improve an existing product, for example.
  • DRM can prohibit customers from altering the format of a digital product, such as changing the format of an audio or video file to work with a different player or device.
  • DRM can limit owners to using certain accessories and compatible products with a device. Printer cartridges are a notable example of this.
  • DRM can prevent customers from repairing broken products on their own. A computer manufacturer can void a device’s warranty if customers go to a third party for repairs and replacement parts, for example.

Anti-DRM is not pro-piracy

DRM advocates often equate being anti-DRM to being pro-piracy. This is simply not true and is a stigma perpetrated by those who would take away consumers’ right to ownership.

There are more effective means of combating piracy that copyright holder can employ than DRM, which we’ll discuss later.

Examples of hardware DRM:

Smartphones

The latest iPhone made headlines for removing the standard analog headphone jack, forcing users to listen to their music and other audio through a purely digital signal via wireless Bluetooth, AirPlay, or the Lightning jack. There’s nothing inherently wrong with that, but opens the door for DRM abuse.

Nilay Patel published an article on The Verge explaining the potential for serious problems:

“Restricting audio output to a purely digital connection means that music publishers and streaming companies can start to insist on digital copyright enforcement mechanisms […] you can bet the music industry is going to start cracking down on “unauthorized” playback and recording devices anyway.”

Patel explains the entertainment industry has been fighting against the “analog loophole”, and now it can better control how users play back audio.

DVD and Blu-Ray

Most DVD movies are encrypted with DRM so they can’t be ripped, copied, and backed up.

Blu-Ray takes this a step further with several more layers of DRM, making it impossible to play the disks on anything except a Blu-Ray player and HD television that supports video encryption. Likewise, to play a Blu-Ray disk on a computer, an HDCP-compliant video card and monitor are necessary. The software used to read the disks is not free, and they cannot be played by any free software due to DRM.

The Free Software Foundation announced a boycott of all HD-DVD and Blu-Ray disks in 2006.

Printers

In September 2016, HP infamously updated firmware across a range of its printers that made them incompatible with off-brand printer cartridges. Owners were forced to purchase HP ink cartridges, which are more expensive than the generic off brand options. If another brand was used, even if it was previously compatible, the printer would alert the owner that the cartridge was “damaged” and needed to be replaced.

After immense customer outrage and a petition sent by the Electronic Frontier Foundation, HP apologized for the DRM and released an optional firmware update to restore printers back to normal.

TVs

Many smart TVs sold today come equipped with a built-in record function. Unfortunately, the content you record with your smart TV is most likely locked to that TV using DRM, and it cannot be played on any other device. Furthermore, DRM might limit the amount of time you are allowed to record. Smart TVs manufacturers can work with copyright holders to enable DRM that’s content-specific, so it only applies to certain TV shows and movies.

Appliances

Even home and kitchen appliances can utilize DRM. Keurig, the coffee company that makes the instant coffee dispensing machine using one-off pods, attempted this in 2014. The company noticed customers started using off-brand pods and re-usable pods to save money. To force customer into buying only Keurig brand-pods, the Keurig 2.0 machine included a scanning feature that would lock out competitor’s pods that didn’t contain a special mark.

The DRM backfired, and sales of the new Keurig plummeted. Not only could third-party pods not be used, but older versions of the Keurig brand pods were also locked out. Owners were predictably outraged.

Examples of software DRM

Digital music, video, and books

iTunes is perhaps the most famous example of using DRM to protect digital media, including music and video. It uses an in-house DRM scheme called FairPlay, which is built into all Apple devices and media players. FairPlay ensures that media purchased from the App Store and iTunes can only be played through Apple products. These can include movies, music, TV shows, ebooks, and apps.

Apps

Unless you jailbreak your iPhone or iPad, which voids the warranty, iOS devices can only use apps listed on the App Store. Unlike Android, there is no setting to allow the installation of apps from third-party developers.

This tactic prevents iPhone and iPad owners from using apps that Apple does not approve of. These apps might be pirated, contain explicit content, cause harm to the device, or be used to modify the device in a way that’s otherwise not beneficial to Apple. It’s impossible, for example, to spoof your GPS location or modify which ports and app can use on an iPhone without jailbreaking it.

Software and video games

Commercial software uses DRM in a variety of ways to prevent unauthorized distribution and piracy. It might limit how many devices a single copy of the software can be installed on (Evernote, Microsoft Office). Another tactic is persistent online authentication, which requires an internet connection so the software can “phone home” to ensure it’s a legitimate copy (Diablo 3, Assassin’s Creed II). Product keys are also a simple means of verifying purchase of software, but it’s normally restricted to physical disks and not online downloads.

The motivation to prevent piracy is understandable, but limiting the number of devices and enforcing use of product keys can restrict the resale or giving away of used software, a practice that the owner should have the right to do. Persistent online authentication creates privacy complications and can prevent owners from enjoying their software without an internet connection.

Besides preventing unauthorized copying and distribution, DRM can also prevent users from modifying, improving, or removing features from software. The stated intent is to protect intellectual property, but it can also hinder competition.

What is not DRM

Streaming services

The content on free and subscription streaming services, such as Netflix and Spotify, doesn’t qualify as being DRM-protected. Just because you pay $10 a month for a Netflix subscription doesn’t mean you own every movie and TV show in the Netflix library.

So where is the line? DRM specifically interferes with ownership. If you own something, you should be able to what you want with it, bar making unlimited copies and distributing them to strangers. Streaming content does not mean you own it.

Streaming is a service, and services are not products, therefore they cannot be owned, and DRM in the traditional sense cannot be applied.

Incompatibility

DRM prevents you from doing what would be possible without it. If a printer cartridge is fully compatible with a printer in every aspect except for some arbitrary restriction designed to lock out third parties, that’s DRM.

However, DRM does not affect the underlying technology. If only one company makes a compatible cartridge for a printer and there are no third-party options available, that’s not DRM.

Safety

This is perhaps the least clear line of what is and isn’t DRM. Let’s say Apple were to restrict Macbook and iPhone users to Apple-brand charging cables because third-party products had a consistent record of bursting into flames. The purpose of that restriction would not be to protect Apple’s copyright, but the best interests of its customers.

This is just a hypothetical example, but at what point does a safety restriction turn into DRM? This must be assessed on a product-by-product basis.

DMCA

The Digital Millenium Copyright Act of 1998 makes it illegal in the United States to produce or disseminate any technology that allows owners to circumvent the DRM protections on their products. The DMCA essentially makes bypassing DRM for any reason a crime.

The intent of the law was to curb piracy of digital products, but it has been used to silence security researchers who find flaws in products, and prevent competitors from reverse engineering products, and jeopardizes fair use.

Despite the law, the DMCA has been largely ineffective at protecting DRM systems and the products they supposedly protect from software pirates. Free software for bypassing DRM abounds online. As is the pattern with DRM laws, the bad guys go free and the good guys get punished.

Combating DRM

Perhaps the most frustrating fact about DRM is that it doesn’t work. Google any of the examples above, and you’re almost sure to find a means of bypassing the DRM on the first page of results. DRM usually only serves to inconvenience and punish honest consumers and does little to prevent piracy and intellectual property theft.

Even though cracking DRM is illegal in many countries, the laws are difficult to enforce and do little to stop copyright infringers.

How can you combat DRM? We can’t encourage you to use DRM-removal software and engage in piracy, but there are other alternatives for both creators and consumers.

Streaming

For digital media, streaming content forgoes many of the most controversial aspects of DRM. It can provide a better customer experience, doesn’t require the customer to purchase a product, and is relatively difficult to pirate, at least in high quality. You need not look further than Netflix to see how a streaming model benefits both customers and copyright holders.

Lightweight Content Protection

Lightweight Content Protection, or LCP, is a replacement for DRM encryption that’s still in development. Targeted particularly at eBooks, developer GiantSteps says it will create a standardized encryption across all publishers that won’t lock customers in to a specific platform. In theory, this would ensure that a digital product was purchased, but allow it to be used across multiple platforms such as tablets, smartphones, and e-readers like Kindle and Nook.

LCP promises to be less intrusive, provide a better user experience, and be easier to implement than traditional DRM. How exactly it is implemented, however, could still run against the anti-DRM principles set out be the EFF and other consumer rights’ groups.

Go DRM free

Companies bold enough to put out DRM-free products often earn the respect and repeat business of their customers. Going DRM-free shows that a company is confident that it has the best possible product and consumers are willing to pay for it.

CD Projekt Red, the makers of the hit game series Witcher, released the last two installments of the series without DRM. The company noted that after the release of Witcher 2: Assassin of Kings, the DRM-protected disk version distributed by Atari was pirated more times than the DRM-free version sold via online download. Witcher 3: The Wild Hunt went on to break sales records.

Customers can support DRM-free software by not only buying it, but buying it from a marketplace that supports DRM-free products. GOG.com, for example, only sells DRM-free games, including The Witcher series.

Fair labeling

Last year, the EFF petitioned the Federal Trade Commission to institute labeling rules that would require retailers to warn customers if products contain DRM.

Fair use

Fair use laws state that copyrighted material may be copied for “limited and transformative” purposes without the permission of the copyright owner. DRM often runs in contradiction to these laws by interfering with the ability for the limited material to be copied or shared. Fair use can be used to comment upon, criticize, or parody a copyrighted work. It is frequently used by journalists and other forms of media.

The future of DRM: blockchain tech

A blockchain is an decentralized, immutable, public ledger of transactions. It is most famously used by Bitcoin to prevent users from spending the same bitcoin twice and injecting new bitcoins into the economy at a set pace.

But blockchain is rising as a disruptive technology with boundless applications. One of those applications is provenance, or proof of ownership. In this sense, blockchain could be used in DRM schemes to ensure that someone who plays digital media, such as a song or video, actually owns it.

Blockchain DRM-driven systems are still in development, and they could help or hurt consumers depending on how they are implemented. It could serve as a common rights repository for content owners and could even enable the transfer of rights between users. It could also be used to enforce all of those bad policies we pointed out above, because blockchains are much more difficult to hack or bypass.

Related: What is blockchain? 10 Experts explain blockchain in 150 words or less.

Leave a Reply

Your email address will not be published. Required fields are marked *