Digital Rights Management

Digital Rights Management (or, if you ask Richard Stallman, Digital Restrictions Management, abbreviated DRM in both instances) is control over digital and electronic copyrighted material. It is the attempt by the holders of copyrights to reduce or eliminate the piracy of their products, by implementing built-in controls that restrict the ability to access, display, and most importantly, copy the material. It is a controversial subject that has one side arguing it is protecting its property and income, and the other side saying they are overstepping the bounds of what is lawful or reasonable.

DRM also suffers the minor problem that it cannot work: you can't give someone something locked away with DRM without also giving them the key, and it only takes one person breaking a given scheme to open it up for everyone. As such, the only DRM schemes to hold up to concerted attack are those of negligible market penetration. Even quite intricate DRM schemes, such as the AACS encryption on Blu-Ray discs, fall to this mathematical inevitability. Of course, this does not stop people putting into place laws like the DMCA that criminalize the inspection necessary to break the DRM, but that returns the issue to a legal solution rather than a technical one.

Opposition
The original purpose of DRM is understandable, but there are serious implications for the continuation of the basically unrestricted flow of digital information.


 * Imagine a book that automatically became glued shut after you read it once.
 * Imagine documents that self-destructed if you tried to take them out of the room.
 * Imagine telephones that only worked if the person you were ringing was renting the same make and model.

These are some of the claims made by the opponents of DRM. They can be countered thus:
 * Imagine if you only paid 25¢ for that book on the basis that you read it once, or you could pay $25 for the normal version.
 * Imagine how helpful that may be for sensitive and secret information.
 * Why would anyone buy such a phone? (Hint: Because it's an iPhone)

This is not the complete range of arguments, as, apart from anything else, the opponents of DRM can counter the counters, the proponents counter the counters to the counters, and so on and so forth. However, as can be seen from the snippet above, both sides of the issue commonly try to equate software with other things, usually in an attempt to make explaining their argument easier, but software, due to how easily it can be copied, is different from most other products, and thus provides a unique challenge in copyright enforcement. However, certain DRM schemes are widely regarded as too restrictive and/or intrusive.

Another tack commonly taken by opponents of DRM is the claim that DRM simply does not work. To back up this, they commonly claim there has been, so far, no copy protection system for software that has not been hacked, cracked, or bypassed in some way, and, indeed, it has even been claimed that the inconvenience of restrictive DRM can drive legitimate customers to dabble in piracy in order to bypass this DRM.

From the software security professional's point of view, DRM is impossible to implement effectively. It is the equivalent of handing the end user a safe and entering the password to the safe in their full view. DRM relies on insecure practices such as obfuscating the method of encryption and hiding the encryption key on the user's machine. These practices so far have not worked, since all a cracker has to do to circumvent them is to run the software under a debugger to extract the needed information. More recently, software such as iTunes has made attempts to detect when it is running under a debugger and exit; these types of checks tend to be futile too since the attacker can find them and patch them out. The very latest DRM schemes such as those used on Blu-ray disks allow for multiple encryption keys, such that keys can be added or revoked over the air. This approach did not work either, and all the encryption keys used so far have been cracked and are available on the internet. It also raises the ugly possibility that a hardware implemented Blu-ray player may become obsolete and be unable to play new titles.

The fact that DRM does not, and cannot, possibly work raises questions as to whether its purpose is something completely other and different than that stated. Apple Computer, a supporter and frequent user of DRM is known for its use of anti-competitive tactics elsewhere in its business such as obfuscating and changing over-the-air protocols to prevent interoperable products from competitors as well as locking its line of phones such that software can only be loaded using its own software. It is entirely possible that Apple's use of DRM is merely to lock any music consumers buy from them to their own software and hardware players.

Digital Rights Management is also problematic from the perspective of countries where it's legal to make a copy of a copyrighted work for purposes as backup or personal use (ie, ripping a movie from a DVD that you own so you can see it on a smartphone without having to pay again for it), as it forbids you of making that, and circumventing a DRM can be (and usually is) illegal.

Technologies
Some of the technologies used by DRM include:
 * Limited Activations. Often in the form of a licence key, this effectively limits the number of installations that can be used.
 * Online Authentication. The software connects to a verification server, and prevents a person from using it unless it is verified.
 * Tampering, so that a message pops up, to disable function, or otherwise render using a pirated version less attractive than the real version.

Analog hole
A major flaw at the heart of DRM is the fact that human senses are analog, not digital. No matter how securely information is "managed", in the end it has to make its way to the eyes and ears of the customer. The noninteractive work (film or sound or printed text) can be captured, photographed, or recorded at that point in the chain by analog-to-digital converters and stored in a non-secure format. Because there is no final technological solution, from time to time, copyright holders lobby the Legislature for rules to plug this "analog hole" by mandating that analog-to-digital converters (such as those found on sound cards or digital cameras) disable recording when they detect a watermark encoded in the media being copied. Such a watermark, since it would have to be perceivable at the analog stage by the filter in the analog-to-digital converter, would also be perceivable to the human senses, to a larger or smaller degree. One such suggestion once floated was to use a "notch" filter to remove a small part of the audio spectrum from music. This tends to be considered a "flaw" by the final consumers who would be paying for the "damaged" goods.