The Digital Media Project  
Source L. Chiariglione
Title A simple way to skin the DRM cat No. 060209chiariglione01

 

A simple way to skin the DRM cat

Steve Jobs, the founder and CEO of Apple, the company that more than many others has offered innovative solutions based on digital technologies, deserves an applause for restarting a languishing debate on the “why and how” of Digital Rights Management (DRM), particularly of his own FairPlay.

He did forget one thing, though. It is true that he is not the only one but he uses the term DRM without defining it. Don’t say that there is no need to be pernickety about it as everybody talks about DRM. It so happens that a good share of the contentions around DRM stems from the fact that there are too many conflicting perceptions of the DRM “thing”.

So, let’s first clear this one by stating the obvious: “DRM is a means to manage rights with digital technologies”. The definition is a tautology but when there is confusion the best is to start from the obvious. If I create a file and, before sending it, I digitally sign it, I am using a form of DRM because I digitally manage my right make sure that the recipients of my file are informed if somebody has tampered with it. Ditto if I send an email with PGP.

It is apparently a different story if I release an MP3 file of a song composed and played by me with a Creative Commons (CC) licence. In this case I am managing my author's and performer's rights attaching (or making reference to) a human readable licence. If, however, I express the CC licence in a computer-readable form, I digitally manage my rights, i.e. I apply DRM.

There are, however, people who add to the DRM (management) technologies described above other (protection) technologies in order to physically force people to comply with their expressed rights. It is an abuse of words to call these technologies DRM (even the most oppressive of managers do not make recourse to physical forcing), but I do not object to that use as long as the original “M as in management” meaning is not forfeited.

Typically protection technologies scramble the bits in such a way that only those who own the descrambling key can actually access the information in an understandable form. Typically you also get the key only if you pay for the thing and you can play or otherwise use the content only if you employ a device specially-tailored to the particular service. The iPod is one such device that plays protected music tracks sold by the iTunes online music service run by Apple. Other music players also exist that can only play music from specific online services, such as Zune and Connect. None of these are capable of playing music purchased from competing services.

The theory has it that a healthy market of competing products and services benefits users. The practice, however, is that a user with 3 different players would need to buy 3 times the same song to be able to listen to it on all three players. Call it benefit...

Since its introduction 5 years ago some 90 million iPods and some 2 billion iTunes tracks have been sold. The numbers look impressive but simple math tells you that for each iPod sold only an average of just 22 tracks have been purchased (and iTunes is by far the most successful service). Probably more important is the fact that the number has been nearly constant over the years and is actually decreasing, and that statistical samplings show that most of the hard-disk or flash-memory space of iPods is full of MP3 that users can freely enjoy.

Still people are complaining that their inability to play legitimately purchased iTunes tracks on the device of their choice is affecting their rights. Here Steve Jobs has to do a bit of tight-rope walking because he wears at least two hats: the “electronic retailer's” and the "device manufacturer's" hats. Wearing the former Steve Jobs says: the importance of iTunes is marginal (this is what his words amount to) because people use the iPod most of the times to listen to an MP3, so why should people care? The answer is easy: we do care because the law in most countries forces us to be serious about protected music (and other types of content), as you go to jail if you tamper with the underlying protection technology, and you never know what happens to technology because what is marginal and a simple nuisance today can become mainstrean and a major hindrance tomorrow.

Wearing the latter hat Steve Jobs makes a bold proposal: let’s get rid of DRM altogether for digital music. Here is where the DRM management/protection ambiguity affects the message because while it makes sense to claim, based on empirical evidence, that protected music does not sell, it remains to be demonstrated that managed music does not. That would be like saying that the Creative Commons movement is a hollow shell. Indeed there is a whole range of business models that can be based on pure DRM (management) technologies and once you start with management...

Knowing that his proposition may not find all the receptive ears it deserves Steve Jobs does address the message coming from his protesting customers. He recognises that a DRM (protection) system that is transparent to the user would be an advantage to them. After all the DVD’s CSS does exactly that, were it not for the unfortunate “region code”. Curiously Steve Jobs restricts his analysis to just one option: how can Apple safely license its DRM technology to other manufacturers and be able to keep its obligations vis-Ó vis the record companies.

Others have already pointed out some of the weaknesses of his reasoning which, by the way, would not achieve full interoperability as buyers of Zune and Connect players would still be left out in the cold. My intention here is to get inspiration from probably the most successful  communication system ever – GSM – to find a good way forward. Indeed most people are unaware that this 20-year old communication system is based on a very sophisticated DRM (protection) technology that has been standardised by the European Telecommunication Standards Institute (ETSI) which also handles the governance.

Do you think that there would be literally billions of people using GSM billions of times a day if the system had been designed to allow incompatible DRM systems? Incidentally I am not aware of any anti-DRM guru protesting the use of DRM (protection) in GSM or avoiding its use because it employs DRM, maybe because a part of the DRM used by GSM is to avoid eavesdropping in the radio link, a very consumer-friendly use of DRM.

The way to go is to have a standard system like GSM that anybody can practical implement and anybody can use to enjoy the content that they legitimately purchase. If you do not like the GSM example, do you think that we would have had the MP3 phenomenon without the MP3 standard or the billions of video files taken by cell phones - and shared - without the MP4 standard?

Let's suppress the enthusiam and avoid an easy criticism: clearly a DRM standard is a different beast than most other standards. The ways people may want to apply DRM technologies for their needs are countless, starting from the management/protection varieties, continuing with the network/broadcast/stand alone varieties, supporting user privacy etc. It would be really hard to define a “one size fits all” DRM standard. But look no further because there is already a solution. The Moving Picture Experts Group (MPEG) has produced most of the standard DRM technologies that are required by a DRM system. The Digital Media Project (DMP) has added a few more technologies that were missing integrating them with the MPEG DRM technologies to provide complete solutions, is now setting up the governance of the system based on established practices and is releasing Chillout, the reference software of its specification, as open source under the Mozilla Public Licence v.1.1.

Should the use of the standard DRM be made compulsory? In spite of the evidence coming from GSM (the fact that in Europe the use of the standard is compulsory for 2G is quoted as the main reason for its world-wide success), there is no need to do as much in the age of digital media. Digital Media in Italia (dmin.it). an Italian initiative advocating the use of a freely selected DRM on the part of entrepreneurs if seconded by the use of the standard DRM, is building evidence that this is not necessarily a requirement.

Twenty years ago the mobile telephony industry barely existed and 10 years ago it was still serving a small Úlite community. By cleverly designing a standard – GSM – that accounted for user concerns – DRM – the mobile telephony industry has become global, multiplied its size by orders of magnitude and is poised to become the first digital technology affecting each of the six billion humans on the Earth. While getting rich that industry has made billions of people happy. In contrast with this the music industry, because of the absence of a standard that accounted for users concerns – DRM – has shrunk in size, punishing its stakeholders and making millions of people unhappy.

Who hath ears to hear, let him hear.

About the author

Leonardo has some say in matters realted to digital media

Comments should be sent to leonardo "at" chiariglione "dot" org