Although DRM's most obvious implications are for the entertainment, music and publishing industries, any enterprise that has moved from traditional (hard copy) means of maintaining and distributing intellectual property to online methods--intranets and extranets, for example--needs DRM. To date, many law firms and financial institutions have set up trusted delivery methods to exchange information with clients and business partners. This year, health organizations join the mix as HIPAA (Health Insurance Portability and Accountability Act of 1996; see "Navigating the HIPAA Hype") mandates secure communication channels to transfer medical information.
But what happens to that information after its secure transmission? For any enterprise, DRM can lock down content after it has been delivered to customers and business partners. It also can streamline business processes and reduce the overall costs of delivering content manually.
DeCSS is an executable binary utility that when executed launches a dialog box containing two buttons. One, labeled "Select Folder," unscrambles CSS content. The other, labeled "Transfer," places the unscrambled files on the user's hard drive. Credit for DeCSS is given to Norwegian teenager Jon Johansen; see an interview at linuxworld.com
Intellectual property owners have employed strategies to enforce their control over content and limit its use to the terms of copyrights and licenses. These DRM strategies target both the B2C and the B2B markets. In the B2C realm, a variety of copy-control technologies litter the landscape. Schemes have been applied to pay-TV systems, DVDs, DATs, minidiscs and videocassettes. These strategies include CSS (Content Scramble System), CGMS (Copy Generation Management System), HDCP (High-bandwidth Digital Content Protection) and the regional code playback control.
DRM strategies adhere to two principles of design that were conceived and promoted by the Copy Protection Technical Working Group (CPTWG). That is, content should be "self-protecting" and "self-describing." Self-protecting content uses encryption to control access. A manufacturer's playback system, under license by the content owner, provides the decryption algorithms. Once content has been decrypted for viewing and listening, these systems enforce the terms and conditions of licenses by the content's self-describing nature.
Self-describing content embeds copy-control information in the content's data stream. Using a digital watermarking technology, copy-protection levels can follow the content without any special processing. Watermarking works by embedding bits among the video and audio signals in a digital file. These bits identify the content to playback systems without affecting the quality of the content. For example, CGMS uses two bits to indicate to a supported playback system whether content can be copied. And the SDMI (Secure Digital Music Initiative) standard makes use of two watermarks: robust and fragile. When copying from an original audio/ video data file, a robust watermark survives; a fragile mark does not. A playback system recognizing only the robust watermark can identify it as an illegal copy and prohibit playback. Note that such a system would play back content containing both kinds of watermarks as well as older music libraries that contained no watermarks.
Today, DRM components are being integrated into software decoders, e-book software and mobile devices. And legislation pending in Congress (Consumer Broadband and Digital Television Promotion Act, S.2048) mandates DRM use in consumer products. These components assume consumers are guilty of violating the terms and conditions of software licenses and copyrights before they even purchase the product. And there is no process whereby users can prove their innocence and bypass these copy-control mechanisms--under the DMCA (Digital Millennium Copyright Act), it is illegal to defeat the copyright protection schemes put in place by content owners.
Despite all this effort, DRM technologies aimed at the B2C market have not led to much standardization across product lines. Solutions vary depending on the license agreements between content owners and hardware vendors. In addition, these strategies don't inspire customer loyalty because consumers are forced to purchase defective products that have not proved very successful in enforcing license restrictions or copyright laws. At best, these systems are designed to keep honest people honest. That might not be enough for valuable enterprise content. We recommend that DRM strategies focused on the mass market take a lesson from B2B and enterprise solutions that can stand alone or combine with a DAM (Digital Asset Management) platform like DMOD (Digital Media On Demand) to use encryption and metadata to identify and control content from creation to distribution.
DAM is distinct from DRM, though most DAM systems have DRM capability. DAM products index, store and retrieve digital assets from repositories. DRM systems distribute those assets and enforce permissions or rights attached to content by using metadata to identify content, owners, consumers, and the usage terms or rights associated with the content.
Using metadata, owners can control and fine-tune automatically what end users can do with content. The metadata is usually stored in the headers of an XML document or other digital content format or embedded in the digital content using watermarking. Dozens of metadata standards are in place to describe content; examples are ONIX (Online Information Exchange) and RDF (Resource Description Framework). There also are industry standards to specify and manage rights and conditions associated with digital content; these include XrML (Extensible Rights Markup Language) and ODRL (Open Digital Rights Language); see our detailed list.