Digital Rights Management: Business and Technology. New York: Hungry Minds/John Wiley & Sons, 2001.



This book is about a subject that has been lurking in the underbrush of the digital information world for many years and is finally coming to the forefront. Rights management is, in some ways, the ugly beast that content providers — publishers, broadcasters, market researchers, consultancies, major corporations, and others — have wanted to keep in the closet. The Internet has forced the closet door open; really, it has eliminated the door itself. What used to be relatively simple is now uncomfortably complex. What used to be a source of moderate business overhead is now a significant undertaking. What used to be the province of lawyers, agents, and administrators is now also the domain of technologists. Content providers need to understand and embrace rights management in order to play in the Internet age.

What Is Digital Rights Management?
The term digital rights management (DRM) was coined by some combination of vendors, their marketers, and industry analysts in the late 1990s. Thus it’s less relevant to ask, “What does DRM mean?” than to ask, “What is it that has come to be called DRM?”

We take a broad view of the meaning and scope of DRM. When you create content (information), you inherently control a set of rights to that content — to see it, change it, print it, play it, copy it, excerpt it, translate it into another language, and so on. Traditionally, those rights have accrued from three sources:

  • Legal: Rights that you get either automatically under law (such as inherent copyright) or by some legal procedure (such as applying for a patent)
  • Transactional: Rights that you get or give up by buying or selling them, such as buying a book or selling a manuscript to a publisher
  • Implicit: Rights defined by the medium that the information is in

The most important thing to remember about DRM is that the first two sources of rights haven’t changed much with the advent of technologies such as the Internet, cell phones, and MP3 files. Various parties have called for a complete gutting and replacement of the standing intellectual property (IP) law, but this hasn’t happened and isn’t going to. As discussed in Chapter 3 of this book, legislators have responded to new technologies by adding a couple of new laws instead, such as the Electronic Signatures Act and the Digital Millennium Copyright Act.

Transactions haven’t changed much, either — regardless of the fact that they can be performed over the Internet. The same laws apply, the same money is used, and the same goods can be bought and sold. What’s really changed is the implicit nature of rights when applied to traditional media. The Internet has made these implicit rights explicit. This engenders problems as well as opportunities for content providers as well as for consumers.

To understand what we mean by the implicit rights of traditional media types, consider this: If you buy a book at a bookstore, you’re given some rights to the content in the book. Some are legal: It’s a breach of copyright law to make copies of the book and sell them. Some are transactional: You paid some money for the right to read the book, to lend it, or to give it away. But most of the rights derive from what’s easy and what’s hard to do with the technology of a printed book.

It’s easy to read a book; that’s what books were designed for. It’s also easy to give a book to someone else (in most cases). However, it’s not that easy to make a copy of the book; it’s even harder to change the contents of the book — regardless of whether those activities are legal. For that reason, publishers haven’t been too worried about people doing these things.

The Changing Attitude Toward DRM
Although publishing has been around for centuries, publishers’ attitudes towards rights have changed dramatically in the last decade. Technology has imposed two inflection points on the industry: The first was putting content in digital format, as opposed to physical forms such as print, vinyl, and videotape. Digital content can be copied with perfect fidelity: Unlike in legacy media, a copy of a copy of a copy of a copy is just as good as the original. The second inflection point is the Internet, which eliminates the need for physical media to distribute digital content. Instead of distributing it on floppy disks, CDs, DATs, MiniDiscs, or Zip drives, digital content can be sent from place to place instantaneously and extremely cheaply.

In other words, digital network technologies have dramatically decreased the cost of manipulating, copying, and distributing content. There are all kinds of things that you can do to content in digital form now that were too time-consuming or expensive to do before. This makes content production and distribution easier for publishers and other content providers, but it also makes piracy easier for pirates.

Digital rights management refers to controlling and managing rights to digital intellectual property. The need for control and management has increased now that digital network technologies have taken away the implicit control that publishers get with legacy media.

At first, unsurprisingly, content providers were concerned with digital network technologies’ effects on piracy. They became interested in technologies — mostly borrowed from the world of commercial software distribution — that would take digital content and reintroduce the types of limitations on manipulation, copying, and distribution that physical media contain.

These early DRM technologies didn’t catch on, mainly because they were too cumbersome to use. At one level, they merely replaced one data distribution problem — the content — with another — the software required to use the content. In other words, vendors produced software that effectively gave digital content on the Internet some of the same properties as physical content with regard to the ease of exercising rights such as view, copy, and change. But the software brought new problems: distributing, maintaining, and getting consumers to install and use it. So the software introduced a level of complexity that users didn’t welcome.

This type of DRM technology still exists today; in fact, recent developments in the music industry are making it potentially more important than ever. As this book goes to press, the five major recording labels are preparing to roll out the MusicNet and pressplay services, which offer digital music to consumers through subscription services that involve DRM technology. With the weight of legal victories against the likes of Napster and behind them, the record companies are hoping that consumers will accept by fiat two flavors of proprietary DRM technology, from Microsoft and RealNetworks, as opposed to the single SDMI standard that the music industry attempted to float but has largely abandoned. It will take some time for the market to decide.

Opportunities through DRM
As content providers have begun to be more familiar with the Internet and with rights issues, they are coming to realize three things: First, rights management concerns much more than the distribution of content to consumers. A publisher or content provider is only one link in a chain that also includes content creators (authors, photographers, musicians, and so on), manufacturers, distributors, and so on. Managing rights really means managing them throughout the entire chain.

Secondly, and more importantly, content providers have begun to understand that rights management is as much about the opportunity inherent in new business models as it is about preserving the business of old ones. They are realizing that physical media formats have defined limits on opportunity, not just piracy. For example, people may not want to purchase an annual subscription to an expensive scientific journal, but they may be interested in one or two articles. It’s hard to do that with print journal publishing, but network digital technology makes it much easier. Publishers can increase revenue by adding this type of capability, of which rights management is a necessary component.

Similarly, there are many music fans (like one of us) who are fed up with the homogeneity of broadcast radio and would pay a monthly fee to listen to good, commercial-free music in their favorite genres, but have little interest in owning lots of albums and even less in going to the trouble of picking them and putting them on a music-playing device. It takes rights management technology to provide this type of service.

Publishers can also provide their content to third parties that add value to the content by repackaging it, adding it to larger collections of content, and so on. In the world of legacy publishing, these so-called secondary publishers have had to set up very expensive operations to serve this market opportunity. Networked digital technology dramatically lowers barriers to entry — as long as rights are managed properly. In today’s environment, publishers are learning that content brands transcend location and delivery media: It pays to get content in front of your intended audience, wherever they may be. If part of that audience is best served by another venue — another publication, another Web site, another service — then the best thing to do is to license content to that other venue. This, once again, is a rights management issue.

The third thing that content providers have come to realize is the opportunity inherent in learning more about the audiences for their content. There’s only so much that you can learn about readers of physical media. If they buy books at bookstores, they can do so using anonymous cash, so you have no idea who they are. In the world of magazines, you know something about your subscribers, but there’s no way of knowing which articles they read, which ads they look at, and with whom they share the magazines. And, of course, television networks sometimes go to extraordinary lengths to find out who’s watching.

Networked digital technology makes it possible to find out with unprecedented precision who is consuming what content and when. In fact, sometimes the information on content use is worth more than the content itself. If you manage and control rights to content, it’s only a small step beyond that to tracking its usage.

Rights management also applies to businesses that don’t sell content as their primary source of revenue. More and more types of businesses depend on information as an accompaniment to the products and services that they sell — from management consulting and banking to manufacturing. The construction industry, for example, depends on plans and specifications for buildings, roads, and bridges that someone wants built. Construction firms bid on projects, and documents are created and shared among different participants in the process. It’s important to distribute these artifacts digitally while ensuring that only authorized parties get access. The same is true in the aviation industry for building today’s complex aircraft, in financial services for research documents that are sent only to top customers, in pharmaceutics for managing drug regulatory documentation processes, and in many other fields.

We feel strongly that DRM solutions will eventually spill over from pure content industries to all these other fields. In fact, some noncontent industries already use document management systems that have certain aspects of DRM built in.

Digital rights management differs from traditional rights management because it needs to be proactive instead of reactive, and it needs to be explicit and comprehensive instead of letting the medium determine the rights.

An entire industry is emerging of technologies that perform digital rights management. These comprise several different types of functionality, such as the following:

  • Systems that content providers can use internally for defining, organizing, and managing rights
  • Systems for distributing content to consumers in a controlled way (the original types of DRM solutions and the ones that get the most press because they are meant to address piracy)
  • Systems for managing access to content within an enterprise, such as a corporation or educational institution.
  • Systems for licensing and distributing content to other publishers in a controlled way
  • Systems for measuring content usage

The market for these technologies came into focus in the mid-1990s and has been growing slowly ever since. Many vendors have come and gone; leaders have yet to emerge. But most people agree that even though the Internet was built with an “information wants to be free” environment in mind, DRM is becoming a more and more fundamental idea in the evolution of digital content; because of this, the market should grow rapidly. Recent (June 2001) research by IDC predicts that the market for DRM technology and services, which it measures as $96 million in 2000, will be $200 million in 2001 and ultimately $3.5 billion in 2005 — an annual growth rate of over 100 percent.

The Origins of DRM Technology
As mentioned earlier, the identification of a type of technology for controlling the copying of content in digital form came about with the rise of the Internet. Before that, making unauthorized copies of digital files was a problem that originated in the software industry.

Software piracy continues to be a problem for vendors to this day. Yet it wasn’t much of an issue in the days before the PC (pre-1980s), when computers were mostly large machines for multiple users — minicomputers and mainframes. Yet ironically, key components of what we now call DRM technology arose out of the mini/mainframe environment. On every large computer system, individual users maintain their own sets of files. Each of those files has permissions on them, allowing different users the rights to do certain things with those files, such as read them, write (change) them, run them (for files that are themselves programs), and delete them. On the most sophisticated systems, each of those permissions could be assigned (or not assigned) to different classes of users, including the creator of the file, members of a defined group of users, and “everyone.”

In Chapter 4 (and throughout this book), we call this specification of who can do what to or with a file a rights model. Developers of rights models for DRM certainly took their inspiration from file permission schemes for multiuser operating systems. Incidentally, this technology didn’t go away with the advent of PCs: On the contrary, every Web and database server that you use today has it. The computers themselves just got smaller and more powerful.

When personal computers came out in the late 1970s through the early 1980s, software was distributed on floppy disks. Nowadays, with most software packages too large to fit on 1.44MB floppies, CD-ROM is the most popular physical medium for software distribution. Floppies were easily duplicated, and today’s cheap CD-RW (writeable CD) drives have made CD-ROM software relatively easy to pirate as well. Software vendors have devised various schemes, including warning messages (“guiltware” or “scareware”), product ID keys stickered onto the CD-ROM boxes (“naziware”), and the infamous dongles (hardware device that attach to PCs’ printer ports) to stem the tide of piracy, with mixed success.

Local area networks (LANs), which became widespread in the late 1980s, engendered new possibilities for piracy. Now, instead of making copies of floppy disks, it was possible to make copies of files on other people’s machines or on central file servers. Certainly it was easy to copy software that way. Software vendors tried hard to create tools that would administer software licenses among the dozens, hundreds, or even thousands of users in a corporation or other institution. This proved to be extremely difficult in the Microsoft Windows environment, although it was easier in the UNIX environment.

Controlling access to digital files via encryption came up around this time. On mini and mainframe computer systems, it was often possible to encrypt files in an ad hoc manner (for example, through the UNIX crypt command). Encryption provided an extra measure of protection: You needed to know a password in order to unencrypt the file. File compression programs such as PKZIP also provided encryption, which supposedly helped software vendors copy-protect their distributions (although PKZIP’s particular type of encryption has been judged to be weak).

The first well-known application of encryption for what you could call “content” was for type fonts. Fonts used to be expensive: They would cost up to a few hundred dollars apiece. (This was before Microsoft began to throw a few dozen of them in with every version of Microsoft Office.) When a font file was on a server on a LAN, everyone could use it — either by copying it or by referring to it on the server. In the early 1990s, fonts were typically distributed on CD-ROMs. Two vendors, InfoSafe and CDMax, responded to this by inventing technology that encrypted files on CD-ROMs, required users to have decryption keys to use them, and charged users according to what they used.

It was a relatively small step from encrypted files on CD-ROMs to encrypted files on the Internet. Although the Internet had been around for much longer, most people identify 1994 as the year when it started on its meteoric rise to commercial prominence. The threat of piracy became all too clear to publishers.

Three developments took place within the two years after 1994 to create the paradigm that we now know as digital rights management. Two of these were the first well-known DRM systems from commercial vendors: infoMarket from IBM and a system from the startup company Electronic Publishing Resources (EPR). IBM’s infoMarket was a combination of two things: One was a technology for strictly controlling content rights and distribution called Cryptolope. As its name implies, Cryptolope was an “envelope” that used encryption to keep content inaccessible to those who didn’t provide the proper consideration, such as paying for it. The other was a set of software that enabled IBM’s customers to create marketplaces on the Web for content distributed in that way.

EPR took a slightly different approach. Whereas IBM’s infoMarket was all software, EPR designed an entire end-to-end system for distributing digital content that included hardware devices on the client side. They spent an alleged $25 million in research and development to invent this technology and, just as importantly, apply for many patents on it. Neither IBM’s infoMarket nor EPR’s hardware devices were very successful, but the technologies live on: Bits of infoMarket have survived in IBM’s Electronic Media Management System (EMMS; see Chapter 11), and EPR moved its technology from hardware to software and renamed itself InterTrust — now one of the biggest names in DRM.

The third major development that catalyzed the DRM paradigm was the publication of the paper “Letting Loose the Light: Igniting Commerce in Electronic Publication,” by Dr. Mark Stefik, a researcher at Xerox PARC research labs. This landmark paper defined what you could call the “techie’s view” of DRM for all time. It said, in essence, that it should always be possible to strictly define and control who can do what to a piece of content, when, on what devices, and for how much money or other form of consideration.

“Letting Loose the Light” defined something called a trusted system. A trusted system is a device that holds some data and implements a precisely defined set of behaviors on that data. There is no way to access or modify the data other than to go through the trusted system. Trusted systems, Stefik said, would be the only feasible way to implement digital rights management because general-purpose computers have too many security holes. Stefik left some room for interpretation about the form of the trusted system, but he implied that it should take the form of a convenient, dedicated device, such as a smart card that plugs into a PC, music player, or other device.

In addition to defining the trusted system, Stefik defined a programming language for expressing rights to content, who gets them, what they cost, and so on — what we call a rights model in this book. This language was called Digital Property Rights Language (DPRL).

We call Stefik’s paper the “techie’s view” of DRM because it envisions a world where all content rights are defined and controlled by automated processes. It doesn’t allow for any ad-hoc content rights transactions among humans that publishers may want to allow, or may even depend on, such as passthrough (making a few copies of a magazine article for colleagues around the office) and fair use (see Chapter 3). On the contrary, Stefik says, in his 1999 book The Internet Edge: Social, Technical, and Legal Challenges for a Networked World, that even these types of content “transactions” can and should be covered under rights management technology. Some intellectual property law experts disagree, suggesting that the idea of tight control of content access rights runs counter to copyright law – in particular, to the First Sale Doctrine (see Chapter 3).

After publishing “Letting Loose the Light” (which appeared, among other places, in Stefik’s 1996 book Internet Dreams: Archetypes, Myths, and Metaphors), Stefik and colleagues from Xerox traveled around and talked to publishers, record companies, and consumer electronics manufacturers about implementing DPRL and the trusted systems concept.

Certain people within Xerox entertained the idea of implementing DPRL language interpreters in the company’s printers, copiers, and scanners so that their tasks could be performed in a way that respects copyright. Although no vendor of a media-producing or media-consuming technology wants to build devices that restrict their own actions, Xerox may have been “inspired” by legal actions such as the 1991 lawsuit that the Association of American Publishers coordinated of seven publishers against Kinko’s for unauthorized copying of academic materials.

Xerox never did follow through on DPRL-enabling their devices, but they did create a division called Xerox Rights Management to build software around the DPRL technology. Xerox eventually spun Xerox Rights Management out, and after a change in management, it became ContentGuard, Inc. As discussed in Chapter 6, ContentGuard modified and commercialized the DPRL technology, naming its variation XrML (Extensible Rights Markup Language).

Since 1996, many DRM vendors have come and gone. Most have targeted the publishing industry and have implemented technology designed to run on standard PCs and over the Internet. One early exception was Wave Systems, of Lee, MA, which implemented DRM technology in hardware. Wave Systems invented the EMBASSY processor, sort of a “DRM on a chip,” and tried without much success to sell it to PC manufacturers, who would then build the chip into their PCs.

Nowadays, as shown in this book, the DRM market is dominated by software players because of the total dominance of PCs and their ilk (for example, Macintoshes) as devices that access the Internet. Grafting DRM technology onto these technologically mature platforms has its problems. But as more and more post-PC Internet access devices are invented, such as PDAs, cell phones, and Internet music devices, DRM technology will have more opportunities to be integrated at the ground floor. Meanwhile, the software vendors aren’t standing still, either. DRM has come a long way from its origins in operating system file protection.

Is This Book for You?
This book was designed to help you chart a confident course through the technologies, business issues, and solutions in an industry in a constant state of flux. We show you the principles behind digital rights management: the existing content provider environments in which the industry was born, the new business models that are possible through DRM solutions, the fundamentals of the relevant technologies, and how to combine it all into solutions that make sense for your business.

If you are looking for a Consumer Reports-style guide to various DRM vendors’ solutions, this may not be the best place to look. We do examine specific vendors’ technologies, to be sure, but because vendors and their offerings change so frequently, we feel that you should consider supplementing this book with some of the more frequently updated periodicals and research journals that touch on the subject. [One such service is DRM Watch].

If you read this book first, you can place vendor hype, as well as industry news and analysis, into a unique framework of understanding and cut through biases and temporalities. You’ll be able to compare apples to apples.

The primary target audience for Digital Rights Management: Business and Technology is business and technology decision makers at content-providing businesses, including publishers, broadcasters, consultancies, investment firms, market researchers, and many other types of businesses that generate or handle a lot of information. We wrote this book because there is no other place to get comprehensive information about the principles underlying DRM, as opposed to the latest vendor hype or technology fads.

This book will also be of interest to people who work on the technology side of the industry. If you are a technologist, you will find this book useful for learning about the business issues that concern content providers. Publishing people are a tightly knit community with a reputation for not trusting technology vendors unless they “talk the talk” and demonstrate that they have “been there and done that.” They tend not to buy technology solutions unless and until they are proven in the field. After reading this book, you will be able to fine-tune your technology offerings for your target market and be better able to explain their value to potential customers. You may even also find out more about what your existing and potential competition is doing.

Finally, this book will appeal to those third parties with a vested interest in the world of digital content technology: investors, analysts, venture capitalists, consultants, and so on. Read this book to get more insight about DRM in one place than has heretofore been available, at any price.

Above all, you will find that this book offers analysis and opinions borne of the decades of content business and technology experience of its authors. Collectively, we have worked both sides of the fence — as publishers and as technology vendors — and as third-party consultants, analysts, and investment advisors. You will find no vendor hype, no publishers’ paranoia, or pipe dreams here — just information analysis that you can trust, with implicit emphasis on the wheat rather than the chaff.

From a technical standpoint, this book doesn’t presuppose deep technical expertise in areas such as encryption, security, XML, Internet technologies, and content formats. It will help you, but isn’t strictly required, to have a high-level understanding of processes for content publishing in any format, intellectual property rights, Internet fundamentals, and the essentials of system architecture and integration. The legal- and technology-oriented chapters contain pointers to more detailed information, as does the bibliography.

How This Book Is Organized
Digital Rights Management: Business and Technology is organized into three parts. Here are descriptions of each part and of the chapters in each.

Part I: The Business of DRM
Chapter 1: Where We Came From: Content Rights in the Predigital World
This chapter is an overview of how intellectual property rights have been handled in the world of physical media, with examples from the publishing, music, and film industries. Chapter 1 describes legacy rights clearance organizations such as the CCC, ASCAP, and BMI.

Chapter 2: Bits and Nets: New Businesses, New Possibilities
This chapter discusses new business models that the networked digital technology makes possible. These include paid downloads, subscriptions, pay-per-view and pay-per-listen, usage metering, peer-to-peer, superdistribution, and selling rights instead of the actual content.

Chapter 3: Help from the Government: Law and Technology
Chapter 3 is a summary of the various types of intellectual property law, with an emphasis on copyright and licensing and an explanation of how the law relates to rights management. This chapter also contains descriptions of recent relevant legislation, including the UCITA, DMCA, European Copyright Directive, and Electronic Signatures Act, as well as some of the important recent court decisions related to content rights

Part II: The Technology of DRM
Chapter 4: Rights Models: Representing Rights as Bits
In this chapter, we present the fundamentals of rights models, which are frameworks for describing intellectual property rights in computer systems that support rights transactions. Chapter 4 explores how rights models support new Internet-based business models as well as how they fall short of being able to support some content business models from the physical world.

Chapter 5: DRM Building Blocks: Protecting and Tracking Content
Chapter 5 contains explanations of our DRM reference architecture and primary technology components of digital rights management systems, with an emphasis on consumer-oriented DRM. Chapter 5 includes discussions of encryption and watermarking technologies.

Chapter 6: Technology Standards: Leveling the Playing Field
This chapter discusses the role of open standards in DRM, with detailed information on the most important emerging standards, including the Digital Object Identifier (DOI), Extensible Rights Markup Language (XrML), Information and Content Exchange (ICE), and the Secure Digital Music Initiative (SDMI).

Chapter 7: Proprietary Core Technologies: The Heavyweights
Chapter 7 is a look at the most prevalent core technologies in the DRM world today, including offerings from InterTrust, Verance, Digimarc, Preview Systems, Reciprocal, Adobe, and the heaviest of them all, Microsoft.

Part III: DRM Solutions: Putting It All Together
Chapter 8: Get What You Need: Determining Requirements
This chapter shows you how to gather requirements for your digital rights management application: It includes some general thoughts about requirements definition, along with laundry lists of the types of decisions that you will need to make when choosing a DRM approach.

Chapter 9: Implementation Options: Build, Buy, Integrate, and Outsource
In this chapter, we explore the differences between raw DRM technology and DRM solutions, including options for buying off-the-shelf packages; integrating components; building your own DRM solution from scratch, and outsourcing all or part of your DRM technology. Chapter 9 also includes advice on how to choose the best approach for your needs.

Chapter 10: Plug and Play: Integrating DRM
Chapter 10 discusses how to integrate digital rights management technology with various types of content production processes and systems that you may already have in place, such as editorial systems, content management, sales, marketing, and finance.

Chapter 11: Additional DRM Solutions
Chapter 11 contains descriptions of many of the vendors of digital rights management solutions, beyond those discussed in Chapter 7, whose technologies are based on the DRM reference architecture discussed in Chapter 5. We examine DRM solutions for text and PDF, corporate documents and e-mail, music, and multiple media.

Chapter 12: DRM-Related Solutions
Chapter 12 is a survey of solutions that are related to DRM but do not conform to the DRM reference architecture. We discuss internal rights management systems for publishers and entertainment companies, online rights exchanges, DRM-enabled search technologies, syndication software packages, syndication hubs, and content distribution services.

Chapter 13: Epilogue: The Future of DRM
In Chapter 13, we offer some final thoughts on the future of digital rights management, discussing business models that will and won’t work, technologies that still need to be built, and perspectives on the development of the DRM market.


Expertise | Clients | Client Services | Press and Events | Search and Site Map | About Us | Contact Us | Home
Copyright © 2005 GiantSteps Media Technology Strategies