What would an “interoperable” or “open source” DRM system look like?

Readers of this blog have the tools they need to evaluate some interesting industry initiatives. The major motion picture studios are trying to devise an Open Market scheme to make DRM systems interoperable, and Sun wants to offer an “Open Source DRM” via their Project DReaM of the Open Media Commons.

We’ve discussed the technical and legal underpinnings of these DRM systems:

  • Device manufacturers and/or software authors use locked down hardware/software which implement “use control” technological measures
  • Copyright holder (or someone they authorize) encodes the copyrighted content in an “access control” technological measure which makes the content only interoperable with authorized devices (i.e. devices with required decryption keys)

The best of these systems use cryptography as their “access control”, with the best cryptography systems being those which used well tested public algorithms. This means that whether content can be accessed or not comes down to the keys used to encrypt and decrypt the content.

Lets evaluate the Apple iTunes scheme and these “open” schemes from the perspective of the stated problem: splintering locks users into a single store and format, and is putting a stranglehold on widespread adoption of movie sales online.

In the Apple iTunes scheme, Apple controls all the keys. They encrypt the content, and they place the required decryption and re-encryption keys in the iTunes software and in the various “Apple Fairplay” compatible devices. Apple chooses what features will exist in each component of the software of their end-to-end DRM solution (iTunes store, iTunes desktop software to manage files, software in FairPlay compatible devices). A copyright holder is really only left with a “take it or leave it” option as to whether they use this delivery system. In this system a customer can know, because of the Apple FairPlay logo on the device, whether the content will work on a specific device. Content is not interoperable between vendor systems.

In a more open system, copyright holders are given more choices. The reality is that all copyright holders and all device manufacturers will never agree on a single “one true” set of features. This will mean is that there will be bilateral agreements between specific copyright holders and device manufacturers, where successful negotiations will result in the copyright holder authorizing (through appropriate keys) specific devices. In this “open” environment you will only know whether content you wish to purchase is interoperable with your devices if you find out if there was a successful negotiation (and thus key distribution) between the specific copyright holder and the specific device manufacturer.

It turns out that from an interoperability point of view, and as a tool to encourage the widespread adoption of movie sales (and lets be honest, short-term “rentals”) online, the “open” option may be worse than the vendor-controlled option. At best it would become equivalent where a specific hardware/software platform becomes “approved” by copyright holders more often than their competitors, and consumers flock to that platform to maximize the content they can access.

A separate organization can exist to allow one to “register” their devices to determine whether a device will be interoperable with the content from a specific copyright holder (i.e. whether keys have been exchanged, and the device authorized), but this registration system can’t solve the problem that a majority of combinations of copyright holders and devices will most likely not be interoperable.

You will notice that I didn’t really mention the Sony Pictures lead project or the Sun Microsystems lead project. The reason is that I don’t believe they matter. Whether the underlying software is proprietary and authored by people hired by the Sony project, or open source and developed collaboratively with Sun, the ultimate question of interoperability will be decided by encryption/decryption keys. These keys will be distributed after bilateral negotiations between copyright holders and device/software vendors. The only devices which will be “authorized” by copyright holders are those that are locked-down and tamper-proof, meaning that the software can’t be changed and the device cannot be under the control of its user/owner.

There will be considerable economic benefits to the DRM vendors to working collaboratively in Sun’s project, given peer production is often more efficient and cost effective production. That said, there is no difference as far as the customers of devices are concerned: they will specifically not be allowed to “run, copy, distribute, study, change and improve the software” embedded in these locked-down devices, and certainly will not be able to (legally) access any of the required keys.

This should answer the question for those who think that Open Source software can just obtain a license for CSS or any other DRM system. To obtain a license and obtain the right keys, software must be locked-down and tamper proof — meaning the software must no longer fit the definition of being Free/Libre or Open Source Software.

This problem has no technological solution. If a copyright holder wants to control through technology, rather than through enforced law, what people do with their copyrighted works they are stuck with restrictive locked down content delivery platforms. The current cable or satellite delivery system (clarified to only allow locked devices to be rented, and not ‘allegedly owned, but not really owned’) is an example where the delivery system is locked down, and digital tuners only have the features which the cable/satellite companies have allowed to exist. There is not an open competitive market where the consumer can choose devices which meets their specific needs, only the tiny set of locked devices offered by the cable or satellite companies for rental.

If copyright holders want their content to be interoperable with any device from any vendor, and does not want to give up control to a delivery platform provider like Apple, Microsoft, Macrovision or others, then their only option is to offer their content DRM-free.

They can make use of digital watermarks and other such identifying information as part of a Technical Information Measure (TIM) (See: Technical Protection Measures (TPMs) and Educational Use of the Internet) as TIM’s don’t reduce interoperability. These TIMs are very useful in copyright enforcement, as they can help in investigations to determine the source of infringements. They can also provide machine readable terms of use, which device manufacturers and software authors can (and most often will) voluntarily honour.

Copyright holders must abandon “access control technological measure” applied to their content which is the source of the reduced interoperability, and instead simply continuing to use them on their eCommerce websites. Copyright holders must also stop demanding the alleged “right” to authorize specific devices which have “use control technological measure” applied to them, as doing so will do them far more harm than good.

Related Download
What is an Application Delivery Controller Sponsor: Softchoice
What is an Application Delivery Controller
Download this white paper to learn the core services ADCs provide and its benefit to both users and application administrators.
Register Now