PRO: Securing Your Future with DRM
By Christopher Levy
This year will almost certainly mark the beginning of a downward spiral for the recording industry, one of world's largest revenue-generating businesses. The rabid theft of their primary product on a global scale and the Petri dish known as the PC have contributed to rapidly dwindling profits that have industry pundits asking the unexpected question, "What will become of the recording industry as we know it?"
Wired magazine devoted its entire January issue to that question with interviews of Hillary Rosen from the Recording Industry Association of America; Nikki Hemming of the legally embattled KaZaA P2P application; and the Sony team charged with developing OpenMG X, an early-stage competitor to the reigning DRM (digital rights management) standard from Microsoft. The cover featured a visual of the Hindenberg aflame with the caption, "Download. Rip. Burn." in effigy to the middle-fingered salute that technophiles everywhere are raising to the entertainment industry at large.
February brought news that AOL Time Warner, the nation's largest conglomerate of media and Internet holdings, may be looking for a buyer of the Warner Music holdings after losing nearly $100 billion in value in the past year. Who knows what may be around the corner?
The adult Internet industry is very similar in structure to the recording industry, with new content and new Webmasters coming online daily, and larger brands eating up market share. Like the music business, the adult Internet business stands to suffer from widespread theft and piracy. Last year, I was quoted on ABCNews.com as saying this is a billion-dollar industry. Now, I think it's more - much, much more - and its primary product is one that is easily stolen or shared.
Since the events of 9/11 put this country on a security alert, DRM has been a buzzword in the press - which is not to say that DRM isn't an effective security product, but its inherent sales and marketing features warrant a second look now more than ever.
At a very low level, DRM systems provide a lock and key for your content. By utilizing DRM, Webmasters can implement more and more complex marketing and sales vehicles - including subscription, token, and pay-per-view (PPV) models - to enforce and expand their current business models. If you have a managed members area and you want to protect your videos so that more members sign up and stay longer, DRM lets you do it. If you want to take trailers or full-length movies and drop them safely into P2P networks to drive traffic to your front door, then DRM provides a viable and affordable option.
What Is DRM?
Modern Internet-based DRM solutions are software-based platforms that facilitate ease of file management and perform a few primary functions of importance to Webmasters. Using DRM, a Webmaster can:
1. Provide Conditional Access to Content: Access to content can be limited by a variety of conditions including the entry of a valid e-mail address, the successful completion of a simple marketing poll or the secure completion of a standard buy page.
2. Guarantee Copyright Protection: With file-level encryption, DRM ensures that malicious users/competitors or ex-employees are unable to modify or alter content that is specifically covered under legal copyright protections, such as most Internet-specific content.
3. Unify Authentication Between the Buyer and Seller: As users consume more and more downloaded and streaming broadband content, DRM provides the ability for content creators to create tie-ins with their existing authentication infrastructures to ease user experience and scale to demand.
4. Establish a Tethered Relationship with Users: DRM is more than a lock and key. It's a switch, and your holding it. Because of the trusted relationship established with your customers using DRM, they are more apt to allow you to market products to them that use similar playback and control mechanisms.
Most deployed DRM platforms provide a Web-based environment where content can be uploaded, locked, and FTP'd back to the native hosting resource whether it is a co-located Web server or CDN account. Then, using a Web interface, all business rules related to the content including its value, the buy-page URL, play count, etc., are managed in real time.
How DRM Works
To start, a piece of content that is to be managed with DRM is packaged in a secure and certified environment; the original file is wrapped within a sealed lock that has one piece of information that can be read by any user. This license location URL is written into the header of the file, and when a user opens the file their player is redirected to the verified license host.
This host is running a license service where they have encrypted in a database the keys required to grant the user access to the file. Additionally, the keys are managed by the real core of any DRM platform, the "License Rules Management" portion. Content creators and Webmasters are able to create various license usage scenarios, or "Business Rules," that best mimic their Website business and allow access to their content in a similar manner. The license keys themselves are small amounts of data which can be transmitted instantly to most users and that store themselves in a secure system location which the user cannot access or modify.
In general, this experience is seamless to the end-user, with their normal controls and player features enabled. Users are required to log in to PPV, subscription, and token models exactly as they do to e-mail or managed members' areas. If the DRM has been deployed in "silent" or "marketing" modes, then the license process can occur instantly with silent usage, or after the entry of an e-mail address or age response in the case of marketing usage.
As statistics are of major importance to Webmasters, DRM provides an incredible amount of data about your user's consumption habits that doesn't require server log processing or data mining. DRM data is simple enough to be presented through your provider's Web interface.
Integration with modern DRM and processing requirements, whether credit card, dialer, or check can be accomplished using modifications of existing posting processes. Webmasters can also integrate cascading billing processes into their DRM authentication such that there is a wider array of monetization options in the platform.
Christopher Levy is the CEO and President of NFA Group Inc., a Rights Management Consultancy providing expert vision in the areas of Entertainment Media and Corporate Security. Mr. Levy was the CTO and Founder of DRM Networks, the President and Founder of EmpireDRM [ClearKey Solutions] and is the inventor of streamOS, the world's first CDN overlay platform. Mr. Levy can be contacted at [email protected].
CON: Why Digital Rights Management is Doomed to Failure... for Now
By Anand Bhatt
Producers of adult material worldwide are on alert. Their copyrighted material is highly susceptible to easy duplication and distribution through constantly proliferating peer-to-peer (P2P) file-sharing networks. Despite the downfall of major file-sharing platforms, peer-to-peer file sharing for pornography is growing in size and scope each day. Recent tools such as Gnutella and KaZaA Media Desktop (the extremely popular software from Sharman Networks, Ltd.) utilize distributed database indexes and content repositories that make them quite different from their predecessors. These days, it's as simple as point-and-click for an online user to download the latest adult content and bypass any monetary transactions whatsoever.
What is a provider of pay content to do to avoid lost profits from these free downloads? How much profit does a content provider stand to lose?
We monitored KaZaA Media Desktop traffic from our Chicago home base to see what kind of content is being downloaded or pirated and how frequently certain files are obtained for free instead of being purchased. We first set up a computer for the sole purpose of housing content and being online with KaZaA Media Desktop running 24 hours a day for 14 consecutive days. We focused on housing five separate categories of proprietary hardcore content, all saved as .mpg or .avi movie files. The categories that these files (scenes) fell into, as well as the keywords used to describe the files on KaZaA, were interracial, amateur, voyeur, best cum shot, Asian, and celebrity fake. We collected traffic data from KaZaA Media Desktop twice a day, at 10 a.m. and 10 p.m.
To notify users of the existence of the experimental content, we sent off a large e-mail advertising blast to several thousand adult Webmasters and end users advertising the sale of our media for their Websites or personal use. Not surprisingly, only a few dozen Webmasters and users replied with interest. Traffic results from KaZaA Media Desktop, however, were a different story.
The average number of users online and downloading at a given time was over 4 million, sharing just over 850,000 files. According to online research statistics on peer-to-peer file sharing, the number of users on KaZaA Media Desktop significantly increases monthly (source: redshiftresearch.com). Within one hour of our going online with KaZaA's software, several dozen uploads began. At the end of the 14-day test, the results were clear: interracial content had the highest bootleg level with an average of 75 uploads per day. The file for "Asian" was next-highest in demand, at an average of around 45 uploads per day. There are, of course, confounds in these results, for the interracial file and the best cum shot file were .mpg files, while the Asian file, as well as the others, were .avi files. File type could be an added reason for a user to download a particular file, but judging by the large frequency of uploads, it's safe to say the content tagged as "interracial" is quite in demand on this particular P2P network.
To assess financial loss, the uploaded files were considered as lost sales. In other words, the assumption was made that if these files were not available for bootlegged download, then everyone who downloaded a file would have purchased that content instead. In reality, the online users may only be interested in a particular file because it is freely available as a bootleg. This point should be taken into consideration when assessing financial loss, and it should be noted that in actuality the missed sale opportunities may not be as detrimental as it would appear from the study. However, if each upload from the experimental machine was indeed in lieu of a purchase, the lost potential revenue is disturbing. At a given price of $100 per scene, the financial loss is averaged at $2,300 per day (2003 Sonic Wave International).
Thus, the problem of bootlegged content on peer-to-peer networks is not just isolated to music files and individual porn scenes. Whole features and AVN Award-winning content, as well as major motion pictures, are available illegally through these networks. "This is a problem that we're seeing more and more ahead of openings, large and small," says Richard Taylor of Hollywood's governing body, the Motion Picture Association of America, "There's a growing epidemic of internet piracy of motion pictures, and it's this kind of activity that stands as one of the obstacles to legitimate online offerings [guardian.co.uk]." According to the Motion Picture Association of America, the copyright industries account for almost 5 percent of the U.S. Gross Domestic Product, amounting to $457 billion. Such revenue is at stake when copyrights and publishing rights are violated, as they are through peer-to-peer networks such as KaZaA Media Desktop.
Digital Rights Management (DRM) seeks to impose restrictions on peer-to-peer services or at least on the illegal content they contain. But even the most advanced DRM systems today cannot stave off serious copyright offenders and bootleggers.
DRM Structure and Specifications
According to Renato Ianella, chief scientist of IPR systems, "Previously, Digital Rights Management focused on security and encryption as a means of solving the issue of unauthorized copying; that is, lock the content and limit its distribution to only those who pay. This was the first generation of DRM, and it represented a substantial narrowing of the real and broader capabilities of DRM. The second generation of DRM covers the description, identification, trading, protection, monitoring and tracking of all forms of rights usages over both tangible and intangible assets including management of rights holders relationships [dlib.org]."
DRM is essentially composed of two main architectures: functional and informational. The functional architecture describes how intellectual property is created, tracked and managed at a high level. The information architecture describes the relationships between the data elements that compose the intellectual property. There has been a great deal of research by various parties to model the architectures, but pragmatic solutions that implement said architectures are not as prevalent.
Currently, there are no formal standards for DRM implementation. However, the Open Digital Rights Initiative Language [ODRL] has created the ODRL specification to include a language and data dictionary schema that would allow for the implementation of a rights management system. ODRL is implemented via XML and has no licensing requirements. This positions it well in terms of bringing a DRM solution to bear for international implementation. The World Wide Web Consortium (W3C) has published ODRL as an acknowledged note. XrML standards are also being investigated, such as the work of ContentGuard, Inc. under the authority of Xerox; and to a minor extent, Microsoft. ContentGuard may be an effective solution, but is not free, as is ODRL. As such, it may not have an as-effectively leveraged position as does ODRL in the increasingly price-sensitive environment the current economy has induced in many countries throughout the world [XML.org]. Both of these specifications rely upon either watermarking or fingerprinting schemes to implement their security, neither of which is immune to software crackers at large.
Technological Weaknesses of DRM
From a multitude of standpoints, DRM could be considered an ineffective protection against large-scale peer-to-peer implementations. Researchers from Microsoft recently submitted a report summarizing the ineffectiveness of DRM from a multitude of standpoints.
The nature of the peer-to-peer network is such that it is only susceptible if the hosts subscribing to it are traceable. That is, they can be traced to a specific MAC address residing in a single PC. However, numerous methods of subversion have been developed to prevent a client PC member on a peer-to-peer network from being traced to a physical source. With endpoint anonymity in place, alternative methods of DRM must be utilized. These alternative methods also suffer from fundamental weaknesses. While DRM creators strive to create BOBE (Break Once Break Everywhere)-resistant solutions, the two most prevalent solutions to date have been rather "BOBE-weak."
The first of these content-embedded BOBE solutions is watermarking. Watermarking embeds a key within the content that prevents the content's interpretation by the appropriate engine or engines without it. This key is usually privately distributed to certified owners or purchasers of the intellectual property or content. Watermarking has some notable flaws, however. Keys embedded in the content can be stripped using a publicly distributed key cracker. Some keys are also distributed publicly. Alternatively, content owners can decode the key by simply obtaining a high-enough quantity of the keyed content and assembling an averaging algorithm (darknet.com). Once the key algorithm is isolated, a key generator can be synthesized to generate functional keys for the watermark. A peer-to-peer network could easily distribute keys, key crackers or key generators to anyone with the appropriate peer-to-peer client and the patience to search the peer-to-peer network itself. A search for keys and crackers in KaZaA Media Desktop yielded over 50 results in under 40 seconds.
Fingerprinting is another method utilized to implement DRM. Fingerprinting provides a unique identifier to each copy of the intellectual property or content. Each time a new copy of the intellectual property is synthesized, the fingerprint of the original purchaser of that particular content is created along with it. Thus, all illegally distributed copies of the intellectual property can be traced to the original purchaser and a designated network "policeman" could target any said person for litigation. However, there is no indication that possessing content fingerprinted by someone else puts a person in danger of a lawsuit. To date, there are no instances where digital fingerprints have been used as evidence of a crime.
Non-Technological Weaknesses of DRM
Content producers using DRM can expect to be in a less-competitive position then their competitors who do not implement DRM. It can generally be stated that the cost of implementing a fingerprinting or watermarking solution is expensive and would generally force intellectual property creators to raise the cost of their goods. This would further encourage already price-sensitive consumers to consider obtaining their goods illicitly. In the long run, profits for DRM-utilizing content producers would be driven down due to decreased demand and an increased cost of goods sold.
From a legal standpoint, individuals who utilize peer-to-peer networks to exchange copyrighted intellectual property are effectively judgment proof. Many clients on peer-to-peer networks use them to transfer goods that are not copyrighted. Therefore, use of the peer-to-peer client itself cannot be pervasively outlawed. Furthermore, there is no one company controlling the "core" of today's peer-to-peer networks. Napster's core database index for all files shared was housed on machines controlled and owned by a single entity. This is not the case for modern peer-to-peer networks, where the index of all files shared is distributed over the multitudinous machines that comprise the network. KaZaA Media Desktop utilizes what they refer to as "Supernodes." "If your computer is functioning as a Supernode, other KaZaA Media Desktop users in your neighborhood will automatically upload to your machine a small list of files they are sharing, whenever possible using the same Internet Service provider. When they search, they send the search request to you as a Supernode. The actual download will be directly from the computer that is sharing the file, not from you. The download goes from them to the person who wants it [KaZaA Media Desktop Guide, Sharman Networks 2002 to 2003]."
Peer-To-Peer Rules - for Now
Until the world at large can agree on a DRM standard that cannot be cracked in some way, it will be virtually impossible to prevent portable intellectual property content from entering peer-to-peer networks for mass consumption. Another possibility is for the peer-to-peer networks themselves to collapse inward. This could happen, if the concept of "free riding" becomes continually more prevalent, as has been the case in recent years. Free riders will download all the content they choose, but will not share much - if anything - with the peer-to-peer network. While peer-to-peer client programs have tried to stave off this possibility through the use of concepts such as "participation points," there are already programs in existence that simulate such participation, allowing free riding to become ever more prevalent (KaZaA.com). If a small group of clients can be targeted as the source of the majority of copyrighted intellectual property, they may be at risk for litigation. But it could take years for major peer-to-peer networks to get to this point. Until then, more research and more funding for the development of effective digital rights management is needed.
Anand Bhatt is CTO of SWI Labs, a recognized technical consulting and research group, and is an executive at Sonic Wave International Entertainment. His name is also recognizable from his mainstream music career. He can be reached at [email protected].
