The Foundations of Usable Content Control
Controlling digital content - while still being accessible - is extremely difficult.
There are many technology pieces in a good DRM system. Good security is part of it - but so is user friendliness and business flexibility. Finding the right balance is difficult and some parts of the industry are further along the road than others !
This could be a whole book. For now, we explore copy protection, cryptography, smart-cards, and watermarks.
Copy protection or "anti-copy" is the use of technology to prevent the copying of analog or digital data. By this definition, trying to make uncrackable copy protection for digital data is futile. Not only that, but consumers have come to hate it as well.
Historically, non-trivial physical processes such as photocopying were required to violate copyright, but now, digital data such as a file on a hard drive, can be copied with ease.
In the special case where the data to be protected is on a proprietary physical medium, anti-copy technology can be built-in to the media specification, such as is done on DVDs. The most recent audio formats (SACD and DVD Audio) have watermark based anti-copy technology designed in from the start. However it seems that the security of these schemes relies primarily on the closed nature of the players, which is a short-lived advantage. More on this here. Or, for older physical media such as Red Book Audio CDs, which were defined in the pre-digital-piracy era, anti-copy schemes exist which exploit the "gaps and fringes" of the media specification to, say, allow audio playback on consumer CD players but not on PCs. At this writing, Red Book Audio anti-copy schemes are emerging, but as per this recent expert analysis (postscript format), it seems unlikely that any will be both truly secure and acceptable to consumers.
More enlightened DRM approaches, such as those developed by NetActive welcome copying as free distribution and focus on controlling how the recipient of a uses the copied data.
Does Copy Protection Have a Future ?
If people hate it and it doesn't work anyway, why keep doing it ?
This is a great question and every plausible answer deserves some consideration, i.e.:
- Don't Do It!
Since it's futile, just stop. Forget the technology, leave everything in the clear, and just rely on people's honesty. They'll pay for stuff they really like and use. If you believe this, email me about my fabulous Brooklyn real estate opportunities !
- Control content use, not content copying .
This approach is used successfully today by the game industry. More information on this approach is available here.
- Make it part of something good ! In and of itself, copy protection - or any sort of usage control - has negative perceived value to consumers. And yet copy protection is just about the only feature the music and movie industries seem concerned with so far. There's lots of room for creative business ideas where consumers get value that compensates for limited copying ability - mobile subscriptions, rights in multiple formats, single-sign on for entertainment, wireless in-home broadcasting.. the possibilities are endless.
Software DRM and Media DRM - Different Animals ?
The author's DRM experience started with protection mechanisms for software and then moved to media. This provided insight into a key difference between the two content types.
When dealing with media content such as movies, books, or music, an attacker only has to decrypt and store the content. This is because the content itself is passive and conforms to documented file formats, and (for audio/video) uses known codecs. A decrypted file is a cracked file, period.
Software content, on the other hand, can be pre-processed in ways much more subtle than encryption. Indeed, it may not be bulk encrypted at all. Certain functions can be added and altered, some functions may change over time as the program executes to foil static dissassembly, functions can monitor the integrity of other functions or "call home" over the Internet, and so forth. Note that not all software DRM systems actually take advantage of these possibilities - some just bulk-encrypt the binary code and decrypt it later, perhaps on-the-fly at run-time. But these systems are vulnerable to clear text capture and so are much less secure than they could otherwise be.
The point is, given the current state of knowledge, it is more feasible today to build high-quality DRM systems for software than it is for other media types.
Watermarking, a type of steganography, is the insertion of "hidden" data such as copyright information, into visible data such as a JPEG image. There are various kinds of watermarks, depending on the purpose of the embedded data, whether it is the same for each instance of a given content item, whether one or both of the signals are analog vs. digital, how subtly the data is embedded, how perceptible the data is, and whether the watermark is intended to survive (possibly malicious) manipulation of the marked file.
It is important to realize that a watermark is NOT encryption. A watermark modifies data but leaves it "in the clear" and cannot, by itself, prevent or enable playback of the data - except in the special case where playback is restricted to proprietary closed boxes which insist on seeing the watermark.
Broadly speaking, watermark schemes fall into three classes. The classes are summarized here and then each is expanded below.
- Forensic watermarks don't actually stop anyone from copying or otherwise manipulating content. But they can establish where the content came from originally, and perhaps identify one or more subsequent participants in the content distribution chain.
- Denial watermarks aim to actually prevent content from being accessed fraudulently.
- Mulit-phase watermarking schemes usually involve a state change in the content. In the initial state, the content is in a distribution or sample form which may or may not be easily usable. Then a consumer legitimately acquires the content and it is transformed into a form which is more usable - but which typically also embeds the consumer's identity into the content. So if he posts it on a P2P site, he can be identified and presumably prosecuted.
In typical forensic application,, a watermark:
- is a digital signal within a digital media file,
- cannot be detected without special knowledge,
- remains in place even if the signal is converted to analog form (e.g. a photocopy of a picture, or an analog audio recording)
- is robust against removal attacks (or aims to be),
- identifies information about the copyright owner for the watermarked item,
- is the same for all instances of a given media file, and
- is intended to track copies of the data, not to directly prevent the copying.
For example, Playboy's Web Site has watermarks in its pictures, which have been successfully used in court to obtain injuctions against Webmasters who were re posting their content without permission.
Sometimes watermarks identify specific individual users of content rather than just the content source; this is usually referred to as "fingerprinting" and is often part of a larger hybrid watermarking system.
Recently, watermarks have been called upon to play a role in actually preventing copying of media files in the first place. So far results are mixed at best.
The Secure Digital Music Initiative tried to prevent copying of digital audio files using watermarks, but the proposed watermarking technologies were catastrophically cracked when laid open to public analysis. This standard applied to audio in PCs, which are open systems where reverse engineering and cracking are well established traditions.
More recently, copy-protection watermarking has been applied to the next-generation physical audio formats SACD and DVD Audio. (It is well known to be used in SACD and less so in DVD-audio - the standards involved are not public.) Apparently, such systems look for a watermark in the content and refuse to play it back if the watermark is not found. Further, producing a valid watermark involves secrets (presumably assymmetric keys) unavailable to the public. Such watermarking has some hope of working here, because the players are closed systems which can force adherence to the watermark rules, and they do not have raw digital outputs which could be used to capture data for analysis and cracking on a PC.
These implementations frankly don't make a very compelling case for denial watermarking. First off, the content is encrypted as well as watermarked, so watermarking is not relied on as a first line of defense. SACD at least, has additional security mechanisms as well. At the end of the day, it is the closed box that is being relied upon, more than the strength of any of the security logic inside the box. If the media were fully readable via software on PCs it is very likely that these schemes would be cracked just like SDMI watermarks were.
This closed nature may slow the crackers down. However PC-based players with digital outputs exist for at least one of these formats, and their long-term security is highly questionable.
Note: The term "Multi-Phase" is the author's for this emerging class of watermarking schemes. If and when a different, generally accepted term for them emerges it will be used on these pages.
Multi-phase watermarking schemes are just emerging as of spring 2003 and so it is hard to to make generalizatons about them. The universal characteristic so far is that content exists in one form as originally distributed, and a second, "fingerprinted" form once legitimately licensed. The point is not to make watermarks an unbreakable denial-type security mechanism - they're not up that task even in principle.
From a technology point of view, these schemes are dangerously complex. The problem is that they replace one system with two phases, and the first phase (usually involving conventional encryption) is inherently no harder to crack than any other media protection scheme. Thus, if the first phase is cracked - as it almost certainly would be- the features of the second phase never come into play.
From a business point of view, such systems have some appeal, and they are fashionable amomg the media crowd as of mid 2003. If they were implemented as part of systems which provided good value - and thus low motive to apply cracks - they might succeed.