DIGITAL RIGHTS MANAGEMENT

Business saviour or content enslaver?

We all know what copyright is. If we own it, we can decide who gets to do what with our material and for what price. But enforcing it across a global network of electronic servers and archives, in the face of growing calls for free access to everything, as well as ever more sophisticated methods of piracy, is another matter. This is where digital rights management (DRM) comes in.

DRM itself is less easy to define. It refers to a concept, a set of technologies, and a range of aspirations. To make matters worse, it means different things to different people. At the very least it describes a means of maintaining control over who does and doesn't get access to a piece of digital content. Most pressing in the entertainment and broadcast industries, where piracy and initiatives like Napster have pushed the issue right to the top of the agenda, DRM has already taken shape as a set of policies and technologies developed by such multinational giants as Sony, IBM and Microsoft.

The technologies are wide-ranging, not only because they must cover different types of media - from music to wireless broadcast images - but because they must address different tasks, from encryption and secure locking of material to prevent unauthorised access, to digital means of copyright enforcement once that material has been downloaded (which is where tools like dynamic watermarking come in, for example those supplied by US companies Digimarc and Ewatermark.com).

For scientific, technical and other research information users and providers, many of the issues and technologies pertaining to the consumer-oriented industries are not relevant. We rarely have to worry about music or film formats. And it's unlikely that repeated copying of an esoteric, academic article is going to make the illegal copier loads of money - so there isn't much incentive to break copyright laws so significantly as to undermine the business of the publisher. Not only that, the research culture has its own, trust-based methods of dealing with information access and provision, based on an accepted understanding of the phrase 'fair use'. So why should we need DRM?

The answer is that, although we might not need it, we may not have much choice about it either. Everyone whose work entails using or supplying information, however arcane, should take heed of what's going on in the DRM sector. While for now it may seem removed from the day-to-day reality of managing and sourcing research data, DRM could shape the nature of future information provision, regardless of the form or sector in which that information resides.

The development of DRM for written content and data is under intense discussion. The reason is that DRM is an economic issue. As a concept it is designed to protect commercial information providers, many of whom, driven by profit and protection imperatives, are understandably keen to see a functioning, enforceable and ubiquitous DRM system come into play worldwide. Many of these providers do not operate in the STM sector, but their eagerness to put systems in place that protect their assets means they are lobbying vociferously to drive both the technical and the legal frameworks.

More than a year ago, for example, the European Commission held a workshop entitled Digital Rights Management to promote protection and distribution of digital content on the Internet', at which Frits Bolkestein, the internal market commissioner, stated: 'I am confident that, through dialogue with all interested parties, we will be able to bring rights management into the 21st Century,' and indeed the European Copyright Directive (no. 2001/29/EC) now in force goes some way towards that goal. This directive specifically encourages the application of DRM technology 'as a means of protecting the interests of all parties'. The point is that it seeks to implement copyright law by means of technology, making it illegal, for example, to circumvent a technological protection measure, and meaning that access to protected digital works is only legal through software and/or hardware approved by the creator of the digital format.

But it appears that not all parties are making their requirements known. And the major commercial content providers may not have much understanding of how technology could best serve users in all sectors, including the research arena. Neither they, nor the technology they recommend, may share the scientific research community's understanding of 'fair use'.

Rights management expert Jon Webb, in an article entitled Digital Rights Management or DRM - Does it Really Matter? written for the International Association of Scientific, Technical and Medical Publishers (STM), defined DRM as 'technology that describes, identifies and protects digital content', to which he adds, 'protected by intellectual property rights and in accordance with rules set by rights holders or prescribed by law. The key thing is that DRM only becomes DRM when there is a 'mechanism in place that physically prevents copying or storage'. This is why its effects could be so far-reaching: it could involve actual physical barriers, with legal backing and limited flexibility, to previously accessible information.

Ultimately some fear that DRM could take a form that is driven by a coalition of content, software and hardware owners, that does not meet the needs of the professional and scholarly publishing sectors and yet that is enforced by legislation.

The furore unfolding in the wake of Microsoft's DRM activities suggests at the least it is a very real concern. In partnership with Xerox, Microsoft has created the company ContentGuard, which is promoting its version of XrML (eXtensible rights Markup Language) as the standard for interoperability in DRM.

ContentGuard has a suite of technology patents that support the implementation of XrML - and according to Jon Webb, the development of XrML and its implementation benefits from little (scholarly) publisher input. It is a case of the technologist in the driving seat, and a very powerful technologist at that. In March, the fruits of Microsoft's investment in ContentGuard were made public with the announcement of Microsoft's Windows Rights Management (WRM) Services For Windows Server 2003, a rights management solution (RMS) that 'will give organisations and employees new ways to protect information'.

To get an idea of how the system works, and how DRM in general can work, a good place to start is the Microsoft literature: 'WRM Services will work with applications to provide a platform-based approach to providing persistent policy rights for Web content and sensitive corporate documents of all types... Using WRM Services, applications such as information portals, word processors or e-mail clients can be built so that users will be able to easily designate both who can have access to specific content and what kinds of access rights they can have. Rights and policy are managed by the server, while clients running RMS-enabled applications allow users to apply rights with a click of a button.'

The RMS technology uses 'tested and proven security technologies, including encryption, digital certificates, and authentication. Putting persistent protections in the documents themselves helps customers control and protect digital information both online and offline, inside and outside the perimeter of the firewall. Because Rights Management policy expressions can remain within files during and after transit, rather than residing on a corporate network, usage policies can be enforced even when rights-managed information leaves the network. Policies can be used to control forwarding, copying and printing, as well as establishing time-based expiration rules.'

Now imagine that everyone who upgrades their Microsoft-based software is obliged to deploy the rights management facilities: it's not difficult to see how DRM could arrive on everybody's desktops without so much as an invitation. There has been an outcry about this already. As quoted in Robin Cover's XML Cover Pages, Mary Jo Foley of 'Ziff Davis Microsoft Watch' wrote: 'If you are a big company or organisation with lots of correspondence and documents you want to keep secret, Windows RM is, indeed, a blessing. If you are... anyone who has the audacity to want to use software other than Microsoft Windows or Office, you should be very afraid... To me, RM, first and foremost, is an attempt by Microsoft to further lock customers in by requiring them to use Windows clients, Windows servers, Microsoft Office and Internet Explorer in order to create and consume documents.'

According to US business analysis company AMR Research, Microsoft's WRM Services 'could leave users locked into Microsoft,' depicting a world where, 'in order to be accessible, protected information must be created in Microsoft Office, distributed in Outlook and supported by Microsoft web and directory servers'. Or are these prognoses verging on paranoia?

Gord Larose, information and rights management expert of the Canadian company Information Mechanics Ottawa, believes it's unlikely that entire chunks of previously available information, say on the Internet, will be blocked off by DRM. 'This is difficult to do in democratic countries,' he said. 'I don't foresee big walls. If it does happen, it will be because of big policy agendas and not because of DRM. Whatever happens, I think there will always be specific technological "outs" [to enable people to get to content that's been made freely available to them].'

He expects that an appropriate shift of attitude from content owners is all that's required for DRM to be implemented in a sensible way. 'DRM is about promoting and maintaining access to online content, as well as, at least some of the time, controlling it. So far, most content owners are a little too stuck on the controlling part, which risks alienating users.'

Renato Ianella, chief scientist of Australian DRM software company IPR Systems, sees DRM as a means of driving content management and digital content re-use on the Web in a positive way, and believes it could be a useful tool in the research sector, for example for copy-protecting academic papers, scientific data sets and so on, provided there are 'seamless tools for the end user [that do] not get in the way of their normal work practices. Once value is seen in managing rights, then more people will be willing to participate, especially in the research and academic worlds.'

A pragmatic approach, therefore, might involve potential participants - both users and providers of all sorts of research information - at the very least in assessing what the positive outcomes of DRM could be, as well as the negative ones, and making sure their assessments are taken into account by the technologists and the relevant standards setting bodies.

There have already been attempts to solicit opinion from the research information community, but to little avail. Patrick Durusau, director of research and development at the Society of Biblical Literature in the US, put out a message on a librarians' e-list a few months ago describing a technical committee that was 'being established to "define the industry standard for a rights language" that would govern many application domains, including (potentially) digital libraries and archive projects'.

Durusau highlighted a request from the committee for input from the academic community but, sadly, 'there was not a lot of response' outside his own department. 'Part of that,' Durusau explained, 'was due to the timing of the original requirements period, which mostly fell during the [academic] summer recess,' but he conceded it was 'probably also due to the lack of awareness about DRM in the academic community'.

This committee, the 'OASIS Rights Technical Committee', has still not progressed beyond the phase of requesting input on requirements, but the process is about to be kick-started again around now.

However Durusau is concerned about its focus on the ContentGuard XrML solution: 'A well formulated DRM language would need to be much broader than that effort. [We need to establish] that the needs being addressed by that [committee] are far too narrow, and that it should be refocused or sited in a broader context so that the ultimate result serves a number of communities.'

Durusau is one of those who are very worried about the impact that DRM could have on the research environment. 'Microsoft has already released products that require access to a rights management server for documents to even be opened,' he said.

'Other software systems are likely to follow suit, and my concern is that users will not even be able to use research information that I may author for free public use, unless I use a commercial product to embed a DRM statement in those documents. Users should not have to pay for the privilege of distributing their own work into the public domain. That would have a severe negative impact on the sharing of research papers and data.' Durusau also touched on the issue of 'fair use', pointing out that simplistic DRM systems can't deal with this concept and so will 'just make it a matter of contract and wish it away'.

He is very keen that the scientific and research communities contribute some 'meaningful input... into the standards that are being written now' and, like Larose, thinks that digital content providers in the community are also missing a trick: 'The sad part is that digital property owners are missing the development of better economic models while they cling to traditional notions of property.'

It would seem that the key, missing piece to this jigsaw is communication. As long as providers of research-oriented content consult their customers, and their customers offer thought-through advice on what they need, it's entirely possible that DRM could be put to good use, supporting appropriate business models and protecting copyright and privacy, even in the research sector.

Larose had some very positive things to say about how innovative thinking could bring benefits all round and win people over to the rights-controlled way of delivering digital content: 'We need users to think that the virtual asset is more valuable than the physical one, not less. Suppose for example, that when I bought a song (or a PDF), for a small extra fee I got the right to have that content in whatever formats came out over the next 25 years, so I'd never have to worry about obsolete media? The point is not that this idea is the answer ... but that we need some new ideas!'

Further information

back to main features page
home