Leadership Laboratory
- Leadership Lab: Intellectual Property Series
This series of essays can help the IT manager learn how to identify and protect intellectual property and intangible assets.
Trademark Infringement - The Likelihood of Confusion - Updated October 27th, 2008
Valuation of Intellectual Property Case Study - IPWatchdog.com -
What is Intellectual Property - March 14th, 2007
Creative Commons and Intellectual Property - May 1st, 2007
What Is a Patent? - April 7th, 2007
Copyright - April 7th, 2007
Digital Rights Management - April 7th, 2007
Trademark and Brand - April 7th, 2007
Trade Secrets - April 7th, 2007
The Value of IP - April 7th, 2007
Licensing and Franchising - April 3rd, 2007
10 Steps to Protect IP - March 13th, 2007
Digital Rights Management
April 7th, 2007
By Stephen Northcutt
Digital rights management is a broad term encompassing a variety of methods to protect digital media from piracy. According the Wikipedia, "Digital Rights Management (generally abbreviated to DRM) is an umbrella term that refers to any of several technologies used by publishers or copyright owners to control access to and usage of digital data or hardware, and to restrictions associated with a specific instance of a digital work or device. The term is often confused with copy protection and technical protection measures; these two terms refer to technologies that control or restrict the use and access of digital content on electronic devices with such technologies installed, acting as components of a DRM design."1
CSS
An early form of digital rights management was CSS (Content Scrambling System) which was used for DVDs. "The Content Scrambling System (CSS) is used on DVDs to encrypt the data so that only licensed DVD players can decode it. It is also used in variant forms to implement a challenge-response protocol between DVD player software on a PC and a DVD drive (ATAPI or SCSI) attached to that PC, and to decrypt the title key (the CSS key for a file) from the disk key and player key."2 This would prevent all forms of copying, including copying that would be allowed under the fair use doctrine. The system was quickly broken after it was released. One web site that maintains DeCSS, Content Scrambling System Decryption is goingware.3
DRM controversy
While digital rights management tries to legitimately prevent software or media piracy online, in many cases, it ends up also taking away legitimate rights for consumers.4 For instance, the fair use doctrine allows for certain exceptions to using copyright protected material, of which DRM has failed to address. There is also the ability of a consumer to sell the media to another party which can be compromised in DRM schemes. Lastly, consumers may not be able to make a backup copy of the media in case the original is destroyed (which some media companies assert is a right a consumer doesn't have). At the moment, most DRM schemes fall squarely on the side of copyright holders and may infringe on legal use of media by the consumer. As this is a new area of developing law, the confusion is greatly increased by a lack of solid legislation and case law defining the limits. The legal issues and the field will continue to develop as copyright holders and consumer groups fight out a compromise.
Sony's DRM fiasco
In 2005, Sony developed a digital rights management scheme that it placed on its music CDs called Extended Copy Protection (XCP). The software was silently installed, and was very quickly considered a rootkit placed on systems by Sony that gave them a significantly broader level of control of a system than could ever be argued as necessary to protect their interests.5 There was no uninstaller provided with the CD to remove the software and XCP made it extremely difficult to remove it manually. The software will also "phone home" to Sony any time one of the CDs is played and will record the IP address of the machine playing it on their own servers. US-Cert issued advisories about security flaws in the software that were introduced to PCs that had the misfortune of having the software loaded. Many problems were bundled into this controversy. First, Sony didn't mention the software or what it did in the End-User License Agreement (EULA). Second, it went far beyond what was necessary to protect their rights. Third, the software was flawed and left systems vulnerable to exploitation. This resulted in many lawsuits, from individuals as well as from states such as Texas, New York, and California. While the government and consumer groups conveyed a very clear message against this activity by coming down hard on Sony, time will tell if these kind of activities will occur again. Microsoft and others worked on uninstaller kits, but there is some evidence that these have their own problems.6,7,8
Read the EULA and consider disabling autorun
The first and most important protection against running into problems with digital rights management is reading the EULA. Each time you click that you've read the agreement and move on, you've signed a contract. If you have a good lawyer, you might be able to get out from under it; but as a general rule in life, you'd never sign something without reading it first. The same is true now with EULAs. Read them and know what you are getting into. To prevent CDs with DRM mechanisms that will happily install themselves on your machine, disable "autorun" on your CD drive.
Autorun is the process of having programs on the CD automatically run as soon as a CD is inserted. To disable it:
- Run "regedit" and drill down to HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Cdrom
- Right-click on "autorun"
- Select "modify"
- Change the value to 0
DRM Solutions
If you were to type Digital Rights Management into Google, you would believe this is the worst idea in the world; but in fact, publishers have a legal and logical right to want to protect their products. In addition to CSS, other forms of digital rights management include: DIVX, product activation, and digital watermarking. Popular music download sites such as iTunes also use Digital Rights Management in an attempt to prevent the sharing of music among unauthorized users online. All of these methods are designed to ensure that only one copy (the one purchased from the store) could ever be used; however, in all cases, workarounds were eventually developed. Vendors include Digital River9 , EZDRM10 and Microsoft's Vista using TPM and BitLocker.11
1 http://en.wikipedia.org/wiki/Digital_Rights_Management
2 http://www.tinyted.net/eddie/css.html
3 http://www.goingware.com/decss/
4 http://www.eff.org/IP/DRM/
5 http://reviews.cnet.com/4520-3513_7-6388181-1.html
6 http://www.eweek.com/article2/0,1895,1886198,00.asp
7 http://www.eweek.com/article2/0,1895,1887196,00.asp
8 http://www.kb.cert.org/vuls/id/312073
9 http://www.digitalriver.com/corporate/solutions06.shtml
10 http://www.ezdrm.com/
11 http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9005047