Digital Rights Management

1. What is DRM?

The idea of rights management goes back a long way. It's commonly referred to as "copyright" and is used to ensure that the creator of a piece of work is recognised and has the opportunity to be financially rewarded. It's more complicated than that of course. It not only covers the written word but also art, handbags and cars. Everything in fact that has some kind of creative input is usually covered by a copyright or permission.

Copyright infringement has also existed right from the start. Paintings and perfumes have been forged and sold as originals, some paintings ending up in well known galleries and collections. But the digital environment has brought a new dimension to both copyright and infringement. Digital publishing is so simple that anyone can do it, and making a perfect copy is equally easy.

I want to focus on one medium in this article, and restrict myself to discussing ebooks.

Amazon [1] and Smashwords [2] are perhaps the largest ebook publishers at the moment. Both have detailed instructions available for authors who want to publish their books in digital format, and converting your MS Word or HTML file is really simple. Amazon offers DRM, or Digital Rights Management for their ebooks, whereas Smashwords does not.

DRM is intended to ensure that the person who bought the ebook can read it, but that copy that I have paid for cannot be read by anyone else. It means that I cannot resell the book, but more importantly, I cannot make it available free of charge on a file sharing web site such as Pirate Bay. It sounds ideal - this restriction means that both author and publisher get paid for the books that they sell.

But it's important not to get carried away. Most readers are honest and have no intention of pirating your book; however, some may loan a copy to a friend who is reluctant or unable to buy his own copy. From there it may get loaned again, and perhaps again making an informal and unintentional network of illicit copies. A very few people make an effort to collect ebooks, assemble them into archives and make them available for free download.

But, just because an ebook is available for download doesn't mean that it will be downloaded, or that it will be read if it is. The book may be part of a collection of 200 random books most of which will be discarded. If it is read, has the author really lost a sale? None of this is intended to justify piracy, however you cut it, that's wrong. But it's impossible to accurately assess how much money is actually lost through the availability of pirate copies of books. The publishing industry has produced some frightening figures at times showing losses in the billions of dollars, but none of those figures are defensible.

1.1 Rights or Restrictions?

However, there are a number of people and organisations who feel that the whole concept behind DRM is flawed. They have the view that the 'R' in DRM should stand for Restrictions and not for Rights because it restricts the rights of both reader and copyright holder. A surprising selection of people feel this way, including one very articulate and out spoken author, Cory Doctorow [4].

As well as having a philosophical objection, the point is also made that every attempt to restrict the copying of digital data in the past has failed, so it's naive to expect it to suddenly work now.

Whichever side of the argument you prefer, it's a fact that DRM will remove some things that readers of traditional printed books expect. You can't resell the book for example, and the removal of the second hand market is a side-effect that some publishers informally appear happy with.

You also can't loan it to a friend. Although, in reality it's not that simple. Libraries can loan ebooks using expensive software from companies such as Adobe which will create ebook files that can't be opened after a specifc date, but we'll discuss that in more detail later. Amazon now has a limited loan facility for Kindle format ebooks that works well, but only for a fixed number of loans.

2. How does it work?

2.1 No DRM

The simplest and cheapest solution is not to add DRM to your book at all. You may choose to tell purchasers that you can identify their specific copy of any ebook should you need to, but it's going to be a bluff. This may still annoy those readers who have an emotional problem with DRM, but your ebook will be readable on any device which supports the format that you choose to use.

2.2 Social DRM

This gets talked about in various places, and the meaning can vary depending on who you speak to. One approach is to add the customer name somewhere visible, perhaps at the bottom of the page, assuming that your reader displays the book as a set of pages of course. The implication is that with my name clearly displayed, I won't give the book away, or allow it to be pirated.

The idea sounds good in theory, but there is a problem. Digital books are almost entirely text which means that my name will have been added to the file which holds the data for the book as another piece of text. Text can be changed or removed with ease, so this isn't secure. If you choose this method, you must expect detailed instructions on removing or changing the name to appear on the Internet very quickly.

Once it's possible to change the name built into the book, it's impossible to rely on it to identify the individual who allowed copies to be made.

2.3 Light-weight DRM

I would class light-weight DRM as the kind of system used by Amazon or Adobe Digital Editions, or the idea of embedding a watermark in the book.

Amazon offers but does not require DRM to be imposed on the ebooks that they publish for their Kindle platform. To the purchaser, there's no difference between a book with DRM and one without. The Kindle will handle either with equal ease, and that's just what the user wants. This is true, by the way, for both the hardware and for the software only versions of the reader.

Adobe [3] offer a more complex system which uses their PDF file format. Because Adobe DRM is based on a unique customer identity, books (and other media) can at least be backed up and moved from one computer to another. However, each computer has to be separately authorised and there can only be a maximum of six computers authorised under a single identity. Adobe does not charge for issuing a digital identity, nor do they charge for downloading the software required to read the ebooks (Adobe Digital Editions, or ADE). However, the ADE reader is not available for all platforms.

Libraries can make use of a version of this system, which would include the license server also available from Adobe to create loan copies of ebooks. These are usually in ePub format and need to have the ADE reader software installed on the users' computer. The license server is configured with the number of simultaneous loans allowed for each title, and when a customer checks out an ebook, it is created "on the fly" from a master copy and includes a date and time after which it can no longer be opened and read. This allows the user to avoid returning the ebook to the library for the loan to be cancelled. After the set date, the license is once again made available for another patron to use.

Watermarks are often suggested as a way of tracking the original owner of an ebook. Under normal circumstances the watermark would not be accessed, but if a copy appeared for free distribution or resale, the original owner could be identified and held responsible. A watermark is the digital equivalent of the manufacturer created mark on a sheet of high quality paper identifying it as genuine. This technique is still used as one tool to deter forgery of banknotes.

It is usually created inside an image or a video sequence where the amount and type of data can hide it's existence. As we will see, it's a lot less successful in text. Multimedia objects (image, video and audio files) are comparatively large and suitable for hiding a watermark, which works best when it's not visible to the naked eye. This isn't the place for a detailed discussion of watermarking technology, although it is probably enough to say that a common technique is to encode a unique identifier into the multimedia stream such that it can't be removed without distorting the data noticeably.

However, it's not practical to apply this kind of encoding to text. Making a small change to the shade of blue in half a dozen pixels in each video frame in a 2 or 3 second sequence is likely to be undetectable. Making any change at all to a piece of text just is not going to work. It will not only be clearly visible, but it will change the actual letters destroying or distorting the meaning. This suggests that watermarking an ebook will only work if images are manipulated. Perhaps the cover image, or the image used to represent a dropped-capital would be used. Unfortunately, changing this content is simple, so watermarking is not going to be reliable.

2.4 Heavy-weight DRM

This is going to encrypt the book using a different encryption key for each user and each book. If the author wants this solution, it uses the same technology that protects your Internet banking payments so it can certainly be safe.

These days encryption is easy to organise, there is plenty of software available to create unique keys and use them properly. However, you, as an author, may not want to get involved in the handling of these keys. It may be easier to leave all that to a publisher. The steps below are a simplified list, showing what needs to be organised for this level of DRM to work:

Then, because you the publisher need the user to keep thinking of you positively so that they might come back and buy another book, you have to create a reliable way of allowing that customer to download a replacement ebook and private key when they need to. And they will need to sometime. Their laptop or desktop hard disk could fail, or perhaps their tablet failed somehow.

You need to create a business process that allows the user to identify themselves to you so that they are the only person able to download replacement copies of the books they have bought, and the keys which will allow the books to be read. I know that this doesn't happen with printed books, but that argument doesn't really work. Printed books don't need a special environment before they can be read.

Complicated, isn't it?

3. What's the problem?

Bluntly, the problem is that the current crop of DRM systems don't work. To recap, DRM is meant to ensure that:

Very few people would disagree with the first point. The author may choose to make her book available without charging for it, but that's a choice and not something that's enforced anywhere. Readers always have the right to refuse to buy an ebook just as they do when they go to Dymocks, or any other bookshop.

The second point is where it can start to get difficult. An ebook is a data file in a particular format. In fact, it can come in a variety of formats and you'll need some software able to understand the format and display the book on the screen. If DRM is involved, the software must also understand how to temporarily neutralise it so that you can still read the book.

The third item on the list is also unpopular. A commonly stated view is that once you've bought an item, then it belongs to you, and the retail outlet has no say in what you then do with it. This doesn't mean than you can make copies yourself and sell them, or even give them away. Copyright quite reasonably says no to that. It implies with things other than DRM ebooks, you can give it away once you've finished with it, or even on-sell it. DRM removes both of these options as it is designed to allow no-one other than the original purchaser to read the book.

It has been said that this issue in particular is a result of a misunderstanding. That you don't purchase an ebook, what you buy is a license which gives you the right to retain a copy and read it. Nothing more. If that is what's happening, then there needs to be far better clarity at the point of sale, because online bookstores don't say that. I suspect that if this is the case, it's going to have a bad effect on sales; people expect to own what they buy.

Regardless of how many of those points you agree with, the reality is that with a little research and a very small amount of knowledge, the DRM systems commonly used today can all be broken by anyone who wants to do so. By broken, I mean that DRM can be removed and the file copied as often as you want.

3.1 The analog hole

There's one fundamental problem with any DRM implementation that is very difficult, perhaps impossible to deal with. It's referred to as the "analog hole" and can be explained very simply. Regardless of what kind of encryption is used, the reader has to see the text in its intended form. In other words, the encrypted data has to be decrypted and displayed on a screen to be read. There's a period where the protected data is available in clear text, and this is where it can be copied.

Without completely redesigning the PC and MAC, there's no way to prevent this, although there have been suggestions from the entertainment industry to create a partition on each PC to which the owner has no access, and this is the only place where DRM media would be allowed to exist. Thankfully, nothing has come of that to date, although the likelihood of it working in the expected manner is small.

4. A legal minefield

First, let me make this quite clear: I am not a lawyer. Anything I say here is the result of assumptions that I've made from discussions and reading. If you want to know the proper legal situation, you really must go to a legal professional.

Having said that, the law is not only complex, it varies depending on the country you are in. For example, I gather that in the USA there are circumstances where it is legal to remove the DRM from an ebook, but this is not the case in all countries.

Additionally, if DRM is used in an effort to detect the person responsible for unlicensed distribution of an ebook, it would need to be shown that the information used to make this determination is reliable. If it can be changed without detection, then it can't be used in that way.

It must be pointed out though that in many countries there is a legal distinction between theft and piracy. Perhaps back in the days of Captain Jack Sparrow the two were the same, but now. Theft is the removal of property so that I no longer have access to it. Piracy is the unauthorised duplication of copyright material, either for financial gain, or to deprive me of money to which I am entitled. The terms tend to get confused in the emotionally charged discussions that are found online, but the distinction is important.

5. In conclusion

If there is to be a balance between ensuring that the author is paid for their work, and users have a trouble free time reading the ebooks that they've bought, we're not there yet. It's possible that DRM will become side-lined through social pressure. But if it gains a substantial market share then either a lot of money and effort will be needed for software development to create a seamless and simple reading environment, or the humans who buy ebooks will be treated like potential criminals with their rights and flexibility eroded.

6. References

  1. Amazon ebook publishing guide
  2. SmashWords ebook publishing guide
  3. Adobe Digital Editions
  4. Cory Doctorow on DRM
  5. S. Haber et al (2003). If piracy is the problem, is DRM the answer? In Digital Rights Management, E. Becker et al.

7. Contact me

Email me