Is DRM Doomed? The Case Against Digital-Rights Management

In the wake of Steve Jobs' call to eliminate anti-copying technology, are the music and movie industries poised to move from protection to monitoring?

Thomas Claburn, Editor at Large, Enterprise Mobility

March 9, 2007

9 Min Read
InformationWeek logo in a gray background | InformationWeek

The debate over digital-rights management is coming to a head. On the one hand, efforts to implement technology to prevent the copying of consumer-oriented entertainment is increasingly viewed as ineffective. Indeed, no less an industry figure than Apple CEO Steve Jobs has called for the elimination of DRM. At the same time, content providers continue to search for a magic technical elixir that'll protect their revenue streams against unauthorized copying.

Still, what with industry leaders such as former Yahoo Music head David Goldberg joining the chorus in support of Jobs' stance, it's apparent that the industry may be nearing some kind of inflection point, which could lead to a new approach toward DRM.

Clearly, the current tactic isn't working. A recent survey by JupiterResearch shows broad dissatisfaction with existing DRM models on the part of European music executives, two-thirds of whom agree that dropping DRM would drive sales. Elsewhere in Europe, consumer groups from Finland, France, Germany, and Norway are pressuring Apple to make its DRM interoperable with the services and devices of other vendors.

The music labels "should drop DRM," said Steve Gordon, a New York-based entertainment attorney and consultant, former director of business affairs for TV and video at Sony, and the author of Future Of The Music Business. Even though DRM is less restrictive than it used to be, it still creates headaches for consumers. If you put up any roadblocks, you're hampering the success of the digital market. And it's just absurd, as Steve Jobs pointed out, when people can get music without DRM for free anyway."

Even those who pioneered the development of DRM technology acknowledge its problems. Protexis CEO Karl Hirsch recounts a conversation he had with the chairman and CEO of a public company who advised him, "DRM is a tar pit. You've got to get out because it's going to be gone in five years." That's a sentiment Hirsch said he mostly agrees with, though he still believes DRM can work if it's less restrictive, more obvious to consumers, and decoupled from a specific distribution channel, as Apple's FairPlay is tied to iTunes.

Maybe so, though James McQuivey, principal analyst at Forrester Research who covers television and media technology, is less sanguine about the market demand for DRM. "I can't imagine any scenario in which a new and revolutionary DRM solution would make things better," he said. "In fact, I can only see it making things worse."

It's hard to see how acceptance of DRM-encumbered systems could get much worse. Since the early 1980s, when the computer and entertainment industries warmed to copy protection technology, DRM has done more harm than good.

DRM is supposed to stop unauthorized copying. But the two most seemingly successful consumer-facing DRM systems, Apple's FairPlay and Macrovision's video-cassette copy protection, succeeded because they convinced content owners to enter the market, not for the strength of their content locks. That's because copy protection can be defeated, as recent reports that hackers have discovered the "processing key" for HD DVD and Blu-ray discs demonstrate.

DRM is supposed to protect revenue streams for content and software companies, but with the exception of Apple, it looks a lot more like a business risk. Ill-conceived DRM has injured or killed plenty of promising technologies and damaged many a corporate reputation. Adobe, Apple, Intuit, and Microsoft have all faced flak from customers, the Internet community, and/or regulators as a result of DRM schemes. But no company has suffered more than Sony, which has never been able to reconcile its desire to protect its media assets with the market's demand for hardware that hasn't been hobbled.

Sony, as McQuivey points out, is "unable to sell portable music devices, which by the way is a market it created three decades ago with the Walkman." That's largely attributable to its preference for its proprietary ATRAC digital file format over the unprotected MP3 format, which got the vote of the market.

Sony's MiniDisc, Digital Audio Tape (DAT), and Super Audio CDs have failed to catch fire in the market because of format limitations. MiniDisc players didn't support MP3 files initially. DAT's serial copy protection management system relegated the format to live field recording and made it a less-appealing option once CD recording arrived. And the SACD format, introduced in 2000, includes digital copy protection. Neither it, not the competing DVD-Audio format (also protected), have proven to be something consumers actually want.

Sony's biggest blunder, however, began with its attempt to protect its music CDs from being copied. The company used Extended Copy Protection and MediaMax CD-3 DRM software to protect its CDs. But as security researcher Mark Russinovich revealed on his blog, the copy protection measures installed a rootkit -- generally considered to be spyware and a security risk -- on users' PCs. A storm of protest and lawsuits followed.

Sony's perceived lack of sensitivity to its customers is highlighted by comments made by Sony's president of global digital business, Thomas Hesse, in a National Public Radio interview: "Most people, I think, don't even know what a rootkit is, so why should they care about it?"

In late 2001, Sony and Vivendi Universal launched Pressplay, a streaming music service with limited download options. About the same time, AOL Time Warner, BMG, EMI, and RealNetworks launched MusicNet. Both services strangled themselves with DRM.

"If you look at the DRM implemented by MusicNet and Pressplay when they came out, it was terrible because that DRM prevented you from downloading the music," said Gordon. "You could only listen to it as long as you subscribed. That DRM was incredibly unsuccessful because people didn't want all those restrictions."

While Sony's conflicting business unit goals may have earned it a role in more DRM-related failures than any other company, it's not alone in its missteps. Circuit City backed a pay-per-view DVD format called DIVX (not to be confused with the video codec DivX) in 1998, and it was all but dead a year later. DIVX disks could be rented and viewed for a period of 48 hours following the initial viewing. After that, a fee of several dollars was required to reactivate the disc for a set period.

While DIVX was no doubt a compelling proposition for movie studios, consumers were less than enthusiastic. The DVD Journal sums up DIVX thus: "DIVX isn't merely inferior media, nor is it just purchasing over a modem. DIVX is a much more distinct product because it's actually a really dumb idea."

Undaunted by the reality of the market, Flexplay Technologies attempted to bring another disposable DVD format, known as ez-D, to market in 2003. In 2004, Flexplay issued a press release saying, "As a result of the enthusiastic response to the no-return, no-late fee movie rental alternative, ez-Ds will next be made available in Phoenix, Ariz.; San Antonio, Texas; Denver, Colo.; and throughout Florida. ez-D's expansion will focus on channels of distribution that have been most successful thus far, namely convenience stores and pizza delivery outlets."

Evidently, the pizza/DVD delivery market dried up. The company's last press release is dated Aug. 6, 2005, several months after Disney reportedly ended its test of ez-D discs. Incredibly, the idea lives on through a Swiss company called FDD Technologies, which markets DVD-D, yet another limited-use DVD format.

Philips Electronics, the other company behind the lackluster SACD format, evidently didn't learn much from the earlier failure of its Digital Compact Cassette format, which lasted from 1992 to 1996. Copy protection, however, probably wasn't the main reason that DCC never took off. DCC arrived at a time when the industry was moving to optical recording media like recordable CDs and MiniDiscs.

In late 2000, IBM, Intel, Matsushita, and Toshiba created Content Protection for Recordable Media and Pre-Recorded Media Specification, a DRM method currently used in Secure Digital cards. At the time, the technology was considered for inclusion in the ATA hard disk specification, raising the possibility of copy control technology on PCs everywhere.

With Napster in its original incarnation still serving millions of unauthorized songs to all comers, this might have seemed like a good idea to some at the time. Nonetheless, outcry over the possibility of hobbled hard drives by the Electronic Frontier Foundation and others contributed to the decision in April by the T13 technical standards committee to reject adding DRM to hard drives.

The Content Scrambling System used to protect DVDs from copying is perhaps the biggest DRM flop of all because it reveals that information cannot be contained. Introduced in 1996, the CSS scheme was cracked three years later by Norwegian programmer Jon Lech Johansen and two unknown associates who produced a short bit of code known as DeCSS. The DVD Copy Control Association embarked on an unsuccessful multiyear legal odyssey asserting that republication of DeCSS violates trade secret law, despite the fact that the code was no longer secret.

CSS is still alive and well on DVDs, and yet the MPAA reports that in 2005, the worldwide motion picture industry lost $18.2 billion as a result of piracy.

It is, of course, tempting to assert that those losses would be higher without DRM, but at least in the music industry, where most music is unprotected on CDs, the absence of DRM -- and the file sharing that follows from that -- hasn't had an impact on sales. A 2004 academic paper, "The Effect of File Sharing on Record Sales, An Empirical Analysis," by researchers from Harvard and UNC Chapel Hill, found that "file sharing has no statistically significant effect on purchases of the average album in our sample."

That's not to say dropping DRM would solve piracy or prompt labels to release more marketable music, just that DRM and piracy aren't intimately related.

As McQuivey puts it, "There's no evidence that a DRM-free world is more injurious than the world in which we already live."

Yet even as DRM is in decline, something better waits in the wings. Under pressure from Hollywood studios, Google is preparing to use Audible Magic's content protection technology to look for the "fingerprints" of unauthorized content on YouTube. Unlike traditional DRM, which is pre-emptive, Audible Magic's approach is reactive. In other words, it doesn't treat consumers like criminals before they've made unauthorized use of media files. It's like the difference between hardwiring a 55-mph maximum speed in a car and ticketing a speeder.

The real advantage of this approach, however, isn't as a means to police content but as a means to monetize it. "These monitoring systems would be used not to remove copyrighted material from these Web sites, but to monetize it by allowing an equitable distribution of income either from subscription or from advertising," said Gordon.

What to call this new form of digital revenue management? Anything but DRM.

About the Author

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights