Digital rights management (DRM) is the management of legal access to digital content. Various tools or technological protection measures (TPM),[1] such as access control technologies, can restrict the use of proprietary hardware and copyrighted works.[2] DRM technologies govern the use, modification and distribution of copyrighted works (e.g. software, multimedia content) and of systems that enforce these policies within devices.[3] DRM technologies include licensing agreements[4] and encryption.[5]
Laws in many countries criminalize the circumvention of DRM, communication about such circumvention, and the creation and distribution of tools used for such circumvention. Such laws are part of the United States' Digital Millennium Copyright Act (DMCA),[6] and the European Union's Information Society Directive[7] – with the French DADVSI an example of a member state of the European Union implementing that directive.[8]
Copyright holders argue that DRM technologies are necessary to protect intellectual property, just as physical locks prevent personal property from theft.[1] For examples, they can help the copyright holders for maintaining artistic controls,[9] and supporting licenses' modalities such as rentals.[10] Industrial users (i.e. industries) have expanded the use of DRM technologies to various hardware products, such as Keurig's coffeemakers,[11][12] Philips' light bulbs,[13][14] mobile device power chargers,[15][16][17] and John Deere's tractors.[18] For instance, tractor companies try to prevent farmers from making repairs via DRM.[19][20]
DRM is controversial. There is an absence of evidence about the DRM capability in preventing copyright infringement, some complaints by legitimate customers for caused inconveniences, and a suspicion of stifling innovation and competition.[21] Furthermore, works can become permanently inaccessible if the DRM scheme changes or if a required service is discontinued.[22] DRM technologies have been criticized for restricting individuals from copying or using the content legally, such as by fair use or by making backup copies. DRM is in common use by the entertainment industry (e.g., audio and video publishers).[23] Many online stores such as OverDrive use DRM technologies, as do cable and satellite service operators. Apple removed DRM technology from iTunes around 2009.[24] Typical DRM also prevents lending materials out through a library, or accessing works in the public domain.[1]
The rise of digital media and analog-to-digital conversion technologies has increased the concerns of copyright-owners, particularly within the music and video industries. While analog media inevitably lose quality with each copy generation and during normal use, digital media files may be duplicated without limit with no degradation. Digital devices make it convenient for consumers to convert (rip) media originally in a physical, analog or broadcast form into a digital form for portability or later use. Combined with the Internet and file-sharing tools, made unauthorized distribution of copyrighted content (digital piracy) much easier.
DRM became a major concern with the growth of the Internet in the 1990s, as piracy crushed CD sales and online video became popular. It peaked in the early 2000s as various countries attempted to respond with legislation and regulations and dissipated in the 2010s as social media and streaming services largely replaced piracy and content providers elaborated next-generation business models.
In 1983, the Software Service System (SSS) devised by the Japanese engineer Ryuichi Moriya was the first example of DRM technology. It was subsequently refined under the name superdistribution. The SSS was based on encryption, with specialized hardware that controlled decryption and enabled payments to be sent to the copyright holder. The underlying principle was that the physical distribution of encrypted digital products should be completely unrestricted and that users of those products would be encouraged to do so.[25]
An early DRM protection method for computer and Nintendo Entertainment System games was when the game would pause and prompt the player to look up a certain page in a booklet or manual that came with the game; if the player lacked access to the material, they would not be able to continue.
An early example of a DRM system is the Content Scramble System (CSS) employed by the DVD Forum on DVD movies. CSS uses an encryption algorithm to encrypt content on the DVD disc. Manufacturers of DVD players must license this technology and implement it in their devices so that they can decrypt the content. The CSS license agreement includes restrictions on how the DVD content is played, including what outputs are permitted and how such permitted outputs are made available. This keeps the encryption intact as the content is displayed.[citation needed]
In May 1998, the Digital Millennium Copyright Act (DMCA) passed as an amendment to US copyright law. It had controversial (possibly unintended) implications. Russian programmer Dmitry Sklyarov was arrested for alleged DMCA infringement after a presentation at DEF CON. The DMCA has been cited as chilling to legitimate users;[26] such as security consultants including Niels Ferguson, who declined to publish vulnerabilities he discovered in Intel's secure-computing scheme due to fear of arrest under DMCA; and blind or visually impaired users of screen readers or other assistive technologies.[27]
In 1999, Jon Lech Johansen released DeCSS, which allowed a CSS-encrypted DVD to play on a computer running Linux, at a time when no compliant DVD player for Linux had yet been created. The legality of DeCSS is questionable: one of its authors was sued, and reproduction of the keys themselves is subject to restrictions as illegal numbers.[28]
More modern examples include ADEPT, FairPlay, Advanced Access Content System.
The World Intellectual Property Organization Copyright Treaty (WCT) was passed in 1996. The US Digital Millennium Copyright Act (DMCA), was passed in 1998. The European Union enacted the Information Society Directive. In 2006, the lower house of the French parliament adopted such legislation as part of the controversial DADVSI law, but added that protected DRM techniques should be made interoperable, a move which caused widespread controversy in the United States. The Tribunal de grande instance de Paris concluded in 2006, that the complete blocking of any possibilities of making private copies was an impermissible behaviour under French copyright law.
The broadcast flag concept was developed by Fox Broadcasting in 2001, and was supported by the MPAA and the U.S. Federal Communications Commission (FCC). A ruling in May 2005 by a United States courts of appeals held that the FCC lacked authority to impose it on the US TV industry. It required that all HDTVs obey a stream specification determining whether a stream can be recorded. This could block instances of fair use, such as time-shifting. It achieved more success elsewhere when it was adopted by the Digital Video Broadcasting Project (DVB), a consortium of about 250 broadcasters, manufacturers, network operators, software developers, and regulatory bodies from about 35 countries involved in attempting to develop new digital TV standards.
In January 2001, the Workshop on Digital Rights Management of the World Wide Web Consortium was held.[29]
On 22 May 2001, the European Union passed the Information Society Directive, with copyright protections.
In 2003, the European Committee for Standardization/Information Society Standardization System (CEN/ISSS) DRM Report was published.[30]
In 2004, the Consultation process of the European Commission, and the DG Internal Market, on the Communication COM(2004)261 by the European Commission on "Management of Copyright and Related Rights" closed.[31]
In 2005, DRM Workshops of Directorate-General for Information Society and Media (European Commission), and the work of the High Level Group on DRM were held.[32]
In 2005, Sony BMG installed DRM software on users' computers without clearly notifying the user or requiring confirmation. Among other things, the software included a rootkit, which created a security vulnerability. When the nature of the software was made public much later, Sony BMG initially minimized the significance of the vulnerabilities, but eventually recalled millions of CDs, and made several attempts to patch the software to remove the rootkit. Class action lawsuits were filed, which were ultimately settled by agreements to provide affected consumers with a cash payout or album downloads free of DRM.[33]
Microsoft's media player Zune released in 2006 did not support content that used Microsoft's PlaysForSure DRM scheme.[34]
Windows Media DRM, reads instructions from media files in a rights management language that states what the user may do with the media.[35] Later versions of Windows Media DRM implemented music subscription services that make downloaded files unplayable after subscriptions are cancelled, along with the ability for a regional lockout.[36] Tools like FairUse4WM strip Windows Media of DRM restrictions.[37]
The Gowers Review of Intellectual Property by the British Government from Andrew Gowers was published in 2006 with recommendations regarding copyright terms, exceptions, orphaned works, and copyright enforcement.
DVB (DVB-CPCM) is an updated variant of the broadcast flag. The technical specification was submitted to European governments in March 2007. As with much DRM, the CPCM system is intended to control use of copyrighted material by the end-user, at the direction of the copyright holder. According to Ren Bucholz of the Electronic Frontier Foundation (EFF), "You won't even know ahead of time whether and how you will be able to record and make use of particular programs or devices".[38] The normative sections were approved for publication by the DVB Steering Board, and formalized by ETSI as a formal European Standard (TS 102 825-X) where X refers to the Part number. Nobody has yet stepped forward to provide a Compliance and Robustness regime for the standard, so it is not presently possible to fully implement a system, as no supplier of device certificates has emerged.
In December 2006, the industrial-grade Advanced Access Content System (AACS) for HD DVD and Blu-ray Discs, a process key was published by hackers, which enabled unrestricted access to AACS-protected content.[39][40]
In January 2007, EMI stopped publishing audio CDs with DRM, stating that "the costs of DRM do not measure up to the results."[41] In March, Musicload.de, one of Europe's largest internet music retailers, announced their position strongly against DRM. In an open letter, Musicload stated that three out of every four calls to their customer support phone service are as a result of consumer frustration with DRM.[42]
Apple Inc. made music DRM-free after April 2007[43] and labeled all music as "DRM-Free" after 2008.[44] Other works sold on iTunes such as apps, audiobooks, movies, and TV shows are protected by DRM.[45]
A notable DRM failure happened in November 2007, when videos purchased from Major League Baseball prior to 2006 became unplayable due to a change to the servers that validate the licenses.[46]
In 2007, the European Parliament supported the EU's direction on copyright protection.
Asus released a soundcard which features a function called "Analog Loopback Transformation" to bypass the restrictions of DRM. This feature allows the user to record DRM-restricted audio via the soundcard's built-in analog I/O connection.[47][48]
Digital distributor GOG.com (formerly Good Old Games) specializes in PC video games and has a strict non-DRM policy.[49]
Baen Books and O'Reilly Media, dropped DRM prior to 2012, when Tor Books, a major publisher of science fiction and fantasy books, first sold DRM-free e-books.[50]
The Axmedis project completed in 2008. It was a European Commission Integrated Project of the FP6, has as its main goal automating content production, copy protection, and distribution, to reduce the related costs, and to support DRM at both B2B and B2C areas, harmonizing them.
The INDICARE project was a dialogue on consumer acceptability of DRM solutions in Europe that completed in 2008.
In mid-2008, the Windows version of Mass Effect marked the start of a wave of titles primarily making use of SecuROM for DRM and requiring authentication with a server. The use of the DRM scheme in 2008's Spore led to protests, resulting in searches for an unlicensed version. This backlash against the activation limit led Spore to become the most pirated game in 2008, topping the top 10 list compiled by TorrentFreak.[51][52] However, Tweakguides concluded that DRM does not appear to increase video game piracy, noting that other games on the list, such as Call of Duty 4 and Assassin's Creed, use DRM without limits or online activation. Additionally, other video games that use DRM, such as BioShock, Crysis Warhead, and Mass Effect, do not appear on the list.[53]
Many mainstream publishers continued to rely on online DRM throughout the later half of 2008 and early 2009, including Electronic Arts, Ubisoft, Valve, and Atari, The Sims 3 being a notable exception in the case of Electronic Arts.[54] Ubisoft broke with the tendency to use online DRM in late 2008, with the release of Prince of Persia as an experiment to "see how truthful people really are" regarding the claim that DRM was inciting people to use illegal copies.[55] Although Ubisoft has not commented on the results of the "experiment", Tweakguides noted that two torrents on Mininova had over 23,000 people downloading the game within 24 hours of its release.[56]
In 2009, Amazon remotely deleted purchased copies of George Orwell's Animal Farm (1945) and Nineteen Eighty-Four (1949) from customers' Amazon Kindles after refunding the purchase price.[57] Commentators described these actions as Orwellian and compared Amazon to Big Brother from Nineteen Eighty-Four.[58][59][60][61] Amazon CEO Jeff Bezos then issued a public apology. FSF wrote that this was an example of the excessive power Amazon has to remotely censor content, and called upon Amazon to drop DRM.[62] Amazon then revealed the reason behind its deletion: the e-books in question were unauthorized reproductions of Orwell's works, which were not within the public domain and that the company that published and sold on Amazon's service had no right to do so.[63]
Ubisoft formally announced a return to online authentication on 9 February 2010, through its Uplay online game platform, starting with Silent Hunter 5, The Settlers 7, and Assassin's Creed II.[64] Silent Hunter 5 was first reported to have been compromised within 24 hours of release,[65] but users of the cracked version soon found out that only early parts of the game were playable.[66] The Uplay system works by having the installed game on the local PCs incomplete and then continuously downloading parts of the game code from Ubisoft's servers as the game progresses.[67] It was more than a month after the PC release in the first week of April that software was released that could bypass Ubisoft's DRM in Assassin's Creed II. The software did this by emulating a Ubisoft server for the game. Later that month, a real crack was released that was able to remove the connection requirement altogether.[68][69]
In March 2010, Uplay servers suffered a period of inaccessibility due to a large-scale DDoS attack, causing around 5% of game owners to become locked out of playing their game.[70] The company later credited owners of the affected games with a free download, and there has been no further downtime.[71]
In 2011, comedian Louis C.K. released his concert film Live at the Beacon Theater as an inexpensive (US$5), DRM-free download. The only attempt to deter unlicensed copies was a letter emphasizing the lack of corporate involvement and direct relationship between artist and viewer. The film was a commercial success, turning a profit within 12 hours of its release. The artist suggested that piracy rates were lower than normal as a result, making the release an important case study for the digital marketplace.[72][73][74]
In 2012, the EU Court of Justice ruled in favor of reselling copyrighted games.[75]
In 2012, India implemented digital rights management protection.[76][77][78][79]
In 2012, webcomic Diesel Sweeties released a DRM-free PDF e-book.[80][81][82] He followed this with a DRM-free iBook specifically for the iPad[83] that generated more than 10,000 downloads in three days.[84] That led Stevens to launch a Kickstarter project – "ebook stravaganza 3000" – to fund the conversion of 3,000 comics, written over 12 years, into a single "humongous" e-book to be released both for free and through the iBookstore; launched 8 February 2012, with the goal of raising $3,000 in 30 days. The "payment optional" DRM-free model in this case was adopted on Stevens' view that "there is a class of webcomics reader who would prefer to read in large chunks and, even better, would be willing to spend a little money on it."[84]
In February 2012, Double Fine asked for crowdfunding for an upcoming video game, Double Fine Adventure, on Kickstarter and offered the game DRM-free for backers. This project exceeded its original goal of $400,000 in 45 days, raising in excess of $2 million.[85] Crowdfunding acted as a pre-order or alternatively as a subscription. After the success of Double Fine Adventure, many games were crowd-funded and many offered a DRM-free version.[86][87][88]
Websites – such as library.nu (shut down by court order on 15 February 2012), BookFi, BookFinder, Library Genesis, and Sci-Hub – allowed e-book downloading by violating copyright.[89][90][91][92]
As of 2013, other developers, such as Blizzard Entertainment put most of the game logic is on the "side" or taken care of by the servers of the game maker. Blizzard uses this strategy for its game Diablo III and Electronic Arts used this same strategy with their reboot of SimCity, the necessity of which has been questioned.[93]
In 2014, the EU Court of Justice ruled that circumventing DRM on game devices was legal under some circumstances.[94][95]
In 2014, digital comic distributor Comixology allowed rights holders to provide the option of DRM-free downloads. Publishers that allow this include Dynamite Entertainment, Image Comics, Thrillbent, Top Shelf Productions, and Zenescope Entertainment.[96]
In February 2022, Comixology, which was later under the ownership of Amazon, ended the option of downloading DRM-free downloads on all comics, although any comics previously purchased prior to the date will have the option to download comics without DRM.[97][98]
A product key, typically an alphanumerical string, can represent a license to a particular copy of software. During the installation process or software launch, the user is asked to enter the key; if the key is valid (typically via internal algorithms), the key is accepted, and the user can continue. Product keys can be combined with other DRM practices (such as online "activation"), to prevent cracking the software to run without a product key, or using a keygen to generate acceptable keys.
DRM can limit the number of devices on which a legal user can install content. This restriction typically support 3-5 devices. This affects users who have more devices than the limit. Some allow one device to be replaced with another. Without this software and hardware upgrades may require an additional purchase.
Always-on DRM checks and rechecks authorization while the content is in use by interacting with a server operated by the copyright holder. In some cases, only part of the content is actually installed, while the rest is downloaded dynamically during use.
Encryption alters content in a way that means that it cannot be used without first decrypting it. Encryption can ensure that other restriction measures cannot be bypassed by modifying software, so DRM systems typically rely on encryption in addition to other techniques.
Microsoft PlayReady prevents illicit copying of multimedia and other files.[99]
Restrictions can be applied to electronic books and documents, in order to prevent copying, printing, forwarding, and creating backup copies. This is common for both e-publishers and enterprise Information Rights Management. It typically integrates with content management system software.[100]
While some commentators claim that DRM complicates e-book publishing,[101] it has been used by organizations such as the British Library in its secure electronic delivery service to permit worldwide access to rare documents which, for legal reasons, were previously only available to authorized individuals actually visiting the Library's document centre.[102][103][104]
Four main e-book DRM schemes are in common use, from Adobe, Amazon, Apple, and the Marlin Trust Management Organization (MTMO).
.azw4, KF8, and Mobipocket format e-books. Topaz format e-books have their own encryption system.[105]