Choosing A Suitable Digital Rights Solution

Background

Digital Rights Management (DRM) refers to any method for a software developer to monitor, control, and protect digital content. It was developed primarily as an advanced anti-piracy method to prevent illegal or unauthorised distribution of content. Common examples of DRM include watermarks, licensing, and user registration. It is in use by Microsoft and other businesses to prevent unauthorised copying and use of their software (obviously, the different protection methods do not always work!).

For institutions, DRM can have limited application. Academia actively encourages free dissemination of work, so stringent restrictive measures are unnecessary. However, it will have use in limiting plagiarism of work. An institution is able to distribute lecture notes or software without allowing the user to reuse text or images within their own work. Usage of software packages or site can also be tracked, enabling specific content to be displayed to different users. To achieve these goals different methodologies are available.

Why do I need Digital Rights Management?

As stated above, Digital Rights Management is not appropriate for all organisations. It can introduce additional complexity into the development process, limit use and cause unforeseen problems at a later date. The following questions will assess your needs:

1. Do you trust your users to use your work without plagiarising or stealing it?

2. If the answer to question 1 is yes, do you wish to track unauthorised distribution or impose rules to prevent it?

3. Will you be financially affected if your work is distributed without permission?

4. Will digital rights restrictions interfere with the project goals and legitimate usage?

5. In terms of cost and time management, can you afford to implement DRM restrictions?

6. If the answer to question 5 is yes, can you afford a strong and costly level of protection (restrictive digital rights) or weak protection (supportive) that costs significantly less?

What types of DRM Methodologies Exist?

Digital Rights methodologies can be divided into two types supportive and restrictive. The first relies upon the user's honesty to register or acquire a license for specific functionality. In contrast, the restrictive method assumes the user is untrustworthy, placing barriers (e.g. encryption and other preventive methods) that will thwart casual users who attempt to infringe their work.

1) Supportive digital rights

The simplest and most cost effective DRM strategy is supportive digital rights. This requires the user to register for data before they are allowed access, blocking all non-authorised users. This assumes that individuals will be less likely to distribute content if they can be identified as the source of the leak. Web sites are the most common use of this protection method. For example, Athens, the NYTimes and other portals provide registration forms or license agreement that the user must complete before access is allowed. The disadvantage of this protection method is the individual can easily copy or distribute data once they have it. Support digital rights is suited to organisations that want to place restrictions upon who can access specific content, but do not wish to restrict content being used by legitimate users.

2) Restrictive digital rights

Restrictive digital rights are more costly, but place more stringent controls over the user. It operates by checking if the user is authorised to perform a specific action and, if not, prevents them from doing it. Unlike supportive rights management, it ensures that content cannot be used at a later date, even if it has been saved to hard disk. This is achieved by incorporating watermarks and other identification methods into the content.

Restrictive digital can be divided into two sub-categories:

• Self-Protecting - any digital rights process that involves encryption to prevent unauthorized access to confidential data. For viewing purposes, the content is decrypted, but enforces strict licence terms to limit its usage. Common examples include DVD player (and computer DVD-ROMs) that contain a region code. This ensures that discs can only be played on machines that contain the same code. In the event that an exact duplicate is made, the user cannot decrypt the content without the decryption key, rendering the file useless. Self-protecting is the most costly form of DRM and, for services that have a large market, is likely to be defeated by dedicated hackers. In this event, the work will require significant additional funding to establish a new method of self-protection.
• Self-describing - Self-describing protection places less obvious restrictions upon the content. The content is unencrypted, but contains a watermark or unique code hidden within the file that identifies the original source of the material. For example, Windows XP identifies the machine ID to prevent hard disks bring transferred to a different PCs

The requirements for Digital rights implementations are costly and time-consuming, making them potentially unobtainable by the majority of service providers. For a data archive it is easier to prevent unauthorised access to resources than it is to limit use when they actually possess the information.

Ensuring Interoperability

Digital rights is reliant upon the need to record information and store it in a standard layout format that others can use to identify copyrighted work. Current digital rights establish a standard metadata schema to identify ownership

Two options are available to achieve this goal: create a bespoke solution or use an established rights schema. An established rights schema provides a detailed list of identification criteria that can be used to catalogue a collection and establish copyright holders at different stages. Two possible choices for multiple media types are:

• XrML (eXtensible rights Markup Language) - a general-purpose XML-based specification grammar for defining digital rights and conditions to be associated with digital content, services, or other resources. The language is utilized as the basis for the MPEG-21 and Open eBook rights specifications.
• XMCL (eXtensible Media Commerce Language) - a rights management system for media exchanged between businesses (such as web stores, customer tracking, etc.) and trusted delivery and playback systems. It is intended as a consumer-focussed schema that allows businesses to provide rental, subscription, ownership, and video on demand/pay-per-view services.

Summary

Digital rights are an important issue that allows an institution to establish intellectual property rights. However, it can be costly for small organizations that simply wish to protect their image collection. Therefore the choice of supportive or restrictive digital rights is likely to be influenced by value of data in relation to the implementation cost.

Further Information

• Athens Access Management Systems
  <http://www.athens.ac.uk/>
• Directory for Social Issues in computing Copy Protection
  <http://www.rajivshah.com/directory/Content/Protection_Schemes/Windows/>
• How much is stronger DRM worth?, Lewis
  <http://www.cpppe.umd.edu/rhsmith3/papers/Final_session1_lewis.pdf>
• XMCL
  <http://www.w3.org/TR/2002/NOTE-xmcl-20020919/>
• XrML
  <http://www.xrml.org/>