To DRM or not to DRM: Commentary
To DRM or not to DRM? That has been a key question for some years now. One of the first articles I wrote for Streaming Media was about DRM, a little way back in 2002. Not a lot has changed in a decade. It is still strapped with a negative perception, not widely adopted, and largely ineffective at all but the early-adopter and innovator end of the market.
While a few larger players have adopted strategies that secure their streaming models, and indeed UltraViolet is all the rage at the moment (despite a range of shortcomings, at this stage at least) most of us are not engaged in online video strategies that pre-suppose that our content simply cannot be pirated.
I hasten to add that I will indeed use DRM on a variety of projects planned for the future with clients who define it as a requirement, and I can see why. In the same way adding tags to clothes or DVDs in a store doesn’t actually prevent me from simply running out of the shop clutching items I want to steal, DRM has no absolute ability to prevent crime. Its proponents would argue, though, that it makes it hard enough that you have to consciously be circumventing it, and that this "intent" turns inadvertent replication of copyright content into a clearly criminal act.
OK. I see that. So the management of rights boils down to the fact that we know the initial "ripper" of the video couldn’t have done it inadvertently, could they? Or could they?
Talking to some colleagues about this, it seems we all agree that if you can see the video then you can pirate it. It doesn’t matter what protection system you use; if it can render a video, that video can be copied. If you setup a faux-video driver then your PC can be set to output the video to that driver and that driver can just write the data to storage. If you output to encrypted HDMI then you trick that into thinking your recorder is a certified TV. No problem.
It's Easy to Copy Online Video, Even if it's Protected
I was one of the early licensors of Microsoft's DRM technology back in 2004/2005, but I wanted to prove to myself that im not smoking my socks here. So, freshly armed with my new Netflix UK account, I pulled a film at random. As far as I know, Netflix uses Microsoft’s PlayReady DRM.
So I'm pretty sure the content was encrypted, since the Silverlight player notified me it was "authenticating" (presumably fetching a license). Once that process completed, the video playback started.
Initially, assuming "screen scraping" was proofed against, I opened a Skype session with a colleague and instantly shared my desktop with him. He lives in a different continent, one where there is no Netflix, but lo and behold he was merrily watching the film. OK , so perhaps that's a bit of a workaround, but it's not like I could build any sort of scalable pirate proposition from that.
I then opened my 30 day trial of Camtasia, selected the video window and hit "record."
A bitlater, I had a several minutes of the video captured to disk at exactly the same quality that Netflix was publishing it at.
I then exported it to .mp4. Not that I have perfect analysis tools for quantatively comparing my rip to the source, but to my eyes, the mp4 would have been perfectly watchable on my phone on the train to London tomorrow. Again, that would have been outside of any rights agreement with Netflix.
What, Exactly, Does DRM Manage?
So where I get a bit confused is where the DRM has actually managed anyone's rights? Indeed looking at Microsoft's webpages about PlayReady, it goes on and on about how PlayReady "enables content services." Honestly, I can’t see how it does anything to "enable" content management systems, or encoding, or delivery, or billing. All of these are just as possible without PlayReady. So the only thing I can see it vaguely enables is quantisation of downloading/streaming by tying access to a license. But surely any subscriber management system or packet billing system enables that too.
The fact the content item is encrypted has no bearing on anything to do with the rest of the process. The only value it potentially adds is preventing a hacker who hacks the data store of the video from opening the hacked copies of the files without going through the licensing process. But honestly, if they get that far they will likely have already seen a screen scrape system at the very least.
PlayReady is billed as "Content Access and Protection Technology for Digital Entertainment Services, Devices, and Applications," but we can see that "protection" is meaningless; it took me no effort whatsoever to rip video from Netflix. I’m not even talking "average engineer" skill—I honestly could talk my mum through this process in a couple of minutes. Microsoft Word is harder to use than Camtasia. And there are hundreds of Camtasia-like applications.
In a streaming model, then, the "conditional access" of the streaming service providers' subscriber management system ensures revenue collection, and if the files are streamed, then the idea is that they are not downloaded to the end device, and so cannot be copied to the subscribers’ friends' devices anyway. DRM hasn’t really solved anything here beyond perhaps controlling the number of devices that can simultaneously access the stream.
The download-to-own model is different. I could have a disc full of protected content, and if I give it to my friend, they would have to log in as me to the licensing service to access the content. This would clearly provide an audit that I had infringed the rights issued by sharing my credentials. But surely if I want to really share around all these files I can use a simple screen capture process to clear off all the DRM and copy, copy, copy away.
I can even envision a world where a combination of watermarking and DRM could pin liability on a specific service-subscriber for that infringement even after a screen-scrape. But it's entirely post-event—like my analogy of running out of the shop with the tagged clothing or items.
And I can see that, with SOPA or the DMCA or other such regulatory attempts, if an individual can't be caught or blamed, then powers are being introduced that could provide any rights holder that identifies an infringement with god-like power over any of the infrastructure providers that the so-called infringing party uses.
But none of that really relates to DRM. All DRM adds to the occasion is a short term period where the content is encrypted over one or a handful of links, while it is copied from one end to the other by a network protocol.
Want Less Piracy? Make More Content Easily, Cheaply Available
So returning to my initial line of thinking: Why has DRM not really taken off? Why is it still a relatively niche area? Perhaps its because the only business models DRM has been applied to are the old ones, ones that protect the recording and movie industry from having to change their accounting system.
The fact is that by embracing change we see success. YouTube is arguably the most successful content delivery platform yet provided, if success is measured by the scale of delivery of content and the cost to the user.
Netflix increased the internet traffic in the U.S. by 23%, and in so doing diluted the percentage of total traffic on the U.S. internet that was pirate by the same amount. That was one single legal model. The DRM has little part in that game – it’s the convenience of access through a legal, well-priced route.
If we added another 20 Netflix services then piracy would be diluted 20 times further.
Will DRM survive? Yes. There will always be a place for best-effort protection.
Will it ever prevent piracy? No. At best it adds a little friction, but any content provider who thinks they can return to unitary quotients like the days of fixed media is wrong.
Legal, easy-to-use, well-priced services reduce piracy far more than DRM ever will.
Looking backward 10 years, not much has changed.
Now its time to look forward.
Google now receives over 1.5 million DCMA takedown notices per week; piracy takes 24 percent of all bandwidth.