A look at the digital world’s newest bitter truth-DRM
Digital Rights Management is a good thing. That’s what They keep telling us. It “protects the creators,” fights piracy, and most importantly, gets Them the money They’ve been crying about while the world wantonly shares Their content over the P2P networks. The debate over DRM-specifically for music and movies-now rivals in proportion such favourites as Paid versus Open Source software and “Does No really mean No?” As the war against piracy gets more frustrating, content creators get fiercer in the measures they take to protect their work, and it seems that whether we like it or not, DRM is going to be one of those inconvenient realities we have to deal with.
The definition, of course, is as harmless as can be-defining limitations to media to ensure the artists’ / creators’ intellectual property isn’t misused. In theory, then, DRM is basically an implementation of the Copyright Act of the country -instead of telling people they can’t do something and then hoping they won’t breach the law, why not ensure that the media prevents its own misuse? All this makes complete sense, too-at least while companies aren’t thinking up newer and more boneheaded schemes to implement it (remember the Sony rootkit incident?). Before we jump to any conclusions about the goods, bads and uglies, let’s spend a while understanding how this whole system works.
Brass Tacks
At the heart of every DRM technology is cryptography. The media (music, videos, software, even documents) is encrypted until unlocked with a “key”-a string of data that enables reversing the encryption (for more on cryptography, see box Cryptography). You should find this familiar-we’ve all used software that asked us for a serial key to run it. If you find that familiar, you’ll also recall how easy it was to crack those systems. The Request Code-Authorisation Code system came soon, where the software would “phone home” with a request code, which would then be verified by their servers, and return you a final authorisation code that would unlock the software. This works better, but it’s been bypassed too-just like every system that involved actually giving the key to the user.
When Windows XP was launched, it not only activated itself over the Internet, it also locked itself to your hardware-so your hardware ID numbers now became the key to use it. The scheme was dropped soon, because a simple hardware upgrade could put your XP out of commission. Still, the concept of using a key that users couldn’t control (and therefore couldn’t alter) remained, and is still evolving in the DRM techniques we see today. Windows Vista, for example, will allow you five upgrades before it recognises your PC as invalid.
While it started out as simple copy-protection, DRM has now evolved into a much more complex beast, not only defining what you can do with software and media-in an End User License Agreement, for example-but making sure that those guidelines are followed as well.
The DRM Model
Designing a DRM scheme where both users and content creators are happy, has, and will continue to, give companies sleepless nights in coming years. At the highest level, they have three aspects to consider (the jargon refers to all content-software, media, etc.-as assets, so we’ll do the same for convenience):
1. Creation: This deals with creating protected assets and defining the rights users have over them. This is basically defining the aspects of the law under which the content is protected. Once this is done, assets are ready to be sold.
2. Management: This deals with managing asset sales-assigning licenses to users, making sure that royalties get to the creators, and so on. 
3. Usage: Once you’ve got a DRM-ed asset, it needs to verify a lot of things. Most importantly, it needs to check whether you’re authorised to use it. This aspect also involves keeping tabs on how the asset is being used-if there’s a three-copy restriction, for example, this is validated every time the file is copied.
All this, of course, is a very high-level look at things. Managing protected content involves a whole bucketful of e-business models, for example, and as we’ll see next, creating protected content isn’t exactly a piece of cake, either.
The DRM Model
Designing a DRM scheme where both users and content creators are happy, has, and will continue to, give companies sleepless nights in coming years. At the highest level, they have three aspects to consider (the jargon refers to all content-software, media, etc.-as assets, so we’ll do the same for convenience):
1. Creation: This deals with creating protected assets and defining the rights users have over them. This is basically defining the aspects of the law under which the content is protected. Once this is done, assets are ready to be sold.
2. Management: This deals with managing asset sales-assigning licenses to users, making sure that royalties get to the creators, and so on. 
3. Usage: Once you’ve got a DRM-ed asset, it needs to verify a lot of things. Most importantly, it needs to check whether you’re authorised to use it. This aspect also involves keeping tabs on how the asset is being used-if there’s a three-copy restriction, for example, this is validated every time the file is copied.
All this, of course, is a very high-level look at things. Managing protected content involves a whole bucketful of e-business models, for example, and as we’ll see next, creating protected content isn’t exactly a piece of cake, either.