Managing Rights Management

On Thursdays, the USPTO publishes new patent applications. Both of today's Spotlight applications address various aspects of digital rights management. Assigned to Intertrust, the first application concerns matching, selecting, narrowcasting, and/or classifying based on rights management. Assigned to Motorola (General Instruments), the second application discloses techniques for distributing digital information including digital rights management information to a plurality of devices. 

Thursdays the USPTO publishes new patent applications. Both of today's Spotlight applications entail the use of DRM. The first application discloses DRM techniques for audience measurement, no assignee given. The second discloses DRM techniques for license renewal, also no assignee given.

Masabi's Ben Whitaker wrote a most interesting article on Barcode security. Even those readers who don't usually care about such things should have a look; lots of interesting ideas there. Whitaker addresses security and DRM:

Anti-copying using DRM (Digital Rights Management)
However you deliver a barcode, it has to be presented in a scannable format, which means that an adversary can always scan the ticket, and if they want to, change some details on the barcode and create multiple copies without DRM. People that have barcode delivery systems that use or rely on "forward lock" or DRM to prevent the barcode image being sent from one person to another are being blind to the availability of barcode scanners to beat all of their software. Also consider that OMA DRM for forward locking images downloaded to phones places laughably little protection against an assailant armed with such exotic tools as a web-browser and a text editor.

Ars Technica reports on a recent Federal Trade Commission report issued nearly 18 months after the conference that spawned it. Regarding DRM, the report says in part:

As new, proprietary technologies are introduced, consumers will be faced with noninteroperable products. Despite consumers’ general preference for interoperability, which provides the greatest flexibility and range of use for products they buy, such a goal may be elusive in a competitive marketplace where businesses seek to provide unique and innovative products. The challenge for the FTC, then, is not to ensure that products are interoperable, but rather to ensure that consumers are provided sufficient information prior to purchase so that they understand any inherent limitations on the use of the products they buy.

Today's Spotlight issued patents concern various aspects of digital rights management.  Assigned to Adobe, the first patent concerns nestable skeleton decryption keys for digital rights management. Assigned to LG Electronics, the second patent concerns techniques for providing digital electronic books.

Nate Lawson is a co-creator of the BD+ security layer on Blu-ray. He gave a talk at the recent RSA conference.that covers techniques for attacking DRM. His slides are posted here and are worth reviewing. Lawson writes:

Of course, people in glass houses should not throw rocks. As someone who had a part in developing BD+, I am biased toward thinking a different approach than mere broadcast encryption [e.g. AACS] is the only thing that has a chance of success in this rough world. The first BD+ discs were cracked in mid-March, and it remains to be seen how effective future updates will be. Unfortunately, I can’t comment on any details here. We’ll just have to watch and see how things work out the rest of this year.

2008 will prove whether a widely deployed scheme based on software protection is ultimately better or equivalent to the AACS approach. I have a high degree of confidence it will survive in the long run....

As noted here yesterday, Slysoft claims that it's AnyDVD (HD) 6.4.0.0 software will remove the BD+ security component of Blu-ray HiDef optical discs. When asked for a comment, Eric Rodli, Macrovision's Executive Vice President & General Manager of Entertainment, had this to say via email:

“Macrovision does not comment on specific techniques or procedures that may directly impact the BD+ security technology.  BD+ is a security response system designed to react to security attacks, not prevent them entirely.  As part of this system, updated BD+ security code is continuously developed so that BD+ customers obtain ongoing value from the use of this technology.”

One of the major benefits of BD+ is that it is programmable security. Thus the cat and mouse game between those who apparently encourage piracy and the major studios and their technology partners remains intact.

SlySoft is again claiming that it's AnyDVD (HD) 6.4.0.0 software will remove the BD+ security component of Blu-ray. So far no comment from Sony, Macrovision who acquired the BD+ technology late last year from CRI, or the bdplusllc licensing authority. I've asked Macrovision to comment,  but so far no response.

As I noted back in November, it's entirely possible that the strongest versions of BD+ have not yet been deployed in order to gather information regarding the kinds of attacks that can be successful. This "honey pot" strategy might be a useful defensive tactic against hackers / crackers / pirates.

[I've been off doing a crash project for a client. Catching up today.]

Several sources including this Ars Technica article by Eric Bangeman report that Direct TV has changed the rights management rules regarding the time to view recorded TV shows.

DirecTV DVR owners got some bad news from the satellite TV provider recently when the company announced that it will break some of the existing functionality of the DVRs. Effective April 15, subscribers will only have 24 hours to watch pay-per-view movies recorded to their DVRs. Once the movies are purchased, the clock starts ticking, and after 24 hours, the PPV movie saved to your DVR will become nothing more than an unreadable collection of zeros and ones.

Why the studios should care is beyond me. Another capricious act by content owners and distributors.

On Thursdays the USPTO publishes new patent applications. Both of today's Spotlight applications address copy protection / rights management for recording devices. Assigned to Sony, the first application discloses a security module in a recording device. The second application discloses copy protection techniques for devices, no assignee given.

Thursday the USPTO publishes new patent applications. Both of today's Spotlight applications address certain aspects of DRM. Assigned to Philips, the first application discloses state information in DRM identifier for ad DRM. Assigned to IBM, the second application discloses techniques for supporting digital rights management in an enhanced Java 2 runtime environment.

Loyd Case writes on the ExtremeTech site about rampant piracy in  the PC games space. This longish article is well worth a read.

Among other data, Case offers selective quotes from an article by Michael Fitch on the shutdown of Iron Lore Entertainment, for reasons that include piracy:

On Tuesdays the USPTO issues new patents. Both of today's Spotlight Patents address various aspects of copy protection. Assigned to Macrovision, the first patent concerns techniques for ensuring the copy protection of digital data. Assigned to Philips, the second patent concerns techniques for copy protection of information.

Causal games might be defined as games small enough to be downloaded and/or web based (e.g., one of my favs, Desktop Tower Defense). How does piracy affect the causal game business? Over on Gamasutra, Reflexive's director of marketing Russell Carroll has posted a great article asserting that 92% of one game, the full version of Ricochet Infinity, were found to be playing pirated copies. A staggering percentage.

One way to fight the search-engine facilitated piracy is to work to remove the ever-expanding number of links to illegal copies, but in many cases improving the Digital Rights Management (DRM) system to be more secure can be more effective as it renders a large number of those links obsolete. This is tricky to be sure, because improving the security must be done without making the DRM so onerous that it keeps honest customers from purchasing games.

Exactly so.

Is the movie download business like the record  business and should the lessons learned there be applied to movie and TV program downloads? Yes, says Frank Rose in Wired in an argument that seems a bit illogical:

The lessons from the music fiasco are clear: Trying to limit the inherent advantages of digital files is a losing strategy. The way to stop piracy is to make everything available — easily, legally, and at a fair price. But it's a lot of work to secure Internet rights to old films and TV series from writers, directors, composers, and the like, and the studios show little inclination to monkey around with their lucrative sales to premium channels like HBO — deals that don't affect DVD sales but are written in a way that can keep electronic distribution rights locked up for years. "There would be a lot fewer Mercedes pulling up to the Palm every day without those pay-TV deals," one exec quips. Right — but how many music moguls have you seen pulling up to the Palm lately?

If the music industry failed to monetize because of rampant piracy of a product that was provided on CDs without protection, and if the movie industry more successfully monetized by locking up content for a period of time on many channels, what's wrong with copy protection and DRM?

Wired has a good story on the contribution of BD+ to Blu-ray's besting HD-DVD in the HiDef optical disc format wars.

Sony's victory in the DVD format wars was largely due to its embrace and Toshiba's rejection of a sophisticated anti-copying scheme that promises to be relockable should it be cracked at some point in the future....

Paul Kocher, Cryptography Research's president and chief scientist, thinks HD DVD's decision not to adopt his technology eventually tipped the battle to Blu-ray.

"I don't want to pretend that security was the only thing that drove the content war," Kocher said. "But from a content perspective, I think security is the biggest overhang over the future of the studios and I think they realize that and they are doing what they can to deal with that."

HD-DVD: RIP.

The Standard (and other sources) reports that Apple has been able to shut down a site that strips FairPlay DRM from iTunes files. The open source Hymm project received a "cease and desist" order from Apple attorney's.

iTunes customers can legitimately lose FairPlay DRM in order to play their music on other devices by burning a CD of their songs, and ripping that CD into a different format.

Hymn has complied with Apple's legal letter, removing download links to its software from its website and warning forum users not to post links to alternate download sources within its forums, or risk a ban.

I'm at the Havard Law School today. Thanks to the Berkman Center for Internet & Society, the FCC is conducting a public en banc hearing at the Harvard Law School on Net Neutrality (NN) and broadband management. There will be a live audo feed for those interested. I'll be blogging comments from time to time.

Now that Blu-ray has won the HiDef optical disc format war, what is Blu-ray anyway?  Over on CoolGadgets there is a longish posting that provides a good overview, including a quick review of Blu-ray security technologies AACS, BD+, and ROM mark. ROM mark is an antipriracy feature that is a watermark on the physical disc so that players can check on the authenticity of the disc inserted in the drive and then refuse to play titles that lack the proper mark.

EFF staff technologist Seth Schoen writes that Adobe is adding DRM to the latest version of Flash. Why they are doing this is, of course, an interesting question. Schoen suggests that the major motivation seems to be Adobe's business model:

Users may also have to upgrade their Flash Player software (and open source alternatives like Gnash, which has been making rapid progress, may be unable to play the encrypted streams at all). Third-party software that can download Flash Video, like the most recent RealPlayer, will also break. But Adobe now has an incentive to push the use of DRM: it's only available to sites that use Flash Media Server 3 software, which starts at over $4,000 (with extra fees depending on the number of simultaneous streams).

Having trouble pirating Flash video streams? Want to know how Adobe is doing DRM in Flash? I recently came across Christopher Levy's worthwhile article in Streaming Media from last December. Levy tells all, so to speak. Among his points are:

...Adobe rolled out several upgrades to its Flash Media Server 2 that are DRM-like and provide greater security for Flash Video objects. If you are providing Flash content as a progressive download, users can record the content from the cache in their web browser using a “ripper.” However, streaming the content using the proprietary Adobe Real Time Messaging Protocol (RTMP) results in increased protection from rippers. From Adobe’s website: “By default, content delivered by Flash Media Server is wrapped inside an Adobe protocol called RTMP. Because this is an unpublished, proprietary format, none of the RTSP stream ripping programs have the capability to rip media delivered over Flash Media Server.” Adobe also supports simple domain and IP authentication schemas as well as SSL to further enhance the security of Flash content.

On Tuesdays the USPTO issues new patents. Both of today's Spotlight patents address copyright protection and rights management techniques.  Assigned to Sony, the first of today's issued patents addresses systems for authoring content data and techniques for protecting the content.  Assigned to Ricoh, the second patent addresses techniques for encrypting and reproducing digital data while protecting copyright.

The Centre Daily carried a story that Intertrust Technologies has completed a patent licensing deal giving  Motorola global rights "to practice Intertrust's broad inventions in trusted distributed computing and digital rights management. Motorola's license covers all products, including mobile and digital television devices."

Thursdays the USPTO publishes pending patent applications. Both of today's Spotlight applications address various aspects of copyright / rights management. Assigned to Nokia, the first discloses a content distribution system. Assigned to Yamaha, the second discloses techniques for music generation and recording that incorporate automatic performance data requiring copyright protection.

Some years ago, the Pebble Beach Association tried to assert that the lone cypress tree could not be photographed without permission since they claimed they used an abstraction as a registered trademark. For a while, the city of Chicago apparently prevented professional photographers from taking pictures of  "the bean" statue. Paris wishes to forbid taking a picture of the Eiffel tower at night. And in the post 9/11 environment, some law enforcement folks have interfered with photographers taking certain pictures, of the ExxonMobil facility in Torrance, CA, for example.

One of the more interesting blogicles I've come across is this one concerning DRM and photography on the "Lady That's My Skull" blog written by a person whose online identity is "Sleestak". The blogicle is worth looking at in part because of the novel ideas and in part because of the way in which photographs have been modified to show an example of how DRM might work when photographing public spaces and other subject matter.

Here's a novel application of database access rules which might be characterized as DRM. The BBC reported last week that access to an archive of images and other information related to aborigines is keyed to the user's profile in order to maintain culturally defined rules and taboos.

The Register (UK), among others, reports that users who upgrade to QT 7.4 are then unable to edit protected video files using Adobe's Premier and After Effects editing tools.

The error is the result of periodic checks QuickTime carries out on video files for piracy violations. Videos created using Adobe products don't supply the needed headers until the movies are rendered, prompting the overly protective QuickTime to conclude they are contraband that should be barred.

Another example of how not to do DRM. Sigh....

Over on my scenario planning and business strategy blog, I've been reviewing the results of a public scenario planning workshop on The Future of Information Commerce held in 1997. Readers of this blog might be interested in the results and my commentary. For instance, some of the issues addressed in the workshop included the impact of DRM and business models.

The first blogicle which provides background information and a pointer to the results thanks to the Internet Archive' s Wayback Machine.

The second installment comments on what my former partners took to be the major learnings from the workshop.

The third installment comments on the Conventional Wisdom scenario: the views of the participants as a group at the outset of this 2-day workshop.

Additional installments are forthcoming.

Privacy is a touchy subject. For nearly 20 years, I have advocated that consumers be informed in advance and "opt in" to any collection of usage information by DRM technologies. The reason is that this information has value. In some business models, it's perfectly reasonable to provide compensation to consumers for access to their usage information. Compensation might be in the form of discounts or free digital goods.

These and related issues are now being discussed in Canada. Jennifer Stoddart, Privacy Commissioner of Canada, has sent a letter to Jim Prentice, Minister of Industry, and Josée Verner, Minister of Canadian Heritage, regarding the privacy implications of proposed changes to Canadian copyright law. Ms. Stoddart is most concerned about the use of DRM implementations that collect user related information without their consent:

If DRM technologies only controlled copying and use of content, our Office would have few concerns. However, DRM technologies can also collect detailed personal information from users, who often do no more than access the content on a computer. This information is transmitted back to the copyright owner or content provider, without the consent or knowledge of the user. Although the means exist to circumvent these technologies and thus prevent the collection of this information, previous proposals to amend the Copyright Act contained anti-circumvention provisions.

On Thursdays the USPTO publishes pending patent applications. Here are a couple of rights management patent applications published today that are assigned to Intertrust. Each is a divisional - same specification but a new set of claims (inventions). I had a hand in both. The first application addresses techniques for defining, using and manipulating rights management data structures. The second addresses trusted and secure techniques for item delivery and execution.

As noted in this pages and elsewhere, the media have started to declare Blu-ray the winner in the HD format wars. Although Blu-ray has momentum, we've seen shifting alliances and coalitions for some time. So in my view it's a little premature for someone to crown the King. Nevertheless, the hills are alive with with sound of bloggers and pundits of all kinds. Here's a sampling.

EngadgetHD says correctly that BD+ has not (yet) been broken and has an architecture diagram that has appeared previously in various venues. The Engadget article is consistent with the account given by Macrovision during the November conference call following announcement that they would acquire the BD+ (SPDC) technologies from CRI.

Dennis McDonald posted a comment on my DRM 3.0 blogicle asking, "Did any of the industry folks you talked with say anything about possible privacy implications for "DRM 3.0" applications?" The direct answer is "yes and no."

Privacy issues turn, in my view, on what is done with information relating to user behavior. However, privacy is not the only issue raised by DRM 3.0 models.

Some ISPs are threatening to interdict and prevent the transfer of copyrighted media content (especially if that content belongs to large companies). If ISPs provide user specific information to the RIAA, MPAA, or other stakeholders that then becomes the basis for civil litigation or criminal prosecution, then privacy is obviously a major concern to all.

Following several conversations with senior executives from several different companies, I've come away from the CES show thinking that the next generation of DRM has arrived. The outlines of DRM 3.0 have been clear for the past several months, but two themes emerged from my various discussions.

The first is that despite the apparent death of DRM in the music world, rights management is being reinvented as network layer and backend sets of processes and services. Network providers will increasingly play traffic cops and apply rules such as "don't allow transmission of the copyrighted material" across our network. Similar functions are being developed / applied in the User Generated Content world (UGC).

Eh, what's up, Doc? Warner Bros announced last week that it will eventually release only on Blu-ray rather than on HD-DVD optical discs.  Their press release in part says:

“A two-format landscape has led to consumer confusion and indifference toward high definition, which has kept the technology from reaching mass adoption and becoming the important revenue stream that it can be for the industry,” said [Kevin] Tsujihara [President, Warner Bros. Home Entertainment Group]. “Consumers have clearly chosen Blu-ray, and we believe that recognizing this preference is the right step in making this great home entertainment experience accessible to the widest possible audience.

InformationWeek reports that another anti-trust suit requesting class action status has been filed against Apple. To promote interoperability, part of the suit demands that Apple open its platforms to other DRM standards and media formats. But in all these cases the first order of business is to assert that the company in fact has one or more monopolies:

The complaint against Apple claims that the company controls 75% of the online video market, 83% of the online music market, more than 90% of the hard-drive based music player market, and 70% of the Flash-based music player market.

BetaNews has a couple of related articles of interest. Jacqueline Emigh's article begins with old news that DRM for music is dying, if not dead. More interesting is the discussing of the Chinese DVD standard, CH-DVD:

For high-def video to really start reaching greater numbers of people, high-def vendors need to give up their current grip on DRM and other manifestations of Blu-ray and HD DVD proprietary formats, and start selling discs that will work interchangeably on any vendor's HD equipment. But what will happen if these two warring camps continue to stay locked in their current stalemate?