Digital rights management (DRM) tools or technological protection measures (TPM) are a set of access control
technologies for restricting the use of proprietary hardware
DRM technologies try to control the use, modification, and distribution of copyrighted works (such as software
and multimedia content), as well as systems within devices that enforce these policies.
Worldwide, many laws have been created which criminalize the circumvention of DRM, communication about such circumvention, and the creation and distribution of tools used for such circumvention. Such laws are part of the United States' Digital Millennium Copyright Act
, and the European Union
's Information Society Directive
(the French DADVSI
is an example of a member state of the European Union ("EU") implementing the directive).
Common DRM techniques include restrictive licensing agreement
s: The access to digital materials, copyright and public domain is restricted to consumers as a condition of entering a website or when downloading software.
, scrambling of expressive material and embedding of a tag, which is designed to control access and reproduction of information, including backup copies for personal use. DRM technologies enable content publishers to enforce their own access policies on content, such as restrictions on copying or viewing. These technologies have been criticized for restricting individuals from copying or using the content legally, such as by fair use
. DRM is in common use by the entertainment industry
(e.g., audio and video publishers).
Many online music store
s, such as Apple
's iTunes Store
, and e-book
publishers and vendors, such as OverDrive, also use DRM, as do cable and satellite service operators, to prevent unauthorized use of content or services. However, Apple dropped DRM from all iTunes music files around 2009.
Industry has expanded the usage of DRM to more traditional hardware products, such as Keurig
' light bulb
s, mobile device power chargers
, and John Deere
s. For instance, tractor companies try to prevent farmers from making DIY repairs
under the usage of DRM-laws such as DMCA
The use of digital rights management is not universally accepted. Proponents of DRM argue that it is necessary to prevent intellectual property
from being copied freely, just as physical locks are needed to prevent personal property
from being stolen,
that it can help the copyright holder maintain artistic control
, and that it can ensure continued revenue streams. Those opposed to DRM contend there is no evidence that DRM helps prevent copyright infringement
, arguing instead that it serves only to inconvenience legitimate customers, and that DRM helps big business
stifle innovation and competition. Furthermore, works can become permanently inaccessible if the DRM scheme changes or if the service is discontinued.
DRM can also restrict users from exercising their legal rights
under the copyright law, such as backing up copies of CDs or DVDs (instead having to buy another copy, if it can still be purchased), lending materials out through a library, accessing works in the public domain
, or using copyrighted materials for research and education under the fair use doctrine
The rise of digital media and analog-to-digital conversion technologies has vastly increased the concerns of copyright-owning individuals and organizations, particularly within the music and movie industries. While analog
media inevitably lose quality with each copy generation
, and in some cases even during normal use, digital media files may be duplicated an unlimited number of times with no degradation in the quality. The rise of personal computer
s as household appliances has made it convenient for consumers to convert media (which may or may not be copyrighted) originally in a physical, analog or broadcast form into a universal, digital form (this process is called ripping
) for portability or viewing later
. This, combined with the Internet
and popular file-sharing
tools, has made unauthorized distribution of copies of copyrighted digital media
(also called digital piracy
) much easier.
In 1983, a very early implementation of Digital Rights Management (DRM) was the Software Service System (SSS) devised by the Japanese engineer Ryuichi Moriya.
and subsequently refined under the name superdistribution
. The SSS was based on encryption, with specialized hardware that controlled decryption and also enabled payments to be sent to the copyright holder. The underlying principle of the SSS and subsequently of superdistribution was that the distribution of encrypted digital products should be completely unrestricted and that users of those products would not just be permitted to redistribute them but would actually be encouraged to do so.
One of the oldest and least complicated DRM protection methods for computer and Nintendo Entertainment System games was when the game would pause and prompt the player to look up a certain page in a booklet or manual that came with the game; if the player lacked access to such material, they would not be able to continue the game. A product key
, a typically alphanumerical serial number
used to represent a license to a particular piece of software, served a similar function. During the installation process or launch for the software, the user is asked to input the key; if the key correctly corresponds to a valid license (typically via internal algorithms), the key is accepted, then the user who bought the game can continue. In modern practice, product keys are typically combined with other DRM practices (such as online "activation"), as the software could be cracked
to run without a product key, or "keygen
" programs could be developed to generate keys that would be accepted.
Limited install activations
Some DRM systems limit the number of installations a user can activate on different computers by requiring authentication with an online server. Most games with this restriction allow three or five installs, although some allow an installation to be 'recovered' when the game is uninstalled. This not only limits users who have more than three or five computers in their homes, but can also prove to be a problem if the user has to unexpectedly perform certain tasks like upgrading operating systems or reformatting the computer's storage device.
In mid-2008, the Windows version of ''Mass Effect
'' marked the start of a wave of titles primarily making use of SecuROM
for DRM and requiring authentication with a server. The use of the DRM scheme in 2008's ''Spore
and there were protests, resulting in a considerable number of users seeking an unlicensed version instead. This backlash against the three-activation limit was a significant factor in ''Spore'' becoming the most pirated game in 2008, with TorrentFreak
compiling a "top 10" list with ''Spore'' topping the list. However, Tweakguides concluded that the presence of intrusive DRM does not appear to increase video game piracy, noting that other games on the list such as ''Call of Duty 4
'' and ''Assassin's Creed
'' use DRM which has no install limits or online activation. Additionally, other video games that do use intrusive DRM such as ''BioShock
'', ''Crysis Warhead
'', and ''Mass Effect'', do not appear on the list.
Persistent online authentication
Many mainstream publishers continued to rely on online
DRM throughout the later half of 2008 and early 2009, including Electronic Arts
, and Atari
, ''The Sims 3
'' being a notable exception in the case of Electronic Arts. Ubisoft broke with the tendency to use online DRM in late 2008, with the release of ''Prince of Persia'' as an experiment to "see how truthful people really are" regarding the claim that DRM was inciting people to use illegal copies. Although Ubisoft has not commented on the results of the "experiment", Tweakguides noted that two torrents
had over 23,000 people downloading the game within 24 hours of its release.
Ubisoft formally announced a return to online authentication on 9 February 2010, through its Uplay
online game platform, starting with ''Silent Hunter 5
'', ''The Settlers 7
'', and ''Assassin's Creed II
''. ''Silent Hunter 5'' was first reported to have been compromised within 24 hours of release, but users of the cracked version soon found out that only early parts of the game were playable. The Uplay system works by having the installed game on the local PCs incomplete and then continuously downloading parts of the game-code from Ubisoft's servers as the game progresses. It was more than a month after the PC release in the first week of April that software was released that could bypass Ubisoft's DRM in ''Assassin's Creed II''. The software did this by emulating a Ubisoft server for the game. Later that month, a real crack was released that was able to remove the connection requirement altogether.
In early March 2010, the Uplay servers suffered a period of inaccessibility due to a large-scale DDoS attack
, causing around 5% of game owners to become locked out of playing their game. The company later credited owners of the affected games with a free download, and there has been no further downtime.
Other developers, such as Blizzard Entertainment
are also shifting to a strategy where most of the game logic is on the "side" or taken care of by the servers of the game maker. Blizzard uses this strategy for its game Diablo III
and Electronic Arts used this same strategy with their reboot of SimCity
, the necessity of which has been questioned.
An early example of a DRM system is the Content Scrambling System
(CSS) employed by the DVD Forum
on film DVD
s circa 1996. CSS uses an encryption algorithm
to encrypt content on the DVD disc. Manufacturers of DVD players must license this technology and implement it in their devices so that they can decrypt the encrypted content to play it. The CSS license agreement includes restrictions on how the DVD content is played, including what outputs are permitted and how such permitted outputs are made available. This keeps the encryption intact as the video material is played out to a TV.
In 1999, Jon Lech Johansen
released an application called DeCSS
, which allowed a CSS-encrypted DVD to play on a computer running the Linux
operating system, at a time when no licensed DVD player application for Linux had yet been created. The legality of DeCSS is questionable: one of the authors has been the subject of a lawsuit, and reproduction of the keys themselves is subject to restrictions as illegal number
Encryption can ensure that other restriction measures cannot be bypassed by modifying the software, so sophisticated DRM systems rely on encryption to be fully effective. More modern examples include ADEPT
, Advanced Access Content System
Further restrictions can be applied to electronic books
and documents, in order to prevent copying, printing, forwarding, and saving backups. This is common for both e-publisher
s and enterprise Information Rights Management
. It typically integrates with content management
system software but corporations such as Samsung Electronics
also develop their own custom DRM systems.
While some commentators believe DRM makes e-book publishing complex, it has been used by organizations such as the British Library
in its secure electronic delivery service
to permit worldwide access to substantial numbers of rare documents which, for legal reasons, were previously only available to authorized individuals actually visiting the Library's document centre at Boston Spa in England.
There are four main e-book DRM schemes in common use today, one each from Adobe
, Amazon, Apple
, and the Marlin Trust Management Organization (MTMO).
* Adobe's DRM is applied to EPUBs and PDFs, and can be read by several third-party e-book readers, as well as Adobe Digital Editions
(ADE) software. Barnes & Noble
uses a DRM technology provided by Adobe, applied to EPUBs and the older PDB (Palm OS)
* Amazon's DRM is an adaption of the original Mobipocket
encryption and is applied to Amazon's .azw4, KF8, and Mobipocket format e-books. Topaz format e-books have their own encryption system.
* Apple's FairPlay
DRM is applied to EPUBs and can currently only be read by Apple's iBooks
app on iOS
devices and Mac OS
* The Marlin DRM was developed and is maintained in an open industry group known as the Marlin Developer Community (MDC) and is licensed by MTMO. (Marlin was founded by five companies, Intertrust
, Panasonic, Philips, Samsung, and Sony.) The Kno
online textbook publisher uses Marlin to protect e-books it sells in the EPUB format. These books can be read on the Kno App for iOS
The Microsoft operating system, Windows Vista
, contains a DRM system called the Protected Media Path
, which contains the Protected Video Path (PVP). PVP tries to stop DRM-restricted content from playing while unsigned software is running, in order to prevent the unsigned software from accessing the content. Additionally, PVP can encrypt information during transmission to the monitor
or the graphics card
, which makes it more difficult to make unauthorized recordings.
have used a form of technology since ''Operation Flashpoint: Cold War Crisis
'', wherein if the game copy is suspected of being unauthorized, annoyances like guns losing their accuracy or the players being turned into a bird are introduced. Croteam
, the company that released ''Serious Sam 3: BFE
'' in November 2011, implemented a different form of DRM wherein, instead of displaying error messages that stop the illicit version of the game from running, it causes a special invincible foe in the game to appear and constantly attack the player until they are killed.
Also in 1999, Microsoft released Windows Media DRM
, which read instructions from media files in a rights management language that stated what the user may do with the media.
Later versions of Windows Media DRM implemented music subscription services that make downloaded files unplayable after subscriptions are cancelled, along with the ability for a regional lockout.
embedded within audio or video data during production or distribution. They can be used for recording the copyright owner, the distribution chain or identifying the purchaser of the music. They are not complete DRM mechanisms in their own right, but are used as part of a system for copyright enforcement, such as helping provide prosecution evidence for legal purposes, rather than direct technological restriction.
Some programs used to edit video and/or audio may distort, delete, or otherwise interfere with watermarks. Signal/modulator-carrier chromatography may also separate watermarks from original audio or detect them as glitches. Additionally, comparison of two separately obtained copies of audio using simple, home-grown algorithms can often reveal watermarks.
is included in purchased media which records information such as the purchaser's name, account information, or email address. Also included may be the file's publisher, author, creation date, download date, and various notes. This information is not embedded in the played content, like a watermark, but is kept separate, but within the file or stream.
As an example, metadata is used in media purchased from Apple's iTunes Store for DRM-free as well as DRM-restricted versions of their music or videos. This information is included as MPEG standard metadata.
standard is used by cable television providers in the United States to restrict content to services to which the customer has subscribed.
The broadcast flag
concept was developed by Fox Broadcasting in 2001, and was supported by the MPAA
and the U.S. Federal Communications Commission
(FCC). A ruling in May 2005, by a United States courts of appeals
held that the FCC lacked authority to impose it on the TV industry in the US. It required that all HDTVs obey a stream specification determining whether a stream can be recorded. This could block instances of fair use, such as time-shifting
. It achieved more success elsewhere when it was adopted by the Digital Video Broadcasting Project
(DVB), a consortium of about 250 broadcasters, manufacturers, network operators, software developers, and regulatory bodies from about 35 countries involved in attempting to develop new digital TV standards.
An updated variant of the broadcast flag has been developed in the Content Protection and Copy Management group under DVB (DVB-CPCM
). Upon publication by DVB, the technical specification was submitted to European governments in March 2007. As with much DRM, the CPCM system is intended to control use of copyrighted material by the end-user, at the direction of the copyright holder. According to Ren Bucholz of the EFF
, which paid to be a member of the consortium, "You won't even know ahead of time whether and how you will be able to record and make use of particular programs or devices". The normative sections have now all been approved for publication by the DVB Steering Board, and will be published by ETSI as a formal European Standard as ETSI TS 102 825-X where X refers to the Part number of specification. Nobody has yet stepped forward to provide a Compliance and Robustness
regime for the standard (though several are rumoured to be in development), so it is not presently possible to fully implement a system, as there is nowhere to obtain the necessary device certificates.
*Analog Protection System
*DCS Copy Protection
*Copy Control Information
*Content Scramble System
*Advanced Access Content System
*Content Protection for Recordable Media
*Digital Transmission Content Protection
*High-bandwidth Digital Content Protection
*Protected Media Path
*Trusted Platform Module#Uses
*Intel Management Engine#Design
*HTML5 video Encrypted Media Extensions
(HTML5 EME, often implemented with Widevine
In addition, platforms such as Steam
may include DRM mechanisms. Most of the mechanisms above are not DRM mechanisms per se but are still referred to as DRM mechanisms, rather being copy protection mechanisms.
The 1996 World Intellectual Property Organization Copyright Treaty
(WCT) requires nations to enact laws against DRM circumvention, and has been implemented in most member states of the World Intellectual Property Organization
The United States
implementation is the Digital Millennium Copyright Act
(DMCA), while in Europe the treaty has been implemented by the 2001 Information Society Directive
, which requires member states of the European Union
to implement legal protections for technological prevention measures. , the lower house of the French parliament adopted such legislation as part of the controversial DADVSI
law, but added that protected DRM techniques should be made interoperable, a move which caused widespread controversy in the United States. The Tribunal de grande instance de Paris
concluded in 2006, that the complete blocking of any possibilities of making private copies was an impermissible behaviour under French copyright law.
In 1998 "Interim Regulations" were founded in China, referring to the DMCA.
China also has Intellectual Property Rights, which to the World Trade Organization, was "not in compliance with the Berne Convention".
The WTO panel "determined that China's copyright laws do not provide the same efficacy to non- Chinese nationals as they do to Chinese citizens, as required by the Berne Convention". and that "China's copyright laws do not provide enforcement procedures so as to permit effective action against any act of infringement of intellectual property rights".
On 22 May 2001, the European Union passed the Information Society Directive, an implementation of the 1996 WIPO Copyright Treaty, that addressed many of the same issues as the DMCA.
On 25 April 2007, the European Parliament supported the first directive of EU, which aims to harmonize criminal law in the member states. It adopted a first reading report on harmonizing the national measures for fighting copyright abuse. If the European Parliament and the Council approve the legislation, the submitted directive will oblige the member states to consider a crime a violation of international copyright committed with commercial purposes. The text suggests numerous measures: from fines to imprisonment, depending on the gravity of the offense. The EP members supported the Commission motion, changing some of the texts. They excluded patent rights from the range of the directive and decided that the sanctions should apply only to offenses with commercial purposes. Copying for personal, non-commercial purposes was also excluded from the range of the directive.
In 2012, the Court of Justice of the European Union ruled in favor of reselling copyrighted games, prohibiting any preventative action that would prevent such transaction. The court said that "The first sale
in the EU of a copy of a computer program by the copyright holder or with his consent exhausts the right of distribution of that copy in the EU. A rightholder who has marketed a copy in the territory of a Member State of the EU thus loses the right to rely on his monopoly of exploitation in order to oppose the resale of that copy."
In 2014, the Court of Justice of the European Union ruled that circumventing DRM on game devices may be legal under some circumstances, limiting the legal protection to only cover technological measures intended to prevent or eliminate unauthorised acts of reproduction, communication, public offer or distribution.
India is not a signatory to WIPO Copyright Treaty
nor the WIPO Performances and Phonograms Treaty
. However, as a part of its 2012 amendment of copyright laws, it implemented digital rights management protection.
Section 65A of Copyright Act, 1957
imposed criminal sanctions on circumvention of "effective technological protection measures".
[Zakir Thomas, 'Overview of Changes to Indian Copyright Law' 01217 Journal of Intellectual Property Rights pp 324–334, 332 ]
Section 65B criminalized interference with digital rights management information. Any distribution of copies whose rights management information was modified was also criminalized by Section 65B.
The terms used in the provisions were not specifically defined, with the concerned Parliamentary Standing Committee indicating the same to have been deliberate. The Standing Committee noted that similar terms in developed terms were used to considerable complexity and therefore in light of the same, it was preferable to keep it open-ended.
A prison sentence is mandatory under both provisions, with a maximum term of 2 years in addition to fine, which is discretionary. While the statute doesn't include exceptions to copyright infringement, including fair use directly, Section 65A allows measures "unless they are expressly prohibited", which may implicitly include such exceptions.
Section 65B however, lacks any exceptions.
[Arul George Scaria, 'Does India Need Digital Rights Management Provisions or Better Digital Business Management Strategies?' 01217 Journal of Intellectual Property Rights pp. 463–477, 465 ]
Further. Section 65B (digital rights management information) allows resort to other civil provisions, unlike Section 65A.
It is important to note that the WIPO Internet Treaties themselves do not mandate criminal sanctions, merely requiring "effective legal remedies." Thus, India's adoption of criminal sanctions ensures compliance with the highest standards of the WIPO internet treaties. Given the 2012 amendment, India's entry to the WIPO Internet Treaties appears facilitated, especially since ratification of the WIPO Internet Treaties is mandatory under agreements like the RCEP.
Israel had not ratified the WIPO Copyright Treaty. Israeli law does not currently expressly prohibit the circumvention of technological measures used to implement digital rights management. In June 2012 The Israeli Ministry of Justice proposed a bill to prohibit such activities, but the Knesset
did not pass it. In September 2013, the Supreme Court ruled that the current copyright law could not be interpreted to prohibit the circumvention of digital rights management, though the Court left open the possibility that such activities could result in liability under the law of unjust enrichment.
In May 1998, the Digital Millennium Copyright Act (DMCA) passed as an amendment to US copyright law
, which criminalizes the production and dissemination of technology that lets users circumvent technical copy-restriction methods. (For a more detailed analysis of the statute, see WIPO Copyright and Performances and Phonograms Treaties Implementation Act
Reverse engineering of existing systems is expressly permitted under the Act under the specific condition of a safe harbor, where circumvention is necessary to achieve interoperability with other software . See 17 U.S.C. Sec. 1201(f). Open-source software to decrypt content scrambled with the Content Scrambling System
and other encryption techniques presents an intractable problem with the application of the Act. Much depends on the intent of the actor. If the decryption is done for the purpose of achieving interoperability of open source operating systems with proprietary operating systems, it would be protected by Section 1201(f) the Act. Cf., Universal City Studios, Inc. v. Corley, 273 F.3d 429 (2d Cir. 2001) at notes 5 and 16. However, dissemination of such software for the purpose of violating or encouraging others to violate copyrights has been held illegal. See Universal City Studios, Inc. v. Reimerdes, 111 F. Supp. 2d 346 (S.D.N.Y. 2000).
The DMCA has been largely ineffective in protecting DRM systems, as software allowing users to circumvent DRM remains widely available. However, those who wish to preserve the DRM systems have attempted to use the Act to restrict the distribution and development of such software, as in the case of DeCSS.
Although the Act contains an exception for research, the exception is subject to vague qualifiers that do little to reassure researchers. Cf., 17 U.S.C. Sec. 1201(g). The DMCA has affected cryptography
, because many fear that cryptanalytic research may violate the DMCA. In 2001, the arrest of Russian programmer Dmitry Sklyarov
for alleged infringement of the DMCA was a highly publicized example of the law's use to prevent or penalize development of anti-DRM measures. He was arrested in the US after a presentation at DEF CON
, and spent several months in jail. The DMCA has also been cited as chilling to non-criminal inclined users, such as students of cryptanalysis
including, Professor Edward Felten
and students at Princeton University
; security consultants, such as Netherlands based Niels Ferguson
, who declined to publish vulnerabilities he discovered in Intel
's secure-computing scheme due to fear of being arrested under the DMCA when he travels to the US; and blind or visually impaired users of screen reader
s or other assistive technologies
In Europe, there have been several ongoing dialog activities that are characterized by their consensus-building intention:
* January 2001 Workshop on Digital Rights Management of the World Wide Web Consortium
* 2003 Participative preparation of the European Committee for Standardization
/Information Society Standardization System (CEN/ISSS) DRM Report.
* 2005 DRM Workshops of Directorate-General for Information Society and Media (European Commission)
, and the work of the High Level Group on DRM.
* 2005 Gowers Review of Intellectual Property by the British Government from Andrew Gowers
published in 2006 with recommendations regarding copyright terms, exceptions, orphaned works, and copyright enforcement.
* 2004 Consultation process of the European Commission, DG Internal Market, on the Communication COM(2004)261 by the European Commission on "Management of Copyright and Related Rights" (closed).
* The AXMEDIS
project, a European Commission Integrated Project of the FP6, has as its main goal automating content production, copy protection, and distribution, to reduce the related costs, and to support DRM at both B2B and B2C areas, harmonizing them.
* The INDICARE
project is an ongoing dialogue on consumer acceptability of DRM solutions in Europe. It is an open and neutral platform for exchange of facts and opinions, mainly based on articles by authors from science and practice.
Many organizations, prominent individuals, and computer scientists are opposed to DRM. Two notable DRM critics are John Walker
, as expressed for instance, in his article "The Digital Imprimatur
: How Big brother and big media can put the Internet genie back in the bottle", and Richard Stallman
in his article ''The Right to Read'' and in other public statements: "DRM is an example of a malicious feature – a feature designed to hurt the user of the software, and therefore, it's something for which there can never be toleration". Stallman also believes that using the word "rights" is misleading and suggests that the word "restrictions", as in "Digital Restrictions Management", be used instead.
This terminology has since been adopted by many other writers and critics unconnected with Stallman.
Other prominent critics of DRM include Professor Ross Anderson
of Cambridge University, who heads a British organization which opposes DRM and similar efforts in the UK and elsewhere, and Cory Doctorow
, a writer and technology blogger.
and similar organizations such as FreeCulture.org
also hold positions which are characterized as opposed to DRM. The Foundation for a Free Information Infrastructure
has criticized DRM's effect as a trade barrier
from a free market
Bill Gates spoke about DRM at CES in 2006. According to him, DRM is not where it should be, and causes problems for legitimate consumers while trying to distinguish between legitimate and illegitimate users.
There have been numerous others who see DRM at a more fundamental level. This is similar to some of the ideas in Michael H. Goldhaber's presentation about "The Attention Economy and the Net" at a 1997 conference on the "Economics of Digital Information".
(sample quote from the "Advice for the Transition" section of that presentation:
"If you can't figure out how to afford it without charging, you may be doing something wrong.")
The Norwegian consumer rights organization "Forbrukerrådet" complained to Apple Inc. in 2007, about the company's use of DRM in, and in conjunction with, its iPod and iTunes products. Apple was accused of restricting users' access to their music and videos in an unlawful way, and of using EULA
s which conflict with Norwegian consumer legislation. The complaint was supported by consumers' ombudsmen
in Sweden and Denmark, and is currently being reviewed in the EU. Similarly, the United States Federal Trade Commission
held hearings in March 2009, to review disclosure of DRM limitations to customers' use of media products.
president Gabe Newell
also stated "most DRM strategies are just dumb" because they only decrease the value of a game in the consumer's eyes. Newell suggests that the goal should instead be "reating
greater value for customers through service value". Valve operates Steam
, a service which serves as an online store for PC game
s, as well as a social networking service
and a DRM platform.
At the 2012 Game Developers Conference
, the CEO of CD Projekt Red
, Marcin Iwinski, announced that the company will not use DRM in any of its future releases. Iwinski stated of DRM, "it's just over-complicating things. We release the game. It's cracked in two hours, it was no time for ''Witcher 2
''. What really surprised me is that the pirates didn't use the GOG
version, which was not protected. They took the SecuROM
retail version, cracked it and said 'we cracked it' – meanwhile there's a non-secure version with a simultaneous release. You'd think the GOG version would be the one floating around." Iwinski added after the presentation, "DRM does not protect your game. If there are examples that it does, then people maybe should consider it, but then there are complications with legit users."
The Association for Computing Machinery
and the Institute of Electrical and Electronics Engineers
have historically opposed DRM, even going so far as to name AACS
as a technology "most likely to fail" in an issue of IEEE Spectrum
Tools like FairUse4WM
have been created to strip Windows Media of DRM restrictions. Websitessuch as library.nu
(shut down by court order on 15 February 2012), BookFi, BookFinder
, Library Genesis
, and Sci-Hub
have gone further to allow downloading e-books by violating copyright.
The latest version of the GNU General Public License
version 3, as released by the Free Software Foundation, has a provision that "strips" DRM of its legal value, so people can break the DRM on GPL software without breaking laws like the DMCA
. Also, in May 2006, the FSF launched a "Defective by Design
" campaign against DRM.
provides licensing options encouraging the expansion of and building upon creative work without the use of DRM. In addition, Creative Commons licenses have anti-DRM clauses, therefore the use of DRM by a licensee to restrict the freedoms granted by a Creative Commons license is a breach of the Baseline Rights asserted by the licenses.
In reaction to opposition to DRM, many publishers and artists label their works as "DRM-free". Major companies that have done so include the following:
* Apple Inc.
sold DRM content on their iTunes Store
when it launched in 2003, but made music DRM-free after April 2007 and has been labeling all music as "DRM-Free" since January 2009. The files still carry tags to identify the purchaser. Other works sold on iTunes such as apps, audiobooks, movies, and TV shows continue to be protected by DRM.
* Since 2014, Comixology
, which distributes digital comics, has allowed rights holders to provide the option of a DRM-free download of purchased comics. Publishers which allow this include Dynamite Entertainment
, Image Comics
, Top Shelf Productions
, and Zenescope Entertainment
(formerly Good Old Games), a digital distributor
since 2008, specializes in the distribution of PC video game
s. While most other digital distribution services allow various forms of DRM (or have them embedded), gog.com has a strict non-DRM policy.
* Tor Books
, a major publisher of science fiction and fantasy books, first sold DRM-free e-book
s in July 2012. Smaller e-book publishers, such as Baen Books
and O'Reilly Media
, had already forgone DRM previously.
*Vimeo on Demand
is one of the publishers included in the Free Software Foundation
's DRM-free guide.
Many DRM systems require authentication with an online server. Whenever the server goes down, or a region or country experiences an Internet outage, it effectively locks out people from registering or using the material. This is especially true for a product that requires a persistent online authentication, where, for example, a successful DDoS attack
on the server would essentially make all copies of the material unusable.
Additionally, any system that requires contact with an authentication server is vulnerable to that server's becoming unavailable, as happened in 2007, when videos purchased from Major League Baseball
(mlb.com) prior to 2006, became unplayable due to a change to the servers that validate the licenses.
Discs with DRM schemes are not standards-compliant compact disc
s (CDs) but are rather CD-ROM
media. Therefore, they all lack the CD logotype found on discs which follow the standard (known as Red Book
). These CDs cannot be played on all CD player
s or personal computers. Personal computers running Microsoft Windows
sometimes even crash when attempting to play the CDs.
DRM is perceived to create performance drawbacks, as games tend to have better performance after the DRM is patched out. However, as game developers pointed out in the case of Rime
, the impact on performance can be minimised depending on how the DRM system is integrated. In March 2018, ''PC Gamer
'' tested ''Final Fantasy 15'' for the performance effects of Denuvo
, which was found to cause no negative gameplay impact despite a little increase in loading time.
Always technically breakable
DRM schemes, especially software based ones, can never be wholly secure since the software must include all the information necessary to decrypt the content, such as the decryption keys
. An attacker will be able to extract this information, directly decrypt and copy the content, which bypasses the restrictions imposed by a DRM system.
Even with the industrial-grade Advanced Access Content System
(AACS) for HD DVD
and Blu-ray Disc
s, a process key was published by hackers in December 2006, which enabled unrestricted access to AACS-protected content. After the first keys were revoked, further cracked keys were released.
To protect a secret decryption key
from the users of the system, some DRM schemes use encrypted media which requires purpose-built hardware to hear or see the content. A common real-world example can be found in commercial direct broadcast satellite
television systems such as DirecTV
and Malaysia's Astro
. The company uses tamper-resistant smart card
s to store decryption keys so that they are hidden from the user and the satellite receiver. This appears to ensure that only licensed users with the hardware can access the content. While this in principle can work, it is extremely difficult to build the hardware to protect the secret key against a sufficiently determined adversary. Many such systems have failed in the field. Once the secret key is known, building a version of the hardware that performs no checks is often relatively straightforward. In addition user verification provisions are frequently subject to attack, pirate decryption
being among the most frequented ones.
argues that digital copy prevention is futile: "What the entertainment industry is trying to do is to use technology to contradict that natural law. They want a practical way to make copying hard enough to save their existing business. But they are doomed to fail." He has also described trying to make digital files uncopyable as being like "trying to make water not wet". The creators of StarForce also take this stance, stating that "The purpose of copy protection is not making the game uncrackable – it is impossible."
All forms of DRM for audio and visual material (excluding interactive materials, e.g., videogames) are subject to the analog hole
, namely that in order for a viewer to play the material, the digital signal must be turned into an analog signal containing light and/or sound for the viewer, and so available to be copied as no DRM is capable of controlling content in this form. In other words, a user could play a purchased audio file while using a separate program to record the sound back into the computer into a DRM-free file format.
All DRM to date can therefore be bypassed by recording this signal and digitally storing and distributing it in a non DRM limited form, by anyone who has the technical means of recording the analog stream. Furthermore, the analog hole cannot be overcome without the additional protection of externally imposed restrictions, such as legal regulations, because the vulnerability is inherent to all analog means of transmission. However, the conversion from digital to analog and back is likely to force a loss of quality, particularly when using lossy
digital formats. HDCP
is an attempt to plug the analog hole, although as of 2009, it was largely ineffective.
released a soundcard which features a function called "Analog Loopback Transformation" to bypass the restrictions of DRM. This feature allows the user to record DRM-restricted audio via the soundcard's built-in analog I/O connection.
In order to prevent this exploit, there has been some discussions between copyright holders and manufacturers of electronics capable of playing such content to no longer include analog connectivity in their devices.
The movement, dubbed as "Analog Sunset", has seen a steady decline in analog output options on most Blu-ray
devices manufactured after 2010.
Consumer rights implication
Ownership issue after purchase
DRM opponents argue that the presence of DRM violates existing private property
rights and restricts a range of heretofore normal and legal user activities. A DRM component would control a device a user owns (such as a digital audio player
) by restricting how it may act with regard to certain content, overriding some of the user's wishes (for example, preventing the user from burning a copyrighted song to CD
as part of a compilation or a review). Doctorow has described this possibility as "the right to make up your own copyright laws".
An example of this restriction to legal user activities may be seen in Microsoft's Windows Vista operating system in which content using a Protected Media Path is disabled or degraded depending on the DRM scheme's evaluation of whether the hardware and its use are 'secure'. All forms of DRM depend on the DRM-enabled device (e.g., computer, DVD player, TV) imposing restrictions that cannot be disabled or modified by the user. Key issues around DRM such as the right to make personal copies, provisions for persons to lend copies to friends, provisions for service discontinuance, hardware agnosticism, software and operating system agnosticism, contracts for public libraries, and customers' protection against one-side amendments of the contract by the publisher have not been fully addressed. It has also been pointed out that it is entirely unclear whether owners of content with DRM are legally permitted to pass on their property as inheritance
to another person.
In one instance of DRM that caused a rift with consumers, Amazon.com
in July 2009, remotely deleted purchased copies of George Orwell
's ''Animal Farm
'' (1945) and ''Nineteen Eighty-Four
'' (1949) from customers' Amazon Kindle
s after providing them a refund for the purchased products. Commentators have described these actions as Orwellian
and have compared Amazon to Big Brother
from Orwell's ''Nineteen Eighty-Four''. After Amazon CEO Jeff Bezos
issued a public apology, the Free Software Foundation
wrote that this was just one more example of the excessive power Amazon has to remotely censor what people read through its software, and called upon Amazon to free its e-book reader and drop DRM. Amazon then revealed the reason behind its deletion: the e-books in question were unauthorized reproductions of Orwell's works, which were not within the public domain
and to which the company that published and sold them on Amazon's service had no rights.
Compulsory bundled software
In 2005, Sony BMG introduced new DRM technology
which installed DRM software on users' computers without clearly notifying the user or requiring confirmation. Among other things, the installed software included a rootkit
, which created a severe security vulnerability others could exploit. When the nature of the DRM involved was made public much later, Sony BMG initially minimized the significance of the vulnerabilities its software had created, but was eventually compelled to recall millions of CDs, and released several attempts to patch the surreptitiously included software to at least remove the rootkit. Several class action lawsuit
s were filed, which were ultimately settled by agreements to provide affected consumers with a cash payout or album downloads free of DRM.
When standards and formats change, it may be difficult to transfer DRM-restricted content to new media, for instance Microsoft's new media player Zune
did not support content that uses Microsoft's own PlaysForSure
DRM scheme they had previously been selling.
Furthermore, when a company undergoes business changes or even bankruptcy, its previous services may become unavailable. Examples include MSN Music, Yahoo! Music Store, Adobe Content Server 3 for Adobe PDF, Acetrax Video on Demand, etc.
DRM laws are widely flouted: according to Australia Official Music Chart Survey, copyright infringements from all causes are practised by millions of people. According to the EFF, "in an effort to attract customers, these music services try to obscure the restrictions they impose on you with clever marketing."
Lost benefits from massive market share
Jeff Raikes, ex-president of the Microsoft Business Division, stated: "If they're going to pirate somebody, we want it to be us rather than somebody else". An analogous argument was made in an early paper by Kathleen Conner and Richard Rummelt. A subsequent study of digital rights management for e-books by Gal Oestreicher-Singer
and Arun Sundararajan
showed that relaxing some forms of DRM can be beneficial to digital rights holders because the losses from piracy are outweighed by the increases in value to legal buyers.
Also, free distribution, even if unauthorized, can be beneficial to small or new content providers by spreading and popularizing content. With a larger consumer base by sharing and word of mouth, the number of paying customers also increases, resulting in more profits. Several musicians have grown to popularity by posting their music videos on sites like YouTube where the content is free to listen to. This method of putting the product out in the world free of DRM not only generates a greater following but also fuels greater revenue through other merchandise (hats, T-shirts), concert tickets, and of course, more sales of the content to paying consumers.
Push away legitimate customer
While the main intent of DRM is to prevent unauthorized copies of a product, there are mathematical models that suggest that DRM schemes can fail to do their job on multiple levels. The biggest failure is the burden that DRM poses on a legitimate customer will reduce the customer's willingness to pay for the product. An ideal DRM would be one which imposes zero restrictions on legal buyers but imposes restrictions on copyright infringers.
In January 2007, EMI
stopped publishing audio CDs with DRM, stating that "the costs of DRM do not measure up to the results." In March, Musicload.de, one of Europe's largest internet music retailers, announced their position strongly against DRM. In an open letter, Musicload stated that three out of every four calls to their customer support phone service are as a result of consumer frustration with DRM.
The mathematical models are strictly applied to the music industry (music CDs, downloadable music). These models could be extended to the other industries such as the gaming industry which show similarities to the music industry model. There are real instances when DRM restrain consumers in the gaming industry. Some DRM games are required to connect to the Internet in order to play them. Good Old Games
' head of public relations and marketing, Trevor Longino, in agreement with this, believes that using DRM is less effective than improving a game's value in reducing video game infringement. However, TorrentFreak published a "Top 10 pirated games of 2008" list which shows that intrusive DRM is not the main reason why some games are copied more heavily than others. Popular games such as BioShock, Crysis Warhead, and Mass Effect which use intrusive DRM are strangely absent from the list.
The Electronic Frontier Foundation
(EFF) and the Free Software Foundation
(FSF) consider the use of DRM systems to be an anti-competitive practice
Several business models have been proposed that offer an alternative to the use of DRM by content providers and rights holders.
[Committee on Intellectual Property Rights in the Emerging Information Infrastructure, National Research Council. (2000) "The Digital Dilemma: Intellectual Property in the Information Age." 3 May 2011. http://www.nap.edu/catalog.php?record_id=9601#toc]
"Easy and cheap"
The first business model that dissuades illegal file sharing is to make downloading digital media easy and cheap. The use of noncommercial sites makes downloading digital media complex. For example, misspelling an artist's name in a search query will often fail to return a result, and some sites limit internet traffic, which can make downloading media a long and frustrating process. Furthermore, illegal file sharing websites are often host to viruses and malware which attach themselves to the files (see torrent poisoning
). If digital media (for example, songs) are all provided on accessible, legitimate sites, and are reasonably priced, consumers will purchase media legally to overcome these frustrations.
Comedian Louis C.K.
made headlines in 2011, with the release of his concert film
''Live at the Beacon Theater
'' as an inexpensive (US$5), DRM-free download. The only attempt to deter unlicensed copies was a letter emphasizing the lack of corporate involvement and direct relationship between artist and viewer. The film was a commercial success, turning a profit within 12 hours of its release. Some, including the artist himself, have suggested that file sharing rates were lower than normal as a result, making the release an important case study for the digital marketplace.
Webcomic Diesel Sweeties
released a DRM-free PDF e-book on author R Stevens's 35th birthday, leading to more than 140,000 downloads in the first month, according to Stevens. He followed this with a DRM-free iBook specifically for the iPad, using Apple's new software, which generated more than 10,000 downloads in three days.
That led Stevens to launch a Kickstarter
project – "ebook stravaganza 3000" – to fund the conversion of 3,000 comics, written over 12 years, into a single "humongous" e-book to be released both for free and through the iBookstore; launched 8 February 2012, with the goal of raising $3,000 in 30 days, the project met its goal in 45 minutes, and went on to be funded at more than 10 times its original goal. The "payment optional" DRM-free model in this case was adopted on Stevens' view that "there is a class of webcomics reader who would prefer to read in large chunks and, even better, would be willing to spend a little money on it."
Crowdfunding or pre-order model
In February 2012, Double Fine
asked for an upcoming video game, ''Double Fine Adventure
'', for crowdfunding
and offered the game DRM-free for backers. This project exceeded its original goal of $400,000 in 45 days, raising in excess of $2 million. In this case DRM freedom was offered to backers as an incentive for supporting the project before release, with the consumer and community support and media attention from the highly successful Kickstarter drive counterbalancing Also, crowdfunding with the product itself as benefit for the supporters can be seen as pre-order
or subscription business model
in which one motivation for DRM, the uncertainty if a product will have enough paying customers to outweigh the development costs, is eliminated. After the success of ''Double Fine Adventure'', many games were crowd-funded and many of them offered a DRM-free game version for the backers.
Digital content as promotion for traditional products
Many artists are using the Internet to give away music to create awareness and liking to a new upcoming album. The artists release a new song on the internet for free download, which consumers can download. The hope is to have the listeners buy the new album because of the free download.
A common practice used today is releasing a song or two on the internet for consumers to indulge. In 2007, Radiohead
released an album named "In Rainbows
", in which fans could pay any amount they want, or download it for free.
Artistic Freedom Voucher
The Artistic Freedom Voucher (AFV) introduced by Dean Baker is a way for consumers to support “creative and artistic work.” In this system, each consumer would have a refundable tax credit of $100 to give to any artist of creative work. To restrict fraud, the artists must register with the government. The voucher prohibits any artist that receives the benefits from copyrighting their material for a certain length of time. Consumers can obtain music for a certain amount of time easily and the consumer decides which artists receive the $100. The money can either be given to one artist or to many, the distribution is up to the consumer.
[Baker, Dean. (2003). "The Artistic Freedom Voucher: An Internet Age Alternative to Copyrights." Pg. 2–8. Web. 3 May. 2011. http://www.cepr.net/documents/publications/ip_2003_11.pdf]
* Closed platform
* Conditional access
* Copy protection
* Digital asset management
* Floating licensing
* Genetic use restriction technology
* Hardware restrictions
* License manager
* Open Music Model
* Smart contract
* Smart cow problem
* Software metering
* Software protection dongle
* Trusted Computing
* Virtual data room
* Voluntary Collective Licensing
* ''DVD Copy Control Association, Inc. v. Bunner
* ''DVD Copy Control Association, Inc. v. Kaleidescape, Inc.
* ''RealNetworks, Inc. v. DVD Copy Control Association, Inc.
* ''Universal v. Reimerdes
– European Information, Communications and Consumer Electronics Technology Industry Associations
* Free Software Foundation Europe
* Motion Picture Association of America
* Open Rights Group
* Pirate Party
, a Swedish political party which is a proponent of free culture and free knowledge
* Recording Industry Association of America
* Secure Digital Music Initiative
* Trusted Computing Group
* Lawrence Lessig
's ''Free Culture
'', published by Basic Books
in 2004, is available fofree download in PDF format
. The book is a legal and social history of copyright. Lessig is well known, in part, for arguing landmark cases on copyright law. A Professor of Law at Stanford University
, Lessig writes for an educated lay audience, including for non-lawyers. He is, for the most part, an opponent of DRM technologies.
* Rosenblatt, B. et al., ''Digital Rights Management: Business and Technology'', published by M&T Books (John Wiley & Sons
) in 2001. An overview of DRM technology, business implications for content publishers, and relationship to U.S. copyright law.
Consumer's Guide to DRM
published in 10 languages (Czech, German, Greek, English, Spanish, French, Hungarian, Italian, Polish, Swedish), produced by thINDICARE research and dialogue project
* Eberhard Becker, Willms Buhse
, Dirk Günnewig, Niels Rump: ''Digital Rights Management – Technological, Economic, Legal and Political Aspects''. An 800-page compendium from 60 different authors on DRM.
* Arun Sundararajan
'Managing Digital Piracy: Pricing and Protection
uses the following digital rights conjecture, that "digital rights increases the incidence of digital piracy, and that managing digital rights therefore involves restricting the rights of usage that contribute to customer value" to show that creative pricing can be an effective substitute for excessively stringent DRM.
* Fetscherin, M., ''Implications of Digital Rights Management on the Demand for Digital Content'', provides an excellent view on DRM from a consumers perspective.
* ''The Pig and the Box
'', a book with colorful illustrations and having a coloring book version, by 'MCM'. It describes DRM in terms suited to kids, written in reaction to a Canadian entertainment industry copyright education initiative, aimed at children.
* ''Present State and Emerging Scenarios of Digital Rights Management Systems'' – A paper by Marc Fetscherin which provides an overview of the various components of DRM, pro and cons and future outlook of how, where, when such systems might be used.
* DRM is Like Paying for Ice
' – Richard Menta article on MP3 Newswire
discusses how DRM is implemented in ways to control consumers, but is undermining perceived product value in the process.
* A Semantic Web Approach to Digital Rights Management
' – PhD Thesis by Roberto García that tries to address DRM issues using Semantic Web technologies and methodologies.
* Patricia Akester, "Technological Accommodation of Conflicts between Freedom of Expression and DRM: The First Empirical Assessment" available at https://ssrn.com/abstract=1469412 (unveiling, through empirical lines of enquiry, (1) whether certain acts which are permitted by law are being adversely affected by the use of DRM and (2) whether technology can accommodate conflicts between freedom of expression and DRM).
BBC News Technology
Q&A: What is DRM?
by Richard Stallman
* from Microsoft
Microsoft Research DRM talk
by Cory Doctorow
iTunes, DRM and competition law
by Reckon LLP
* from CEN/ISSS (European Committee for Standardization / Information Society Standardization System). Contains a range of possible definitions for DRM from various stakeholders. 30 September 2003
Article investigating the effects of DRM and piracy on the video game industry
Information about DRM by Chaos Computer Club
, Defective by design
, Electronic Frontier Foundation
, Free Software Foundation Europe
, and other organisations.
DRM Is Failure
by Adam Singer at Future Buzz media marketing