Ebooks 101: DRM (Digital Rights Management)
To modify the saying . . . Where does a 300lb gorilla apply DRM (digital rights management)? Wherever he wants. And in the case of many publishers that is everywhere. But what exactly is this seemingly ever-present DRM?
As a broad definition, DRM refers to a technology that works to protect digital content. This could include, for example, locking content to an account, requiring a password to open a file, making use of a hardware key, or applying digital watermarks. In general, DRM can usually be described as being either active or passive. Active DRM, like that used on many ebooks, actively prevents content from being read or copied to unauthorized devices. The content is encrypted so that the only way to access it is through an authorized reader. Passive DRM usually uses watermarks to subtly alter the content to show ownership or to allow identification of the original source in the case of infringement.
In the real world of digital content, active and passive DRM can be easily described using an old standby and a newcomer to the ebook world. Probably the most well-known version of active DRM on ebooks is Adobe Digital Editions (ADE). This protection scheme is applied using the Adobe Content Server, which encrypts content so that it can only be unlocked by an authorized user license. ADE is quite aggressive in this protection; a user license can only ever have six devices attached to it. If one is lost, then you are down to five devices. There is no way to recover a lost device activation. In contrast, the new Pottermore releases of Harry Potter ebooks use a passive DRM technology from Booxtream, a Dutch company. There is nothing to stop you from reading the books on a variety of devices, and no technical blockages to your sharing the books openly. Booxtream’s technology, however, embeds unique transaction IDs throughout the ebook files. If an ebook is shared publicly, this will allow Pottermore to track the infringement back to an original purchaser.
Other companies have adopted hybrid models that mix together active and passive methods. For example Apple’s FairPlay DRM restricts the number of computers that can be authorized to access and load content to five, but there is no limit to the number of player devices that can be loaded from those five computers.
If publishers and authors are going to demand that libraries make use of DRM, a hybrid system similar to Apple’s might work best for libraries. The content is locked to a particular library, but there is nothing disrupting the loan process. Libraries will have to respect the limitations of the license, but will not be held back by overly restrictive technology.
It is important to remember that applying DRM to digital content is like locking the doors on a convertible when the top is down. It may make you feel safer, and it may stop people who are walking around trying car doors, but what it really offers is security theater. All of the major DRM methods have been cracked. In most cases, the cracks are widely published (like stories on boing boing) and offer one-click ease. I would report the breaking news that the Harry Potter books have been pirated and released, except that in most cases that already happened years ago within hours of their release (if not before).
Publishers would be much safer trusting libraries to uphold our covenant to respect copyright and intellectual property rights, rather than spending more time and energy pretending that DRM works.