Stay in touch…


Read the latest Bitstream

RSS Feed


Look for us at LinkedIn


Follow us on Twitter

Mix Magazine

This installment of The Bitstream column appeared in the August 2002 issue of Mix Magazine.

The Bitstream

This column discusses discusses the difficult but necessary technology surrounding Digital Rights Management…

Cloak, No Dagger

This month, I’m talking about a controversial subject, the ephemeral rights management chimera composed of equal parts copy control, cryptography and steganography. Each is distinct but part of a virtual wrapper, swaddling the content and protecting the content holder from loss of sales revenues. Note that I said “holder,” not creator which is, in my mind, the source of many of the problems seen so far. When implemented well, DRM or digital rights management is effective yet out of sight but, when botched, it’s intrusive at best and at worst, a product killer.

Though the underlying technology of DRM is complex and multifaceted, the basic concept of copy control is familiar; lock it up and control who gets the keys. This premise revolves around trusted systems. A digital asset, once it leaves the content creator’s hands, is open to a variety of “attacks,” any one of which can free it from further control by those who hope to profit from its existence. As the asset passes from one way point to another in the production and subsequent distribution process, trust in the mode of carriage, whether electronic or optical, keeps the digital data safe from pirating.

The basis for authentication of most trusted systems is itself a trusted mechanism, typically the public/private key encryption standard first commercialized in 1977 by RSA Security and commonly used throughout modern electronic commerce and banking. RSA’s standard, to quote a tech note of theirs, “…describes a method for implementing (a) Diffie-Hellman key agreement, whereby two parties, without any prior arrangements, can agree upon a secret key that is known only to them and, in particular, is not known to an eavesdropper listening to the dialogue by which the parties agree on the key. This secret key can then be used, for example, to encrypt further communications between the parties. The intended application of this standard is in protocols for establishing secure connections, such as those proposed for OSI's transport and network layers.”

The SSL or Secure Sockets Layer web protocol is a common use of public key encryption. If you look in your browser (Win IE5.5: Tools > Internet Options… > Content > Certificates or Mac IE5.1: Preferences > Security), you’ll find public key certificates from Thawte, Verisign and many other certificate service providers, companies whose job it is to sell digital authentication. These certificates, used as part of verification requests to unlock or access information, are used to ensure that the responding entity matches the “real,” brick and mortar version and is not being spoofed or sidetracked.

Attacks on protected data take various forms, from sophisticated to simple. With some serious compute power or a great deal of time, one can usually overcome most all encryption schemes. Highly motivated individuals will usually prevail give enough resources so, the basic premise of most trusted systems is that a reasonable amount of protection is afforded against the time and energy of a casual attacker. However, once an asset is in the analog domain, copying is simplicity itself and circumvents all digital controls.

For those instances when controls may have been avoided as in an analog copy, there’s always watermarking. Watermarking is a form of steganography, the science of data hiding. Though development began in ancient times, the idea of steganography is to hide information rather than encrypt it. The classic “Paul is dead…” backward masking message on Beatles records is a good example of information “in plain sight,” but not readily apparent to the average listener. Digital implementations of watermarking for audio and video provide a low bandwidth channel for data to any receiver designed to “understand” the hidden message, typically relating information about the content holder and the date and recipient of some individual copy. This allows the source of pirated material, even via analog copying, to be traced back to the offender in the event of any legal proceedings.

The DVD-Audio standard includes the use of watermarking and some DVD-Audio titles, especially those from Warner Music, have had the material watermarked prior to MLP encoding. Supposedly, one senior record label executive said during the brouhaha surrounding the first DVD-A watermark listening tests, “Sooner or later, any encryption system can be broken. We need watermarking technologies to tell us who did it.” Unfortunately, the license governing usage of the sanctioned watermarking mechanism for DVD-A is prohibitively expensive. Along with questions of survivability, audibility and resultant degradation of quality, the cost keeps most lesser record labels from employing watermarking (see comments on watermarking from Telarc below).

Another and, perhaps, better use for watermarking, part of a holistic approach to managing content rather than just locking it up, is monitoring the deployment and usage of an asset. Verance, the same licensors of the 4C–approved watermarking mechanism for DVD-A, offers ConfirMedia, a complete package to broadcasters that allows music to be tagged prior to transmission and monitored after it’s been broadcast. ConfirMedia can “accurately monitor and track television and radio commercials, music, programs, and program promos whenever and wherever they air…(and you) receive reliable, detailed broadcast detection reports the very next day. Plus, (their) free software-based encoding process is simple to use, and will not interfere with the sound quality of your final audio mix.” If you live in one of the top 100 US media markets, as I do, then perhaps your fave FM station is watermarking their feed.

Many times, you implicitly trust the party at the other end of a transaction and need only “harden” the transport mechanism itself. There are several solutions to that problem, from basic file transport programs such as SFTP (secure FTP) to complete turnkey systems from vendors like WAM!NET. The aforementioned Warner Music, along with Vivendi Universal and others, use WAM!NET’s Optical Media Solution to move files from one remote point to another in their production process.

Speaking of complete B2B (Business to Business) packages, the solution offered by DMOD, a vendor of media access control products, “packages” all content on-the-fly for each individual recipient and every transaction. This individualized wrapping means that, even if one recipient breaks the key and compromises a file, other recipients cannot gain access, as was the case with the CSS encryption standard used in the DVD-Video format. Other DRM vendors use, as DMOD says, “…a pre-packaged digital rights management model, where the content is encrypted once for every recipient and access is controlled through a license server.” One of those other companies, WebWare, offers complete web–based management products that integrate all stages of production and delivery to the end user.

An interesting event in the DRM space occurred last December when Microsoft was awarded a patent for what the company describes as a “digital rights management operating system.” The patent appears to deal specifically with antipiracy technology as an integrated part of their operating system, which brings us to what is often the weak link in the whole rights management chain, the consumer. The B2C (Business to Consumer) market, what we think of as distribution, tends to be conceptually different from content creation. DRM has seen very little success in that marketplace but that doesn’t seem to have discouraged certain special interest groups (see Sidebar below).

A rich mix of unfettered avarice, petulant histrionics and a seeming need to have the last word has kept the record industry alternately quivering with fear and loudly bullying others who don’t agree with their half–baked schemes. Since the RIAA and major labels lost sight long ago of their value proposition, let me remind them that perceived value is fundamentally linked to perceived cost, monetary or otherwise. If you provide a product for a reasonable fee, folks will buy it. If you jack the price, people seek alternatives. In the long term, let’s hope that reason, not greed, prevails.


Broke Down & Busted

OK, so what examples have I of a successful approach to end user DRM? Actually, I can’t think of one off hand since so far, our industry’s track record has been ridiculous! Also, no new distribution format has yet gone live that builds DRM in at the start. Though end–user costs and licensing agreements with the Majors appear to be hampering the roll out of DataPlay, their fundamental concept is sound.

DataPlay starts with a proprietary medium, then weds it to recorders that always include embedded DRM. They’ve also worked hard to garner buy-in from the majors, which should allow pre-recorded, read-only discs to appear at the product rollout without worries of piracy. Arr, matey.

Rights management must be a cradle–to–grave approach for the content or all bets are off. There are too many potential methods of attack for a piecewise paradigm to work. Unfortunately, it’s the pioneers that often get the arrows in their backs while the second or third wave of settlers reap the full rewards of a new endeavor. Old school pioneers, like A2B and Liquid Audio, have found that revenues cannot cover the cost of purchasing infrastructure while buying mind share in both business alliances and consumer confidence. Since traditional distribution channels have amortized these factors long ago, they continue to serve the public just fine.

As an example of a poorly conceived and executed end user DRM solution, what better than the SDMI, the Secure Digital Music Initiative? Pah–leeze…How about for–pay downloadable music? If any of you out there have actually spent more than $10 on music downloads, please write and tell me what is the value to you. While not approving of wholesale trading via P2P or other mechanisms, I do download a good deal of noncommercial, no–cost music to explore new material that I probably would have missed. It helps me make informed decisions at my local record store but I can’t, for the life of me, figure out why any adult would sign up for a service like pressplay or MusicNet. What they were thinking when they dreamed up their tariff schedules is beyond me. The only for–play content schemes that I see making sense are rich media channels delivering either time–critical business intelligence or fetish entertainment, whether it be cooking, sex or sports. But audio–only stuff? I think not. There are too many alternative distribution channels, thank the Gods, and I’m certainly happy with those prior offerings in optical, downloadable and streaming channels.

Telarc on DRM

An e-mail correspondence between Michael Bishop at Telarc and myself:

Subject: Re: Verance
In a message dated 10/04/2000, OMas writes:

> Hope all is well...anyone there
> care to publicly or privately
> comment on the Verance watermarking
> scheme adopted for DVD-A? This month,
> I'm flaming DVD-A.

Dear Oliver,

Regarding watermarking for DVD-A, there will be no Telarc DVD-A releases with watermarking in its present form (i.e., Verance). There are no proven long-term listening tests, and certainly the short-term listening tests have not been conducted very well. The licensing costs are prohibitive and would threaten profitibility more than what any piracy of our product does presently. Lastly, there is no proof that Verance watermarking will do anything for us to prevent piracy of our product in the long term with any guarantee that the process cannot be reverse-engineered.

Telarc trusts its customers. We are even supplying a MP3-compatible version of the stereo program on the DVD, in addition to the DTS and/or DD in the video section. The DVD-A section contains the high-res stereo plus the 6-channel in MLP.

With Best Regards;
Michael Bishop


OMas looks forward to fall colors and this month’s Linux World Conference and Expo here in the Pueblo By The Bay. The digital assets for this column, all 46 of them, were managed while under the influence of The Swimming Hour from Andrew Bird and his Bowl of Fire along with the classic strains of Rudy Van Gelder’s reissue of Lee Morgan’s The Sidewinder.

Background Information…

Fabien A.P. Petitcolas’ mp3stego is an example of the many steganography utilities available

Sun’s Introduction to Public Key Cryptograph