DRMs: Securing Copyright or Invading Privacy? A Music Industry Approach.

By Guest Blogger: Jesus Manuel Niebla Zatarain

Is DRM really the answer to the need to strike a balance between the protection of a creators’ copyright and the interests of the consumer? Is it a good option for creators? A brief look at the history of DRM in the music industry highlights some concerns …

There are few human creations that have had such a huge impact on everyday life as the internet. It has reshaped the way we see the world, making it smaller, more connected, and providing an electronic highway that has allowed human creations to be shared with a wider spectrum of people than ever before. It has been used to provide access to a broad range of services such as e-mail, electronic transactions, educational sessions, and even government services.

The impact of this digital shift was also embraced by a number of content industries including the movie, music, literature, and video games sectors. As access expanded so too did both the number of potential clients and available business opportunities. As a result, and within only a short period of time, many providers moved from solely selling their products through physical devices to selling them in digital forms also.

However the initial implementation of digital technologies lacked a proper means to deal with the unwanted aspects of the new distribution channel. Chief amongst there was the proliferation of unauthorized copies – more commonly referred to as digital piracy. Several industries quickly came to realize that implementing digital sales channels may, in actual fact, turn out to be prejudicial to their businesses if it was not possible to find some way to limit the spread of illegal copies.

The music industry however arguably failed to adapt to this new technological reality in a timely manner. Experts state that the music industry hesitated when presented with the realities of the new situation and did not take a definitive position in relation to the online market early on. This made it an easy target when it came to accessing and distributing their material illegally.  The lack of a coherent security strategy prevented the music business from being able to make an efficient stand against illegal distribution. Instead the industry, with misplaced confidence, relied on their belief that that illegal copying would soon become controlled and that, as was the case in the previous vinyl and cassette era’s, the quality of the original products would continue to be superior to that of the illegal copies.


Available under CC BY-SA 2.0 by g4ll4is

Indeed before the arrival of Compact Disks (CD’s) the making of unauthorized copies was much less convenient due to the amount and size of the equipment needed to do so. CDs changed this as they meant that practically every person that owned a personal computer owned all the necessary equipment for creating copies (see p.7-8).  This brought about a late attempt to increase the security of music distributed on the Internet in order to counteract the ease with which consumers could take such music and produce potentially unlimited perfect copies of it on CDs.

The growth of P2P networks and the mobility of the servers however made preventing the dissemination of files almost impossible to accomplish once they were in the wild. As a result, and after dealing with several different positions, music industry managers decided to adopt an approach centred upon preventing the file from being copied in the first place. With no copy, the logic ran, there would be nothing to distribute. To this end tools based around the concept of a digital ‘lock’ were developed to help defend creations against unwanted uses. Such tools were known as Digital Rights Management – or DRM for short. The expectations surrounding these technologies were initially very high, with authors such as Samuelson stating that: “Copyright industries are hoping that digital rights management (DRM) technologies will prevent infringement of commercially valuable digital content, such as music and movies”.


Image placed in the public domain by Operation Payback

However this new security approach had setbacks from the very beginning. In addition to being technically ineffective, customers were unhappy with the boundaries that the technology imposed upon them, complaining that the technology was limiting their use of the product. DRM technologies restricted, for example the number of times a file could be transferred, played, or even the devices with which it was compatible.

The FairPlay DRM, attached to songs downloaded from Apple’s ITunes before 2009, serves as a good example of the issues that many consumers had with the concept. The system worked by creating a key that authorized the user to play the file that had just been purchased. This key identified the system on which the file was downloaded and allowed the DRM system to keep track of how many times the song had been copied. As Persson and Nordfelth state this approach limited the number of times a user was able to distribute the file (up to five times) – much to the displeasure of many consumers. Furthermore it only allowed these music files to be played on Apple devices, locking out users of other manufacturers.

Along similar lines the Open MG system, designed by Sony BMG to protect the audio files downloaded from its store, limited the playback of the files to Microsoft Media Player, Sony PCs, and Sony music players. In order to be played on Linux systems such as Red Hat or Fedora the file needed direct authorization: it could not be directly installed in the same way as it could for consumers using Windows. Some consumers therefore faced hurdles to the use of their legally purchased songs.


Available under CC BY-SA 3.0 by Skullyvan89

Over and above the consumer backlash, these DRM implementations also suffered from several fundamental design flaws. Firstly, they were based on the concept of ‘checking in – checking out’. This however proved to be a very risky approach from a technical perspective as it left the hosting PC vulnerable to attacks by any moderately-competent programmer. Moreover, such implementations were not able to identify corrupted files making it not only highly insecure but also unlikely to be maintained by the customer. Some DRM implementations caused the crashing of users’ operating systems and even allowed in instances the creation of illegal software entries that could be used by hackers to gain access to personal information.

Overall therefore it can be argued that not only does the framework of today’s DRM lack effective protection for works but that it can also be considered intrusive and can damage the client-producer relationship that is at the base of, amongst many others, the music industry. DRM can also be considered a security hazard due to its deployment of software on the users system which may introduce back-doors and vulnerabilities that would otherwise not be present. For creators therefore DRM offers few upsides: incomplete protection is combined with consumer irritation and security issues.

DRM systems can also be challenged on the further basis that they do not allow the user the full use of their permitted exemptions with regards to copyright. As the Americans would say – it restricts fair use. Users who wish to make a copy of the work for perfectly legal ends – such as to create an accessible copy for visually impaired persons – are unable to do so by DRM systems that cannot distinguish legal copying from illegal. As a result it can be argued that it would be beneficial to consider whether legal adjustments are needed in order to ensure that DRM technologies achieve a better balance between the rightful protection of creator’s copyright and the interests (legal and otherwise) of consumers such as music buyers.