A small number of organizations supply the majority of the technology used to create and distribute digital data. Microsoft, Intel, Cisco, IBM, HP/ Compaq, Sony, and Adobe primarily control the technology. Disney, Viacom, Vivendi, News Corporation, and AOL/ Time Warner control the content and distribution. Also, a significant amount of overlap takes place. For example, Microsoft publishes content and AOL has a significant technology infrastruc- ture.
No single independent vendor could influence all these giants into using a common third-party solution. This, of course, has not prevented a number of companies from trying to create DRM solutions during the dot-com boom. When they all eventually went out of business, the major media giants snatched up their technologies at fire- sale prices. As a result, no significant independent DRM vendors are left.
of the most widely available DRM systems. Chances are you’ll be choosing from one of these.
The Secure Digital Music Initiative (SDMI) is the most widespread form of digital rights management technology currently available. The initiative was spear- headed by the RIAA. It uses a combination of hardware and software to limit how digital data can be exchanged between compliant devices. The resulting technolo- gies have already become an integral part of many consumer audio, video, and com- puting devices. Sony has an SDMI-compliant technology called MagicGate/OpenMG. It’s built into all Sony devices that record or play multimedia, such as camcorders, minidisc recorders/players, MP players, personal digital assistants (PDAs), and PCs. Sony devices can exchange data, when authorized, using their SDMI-compliant MemoryStick. Panasonic has a similar technology called Secure Digital, which is built into devices from competing manufacturers. Of course, even this can be cir- cumvented.
Another major digital rights management initiative is controlled by the Motion Picture Experts Group (MPEG), which defines standards for digital audio and video. The MPEG-1 standard is used by CDs and MP3s, and the MPEG-2 is used in digital television and DVDs. MPEG-21will be the first multimedia standard that in- corporates a complete digital rights management framework. This standard will be finalized in 2009. Many major media organizations, such as the Motion Picture Association of America(MPAA), are working with the MPEG group on this stan- dard, but the MPEG-21 standard doesn’t address text or Web rights management.
Microsoft has a number of different digital rights management initiatives that may ultimately converge. Their first foray started with tools for controlling audio and video. Their proprietary Windows media format was designed to include optional copy protection. This was trivial for hackers to circumvent and therefore never achieved popularity. Their second initiative was .NET, which brings protection to the next level by providing a centralized authorization and license control system (Passport). This also has a number of drawbacks, especially for content distributors who don’t want to have Microsoft involved in every transaction.
Intel, IBM, Compaq/HP, and Microsoft have joined together as the Trusted Computing Platform Alliance (TCPA). Their purpose is to ensure that the major- ity of consumer hardware and software supports their planned secure computing in- frastructure. This polygamous affair has spawned a love child named Palladium. It’s a secure operating system that relies on special security hardware. The goal is to give future users a choice of having a “secure” environment that is completely con- trolled by the TCPA or to have an insecure computer running their choice of DOS, Windows 3.1, or Linux. To call this initiative controversial would be like calling Boston Red Sox fans patient.
If your goal is to secure documents that will be distributed over the Internet, you’ll probably want to look into Adobe’s digital rights management initiative for PDF documents and e-books.
The currently available solutions are far from perfect or ideal, but they’re a start. Companies that need more flexibility and control often implement their own digital
Part III Reserving Rights 85
Chapter 6 Reserving Rights: Digital Rights Management 09_200423_CH06_Sonnenreich 9/3/03 1:15 PM Page 85
rights management systems. This can be time consuming but can also result in a highly effective system that properly integrates with the organization’s business processes.
Final Thoughts
The current state of digital rights management reality leaves more questions than answers. Here are a few parting thoughts:
• Will there be compatible standards, or will the major stakeholders continue to move in different directions? Incompatible standards will create security lapses, which will defeat the entire purpose of DRM.
• Who is actually in charge? Who will be the one to monitor the trust infrastructure? Industry? Government? The public? Can any of these three groups actually trust the other two? If, on a social level, no trust exists, how can technology solve the problem?
The law will either make or break digital rights management. A weak law will en- courage the creation of circumvention technology. A strong law will punish circum- vention. The complexity of the protection technology is irrelevant. If hackers see value in circumventing DRM technologies, they will. Therefore, why is anyone wast- ing time on a secure infrastructure when the only critical factor is the law?
86 Network Security Illustrated