I had a fun old time this morning speaking at a Digital Rights Management conference in London. My own attempt to introduce some reality on the security limits of DRM was generally well-received, aside from a couple of myopic content industry representatives. There were several other interesting presentations which I've summarised below.
Amir Majidimehr, Corporate VP at Microsoft's Windows Digital Media Division, gave the standard presentation of the capabilities of Windows and Media Player. He did though reveal some interesting strategic business decisions made by his company. Their "open" DRM platform requires licencees to sign an agreement with Microsoft, and pay a licence fee that serves to keep the number of licencees small. A fellow attendee's verbatim note was: "We don't want this technology to be available to every hobbyist. We need to keep the number of licensees down to a manageable number. We charge a license fee to keep the number of people we have to deal with down to a level we can handle." This may excite the US Federal Trade Commission and the EU Competition Directorate, who already have … issues with Microsoft's behaviour.
Microsoft has not made any attempt to standardise their DRM technology through a standards group. They want to control the media business model through control of the platform. They admit their technology is not foolproof, but should serve to keep honest customers honest. (The real problem is the dishonest customers, who will break their DRM and share the resulting files on P2P networks that will never be shut down, as Microsoft researchers have stated).
Cory Doctorow was good value as always. His checklist on whether a business model is Internet-ready should be required reading for venture capitalists and senior technology managers. An amazing statistic I hadn't heard before was that a survey by Big Champagne found that DRM-protected files exclusively released through iTunes typically appear in unprotected form on P2P networks 180 seconds later.
Stuart Rosove, Senior Director of Licensing and Business Development at Digimarc Corp. described his firm's successful business model. They are focusing on the use of watermarks to track the distribution and use of digital media, particularly in a business-to-business context. If the WIPO Internet treaties had stuck to protecting rights management information and left out the rules against the circumvention of Technological Protection Mechanisms, more companies would have realised that this is the realistic way to build a business on top of DRM tools.
Laurence Kaye gave an overview of the wider range of other applicable legislation, covering interjurisdictional contract enforcement, divergent copyright regimes and data protection law — which will prove a large obstacle for companies expecting to gather detailed information about consumers' media use through DRM in the European Union.
Andy Jones, Research Group Leader at British Telecom's Security Research Centre, had a number of difficult questions that businesses looking at DRM need to consider. They need to solve yesterday's and tomorrow's problems at the same time. They need to consider how security breach disclosure legislation will affect their storage of sensitive customer data. They need to sort out the interaction of DRM and fair use/dealing.
Finally, we had the privilege to hear of a new "unbreakable" watermarking algorithm from Eric Silberstein, CEO of Activated Content and a business partner of the International Federation of Phonogram and Videogram Producers (IFPI). I'd be fascinated to see how many days one of Ed Felten or Ross Anderson's PhD students would take to test that theory to destruction.
Some technology and content companies seem to be realising that there are real limits to the business models they can build on the shaky technology of DRM. Let's hope their colleagues see the light sooner rather than later.