Inisoft of Korea Acquires BuyDRM May 24, 2012
Posted by Bill Rosenblatt in DRM, Video.add a comment
Inisoft, a Korean company that does software development for mobile media applications, has acquired Texas-based BuyDRM. BuyDRM is a well-established player in the Microsoft DRM ecosystem with customers including HBO, BBC, and NBC. The company offers a DRM platform called KeyOS that incorporates Microsoft’s PlayReady DRM; Inisoft focuses on media player applications and DRM clients for mobile devices.
The deal is a good one for both parties as well as the premium video content marketplace in general. It enables BuyDRM — which will continue to operate under its own name — to increase its ability to offer the “one stop shopping” that service providers are often looking for, to build services that work on multiple devices more quickly and easily. This is increasingly necessary as service providers are scrambling to build “TV Everywhere” type services over multiple networks to a growing number of devices.
The newly-merged company is in a sweet spot in the video market, due to PlayReady’s emergence as a leading DRM for Hollywood content, for both streaming and download. Yet while Microsoft has fostered a healthy partner ecosystem, as it typically does for “platform” technologies like PlayReady, the ecosystem that exists can be confusing to service providers.
For one thing, Microsoft isn’t supporting the most popular client platforms by itself. Microsoft provides PlayReady server code and client code for Windows, Silverlight (Microsoft’s web application development platform), and Windows Phone, plus an SDK for porting to non-Microsoft platforms. But unlike other video DRM providers (e.g., Widevine), it doesn’t provide the actual ports to other client devices — including the most popular (and admittedly competing) platforms, Apple’s iOS and Google’s Android. Instead it leaves that to its partners.
The other problem is that Microsoft’s PlayReady partners cover an overlapping array of technologies and services that can be confusing to service providers who just want to get something up and running that meets Hollywood’s content protection requirements. There’s a profusion of vendors with different and often overlapping product sets. As a few examples: Discretix and Trusted Logic offer secure client ports but not server code; Axinom and castLabs offer server-side only; AuthenTec and Irdeto offer both server and client implementations; Verimatrix integrates PlayReady with its own stream protection technology; yet other vendors like Azuki Systems provide complete platforms for multiscreen Internet video content delivery with many more components beyond DRM.
The process of acquiring this technology is thus more complicated than it needs to be, especially in this age of proliferating devices and platforms. Service providers that are interested in using PlayReady to protect licensed content don’t get much help from Microsoft in guiding them through this maze of products and services; partners are left to do all the marketing. (Microsoft itself hasn’t put out a press release on PlayReady in over a year, despite its traction in the market.) In effect, Microsoft has let the market sort itself out through the relatively slow and cumbersome processes of partnerships, OEM deals, multiple-vendor arrangements, and — in the case of BuyDRM and Inisoft — mergers/acquisitions.
Having said that, Inisoft’s acquisition of BuyDRM should help bring some much-needed clarity to service providers. It is a positive development for the market for multi-device video services with studio content.
Roots of the Online Upheaval of SOPA/PIPA May 13, 2012
Posted by Bill Rosenblatt in DRM, Law, United States.add a comment
I’m in the middle of reading a new book called Hollywood’s Copyright Wars: From Edison to the Internet, by University of Pennsylvania professor Peter DeCherney. I’ll report back on this book later; today I want to talk about a PhD dissertation that appears in a footnote in this book.
Bill Herman’s dissertation at Penn’s Annenberg School of Communication is called The Battle over Digital Rights Management: A Multi-Method Study of the Politics of Copyright Management Technologies. It was written in 2009, and it presciently anticipates the online movement that led to the downfall of SOPA and PIPA two years later.
Herman — now a professor of film and media at Hunter College in NYC — looked at four legislative developments in U.S. digital copyright policy and measured how they were influenced by three types of communication: direct communications with legislators (e.g., lobbying), the press, and online. The four developments were the Audio Home Recording Act (1992), the anticircumvention provision of the Digital Millennium Copyright Act (1998), efforts to revise the DMCA (2003-2005), and the FCC Broadcast Flag regulation (2006).
Herman’s research analyzes communications in those three arenas and grades them according to whether they tilt “strong copyright” or “strong fair use.” He finds that communications with congress, which tilted strongly “strong copyright,” predominated in the earlier years; press reporting (in the Washington Post and New York Times) was roughly balanced, with a slight “strong fair use” tilt; then online communication took over the debate with a forty-to-one “strong fair use” slant and influenced the repeal of the FCC Broadcast Flag regulation in 2007. Although Herman is unabashedly on the “strong fair use” side, his methodologies for identifying and characterizing these various communications are rigorous and do not show bias.
In his introduction, Herman writes: “While the time period under study does not include their ultimate triumph at the bargaining table — as of this writing, what I describe as the strong fair use coalition still has not won a major legislative victory — it does include the beginning of their time as a genuine force at that table.” As a prediction of the online and copyleft communities killing SOPA and PIPA, this is pretty impressive.
Herman’s thesis goes into great detail about the ways in which the “strong fair use” axis posted lots of material online to feed the debate, while the other side didn’t. It’s a trove of factual evidence about how to shape policy debate in the Internet age (and how not to). It also, in effect, shoots holes in the theory held by some strong-copyright people that a Google-led cabal caused the defeat of SOPA and PIPA.
I admit not to having read the entire 400-plus pages of the dissertation, though it contains a much more manageable 27-page introduction that summarizes the methodology and results. With that caveat in mind, I can identify one shortcoming in Herman’s methodology that, if he had corrected it, might have changed the nature of his conclusions.
Herman tracked press stories that specifically covered the four legislative developments mentioned above. But he didn’t track stories that covered the real-world marketplace of the technologies being regulated – articles by the likes of David Pogue in the Times and Walter Mossberg in the Wall Street Journal. (Nor did he track online content about the same, from the likes of TechCrunch, CNet, etc., not to mention Internet ideologues like Cory Doctorow and thousands or millions of blogs.)
If he had done this, he would have found a much more anti-DRM tilt in the press during the early-mid 2000s than he did. Articles from this period (and thereafter) took a populist, pro-consumer viewpoint: after all, people read Pogue, Mossberg, and CNet to help them choose the best digital content services and devices. The job of these writers isn’t to defend the interests of copyright owners or content creators; it’s to help sell newspapers and drive traffic to websites.
These sources routinely praise digital content services and devices that offer as many rights to as much content for as little money as possible. DRM can be used to enable new content distribution models, but it can also be used to force consumers to pay, limit interoperability, and restrict uses of content that are allowed under copyright law. Thus it makes sense that these writers would paint DRM in a negative light.
One has to wonder how much the pro-consumer point of view in this press coverage influenced legislation. The journalists who covered legislative developments during the period Herman studied did not overlap much with those who covered products and services. For example, Jenna Wortham, Jonathan Weisman, and Brian Stelter provided the bulk of legislative coverage at the Times, while over at CNet, Declan McCullagh wrote about policy and legislation while Greg Sandoval did (and does) most of the marketplace coverage.
Herman attributes the “strong fair use” coalition’s increased legislative influence to its greater effectiveness than the “strong copyright” community in putting its message out online. But I would suggest that they had a lot of help from both professional and amateur writers about consumer media technologies, who led people to wonder why technologies like DRM exist and then what role government plays in them.
It might not be as easy to gauge that influence, but it was — and is — surely significant; and that means that the press could well influence digital copyright legislation more strongly than Herman surmises. Herman seems eager to glorify the power of the Internet by itself. While there’s no doubt that Internet forces killed SOPA and PIPA, what Herman calls the “strong fair use” movement has roots outside of the copyleft academia and advocacy groups that he credits (he was an intern at Public Knowledge and considers Larry Lessig a hero).
Regardless, the defeat of SOPA and PIPA has made it clear that the online community now has a lot of power over policy debate. Gary Shapiro of the Consumer Electronics Association wrote a letter to the editor in the Times admitting that “back rooms do not exist on the Internet.” I would suggest that if the RIAAs and MPAAs of the world want to understand how to engage the online public in order to shape future legislation, Herman’s thesis ought to be required reading for them.
As a postscript, there is now a bit of overlap in coverage of digital content products and services and legislative policy, now that people are digging through the post-SOPA/PIPA wreckage and considering what to do next. David Pogue, for example, got around to actually reading the legislation back in January as it was failing. He made two badly-needed observations: that many of the objectors to SOPA and PIPA didn’t like it simply because it could cut off their supply of free content, and that such people generally didn’t have a clue about the actual legislation and acted on misinformation about it. Let’s hope that now that Pogue has connected the dots, more people will follow that train of thought to some reasonable policy developments.
Webinar on Studios’ Content Security Policies April 24, 2012
Posted by Bill Rosenblatt in Conditional Access, DRM, Events, Video, Watermarking.add a comment
For those who couldn’t attend the breakfast event at the NAB trade show last week, I will be doing a webinar on Content Security Requirements for Multi-Screen Video Services, on Thursday April 26 at noon US east coast time/1700 GMT. I’ll be presenting a synopsis of the whitepaper I published last December on the topic. I will be joined by Petr Peterka, CTO of Verimatrix, sponsor of the webinar. Click here to register.
Will Harry Potter Break the E-book DRM Spell? March 28, 2012
Posted by Bill Rosenblatt in DRM, Publishing.5 comments
The Harry Potter franchise has been the major digital holdout in trade publishing, the analog (until recently) of the Beatles in music. No more: the Pottermore Shop features all of the Harry Potter titles in e-book and digital audiobook formats. The e-books are available in the standard EPUB as well as Amazon Kindle formats, and the audiobooks are in MP3. The EPUB and MP3 files are DRM-free.
Some major-publisher audiobooks are already DRM-free. But does this mean the end of DRM for major-publisher e-books?
No.
First of all, it’s possible to buy Harry Potter e-books on all of the major e-book retail sites (or through them via affiliate links). At least the Kindle and Nook format e-books use DRM. Only the EPUB-format files are DRM-free.
Furthermore, Harry Potter is highly anomalous in the world of book publishing: it’s a goldmine of revenue from many sources, far beyond the books themselves. Harry Potter has more in common with Disney cartoon movies than with most other books or book series. The animated features that Disney has released in recent years are all part of vast orchestrated campaigns of ancillary revenue sources: books, toys, theme park rides, ad-revenue-bearing TV shows, Broadway musicals, and on and on. Think The Lion King, Cars, or Toy Story. In fact, Harry Potter ancillary revenue streams have more than doubled book revenues already.
In other words, J.K. Rowling doesn’t need to maximize revenue from selling e-books, especially since she does not plan to write any more Harry Potter titles. Instead, her strategy is surely to use e-books — and print books, for that matter — for their marketing value, to induce her vast audience (and their parents) to purchase the stream of Potter-themed products that her organization will release for years to come. When viewed that way, DRM becomes a liability.
Instead, Rowling is launching an entire site devoted to All Things Harry: Pottermore Shop is part of the overall Pottermore site, which is currently in beta. This will enable the Rowling team to establish relationships with their customers that are far richer and more lucrative than if the e-books were available only on Amazon, Barnes & Noble, or other retail sites. Pottermore will add new content and features on a regular basis and, of course, include lots of social features for Harry fans.
Pottermore is likely to be a popular destination site; Harry Potter is perhaps the only publishing property that doesn’t need Amazon or B&N. The trade publishing industry would love to have more blockbuster franchises like Harry Potter, but given the way the industry and authors work, such properties are likely to be fewer in number than those found in the movie industry. (Incidentally, Scholastic, Rowling’s publisher, may have its hands on the next blockbuster franchise: Suzanne Collins’s The Hunger Games.) Those rare mega-properties don’t need DRM, but that has nothing to do with the question of whether the rest of the publishing industry does.
In addition, publishers have much more limited ability to monetize big franchise properties than movie studios do, for the simple reason that authors own the copyrights to most trade books. Of course, publishers can negotiate rights that go beyond print books or e-books. But it’s instructive to note that the word “Scholastic” appears exactly nowhere on the Pottermore site.
New White Paper: Content Security Requirements for Multi-Screen Video Services January 9, 2012
Posted by Bill Rosenblatt in Conditional Access, DRM, Technologies, Video, Watermarking, White Papers.add a comment
I have released a new white paper on content security requirements for video services that distribute content to multiple devices. This white paper discusses copyright owners’ requirements for security in today’s world of proliferating devices and delivery channels.
So-called managed networks (cable, satellite, and telco TV) are under increasing pressure to compete with “over the top” (OTT) video services that can run on any IP-based (unmanaged) network to a variety of devices — services like Netflix and Hulu. In the US, in fact, total subscriberships of OTT services are fast approaching the total subscriberships of cable, satellite, and telco TV.
Therefore pay-TV operators have to respond by making their content available on a similar variety of devices and even through unmanaged networks. While some major pay-TV providers like Comcast and Time Warner Cable are launching “TV Everywhere” services, many more pay-TV operators are trying to keep up by building their own service extensions onto mobile phones, tablets, and home devices other than traditional set-top boxes (STBs).
Content security is one of the many requirements that operators have to meet in order to license content from studios, TV networks, sports leagues, and other major content sources. Life for pay-TV operators used to be relatively simple: adopt a conditional access (CA) technology that was equally effective in thwarting signal theft as it was in thwarting content piracy. Economic and security goals were aligned between operators and copyright owners. Now life is considerably more complicated, as operators have to support home networks and branch out into mobile services. Content security requirements are more complicated as well.
This white paper gathers security requirements from major content owners and describes them in a single document. The intent is to help pay-TV operators and other video service providers that are looking to launch multi-screen video services, so that they know what to expect and avoid any unpleasant surprises with regard to security requirements when licensing content to offer through their services.
I spoke to representatives from most of the major Hollywood studios to get their requirements. Although it is not possible to build a gigantic table that an operator can use to look up DRM or conditional access requirements for any given delivery modality and client device — among other things, such a table would become obsolete very quickly — I was able to create a set of guidelines that should be useful for operators.
Content security guidelines do depend on certain factors, including release windows (how long after a film’s theatrical release or a TV show’s first airing), display quality, and the usage rules granted to users and their devices. In the white paper, I map these factors to certain specific content security requirements, such as roots of trust, watermarks, software hardening, and DRM robustness rules. Security guidelines also depend on external market factors that the white paper also describes.
Many thanks to Verimatrix for commissioning this white paper. To obtain it, follow this link and fill out the form for a PDF download. Feel free to contact me with any questions or other follow-up.
Public Library E-Book Lending Must Change to Survive December 4, 2011
Posted by Bill Rosenblatt in DRM, Law, Publishing, Uncategorized.11 comments
A few events over the past few weeks illustrate the downward arc that I have suggested is in store for public libraries in the e-book age. First, Amazon introduced its own e-book “lending library” for members of its $79/year Amazon Prime service, which allows users to “borrow” one e-book at a time, with no due dates. Second, yet another major trade book publisher, Penguin, got into a spat with public libraries over e-book lending. Penguin stopped offering new titles and withheld Kindle access to all titles, out of unspecified security concerns with OverDrive (the service that powers most U.S. e-book library lending) and Amazon. (Penguin subsequently restored access for existing titles, but not for new ones.)
The Penguin incident is only the latest in what will undoubtedly be a long series of squabbles between publishers and libraries over e-book lending. In fact, five of the “Big Six” U.S. trade book publishers are now either limiting their e-book licensing to libraries or not licensing at all — and the sixth (and largest), Random House, is reportedly reconsidering its library e-book licensing policies. Such spats may well lead to a world of off-putting restrictions and confusion for libraries and their patrons.
Libraries have two fundamental problems here: they have less control over the situation than publishers do, and they are about to get some serious competition from the private sector. An article in Publishers Weekly gives an overview of Amazon’s e-book lending feature and its implications for publishers and authors. In a nutshell, the program is currently limited to a few thousand titles that originate either from Amazon itself or from smaller publishers that still sell e-books to Amazon under a wholesale model, as opposed to the “agent” model used by most major trade publishers, which forbids such activity.
But the Publishers Weekly piece only covers the impact of e-book lending on publishers and authors, many of whom are raising a fuss about Amazon’s program. It says nothing about the program’s impact on public libraries. The executive director of the American Library Association (ALA), Keith Fiels, has publicly expressed a lack of concern over the impact of Amazon’s lending program, given its limited range of titles and that it’s part of a subscription program that includes other features such as streaming video and free expedited shipping. The ALA is more concerned about major-publisher moves like Penguin’s.
Indeed, public libraries are experiencing major growth in e-book lending, especially since Amazon joined the e-lending world by opening up its DRM to enable lending and integrating it with OverDrive’s library lending service. Another piece of evidence that library e-lending is expanding is the entry of a Seattle-based startup called BlueFire Productions as the first serious competitor to OverDrive in the public library space.
At bottom, this is about two things: ways to make e-books available legally for free, and the promotional value of free distribution. That’s why libraries should be worried. First, consumers generally don’t care where they get free legal e-books, as long as they are available conveniently and can be read on their favorite devices. Second, what Amazon has started as a limited service that’s only available to an elite tier of customers will surely become more widely available and with more titles, especially with competitors like Barnes & Noble constantly looking for ways to differentiate themselves from the market leader.
Amazon subsidizes the wholesale cost of e-books that it lends to Amazon Prime members. It does this to make its own services and devices more attractive, not to spur sales of those e-books. If and when B&N offers an equivalent feature, it will undoubtedly do the same.
If I were Keith Fiels at the ALA, I would be very, very afraid. The e-book publishing world may be about to split up into the equivalent of the music industry’s major and indie labels: major labels tend to make deals that maximize revenue and limit free promotion, while indies try for maximum promotion in hopes of getting revenue later. When you apply this dichotomy to publishers and e-books, you will see that libraries will inevitably get squeezed out.
The majors will make life increasingly difficult for public libraries through refusal to license or restrictive and confusing licensing terms. Meanwhile, smaller publishers will “lend” their titles through Amazon and other e-book services — and will most likely be happy with the arrangement for the promotional value it gets them. And some indie publishers will give their e-books away outright — through e-book retailers or through sites like Facebook — in hopes of getting exposure for their authors and selling hardcopy titles, just as thousands of indie musicians used to give away MP3s on MySpace. And let’s not forget that e-book prices are often much lower than their hardcopy counterparts to begin with.
Then it will only be a matter of time until some publishing industry equivalent of Michael Robertson (the music industry’s digital provocateur) will create a search engine for finding free e-books from all of these sources in a single convenient place, storing them in an online locker, sharing them with friends, etc.
If you extrapolate from these changes, you can see how public libraries could become virtually irrelevant for e-book readers.
It’s all because publishers get to decide what e-book titles libraries may lend and (to some extent) under what terms. Again, think of this in music terms: radio stations get the right to play whatever music they want under a license granted by law — a so-called statutory license. Online equivalents of radio (e.g., Pandora, iHeartRadio) get similar rights. Library lending of digital music is virtually nonexistent; radio remains the primary promotional channel for record companies. Perhaps it’s time to think more carefully about public libraries in this light for e-books, as I’ll explain.
There is no equivalent of a statutory license for e-books that would allow libraries to lend them without explicit, title-by-title permission from publishers. As I’ve discussed previously, libraries do get rights under Section 108 of the copyright law to lend e-books under certain conditions. But because most publishers only give libraries e-books to lend as DRM-protected files with license terms attached to them, and Section 108 requires libraries to abide by those license terms, libraries can’t exercise those rights. In effect, those rights have no value for libraries.
Libraries simply do not have enough leverage against major publishers and retailers to improve this situation in the private sector. If they are to remain relevant in the e-book age, they are going to need to push for significant legal reforms, which both publishers and retailers will undoubtedly resist.
I previously suggested one option, albeit in a somewhat tongue-in-cheek manner: push for the Copyright Office to define an exemption to the law that criminalizes hacking of DRMs (Section 1201 of the Copyright Act) so that public libraries can legally remove DRM for the purpose of lending e-books if they repackage them with DRM to enforce lending terms. However, this has two disadvantages: exemptions to Section 1201 only last for three years, until the Copyright Office considers a new set of exemptions, and publishers could push for stronger DRMs that are harder to hack.
The “cleanest” solution to this problem would be to enact Digital First Sale, i.e., an extension to Section 109 of the copyright law that lets anyone do whatever they want with digital downloads once they have acquired them legally. (We had a great discussion on this subject at last week’s conference.) Public libraries owe their existence to First Sale (on physical goods) in the first place. But that won’t help for e-books as long as publishers distribute them with DRM and DRM hacking is still illegal; and anyway, as I discussed recently, Digital First Sale isn’t likely to happen anytime soon. Therefore it would be worth libraries’ while to investigate changes to the law that help them lend e-books while leaving Digital First Sale off the table.
One option would be to push for additional rights for libraries under Section 108. At a minimum, Subsection (f)(4) would have to be relaxed so that libraries may lend e-books even if the licenses they come with forbid this activity. This would be tantamount to a statutory license for libraries to lend e-books without explicit permission from publishers.
As a practical matter, this wouldn’t really change the way things are done today. Libraries lend e-books through third parties like OverDrive, which already get e-books from publishers without DRM and package them with DRM — just like music and video retail services. And provisions already exist in Section 108 that hold libraries liable if they make their own unauthorized copies of e-books. OverDrive and its ilk use DRM to enforce one-copy-at-a time lending as well as the lending time limits that are in libraries’ own best interests.
This change in the law would improve the situation for libraries substantially. However, the economics may have to change to make it palatable to publishers. For example, libraries acquire e-books for their collections by paying for them title by title, just as they pay for printed books. Radio stations, on the other hand, typically get free copies of recordings from record labels but pay royalties to the music industry for playing them on the air.
If publishers acknowledge the promotional value of library e-book lending, then they might be willing to accept a statutory license to lend e-books if they can negotiate a per-loan royalty rate in lieu of upfront purchase prices. The Copyright Clearance Center, for example, would be in a good position to manage these payments and royalty disbursements, just as ASCAP, BMI, and SoundExchange do for music.
This type of arrangement would enable libraries to maintain huge collections of e-books (through service providers like OverDrive and BlueFire, which would actually house and distribute the e-books) and thus serve the public well. At the same time, the negotiations would have to resolve questions of how many copies of an e-book a given library could lend out concurrently; one copy per library doesn’t reflect the fact that big libraries acquire multiple copies of popular titles. Is it possible for the numbers to defined so as to be fair to both publishers and libraries? That would be a good question for the Section 108 Study Group, the venue for recommending changes to that section of the copyright law, which used to convene every five years but was disbanded by Congress after its last report in 2008.
A limited form of just such a statutory license-type solution has actually been suggested in the private sector already, in the proposed settlement to publishers’ and authors’ lawsuits against Google. It includes giving public libraries rights to make every book scanned on Google’s behalf — over 12 million titles at last count — available on a single terminal within each library. Libraries would not even have to pay for this. However, this doesn’t allow e-books to be available outside of libraries’ physical confines, it doesn’t allow libraries to acquire multiple copies of e-books they want to make available to more than one patron at a time, and Google can withhold up to 15% of its scanned titles at its discretion.
The Google book settlement is still unresolved, but the terms in it show that publishers may be willing to grant libraries some limited e-book lending rights. Libraries have complained about the “table crumbs” offered to them in the Google book settlement. But unless they take action similar to what I’ve described here, those rights may be the best that public libraries can hope for as the e-book market expands.
Amazon Kindle Cloud Reader Lowers the Speed Bump for E-Books August 31, 2011
Posted by Bill Rosenblatt in DRM, Publishing, Services.8 comments
Amazon launched Kindle Cloud Reader a few weeks ago. This version of the Kindle e-reader app runs within web browsers and therefore on a wider variety of platforms than its hardware Kindle devices and pre-existing e-reader apps for platforms such as Apple iOS and Android.
The main intent of Kindle Cloud Reader is to get around app stores, so that Amazon can make e-books available on iPads, iPhones, and Android devices without having to pay Apple or Google — both competitors in the e-book space — a percentage of its revenues. Yet Kindle Cloud Reader is different from the others in a way that could turn out to be just as important as its interoperability: it doesn’t encrypt e-book files.
Various people have discovered that Kindle Cloud Reader is a straight HTML5 app and that the server sends it unencrypted content a chapter at a time. It would be fairly easy to build a program that captures the HTML and stores it locally. This would be roughly equivalent to “stream capture” for audio and video, except that the result would be a perfect browser-renderable copy of the e-book.
This means that Kindle Cloud Reader does not operate in the same way as other web-based e-readers, such as Google Editions or Amazon’s older Amazon Pages technology. These display page images that would have to be fed sequentially to an OCR engine in order to capture the text – a higher “speed bump” than Kindle Cloud Reader uses.
E-book DRM technologies have generally been hacked, but this move by Amazon lowers the e-book copying “speed bump” significantly — not as low as DRM-free music downloads, but getting there.
Furthermore, Kindle Cloud Reader lacks certain functionality that other e-readers have, such as copy-to-clipboard. Google Editions allows copy-to-clipboard with limits. Ironically, the lack of copy-to-clipboard in Kindle Cloud Reader has inspired hackers to figure out how to add this functionality and thereby stumble upon the fact that the content is not encrypted.
Three questions arise out of this development. First, why is Amazon doing this? Second, do the publishers that license material to Amazon know about it? Third, would a program that captures e-book content in Kindle Cloud Reader be illegal under anticircumvention law (DMCA 1201 in the United States)?
The first question is most likely answerable. This development indicates that Amazon is confident enough about its leadership position in the e-book market that it does not feel as much need to lock customers into its platform, as it has done (more strongly) with its DRM.
It also shows that Amazon intends to make its e-book money more on e-books themselves than on reader devices. This is in line with analysts’ projections that the tablet market will grow faster than e-reader devices and therefore that e-readers will come under increasing price pressure. Amazon’s intention to launch a tablet device of its own by the end of this year corroborates this.
The third question is an interesting one. The anticircumvention law was designed to place liability for hacks to “technical protection measures” (TPMs) on hackers themselves rather than on the suppliers of the TPMs. This has led to the question of how strong a TPM has to be in order to qualify for protection under this law.
The 7th Circuit appeals court addressed this question in Universal v. Reimerdes (2000) regarding the hacked CSS encryption scheme for DVDs: the defendants in the case suggested that CSS shouldn’t qualify for legal protection because it was so easily hacked. The court did not want to establish a test for TPM effectiveness, so it declined to address that issue.
More recently, a company called SunnComm that made CD copy protection technology threatened to sue a researcher for discovering that its technology was trivially easy to circumvent: just press the Shift key on a PC when inserting a protected CD into the PC’s drive and the copy protection mechanism could be bypassed. SunnComm withdrew the lawsuit. One reason for this could have been fear of the repercussions of an adverse court decision — which would most likely have resulted in just such a test for TPM effectiveness.
If a publisher sues someone under the anticircumvention law for making a program available that extracts e-book content from Kindle Cloud Reader, then we’ll see what the answer to the third question above is (if the suit goes to trial). Or, if a publisher sues Amazon for breach of licensing agreement over the lack of encryption, we’ll know the answer to question number two.
Of course, there is also a fourth question: is this the beginning of the end of DRM for e-books? I suspect the answer is yes, although this should happen more slowly (or not at all) for certain segments of the publishing market, such as higher education and expensive professional/technical content. In general, I don’t believe it will happen as quickly as it did for music.
The digital music industry is moving from a model based on file ownership to one based on cloud storage. Storage of content on servers instead of on users’ devices goes hand-in-hand with elimination of file encryption. This transition is just beginning and will take years to complete. Even so, cloud-based e-reading seems like more of a stretch than cloud-based music: although the “celestial jukebox” model has been available for several years, its uptake has been slow. People are only just now starting to envision a world without physical music ownership. It will take them considerably longer to envision a world without physical books.
New White Paper: The New Technologies for Pay TV Content Security August 18, 2011
Posted by Bill Rosenblatt in DRM, Fingerprinting, Technologies, Video, Watermarking, White Papers.add a comment
I have just published a new white paper: The New Technologies for Pay TV Content Security. This white paper was commissioned by Irdeto.
The 28-page paper describes the current state of the art of techniques for protecting video content delivered over pay television networks such as cable and satellite. The two primary theses of the white paper are:
- Pay TV often leads in content protection innovation over other media types and delivery modalities. That is because, among other reasons, it is a fairly rare case where the economic interests of content owners and service providers are aligned: content owners don’t want their content used without authorization, and pay-TV operators don’t want their signals stolen. Therefore pay-TV operators have incentives to implement strong and innovative content security solutions.
- Before today, many content security schemes could be described as hack-it-and-it’s-broken (such as CSS for DVDs) or a cycle of hack-patch-hack-patch-etc. (such as AACS for Blu-ray or FairPlay for iTunes). Now technologies are available that break the hack-patch-hack-patch cycle, thereby decreasing long-term costs (TCO) and complexity.
The white paper starts with a brief history of content protection technologies for digital pay TV, starting with the adoption of the Digital Video Broadcasting (DVB) standard in 1994. Then it describes various newer technologies, including building blocks like ECC (elliptical curve cryptography), flash memory, and secure silicon; and it describes new techniques such as individualization, renewability, diversity, and whitebox cryptography. It ties these techniques together into the concept of security lifecycle services, which include breach response and monitoring.
The final section of the paper discusses fingerprinting and watermarking as two techniques that complement encryption as ways of finding unauthorized content “in the wild.”
My thanks to Irdeto for sponsoring this paper.
Irdeto Acquires BD+ Technology from Rovi July 7, 2011
Posted by Bill Rosenblatt in DRM, Economics, Technologies, Video.add a comment
Irdeto announced that it has acquired the BD+ content protection technology for Blu-ray discs from Rovi Corp. (formerly Macrovision). This includes the team and patents related to Cryptography Research Inc.’s Self Protecting Digital Content (SPDC), which Rovi acquired in 2007.
Given the string of recent acquisitions that Rovi has unwound (eMeta, InstallShield, FlexNet, TryMedia, and others), most of which have to do with content security or license management, this deal would seem to be yet another in the same vein; and in fact, BD+ was the last content security asset that Rovi owned, apart from its legacy serial copy management technology. Rovi is apparently paring assets to focus on its metadata (acquired from All Media Guide and Muze) and Electronic Program Guide (Gemstar) businesses; Rovi has dominant market shares or IP positions in both areas.
But a conversation I had with Irdeto revealed an entirely different purpose for this deal: one of the major Hollywood studios brokered it in an attempt to fix Blu-ray security, which has been seriously hacked. Irdeto did not name the studio, but those who follow the industry closely can probably guess which one it is.
BD+ is one of two sets of security technologies used in the Blu-ray disc format. The other, AACS, has been hacked — but the impact of the hack is not as severe as that of other hacks, such as the hack to CSS for DVDs. Nevertheless, the security of Blu-ray discs is apparently so poor that Hollywood is concerned enough to find a solution.
The idea in this deal is that Irdeto will bolster the security of Blu-ray by applying the Cloakware software-security technology that it acquired in 2007. According to Irdeto, this is a nontrivial engineering challenge but one that it believes it can solve in a few months’ time.
When Blu-ray first hit the market, with its multiple layers of content security, I had thought it was a real breakthrough for Hollywood. It looked as though Hollywood had not only learned its lesson about approving content security schemes that are too easy to hack (such as CSS for DVDs) but also had figured out a way to get downstream entities, such as consumer electronics makers, to pay for truly superior security.
Yet now we know that Hollywood has, once again, gotten what it paid for. Now that the latest intelligence about the Blu-ray format says that rumors of its demise are exaggerated, Hollywood wants to shore up the format’s security and protect its release windows. It wants to rely Irdeto’s Cloakware technology to plug the holes.
This is a great vote of confidence in Irdeto. But relative to the bigger picture, one must ask: does it really change Hollywood’s behavior so that this kind of thing doesn’t happen again? To put the question another way: what does Irdeto get out of this deal that would create incentives for it and other vendors to produce truly superior content protection — technology that is secure and affords a decent user experience?
Irdeto isn’t offering an answer. The terms of the acquisition from Rovi are undisclosed. It is unlikely that Blu-ray equipment and software makers will pay more for a license to Cloakware-enhanced BD+ technology than they pay now. Irdeto says that it will get “something” if it completes the Blu-ray fix successfully, but it won’t say what that something is.
I get the feeling that it will mostly be bragging rights. Irdeto will get the cachet of having “fixed Blu-ray,” which will (so the logic goes) lead to other opportunities with future formats; such is the power of Hollywood studio endorsement of content protection technology. And there is certainly some value in the elegant SPDC technology and the patents and engineering team that came with Irdeto’s acquisition.
But — putting aside the price of the acquisition vis-à-vis the value of the Blu-ray revenue stream that comes with it — the value of this deal strikes me as illusory. It’s the analog of user advocates who say that Hollywood studios should give away their content online so that consumers can “engage with the brands.” Both Hollywood studios and content protection vendors are in business to make money from their products. The major studios generally operate on the proposition that more money makes for a better product. Why can’t they apply the same principle to content protection?
Book Industry Bodies Consider DRM… Again May 26, 2011
Posted by Bill Rosenblatt in DRM, Publishing, Standards.3 comments
This week at Book Expo America in New York, the Book Industry Study Group (BISG) and the International Digital Publishing forum (IDPF) held an open meeting to discuss what the two industry bodies should do about DRM standardization.
Although this meeting wasn’t all that well attended — it was hampered by a hard-to-find location in the remote reaches of the cavernous Javits Center — it did provide good insight into book publishers’ attitudes about DRM, now that e-books have a much bigger impact on the industry than they did a few years ago.
Angela Bole of BISG kicked off the meeting by explaining the research and standards body’s role in the process. She emphasized that the reason for BISG’s interest in DRM standardization was to “take friction out of the supply chain” for publishers, retailers, and users. BISG has been successful in promoting other supply-chain-oriented initiatives, such as the ONIX standard for book product metadata.
Then Bill McCoy, Executive Director of the IDPF (and former e-publishing executive at Adobe), laid out a few possible choices for direction that the IDPF could help facilitate, and discussed their pros and cons (mostly the latter):
- Rely on e-books migrating to browser-based delivery on connected devices, meaning that users will no longer need to download e-books, making file-based DRM unnecessary (instead relying on what I call “screenshot DRM,” as currently practiced by Google Editions and Amazon’s “Look Inside” feature). This option isn’t practical because the technology won’t be in place for years, and people still want to own their e-books permanently.
- Go DRM-free. One of the advocates of this approach, Andrew Savikas from O’Reilly & Associates, argued for DRM-free and cited his company’s research to prove that “piracy helps sales” [see note below]. But few major publishers are interested in giving up DRM at this time.
- Gravitate towards a single-vendor solution, as the music industry effectively did with Apple and iTunes. This would improve the user experience, but it would result in a single entity with a stranglehold on supply chain economics; publishers would lose.
- Advance an interoperable DRM standard. By process of elimination, McCoy expressed interest in pushing this model.
The IDPF, and its predecessor organization the Open e-Book Forum (OeBF), have muffed the DRM issue twice already over the past decade. When it developed the highly successful EPUB format, IDPF opted not to include DRM in the specification. This happened primarily because the technology vendors that hold sway at the IDPF did not want a DRM standard: they either wanted to do without DRM entirely or to stick with their proprietary DRM; adopting a standard DRM would be an expense and hassle they would rather do without.
Before that, around 2003, the OeBF tried to define a standard rights expression language (REL) that publishers and retailers could use to express rights that they wanted to grant to consumers as part of a DRM system. The MPEG standards body adopted an REL standard (MPEG-REL) as part of its MPEG-21 suite of standards for digital multimedia. The OeBF decided to create an e-book-specific version of MPEG-REL. (I participated in this effort on behalf of the Association of American Publishers.) MPEG-REL has had negligible impact on the market, and the OeBF’s e-book REL effort went nowhere.
The current state of the e-book market makes any DRM standardization strategy challenging. There are now three dominant platform vendors, each with their own DRM: Amazon, Apple, and Adobe (used in virtually all other e-readers, including the Barnes & Noble Nooks and Sony and Kobo Readers). Any DRM standard would have to either promote interoperability among these or replace them. But the major players are already well established and therefore have little incentive to cooperate. Contrast this with Hollywood, where the market for digital video downloads is arguably less mature.
With that in mind, McCoy posited three possible approaches to interoperable DRM:
- Standardize on a single DRM, the way Hollywood did with AACS for Blu-ray (and HD-DVD).
- Instead of using file encryption, use a type of technique that McCoy has dubbed “Social DRM”: insert watermarks into e-books that contain personal information related to the user, such as a credit card number.
- Adopt a rights locker approach similar to that of Hollywood’s DECE (a/k/a UltraViolet), in which users pay for the right to download a title to one or more e-reading devices of their choice, as long as each device supports one of the approved DRMs.
The first of these options is a virtual impossibility with three platform vendors already established in the market. The “social DRM” technique has been tried in both e-books (by Microsoft in the previous decade) and music, with little success. Furthermore, it’s unclear how such a system would work with the EPUB text-markup format: for one thing, I don’t see how to avoid simple tools for stripping the watermark data from EPUB files without reverting to “regular” DRM.
That leaves the third option, which was the subject of some discussion at the meeting at BEA. The advantage of a DECE-type model for e-books is that it makes it unlikely that any of the platform vendors would need to scrap and replace their existing DRMs. DECE-approved DRMs must merely share certain basic technical characteristics, such as using the same crypto algorithm, so that the central rights locker can store encryption keys that work with all compliant DRMs.
But I don’t see how adopting DECE would be particularly helpful in reducing the number of e-book platforms or promoting interoperability. Of the three major platform providers, at least two (Apple and Amazon) have no history of cooperating with others. The latest market share statistics for e-book retailers, from Goldman Sachs in February, gives Amazon 58% of the market, Barnes & Noble 27%, and Apple’s iBooks 9%. If we assume that the remaining 6% consists of other retailers that use the Adobe platform (such as Sony), then we have Amazon and Adobe fighting it out at a reasonably competitive 58% vs. 33%.
Market forces alone may well reduce the number of dominant platforms to two, by marginalizing Apple as a DRM platform provider for e-books. Both Amazon and B&N have apps that run on popular mobile devices. So one way to achieve “interoperability” is simply to use an iPad, iPhone, Android, or BlackBerry (not to mention Windows or Mac) with both Kindle and Nook apps, and live with two e-bookstores. Apple’s iBooks, which only runs on Apple iOS devices, will isolate itself into irrelevance. And its dependence on the iTunes retail infrastructure hampers Apple from doing the previously unthinkable and switching iBooks to Adobe’s DRM (thereby joining B&N and others to weaken Amazon).
If the book industry really wants to achieve e-book interoperability among dedicated e-readers, then a fourth alternative, beyond those that Bill McCoy suggested, may be worth investigating: Coral. Coral was a consortium led by Intertrust that had developed a framework for actual interoperation among DRMs through trusted intermediary services. This approach makes it possible for a user to call a service to “translate” content from one DRM to another while maintaining security.
Coral still technically exists but has been quiescent over the last several years as Hollywood rejected it in favor of the DECE multi-DRM approach. DECE depends on online retailers building infrastructure to support all compliant DRMs — currently five of them — and agreeing to let users migrate from one retailer to another like GSM mobile subscribers do with their SIM cards. This is unlikely to fly with Amazon or Barnes & Noble.
Instead, Coral would enable users to use their e-books on other devices while letting retailers retain control of their users’ purchase information. This alternative seems more palatable to e-book retailers than the DECE approach, and it would help users.
Technical and licensing issues must be investigated in order to determine whether Coral might be suitable for current e-book platforms. As various participants stated at the BEA meeting, book publishers are far more likely to be successful in pushing for DRM interoperability through industry-wide vehicles than one publisher at a time. The major e-book retailers need incentives to adopt interoperability that will enhance the user experience and help the market grow faster. Publishers can push for such incentives in licensing deals. As long as their actions fall on the correct side of antitrust law, the IDPF has a way forward.
*O’Reilly commissioned my colleague Brian O’Leary to do a study on piracy’s effect on sales in 2008. O’Leary’s findings encouraged O’Reilly to stay away from DRM. When I asked Savikas what the study measured, he stressed that it was a limited study that was only relevant to the way O’Reilly sells and markets its content.
As the author of books published by O’Reilly myself, I would like to assert that O’Reilly is an outlier, and the research results should not be taken as representative of the book industry as a whole. I maintain that both piracy’s effect on sales and DRM’s effect on piracy (or sales) have yet to be measured with any degree of confidence for book publishing (or any other media industry segment) — and perhaps never will.
Here’s why O’Reilly is atypical: first, it is much more active and sophisticated than other book publishers at using online techniques to market and distribute content, thereby making it easier for O’Reilly to monetize content online. Second, this redounds doubly to O’Reilly’s benefit because of the tech-savvy of O’Reilly’s core audience of IT professionals. Finally, O’Reilly’s content attracts an open-source-oriented crowd that has a particular antipathy towards DRM, making a backlash more likely than for other publishers if O’Reilly were to implement it. O’Reilly & Associates is a superb publisher, but its study on piracy and DRM has limited meaning for the industry at large.
Bill Rosenblatt
Azita Arvani
Bill Jones
Niels Thorwirth
