Is there a DRM scheme that works?

Question

We help our clients to manage and publish their media online - images, video, audio, whatever. They always ask my boss whether they can stop users from copying their media, and he asks me, and I always tell him the same thing: no. If the users can view the media, then a sufficiently determined user will always be able to make a copy. But am I right?

I've been asked again today, and I promised my boss I'd ask about it online. So - is there a DRM scheme that will work? One that will stop users making copies without stopping legitimate viewing of the media?

And if there isn't, how do I convince my boss?

Answer 1

No. If you let them view it, they can always make a copy of what they saw. You can make it harder for this to happen, but in the end, you can't stop a suitably determined attacker.

Answer 2

the answer is simple : no

Answer 3

Simply put, no, there isn't. Any content that can be viewed can be copied. There's no exception to this at all, unless you can bend the laws of physics in your favor :)

Answer 4

No, their is no way to prevent a user to use its camera to take a screenshot of the screen, or its recorder to record a movie, a song or anything else.

And if you're talking about preventing making "exact" copy of a digitalized content, the answer is still the same: NO.

Answer 5

Anything that can be viewed and understood by a human can be viewed and stored by a computer.

The best you can do is obfuscate and attempt to confuse, but any suitably determined user will succeed. You could deliver text as an image, an image with a watermark, an encrypted file with public/private keys but the best that will happen allowing you to track who 'leaked' something rather than stopping it from getting leaked.

Answer 6

Short of supplying specifically tailored hardware (which is what Microsoft is pushing with its Trusted Computing 'Palladium' initiative) the answer is no, you can't stop 'em to get to the bits.

Even in the case of specifically tailored hardware an attacker with enough skills and resources can still get to your content, you just reduce the attack surface enormously.

Of course a video camera will work just as well in many cases, you'd then have to counter that with a specific set of television/monitors. It shortly stops being economically viable.

To convince the boss, just tell him what's easier to understand: you cannot stop someone from placing a camera in front of the television.

Answer 7

Long answer: Only let users browse your site by visiting your office and using a machine located there - under strict supervision, of course.

Short answer: No.

Answer 8

As to convincing your boss you might try arguments from Cory Doctorow from this essay book.

He has some very good points.

I think the best argument is that you will be spending much programmer resources on writing features that your users will dislike. Noone wants their player to say: 'you can't listen to this song because it is on your PC already', and implementing this feature will be pain.

Answer 9

You cant stop the viewing, but by possibly putting a serial number in each viewers video it will allow you to track copies. E.g. in the top right of the video put a small number that is unique to that user. If they copy the video and upload it you will know who did it. You could also move it around during long videos or make it appear randomly to make it harder to remove.

Just an idea. Im actually anti DRM.

Answer 10

At one point you will have to abandon whatever coding/encrypting you are using to circumvent the making of illegal copies and show the content to the user in plain sight. The latest, at that point the user can simply capture the content and make copies. Which means that if you cannot control who your users are (or how they are using your technology), you cannot stop them making copies.

Now, granted that making copies off the unencrypted content might not be the most efficient way of copying (for one -- depending on where it was captured -- it might not be compressed (e.g. the capturing took place between the video card and the monitor), and therefore might take up a lot of space).

Based on the above, the technical answer -- unless you have enough control -- is that no, you cannot stop users to make illegal copies.

However, you can make it much harder for them to make those copies in the desired format by using encryption or other DRM-related techniques. Depending on your users and the popularity of your content, there might be a point where the effort required to subvert the DRM technologies is higher than what your users are willing to pay/invest. Whether there is such a point solely depends on the nature of your business and your audience.

Answer 11

The reason you can't stop DRM no matter what is as follows: imagine a bank vault. There has to be a way in to get the money out. If there is a way in, that means someone could get in that way, therefore it is not impenetrable. If the vault is impenetrable, that means no one can get in -- meaning no one can get the money in or out, not even the people who legally have the right to access the money.

Answer 12

Nothing is perfect, but you can make copying a little more difficult = less worthwhile.

• You can watermark preview copies of media.
• You can serial number all copies so they can be tracked.
• You could encrypt the media, only allowing it to be decrypted by software that you control. (e.g. Adobe Acrobat documents can be set read-only. Audible ebooks can only be played in the Audible player).
• You could supply media that is of little value to anyone but a legitimate user. (eg. Pictures of my friends at a party are of little value to anyone but the people that know them).

IMHO, any attempt to DRM is annoying to legitimate end users, so I wouldn't recommend it.

Perhaps you can convince your boss by asking her to come up with an effective method of DRM, and then demonstrating how to overcome it?

Answer 13

Right now I can see 12 answers all agreeing that the answer is "No".

If your business relies on your clients' media being published with protection, then your business may already be in trouble. You need to start a conversation with your clients about the content they're generating, why they're generating it and what they hope to get from it. It rather looks like they may have an out-of-date business model, in which case they may be in danger as well.

What the clients are saying they want may be their best attempt to stipulate the solution to a problem that they're not telling you about. Try digging a little deeper into what their actual problem is. Maybe look at the Five Whys for inspiration.

I definitely don't think I'd want to be planning a long-term career on DRM right now...

Answer 14

If it can be viewed, it can be copied.

And if one person can copy it, he can send it to a million other people.

So its meaningless to make it hard to copy, because there's always people able to copy it, who will then proceed to send it to everyone who can't.

The only thing DRM does is make it harder for consumers to legitimately use content. But this is intentional--media providers don't want you to backup your DVDs and convert them to play on an iPod: they want you to buy the same movie again from them in iPod format.

That is the real reason for DRM. They know it won't work to stop pirates; they do know it will work to stop legitimate fair use.

Answer 15

You can have extermly complex DRMs (custom player, activation each time something is played/loaded), but it still won't be 100% hacker proof. And honestly, it's just not worth the trouble,

Try to just keep the honest people honest; either have no DRM at all, or just some simple ones that's easy to implement and will work on 80% of general public, leave the other 20% alone, they are probably techie enough and won't be stopped no matter what.

Answer 16

Allow me to argue that the answer is actually "Yes, with qualifications". It is possible to create a DRM system which is sufficiently difficult to crack, such that non-technical users will not be able to copy and redistribute the content, and highly technical users will only be able to do so with great difficulty.

So the original answer is correct: a "suitably motivated" hacker will always be able to get what he wants. But it's possible to set the bar high enough so that the number of suitably motivated hackers is approximately equal to zero.

Answer 17

With the hardware in use today, you cannot stop users from copying your media. And current (major) DRM-technologies is not even about that.

DRM is about annoying users who wants to copy. Hopefully so much, that most of them won't make copies.

The problem is that by annoying the users, you annoy all users.

That is why I almost never buy anything DRM-protected. And when I do, it's ONLY after I've got a DRM-free copy, so I'm sure that I'm actually able to hear/see a copy of the product.

Answer 18

As far as convincing your boss goes, boil things down to essential DRM. You sell something valuable. To prevent your customers from copying it, you lock it in a box. To allow your customers to use it, you give them the key to the box.

Hopefully, the light is beginning to dawn on your boss by this point.

Technology is not a solution. We have a legal system to deal with unlicensed replication of intellectual property. Theft is prevalent in a small segment of the population. My advice would be don't try to sell digital media that appeals to a demographic likely to steal.

Answer 19

The main thing you need to identify is the level of user you wish to prevent from copying the content. You will never stop a 1337 h4xx0r from copying your things and passing any knowledge of hacks to more competent techies.

As you wander down the line of the less technical able there is more you can do (such as the usual DRM) to dissuade them from attempting to copy your content. As you get to idiot user there are probably a variety of tricks you can perform that are effective enough to fool them into thinking that they cannot copy the content, however all it takes is for them to meet a competent techie and for them to provide one link for them to be able to step up to the next level.

It's a case of very much diminishing returns but there are still users out there who think that just because a website disables the right click that they cannot download the images. If your clients want to target those users (and offer substantial monies) then it might be worth pursuing a bit of obfuscation but it is a case of diminishing returns and your customers need to appreciate that all they are purchasing is a thin disguise.

Answer 20

And if there isn't, how do I convince my boss?

Promise him a unicorn if he stops asking for the DRM.

Answer 21

I'm inclined to agree that in a practical sense, there may be no foolproof way to prevent copying, but can I prove it? No, and I haven't heard any airtight proof yet.

Copying is inherent in normal computation, and it is irreversible. For example

X = A; // statement 1
X = B; // statement 2

When statement 2 is executed, there is no way to reverse it because X has no memory of its prior value. That is the essense of copying - forgetting that a copy was made.

From what little I know of quantum computing and cryptography, in that realm all processes are reversible, so it is possible to guarantee that copies can always be detected.

Back in the world of normal computation, if one can control the viewers of information, one can try to ensure that any copy is degraded and not as good as the original. For example, there is the watermark idea, which can be made practically invisible. Or additional information can be added that is not displayed, but which is required to show the image.

I'm not saying strong DRM is possible in normal computing. I'm just saying if it isn't, that's a strong claim, and I'd like to see an airtight proof of it. This field has a number of things once considered impossible, such as public-key cryptography and Dijkstra's mutex algorithm.

Answer 22

Yes, there's is a largely uncracked DRM in place. It's called Super Audio Compact Disc (SACD), a fantastic 5.1 surround sound format that was made to supersede original CD's. Don't think it really caught on as much as Sony, the creator had hoped, yet there's still a large following agmonst audiophiles.

The main reason it's largely unbreakable is because you need a special player to read the discs, they cannot be played on a computer or CD player, unless they're dual layers. Meaning SACD and CD data on one disc, and then they can only rip the CD data not the SACD.

So if you've got music you want to share and your clients are into high end audio. Then SACD is probably the way to go, if you want unbreakable/unshareable audio/music.

Answer 23

In words of a microsoft engineer "If your solution lasts for 6 months, thats eternity". Time to move to a newer implementation of the DRM solution. Hence we cannot guarantee a fool proof DRM solution. However we can make it very hard to crack/hack though by making less encrypted data in clear.