- On 2019-02-25
What is DRM?
Digital rights management, or DRM, is a broad phrase used to define any strategy for preventing the unlawful spread of copyrighted content – using technological means.
DRM systems are intended to help media owners stop the illegal redistribution of their intellectual property – but, in reality, these controls often only end up damaging the relationship between the creator and their consumers.
Different types of DRM technologies
The DRM tools you can use to manage your media are endless; here are a few examples:
- A company sets its servers to block the forwarding of sensitive e-mail.
- An e-book server restricts access to, copying of and printing of material based on constraints set by the copyright holder of the content, using document watermarking.
- A movie studio includes a watermark on its DVDs that limits the number of copies a viewer can make.
- A music label releases titles on a type of CD that includes bits of information intended to confuse ripping software. (source)
Watermarking to enforce DRM
While watermarking media may be one of the most popular forms of DRM, the limitation to watermarking is the ability to detect infringing copies once a leak happens. Increasing the probability of detection increases the disincentive of leaking pirated material.
For this disincentive to be effective, there needs to be a credible threat of detection, and this is the limitation of conventional watermarking.
The piracy ecosystem is global and nuanced. Identifying a potential leak over public sharing sites, release groups, streaming sites, closed networks and the dark web is a massive undertaking.
Public sites such as The Pirate Bay make it easy for users to search and find pirated content. Research done by Custos shows, however, that newly pirated content spends an average of two weeks on non-public sites before it lands on public sites. Finding content on non-public sites is difficult for the following reasons:
Search engines such as Google make it easy for anyone to find content online. They do this by having web crawlers index everything online that it can reach. There is a limit to what it can index, though. It cannot, for example, index someone’s email inbox, a Facebook account, or a company or campus intranet. As a rule of thumb, any service that requires a user to log in to use, is part of the “deep web” and not indexable by a search engine. This also includes all private piracy sites. A content owner would typically need a human to search these sites for any infringed content.
For most private piracy sites you can only get access through an invitation from a current member. Some communities will do background checks on members specifically to keep authorities and anti-piracy companies out.
Some private sharing sites take it one step further than just requiring an invite – they require members to maintain a seeding ratio (seeding refers to making a file available on a peer-to-peer file sharing protocol such as BitTorrent). The most relaxed of these requirements only block members from downloading content if they are not contributing by seeding content. The most stringent sites require members to contribute copyrighted content to remain a member – those that do not contribute are kicked off. A detection service will not be able to meet these requirements, and as such will not be able to find infringed content until a member leaks the content outside the community.
Academic institutions frequently have closed intranets for use by students and staff. These can be hotbeds for piracy but are closed to access from the outside. For locally produced content, Custos’ research shows that content can be shared in these networks for years without being uploaded to public sites.
The biggest limitation of piracy detection is the constant arms race with pirates themselves. Sophisticated pirates are intelligent, educated and highly motivated to remain undetected. If an attack vector is identified, they adapt. If a site is compromised, it is closed and a new one is created.
The internet is big. The global mainstream sites are well known, but each territory and market has its own unique culture and preferred technological platforms of choice. As media distribution goes global, so does piracy. Piracy detection needs to be present in not just every territory content is distributed to, but in every territory where content is consumed.
All these factors make it costly and hard to detect piracy. Automated scanning can only get a rights holder so far, and human agents might not even be able to reach the depths of the internet or even know where to look.