Digital Rights Management: Business and Technology
William Rosenblatt, William Trippe and Stephen Mooney
Many of us have been drawn to the field of digital rights management because of its fundamentally hybrid nature. While rooted in and driven by business interests and legal concerns, digital rights management (DRM) invariably presents fascinating technical challenges in its implementation. To date there have been no books of substance written about this young industry and its technology, and for good reason: potential DRM authors risk irrelevance on many counts, perhaps considering business or legal abstractions without a proper grounding in technology, or focusing too deeply on narrow technologies without providing necessary and useful context. Maintaining currency is, of course, always an issue, because so many of the related industrieselectronic publishing, multimedia, security technologies, and system platformsare so rapidly changing.
This book was a pleasant surprisethe best, most comprehensive treatment of digital rights management that I have seen to date. The book excels primarily because the authors continually emphasize the overarching business imperatives while considering the applicable technologies, at times in depth. The book does an important service to the industry by combining useful abstract models with considered discussions of real technologies and solutions.
The book is well organized. Part I, "The Business of DRM" provides a brief but useful history of pre-digital content rights management (Chapter 1), followed by a discussion of new business models that digital distribution enables (Chapter 2) and a concise but thorough treatment of the nexus of law and technology (Chapter 3). Readers who are active in the content industries will find much of this to be review, but it is concise and complete enough to hold the attention of technologists and to help them realize that they don't operate in a vacuum.
Part II, "The Technology of DRM" methodically introduces the reader to the world of DRM technology, beginning with the conceptual basis for "rights models" and how these may be crafted to embody a variety of business models (Chapter 4). Chapter 5 presents the authors' "DRM Reference Architecture," an extremely useful tool for understanding the system components required in any practical DRM system and their various relationships. Chapter 6 provides a timely and thoughtful treatment of DRM standards activity, be they formal or de facto. The terms "standard" and "digital rights management" have traditionally seemed oxymoronic, but the authors demonstrate that progress is being made and DRM standards already have business relevance. For example, readers will find the sections on ICE, a standard protocol for content syndication, and the XrML rights specification language from ContentGuard to be useful and enlightening. Chapters 4-6, in this reviewer's mind, were the "gems" of the book, providing the most important take-home messages. The final chapter in Part II focuses on significant technologies and major technology players in the industry, including the likes of Digimarc, Adobe, Intertrust, Microsoft and RealNetworks. The authors' thorough treatment of Microsoft's "Unified DRM"/BlackBox digital rights management technology was especially timely and useful, given the awarding of US Patent 6,330,670 "A Digital Rights Management Operating System" on December 12, 2001.
Part III, "DRM Solutions: Putting it All Together" will be most helpful to content owners or intermediaries who are at an early stage in the digital content deployment pipeline. The chapters in this part help the reader assess their requirements and sort out what types of rights models and DRM components actually deliver to those requirements; making the decision to build or buy, and the difficulties achieving a return on their investment; and understanding the problems of integrating DRM "solutions" with other common publishing technologies, especially enterprise security financial systems. Chapters 11 and 12 present a variety of DRM and DRM-related solutions, which complement the earlier discussion of the "heavyweights." These chapters help the reader by putting into perspective names we often hear, but that perhaps get lost in the "noise" created by the bigger players.
In their final chapter, the authors present their view of the DRM future. I found it to be a fairly pragmatic and well-reasoned view, inspired by the many realities of the business. Frequently throughout the book, the authors discuss usability or security problems with various DRM technologies; often these can be tied to poor system underpinnings. Here, they make the case that for DRM to move forward, it must be "built into" PCs and other hardware (in one of several ways), and they discuss a number of the problems (technical, political and otherwise) that must be overcome to make this a reality. They also discuss the future of DRM standards, although this comes more in the form of suggestions and observations. Importantly, the authors also consider the role of and opportunities for DRM technologies in the corporate environment; this application of DRM is often overlooked, but is potentially well suited to highly distributed and virtual corporations, especially those that use the public Internet.
Finally, this reviewer's criticisms: I felt that there could have been a bit more discussion of the impact that various XML-based security initiatives might make on emerging DRM standards or solutions in general. I felt that the digital library community might like to see more consideration of the problems that conventional DRM technologies face when trying to deliver cross-organizational authentication and authorization in manageable ways. Finally, although no media types or business models were excluded, I couldn't help but feel that this book came from the "print publishing" perspective - a minor quibble for an otherwise excellent treatment!