Friday, August 3, 2012

Possession is nine tenths of the law? Part 2

Part Two “It’s Mine I Can Prove It.” 

Why PKI should be used to address the digital rights management question 

The second half of this essay looks at how various media providers use DRM and the limitations of the current solutions.  PKI is presented as an alternative.  I hope you enjoy the paper and encourage you to comment.

Digital Rights Management

Accepting the fact that you are really not buying anything tangible, a digital content provider like Apple® is not necessarily out to get you.  The “Terms and Conditions [for] ITunes store, Mac App Store, App Store and iBookstore” allow for content sharing on up to ten devices five of which may be a I Tunes authorized computers.  It allows burning to CD your full playlist up to seven times.  For a fee you can get additional cloud services that make accessing your purchased content even easier.  On the flip side Apple® reserves the right to change the usage rules at any time.  The Apple® business model is not about making money with the content it is about making money on the hardware.  This is not the typical hardware /software paradigm.  With the majority of companies that deal in both hardware and software the real profit is in the software and ultimately the accompanying service and support plans.  Apples approach is not unique but is atypical in the software community though it seems to be part of a consensus in the digital content management community.  "The iPod makes money. The iTunes Music Store doesn't," said Apple Senior Vice President Phil Schiller.   "It's maybe a feature your platform should offer, but it's not like you're going to make some (big) markup," Microsoft Chairman Bill Gates said at the company's July [2003] analysts' meeting in response to questions about a proposed online music store.(Fried, 2003)

You have a certain amount of freedom in using and managing the content you purchase/lease from Apple ® although you are limited to using Apple® hardware, or apple software on non Apple® hardware like PC’s and Laptops.  The Apple® formats are proprietary as is the security mechanism they use to ensure compliance with their policies. This is the difference between the underperforming subscription models like Napster, Rhapsody, and Pressplay, and the Apple a la carte model which has been copied by most of the major players in the industry today.  Security is enforced using Digital Rights Management (DRM) Digital rights management.

 “DRM is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that are not desired or intended by the content provider. DRM also includes specific instances of digital works or devices. Companies such as Amazon, AT&T, AOL, Apple Inc., BBC, Microsoft, Electronic Arts and Sony use digital rights management.” (Wikipedia, 2012)  

DRM has its detractors who often predict gloom and doom scenarios.  These scenarios often focus on a complete loss of your digital media should the DRM standard change in the future or the original service provider go out of business.  Although it does not seem likely that the world will be without the I Store™, Kindle™ store, or any of the other megalithic providers anytime soon the point is valid. Additional charges are that DRM stifles innovation and competition but perhaps the most disconcerting charge it that DRM goes beyond the constraints required by current copyright law which could be a slippery slope indeed.   

Apple has its own proprietary version of DRM known as FairPlay which is in turn only supported by Apple ® products.  This is no surprise if the afore mentioned quote by Apple Senior Vice President Phil Schiller is representative of Apples long term business model.  Apple, like other digital content providers, does have a loyal following but the question needs to be asked; are we heading for a single source world in which you must pick your provider and be satisfied with the available offerings.   What happens when your favorite author’s publisher or recording artist’s studio will not sign a contract with your provider?  Do you buy a new device every time you seek to increase the variety of your library?  To be fair to Apple® although they continue to use DRM in other media they removed FairPlay and any sort of DRM from the music tracks bought in the iTunes music library in 2009. (Apple Inc, 2012)   Apple does continue to digitally watermark its music tracks offering an excellent segue into DRM alternatives.

The pivotal issue of the digital media conundrum is the establishment of ownership and the ability to trace that ownership.  There are those who do not believe that any sort of identifier that would allow for tracing of ownership is in any way necessary or justified.  Perhaps there are merits to specific arguments in that regard however a system without ownership principles will simply result in the eventual extinction of the art form.  Individuals cannot be allowed unfettered access to works without compensation to the originator or allowed the ability to, without limitation, reproduce and distribute said material.  It is obvious that DRM is not the solution of the future.  Apple uses digital watermarking, the process by which code is buried in an underlying carrier signal allowing for the verification of the signals ownership or authenticity.  This technology has been used to track down the source of pirated movies.  Unlike the Metadata like that placed in websites to improve visibility to search engines, Digital watermarking does not change the size of the file.  One would think that this is an effective solution until the realization that digital watermarking is proprietary, and not standards driven, comes to light. A digital watermark also cannot be easily altered or added to without sacrificing some of the quality of the original file.  With this limitation it becomes problematic at best to transfer ownership of the media.

 DRM Alternatives

Other methods for establishing ownership of digital media are in use.  For example, Palm Digital Media, now known as E-reader, links the credit card information of the purchaser to the e-book copy in order to discourage distribution of the books. (Noring, 2004)  The big disadvantage is the risk to Personally Identifiable Information (PII).  The thought of using credit card information to indicate ownership of a piece of digital media is scary at best.   So what is the solution?  One proposition is that establishing ownership of digital media, securing a multibillion dollar industry and preventing hundreds of millions of dollars in fraud in the US alone, is a great argument for furthering individual digital identities in the US; enter PKI and Digital Certificates. 

Public key infrastructure (PKI) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. 

In cryptography, a public key “certificate” (or identity certificate) is an electronic document which incorporates a digital signature to bind together a public key with an identity - information such as the name of a person or an organization, their address, and so forth. The certificate can be used to provide very strong verification that a public key belongs to an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority. In a web of trust scheme, the signature is of either the user (a self-signed certificate) or other users (”endorsements”). In either case, the signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together. (Operational Research Consultants Inc., 2011)
This would appear to be an excellent solution for both the producers and consumers of digital media. For example if I were to buy an e-book and sign both the purchase and the resulting digital file with a public key certificate it would be the digital equivalent of signing each and every page of a hardcover novel with my name.  It does raise some rather childish euphemistic comparisons but effectively marks that digital media as mine.  More importantly unlike a five year old scribbling this book belongs to “Tommy” across the pages a digital signature can be edited, exchanged, or added to without harming the underlying file. This allows for the establishment of a chain of ownership and subsequently for the smooth and traceable exchange of ownership, even one that is temporary.  

Detractors point out that the establishment of a PKI infrastructure is overly burdensome in cost and complexity.  But this argument does not stand up to the counter which is economy of scale.  The federal government has been using PKI for years for logical access security but efforts to increase the use of this proven technology outside the federal government have been hampered by lack of broad scale adoption.  Consider that Apple has more than two hundred million devices sold worldwide and Amazon can claim more than six hundred million users.  It is not too much of an exaggeration to state that using those numbers as a starting point would drive the cost of PKI digital identities into the cost range of the Venti Café Mocha from Starbucks I purchased on the way to work this morning.  It was by the way, demonstrably not ostensibly mine. Possession is nine tenths of the law, just ask my daughter.

Works Cited

Apple Inc. (2012, January 6). Chanegs Coming to iTunes Store. Retrieved June 20, 2012, from Apple Press Information:
Apple Inc. (2012). LICENSED APPLICATION END USER LICENSE AGREEMENT . Retrieved June 18, 2012, from

Fried, I. (2003, Oct 16). Will Itunes make Apple Shine. Retrieved June 19, 2012, from CNET:
Hyde, B. (2001). THE FIRST SALE DOCTRINE AND DIGITAL. Retrieved june 20, 2012, from Duke Law Scholorship Repository:

Kunkel, J. R. (2002). Recent Developments in Shrinkwrap, Clickwrap and Browsewrap Licenses in the United States. Murdoch University Electronic Journal of Law , 9 (3).

Noring, J. (2004). The Perils of DRM Overkill For Large Publishers. Retrieved June 20, 2012, from

Operational Research Consultants Inc. (2011). Certificates and Credentials. Retrieved June 20, 2012, from ORC.Com:

Wikipedia. (2012, June 15). Digital rights management. Retrieved June 19, 2012, from Wikipedia, The Free Encyclopedia :

1 comment:

  1. Hello,
    Very good blog post I love your site keep up the great posts.

    Adobe security


Please keep your comments specific to the topic. Requests for a specific topic can be emailed to