The Digital Rights Management Dictionary

Back to InfoMech DRM home Send Corrections & Suggestions About The Author		The DRM Dictionary: Terms, Technologies, Companies, and More !
	0-9, A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X, Y, Z
	Copyright 2002-2008 Information Mechanics Ottawa Inc. All rights Reserved.
0-9	2600 The "Hacker Quarterly", a Web site and physical magazine devoted to, what else, hacking. The name derives from a legendary incident in which a phone hacker (John Draper) discovered that the sound from a toy whistle found in Captain Crunch cereal was a precise 2600 hertz which, due to the multi-tone in-band signaling system employed at the time, could be used to steal long-distance service from the phone network ("phreaking"). The hacker subsequently adopted the moniker "Cap'n Crunch" and took his place in history. The phone network has evolved so that this particular attack is no longer useful, and the group has diversified and grown up, for example engaging in advocacy relating to the DMCA and those charged with violating it. 321 Studios An illustrative lesson about business and the DMCA: a company whose only product existed to easily copy DVD movies. In most jurisdictions, that would lead to an interesting shades-of-gray discussion about fair use and personal backups vs. piracy and so forth. In the USA however, thanks to the DMCA and the fact that the technology incorporated the verboten "circumvention measures" (i.e. the logic of deCSS), things are more black and white, and 321 was sued into oblivion in 2004. It is still possible to copy DVDs of course, you just have to get software from somewhere else to do it. 3C Patent Group A consortium that licenses patents required to make DVD players, consisting of Sony, Phillips, Pioneer, and recently LG. Their profile was raised in early 2005 when most of them joined the Marlin group, and also when they were sued by Chinese DVD player manufacturers claiming discriminatory pricing. 4C Entity A consortium of 4 computer technology companies (IBM, Intel, Matsushita, and Toshiba) which fosters the production of, and subsequently licenses, intellectual property associated with content control. The 4C entity emphasizes secure storage licensing schemes such as CPRM. 5C Entity A consortium of 5 computer technology companies (IBM, Intel, Matsushita, and Toshiba, who are the 4C Entity, plus Hitachi) which fosters the production of, and subsequently licenses, intellectual property associated with content control. The 5C entity emphasizes secure transmission e.g. over domestic IEEE 1394 links, while the 4C Entity emphasizes secure storage. Also known as dtcp.com, and the "Digital Transmission Licensing Authority."
A	Adobe Systems A leader in technology for electronic documents, best known for the PDF document format and software tools to create and read it. Their main approach to DRM has been plug-in framework for their PDF software which third parties can plug functions into including DRM. The security of this set-up has been poor and attacks against it were well-documented, most famously in 2002 by a Russian security expert who was arrested shortly after pointing out the systems weaknesses. Adobe makes money from other products such as PhotoShop and, with the eBook market stagnating, DRM doesn't seem to be too high on their list these days. Activated Content A supplier of forensic watermark technology for the digital audio industry, based near Microsoft in the western USA. They claim that their system is both inaudible to "Golden Ear" testers, and able to survive various manipulations such as encoding with perceptual codecs. If these claims stand the test of time, they have certainly advanced the state of the art beyond where it was in the SDMI era. Advanced Access Content System (AACS) The copy protection scheme for next-generation video disks; here's an early (2004) EE Times article. It is administered by the AACS Licensing Authority which has a most impressive roster of members including IBM, Intel, Microsoft and Sony. AACS is the copy protection scheme for next-gen video disks regardless of who wins the blu-ray vs. HD-DVD wars, and regardless of whose codecs are used. Any such scheme must confront the embarrassing legacy of CSS and strike a very difficult balance between content provider paranoia and consumer convenience. Preliminary technical specifications became available in spring 2005 here. Early in 2007, a crack emerged, at least for HD-DVD. It's not a very elegant crack i.e. it does not stand alone like DeCSS. It's really just a software implementation of the AACS cryptography specification which is not useful without secret per-title keys. However, compromised software players have yielded many such keys, which have been posted on the Internet, and given the small selection of ND-DVD titles, this represents a substantial fraction of the HD-DVD movie inventory. Further, many of the HD-DVD security mechanisms, such as Traitor Tracing and revocation, are not useful against this attack, since the keys produced from compromised machines are not traceable and the users of the keys would not need to do anything which could be detected as a revocation trigger. Advanced Encryption Standard (AES) A standard for symmetric cryptography endorsed - after open technical competition - by the National Institute of Standards and Technology in the USA. Because it's free, secure, and subject to intense scrutiny by the cryptographic community, AES is the obvious choice for the symmetric requirements of many security applications including DRM. Many DRM applications use 128-bit AES somewhere in their architecture. Currently AES is not usually used for persistent content encryption; there, more lightweight stream ciphers such as RC4 are preferred. However as processing power becomes cheaper it is becoming become more common - it is already used in DTCP and WMDRM-ND, for example. Advanced Video Coding (AVC) See H.264. Aegis DRM A UK-based DRM technology company which apparently has solutions in the Enterprise space for both Web and Office documents, as well as for software. This is quite a comprehensive range for a new company and it will be interesting to watch the competition between them and competitors such as SealedMedia. Aegisoft Also known as 1800software. A Digital Rights Management technology vendor which specialized in PC game DRM and reputedly had PC Video DRM in development. They were bought out by Real Networks in January 2001. Aggregator A business which assembles a collection of content from various publishers under one banner, typically in the form of downloadable content on a Web site. Some businesses become aggregators primarily to provide "one-stop shopping"; for instance, an online music site must have content from all major labels to be competitive, because consumers don't want to worry about which label their favorite artist works for this month. Others, like DRM technology provider Trymedia, sometimes become content aggregators to attract audiences and build a market for content using their (in this case DRM) technology, since otherwise that content might not obtain adequate distribution. Aladdin A software DRM company with roots in dongel-based protection. In recent years they have developed or acquired software-only DRM technology. They acquired the Ziplock Electronic Software Distribution technology from Preview Systems when Preview ceased operations in 2001. HASP SL is their current offering in the software DRM space. America On Line (AOL) The Reader's Digest of Internet Service Providers. It used to matter what AOL did and it's choices in partnerships with, say, DRM-enabled music services might have been major consumer influencers. However AOL's dominance is waning. They have stumbled badly in being way too late with broadband, and AOL Time Warner removed the "AOL" from its name in fall 2003. analog A continuously variable quantitative value, such as the air pressure variations caused by sound, electrical voltage on wires connected to speakers producing sound, or the wavelength of colors in a photograph. This is in contrast to the constrained values (in the simplest case, 1 or 0) which can be represented in the digital domain. Analog signals can be extremely high quality, however, transmitting them and recording them in high quality is expensive and time-consuming - and even with the best available techniques, analog copies degrade through the generations. That is why, even though analog techniques for content piracy have always been available, they were largely ignored by content owners, because they have not been used enough to significantly diminish retail sales of original media. Recently, as content owners have built protections around digital content, they are becoming more concerned with possibility of analog signals being used to pirate content. See The Analog Hole. Analog Copy Protection System (ACP) Macrovision's ubiquitous anti-copy technology, best known for preventing easy copying of DVDs to VCR tapes. Here's a PDF plug for ACP by Macrovision. Also known as "Analog Protection System" or APS. Analog Hole The potential weakness in a digital content-protection scheme that arises from converting the digital signal to analog, copying it, and re-converting it to a digital format with copy control removed. AS far ago as 2002, some content owners argued that copy protection should be built-in to the relevant electronic hardware components: analog-to-digital and digital-to-analog converters, as per this EE Times Article. In the United States, there are ongoing attempts to legislate-in such technology, such as this one from 2005. Ancoratech Son of Beeble. A California based company which is leveraging Beeble's patent in a new direction, emphasizing applications of BIOS security to the on-line identity problem. Given the fairly broad nature of the patent, it is likely they have other aspirations in the IP arena as well. Anti-Copy See Copy Protection AnyMusic A Japanese online music service spearheaded by Sony. The twist, as per this EE Times article, is that the content only targets portable Consumer Electronics players and cannot be played on PCs. Application Programming Interface (API) A logical connection through which one software component talks to another, usually within one computer and invisible to most end users. APIs are significant from a security point of view because they are a great place to attack. For example, the API to a "decrypt" subroutine might get passed the true key to a given piece of content, making that API call a great place to try a key discovery attack. Apple Computer The "other" personal computer company. For a long time Apple deliberately avoided Digital Rights Management. But in April 2003, Apple introduced its own music service, which has set the standard for the genre ever since. As you might expect from Apple, it's a mixed bag. The good news: user-friendly, very liberal DRM policies, 99 cent downloads, unlimited CD burning and transfers to their iPod portable player. The bad news: it only works with Apple iPod players - forget using that Rio MP3 player. And at first it only worked on Macintosh computers, but Apple introduced a PC version in October 2003. Apple is using the AAC codec from MPEG-4 and their own DRM called fairplay. The DRM is often cracked (here's one example), but that doesn't seem to slow them down too much. You have to give Apple credit for striking a plausible balance between the desires of on-line music consumers on one hand, and the content owners on the other - something that none of the other on-line music services have done as well so far. Asymmetric cryptography A family of cryptographic techniques which makes use of the one-way nature of certain mathematical functions, which results in a system where two separate keys are used. They are usually called "public" and "private" keys, and either key can be used to encrypt or decrypt data. If one of the keys is used to encrypt content then the other must be used to decrypt it, and knowing one key does not help you discover the other. This is also known as "public key" cryptography, because a sender of encrypted messages can make one key public. That key can read messages sent by him, or encrypt messages that only he can read; only he can create messages using his private key. Asymmetric cryptography is extremely powerful, can provide functions in addition to confidentiality (such as digital signatures), and scales well in large user communities. However it is also extremely compute-intensive, so in practical systems such as SSL and most DRM systems, it is usually used in combination with symmetric cryptography. ATRAC "Adaptive TRansform Acoustic Coding", a proprietary audio codec from Sony, originally used in Mini Disc players, and now incorporating MagicGate DRM. The audio quality of this codec is fine, but it just goes to show that Sony has always had a "Not Invented Here" problem. Does the world really need another manufacturer-specific codec ? I think not. Sony's official story is here. In fall 2004 Sony started supporting MP3 in its players, but they still use ATRAC on DRM'ed Sony tunes such as those from the JapaneseAnymusic site. Authena An "open forum for open DRM", Authena tries to be a clearing house for information relating to open-source content management including DRM. This looks to be a losing cause. The links range from the philosophical e.g. Larry Lessig's pages, to the practical, e.g. openipmp at sourceforge. Authentication The art and science of detecting exactly what person - or what physical or logical device or entity - you are dealing with in a specific interaction. Typically authentication works in a client/server context with the main security burden on the server. It is very difficult on the public Internet, which is why systems requiring strong authentication either are not Internet based, or add robust additional overhead (such as PKI or smart cards and associated procedures) to Internet-based access. Recently, "local" authentication has become important in DRM, as various software components inside a software-based player authenticate one another, to try to prevent the use of rogue programs to steal content.
B	Business-To-Consumer (B2C) A business paradigm in which business either sells directly to consumers, or provides infrastructure to other businesses which do so. iTunes and Windows Media Player are prime examples in the DRM space. During the dot-com boom of the late 1990s, many startup companies flailed in desperation between this and the B2B model. For the most part, they started out with a B2C vision, but either could not get worthwhile content, or were years ahead of the consumer in terms of technology expectations. Business-To-Business (B2B) The counterpart of B2C, above: a business paradigm which either sells directly to businesses, or provides infrastructure to other businesses which do so. The slight shift of DRM's focus to the enterprise market beginning in 2004 reflected that businesses were more ready than consumers (other than some online music customers) to embrace DRM. Authentica is the thought leader in this space. Basic Input-Output System (BIOS) A part of every PC and video game console, which controls various aspects of the systems operation, notably the bootstrap process. In game consoles, the BIOS is a fundamental part of the anti-piracy strategy. It either implements security functions directly or launches a "chain of trust" to other software using mechanisms such as Code Signing. In most game consoles (e.g. PS2), the BIOS is on a separate physical chip with readily accessible pins and the attack of choice is a Mod Chip that bypasses the legitimate BIOS in favor of a piracy-friendly one. On the PC, the BIOS does not perform any such functions currently and there is no moral equivalent of the "mod chip." However, just as for a console, it is the first code to run when a system powers up and so a logical place to begin a chain of "trusted" software. Microsoft's (arguably stalled) NGSCB includes this among other enhancements. There are also efforts underway to put specific DRM support into the BIOS such as that from Ancoratech. BD-ROM The format specification for manufacturing video disks for Blu-ray disks. Bear An Open-Source implementation (from Dartmouth University) of a trusted computing platform for Linux, built according to TCPA principles. The intent is admirably democratic: taking TCPA out of the hands of mega-corporations and putting it into the hands of the people... but one suspects that "the people" (especially the ones who contribute to Open Source developments) probably do not want TCPA in the first place. Indeed, the Web site shows little sign of activity since 2003. Beeble A California company which, based on this Patent, staked a claim to the idea of inserting license information for a DRM system into the BIOS of a PC. Beeble ceased operations in 2004 but the patent and principals have resurfaced at Ancoratech. BigChampagne BigChapagne started out tracking trends in illegal downloading and reporting them to the record labels think of Nielson ratings for Kazaa ;-). Illegal downloading is less of an issue than it once was, so they have wisely adopted by including data on legal downloads as well. Bit-Arts A UK-based Digital Rights Management technology vendor, which seemed poised to attack many sectors of the market when it mysteriously disappeared sometime in 2005. Biometrics A technology of authentication which identifies individual humans based on unique physical characteristics which are hard to spoof, such as fingerprints, retina patterns, or voice prints. Despite what you might think from James Bond films, biometrics is an imperfect science - see crossover error rate for more on that. As a result, it is rarely used on its own, but rather as part of two-factor authentication system where the biometric identity adds more confidence to a candidate identity already established by some other factor, such as a password. Biometrics today is way too heavyweight and expensive for mass-market DRM and is mostly found in high-security applications in government and industry. Musicrypt is the only example that comes to mind of a mainstream DRM company using biometrics. Black Box A component whose boundaries are well defined and whose inputs and outputs can be observed (and perhaps the inputs manipulated), but whose internal operations cannot be observed. For DRM and similar applications, a well-designed physical black box provides perhaps the best currently attainable level of protection. Smart cards are one kind of black box. In the media world, a Super Audio CD player is a "black box" whose inputs are AC power and an SACD disk, and whose output is multiple channels of analog audio. Compliant SACD players cannot have unencrypted or raw digital outputs. What is hidden inside the box - and what the SACD designers don't want anyone to figure out - are mechanisms such as encryption, watermarking, media binding etc. which try to prevent both digital copying of SACD disks, and the creation by home users of their own playable SACD disks. A PC, by contrast, is a white box, whose internals are very open to inspection, reverse engineering etc. Most of the initiatives to make PCs more secure, such as NGSCB and secure audio path, amount to putting little black boxes inside the white box of the PC. Black Hat A hacker with malevolent intent - the counterpart of a White Hat. Black Hats are the predominant source of cracks and exploits. Blu Ray The Blu-ray media disc, the new high-definition media format which finally won out in early 2008 over its rival HD-DVD. Blu-Ray, like HD-VD, uses the AACS protection scheme and several related security technologies. The security arsenal is considerable, including bringing revocation and "push" software updates (contained on the media disks) to the mass-market Consumer Electronics domain for the first time. As a consumer, let alone a DRM expert, I am in no hurry to buy a piece of off-line consumer electronics which will "change its mind" about how it behaves at some unknown point in the future. Break Once Break Everywhere (BOBE) A common but undesirable attribute of many software-based secure systems, including digital content control technologies, namely, that if one person produces an effective attack such as a content-protection crack, others can use it anywhere, in the worst case for all content on all systems using similar software. Broadcast Flag A controversial technical copy-protection proposal solicited by the Federal Communications Commission and prepared by the CPTWG, for digital television broadcasts in the United States. Under this proposal, a flag in a digital TV channel's data stream controls whether digital copying is allowed or not. The Motion Picture Industry loves it, but almost everyone else hates it. It appears the MPAA has better connections, because in a classic example of Design by Politician, the FCC recommended it be mandated (PDF) in fall 2003. And then in 2005, a US court ruled that the FCC did not have the power to mandate the broadcast flag in the first place. So now powerful content owners are drafting their own "suggested" laws to deal with it, either by expanding the powers of the FCC, or having the US Congress legislate the issue directly. The US government's motives are not just the usual Republican pro-business ones in this case. They want the radio spectrum from soon-to-be "legacy" analog TV broadcast frequencies back, and they'll never get it back if consumers don't switch en masse to digital TV. Hollywood's argument (which if history is any guide will eventually prevail) is that the carrot for consumers to switch to digital is premium Hollywood content, and such content will only be available if the broadcast flag is implemented. One could argue- and many have - that the broadcast flag is a *disincentive* to the adoption of digital TV, because it makes a "digital VCR" an oxymoron. Who would spend thousands of dollars on a new TV system when a basic capability he already has - home taping - is substantially taken away by it ? Brute-Force Attack An attack which seeks to defeat security schemes using passwords, serial numbers, cryptographic keys, or similar secret data, simply by "guessing" and trying every possible value until one works. As a rule, brute-force attacks are ineffective against well-implemented systems. If the system is cryptographic, keys in modern cryptography are quite long and an exhaustive search would take many years- perhaps millions of years - with current technology. As for logon passwords, measures such as a lockout after a certain number of unsuccessful attempts can slow the attacker to a crawl (unless he's doing a local attack on a copy of your password file, in which case you have other problems- and it still takes quite a while). Serial numbers usually have internal validity checks so that randomly guessed values would mostly not even pass those checks. As a result, brute-force attacks are rarely used by hackers, who prefer other techniques such as key discovery, keygens, clear text interception, or social engineering instead. Business Model How all of the players involved in a business transaction make money, from the end consumer and through the value chain. What's this got to do with DRM ? Plenty. For the better part of a decade, DRM technology has languished while people squabbled over how to share on-line revenue that they would never get in the first place, usually because their business offers sucked. A case in point from 1998: a broadband ISP wants game software companies to pay it for making their software easily available to its customers. The game software companies argue that access to premium content helps the ISP sell service, so the ISP should pay them. Result: a stalemate, a half-hearted implementation, and 10% of nothing for infrastructure players like DRM providers. Fast-forward a few years: there is an online content business, and it has a standard retail model: the 99 cent music-single download, years late though it may be. Behind the Web site, however, it's still a mess, with half-a-dozen parties haggling for their share of the revenue, and profits being elusive for most of them. This is in large part the result of Byzantine licensing rules and entrenched players such as the major record labels. Now that the genie of healthy competition is out of the bottle, it cannot be put back in, much as some of the embattled incumbents would like it to be. Major artists who can get by without a label - or up-and-coming artists who never had one in the first place - can go direct to on-line. Peter Gabriel organized just such a system. Further, all-you-can-eat subscription business models are appearing as alternatives to paying per tune. This is certainly a good thing for on-line content, and a bad thing for the RIAA. Whether it supports growth for independent DRM providers, or just more dominance for in-house DRM from the likes of Microsoft or Apple, remains to be seen. Burst Cutting Area (BCA) An optional add-on data area sometimes used on DVD media. Originally proposed by the now-defunct Divx video-rental company, it is a way of putting unique information such as serial numbers on otherwise mass-produced and identical DVDs. This is because putting data on the BCA uses a laser as an additional step after the stamping of the DVD. The BCA is also in a section of the disc which could be read but not written by consumer DVD burners, thus helping copy protection schemes. More recent formats are capable of burning it however. Because the BCA adds expense to the production process it is not widely used, the only notable exception being Playstation games. buymusic An early (July 2003) entrant into the on-line music distribution business. Launched by Scot Blum, the founder of buy.com, it uses Microsoft Windows Media Player technology and was the first answer for Windows users to Apple's then Mac-only iTunes service. Initial reviews were mixed. At 79 cents a song, it's cheaper than iTunes; however, it is not as user-friendly and different songs have different rights associated with them. For more details here is a PC World Article on buymusic.
C	c-dilla UK-based company which developed CD anti-copy technology for software and audio. They were bought-out by Macrovision in 1999, which morphed their technology into the "SafeAudio", safecast and CDS products. Macrovision has also acquired related technology from TTR and apparently aims to be the leading expert in this field. certificate A digital document which uses cryptographic techniques to create a mathematically unspoofable association between some data and an entity that certifies that data. Certificates have many flavors and applications. The best-known one is probably the X.509 certificates issued by companies such as Verisign which act as "certification authorities" for the identity of a Web merchant in SSL sessions, as used to provide privacy for credit-card transactions. In such cases the certificate is associated with a public-private (asymmetric) key pair which was created by the same certification authority, and the public key is actually part of the certificate. In the world of DRM, certificates are becoming common now, but they are almost always "under the hood", identifying components of the end-to-end infrastructure and not the actual consumer. Therefore, the consumer is not aware of their existence or function. The proposed Coral architecture aims to make such certificates a standard part of each interacting component. Certified Output Protection Protocol (COPP) A security technology which Microsoft is phasing in for video subsystems as a requirement for logo certification. The details are not public but the gist of it seems to be that drivers are well authenticated, protected from tampering, and the control signals (though not the media content) are encrypted across even internal interfaces such as software APIs. The end objective is that signals controlling security aspects of video outputs such as HDCP, which may, for instance, originate with the Broadcast Flag, are not tampered with so as to enable unauthorized high-quality recording from the video outputs. Channel Conflict A classic business dilemma where one method of selling something reduces the revenues that would otherwise be obtained from another method. For example, selling software through online downloads reduces the revenue of retail software stores. In the worst case, a poorly chosen new channel can simultaneously alienate major partners and reduce overall revenues. Fear of channel conflict is endemic in the content industry. Unfortunately, sometimes the most significant competitive channels are ones - such as peer-to-peer networks- which generate no revenue and content owners don't control. In the long run the only way to succeed is to recognize the whole channel set, including channels inside and outside your control, and optimize it so that it most consumers prefer the legitimate channels and so generate a reasonable return on your investment. Check In / Check Out The ability of a DRM system on one platform, such as a PC, to "lend" a copy of a controlled asset to another platform - such as a PDA or another PC, - in such a way that the asset behaves like a physical one. That is, it is "checked out" from the original system and cannot be accessed from there until it is later "checked in" from the other device. The intent is to support space shifting without helping make possibly unlimited, illegitimate copies. However it is extremely hard to implement in such a way that it is both secure and convenient, and considering that it closes a relatively small security gap, it is not clear that it will become a mainstream feature of DRM systems any time soon. Chilling Effect The intimidation of corporations or citizens based on allegations - usually in letters from lawyers- that their (typically on-line) activities are in violation of some law such as the DMCA. The problem is that it usually doesn't matter whether the allegations have merit or not. Most recipients of such letters simply give in regardless, because they cannot afford the distraction and cost of a legal fight. The chillingeffects.org Web Site is a clearing house for information on this activity. Cinea An American DRM technology company founded by key executives from Divx. They developed technology to prevent the video taping of movies from theater screens using camcorders. Their main current product is a fingerprint-based "secure DVD player" used for Hollywood screeners (advance movie copies sent to Hollywood insiders for award-related reviews, which have often been pirated.) They apparently also have a pool of intellectual property from Divx. They were bought by Dolby (PDF) in September 2003. Cleartext, Cleartext Interception "Cleartext" is the term used in cryptography for the unencrypted form of a protected data item. (The term "plain text" is also used.) An intelligent attacker of a cryptography-based system seeks to obtain a cleartext with the minimum possible effort. In DRM systems, obtaining a cleartext is usually (for the case of audio/video media) equivalent to cracking the system's security. In the world of mass-market open systems such as PCs, intercepting a clear text is usually very easy, for two reasons: All you have to do is "play" the content once... and the first user might even pay for it, and In open systems the decrypted content, even if intended to be hidden and transient, can always be intercepted, such as by a Wedge Program. As a result, cleartext interception is the attack of choice for many pirates, especially with audio and video. Cloakware A North American (U.S. headquarters, Canadian R & D) technology company which provides security technology useful for DRM and other applications. Their products provide source-based obfuscation to slow down black hat attackers, and controlled diversity to counter cracks and similar automated code-based attacks. More recently they have developed "packaged" solutions which enable software developers to comply with the Robustness Rules associated with media DRM standards such as DTCP. In 2007, Cloakware was bought by Dutch Set-Top maker Irdeto. *Full disclosure: your scribe has been working for Cloakware since 2004, and is still an even-handed commentator on the DRM scene - I do this on my own time ;-)* cloning A special case of spoofing where an attacker analyzes a component of a security system (typically a physical one like a smart card) and succeeds in understanding it well enough to make "plausible" copies. These copies are good enough to fool the system (e.g. the phone network) into providing free service - free because there is either no associated subscriber, or a fraudulent association to another existing subscriber. A typical cloning scenario for modern cell phones is described here. cocktail A proprietary encryption algorithm used by Microsoft to encrypt media data in their DRM systems such as WMDRM and PlayReady. It is essentially a variation of RC4 which, so to speak, "rotates the shield frequencies" so the derivation of the final bytewise XOR values (keystream) has variations thrown in relative to normal RC4. codec Short for "coder-decoder". In this context, a codec is a digital algorithm, typically executed in software, which transforms a media signal into a form optimized for transmission or storage, and then transforms it back again. The best-known codec, MP3, transforms a raw PCM music signal into a form about 10 times smaller than the original. It is important to note that a codec is NOT the same as - although it may be related to - a file format Code Signing Putting a digital signature on a piece of code to provide assurance that it was produced by a known entity and is untampered. Often the techniques of PKI are used. Sometimes code signing is designed to inspire confidence in the user, as when installing browser add-ons. In the DRM world, code signing is often used to very that rights-enforcing code has not been tampered i.e. to inspire confidence in the content owners. Compliance Rules Term of art for behavioral rules which manufacturers of equipment implementing DRM must ensure their equipment follows. For example, video cards must ensure output copy protection such as ACP is turned (in this case, for NTSC outputs) if the content license so specifies. Since hackers will inevitably seek to crack such systems to allow unrestricted copying, there are usually additional Robustness Rules, designed to make the system resistant to attack, which must also be complied with. In practice, Compliance Rules and Robustness Rules are technical documents tied to license contracts for particular DRM technology such as Windows Media DRM or CPRM. Most compliance rules are private but here's a publicly available example for CPPM from the 4C Entity. Compulsory License A license to use content which is prescribed by law on a blanket basis for a given situation, as opposed to being negotiated between users and copyright holders. It's "compulsory" because, as a practical matter, copyright holders can't say no. They DO get paid, although the formulas by which this happens are a matter of great debate. Compulsory license serve legitimate purposes in some arenas. Most notably, they enabled commercial radio to become a viable business by giving radio stations access to a vast range of music without having to enter into endless negotiations with thousands of copyright holders. Some commentators (notably the EFF) argue that the current mess in digital music - P2P downloading of pirated MP3s - could be solved by compulsory licensing, but they have yet to make a compelling case. Perhaps few of us care that compulsory licensing would weaken the raison d'etre of powerful, well-connected groups like the RIAA, but the U.S. Congress does. More fundamentally, in the absence of good revenue sources for distributors, it's hard to see how the business model would work without in effect becoming a general "music tax" - which sounds wrong even to this liberal Canadian, and would never fly in the free-enterprise-will-fix-all-problems ethos of the USA. Conditional Access (CA) The term used for controlling the viewing of television signals in a broadcast - (e.g. satellite or set-top cable)- television system. Such systems differ from consumer PCs in that they typically have proprietary, tamper-resistant, uniquely addressable terminals, and often use Smart Cards or PODs as well. There is also an emerging market for software-based conditional access, which eschews smart-cards in favor of flexible, tamper-resistant software control. By some estimates, the "cracking" market for CA on satellite TV systems - i.e. the money spent on hacked Smart Cards - is larger than the entire legitimate revenue of the satellite TV business. Constrictor A software component which deliberately degrades the quality of a (usually video) signal. The idea is that when a signal is at risk of being copied, it should not be pristine "copyable unto the Nth generation" quality, but rather behave more like a low-quality analog copy, making it undesirable as a source of pirated content. This can be accomplished in various ways - for example, an HDTV-quality image could be down-sampled to lower resolution and re-sampled up to HDTV again - but a lot fuzzier. Windows Vista might do this if, for example, a high-resolution video was playing on an "insecure" monitor. Many observers consider this is an unwelcome use of extra PC cycles to make things worse. You could also argue that it just attempts to mimic the analog world, where copies are possible, but their quality leaves something to be desired. Consumer Electronics (CE) Everyday fixed-function electronic appliances such as audio CD players, DVD players, SACD/ DVD Audio players, or MP3 players. These are significant for DRM because the dominant formats - Red Book audio and MP3 for music and MPEG-2 / CSS for DVDs - are almost impossible to change in a way which makes them hard to steal on a PC without screwing up their performance on CE devices which are deployed in the billions. In fact, exactly this has happened repeatedly, starting with Audio CDs as early as 2002. The newer DVD Audio and SACD formats have non-trivial copy protection and, just as important, license restrictions which prevent them exporting unencrypted digital content. However, the quality improvement with these formats is not significant except for the minority of consumers who have high-end audio equipment, and the inability to make digital copies is unattractive. Thus it is far from clear that mainstream consumers will move to these new formats - which accounts for some of the desperation seen recently in trying to protect legacy formats. As for the emerging Blu-ray and HD-DVD video formats, many are disturbed by the addition of Revocation to CE devices for the first time, in Blu-Ray players. That is, your player might decide to behave differently at some point in the future, because the distributed discs contain not only the movie content, but also software upgrades and lists which may ban certain devices or certain content. Considering this "feature" alone, your scribe will not be buying such a device any time soon. ContentGuard A DRM technology company spun out of Xerox, based largely on DRM patents from Xerox' famous PARC research institute. In 2004 there was a controversial takeover by Microsoft, Time Warner, and Thomson. For more information see their entry in our DRM vendors page. Content Protection for Recordable Media (CPRM) A system for "renewable cryptographic method for protecting entertainment content when recorded on physical media" from the 4C Entity. CPRM has flavors for several storage media types, notably SD Cards. They also had a controversial proposal for, ATA Disk Drives for PCs, which met wide opposition and never went anywhere. Content Protection System Architecture (CPSA) A set of guidelines for content protection in the video space developed in co-operation with the CPTWG. They don't have the force of a standard or clear corporate backing, but they do provide insight into the thinking of content owners and Consumer Electronics Manufacturers. Here's a thorough Article from ExtremeTech on CPSA. Content Reference Forum A zombie industry forum that aimed to foster interoperability for DRM systems and to allow the extension of such systems to P2P, viral, or other distribution forms. The key concept is that an always-resolvable reference to content is an essential starting point for content-based commerce, and that details such as the format of the content are changeable and secondary. This is, technologically, a good approach, and key players such as Microsoft are members. However it seems the usual logjam of competing commercial and IP issues has slowed things down since the Web site has very little sign of activity since 2003. Content Scrambling System (CSS) The encryption scheme for DVD video disks, which was famously cracked by a Scandinavian teenager who released deCSS, a DVD decoder for PCs, in 1999. Convergence A buzzword used by anyone trying to sell high-tech gear with ever-more features crammed in - cell-phones with color graphics, Internet capability, and PDA functions, for instance. The term is used in two ways, to refer both to the convergence of many functions in one box, and to the convergence of many applications over one network (for example, Voice Over IP.) So far, convergence has been more of a vision than a reality. However, a number of factors - ubiquitous wireless, a critical mass of standards, and the amazing processing power of cheap integrated circuits, are making convergent devices a mass-market commodity. As this unfolds, DRM on these devices will become a hot issue, as will new malicious attacks enabled by convergent networks. It is a large business challenge, given widely diverse technology bases, severe manufacturing cost constraints, and often low-value content. One symptom of convergence is that device makers are staring to combine both OMA DRM and Windows Media DRM in a single device. Copy From Device (CFD) See Device Bridge. Copy Generation Management System (CGMS) A system designed to prevent digital copies being made from DVDs. There are separate versions addresses for copies which are transferred between devices in analog form (CGMS/A) and in digital form (CGMS/D). Due to fumbling between industry standards groups CGMS/A is largely ineffective in the European PAL format. copyleft As the name implies, a kind of opposite to copyright, used by the free software movement. Material which is "copylefted" is not only publicly available, but requires that all of its users maintain its public availability even if they modify it. The intent is that material such as open source software remains freely available as it evolves and improves, rather than reverting to commercial status. Copy Protection Copy protection is the use of technology to prevent the copying of analog or digital data. By this definition, trying to make uncrackable copy protection is futile. Unfortunately, many people believe that copy protection and DRM are the same thing. They're not. More enlightened DRM approaches, such as those developed by the now-defunct :-( NetActive welcome copying as free distribution and focus on controlling how the recipient uses the copied data. Copy protection is also causing a backlash amongst consumers by preventing, for instance, legitimate ripping of tunes via iTunes by iPod owners. Content providers have seemed determined to kill physical audio CD sales with harebrained anti-copy schemes. However the 2006 Sony Rootkit Fiasco brought things to a head and in 2007 the major labels hopefully gave up on copy protection for CDs. Copy Protection Technical Working Group (CPTWG) An industry consortium, apparently sponsored by the MPAA, which proposes copy protection technology. They created the current Broadcast Flag proposal and are also investigating means to close the "analog hole." Copyright A set of cultural expectations and laws that aim to strike a balance between the ability of a creative person to get paid for her efforts, and the long-term needs of society. The details vary widely from one place to another, but the principles are commonly understood. For example, if I buy a copyrighted audio CD, a bit of copying for certain uses is OK, but a lot of copying -especially if I'm selling the copies - is not. This particular notion is called Fair Use in the USA. Unfortunately, in the face of trivially copyable digital goods, copyright in its current form is in trouble. Many software companies are attempting to get around copyright expectations they don't like by positioning their transactions as License Contracts rather than sales of copyrighted goods. Content owners can't get both traditional fair-use behavior and robust protection, so many of them are simply trying to prevent copying altogether. It's not clear how this will play out, but the current situation is clearly transitional. For more on this see our DRM Policy page. Coral Consortium In the words of their Web-site at launch in October 2004: "..a cross-industry group to promote interoperability between digital rights management (DRM) technologies...". Interoperability is a most worthwhile goal. AS of early 2008, it remains to have much impact in the real world. It is probably not a coincidence that the founding members represent the largest pool of DRM IP on the planet, with only Microsoft's being comparable. As always, much can be learned from who's NOT a member. The Microsoft/Contentguard/Time Warner triad is missing. Apple's iPod/iTunes is doing just fine without interoperability. To be fair, there is some good technical thinking here; for instance they demonstrated that Windows Media DRM can work in the Coral framework. CPU Serial Numbers A security idea introduced by Intel in the late 1990s: a unique (the 64-bit) number in every Pentium CPU. It generated a huge public backlash due to concerns about privacy. Stung by this, Intel determined to share any good or bad consequences for their next security initiatives, and so the Trusted Computing Platform Alliance was born. The aversion to "serial numbers" is so strong that even today the NGSCB, which uses a public key per PC, attempts to keep the public key private(!) so it cannot be used as a serial number. Crack *No, crack-trollers (you know who you are) we don't give out cracks here!* (Verb): the art and science of discovering one or more security "secrets" with an aim to defeating the related security system. DRM systems for software are often "cracked" by reverse-engineering and modifying their software executable files to circumvent built-in restrictions - typically copying or usage restrictions. The term is also used for the discovery of cryptographic keys and passwords, especially when the latter are derived by analyzing a Unix-style hashed password file. It is also applied to breaking hardware-based schemes, for example, cloning GSM SIM smart cards. Sometimes the term is also used to refer generally to any malicious activity by hackers, such as breaking into other people's networks. (Noun): The captured, redistributable result of a successful "cracking" exercise - typically a password, small set of instructions, or executable code-modifying program, which allows unskilled users to circumvent built-in limitations as above. The problem of cracks is that *one determined dishonest technical expert can usually enable theft of content by millions of non-technical people. (See also exploits and BOBE).* Creative Commons The brainchild of Larry Lessig, Creative Commons is a Web site, a technology, and a concept, all in support of Larry's ideas about what to do about copyright in the Internet era. The essence of the idea is to support direct relationships between creators and consumers of digital content, without technological copy protection but with an automated scheme that makes choosing various licensing options easy. Will this be to the major media companies what Linux is to Microsoft i.e. a plausible alternative ? Will people still refuse to pay for online content when it's really easy and much of the money goes to the creators ? Time will tell, but it's an interesting experiment and there is some good content using the system already - see for instance Magnatunes. Credit Cards Those ubiquitous pieces of plastic which *a significant part of the Internet content audience does not possess.* They also aren't very good for billing small amounts of money - as Apple and others are finding out with 99 cent downloads such as those on iTunes. Apple is responding with an online allowance program for kids. Theoretically, microtransactions could also fill the bill, though that road is littered with corpses. Another option is prepaid cards such as those announced by Napster. Crossover Error Rate (CER) The generally accepted figure-of-merit for biometric systems. All non-trivial biometric systems are tunable. If you tune a given system so that the percentage of false "accepts" equals the percentage of false "rejects", that percentage (say, 1% errors) is the Crossover Error Rate. Obviously, a lower error rate is better. You might expect that either false positives or false negatives could be eliminated altogether, but even expensive, state-of-the-art biometrics is far from achieving this. That's why biometric systems are almost never used alone to provide user authentication, but rather to provide additional confidence in a system which already has a candidate identity. It is also true that better performance (lower CER) comes from more expensive and invasive technologies such as retina scans. Simpler technologies, such as keyboard pattern recognition and voice recognition, are the only ones that can currently be contemplated in DRM systems. Customary Historic Use A really insidious idea from the American entertainment establishment: a successor to Fair Use which says, in effect, that any new creative media application may be illegal if it does not somehow make "customary historic use" of the material in question. Hopefully this will not get beyond the proposed-legislation stage. More from Ars Technica here. Cryptography Cryptography is the technology of keeping - and selectively sharing - secrets, which is a key component of Digital Rights Management systems. For more details see the entries on the most popular implementations of cryptography: symmetric cryptography, asymmetric cryptography, and PKI. Cryptography has been over sold and misunderstood in DRM circles. To help clear this up, see the more detailed analysis on the Cryptography in DRM page.
D	darknet 1)A term coined by Microsoft in their seminal 2002 paper The Darknet and the Future of Content Distribution. This paper doesn't really say anything that Internet experts didn't know already - i.e. that content protection systems will always be cracked by somebody, somewhere, and stolen content will always be illicitly traded in "dark" corners of the Internet. But the paper is significant in that is an unusual expression of candor from Microsoft, and also in that it encourages people to think beyond black and white notions of "crackability". A content management system can be crackable and still provide both good risk management for content owners, and good value for consumers. 2) A book of the same name largely concerned with DRM. deCSS A crack to remove CSS encryption (thus, "de-CSS") from DVD video. The quick emergence of deCSS was an embarrassment to Hollywood and rightly discredited the sort of closed-door, secret process by which the weak CSS scheme was developed. Residential broadband Internet connections, DVD burners and DVD copying software are easily accessible so this is a practical problem, though there is little data on the associated revenue loss. The studios are tacking no chances with the next generation, building much heavier security into both HD-DVD and blu-ray formats. Design by Lawyer A paradigm according to which technology is designed, not to actually work (i.e. accomplish common-sense objectives), but to make sure that there is someone to sue when it fails. Sometimes this takes the form of laughable "protection" measures which are trivially circumventable but - gotcha ! - you can't circumvent them without violating the DMCA. Design by Politician Although most politicians are lawyers, this is even more dangerous than design by lawyer, because politicians can force manufacturers - and thereby consumers - to use their bad designs through legislation. While a notable previous American attempt - the Hollings Bill - went nowhere, an arguably equally misguided proposal was endorsed by the FCC in fall 2003, as described in our entry on the Broadcast Flag (though fortunately it was overturned later). Device Bridge Term adopted by Microsoft in 2006 for a protected content transfer link between Microsoft devices, formerly known as CopyFromDevice (CFD). It is a quick copy mechanism used for content transfer, as opposed to real-time streaming. It debuted (at least under that name) along with the Zune portable media player, and is used for the wireless sharing feature of the Zune. DFAST "Dynamic Feedback Arrangement Scrambling Technique". An encryption mechanism used in the digital set-top box arena, invented by (and licensed, with a little encouragement from the FCC), from CableLabs. Digibox An interesting bit of history: an early (1995) bit of DRM-related Intellectual Property from Electronic Publishing Resources, which later became Intertrust. A copy of the paper from Usenix can be found here. Digital Represented by discrete values such as 1 and 0, as opposed to the continuously varying values of the analog domain. From a DRM perspective, the significance of a digital representation is that collections of 1s and 0s - such as, say, DVD movies- can be transmitted and copied perfectly for many generations. Add personal computers and hackers to the mix, and digital content piracy becomes so easy and potentially damaging that Digital Rights Management technologies are required. Digital Asset Management (DAM) The art and technology of managing large, complex, evolving collections of digital assets, such as the file sets of a large Web site, or a collection of media files which can be distributed over the Internet. Many content owners, trying to make content available on line, have found that large-scale DAM is a difficult obstacle which must be addressed for a site to be viable, whether DRM is also involved or not. This is especially true when the content has complex licensing or royalty requirements, some of which may have been negotiated years ago without taking Internet distribution into account. Software to automate DAM processes is available from companies such as picdar. Digitalgoods A defunct provider of DRM technology for eBooks. For more information see Softlock. Digital Living Network Alliance Formerly known as the Digital Home Working Group, a consortium which seems to be promoting interoperable home media networking, including DRM capabilities. I say "seems to be" because you have to pony up thousands of dollars a year or more to join and find out what they are really up to. This is arguably not a good way to get a critical mass of adoption. However, their support from Intel and alignment with DTCP seem to be moving them in a reasonable direction. Microsoft is also a member, and is pushing hard for inclusion of their own otherwise-proprietary WMDRM-ND interconnect scheme as well as DTCP. Digital Media Project A multidisciplinary advocacy group led by Leonardo Chiariglione, which is trying to help digital media out of its current technical, legal, and commercial log-jams, but without much effect. The group has very little commercial support ; their initial wide-ranging Digital Media Manifesto document provided a useful vision and in 2005 they published more practical specifications, but nobody with any commercial clout seems to care. Digital Millennium Copyright Act (DMCA) The DMCA is legislation passed in the USA in 1998. It attempts to bring copyright legislation into the Internet age, but many observers feel that it tilts the balance of power way too far in favor of copyright holders. The Electronic Frontier Foundation has an html copy here. The DMCA is immensely controversial and is covered in more detail on our DRM Policy Page DPRL(Digital Property Rights Language) An early Rights Expression Language developed by a team led by Mark Stefik at the Xerox Palo Alto Research Center. DPRL was conceived before XML became the clear choice for metadata in general and Rights Expression in particular. Although XML implementations of DPRL were proposed, today DPRL is a historical artifact whose concepts have been adopted by XRML and ODRL. Digital Rights Management (DRM) See our what is DRM page. Digital Transmission Content Protection (DTCP) A proposed encryption mechanism for use on advanced digital interconnect joining consumer electronics and PCs, sponsored by the 5C entity. The thinking is that unencrypted media transmitted over standardized high-speed digital interconnect such as IEEE 1394 ( or IP over high-speed Ethernet) is easily intercepted for piracy purposes, so it should never be allowed "in the clear", even between two boxes in a consumer's home. Digital Transmission Licensing Administrator (DTLA) Apparently, to judge by the Web site, the same organization as - or the outward face of - the 5C Entity. Also apparent from the Web site is that they only have one thing to license, DTCP. Digital Versatile Disk (DVD) Also known as Digital Video Disk. The hugely popular plastic-disk format for home viewing of movies using the MPEG-2 codec. It was the first mass-entertainment medium to feature encryption, although the security design was poor and was cracked soon after the format became common. The emergence of home PC-based DVD Recorders has movie studios afraid that the same large-scale copying that goes on with Audio CDs will happen with DVDs as well. Constrained as they are by backward compatibility with Consumer Electronics DVD players, they can't stop this technologically in the current generation. Since DVDs account for almost half of movie studio revenue currently anyway, it's hard to be too sympathetic. Jim Taylor maintains the authoritative DVD FAQ. The next high-definition generation of video disk technology, just coming to market, presents the opportunity to fix shortcomings in DRM and other areas. However, there is the usual squabbling between opposing camps ( Blu Ray and HD-DVD) which, combined with other factors, makes mass adoption of the next generation seem unlikely before 2008 at the earliest. Indeed, early Blu Ray players have been released before all the standards involved are ironed out, creating a significant risk to consumers. The two camps do agree on using AACS for DRM. Digital World Services A European digital content distribution company best known for attempting to make Napster "go straight", by developing a DRM system for Napster at the request of their mutual parent company, Bertelsmann. Within the culture of Napster it is doubtful that any DRM technology could have succeeded, but Napster died for other reasons before we had a chance to find out. Since then they have apparently changed their focus to DRM-agnostic content distribution of content such as university textbooks. Diversity Deliberate variation between individual instances of something - typically software code or digital media - designed to make it traceable and/or to make it resistant to fixed-function attack tools such as cracks. DivX 1) A media technology company originally focused on a codec of the same name, which, years ago, offered the best compression efficiency and was favored by the technical PC "underground" crowd. Recently, more efficient codes such as H.264 have emerged, so DivX has adapted by providing other parts of the solution as well. There was a 2006 DRM- deal with Google but Google cancelled their DRMed video service in 2007. 2) A consumer electronics company that made "trick" DVD players that called home in the late 1990s. Encrypted DVDs were used that didn't need to be returned to video stores, since their play periods were controlled by DRM technology in the players. Although the technology apparently worked as intended, commercial factors killed them in 1999. Most notably, the requirement that consumers buy a special (and more expensive, and harder to find) DVD player caused inadequate adoption rates to sustain the company. Some of their executives bounced back to found Cinea. Document Object Identifier (DOI) A proposal for a sort of Internet Dewey Decimal System which could provide unique identifiers for intellectual property on the Internet. Dongel A pocket-size PC peripheral hardware device. Today the term can loosely cover any such device, including simple USB key chain memories. Historically, dongels were hardware anti-piracy devices which had to be plugged in for a specific software application to run on a given machine. Dongels from companies such as Aladdin or Rainbow, were typically associated with expensive CAD (Computer-Aided Design) software packages. Dongels are considered very inconvenient and are widely cracked anyway. As a result, most companies which sell dongel DRM solutions also have software-only DRM solutions. Some companies are also packaging more capable smart card technology in dongel-like packages such as key chain-sized USB plug-ins. This provides many of the benefits of a traditional smart-card without requiring a separate reader peripheral on a PC. Domain A collection of devices which support protected media and which can share the media, and a single license for that media, in such a way that the user can access protected content on any of the devices. Technically, this is quite hard to do when the content and license are stored on the user's device. Only two DRM ecosystems currently support domains, Marlin and PlayReady. Dublin Core A group of standards from the "Dublin Core Metadata Initiative" which address various aspects of Internet metadata. The group predates XML and has no inherent relation to DRM. Recently they have focused on XML implementations which are of particular interest in the publishing industry. DVD-Audio A variation of DVD which provides high-quality digital multi channel audio. (The DVD-Audio version of Philip Glass' "Koyaanisqatsi" is astounding on high-end gear.) It competed with Sony's SACD format, and neither is winning in the marketplace - they are virtually historical collector's items a of early 2008. (For instance, your scribe knows no-one else who buys or listens to such disks). Unlike the older Audio CD format, DVD-audio does have built-in copy protection using CPPM as specified by the 4C Entity. There are no material cracks, due largely to the closed-platform approach where raw digital outputs are prohibited. This lack of copying ability is probably one reason for the format's very limited uptake. DVD Jon Jon Lech Johansen, the Scandinavian who famously cracked CSS as a teenager and has been a thorn in the side of copy protection advocates ever since. He has a record of consistently cracking DRM schemes, often with highly skilled help. In early 2005 he managed to design an iTunes client that can buy songs without DRM from the iTunes store. Later that year he surprised many observers by moving to the USA to work for Michael Robertson. Since Hollywood would love to see this guy in jail, you'd think he'd retire from activities which violate the DMCA. However, since he recently registered the domain deaacs.com, this seems unlikely. In 2006 he started out on his own, trying to make a legitimate business of applying his reverse-engineering skills to interoperability via DoubleTwist Ventures, and shortly after that he moved back to Denmark.
E	ecosystem (Better expressed as "Content Ecosystem" or "DRM ecosystem".) A sizable system of managed content distribution using a consistent technology base including DRM. By this definition there are only three ecosystems worth talking about: iTunes, Windows Media, and the Open Mobile Alliance. (Well, maybe four, since the Zune has its own ecosystem as well.) Ecosystems are very important because it is very hard to live outside of one. For example, it is much simpler for content owners to license their content on a per-ecosystem basis, because that way they don't have to do costly and difficult due diligence on a wide variety of content technologies - the ecosystems build that in via licensing rules for the participants. This can make life difficult for vendors of DRM technology who are not part of such an ecosystem. It's worth noting that all of the ecosystems above are concerned with consumer media. There are no significant ecosystems yet for software DRM or Enterprise DRM. Electronic Book (eBook) A book in electronic form, such as Adobe's Portable Document Format or the Open eBook Format. The term can also be applied to a physical, dedicated electronic book appliance, although the history of such appliances is not encouraging. After the death of the GemStar eBook and Barnes and Noble's withdrawal from the eBook content market in 2003, it took years for other attempts at hardware eBooks in the form of the Sony Reader in 2006, and then the Kindle from Amazon in 2007. The eBook market has been slow to take off due to consumer reluctance, piracy concerns, and a fragmented market with no useful standards. (The Kindle, for example, will not read PDFs). There has been some progress on content availability, such as from The British Library, and with classic titles from some traditional publishers. eBooks need DRM, at least some of the time, but the challenges of DRM are really not the main stumbling block here. Consumers are rightly suspicious of appliances which tie them to non-standard content formats - history shows that in a few years they will have a door-stop and a collection of useless files. A physical book still makes a lot more sense for most people. Electronic Frontier Foundation (EFF) The EFF is an advocacy group based in California which seeks to protect principles such as free speech and privacy on the Internet. They oppose DRM in general and limitations on copying digital goods (or sharing information about related security technology) in particular. They have a reasonably well-written diatribe against music DRM here. I want to like these guys; they seem to be on the side of the common man. But their idealism works against them; if Hollywood overstates the case by depicting copying as evil piracy, the EFF equally overstates the case by insisting that ALL copy control is evil. A world without any copy control would effectively eliminate the main business model of the entertainment industry and, therefore, as a matter of American political reality, is NOT going to happen, period. Their record in legal battles is also uneven, as this Register article demonstrates. Electronic Media Management System (EMMS) IBM's offering in the consumer DRM space, now long defunct. It had no significant content portal wins except in Japan shortly after they year 2000. Electronic Software Distribution (ESD) As the name implies, ESD is the distribution of software by electronic means - typically the Internet - as opposed to physical means such as CD-ROM. In itself, transferring software files is fairly trivial; it can be accomplished by simple FTP or browser-based download. This is why there aren't any pure ESD products left; Ziplock from the late 90's was probably the last one standing. In the consumer world today, Steam is the spiritual successor to ZipLock. End User License Agreement (EULA) An agreement between a user of software and the software vendor, which specifies the terms and conditions for use of the software. In practice, most EULAs are "click-through" steps at software installation time, where users glance briefly at pages of lawyer-speak before shrugging and clicking "accept". In principle a EULA is a contract, in which the software supplier can specify arbitrary terms and conditions - notably, ones which remove the user's rights such as Fair Use normally associated with copyright. However, unlike a conventional contract, a EULA permits no negotiation. Recent trends in EULAs have been disturbing; for example, setting the stage for remote, unstoppable "updates" pushed to a user's machine whether they want it or not. It's clear that the current state is transitional, but not yet clear when and how the use of EULAs or similar instruments will stabilize. Enterprise With online music DRM being a very vertical market dominated by a few huge, conservative players, and not many other promising applications in sight, the enterprise has been targeted for another wave of DRM solutions. This makes some sense; at the very least, most participants in an Enterprise value chain either want (or can live with) DRM, whereas it is viewed negatively in most consumer applications. Regulatory requirements around privacy, which apply to enterprise documents more than popular media, are another driving factor. Authentica is probably the foremost provider in space currently. It's worth noting the elephant in this particular room: most participants in this space are basing their offerings -or at least some of them - on Microsoft's Windows Rights Management Services. Those who aren't, have to convince their customers they have a better idea - which might be true, but requires more selling. Envelope A general-purpose content encrypt/decrypt capability introduced as a new feature in Microsoft's PlayReady DRM technology. It is content agnostic and lets a software application developer open and seek into encrypted files using APIs provided by the PlayReady Porting Kit. The previous WMDRM-PD technology assumed that the content being protected was audio/video media. Envelopes use 128-bit AES encryption, unlike the simpler Cocktail sued by WMDRM. Entriq A company that doesn't apparently build DRM per se, but builds all the infrastructure around it, such as billing, distribution etc. Evidently the brainchild of a successful parent company in the pay-TV business looking to expand its markets. Companies like this are a sign that the digital content market is maturing. Whether this one will be seen as added value for content owners who don't want to worry about the details of, (say) Windows Media Player DRM, or as an un-necessary middleman, remains to be seen. Everywhere Internet Audio (EIA) A concept for wireless, Internet-connected music players (Blackberry meets iPod) based a subscription model where piracy is impossible.(More from BusinessWeek here). From a user's perspective, this seems to lose the concept of OWNING music, and may not be accepted on that basis. And, at least per information published so far, if the system is inherently more secure, it presumably comes at the price of no user-accessible digital inputs or outputs. As well, it requires drastic changes in music business models. But since drastic changes in music business models are required anyway, this may contain elements of the "right" solution. Executable A binary file which can be directly executed by the central processor of a computer, such as an Intel Pentium processor. (Executables may also contain virtual instructions for execution on virtual machines such as the Java Virtual Machine; however for reasons of efficiency and security DRM is rarely applied to virtual code. ) From a DRM perspective, although all content rendering necessarily involves executable code, it makes a difference whether the executable code itself is the controlled content - say, a demo of a game - or whether the content is a media file, played by a standard media player executable. This latter is the Player / Asset model. Because an executable file can have non-trivial "hidden" behavior, it turns out that it is technically more feasible to add DRM functions - both protection functions and consumer-desired functions - to executable content, than to media content. This is one reason why some software DRM technologies - such as those from Trymedia and (once upon a time) Netactive have a more convincing security record than media DRM technologies. Exploit An automated tool, developed by a hacker and used to perform malicious attacks on computer systems. Exploits are usually scripts which attack ("exploit") software weaknesses over a network, and so are of more concern in network security than in DRM. Cracks on the other hand, are usually applied directly, to maliciously modify locally accessible code, and so are of direct concern in DRM systems. Producing an exploit may require considerable expertise, but using it unfortunately does not. (See script kiddies.) Extensible Markup Language (XML) A subset of Standard Generalized Markup Language (SGML), a widely used international text processing standard. XML has enjoyed tremendous uptake as the standard metadata language for the Web and in particular has become the basis for other standards such as XRML. For more information, see http://www.w3.org/XML/.
F	fade An interesting software anti-copy idea from Macrovision: let copies happen but arrange for subtle side-effects of the copying to degrade the software (usually a game) over time in such a way that users will get enough of a taste to like the game, but have to go buy it to continue. As an idea it's relatively obvious - your scribe had a few over-beer discussions that touched on it in the late 90's - but credit to Macrovision for actually doing something with the idea. As always, the devil is in the details... if the system is used with high-value content, you can bet that highly-talented hackers will be trying to take it apart. Fair Dealing The term used in Canada and several other British-influenced countries for what is called fair use in the United States. fairplay The term Apple uses for the DRM technology in their iTunes Music Service launched in spring 2003. Fairplay does control what can be done with music files, and restricts them to a world of Apple formats and portable audio players.. but other than that it is easily the most reasonable and flexible music DRM technology in widespread use. It supports play on several computers and an unlimited number of iPod portable players, as well as burning regular Red Book Audio CDs. Little has been made public about its internals. It is clear that security was less of a priority than usability in its design. Fair Use Fair Use is a principle of copyright law in most parts of the world, though it does not usually go by that name outside the USA. It explicitly allows copying of copyrighted goods under specific circumstances, such as quoting a book in a review, or making a copy of an audio recording for personal domestic use. Unfortunately, the line between legitimate fair use and piracy is usually a matter of USER INTENT, which no technology can determine. As a result, content protection technologies cannot -even in principle - exactly preserve the current notion of Fair Use and still offer robust content protection. Most likely, the technology capability will evolve and the practical definition of "fair Use" will also evolve, to some middle ground acceptable to consumers and copyright holders. More background on this is found on our DRM Policy page. fairuse4wm A crack for Windows Media DRM, released in summer 2006, which removes the DRM encryption from the Windows Media Player files on a user's PC. Developed by a hacker known as Viodentia, it is a command-line utility which uses Windows Media Player (version 10 or 11) as part of its dirty work in an apparent key discovery attack. In fairness to Microsoft, several crack-free years went by prior to this problem, which is a considerable accomplishment in the space. Within a week Microsoft had issued a patch and the crackers had issued an "upgraded" crack which circumvented the patch. The cat and mouse game never ends ;-). Federal Communications Commission (FCC) The leading regulatory body for telecommunications and broadcasting in the United States. Their 2003 broadcast flag ruling placed them in the midst of the DRM debate. About a year later, they stirred the pot further in a ruling that approved Specific DRM Technologies (pdf) which provided limited copying even in the face of the Broadcast Flag, despite serious opposition from content owners. It is debatable whether a government organization such as the FCC should be in the business of approving specific technologies (see design by lawyer). The particular list approved is also debatable: reportedly, all of the submitted technologies were approved, making one wonder whether there was a meaningful evaluation process. However this ruling is encouraging in two respects. It shows that content owners do not always win in Washington. It is also the first meaningful step towards a definition of fair use which can be implemented by available technology. Federated Network Identity A multi vendor standards effort led by Sun for emerging technology that gives users the benefit of single sign on and extends it across varied Web sites, operating systems, applications etc. In the limit, such a system would require only one logon and password for anything a computer user might want to do anywhere in the world. We are a long way from this vision currently, for both technical and commercial reasons. Such a scheme could couple nicely to identity for DRM purposes. There was even a moment when (gasp!) Sun and Microsoft were co-operating in this arena. Federation Against Software Theft (FAST) A British advocacy group promoting the respect of software copyrights (and thus, obviously, opposing piracy). According to them, it is "also unique in that it is the only association in the world that represents both software publishers and end users." Fingerprint 1) Generally, a unique or pseudo-unique identifier associated with a specific machine, user, item of content, or a combination thereof. Depending on the implementation, fingerprints can be used to aid in authentication of users, or to tag a piece of downloaded digital content to associate it with a specific user. In some cases fingerprints are managed as explicit data items, and in others, they can be produced at will (close to the biological case) from any suitable media file with no special requirements on the file. This is a probabilistic process that makes a different tradeoff than watermarks which, when present and detected, are always accurate. See also UID, traceability. 2) Specific term of art for technology that recognizes commercial content (specifically music) "on-the-fly", even when that content has no inherent DRM or metadata. One promised application is that it could help P2P companies go straight by recognizing copyrighted music. Here's an example from the company Gracenote. Firmware Special-purpose, low-level software contained on (permanent or periodically updateable) hardware chips. Historically, firmware has been below the radar in the DRM world, but this is changing. The BIOS on game consoles, and, soon, PCs, is involved in DRM. As media-capable systems such as PCs and PVRs become more complex, increasingly the media streams are controlled by firmware on peripheral devices. An overall system which needs robust DRM, therefore needs robust firmware as well. For example, a video card might be induced by corrupt firmware to ignore the Broadcast Flag. As increasingly comprehensive content protection requirements like HCDP come into force, manufacturers will be called upon to certify that their firmware is protected, authenticated etc. This presents some new issues; for example, an HDTV tuner card which supported Open Source driver firmware might be forced to discontinue that support in order to ensure that the card's behavior could not be changed in non-compliant ways. Forensic Applicable to questions which are of interest to the legal system. Some DRM-related technologies, notably watermarks, are well-suited to forensic applications i.e. establishing that specific content is obtained (perhaps fraudulently) from a particular source. Notably, forensic measures do not *prevent* unlicensed use of content, but they can help establish that such use has taken place. Format The layout of a digital asset such as physical media (CD/DVD), or of files containing video or music. In the PC world, file formats are more logical than physical and usually correspond to file extensions e.g. .rm for RealMedia files. Note that, MP3 files aside, file formats are NOT necessarily the same as media codecs; for example, Microsoft's .avi file format supports multiple codes, via a four-character code which identifies the required codec for any given piece of media. This has enabled third parties to supply extensions for many codecs (not always with Microsoft's approval, but that's another story.) Forward Lock A function of the early 1.0 implementation of OMA DRM, found in some cell phones circa 2004. Forward lock simply prevents a user from forwarding (presumably DRM-protected and paid-for) content - it's locked into the phone. It got a bad rap when it turned out that some implementations prevented people from forwarding their own content, like personal photos. Fragile Easily broken, by design intent. Usually such fragility serves a larger purpose which makes the overall system more reliable. For example, some smart cards are designed so that their internal components will usually break if anyone attempts to remove them from their housing- which is preferable to having an attacker discover sensitive private information or reverse-engineer the card's technical secrets. Similarly some types of watermarks are designed to be fragile i.e. to get "lost" from the data when it is converted from digital to analog and back. See also robust. Fravia Fravia was one of the foremost underground experts on reverse engineering of PC software in the 1990s. His "Fravias pages of reverse engineering" was a favorite haunt of both black hats and DRM system designers. The site contained many tutorials on how to crack security schemes such as TBYB functions in PC games. Reputedly a Dutchman, Fravia had a philosophical side and decided in the late 1990's that his efforts were, on balance, being misused. All that is left now of his work is unreliable archives such as this one (link may be broken). Fritz Chip A security ("Trusted Platform Module") chip named after American Senator Fritz Hollings, a staunch political ally of the entertainment industry, who favors mandatory inclusion of such devices in Personal Computers. He sponsored a Senate Bill proposing such mandatory inclusion, which died in early 2003. Chips in the same spirit are still being built under the auspices of the Next Generation Secure Computing Base, but the will to force mass deployment of them seems to be waning. It is unlikely that anyone would deliberately buy the chip as an extra-cost option, except perhaps if the chip provided real security improvements in an enterprise environment, which seems a long way off. In the consumer arena such chips have yet to find any demand.
G	Global Release Identifier (GRID) A Unique Identifier for content proposed by the music industry in 2002. Sponsored by the RIAA and IFPI, it is an 18 character alphanumeric code administered for global uniqueness. Judging by the complete lack of visible activity since 2003, it seems not to have caught on. It was apparently intended for multiple uses e.g. multi-tier distribution, identification of content in DRM systems etc. Globally Unique Identifier (GUID) 1A software Unique Identifier which is guaranteed to be unique world-wide. Often, such GUIDs are created on the fly, and in these cases their uniqueness is guaranteed by using unique local attributes available to software, such as network MAC addresses. I<>2Sometimes in the DRM domain, especially Windows Media DRM, a GUID is a pre-defined "magic number" which specifies (usually in a content license) specific protections for an item of content. Such GUIDs are simply hard-to-understand shorthand for specific software control requests e.g. "turn on CGMS.
H	hacker A person with both the skills and inclination to learn about - and possibly circumvent - various forms of computer security, including network security and DRM. The most famous hacker of all time, Kevin Mitnick, personifies the common confusions about hackers. Are they predominantly just curious or are they master criminals? There is also debate about related terms e.g. is a "cracker" a bad hacker? For the purposes of this site, we avoid such debates and regard hackers as people with certain skills who aren't predominantly good or bad. Those who choose to use their skills constructively are commonly referred to as white hats and those who go to the dark side are black hats. Information on a few of the most famous hackers can be found on this hacker bio page by Cap'n Crunch of 2600 fame. HANA The High-Definition Audio-Video Network Alliance, an industry consortium promoting in-home media networking. Their basic approach seems to be to standardize the network layer (Firewire aka IEEE 1394) and the UI layer, whereby any media device can present a UI over FireWire using Web interfaces. It's not a bad idea, but there is very little mention of DRM or content protection, and the DLNA, which takes a quite different approach, seems to be more widely known currently. A comparison of the two approaches can be found here. Harmony Technology from Real Networks which allows their media player to render content protected by DRM systems other than their own - i.e. interoperable DRM. Trouble is, none of the owners of those other DRM systems actually want to interoperate, so Real had to do it by reverse-engineering, raising a legal onslaught (e.g. on the basis of the DMCA) that may drown the initiative. An ongoing cat-and-mouse game between Real and Apple, in particular, changes too quickly to track here. HD-DVD High Definition DVD - which sounds like a generic term but isn't. It is one of two high-definition video formats which lost in early 2008 to its rival Blu Ray) battling it out to replace the current MPEG2/CSS based DVD technology. Both use AACS with related enhancements for content protection. HD-DVD is notably backed my Microsoft, which is using the format in its XBox 360 game console. Helix The media DRM technology from Real Networks. Real Networks was notable for trying to make their DRM interoperate with others (see Harmony), without much success. Although Helix still exists, Real no longer sells it as a product, preferring to use it as an internal part of their service offerings. High bandwidth Digital Content Protection (HDCP) A content protection scheme for digital video links licensed by an Intel-Led consortium. Here is a publicly available version of the specification. High Definition Multimedia Interface(HDMI) A physical interface specification that takes the existing DVI digital video interface and adds multi-channel digital audio. HDMI has evolved in recent years and consumers have been stung by not having the right version of HDMI at both ends of a connection. The DRM connection is that HDMI supports the HDCP link protection scheme. The latest (As of early 2008) version 1.3 of the spec is described here. H.264 A video codec with breakthrough compression factors that is doing for video what MP3 did for music - scaring the hell out of media owners by making downloading movies a practical proposition. Otherwise known as MPEG-4 Part 10 or AVC, it offers video compression with a 60% reduction in bit rate compared with MPEG-2 for the same quality and resolution. Both H.264 and Microsoft's son-of-WMP9 VC-1 codec are listed as mandatory support codecs for Blu-Ray and HD-DVD.
I	iMesh One of a crop of sites trying to legitimize peer-to-peer by marrying it to DRM. From a user's point of view it's hard to see how this is more appealing than, say, the iTunes Music Store. Theoretically such systems could allow users to get a cut on super-distributed tunes, though this doesn't seem to be actually implemented anywhere yet. Indirect License Acquisition (ILA) A process by which a media player device - typically a portable one which does not have a permanent network connection - acquires a license to play a particular piece of media using a intermediary device such as a PC. The intermediary device might either create such a license itself, or engage in an Internet-based acquisition process on the portable player's behalf. info2clear A European DRM technology company specializing in eBooks and enterprise document markets. Their SecureAttachment product has an interesting spin relative to peers such as Authentica: it incorporates automated conversion of various document types to PDF, so that recipients of outbound documents don't need any specific software other than a recent copy of Acrobat Reader. Information Rights Management(IRM) Marketing-speak from Microsoft, at least with respect to enterprise DRM functions such as those in Office 2003. See their explanation here. Installshield The leading third-party supplier of installation software for PCs, with which almost any PC user is familiar. The DRM connection is that they were bought by Macrovision in 2004. The possible synergy between installation and software DRM is obvious. Most software developers already use Installshield and it is much easier for them to try DRM options in a product they already know, than to evaluate separate DRM products from small, shaky startups. It's not obvious how Macrovision has leveraged the acquisition so far. Intellectual Property (IP) The ownable fruit of someone's mental efforts. There are many forms of Intellectual Property, notably patents, trade secrets, copyrights, and trademarks. For the form that most affects DRM, see the entry on patents. Music and movies are IP too; see also licensing. Interactive Music Network A European consortium which, to quote their Web site: "..is a Centre of Excellence to bring the music industry, content providers and research institutions together. The MUSICNETWORK draws on the assets and mutual interests of these actors to exploit the potential of new technologies, tools, products, formats and models." DRM is one of the group's core interests, and they have a free sign-up providing access to related bulletins and discussion boards. Recommended for anyone wishing to understand DRM and music, or who is looking for a European perspective. International Organization for Standardization (ISO) An international standards body established in 1947, responsible for standards such as MPEG. Internet Relay Chat (IRC) One of the earliest Internet "chat" programs, with roots going back to the 1980s. Through the 1990s and even now, IRC has been a favorite hangout for hackers of all stripes. IRC is better suited to their activities than the Web, because conversations are transient by nature and can be restricted to known parties. IRC is good place to gain insight into cracking activities, but it is generally true that cracks which never get outside IRC have little economic impact. For more, see their classic FAQ. Internet Streaming Media Alliance(ISMA) An industry consortium including major heavy-hitters, notably excluding Microsoft, devoting to promoting streaming technology, particularly DRM. They have a streaming media protection standard. The good news is that the standard requires no licensing. The bad news is that you have to pay to get a copy (or pay a lot more to join the group). interoperability The ability of different types of computers, networks, operating systems, and applications to work together effectively, without prior communication, in order to exchange information in a useful and meaningful manner. DRM systems are not meaningfully interoperable today. Worse, although there are organizations promoting interoperability, the vast majority of them are either inactive, ineffective, or more interested in promoting a particular pool of patents than in true interoperability. Some vendors, notably Real Networks tried providing a simulation of interoperability by simply building-in several proprietary systems under one user interface. However since they did it by reverse-engineering rather than licensing Apple's technology, Apple changed their technology to break Real's system and also sued them under the DMCA. Meanwhile, those pesky Europeans are pushing for interoperability themselves, at the content licensing and technology levels. InterTrust At one time the largest of the pure DRM companies, with no products to speak of but a huge patent portfolio and a long history of suing DRM technology providers, including Microsoft. The company - which is to say the patents, was bought by Sony and Philips in November 2002. Fast-forward to 2004, and Microsoft makes a settlement of over $400 million to get out of court. Not coincidentally, that amount is a bit more than was paid for the company. More details are on the DRM Technology Vendors page. iPod The best portable music player in the world and a compelling argument that even though DRM is inherently imperfect, good products can make intelligent use of DRM and thrive. There are several iPods in my family. It's brilliant. So is the integration of iTunes software with the iPod and the iTunes music store. Buying CDs suddenly looks a lot less attractive. Success has made them a target: their FairPlay DRM is cracked with some regularity, and Microsoft tried to emulate their plug-and-play simplicity with the now-defunct PlaysForSure program. IPTV TV delivered over the Internet Protocol - that is to say, in Internet-style packets as opposed to the fixed-bandwidth-per-channel approach traditionally used in broadcast and cable television systems. IPTV has a number of theoretical advantages, notably that the concept of a "channel" becomes virtual. However, for IPTV to become well entrenched involves many factors, only one of which is DRM. It is a disruptive technology trying to replace incumbents- usually both incumbents in set-top technology and incumbents in service provision. Today, its biggest proponents are telcos who wish to deploy it over DSL in order to capture revenue streams which they would otherwise lose to cable companies. Whether consumers will love it remains to be seen. It also remains to be seen whether the security technology, which is predominantly based on software as opposed to the traditional POD hardware, is adequately secure in the long run. The leading providers of IPTV technology include giants such as Microsoft and Siemens, and smaller players such as BitBand. iTunes Apple's highly successful debut in the legitimate on-line music business, which has provided a benchmark for others to follow. Unlike many of its competitors iTunes focuses on selling music per-download rather than as a monthly subscription service. A relatively impartial technical review of iTunes from MusicNetwork can be found here.
J	Janus Code name for new DRM functionality introduced in Microsoft's Windows Media Player 10, officially known as "Windows Media Digital Rights Management for Portable Devices." In essence, it gives content providers more control of content in space and time. For instance, it enables content to be revoked on time-based expiry *even if the content has been moved to secondary devices* such as portable media players. Media produces like the idea, and it does enable an "all-you-can-eat" subscription model. However some observers think removing capability consumers already have is hardly progress. Java The popular programming language from Sun. Actually, it's more than a language; running a Java program also requires a special environment - at a minimum, an interpreter that converts standard Java byte codes into the native instructions of the actual processor at hand. This gives Java excellent portability. In recent years Java has been fragmented and shaped by legal rivalry between Sun and Microsoft, and is not always found on Microsoft PCs, but is becoming the platform of choice for smaller devices such as cell-phones and set-top boxes. Because Java's byte-code structure is well-known and trivially reverse-engineerable, it has traditionally been regarded as impossible to meet the security requirements for persistent DRM in Java. Sun themselves have announced their intention to market DRM for Java applications, and made some related acquisitions, but nothing seems to have come of it. Johansen, John Lech See DVD Jon Joint Photographic Experts Group (JPEG) A standard for compressing digital still images, widely used on the World Wide Web. JPEG images on the Web are easily stolen, but since their value is limite