Jump to content

Digital rights management

From Consumer_Action_Taskforce


Digital rights management (DRM) broadly refers to any kind of access control technology that is used to deliberately restrict the usage of media content or devices after the sale. It is typically used by a seller to prevent unauthorized distribution or replication of their product. Implementations of DRM can range from very simple (such as a basic disc check) to extremely complex executable binary protection (such as Denuvo).

DRM creates a damaged good; it prevents you from doing what would be possible without it. – Defective by Design[1]


DRM in video content[edit | edit source]

Attempting to protect video content is one of the most common uses of DRM. The idea of using copy protection on video content predates the term "DRM", one early example being the "Automatic Gain Control" requirement in VCRs used to enforce the "Macrovision" copy protection scheme.[2][3] This requirement resulted in VCRs and compliant analog to DV capture cards not being able to record commercial VHS tapes[citation needed].

From 1996, DVDs began to feature the "Content Scramble System" (CSS), an encryption based DRM. CSS was successfully circumvented as early as 1999, less than five years after its introduction, partly due to the limited length of the 40-bit encryption key, which was used to comply with US government export regulations of the time.[4][5] Following this, DVDs as well as HD-DVDs and Blu-Rays would implement other types of DRM, one of them being the "Advanced Access Content System".[6] When the AACS key was similarly extracted, the AACS Licensing Administrator began issuing cease-and-desist letters to websites where the key was posted.[7] Another form of Blu-Ray DRM, Cinavia, uses a form of audio watermarking that makes certain releases unplayable in devices that are not equipped to recognize it, a notable example being Sony's Playstation 3.[8]

In the attempt of preventing video ripping via a capture card, modern displays, optical disc players, and computers use the High-Definition Content Protection system to encrypt display signals.[9] For example, Netflix will refuse to stream content at the full resolution advertised for the plan if the user is not streaming through an HDCP compliant video card and display.

For terrestrial over-the-air broadcast, in 2023 ATSC 3.0 pilot stations across the United States started to encrypt their signals,[10] leaving those that bought ATSC 3.0 tuners that could not decrypt broadcasts unable to watch the newly encrypted channels. Those tuners that were later certified by the A3SA authority to decrypt signals also had potential restrictions placed as part of the DRM scheme, such as blocking recordings and remote tuner access.[11]

DRM in audio content[edit | edit source]

Another place DRMs were used in was audio content, which was rarely implemented due to audio's analog nature (compared to video and software), making it questionable whether it could effectively block data replication. The most notable application of audio DRM was MediaMax[12], which essentially functioned as malware to prevent users from simply playing these audio discs on Windows and macOS. There was also the less-notable Extended Copy Protection[13] (XCP) DRM, however it did leave Sony in hot water[14], dubbing this form of DRM also as the Sony Rootkit.

DRM in software[edit | edit source]

Most discussions about DRM often associate its use with some form of software protection, from the simple product key, to the infamous Denuvo DRM. Historically, DRM started off with simpler physical techniques, such as decoder wheels and LensLok[15]. The effectiveness of these systems varied, and many cracking groups simply found ways around them, especially since second-hand copies of software that used these primitive forms of DRM could easily become lost, damaged, or worse, fail to function with certain hardware.[16] This has essentially sparked a game of cat and mouse that continues to fester, especially for the gaming community, to this day.

Consumer rights issues with DRM[edit | edit source]

DRM, by definition, is designed to make content less compatible with devices. This means there is a higher likelihood of software or hardware refusing to play content due to buggy or overly restrictive DRM. For example, with the aforementioned Netflix HDCP requirement, it is not enough for the display you intend to watch the content on to support HDCP—all monitors connected to the system must support it.[17][18][19] This means that on PCs with multi-monitor setup PC, older but fully functional monitors cannot be used as secondary screens without violating Netflix’s DRM restrictions.

Such requirements are not always clearly disclosed. When they are, they are often buried in the Terms of Service or, in Netflix's case, require navigating through multiple FAQ pages. Furthermore, some content may surreptitiously install DRM without the knowledge or consent of the user, such as in the Sony Rootkit scandal.[20] Such software may contain exploits that can compromise the security of the user's PC.[21]

DRM in video games has frequently been implemented in an intrusive manner, hurting load times and performance.[22] This behavior has been more a result of negligent usage of the DRM rather than deliberate malicious intent.

DRM failures can also come as a surprise. For example, with a YouTube Premium subscription, you can "Download videos to watch offline", but such videos are only available for 48 hours without an internet connection.[23] This creates confusion and problems, as users may want to download videos in anticipation of a period without internet access.

Ineffectiveness of audio and video DRM[edit | edit source]

Non-interactive content such as audio and video is nearly impossible to protect from copying once it is distributed to the consumer.

Macrovision video protection can be defeated using a widely available time base corrector,[24] which strips out the signal that triggers the AGC on VCRs or Macrovision compliant devices.

Many HDMI splitters[25] and capture cards[26] are capable of decrypting HDCP and copying the video stream. As long as at least one bypass exists at the HDCP level, all streaming content can be trivially ripped.

Audio DRM is trivial to bypass, as the audio must be decrypted into a plain analog signal in order to drive physical speakers or headphones.

DRM degradation[edit | edit source]

The development of some forms of DRM, such as Games For Windows Live[27], are reliant on special processes within some operating systems that end up becoming unsupported or deprecated as time goes on. Legacy SecuROM-protected titles (released roughly between 1998 and 2005) are notoriously known for not running on operating systems newer than Windows XP[28][29]. Customers must spend an extensive amount of time circumventing the DRM (or using more illicit methods) just to play content they legitimately purchased.[30]

This DRM degradation has the worst effects on physical licenses of products, as unlike a digital installation, if a physical copy of a game's DRM stops being supported by modern hardware, developers cannot simply distribute a patch to directly modify the code on a disc, and online patches cannot last forever.

Always-online DRM[edit | edit source]

Some DRM requires a constant internet connection. While this may make sense in something that inherently requires an internet connection such as a streaming service or multiplayer-only video game, this has also been employed in games with single-player content, rendering customers unable to use their purchase if they do not have an active internet connection.[31] Conversely, if operations for these services are shut down, user, even those with legitimate copies of software and internet access, cannot run their games without resorting to hacking them first.[32][33] Ubisoft has historically been known for server shutdowns and transfers cutting off access to games for many players.[34] Encrypted ATSC 3.0 channels cannot be tuned to without a persistent internet connection.[35]

DRM present elsewhere[edit | edit source]

Printer Ink[edit | edit source]

See also: HP Dynamic Security

Companies such as HP only allow printers to only use ink sold by the same brand. There are a number of DRM systems employed by different companies to this end, an example of which is HP Dynamic Security, which has caught controversy during recent years.

References[edit | edit source]

  1. https://www.defectivebydesign.org/what_is_drm
  2. 17 U.S. Code § 1201 - Circumvention of copyright protection systems, K.1.A.i
  3. Macrovision Demystified, Stanford CS181.
  4. http://www.cs.cmu.edu/~dst/DeCSS/FrankStevenson/mail1.txt
  5. "Cryptanalysis of Contents Scrambling System", Frank A. Stevenson, archived from dvd-copy.com
  6. https://web.archive.org/web/20070302130221/http://www.aacsla.com/specifications/specs091/AACS_Spec_Common_0.91.pdf
  7. http://www.chillingeffects.org/notice.cgi?sID=03218
  8. https://www.anandtech.com/show/5693/cinavia-drm-how-i-learned-to-stop-worrying-and-love-blurays-selfdestruction/2
  9. https://www.digital-cp.com/about_dcp
  10. https://blog.lon.tv/2023/05/15/broadcasters-roll-out-restrictive-drm-encryption-on-atsc-3-0-broadcasts/
  11. https://www.techhive.com/article/2009693/nextgen-tv-drm-puts-future-of-the-over-the-air-dvr-in-doubt.html
  12. https://en.wikipedia.org/wiki/MediaMax
  13. https://en.wikipedia.org/wiki/Extended_Copy_Protection
  14. https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal
  15. https://en.wikipedia.org/wiki/Lenslok
  16. https://www.eurogamer.net/banging-the-drm-article?page=2
  17. https://old.reddit.com/r/pcmasterrace/comments/1avkwtb/netflix_requires_all_monitors_to_be_hdcp_22_how/
  18. https://old.reddit.com/r/netflix/comments/mam2l9/how_do_i_get_netflix_working_at_4k_on_my_second/
  19. https://help.netflix.com/en/node/23931
  20. https://web.archive.org/web/20150317040653/http://blogs.technet.com/b/markrussinovich/archive/2005/10/31/sony-rootkits-and-digital-rights-management-gone-too-far.aspx
  21. https://web.archive.org/web/20061116191907/http://blog.washingtonpost.com/securityfix/2005/11/virus_writers_exploit_sony_ant.html
  22. https://80.lv/articles/testing-reveals-games-with-denuvo-launch-up-to-four-times-slower/
  23. https://support.google.com/youtube/answer/6141269
  24. https://old.reddit.com/r/VHS/comments/so4xs5/bought_this_box_back_in_the_early_90s_to/
  25. https://old.reddit.com/r/PS3/comments/19dohrh/bypassing_hdcp_in_2024/lbtqiky/
  26. https://old.reddit.com/r/PS3/comments/19dohrh/bypassing_hdcp_in_2024/kj7cu60/
  27. https://en.wikipedia.org/wiki/Games_for_Windows_%E2%80%93_Live
  28. https://www.lucadamico.dev/papers/drms/securom/ArabianNights.pdf
  29. https://web.archive.org/web/20220226230919/http://www.reversing.be/article.php?story=20061015153108847
  30. https://www.youtube.com/watch?v=vjkqI7dBDVg
  31. https://www.forbes.com/sites/erikkain/2012/05/17/diablo-iii-fans-should-stay-angry-about-always-online-drm/
  32. https://keowu.re/posts/Rewriting-completely-the-GameSpy-support-from-2000-to-2004-using-Reverse-Engineering-on-EA-and-Bungie-Games/
  33. https://www.slashgear.com/gamespy-shuts-down-may-31-will-your-game-be-affected-04323788/
  34. http://pc.gamespy.com/articles/121/1218211p1.html Archive
  35. https://blog.lon.tv/2023/09/03/the-adth-nextgen-tv-box-shows-us-just-how-bad-atsc-3-0-encrpytion-will-be/
Retrieved from "https://wiki.rossmanngroup.com/index.php?title=Digital_rights_management&oldid=7803"