Talk given at SNE (Syndicat national de l'edition) Les assises du livre numerique (The Assizes of the Digital Book), November 2012.

1. Rights Technologies for
E-Publishing
November 8, 2012
Bill Rosenblatt
GiantSteps Media Technology Strategies
www.giantstepsmts.com
billr@giantstepsmts.com +1 212 956 1045
1

2. Outline
History of DRM
DRM Technology
DRM Economics
Cloud Readingg
Comparison with other media types
Forensic content protection technologies
IDPF EPUB LCP project update
2

3. History of DRM
3

4. What Is DRM?
Original definition: any system used to manage or
track rights to content.
Popular d fi iti technologies that
P l definition: t h l i th t use encryption ti
to protect digital content from unlicensed use on
users’ d i
’ devices.
4

5. Antecedents of DRM
1960s: digital encryption
1970s: physical media copy protection
Early 1980s: dongles
Late 1980s: software license management
g
1990s: CD-ROM copy protection
Late 1993: conference Technological Strategies for
Protecting Intellectual Property in the Networked
Multimedia Environment Washington DC
Environment,
5

6. Historical Development
 Late 1990s: documents software
documents,
 Late 1990s: digital conditional access (CA) for cable TV
 Early 2000s: music
 Early 2000s: “Enterprise Rights Management”
(corporate documents)
 Mid-2000s: mobile music
 Mid late 2000s: video downloads
Mid-late
 Late 2000s: merging of DRM with CA for video
6

7. DRM Technology
7

8. DRM Reference Architecture
Content Server Client
Content Package
Encryption
Content
Repository Content
DRM
Packager
1
Metadata
Product
Info
2
Financial DRM Rendering
Transaction Controller
9 Application
10
6
3
DRM
5 License 8 Encryption
Rights Generator Keys Identity
7 4 Rights
Encryption
Identities License
Keys
License Server
8

9. Typical Components
 Content Server  Client (user device)
– Repository of encrypted – DRM Controller
content (software/firmware)
 License Server – Receives encrypted content
– Takes requests for usage – Requests licenses
licenses – Grants rights to users
g
– Authenticates identities
(user, device, or both)
– Issues licenses (small files)
containing decryption keys
9

10. DRMs in E-Publishing
Major Minor
 MobiPocket DRM: Amazon  Fictionwise Passhash:
 Adobe Content Server: Nook
Nook, Kobo, Google Books,  Microsoft PlayReady: Blio
Sony Reader, Numilog,  Kobo Vox DRM: Kobo Vox
many others  Marlin: Sony Reader Japan
 FairPlay: Apple iOS
y pp
 FileOpen: various
publishers’ sites
10

11. DRM Economics
11

12. Economics of DRM
Publishers demand it but (usually) don’t pay for it
don t
Retailers and device makers control designs
Very few successful standalone DRM vendors
Retailers and device maker use DRM for “lock-in”
Interoperability and fair use suffer
 Interoperable
“Interoperable” DRM (Adobe Content Server) not easy
for users
12

13. The Rights Technologies R&D Index
(GiantSteps research, 2010)
research
Rights technologies research output per country –
measured by number of articles in respected journals
GERD (Gross Expenditure on Research & Development)
(G E dit R h D l t)
– OECD statistic
Rights Technologies R&D Index is ratio of RT research
output to GERD
Measure is independent of size or wealth of country
13

14. RT R&D Indexes Show:
Economic Incentives Misaligned
450 70
400
60
350
50
300
40
250
GERD ($B)
200 30 RT Output
150 RT R&D Index
20
100
10
50
0 0
Device
“Device” Content
“Content”
Countries Countries
14

15. R&D Survey Results
Reasons for Lack of R&D
RIAA Lawsuit
Threat
Other 6%
12% Topic
T i
Distasteful
12% Moved On to Other
Topics
6%
R&D Not Published
in Sci Journals No Grant Money
24% 12%
There’s no
Limited Money i it
M in
Commercialization 40%
Opportunities
28%
15

16. Cloud Reading
16

17. The Future?
Traditional
Content DRM File Downloads
Server
Connection Can Be Intermittent
Offline Reading
Cloud Reading
Content XML, Page Images
Server
Connection M t B C ti
C ti Must Be Continuous
17

18. Content Protection for Cloud Reading
XML Page Images
 Send a screen at a time  “Screen shot DRM”
(
(Safari Books Online,  Send one page image at a time
Google Books) (Amazon “Look Inside”)
 Send a chapter at a time  Pirates must OCR pages
(Amazon Kindle Cloud Reader) images and assemble them
i d bl th
 Pirates must assemble content
from components
p
18

19. DRM for Other Content
19

20. DRM for Other Content: Music
Permanent internet downloads went DRM free in 2007
DRM-free
Permanent mobile downloads followed soon thereafter
DRM for physical media (CDs) a failure
On-demand streaming services (Spotify, Deezer)
g ( p y, )
– Stream encryption: data encrypted in transit to client
– “Offline listening mode”: DRM for locally cached files
20

21. DRM for Other Content: Video
 Downloads all use DRM
– Whether purchase (permanent) or rental (temporary)
 Physical media uses DRM
– CSS for DVDs
– AACS and BD+ for Blu-ray
 Otherwise encrypted streaming
– Derived from Conditional Access (CA) for cable & satellite
 Strongest content protection technologies found here
– Alignment of economic incentives
21

22. DRM for Other Content: Games
DRM ranges from very strong to none
– Gamers particularly adept at hacking
– Conversely “DRM Free” can be a selling point
Conversely, DRM Free
Motivations different from video
– Just need to minimize illegal sharing for first few weeks
– That’s where most of the revenue comes
22

23. Other Rights Technologies
for E Publishing
E-Publishing
23

24. Forensic Rights Technologies
(a/k/a Content Identification or Content Recognition)
Watermarking and fingerprinting
For network piracy monitoring schemes (HADOPI)
Do not prevent unlicensed use
Crawl Internet looking for copies of known content
g p
Provide evidence of unlicensed uploads and downloads
Block or monetize user uploads (YouTube)
24

25. E-Book “Watermarking”
 Embedding data in “noise” portions of images
noise
 Adding unprintable chars to text content
 Inserting identifiers in e book
e-book
– Once, once per chapter, on every page
– Could be transaction ID, user ID, user’s real name, email address,
credit card number
 Idea: if your personal info is in the file, would you still share
with your million b t f i d ?
ith illi best friends?
 Easy to circumvent
 Examples: Pottermore EPUB files, O’Reilly PDF downloads
25

26. E-Book “Fingerprinting”
Sophisticated pattern matching
Crawls web, finds instances of known content
Can look for context to see if use is licensed
(e.g. news wire stories on newspapers’ websites)
Examples: MarkMonitor/dTecNet, Attributor,
y
Irdeto/BayTSP
26

27. Watermarking vs. Fingerprinting Tradeoffs
Watermarking Fingerprinting
Content Changes Watermark must be embedded None required, can be used with
content “in the wild”
Process Insert watermark in every file on Compute fingerprint once for each
server and/or consumer device; content item and deposit in
detect later vendor’s master database; re-
compute later for lookup
Hacking risk Not very robust, easy to hack Nothing to hack
(unlike id / di
( lik video/audio watermarking)
t ki )
Data Storage Can store any data, up to capacity Cannot store any information;
limitations; files with same content identical content files compute
can have different watermarks identical fingerprints
Costs Spread throughout the digital Primarily fall on service providers
content value chain
27

28. IDPF EPUB LCP
Project Update
28

29. IDPF EPUB LCP Project
 Lightweight Content Protection standard for EPUB3
 Address lack of interoperability in EPUB due to lack of DRM
standards
 Attempt to create standard interoperable DRM that is attractive
to retailers & device makers
 Trade off strong security for ease and low cost of
implementation
p
 Take advantage of anticircumvention laws
 Process: issue RFP for technology contributions
29

30. EPUB LCP Project Status
RFP published in July
Deadline extended to late September
Six complete proposals received
Evaluations to be presented to IDPF Board in early
p y
December
30

31. Complete Proposals Received
FileOpen – well established US vendor
well-established
Impervio – Canadian startup
Kobo – new proposed open standard
Marlin Developer Community (
p y (MDC) –
)
Marlin-derived spec
RHKS – Korean startup (from Random House Korea)
Sony DADC – Marlin-based technology
31

32. Bill Rosenblatt
GiantSteps Media Technology Strategies
billr@giantstepsmts.com
+1 212 956 1045
www.giantstepsmts.com
32