February 12, 2001
Will a Foolproof DRM Solution Please Stand Up?
By Clint Boulton

It's one of the hottest issues in the Internet realm right now, turning what was once a niche that is widely-credited to have been spearheaded by Big Blue years ago into an industry-wide scramble for safe harboring intellectual property.

It's digital rights management (DRM), and if you've been following the Napsterization of all things content on the Web, you know it's importance come to the fore more now than ever. It's single most vital purpose, of course, is to prevent what somebody has created to be spread willy-nilly all over the Internet. And, it seems, the world needs this: Forrester Research estimates that by 2005, record companies will lose $3.5 billion as a result of unauthorized distribution methods and file-sharing technologies such as Napster.

Just a few weeks ago, IBM Corp. released a new version of its anti-piracy technology for music to block song traders from living it up in file-sharing heaven. IBM's new stab at putting the lock down on rampant file-sharing abuse involves allowing music to be sent from person to person.

However, any future copies come with encoded limits to what the next person on the Gnutella or Napster list can hear; the song may be played only once, or perhaps no music will be heard at all. The ideal result is that, somewhere down the pirate chain, somebody is going to get discouraged and give up.

Charting a Course for DRM Waters

DRM has its roots in the notion of encrypted content. Content would be encrypted at the source so that access could be managed over the Internet. The music, or whatever data that was being passed along, would then be decrypted once a person paid for it and then it could be played.

Then came wholesale Napsterization, with the reigning king of peer-to-peer networks leading a pack of music-theft enabling wolves such as Gnutella, Scour, and a few more. To combat this, DRM firms moved decryption out of the operating system and into the applications. Encrypted files, with appropriate decryption data, are accessed directly by applications and that way a modicum of security is established.

Which brings us to the myriad problems of DRM. While the technologies make sure recipients pay for content, they don't prevent data from being shared across multiple networks. The application-dependent DRM also faces the problem of having limits on applications to have specific decryption code embedded inside. For example, an application that works as a safeguard for an MP3 file will not work on a DVD.

They Say DRM, He Says DPP

Dr. George Friedman, CEO and founder of antitheft firm Infraworks said digital rights management is no longer where it's at. Friedman believes DRM as we have come to know and talk of it, just doesn't cut it.

Instead, he and his team have spent the last few years crafting a new breed of antitheft technology, marked down under the even more assertive category of digital property protection (DPP), for the past few years in an Austin, Texas laboratory.

"Digital property protection involves the trusted exchange of moneys," Friedman said. "As for DRM, none of it has value unless you can genuinely protect your property. On a scale of 100,000 people, say your protected from 95 percent of them. That leaves 5,000 that can steal and get it out to people to satisfy all desires. This area is unlike software where 90 percent effectiveness and great marketing wins."

Qualified by the National Software Testing Lab and called InTether, the technology involves putting a software vault on a user's PC, allowing the user to download a variety of content formats. The technology is good for the lifetime of the file and if someone cracks the file, the content is automatically destroyed and vanishes without a trace. Friedman said InTether was very difficult to create and took more than three years before it was finally rounded out. With 11 interlocking layers, the product would seem to bear his claim out.

"If you decide you want to open a song in Real Audio, InTether is invisible to the user and allows him to behave normally," Friedman explained. "But if the user goes to print the file it won't work. If you want to copy the content to a clipboard, the screen grabber permits you to do so."

But is InTether impenetrable?

"No," said Friedman. "But try to hack it, and the information destroys itself instantly -- all 11 layers. And though possible, it's not easy. It's not like encryption, which may face 100,000 hacks per second. The hacker has to maneuver through a small hole, and by the time he does that -- boom! The data is gone; it is physically overwritten."

Friedman's not exaggerating either. Infraworks' Web site reads like a how-to manual for "Mission Impossible" star Ethan Hunt. This is an excerpt from an explanation of InTether:

"Using Infraworks' InTether Point-to-Point, you simply package your message or file with the desired sender-established conditions and the file is for the recipient's eyes only. Set the viewing for time 10 minutes and the recipient will have 10 minutes to look at the information then the file will self-destruct. Set it for shorter or longer. You decide."

Still, Friedman would love the Secure Digital Music Initiative (SDMI), an organization formed to fight digital piracy, to sit up and take notice, but that might not happen just yet. The committee saw its director Leonard Chiariglione leave a couple of weeks ago after several months of trying to create watermarking technologies to thwart content-hungry hackers. The hackers quickly deciphered their secrets.

Whether Infraworks will make a splash remains to be seen.

From the Outside Looking In: One Analyst's Perspective

Steve Vonder Haar, a media and entertainment senior consultant at the Yankee Group, said it is unlikely that a cure-all will be found to protect digital content despite the fact that it has been the "dream of technology companies big and small since the birth of the Web." That's right. No Holy Grail in sight.

"If a human can engineer it, a human can find away around it," Vonder Haar said. "Is he right that DRM has shortcomings? Sure. Has Infraworks addressed key issues that people are concerned about? Absolutely. His [Friedman's] big key is that if you protect that property then you create more value."

Vonder Haar said that by taking protection as a responsibility to the operating system and having the files be self-protected, Infraworks has an appealing proposition.

As for how Infraworks approaches the market, the Vonder Haar seems to think that is less certain than the technology's iron-clad guarantee that files will self-destruct.

"With any property rights company technology provider the issue here still, is getting critical mass and convincing media and content publishers that it works."

As for InTether, Vonder Haar calls it an "intriguing approach, but in this business the proof is in the pudding." He said Infraworks faces the challenges of pushing the ball forward and developing focused markets, but that it would be wise to dominate a niche as opposed to touching a little bit of every market. He said the firm needs to suppress the temptation to spread into different niches where smaller firms run the risk of diluting their brands.

"The bottom line is that piracy provides more incentive for companies to create unique content," Vonder Harr explained. "If you have a some effective system for protecting these files, you'll find an easier way to find a viable market for the content."