DRM will prevail, like it or not

Digital rights management is a technology with many ideological enemies. DRM got a black eye in the business-to-consumer market recently from such public relations fiascos as Sony’s XCP rootkit. In that incident, the media giant inadvertently violated users’ desktop security in an ill-conceived effort to enforce CD-music anti-piracy controls.

Don’t let the anti-DRM hysteria fool you into thinking the technology is on the decline or that it won’t be widely deployed. DRM isn’t evil. It’s coming on strong from many directions, with DRM vendors developing many innovative approaches – most of which don’t involve root-kits. Some DRM vendors wrap access and usage policy around downloadable content, while others enforce DRM controls at access management portals or in the firmware of content streaming or playback clients.

It’s only a matter of time before DRM, in various forms, plays a role in many information exchanges over the Internet and within corporate environments. It has gained significant attention in the business world as a tool for ensuring life-cycle controls on access to sensitive messages and documents. It is being used to enforce security classifications on internally distributed materials within organizations. It also is being used to keep tabs on who accesses what information and to prevent users from performing certain document functions – such as printing, copying/pasting and forwarding – forbidden by the content’s owners.

EMC’s recent acquisition of DRM pioneer Authentica is a significant industry development. EMC is a leader in the data storage market but also owns leading content management and collaboration product families: Documentum and eRoom, respectively. Don’t be surprised to see EMC embed Authentica’s DRM technology across all of its hardware and software products, thereby providing a unified policy environment for content owners to enforce life-cycle controls on user access to storage, folders, documents, messages and other content containers.

Microsoft, another powerful DRM supporter, is embedding its own technology in its products, including Windows Vista, Office and various server-based software packages.

Software activation is another area where DRM technology is being applied widely in the corporate world. Software activation DRM tools let developers enforce a wide range of controls on distribution, installation and usage of their products.

Anyone who takes a purely ideological stand against DRM should heed the words of a software developer whose commitment to open code is unimpeachable: Linux kernel developer Linus Torvalds. In January, Torvalds went on record as opposing the anti-DRM restrictions that have been proposed for GNU General Public License Version 3 (GPLv3), which is used in many open source projects. Some had proposed that GPLv3 prevent GPL-licensed open source software from being used in DRM copy-protection software.

Torvalds – being a software developer – is also a publisher (of program code). One of a publisher’s primary interests is to ensure that consumers can verify the authenticity and integrity of their published works. That depends on a crypto feature called digital signatures, which requires that content originators secure their private signing keys.

So the following statement from Torvalds, commenting on a proposed anti-DRM feature of the GPLv3 license, makes perfect sense: “I think it’s insane to require people to make their private signing keys available, for example. I wouldn’t do it,” he wrote. “So I don’t think the GPL v3 conversion is going to happen for the kernel.”

Before long, we’ll see the anti-DRM hysteria die down and be replaced by grudging widespread acceptance of the technology. Many open source developers will become fervent DRM supporters. They will deploy the technology to ensure that their authorship of software components is always and everywhere visible, even if they never make a dime from their work.