Rights Technologies for E-Publishing

Rights Technologies for E-Publishing November 8, 2012 Bill Rosenblatt GiantSteps Media Technology Strategies www.giantstepsmts.com [email protected] +1 212 956 1045 1 Outline

History of DRM DRM Technology DRM Economics Cloud Reading Comparison with other media types Forensic content protection technologies IDPF EPUB LCP project update

2 History of DRM

3 What Is DRM?

Original definition: any system used to manage or track rights to content. Popular definition: technologies that use encryption to protect digital content from unlicensed use on users’ devices.

4 Antecedents of DRM

1960s: digital encryption 1970s: physical media copy protection Early 1980s: dongles Late 1980s: software license management 1990s: CD-ROM copy protection Late 1993: conference Technological Strategies for Protecting Intellectual Property in the Networked Multimedia Environment, Washington DC 5 Historical Development

 Late 1990s: documents, software  Late 1990s: digital conditional access (CA) for cable TV  Early 2000s: music  Early 2000s: “Enterprise Rights Management” (corporate documents)  Mid-2000s: mobile music  Mid-late 2000s: video downloads  Late 2000s: merging of DRM with CA for video

6 DRM Technology

7 DRM Reference Architecture

8 Typical Components

 Content Server  Client (user device) – Repository of encrypted – DRM Controller content (software/firmware)  License Server – Receives encrypted – Takes requests for content usage licenses – Requests licenses – Authenticates identities – Grants rights to users (user, device, or both) – Issues licenses (small files) containing decryption keys

9 DRMs in E-Publishing

Major Minor  MobiPocket DRM:  Fictionwise Amazon Passhash: Nook  Adobe Content  Microsoft PlayReady: Server: Nook, Kobo, Blio Google Books, Sony  Kobo Vox DRM: Kobo Reader, Numilog, Vox many others  Marlin: Sony Reader  FairPlay: Apple iOS Japan  FileOpen: various publishers’ sites 10 DRM Economics

11 Economics of DRM Publishers demand it but (usually) don’t pay for it Retailers and device makers control designs Very few successful standalone DRM vendors Retailers and device maker use DRM for “lock-in” Interoperability and fair use suffer “Interoperable” DRM (Adobe Content Server)

not easy for users 12 The Rights Technologies R&D Index (GiantSteps research, 2010) Rights technologies research output per country – measured by number of articles in respected journals GERD (Gross Expenditure on Research & Development) – OECD statistic Rights Technologies R&D Index is ratio of RT research output to GERD Measure is independent of size or wealth of country 13 RT R&D Indexes Show: Economic Incentives Misaligned 450 70

400 60 350 50 300

250 40 GERD ($B) 200 30 RT Output 150 RT R&D Index 20 100

10 50

0 0

“Device” “Content” Countries Countries 14 R&D Survey Results

Reasons for Lack of R&D RIAA Lawsuit Threat Other 6% 12% Topic Distasteful 12% Moved On to Other Topics R&D Not 6% Published in Sci Journals No Grant 24% Money 12% Limited There’s no Commercializati Money in it on 40% Opportunities 28%

15 Cloud Reading

16 The Future?

Traditional

Content DRM File Downloads Server Connection Can Be Intermittent Offline Reading

Cloud Reading

Content XML, Page Images Server Connection Must Be Continuous

17 Content Protection for Cloud Reading XML Page Images  Send a screen at a time  “Screen shot DRM” (Safari Books Online,  Send one page image at Google Books) a time  Send a chapter at a time (Amazon “Look Inside”) (Amazon Kindle Cloud  Pirates must OCR pages Reader) images and assemble  Pirates must assemble them content from components

18 DRM for Other Content

19 DRM for Other Content: Music Permanent internet downloads went DRM- free in 2007 Permanent mobile downloads followed soon thereafter DRM for physical media (CDs) a failure On-demand streaming services (Spotify, Deezer) – Stream encryption: data encrypted in transit to client – “Offline listening mode”: DRM for locally cached

files 20 DRM for Other Content: Video

 Downloads all use DRM – Whether purchase (permanent) or rental (temporary)  Physical media uses DRM – CSS for DVDs – AACS and BD+ for Blu-ray  Otherwise encrypted streaming – Derived from Conditional Access (CA) for cable & satellite  Strongest content protection technologies found here – Alignment of economic incentives

21 DRM for Other Content: Games

DRM ranges from very strong to none – Gamers particularly adept at hacking – Conversely, “DRM Free” can be a selling point Motivations different from video – Just need to minimize illegal sharing for first few weeks – That’s where most of the revenue comes

22 Other Rights Technologies for E-Publishing

23 Forensic Rights Technologies (a/k/a Content Identification or Content Recognition)  Watermarking and fingerprinting  For network piracy monitoring schemes (HADOPI)  Do not prevent unlicensed use  Crawl Internet looking for copies of known content  Provide evidence of unlicensed uploads and downloads  Block or monetize user uploads (YouTube)

24 E-Book “Watermarking”

 Embedding data in “noise” portions of images  Adding unprintable chars to text content  Inserting identifiers in e-book – Once, once per chapter, on every page – Could be transaction ID, user ID, user’s real name, email address, credit card number  Idea: if your personal info is in the file, would you still share with your million best friends?  Easy to circumvent  Examples: Pottermore EPUB files, O’Reilly PDF downloads 25 E-Book “Fingerprinting”

Sophisticated pattern matching Crawls web, finds instances of known content Can look for context to see if use is licensed (e.g. news wire stories on newspapers’ websites) Examples: MarkMonitor/dTecNet, Attributor, Irdeto/BayTSP

26 Watermarking vs. Fingerprinting Tradeoffs Watermarking Fingerprinting Content Watermark must be None required, can be used Changes embedded with content “in the wild” Process Insert watermark in every Compute fingerprint once for file on server and/or each content item and consumer device; detect deposit in vendor’s master later database; re-compute later for lookup Hacking risk Not very robust, easy to Nothing to hack hack (unlike video/audio watermarking) Data Storage Can store any data, up to Cannot store any capacity limitations; files information; identical content with same content can have files compute identical different watermarks fingerprints Costs Spread throughout the27 Primarily fall on service digital content value chain providers IDPF EPUB LCP Project Update

28 IDPF EPUB LCP Project

 Lightweight Content Protection standard for EPUB3  Address lack of interoperability in EPUB due to lack of DRM standards  Attempt to create standard interoperable DRM that is attractive to retailers & device makers  Trade off strong security for ease and low cost of implementation  Take advantage of anticircumvention laws  Process: issue RFP for technology contributions

29 EPUB LCP Project Status

RFP published in July Deadline extended to late September Six complete proposals received Evaluations to be presented to IDPF Board in early December

30 Complete Proposals Received

FileOpen – well-established US vendor Impervio – Canadian startup Kobo – new proposed open standard Marlin Developer Community (MDC) – Marlin-derived spec RHKS – Korean startup (from Random House Korea) Sony DADC – Marlin-based technology

31 Bill Rosenblatt GiantSteps Media Technology Strategies [email protected] +1 212 956 1045 www.giantstepsmts.com

32