You may have already seen our rejection of Digital Rights Management, or DRM. The fundamental objections are practical. So what are the practicalities of Digital Rights Management?
Consider a customer base that includes subscribers with access to free downloads and non-subscribers who can purchase products. Clearly you want to protect your publications against leaking out for free across the Internet.
Not all subscribers are pirates
Subscribers could be organisations with many members, or individuals. You don’t want either of them pirating material. You also can’t impose your technical restrictions on organisations paying for a service. Subscriber offers typically include different levels of access. Here’s where it gets difficult.
Should you wish to lock down subscribers’ access to ‘read online only’, with no download and no print option, what are the choices?
- Use a non-standard PDF viewer embedded in the site, using a proprietary technology, Examples would be content distribution sites like Issu and Scribd (which uses HPub).
- Create Flipping Book versions of whole documents, but we’ve seen this is not secure because of Flash or the plain HTML fall-back.
- Host ALL documents externally on a proprietary, third-party Digital Book site such as Scribd.com. You’re tursting your content distribution to a third party and paying for the privilege. Here’s a secret: HPub isn’t completely secure either.
- Deploy another form of hard Digital Rights Management (DRM) to lock down documents. Hard DRM includes schemes such as the catchy Adobe (yes, them again) LiveCycle Rights Management server. You can design custom policies and set the expiration date, a sort of ‘self destruct’ tool. Once this policy this applied to the PDF, end users won’t be able to open the PDF after the expiry date. You can also limit the number of devices or limit the number of times it can be opened.
- Deploy a DRM solution that “phones home” to validate access. This can be very intrusive, logging devices, user profiles, and document usage.
- Deploy cryptographic DRM with digital fingerprinting, certificates and the like. There are a number of them out there, none of them particularly cheap. Adobe has LiveCycle Policy Server, which is very expensive, and is intended for Governments and large corporations. Alternatives include FileOpen (which the British Library uses) and LockLizard.
User permissions added to resource pages
Adding another version of ‘protected PDF’ to other available formats demands another level of management of user permissions and profiles. Users need to see a link to the protected document – in place of, or in addition to, the ‘purchase download’ option.
If no downloads, then… what?
If you don’t allow downloads for fear of piracy, your left with HTML or protected content in-browser.
The Scribd model of hosted content only available online requires the reader to have an Internet connection, there’s no offline option. There may be some value to add, though. Watch-lists, reading lists and in-site bookmarks might all be great features to add to the user profile at this point, as per the DeepDyve journal aggregator.
While it is possible to ‘protect’ flat html pages from copy-paste, this involves various scripting technologies and plug-ins, many of which are easily circumvented or require a compatible version of web-browser with appropriate security permissions to work. Local government and corporate IT policies and configuration may not support it.
Practicalities of Digital Rights Management – Conclusion
I still don’t have one. As a customer I hate the whole notion of DRM. As a content creator I hate the idea of paying to implement and run DRM, but I also hate losing control of the valuable content that pays peoples salaries.
Welcome to the digital age.
Image credit: Handcuffs on table, Airman 1st Class Gustavo Castillo (Wikimedia Commons)