Channeling together the un-channel-able
The tangled garden that is today's DRM has sprouted forth and flourished, Lacey reminded us, only in the last seven years. "Interestingly enough, those different approaches to the DRM, and the systems that are based on them, the channels including content services, applications, and devices, were designed from the get-go not to be interoperable." It was the DRM, he explained, that was designed to artificially maintain the exclusivity of one channel from another, that distinguished one company's channel from another company's, as an alternative to building a more sophisticated distinction based on obvious quality of service.
DRM actually works surprisingly well, Coral's Jack Lacey went on, within the PC, so long as the songs and other files its user downloads remain tethered to that PC. It's in trying to move content off of the PC that consumers learn that DRM actually works a little too well. "So we've found ourselves in the realm of consumer confusion," remarked Lacey, "and one of the things we've found is that DRM [unintentionally] becomes a sort of household word. Well, consumers don't need to know about the underlying technology that makes things work, necessarily. They just want to make sure that their content works in ways that are intuitive."
There are three approaches to solving this problem, argued Lacey, all of which can seem staggeringly impossible. One is to encourage the various content publishers, services, and distributors to come together to haggle out a single DRM agreement - one ring to rule the world. The current state of the Blu-ray vs. HD DVD fracas, which is limited to discs alone, should give you a clue as to the likelihood of success of an industry-wide agreement, on the much larger scale of media in general. Another is to pick a single DRM system, and appoint it the de facto industry standard, a la MS-DOS.
In light of those two approaches, Lacey's third alternative actually seems just a tick less daunting. "Coral...decided to standardize an interoperability framework," he explained, "that could make it possible for the different monolithic distribution channels to exchange whatever information needs to be exchanged, such that the consumer is provided with the experience of interoperability, while at the same time the rest of the value chain - the service providers and the device manufacturers - can still have the flexibility to choose whatever system meets their needs in the best way." The first draft of Coral's interoperability framework was released in March 2005; a new version is expected later this year.
During Lacey's time as an engineer at Bell Labs in 1997, he co-authored a paper which explored the digital rights management concept not as a security system, but as the digital form of a publisher's business model. In that paper, Lacey remembered, he wrote, "Sometimes your strongest security mechanism is a well-designed business model and distribution system. Well, we've seen that recently, with a company that's distributed a billion songs. People will pay for high-quality services, and for transparent, seamless use. When you look at the needs of content providers, CE manufacturers, and at the same time, the needs of consumers, balancing all of those [needs] has never been a trivial task. Interoperability is just one of the variables that's being played with right now, and Coral has chosen to focus on that one."
But part of why Coral's task remains monumental is because it is actively working to federate a group of protocols that, while depended on by publishers, are basically unwanted by consumers. The problem of DRM being used as a tool for monitoring, tracking, and in some cases, even dictating customer behavior is one that extends beyond the technology itself, Lacey argues. It isn't about DRM per se, he says, as much as it is the companies that would deploy it for those purposes; implying that if they didn't use DRM tools, they could conceivably use something else.
In short, it's not the DRM itself that's evil. It's a dangerous tool, explained Lacey, and "we have to be careful not to abuse it. We have to deploy it in a way that it does what it's supposed to do, is invisible to the consumer, but not invisible in such a way that, in the background, it's doing all this nasty stuff. DRM is not just about security. [Companies] would like to make it in such a way that people see that the usage model itself is intuitive, acquiring the content is intuitive, moving the content onto devices...You can't move it to everybody's device in the world, but moving onto my set of devices is something that's intuitive. You're not thinking all the time, 'I keep running into these security boundaries.'
"If you can design systems such that that's the case, then I think you go a long way towards saying that, it's not really about security from or for the consumer," Lacey continued, borrowing a phrase we mentioned to him coined by security expert Bruce Schneier. "It's not about security at all. It's just distributing content in a way that's intuitive for consumers to use...We're not building a DRM system. We're not a content management system. We are an interoperability framework that makes it possible for the various players to participate in a trusted fashion, to exchange information so that interoperability can be provided to consumers."
It is a very laudable goal. But from where we stand today, perhaps even reaching "square one" toward that goal could be a monumental achievement.
