Coral Consortium: Can't all our DRM systems just get along?
Fremont (CA) - The keyword that has been thrown at us for well over the last decade has been convergence, as if the key to unifying all media is for engineers to produce a single device that can play everything - audio, video, and interactive media. How well we have learned in recent years that interoperable media requires so much more than a single converged box - despite the fact that companies are gearing up today to market devices that would purport to be precisely that kind of magic box.
Recent experience with the waning popularity of the audio compact disc has taught us that people don't particularly want a single box, a one-size-fits-all solution, for the music or video that people want to be able to partake in just to get through their day. Note, for example, the popularity of an entire industry devoted to the experience of moving content off compact discs and DVDs. Computing has introduced the world to the concept that content can, and should, be portable by design. But with infinite portability comes a problem: The manufacturers of content too easily lose control of their distribution channels. With compact disc, prior to the rise of CD-ROM, distribution control was not a problem; you played your songs on the medium you purchased them on. The distribution channel was secure.
When the content production industry learned at the turn of the decade that millions would be willing to use unauthorized means to be able to make their digital content portable, even if it meant acquiring it in an unlicensed fashion in the first place, the first initiative among publishers was to try to re-secure their distribution channel, whether with new laws, new technologies, or both. But consumers took to these new technologies the way Gen. Patton took to "fixed fortifications;" and publishers worldwide have largely failed to codify their unalienable rights to produce their material on a disc and keep it there. So the first counter-offensive largely failed.
For a great many consumers, their first direct personal contact with digital rights management has been with learning how the songs they download from iTunes and other services won't play in common media players, and can't be burned to CD the way a normal MP3 file can. Jack Lacey, who is in the business of working with DRM systems as president of the Coral Consortium, found himself last Christmas discovering consumers' dilemma himself, all over again. "My kids - who are members of Napster - got iPods for Christmas," he related to TG Daily. "And they said, "Now we're going to go get all our Napster content and put it on the iPod." And I said, 'Hold on there, it's not going to happen.' And there was no peace in the household that morning."
Lacey leads a group of 40 companies, most of whom are content producers, others who are CE manufacturers, in an effort to develop an industry-wide protocol that would resolve his kids' Christmas dilemma. The fact that content purchased through one download service, and intended to be used on a narrow range of MP3 players and PC media players, cannot be played on other MP3 players and PC media players and digital devices - nor, in many cases, burned to an audio CD that can be played in the car - may be slowing consumer adoption of digital entertainment. Why buy a song, a consumer may think, that you can only hear from one place?
Digital rights management determines what songs can be heard in what places; and for many consumers, the solution to the ubiquity problem would be to eliminate DRM from the equation. Lacey and his Coral Consortium propose another solution: Create a kind of electronic broker among DRM systems, which Coral calls a rights mediator, that can determine whether a user is authorized to own a track in the first place, then transfer not only the rights but also the content itself to any other system to which that user is entitled access. So a fairly purchased iTunes song, theoretically, could at least be transferred to play through, say, Windows Media Player without a sophisticated codec transplant in Windows.
"I think one of the things that really is on people's minds right now," Lacey told us, "is that, consumers are confused about all this stuff. It's not a good thing." It's confusion among customers, Lacey argued, that is driving consumers toward unlicensed MP3s, and more and more, unlicensed video. "It's a little harder to get free video but not much," he said. "Bandwidth is improving, memory is improving, everything is moving in the direction that's going to have the video situation in the same place as audio was in five years ago."
Channeling together the un-channel-able
The tangled garden that is today's DRM has sprouted forth and flourished, Lacey reminded us, only in the last seven years. "Interestingly enough, those different approaches to the DRM, and the systems that are based on them, the channels including content services, applications, and devices, were designed from the get-go not to be interoperable." It was the DRM, he explained, that was designed to artificially maintain the exclusivity of one channel from another, that distinguished one company's channel from another company's, as an alternative to building a more sophisticated distinction based on obvious quality of service.
DRM actually works surprisingly well, Coral's Jack Lacey went on, within the PC, so long as the songs and other files its user downloads remain tethered to that PC. It's in trying to move content off of the PC that consumers learn that DRM actually works a little too well. "So we've found ourselves in the realm of consumer confusion," remarked Lacey, "and one of the things we've found is that DRM [unintentionally] becomes a sort of household word. Well, consumers don't need to know about the underlying technology that makes things work, necessarily. They just want to make sure that their content works in ways that are intuitive."
There are three approaches to solving this problem, argued Lacey, all of which can seem staggeringly impossible. One is to encourage the various content publishers, services, and distributors to come together to haggle out a single DRM agreement - one ring to rule the world. The current state of the Blu-ray vs. HD DVD fracas, which is limited to discs alone, should give you a clue as to the likelihood of success of an industry-wide agreement, on the much larger scale of media in general. Another is to pick a single DRM system, and appoint it the de facto industry standard, a la MS-DOS.
In light of those two approaches, Lacey's third alternative actually seems just a tick less daunting. "Coral...decided to standardize an interoperability framework," he explained, "that could make it possible for the different monolithic distribution channels to exchange whatever information needs to be exchanged, such that the consumer is provided with the experience of interoperability, while at the same time the rest of the value chain - the service providers and the device manufacturers - can still have the flexibility to choose whatever system meets their needs in the best way." The first draft of Coral's interoperability framework was released in March 2005; a new version is expected later this year.
During Lacey's time as an engineer at Bell Labs in 1997, he co-authored a paper which explored the digital rights management concept not as a security system, but as the digital form of a publisher's business model. In that paper, Lacey remembered, he wrote, "Sometimes your strongest security mechanism is a well-designed business model and distribution system. Well, we've seen that recently, with a company that's distributed a billion songs. People will pay for high-quality services, and for transparent, seamless use. When you look at the needs of content providers, CE manufacturers, and at the same time, the needs of consumers, balancing all of those [needs] has never been a trivial task. Interoperability is just one of the variables that's being played with right now, and Coral has chosen to focus on that one."
But part of why Coral's task remains monumental is because it is actively working to federate a group of protocols that, while depended on by publishers, are basically unwanted by consumers. The problem of DRM being used as a tool for monitoring, tracking, and in some cases, even dictating customer behavior is one that extends beyond the technology itself, Lacey argues. It isn't about DRM per se, he says, as much as it is the companies that would deploy it for those purposes; implying that if they didn't use DRM tools, they could conceivably use something else.
In short, it's not the DRM itself that's evil. It's a dangerous tool, explained Lacey, and "we have to be careful not to abuse it. We have to deploy it in a way that it does what it's supposed to do, is invisible to the consumer, but not invisible in such a way that, in the background, it's doing all this nasty stuff. DRM is not just about security. [Companies] would like to make it in such a way that people see that the usage model itself is intuitive, acquiring the content is intuitive, moving the content onto devices...You can't move it to everybody's device in the world, but moving onto my set of devices is something that's intuitive. You're not thinking all the time, 'I keep running into these security boundaries.'
"If you can design systems such that that's the case, then I think you go a long way towards saying that, it's not really about security from or for the consumer," Lacey continued, borrowing a phrase we mentioned to him coined by security expert Bruce Schneier. "It's not about security at all. It's just distributing content in a way that's intuitive for consumers to use...We're not building a DRM system. We're not a content management system. We are an interoperability framework that makes it possible for the various players to participate in a trusted fashion, to exchange information so that interoperability can be provided to consumers."
It is a very laudable goal. But from where we stand today, perhaps even reaching "square one" toward that goal could be a monumental achievement.