DRM solution for small business?
September 17, 2009 6:28 PM   Subscribe

The big players with serious budgets haven't been able to really achieve this kind of lockdown in a practical manner so there's little hope for those with a "small business" budget.

DRM simply penalises genuine customers by making it more awkward for them to do their thang.

It is the nature of computers to read & write zeros and ones back and forth. If a file can be read, it can be copied. Sorry, but I'd suggest a re-think regarding licensing terms etc. as a better way to approach your problem.
posted by dirm at 6:43 PM on September 17 [8 favorites]

What does the P stand for?

This might help you:

"Through its LiveCycle Policy Server product, Adobe provides a method to set security policies on specific documents. This can include requiring a user to authenticate and limiting the timeframe a document can be accessed or amount of time a document can be opened while offline. Once a PDF document is tied to a policy server and a specific policy, that policy can be changed or revoked by the owner. This controls documents that are otherwise "in the wild." Each document open and close event can also be tracked by the policy server. Policy servers can be set up privately or Adobe offers a public service through Adobe Online Services."
posted by furtive at 6:52 PM on September 17

I think this needs some clarification-

DRM when properly done, inferferes with nobody. Look at Netflix. It just works (finally). The bargain for getting (almost) free content is that you have to use their player.

Now, in your situation, I can't think of a file-based solution that would easily work. Any restrictions you put on it would be up to the client/reader application to apply or not. If you have the file, you have the information, you can copy it, etc.

I would probably think that a more web-based solution would be in order. Passwords and content that is simply gone when the time is over. Something like how the network directory services work- when someone gets rights to some media, the are added to the group that can access the media. When those rights expire, they are removed from the group and can't access it. That way, your server is controlling what they get.

Also, the best way to protect your digital rights is to make it way easier to use the material "legally" than to get around it. Like how crappy shareware used to have popup screens that bugged you to purchase it before you could use it. Like in furtive's example, I suppose a user could disconnect from the net every time they wanted to use the content and it would probably work. But that's probably enough of a hassle that paying the price is easier.

Or, make the content dynamic enough that old versions are useless.
posted by gjc at 7:22 PM on September 17

The ISO locks down the PDFs of its standards so that it can only be printed by one user, and has a "Purchased by: X" footer on every page. So you print a copy, scan it, and store it in the digital file system. DRM defeated in two minutes, and ISO's a pretty big organization.

What ISO does do that allows them to track even a scanned copy with trimmed footers back to you is print a little watermark in random places and orientations in the whitespace of the standard. At first, it looks like a printer feed blemish, but if you look really carefully it's a line of punctuation characters that encodes the document's serial number.
posted by scruss at 7:34 PM on September 17

Allow me to track and/or permit "X" number of copies of a presentation or course to be printed

Note that if you let someone print something out they can easily use a tool like PrimoPdf to get a DRM-free pdf of the printout, or they just copy it the low-tech way by using a photo copier.

I may also be interested in solutions where I can put my material on a thumbdrive but somehow turn off the ability to copy the file from the thumbdrive to anything else.

This is hard to do because some device is going to need to read the material on the thumbdrive, and in the computer world reading is the same thing as copying. Any DRM scheme controlling the content on the thumbdrive would need to have control over the device that is reading the content.
posted by burnmp3s at 7:34 PM on September 17 [1 favorite]

Allow me to prevent a file from being copied from machine to machine without my authorization
No practical way to do this.

Allow me to track and/or permit "X" number of copies of a presentation or course to be printed
Requires a framework that will not allow any printing without prior authorization. LiveCycle is probably your best bet.

Allow access to a file for some specified period of time (e.g., until the end of the quarter)
Requires a framework that will not allow the document to be opened without a revocation check. Again, LiveCycle is probably your best bet.

I may also be interested in solutions where I can put my material on a thumbdrive but somehow turn off the ability to copy the file from the thumbdrive to anything else.
No practical way to do this.

All DRM has the fundamental flaw of needing to provide a way for the end-user to access the content. Eventually, someone will figure out a way to bypass any and all restrictions you are able to put into place.

Could you possibly watermark the document? Or keep it web based with password access? Neither will prevent copying, but maybe it would help mitigate the possibility.
posted by bh at 7:36 PM on September 17

Watermark with the purchaser's name, social security number, and mother's maiden name.
posted by orthogonality at 7:52 PM on September 17

Or, make the content dynamic enough that old versions are useless.

This is the only solution that actually works. Find some way to turn your product into a service or subscription, so that the benefit to the customer depends on their relationship (and continued payments) to you, rather than a one-shot purchase. This makes DRM a non-issue.

Everything else is fighting against the tide. Unless you have a great deal of knowledge about would-be pirates and specific scenarios that you'd like to prevent or impede (e.g. "casual piracy"), it just doesn't make sense as something to spend money on.

If I were selling a PDF, one thing I would do is dynamically generate the file for each customer and include their name and company in the title page, or better yet on each page. (Placing it on a separate page is easier because you can just generate the single page and join it to the existing file before it's presented for download, but the page can be easily removed with many PDF tools. Rendering the whole file on demand and inserting information onto each page is a lot more annoying to remove.) My very strong suspicion is that obvious, personally-identifying watermarking probably cuts down on casual copying at least to the same extent that most DRM systems do, and it has far fewer drawbacks and doesn't impinge on legitimate users. It won't stop determined copying, but neither will DRM and watermarking doesn't cost you nearly as much to implement or maintain.

It's worth pointing out that even the iTunes Music Store, which was quite the bastion of DRM for a long time, has thrown in the towel and now uses watermarking. I don't know what business you're in, but it's hard to imagine a market where piracy is more rampant than in online music sales.
posted by Kadin2048 at 7:52 PM on September 17

In browser PDF viewer (java/flash). One of the online tools our researcher uses has a java applet that loads a PDF, so the end user never touches the PDF, sort of what Scribd does, inline document viewer.

You control the content, it still can be copied, but they'd have to take screen captures. It'd be harder to control printing number if prints they can always print the 1st copy to PDF.
posted by wongcorgi at 8:07 PM on September 17

Why not put your content on a web page that they need to log onto to see? Additionally you could show the material in a flash applet.

Actually the thumb drive thing might be easier. You could write a custom program to view your files and then put them on a USB Dongle these ones. You would have to get someone to write custom software, though. It wouldn't be cheap.
posted by delmoi at 9:20 PM on September 17

Like a few others have implied, there is no DRM scheme that cannot be broken. The most you could hope for is something that makes it inconvenient for someone without the motivation or technical inclination to do so. Even the latter is a temporary measure, as someone might eventually create a user-friendly program others can use to break the protection. You need only do a search for "DVD copy program" to see evidence of this.

None of the above should imply that I agree with stealing the work of others — I absolutely do not. I've just been around long enough to see lots of copy protection schemes come out and subsequently get cracked. As a programmer, I realize how badly designed some of them are and also that creating an unbreakable one is impossible because eventually the content must make its way to the monitor, printers or speakers to be of any use. And unless you can completely control all the hardware, you can't control attempts to capture that output.

I agree that watermarking is probably the best solution. It has low cost and does not interfere with legitimate users but does provide a way to track the source of the leak should your copyright be infringed. Even that's not be foolproof, because well-intentioned customers might have their computers cracked or stolen.

I will also add that any inclusion of DRM may limit your potential customers, especially if an equivalent option is available without it. I will not buy songs from iTunes Music Store, for example, if I can purchase the same song through Amazon without DRM. This is especially true for anything which requires periodic authentication with a remote server, as users of several (now defunct) music services would now agree since they can't play the songs they purchased anymore.
posted by tomwheeler at 9:53 PM on September 17

Could I ask you what your company does and why it's considering DRM?

The current state of the art means that it is impossible to actually lock content. It's possible that, due to the analog hole, good DRM is actually theoretically impossible. Watermarking, as the ISO uses, only works if there's any consequence for being seen with pirated content. So there isn't much to gain by DRM, and a lot to lose.

The problem with DRM is that it destroys the good faith between provider and consumer. After the RIAA's legal campaign, Sony's rootkit, the business with DeCSS/AACS/SecuROM...DRM has a bad name. It reminds people that you consider them thieves who need to be restrained. So what have they got to lose by living down to your expectations, except the possibility of legal recourse which your (smaller than the RIAA) company is presumably unable to threaten credibly?

I know I sound like a wacko with an axe to grind, but I'm actually a moderate in that I merely complain about DRM. There are people (such as the ones who make Spore the most pirated game of 2008, and then wrote it 2600 one-star reviews on Amazon) who see DRM as reason to boycott or even pirate the protected content.
posted by d. z. wang at 10:08 PM on September 17

Watermark with the purchaser's name, social security number, and mother's maiden name.

It's very easy to remove watermarks from a PDF. I do this all the time.*

The only product that I know will get you pretty much where you need to be is LiveCycle Rights Management ES (mentioned upthread as Policy Server, the old name for the product). It'll prevent your PDFs from being opened in anything but Acrobat or Reader, it can prevent the use of those PDFs after a revocation if you choose, it can add context-specific watermarks that can't be removed, it can let you prevent the user from printing or extracting content from Acrobat or Reader.

Here's what it won't do. It won't prevent copying the file from one place to another, but because the file can only be opened by connecting to the LiveCycle server that's not as big a deal. It won't prevent the user from doing screen captures, so a dedicated user can still extract content.

Also, it's going to be fairly expensive. At one point, Adobe offered a hosted version of this; that's what I'd look for if I were you.

I honestly think LC Rights Management ES is the best possible solution for this problem. On the other hand, if you change the problem a bit - putting content online, for example - you might get something you're happier with, or something that's cheaper. In the final analysis, though, anything that I can see on my screen, I can keep one way or another.

* for fairly legitimate reasons, believe it or not
posted by me & my monkey at 8:10 AM on September 18

DRM is VERY hard to get right (let alone make work).

My advice, as someone who spent 15 years in an IP-oriented online business, is that you make your business successful without DRM, or at least without strong DRM. If your business provides a good quality/service at a good value, you should be able to make it work without stressing DRM. As some people have suggested, the value you add to the content itself (by how dynamic it is, by how well organized it is, by surrounding community discussion, and so on) helps greatly in retaining your customers and in having them treat your company as the best source for the content, even if there is a cost.
posted by glider at 10:28 AM on September 18

It's very easy to remove watermarks from a PDF.

It's very easy to remove visible watermarks from a PDF. It's not very easy to remove watermarks you don't know are there in the first place. All you have to do is generate one-off copies of a document, each modified in such a way that the user can't tell without a lot of work, but so that the document and all copies of it indicate which customer they're associated with.
posted by oaf at 9:55 PM on September 18

« Older What would be an amazing hallo...   |   Cardboard wall alternatives? I... Newer »