Bill McCoy: IDPF is a standards organization. There is no standard means to do content protection in EPUB and the IDPF is doing what is essentially a thought experiment on what it might look like and are now soliciting opinions on them.
Bill Rosenblatt, Giant Steps Media: Where the landscape is in content protection. Publishers trying to fight infringement using legal economic, behavioral and technical means, as defined by Larry Lessig. Will be talking about technical aspects today.
Methods fall into proactive and reactive methods. Proactive: encrypt, tie access to user or device, expiry date and time, imits on print, co[y to clipboard, etc. Reactive: don’t limit what consumer can do with content, search infringing copies of content, identify their source by content or examination, create evicence for legal infringement complaint.
Proactive techniquues generally called DRM and reactive techniques generally called content identification. Content identification is generally confined to watermarking and fingerprinting.
DRM: don’t know if it prevents piracy. All current studies have problems: either methodologically flawed or put out by interested parties. For publishers it locks the reader in and for libraries it enables them to lend out ebooks. For distributors and ereader vendors it adds cost. For users it restricts sharing and portability. Fragmentation of DRM has hampered growth in the overall ereading market. There are currently at least 7 DRMs for various ereading platforms. In music paid downloads have been generally DRM-free for the last three years and what Apple has done is introduce speed bumps to make it harder. Mobile services encrypt their streams and encrypt the music when downloaded to the device. In video is where the DRM is the strongest and getting stronger all the time. The only meaningful R&D being done in this area is in video. DRM is becoming increasingly popular in the protection of corporate documents.
Two main techniques for content identification. Watermarking, now being used by Harry Potter and being done by a Dutch company called Bookstream. Adds data into file in a way that makes it hard to remove. Hard to do this in EPUB as it is easy to remove, but works well for PDFs. Fingerprinting examines files to determine its identity. It uses a has algorythm and is very accurate for text. Can’t identify what the content is, but not know who downloaded it. Hacking it is irrelevant cause is just pattern matching. Harry Potter did a lousy job of watermarking. They did it in a very timid way and not use a lot of the features that Bookstream has. Fingerprinting often used in an academic setting.
Some companies gone DRM-free, but most use it and certainly use it in library scenarios. The higher-ed guys are committed to content protection.
What do we do: status quo, go drm-ftree, standardixze strong drm, standardize watermarking. IDPF should have done something about this years ago. If go drm-free you can’t go back and this is what is holding some publishers back. Standardizing on strond drm has proved overly expensive and complex. Watermarking’s problem is that watermarking hacks, unlike drm hacks, are legal.
IDPF is exploring Lightweight Content Protection for EPUB3. An open pro-competitive standard. Use personal information (name, email, cc#) and store it in obfuscated form. Lightweight means that you can share it with someone, but that person will have access to your personal information. This protection will not “phone home” and can be used offline. Will continue to work if the company goes out of business. Want to be to the left of Adobe Content Server and Amazon.
There is a window of opportunity now as there is more fragmentation in the market. Ereading is moving into markets with higher piracy rates (Brazil, China) and now transitioning to EPUB3. Completed draft requirements and are soliciting comments by the end of the week.
It is interesting to me to see that the DRM discussion is still being cloaked in anti-piracy terms when the real agenda is to defeat the secondary (used) book market, defeat public and private lending, shackle customers to a vendor and limit functionality (e.g. limited copy & paste) so that it can then be sold as an accessory. Real pirates will circumvent whatever we come up with and the publishing industry has to understand this by now. They are not stupid people. What they also understand but keep firmly under their hats is the fact that DRM has the potential to enhance and even out revenue streams. Thus, DRM is not a moral proposition. It is simply a business proposition.
Shackling readers to single vendors is *off* the table: that is why they’re looking at DRM-lite.
Full restrictive, device-locked DRM files will remain as long as the big publishers can milk libraries–it is an enabling technology for that but the day they dare discontinue library support, it’ll go away.
Other than that DRM is mostly a placebo for those authors who think *everybody* wants to read their books without paying. Even the social DRM-LITE they are contemplating is going to be more trouble than it’s worth, especially in the real-time watermarking costs.
It’ll take a while but as their margins get squeezed the bigger publishers will just tell the authors to suck it (they’re good at that) and go DRM-free the way they should’ve gone from day one.
Hi,
Thanks for the coverage of my talk earlier this week at BEA. While it looks like these were notes taken during my talk and not edited (or not edited much), I would like to take this opportunity to correct some misstatements about the facts I presented.
– “For publishers it [DRM] locks the reader” – should be “For retailers and device vendors it locks the reader.” In other words, lock-in is a benefit to retailers and e-reader vendors, not to publishers.
– The company doing the watermarking for Harry Potter EPUB e-books is called Booxtream, not Bookstream (though they aren’t allowed to mention their Pottermore relationship publicly).
– With EPUB LCP “you can share [an e-book] with someone, but that person will have access to your personal information.” Not true. The encryption key is an irrecoverable obfuscated version of your personal information. So even if the key is recovered, you would have to go to the retailer to retrieve the actual personal information. The personal information is transformed into a string of gobbledegook via a one-way (non-reversible) mathematical function. This method preserves your privacy while maintaining a link to the copies you distribute through the retailer.