The Inhumanity Of DRM
Introduction
This guest post is written by David Diamond, author of the DAM Survival Guide and Marketing Director of DAM vendors, Picturepark.
The Inhumanity of DRM
We DAM professionals are increasingly fascinated about digital rights management (DRM). We want to protect our content, and we’re constantly on the hunt for the best way of doing so. We want DRM to be transparent and bulletproof, and we don’t want DRM to inconvenience legitimate consumers of our content. (Admittedly, we’re willing to inconvenient the many if we can protect ourselves from the few.)
That in mind, it didn’t surprise me when during a recent dinner with the CEO and Chairman of my company, we got to talking about the relationship between digital rights management (DRM) and digital asset management (DAM). What did surprise me, however, was the turn that conversation took toward the end.
Our conversation started with the three of us agreeing that the concept of DAM-based digital rights management often lulls organizations into a false sense of security about the safety of their content. When people hear the term “digital rights management,” they expect a technological guardian angel that will follow and watch over their content forever.
But this isn’t the case.
Content inside a DAM can certainly be “digital rights managed,” within reason. Permissions can be configured, and watermarks can be applied. Sensitive metadata can be hidden from certain users, and who downloaded what can be tracked.
But then what? How can a DAM protect content that has left the DAM?
We spend millions researching and developing technologies and procedures that promise to offer post-DAM content protection, but how realistic is this? Should we train search engines to crawl the Internet looking for violations? Are you willing to embed virus-like code into your content that “phones home” to let you know where it is?
How much would you be willing to pay for such technologies? How much would you trust them?
More importantly is whether solutions like these would even be practical for you. Let’s take a look at how it might work.
You sell content to User A. At some point, User A inadvertently or otherwise makes that content available to User B. Your super smart Web crawler service discovers the content on User B’s website and reports back to you. You visit User B’s website and decide the evidence of a copyright violation is overwhelming and it’s clearly time to act.
Based on the data your trusty “SpiderCop” Web crawler has provided, you figure you’re one slam-dunk lawsuit away from collecting damages. This really is the way the legal system should work, you reckon: Pay for a Web policing service, then sit back and watch the rewards come gushing in. Thank goodness for SpiderCop, the premiere player in a new genre of software known as Legal Infraction Exposure Software (LIES).
It’s a win for everyone, you figure, except of course, for the criminal—a.k.a. User B.
You contact your attorney and explain the situation. She drafts and sends to User B, via special delivery, a stern take-down notice. Too bad your attorney isn’t as affordable as SpiderCop. Also too bad that you didn’t know before you called her that User B still lives in his mother’s basement and is currently grounded for playing too much Wii.
User B is in clear violation of your copyright, but you know what they say about blood and turnips…and attorneys. Some battles just aren’t worth fighting.
And then there are all those content curators on the Internet. What should we do about them? As the owner of the content, shouldn’t you be the one to decide where that content is discussed, re-tweeted, liked, +1’d or otherwise promoted? Perhaps content curating can be considered some sort of copyright violation too. After all, aren’t these people profiting from your content without your permission?
Filing a massive lawsuit against all of the Internet’s content curators could be exactly what you need to make your SpiderCop ROI work. In fact, if the marketing people of the LIES industry are on top of their game, you’ll easily find white papers to explain exactly how this works, in 5 steps or less.
But let’s return to sanity for a moment: The fact is, unless you’re willing to invest potentially tens of thousands of dollars into your legal “recovery” efforts, the best DRM is going to offer you is the privilege to send toothless take-down notices. Will this satisfy you? Will digital wrongdoers even read your notices? After all, they might have a lot of homework to do.
Finding ourselves at an impasse with regard to knowing how to make a punitive approach to content protection work, my dinner mates and I started to look at this problem from another angle. We questioned whether, as an industry, DAM had lost its way. Had we become so focused on protecting content that we’d forgotten the primary purpose of content?
If a DRM-protected image falls in a forest and there’s no one around to see it, can it change the world?
Many DAM vendors have done terrific jobs of enabling users to control and limit the distribution of their files. But shouldn’t we be doing more by way of helping DAM users get content into the hands of consumers? It should be easier to get content out of a DAM, not harder.
For example, why is social media still an afterthought for so many DAMs? Social media is the new printed letter, flier, circular and bulletin board, all rolled into one. Social publishing should be as standard an output feature for DAM as printing is for word processors.
And here’s another concept to consider: “Curated DAM” I can’t search my Picturepark DAM today and find digital assets that are stored in someone else’s MediaBeacon system. Why not?
If I’m from a medical institution that wants to provide physicians with useful images that can help them identify and diagnose illness, I would be crazy to limit what I offer to only my own collections. If I know another medical institution across the planet has a collection that would enhance my own, I might want to virtually merge those collections for the purpose of offering a more useful and valuable resource to medical professionals. Medical professionals shouldn’t have to look in every nook and cranny of the Internet to find what they need, and neither should anyone else.
But where’s the DAM industry standard that makes this possible?
If you don’t readily see the benefit in this, imagine having hundreds of different Internets: Before you could find what you need, you’d have to know which Internet included that information, and you’d need to know how to access that Internet. In fact, before we had global search engines, this was exactly the way the Internet was.
And this is exactly where we are with DAM today. Google gets it; DAM vendors do not.
What do you say, MediaBeacon? Widen? You with me, Extensis? How about you, ADAM?
Until the day we stop focusing on “owning” and “protecting” and start focusing on “expressing” and “educating”—the primary purpose for content—we will be unable to start this or any other meaningful discussion that measures the benefits of protection vs. proliferation.
But the responsibility for a shift in the way we value content isn’t a burden for DAM vendors only—this is a discussion for the entire DAM community.
If you one day discover a cure for Cancer, will it be more important to you to figure out the best way to protect and monetize your discovery, or will your focus be on figuring out how to get that cure into the hands of those who need it?
David Diamond is the author of DAM Survival Guide, a digital asset management book that details DAM initiative planning. He also directs global marketing for DAM software vendor Picturepark.
Share this Article:
I can agree with David’s sentiment here on DRM. It seems like an entire industry based on the premise of fighting an irreversible tide of infringement. The enforceability point is highly astute and most of the solutions seem based on solving the detection problem as the suppliers of these solutions know they can’t really do much to help IP owners thereafter.
I think there are some practical issues to contend with though that make this less clear cut than the article’s conclusion suggests, especially the suggestion that Google understand the limitations of DRM better than DAM vendors.
Google make their money by exploiting a resource that is free (other people’s content on publicly accessible websites) and putting adverts either on it directly or offering users utilities like search engines or email clients to create advertising inventory. It’s in their interests to ‘set content free’, especially highly in-demand stuff like a cure for cancer, as it will get more traffic for their ads and increase the potential for them to earn from it.
DAM vendors don’t have this advantage, they are paid by clients and customers to provide a facility with a fairly clear functional remit for a given fee. If the buyer is convinced that their images, video etc need to be protected at all costs then they will select a system that seems like it will help them meet that objective, even if the reasoning behind their requirements is flawed.
The other issue is the nature of the content that is being protected. If it’s general assets like marketing photos then that might be less of a concern. Where it gets more complicated is if the material is sensitive documents or PR-unfriendly training material, for example, videos explaining how a company disposes of nuclear waste, money laundering detection techniques or informing families about fatal accidents – those are all real examples from my experience of working on DAM system implementations. The owners of this kind of content would rather that it didn’t get outside the corporate firewall (and it’s easy to see why) but there are specific groups of internal staff who need to access them to carry out a work related task effectively. This partly explains where the demand for the highly configurable asset permissions models that underpin DRM in DAM systems originates from.
You could argue that companies shouldn’t deposit anything really sensitive into DAMs, but if not, then where else? If it stays on shared drives then it isn’t secure or flexible enough and someone will just re-invent a DAM system anyway but come up with a new name for it and talk up the security elements more aggressively.
The key issue here is the intellectual property owner’s intent. It’s essential to distinguish between content that the owners want to be widely disseminated (with or without remuneration) and assets that they believe need to be controlled to a specific, pre-defined audience.
I can sympathise a little more with DRM opponents over the former but not really over the latter. While it might give someone the opportunity to lock up a cure for cancer, in my view, it has to be the choice of the content owner about whether they permit access to it or not.
On being able to search multiple DAM systems centrally, I think there are several standards in-play, albeit they’re at a higher level than just DAM and are spilling more into general ECM. I gather CMIS and oData are all directed towards the interoperability problem across content technologies (like DAM). The lack of take up is partly due to the fact that the DAM market is highly fragmented and made up of many smaller vendors who are taking a ‘wait and see’ approach to see if there is demand from their end users first. It’s fair to say that it’s a bit of a chicken and egg situation, but I think it’s more that end users aren’t seeing the benefits of interoperability to fund the cost, rather than vendors being unwilling to offer it.
Again, it’s easier for Google as people queue up to hand over their content to them via openly accessible HTML (a widely established protocol that’s been around for well over 20 years). They are maybe a bit less keen over stuff like their bank accounts or health records, however, and that is the crux of my argument. I think you’ve over-generalised about the need (or lack of it) for DRM, it has to be assessed on a case-by-case basis and there will always be a value judgement involved.
Where you draw the line between useful content that should be set free for the good of humanity and legitimately secured data that has a clear and proven need for protection is an interesting philosophical point raised by this article. Fundamentally, DAM vendors (and consultants) are paid by their clients to assist them to meet their objectives, however, and, as such, you need to respect their intentions, even if you don’t always agree with them.
I agree with Ralph’s comment, “…but I think it’s more that end users aren’t seeing the benefits of interoperability to fund the cost, rather than vendors being unwilling to offer it.” Most DAM administrators I spoke with thought it was an easy win to build DRM into our DAMs but the lack of executive and legal sponsorship kept DRM from getting to the top of the project list. In the end, someone has to pay for this. Production people, who understand the risks and benefits usually don’t have access to the needed funds.