Product Group Tests
Group Test: DRM
Some of the functionality found in DRM products includes encryption, required authentication to access the IP, copy protection, digitally signed media, and the ability to control the lifecycle of the media. Some of these capabilities are extreme and are required only in special cases, but some are common.
Full Group SummarySome people think of digital rights management (DRM) as copy protection. More accurately, DRM applies fundamental principles of access control to intellectual property. DRM enforces access to and use of documents, art, music and video, etc., rather than simply preventing the copying of it. That makes DRM a bit more complicated than copy protection or watermarking.
Detractors of DRM tend to oversimplify the problem in order to overemphasize the solution. This tends to make DRM appear as a solution looking for a problem. DRM is not just copy protection. Properly implemented, it does not interfere with legitimate use of the intellectual property. Like any other technology, DRM can be abused and, to be sure, there are credible arguments that such abuse certainly has occurred.
For the purposes of our DRM Group Test review this month, we were not interested in how these tools could be over- or excessively used. So, we have evaluated these products in the context of what they purport to do and how well they do it.
One of the challenges when evaluating DRM products is knowing when you have an actual DRM product in the fi rst place. Another challenge is understanding what types and extents of protections are present. The two are interlocked because types of protection may dictate whether the item is, in fact, a DRM product.
A key issue in analyzing a DRM tool is what it does. That addresses both issues. For example, does a DRM product need to take an active approach to protecting intellectual property (IP) rights? If the answer to that is "yes," watermarks don't qualify because they simply are. They don't really do anything. They just identify the owner of the IP. But if the product takes measures to prevent copying, as well as other measures to prevent transmission of the product to another user, it may very well be a DRM product. Unfortunately, there are few, if any, universally accepted standards that defi ne what DRM really is.
Some of the functionality found in DRM products includes encryption, required authentication to access the IP, copy protection, digitally signed media, and the ability to control the lifecycle of the media. Some of these capabilities are extreme and are required only in special cases, but some are common. For example, a protected document may shred automatically some period of time after it is opened initially. This is not uncommon, but requiring encryption as part of DRM is. Even so, there are times, such as when the IP is in transit between authorized users, when encryption makes sense. The problem is that none of this functionality by itself defines DRM.
Other functionality that is typical of DRM includes copy protection, protection from conversion to other formats, and automatic shredding.
How to buy DRM
If you are planning to buy a DRM product, be sure of your application. For many applications, enterprise rights management (ERM) may be better for you. This functionality manages access to information assets within an organization's enterprise. ERM focuses more on protecting against unauthorized access from within the enterprise than does DRM. If you are focusing on intellectual property that you are going to distribute outside of your direct control, you may have a case for DRM. For the purposes of this review, we looked at both ERM and DRM.
How we tested
Testing this product group was straightforward. We installed each product as directed and created appropriate IP. Then we protected the IP and attempted to circumvent the protection. We were interested in ease of deployment, ease of management, and effectiveness of the protections claimed. We insisted that the products be either true DRM or ERM. We avoided single function (e.g., copy protection or watermark only) products.
The value for money category required that the product have both a reasonable acquisition cost, plus a reasonable cost of ownership over time. We did not judge products on whether or not they could be used in a politically unpopular way (for example, preventing fair use copies with no way to circumvent a legal function). All we cared about in testing was the efficacy of the product. We leave the politics of DRM to the politicians.