Open Source DRM Solutions?

Feint writes "I'm working on an business platform for inter-company collaboration based on an open source software stack. As part of that platform I would like to integrate some sort of digital rights management for the documents in the system. The vast majority of articles about DRM are focused how good or evil it is to apply DRM to digital music or video. I haven't seen many articles address open source solutions for protecting business data like CAD / MS Office / PDF / etc. documents, which is a real need in business today. Can the Slashdot readership suggest some open source DRM offerings other than the Sun DReaM initiative, which hasn't had a release since Jan. 2007?"

I'm sure we could

[Improv]

I'm sure some of us could, but why would we want to? Design our own prison? Encumber data? Stop whistleblowers?

Isn't that an oxymoron?

[something_wicked_thi]

DRM is security through obscurity. If you have the code, you can break any DRM, so there's no point in developing open source DRM. It's also why all DRM eventually fails.

Use encryption if you want safety. But you still can't prevent the people who have legitimate access from doing whatever they want to the documents.

DRM in a nutshell...

[evilviper]

DRM depends on proprietary software. You are encrypting a file, then giving the user the key to decode it, while telling the program in question to decode the file, but only allow it to be used in one of a few ways (eg. display PDF, but don't print).

Such a system is untenable with proprietary software (just need to find the right memory address), and absolutely impossible with open source software, as you can simply remove the line in the program that tells it what actions not to allow. (See xpdf). With proprietary DRM systems, the companies just hope it's difficult enough to decipher the compiled code of the proprietary programs, that it takes a while before someone finds the right spots in memory to probe/change, and publishes the details... Then, they make trivial changes to the DRM system, and call it a new, "fixed" version that everyone should start using quickly (before someone figures it out).

The only thing DRM can do effectively, is to prevent the first opening of the file. After you send that first key (eg. via server), no matter what the DRM involved, the user can (trivially) strip the DRM off, and do whatever they want with the unencrypted file.

If that is what you want... I would suggest using public-key encryption to protect the file instead of a commercial "DRM" system. Either PGP or SSL (keys in combination with a password) can make absolutely sure only the intended recipient can make use of the file, even if others obtain copies of it. If you are expecting any more control over what others do with the file, you are simply denying reality.

All that said, here is one open source DRM system: http://www.sidespace.com/products/oggs/ [sidespace.com]

Convince your business not to waste the money.

[jddj]

Here's what's become my business-side take on DRM: don't bother.

DRM systems set the bar too high for honest users who just need to get some work done, and too low for malicious users.

Corporate espionage in mind? Just make screen-captures. That won't work? Digital camera, anyone?

You can't make it work, principally because there's no way to both show and not show the same document to an end user. The security is only as good as your trusted users are.

You can also appeal to reason on financial grounds: the Hollywood studios are extremely motivated to make DRM work, have pored in millions and haven't hit on anything at all that prevents piracy.

If they can't do it, you probably can't either, and should probably focus on differentiating your content by making it sticky and extremely easy to use.

Levels of cryptography?

[sherl0k]

When utilizing something like PGP, why not have multiple levels of permissions? If a user has a password of X, he gets read access, if it's Y there's full access. If you don't have either, you can't even open the document.

I don't know if PGP supports something like this but I don't see how it could be a major failure.

Re:Convince your business not to waste the money.

[Anonymous Coward]

Yeah, Microsoft has two sorts of DRM system - document rights managment (as implemented in MS Office) and Digital Rights Management (all the media protection). This is all about the former, not about the latter.

I agree you cannot stop a determined legitmate user from overstating their boundries; but it can be a backstop to stop a legit user from accidentally forwarding important information to gmail.com. You're trying to help trustworthy users avoid mistakes.

The other situation that I've heard of it is ensuring trustworthy users do NOT use old versions. No matter where or how this old document is, if it checks with the server that this document has expired, the software will not show it to the user. (I can think of companies that abosultely must NEVER use old manuals - drug manufacture, engineering companies etc etc.)

Sure a malicious user could circumvent this, but they know full well they should not.

Re:It's an oxymoron

[david_thornley]

DRM is a twisted variant of crypto. If Alice sends a message to Bob using GPG, Eve can't read it because she doesn't have the key. In this case, Bob is the intended recipient, and Eve is the unintended recipient. In the case of DRM, Alice encrypts software and gives it to Bob. So, if Alice doesn't give Bob the key, Bob can't use the software. If Alice does, then Bob can break the DRM, having both the key and the code.

So, in DRM, Bob and Eve are the same person. DRM is not only socially undesirable, it's sexually perverse.

That is not logical.

[Quebec]

can we produce a black whiteness?
can we produce a filled emptyness?
can we produce a hard softness?
can we produce a rich poverty?
can we produce an Open DRM?

err... not really?

Re:Convince your business not to waste the money.

[jddj]

Sticky as in "get the eyeballs stuck firmly to the content". That could mean a lot of different things depending upon the content that someone's trying to protect.

In the case of a web site, it could mean going from a login business model to an ad-supported model; with your content in the open instead of hidden behind a login, users are free to fall in love with it and return daily.

In the case of an analyst report, it could mean that instead of trying to protect the report to the hilt, you instead use wide adoption of the open report to position your firm as experts in the field, thus to sell seminars, training, consulting.

You can't use stickiness to fix the problem with every type of content (sensitive internal financial documents? Yeah, you probably don't want them sticky, but with or without DRM, what are you doing distributing those to anyone you don't trust completely?)

The idea with stickiness is that you make users adhere to the content, return to your site, your business, etc.

Real World Scenarios

[chill]

Make absolutely certain the drawings being used on the production floor are the correct revision. I mean on terminals on the line. And make sure no one printed a copy for "convenience".

I.E. - Engineers and CAD designers are the only ones that can see pre-production drawings. Pre-production drawings are not accessible from line terminals, only engineering or conference room workstations. Line terminals can not print drawings, though they can print some other things. Line terminals and assembly people can't even open non-production documents.

Considering many electronics assembly shops have people on staff that used to (like, last week) work for a competitor the possibility of moles in real. So, prevent documents from being opened by non-authorized personnel. Prevent drawings from being printed, copied to removable media, etc.

I've had to deal with all of that in a manufacturing environment.

Re:Talk about a contradiction in terms.

[dhavleak]

All DRM tries to work by hiding the Implementation - Universally, it fails.

That's not true. Obfuscation is just one of the layers in any DRM system (and also in security in general). Relying on obfuscation alone is what's bad practice -- not the presence of obfuscation itself.

DRM technologies work on essentially the same principles as PGP. The content being protected will usually be encrypted/decrypted using a symmetric key. This key is then protected using PKI (i.e. the content key is encrypted using each user's private key) -- that's the key management part of it.

I do agree that given the open nature of open source, I don't see how it's possible to come up with a viable DRM stack. I mean, if someone comes up with a working implementation, the code is out there in the open, so it's dirt simple to just take that stack itself, remove all protection mechanisms from it, recompile, and now you can attach debuggers/plugins to your DRM-enabled application to capture the data once it's decrypted.

Re:We call it...

[DHalcyon]

Aditionally, at some point, people will just not put up with that nonsense anymore - with HDDVD players refusing to work with projectors or whatever because one little detail in the HDCP chain isn't exactly right, and other horror stories like this.

The alternative is easier nowadays: Piracy - It Just Works. With sites like ThePirateBay and easy to use Bittorrent clients like uTorrent and the likes, and with fast net connections, pirating HD content is seriously becoming easier for average users than getting it in a legit way.

Re:Why not simple passwords?

[cp.tar]

Passwords can be applied in any number of ways. You can base it on pgp keys, if you want to limit the specific people who have access to the documents; or, you can do a one-size-fits-all solution, just applying a password to a file, and giving that password to those who need access.

Recently I was considering a solution to a professional problem that included some sort of DRM[1], albeit of a temporary sort.

As a part-time translator, I have in several occasions worked for people who got their translations, but failed to pay up. Some of my colleagues have had even worse problems of that sort.

The idea was, if they don't pay, have the file self-encrypt or self-destruct. Of course, since they could easily just copy and paste the contents in a new document, all this is really moot. Actually, the more ideas people suggested, the more things I found to be inherently wrong, avoidable or circumventable.

And it had all started with my friend's story about his friend, who set up the lighting in a night club. When the owner failed to pay up, he drove by on a Friday night, pulled out a remote and turned everything off. Then he was suddenly unavailable for the weekend; when the club owner finally reached him, the guy reminded him that since he failed to pay, he was feeling no pressure to "do the necessary repairs". When he was paid in full, he simply removed the whole circuit, re-connected the stuff and went merrily on his way.
Had the club owner not tried to cheat him, he would never have stepped into that trap; since he had, he did. And I'd like something like that in software: unless you mess with me, you'll never see it.

This differs from the traditional DRM in that it does not presume many copies of the file made; you translate for one client at a time, and just want them to pay up when the job is done. Whatever they do afterwards is none of your business.

I'm still thinking about the ways to implement something like that, but so far I've been out of my depth.
Ah, well. We'll just have to learn to fight another way.

[1] as much as I oppose the very idea.