In praise of Digital Rights Management

Document security systems could benefit us all, if we stop seeing them as the enemy

Here's a challenge for the open source community: Figure out how to get DRM (digital rights management) working, and working well.

Oh, I can just hear the protests now. Heresy, you say? And you, in the back -- "Information wants to be free"? Is that what I'm hearing?

Well, so what? Children want to stay up until midnight, eating candy.

Free exchange of information is a noble ideal, and it's certainly in keeping with the core principles of open source. But any sensible person should know that there's plenty of information out there that, although it may want to be free, definitely shouldn't be.

Clouding the issue is the fact that most of the ado about DRM has centered on digital media. The recording and motion picture industries are edging closer to the idea of offering their wares to consumers in network-distributed file formats, but they're terrified. Distributing files without copy protection, they figure, will only add fuel to the p-to-p fire that's already raging across the Internet. To them, it's DRM or nothing.

That idea has a lot of consumers up in arms because of what it will mean for them. Yesterday, they could walk into a music store, buy a CD, and have a physical object that they could keep. They could make a backup of it, loan it to a friend, or donate it to a library. In the DRM-enabled future, however, they won't own anything. All they'll get when they download a DRM-protected song is a license to play the media -- a license that could potentially be revoked in a month, a year, or whenever their subscription runs out.

To these consumers, DRM is a scourge. It takes away consumer rights, they say, for the sake of bolstering a flawed business model that doesn't reflect the realities of the digital age. And maybe they're right. But to that I say: Don't hate the player, hate the game. Or, put another way: Deride the business model, but don't discount the technology.

Leaving aside the digital-music issue, every business, and indeed every consumer, has information they want protected. Trade secrets are the obvious example. But closer to home, think of your employee records, your personal health care history, or the estimated 40 million credit card numbers that were exposed in the CardSystems Solutions security breach in June.

The thing about these kinds of records is that, in fact, they need to be shared, albeit in a controlled way. Your insurance information should be available to some parties, for example, but not to others. You don't want to give it out willy-nilly. You want to license it. All that's missing is a software infrastructure that would let you do that in a way that's explicit, granular, and secure. DRM would provide such an infrastructure.

Meanwhile, a few very powerful corporations are narrowly fixated on controlling DRM to corner the market for access controls on digital media. That's probably bad for consumers, but more importantly, it's bad for DRM.

This is an ideal opportunity for the open source community to step in. If we could only put aside our righteous indignation, we could start working toward a DRM technology that will benefit all of us. We've been so caught up in thinking of DRM as a tool for evil that we haven't begun to consider all the ways it could be used for good, in the right hands. Our hands, for example.