A New Form of DRM: A Legal and Pragmatic Solution for Protection of E-Books

Print Friendly

For those in publishing, the current big issue in digital rights managements is pretty simple: How can we protect our ebooks with effective DRM while freeing them from being trapped in the closed ecosystems of specific reading devices?

The first obvious question is, would publishers see major losses due to copying and distributing of ebooks that do not have DRM?

Many would argue no. First, DRM is easily cracked. Anyone bent on making a copy and sending it to a third-party will do so regardless of DRM. Second, Apple has demonstrated that publishers don’t need DRM. When iTunes first launched, all files contained DRM. Sometime in the past few years Apple quietly dropped DRM. Rather than diminishing, the market for music through legitimate channels continues to climb.

Thus, there is a good argument that the ebook publishing world can go “non-DRM” without suffering any major losses. Pottormore is famously doing so. In January of this year, Anobii CEO Matteo Berlucchi gave a speech at Digital Book World suggesting that major book publishers should abandon the use DRM.

On the other hand, publishers have a legitimate concern for how they might protect works from copying en masse by counterfeiters or distribution through resale, rental or other aftermarkets. In order to protect their works in this class of infringement, publishers will need to rely on the Digital Millennium Copyright Act (“DMCA”). In order to rely on the DMCA, the publisher must have either technology that is circumvented or copyright management information that is removed. And therein lies my solution.

 

A Legal Solution

What ebook publishers really want to prevent is large-scale file sharing. This is not stopped by DRM. In fact, DRM is futile against large scale file sharing. So, ebook publishers should look for enforcement mechanisms against the intermediaries of large scale file sharing.

There are legal mechanisms for permitting enforcement against used ebook stores, as well as other forms of sharing, renting and reselling of ebooks. The solution that I propose is to use a combination of the existing DMCA rules in order to give a level of protection that is minimally necessary to enforce against used ebook stores, resellers and rental markets.

Publishers need not be afraid of stepping outside of book reader software and devices. In fact, the insistence on heavy DRM by publishers has unwittingly given Amazon power over the ebook market that publishers now regret. Customized DRM on Kindle devices creates a closed system that locks readers in to one retailer, which is potentially far more dangerous to the ebook publishing industry than the threat of piracy, in my opinion. We can free ebooks from DRM software and corresponding hardware and use existing legal mechanisms for enforcement against the worst copyright breakers.

The solution proposed is to create ebooks (in ePub or even PDF) with a watermark randomly placed throughout the book (visible and invisible). The watermark would contain the personal information of the customer who purchased the ebook and a warning not to resell, or distribute the book in any way. The user who purchases such a book will agree to terms and conditions (i.e. a “clickwrap”) that prohibit copying and distribution, as well as a statement that the consumer’s personal information will be prominently displayed on the book as a deterrent from distributing or copying in violation of the agreement.

The point of making a watermark that shows the user’s personal information is to create a disincentive for the user to pass the book along to unknown third parties, deputizing the user to act as a gatekeeper, protecting the book from wrongful distribution. If a file-sharing service or ebook reseller removed the watermark, it could be a violation of the DMCA Section 1201.

The watermark of the personal information could also have the publisher’s serial number embedded. Doing this creates an additional remedy under the DMCA Section 1202, which prohibits the removal of “publisher information” such as serial numbers. (Hat-tip to Cory Verner, who came up with this part of the mechanism. Verner is president of eChristian, Inc., an Escondido, Calif.-based Christian audio-book retailer. He has filed a patent application for the idea.)

The DMCA provides a variety of protections for digital works, such as Section 1201, which prohibits the “circumvention” of “a technological measure that effectively controls access to a work protected under this title.” The DMCA also prohibits the removal of copyright management information (“CMI”) under Section 1202, which includes the work’s title, author, and the copyright owner, as well as certain other “publisher information.”

What makes this “DRM” unique is that the removal of the watermark would likely violate the DMCA’s prohibition on circumventing a technological measure as well as the removal of “publisher information.” While the case law is not clear that this would be considered a circumvention, I present a novel rationale for applying Section 1201 of the DMCA to removal of a watermark.

In previous cases, technologies that are “passive” are generally not considered to “prevent access” under Section 1201. However, I believe that making the user an active participant in the protection of the book, the technology does not operate as a “pass through” the way a username and password would. But, the technology deputizes the user as the means of preventing access to the work by unauthorized third-parties.

This solution will not prevent a user from sharing a book with the user’s family or close friends. But publishers probably don’t want to sue their customers for sharing ebooks with their aunt or sister. Traditional printed books are often shared with family and friends. What ebook publishers need is a way to distribute ebooks with as little hassle as possible, while ensuring that the publisher can sue pirates and stop ebook resale, rental and large scale sharing.

To accomplish this, we don’t need heavy DRM, but something lighter. Why not use a form of DRM that lets the market grow, and reap the rewards of the next technological revolution as the ebook wave brings a massive new volume of sales and sweeps printed books to the side?

Thus, I propose using personal information as a deterrent against wrongful distribution of the book. We can deputize our customers to prevent wrongful distribution. The customer agrees not to distribute the book. If they do, the next reader will see the personal information of the original owner placed throughout the book, both visibly and invisibly. As such, not many users will violate their agreement because they will not want to have their personal information shared with unknown third-parties. Further, if they strip the information, they’re in clear violation of the DMCA.

Readers might “share” book with family and friends who already have their personal information; but they would have been free to do that with a non-digital book in the printed book business. The watermark is likely to confine file sharing to the close family; those with whom the original purchaser has a personal relationship, which is the very type of person with whom paper books are typically shared.

These are the abridged version of my conclusions. I will be publishing a much longer, more detailed piece on the topic titled Digital Rights Management Lite: Freeing ebooks from Reader Devices and Software. Can Digital Visible Watermarks in ebooks Qualify for Anti-circumvention Protection under the Digital Millennium Copyright Act?  (Virginia Journal of Law & Technology, volume 17, Issue 2 (Summer 2012, forthcoming).

Dana Robinson

About Dana Robinson

Dana Robinson is a partner with Techlaw LLP, an intellectual property law firm in San Diego, where he handles copyright, trademark and new media. He is adjunct professor of law at the University of San Diego School of Law.

Related Posts:

19 thoughts on “A New Form of DRM: A Legal and Pragmatic Solution for Protection of E-Books

  1. I think it is equally important for customers to be able to certify that their digital copy is ‘genuine’, i.e. to protect against counterfeiting or malicious modification of the text. In software one of the biggest problems is that counterfeit software is sold to unwitting customers, often at near-market prices. This is arguably worse than piracy, which is often conducted without any financial incentive. In a DRM-free ebook ecosystem, it will be possible for many, many sites to set up shop and sell ebooks very inexpensively. But there has to be a way to identify which retailers are ‘authorized’ and appropriately paying publishers and distributors. Perhaps this could be implemented as a form of digital ‘signing’.

    Customers would still be able to fix typos and so forth in their own copies, and read these with any compatible reading system, but the reading systems could be equipped to detect when signed ebooks do not a valid certificate and alert the customer when something is wrong, just as browsers do when visiting sites with a secure (‘https:) connection. Of course there might be ‘customers’ who don’t care where it came from or if the publishers and authors got paid, but those are the same people who strip DRM and post illegally on sharing sites.

    Both ‘watermarking’ and ‘signing’ would contribute to a sense of ownership for customers, and trust on the part of the entire distribution chain. Piracy will never go away, but it can be marginalized. The problem with DRM as it exists today is that it encumbers legitimate customers with complexity and inconvenience, even as it contributes to ‘overhead’, the cost of which is borne by those same customers. DRM is probably still needed for specialized scenarios such as term-limited licenses (library borrowing etc.).

  2. Imagine this scenario:

    1) Buy a prepaid Visa card at Walgreens, with cash.

    2) Register at Amazon with a fresh Gmail account and an assumed name (perhaps “Ima Cracker”), ideally from a public Wifi connection.

    3) Pirate at will. Remove the watermarks, or don’t. It won’t matter, since there’s no solid connection between the watermark information and the pirate.

    From what I know of such people, not only would they not bother to remove the “This Book Belongs to Ima Cracker” watermark, they would consider it a point of honor. Remember, these are the same people who actually write and insert extra code to ensure that their noms de guerre appear on the startup screen of pirated software.

    I can’t see how this could possibly be effective unless you (e.g.) made the ebook retailers require a photo ID at the time of purchase.

  3. @Tony Hursh you’re missing the point. It’s actually a LOT easier for a hacker to remove the watermark from a book he purchased under his own identity than to go through all the trouble you describe to buy one anonymously. There is no way to allow reading but prevent copying that cannot be circumvented using the most rudimentary hacking skills, period. It’s just not physically or logically possible. The point is to retain the legal means to prosecute large-scale infringers while not punishing and restricting your paying users or giving all the control to the distributor.

    • “You’re missing the point. It’s actually a LOT easier for a hacker to remove the watermark from a book”

      I don’t think so. How do you know there aren’t multiple levels of watermarking, not all of which are public knowledge?

      A wise pirate would remove any possible connection between him and any watermarks, visible or invisible, from the get-go.

  4. Another way around the DRM issue is the model offered by the new website, Unglue.it. With Unglue.it publishers make a fair profit upfront through crowdsourced funding instead of waiting for income to trickle in over time. Unglued ebooks are released under Creative Common licenses and made free to the world. There are many advantages to publishers using this model. Just as Wikipedia open sourced the writing of their encyclopedia articles with much success, Unglue.it and CC licensing enables publishers to open source the adaptation of their eBooks to various cultures/languages and can keep them in the most current electronic formats.

  5. This is hardly an alternative to DRM, since it’s just another locking device and since the DMCA section 1201 provision was written expressly to support DRM. Mr. Robinson’s proposed \solution\ is simply a reinforcement of both DRM and DMCA, which offer little more than a feeder for intellectual property lawyers rather than an effective means of reducing rates of piracy.

    Apple and O’Reilly have already shown that good business models are a better solution than DRM and lawsuits. Remember that copyright is mostly a realm of case law, and publishers need not follow Mr. Robinson down the rabbit hole of intellectual property gaming.

  6. Interesting concept. But you aren’t \deputizing\ customers, you are threatening them. You can’t claim to be using watermarking as \a deterrent from distributing or copying in violation of the agreement,\ and in the next breath make it sound like you are empowering your customers in some way, as the term deputizing implies.

    What you are really saying is this: \We’re going to stamp your ebook with your personal information. If you fail to keep that book secure, your personal information will be disseminated to others (potentially identity thieves).\

    I think customers would respond by trying to find the book elsewhere, which is exactly what drives would-be customers to pirates right now. I certainly don’t want my reading material defaced with a watermark in the first place, least of all with one that contains my personal information.

    • Good argument. It’s akin to making someone sign a binding agreement when going into the book store to purchase a novel. I am not sure how I would take to such an agreement from my service provider. It could even put more people pointing toward piracy, to get away from the ‘binding agreement’…

  7. I have been purchasing watermarked ebooks from Peachpit Press for the past several years. It might be informative to see if someone from that company would comment on their experience.

  8. Thanks for the article, and yes, you have some valid points – if we look at how Apple transitioned away from the DRM nightmare, the music industry has seen mega online growth. Should we treat books any differently? I can understand that a watermark is hard to remove (although you have pirates that print and then rescan using optical character recognition to remove the watermark). I would rather advocate that the publishing industry follow and build on the framework that the music industry has established (though many hard-learned lessons). I am not fully comfortable having my personal details embedded in an e-reader’s books – one for security, e-readers do not have the protection that an antivirus would give, or an encryption cloud solution. They can operate on open wifi networks, and we know how safe these are, and more so, if someone was to steal the e-reader, they would also have my personal details. I truly agree that something needs to be done with DRM, and removing the barrier, but perhaps using my personal information is not the ultimate solution.

  9. Thanks for all of the replies and feedback.

    To comment briefly, the approach I propose does not solve the problem of bad people or so-called piracy. But, neither does full-blown DRM. Just as ePub can be cracked, so can a watermark. However, a watermark, if placed randomly and in alternating places would be more difficult too cover-up, and harder to overcome without a very deliberate effort. It would also be difficult to automate. But again, bad people will do what they will do. A bad person can easily crack an ePub, make it a PDF and share it or sell it. If the current solution(s) used in the market don’t stop this conduct, then why use such cumbersome DRM? The choice is between using something \lighter\ or nothing at all. My argument is that something \lighter\ will, at a minimum, provide a.) a disincentive for the user to just hand out or resell the e-book; and b.) some remedies against aftermarkets, because aftermarkets would be the more likely party removing the watermark.

    As to the personal information, this might be as simple as the user’s email address and name. I, for example, would not sell an e-book with my email address in it, and I would not want to spend the time to remove my email address just to make a few dollars on a resale of the book. Thus, I have been given an incentive to be honest and a disincentive to be dishonest. The reward of cheating is not worth the hassle.

  10. Another point that is often not even considered when DRM is discussed is that other parties besides just publishers care about DRM. For example: font foundries. My company has been going through lots and lots of font licenses lately in an effort to be sure we’re completely legal in all of our font purchases and usage. And a large number of the big foundries are requiring us to be sure we use DRM on our e-books (mostly this applies to ePDFs, which are still alive and well, surprisingly). For e-pub, we try not to use embedded fonts if at all possible, but occasionally we need to do so to maintain a specific look and feel. Yes, we realize that DRM can be broken easily, but in order to be compliant with our font licenses, we must make sure that our content continues to use DRM. I personally am not a fan of DRM, but this is just another example that I wanted to point out – it isn’t just publishers that have a supposed vested interest in DRM and publishers may be forced to continue DRM by outside forces such as font foundries, etc.

  11. I found this recently and thought it was worth adding by way of comment.

    DBW reported a March 29, 2012 letter from Hachette UK group CEO, where he addressed DRM:

    DRM and File-Sharing: DRM (Digital Rights Management encryption, on which we insist) divides opinion. Our view is that the advantages greatly outweigh any perceived disadvantages. While DRM cannot prevent file-sharing by the most determined pirates it can and does act as a brake on the casual sharing of files and, in the overwhelming majority of cases, it works in the background without causing problems for anyone.

    http://www.digitalbookworld.com/2012/hachettes-uk-group-ceo-reflects-on-state-of-the-industry-prospects-are-exceptional/

    If DRM is acknowledged to be futile against file sharing, and is only used as a “brake” against “causal file sharing” then a DRM Lite type solution should be embraced by the industry.

  12. Just to let people know we currently hold the patent on this product already. We have been in development of this solution with other safe guards in place, such as, cyphering the RAW data to prevent Privacy issues coming up in the courts which could circumvent the legal process. Also the reason we have chosen to use a cyphering method to encrypt the data is so that hackers could not alter or replace the customer information with an innocent persons name and address.

    Because we can go as deep as 7 levels and greater with this cypher this also means it will take them 6 months or more to crack one level of the cypher. See demo: http://goldmarc-solutions.com/?page_id=350
    The point is this. When we developed this product we came to the same conclusion as the author but in the process of developing this product we also felt making it a server based solution was better than a stand-alone plugin. If you see the demos we have on the site we have been successful in embedding the customer data, the website info and also the producers information leaving no doubt in the courts mind who distributed the digital media.

    Again, because we are using a cypher this also means that they will have to crack each cypher before they can obtain the RAW data that is hidden in the file. Accountability was the goal and that is why we focused on that more than DRM which is flawed in any means of deterring sharing of digital and intellectual works on the internet.

    One other point, because it is database dependent this also means that the wide spread use of this method can be used with medical records, financial records, verification of authenticity, etc. We also have plans of using this method in the Wal-marts and Red boxes so because it is a server based solution we can apply this technology to even hand held devices.

    If you have any further questions about our products for anti-piracy please feel free to call or email us.

  13. Can I simply say what a comfort to find someone who truly knows what they are talking about on the web.
    You certainly realize how to bring a problem to light and make it important.

    More and more people need to read this and understand this side of the story.
    I was surprised that you’re not more popular since you certainly have the gift.

  14. Hello! I just wanted to ask if you ever have any trouble with hackers?
    My last blog (wordpress) was hacked and I ended up losing several weeks
    of hard work due to no backup. Do you have any methods to prevent hackers?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>