Ever since Napster created a stir by offering free music to anyone who had the patience to download it, the entertainment industry has been up in arms. Partially as a result of the publicity surrounding Napster, music and video companies have latched on to countless technologies to prevent unauthorised access to digital content.
What's at stake? Billions of dollars. Forrester Research in Cambridge, Mass., predicts that record labels alone will lose more than US$3 billion by 2005 due to online piracy. Add that to the potential dollars that could be lost by the TV, movie and video industries, and the numbers become staggering.
For entertainment companies, the financial - not to mention organisational - pain of implementing these preventive technologies is offset in spades by the promise of protection. But entertainment companies aren't the only ones with digital content worth safekeeping. Many large corporations have documents and media files - catalogues, technical support files, training videos and financial briefings - that they'd like to share, but only with authorised viewers.
"The current crop of encryption tracking tools is designed to protect copyrights for content with high value, and that certainly fits the description of much of the intellectual property in corporations," says Mark Walter, an analyst at Seybold Publications in Media, Pa. "Corporations have a vested interest in constraining what recipients do with the documents sent to them."
But despite claims by a bevy of anxious digital rights management (DRM) vendors that tout significant expansion plans into the Fortune 500 market, the technology is taking longer to infiltrate corporate America - outside of the entertainment industry - than some expected. That may be about to change, however. According to IDC of Framingham, Mass. (a sister company to CIO's publisher, CXO Media), the content security market will grow by more than 71 percent each year to US$952 million in 2004.
DRM Unplugged
Companies can implement DRM technology in either an online or offline environment, depending on the needs of the company. In the online scenario, valid users download heavily encrypted files with a secure password. In the offline scenario, valid users receive a unique "key" that unlocks the content, whether they downloaded it or have it stored on a CD or other media. The keys are encoded to allow users to access only the data for which they have paid or for which they have been given rights.
Tools for such content controls abound. LockStream in New York City, Microsoft's Windows Media Rights Manager, SecureStreams of San Mateo, Calif., and Seattle-based Widevine Technologies all provide tools to control viewing and distribution through websites. Other vendors, such as Bethesda, Md.-based ContentGuard (which was spun off from Xerox and is partially funded by Microsoft), have developed a suite of DRM products. In the offline world, technologies like those from InterTrust Technologies in Santa Clara, Calif., "wrap" audio in a protected layer of software that ensures that it can be played only by the buyer.
But companies hoping to implement DRM protection may never see these vendors; instead they'll turn to content delivery service providers to meet their DRM needs. Companies such as London-based Magex and Reciprocal Publishing of Buffalo, N.Y., provide protection of digital content and copyrights in concert with secure payment, distribution and financial services. Using the application service provider/business services provider model, they integrate technology from companies such as InterTrust, LockStream, Microsoft and Widevine into their products.
Branching Out
While the bulk of today's DRM marketers focus their efforts on attracting the likes of entertainers like Britney Spears and Sony Pictures, some of these same technologies will prove useful for Fortune 500 companies outside the entertainment field.
"At its core, the technology is agnostic when it comes to the type of media it's dealing with," insists Scott Searle, founder of LockStream. Searle says his company plans to focus on corporate communications as well as the health-care, insurance and legal markets.
Other potential uses in the corporate arena include dissemination of training and other proprietary documentation. A training system, for instance, might allow only authorised users to view sensitive documents and videos in a secure manner. Product manuals could be digitally assigned to individual customers. Proprietary pharmaceutical documentation might be securely distributed only to critical suppliers of specific drugs.
But that's all in the future: The market embracing DRM technology today is publishing - a market that shares many of the same concerns as the music and movie industry. More and more publishers are turning to DRM technology to deliver electronic books securely.
The growing popularity of e-books prompted New York City-based trade publisher HarperCollins Publishers to turn to DRM. By instituting content security technology, HarperCollins can more easily sell books in electronic format throughout the world.
"Our biggest issue was protecting copyright, because we don't want people accessing things they haven't paid for," says David Steinberger, HarperCollins' president of corporate strategy and international.
After considering their options, company executives chose to outsource not only the content security but also the technology management and fulfilment to two companies: tech- and DRM-oriented Reciprocal and publishing-centric Lightning Source of La Vergne, Tenn. Using this model, HarperCollins creates the electronic book, adding additional features to the electronic version to make it a more compelling product than the print version. Reciprocal or Lightning Source then wraps the content file with the DRM technology of the intended e-book reader software. By wrapping the e-book in encryption technology, the content becomes associated with a set of rules defining what a consumer can and cannot do with it. For example, some copies may allow copying of specific passages while others may remain totally protected.
For Employee Benefits Institute of America (EBIA), which sells 1,000-page manuals on 401(k) and COBRA plans, and other employee benefit issues, DRM technology has been a godsend. In addition to allowing customers - corporate benefits personnel and attorneys - to search and navigate the manuals more effectively, it has afforded EBIA executives significant peace of mind.
"The only way a customer can access the document now is by getting the electronic key from InterTrust," explains Tom McCormick, director of the Seattle-based organisation. "If someone tries to give the PDF file to someone else, they will find that they can't open it. They will get a notice saying that if they want to buy it, they have to go to the InterTrust site and pay for it."
Initially, McCormick was concerned that although the electronic documents were secure, customers could get around the issue by printing the documents in hard copy and giving them to unauthorised users. To solve that problem, EBIA includes a watermark on each page that is visible on the printed copy but invisible on the screen. Although the watermark does not prevent people from printing, it stakes a claim on the manual's copyright.
McCormick wants to capitalise on the technology to increase revenues. This summer, the organisation plans to include a sample chapter of its additional titles on each document ordered. "That way, people can click on the sample chapter, and if they like it they will be directed to go to the InterTrust site and buy it. It offers a nice marketing strategy," he says.
Slow Start
Despite early adoption by a handful of nonentertainment companies, implementation of DRM technology in the corporate sector has gotten off to a slow start. One reason, Walter surmises, is that the technology is still fragmented and somewhat immature. "I don't think you'll see widespread adoption in the corporate market until the bugs are ironed out," he says, including nuisance plug-ins required for many secure downlands and the lack of standardisation for DRM technology in general.
But standards may be on the way. ContentGuard, Microsoft and Xerox are working to establish XrML (extensible rights markup language) as a standard for all forms of digital content. Meanwhile, IPR Systems of Milsons Point, Australia, is developing open digital rights language (ODRL), an open DRM standard that is currently being evaluated by the World Wide Web Consortium.
Despite the hurdles, the next wave of adoption has already begun. In January, Magex announced a major push into the financial, insurance, government, health-care and law markets, while Reciprocal recently signed its first Fortune 50 client, although the company declined to name the customer. And SecureStreams struck a deal with the International Olympic Committee for the 2004 Olympics. By adding SecureStreams technology to the committee's website, it will be able to deliver video over the Internet to authorised users only, like NBC.com and Olympics.com.
And as standardisation issues are worked out and more corporations seriously weigh the risks of not implementing rights management technologies, more Fortune 500 companies are bound to take the plunge.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.