The German Ministry for Education and Research (BMBF) established a line of research funding called "Innovation and technology analysis" (ITA). The publication reviewed here is the outcome of such a sponsored project on DRM (cf. ITA-BMBF). Project partners were the Fraunhofer Institute for Digital Media Technology (IDMT), a data protection agency (Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein), and a university (Technical University Ilmenau). The title privacy4DRM tells about the main focus of the project: to investigate privacy with respect to existing e-commerce platforms relying on DRM systems. The cases analysed are:

  • Apple's iTunes (Fairplay),
  • T-Online's Musicload (Windows Media Rights Manager WMRM),
  • Sony's Connect-Europe (OpenMG),
  • Bevision-Shops (based on the PotatoSystem), and
  • Adobe's Digital Media Store (PDF).

In addition to the techno-legal privacy analysis performed, the study also attempts to provide a broader explanation why the dominant business model in online music markets based on strong DRM does not work.

In the following the review will present first the structure of the study, second the main findings of the privacy analysis, and third the main arguments of the more general reasoning. Finally we will discuss the findings. As the study (Bizer et al. 2005) is in German, I will also draw on two related articles in English (published in the Axmedis proceedings: Grimm 2005, and Will 2005). A short article by Bizer et al. (2006), which resumes the study in 6 pages, has also been considered for this review.

Overview of the study
Chapter 1, the introduction, explains the objective of the study: to come up with a catalogue of criteria for user-friendly and privacy-conforming DRMS, to be applicable not only to the music market, but also to other markets like the educational market. In the introduction you also find an outline of the legal framework of privacy and copyright.

Chapter 2 on "methodology" sets out the legal, economic and technical criteria to be applied, and sketches how the interdisciplinary analysis was performed. On the one hand data flows and traces were tracked down and checked if they conform with the criteria of privacy. On the other hand the economic analysis of the download platforms addressed the value propositions for consumers, the revenue and business models of the content providers, and transaction costs from both points of view, the consumers' and the businesses'.

Chapter three to seven describe the 5 services chosen (see above) and present the findings of the different analyses one by one. Chapter 8 gives an overview of these findings.

Chapter 9 called "mission" contains what might be better termed "conclusions", as the findings are discussed here at a general level addressing policy issues, and proposing more consumer orientation and more user-oriented DRM systems design.

The last chapter is titled "recommendations for action". The first part of this chapter discusses if and how the results derived from the music market can be applied to the areas of education, learning, and research. While the same rules may apply for e-learning materials such as books, music, and video, interactive learning tools clearly need different types of access and usage control comparable to those for computer games and interactive software (Bizer et al. 2005, p. 204f).

The second part of chapter 10 comes up with six topics deserving further research: (1) new distribution models and new services are still lacking appropriate protocols and infrastructure concepts; (2) new distribution models for digital libraries, educational publishing, and research publications are particularly challenging in this respect; (3) economic research on incentive models for new distribution models is needed; (4) comprehensive risk management of DRM-systems is still lacking; (5) it is still an open question how to implement pseudonymity concepts in DRM systems and how to legally frame them, and finally (6) the idea of "privacy labels" (Datenschutzgütesiegel) is put forward.

DRM and privacy
The most innovative aspect of the study is in my view its scrutiny of data flows taking place and data traces being produced when using DRM systems. In order to analyze DRM systems, the authors use a privacy model which is in line with the European data protection directive (EU 1995; Grimm 2005, p.108) and also conforms with corresponding national regulations. The result of this analysis is that state-of-the-art DRM systems "collect more personal data from their customers than necessary to fulfil the purchase service. There are many hidden interfaces, both by encoding personal data within the products, and by linking clickstream data with contractual data" (Grimm 2005, p. 112).

Even if knowledge about customers may be used exclusively to improve the service, the fact that e-content providers hide their actions to consumers, shows a lack of trust, which in turn leads to a lack of trust on the consumers' side when they become aware of this. A particularly disturbing finding is the encoding of personal data within digital products. This action is again intransparent to the customers. In other words, forensic DRM, meant to trace illegal behaviour, is added to the DRM system. As the authors put it: "… most shop systems which use DRM, do not trust the built-in mechanisms of DRM to enforce the usage rules in the end-user devices. Therefore they use the trace method as a second line of defense. They collect data to identify users, not only for business purposes, but also to link products to their buyers in order to identify the origin of products in illegal environments." (Grimm 2005, p. 108; Bizer et al. 2005, p. 198). The good news if you like: there was no proof that the investigated systems collect data about individual usage patterns. If this were the case it would clearly violate existing privacy legislation (Bizer et al. 2005, pp. 183, 192).

A pro-active, transparent policy by the content providers involving the consumers could alleviate the situation to a certain extent. The situation could be further improved by implementing pseudonymity options, as many marketing purposes don't require information about the persons using a service (Bizer et al. 2005, p. 200). A third measure proposed to increase trust are "privacy labels" guaranteeing that the DRMS is respecting privacy. This approach might be highly interesting for those in favour of conformance testing like the Transatlantic Consumer Dialog (cf. their DRM declaration with respect to privacy; TACD 2005).

Assessing "state-of-the-art" DRM systems
As stated above the study also aims to assess what they call "state-of-the-art" DRM systems in the context of music markets. I will try to boil down their reasoning to 10 points.

1. No doubt, a balance is needed between the right of creators to obtain remuneration for their creative work, and the interests of end-users and the public.

2. In the currently dominating business model content is to be sold analogue to physical goods, i.e. as a digital object. DRM is meant to enable the old business model by protecting the digital object.

3. In order to achieve this, "classical" DRM couples content, client, and device (Bizer et al. 2005, p. 181). To get access to purchased content, the end-user now has to legitimize himself or herself to the digital object. Furthermore DRM systems add data collection to copy protection. On top, as a second line of defense, forensic DRM using personal data is added to strong copy protection (p. 188, 191). As an important aside the authors argue, that assuming personalisation of content (forensic DRM) is already a matter of fact, the request of content providers to get a right to get personal information from the ISP appears excessive and unnecessary (p. 182).

4. The way DRM systems are designed and implemented is contrary to a basic principle of IT-security, namely that the party interested in the protection must have the means to enforce the protection. This is difficult in the case of DRM systems, because the mechanisms to enforce the protection are located on the end-user's side. Ultimately he or she is sovereign of the computing device (p. 17). Cooperation can not be expected and circumvention is a reality – in particular if the value proposition for end-users is poor.

5. The lack of acceptability of protected content is due to at least three shortcomings of current DRM systems:

  • (1) immature technology excluding even uses foreseen by the providers (e.g. playing a CD at home and in the car; p 197f),
  • (2) DRM systems not respecting either fair use or allowing for the copyright exceptions granted by law (p.197), and
  • (3) non-interoperable technology putting the burden on the consumers having to implement and purchase multiple tools and devices to get what they want (p. 197).

6. The lack of acceptability of protected content is due also to a defective trust relationship between business and consumers. Forensic DRM, when performed in an intransparent way, and anti-piracy campaigns criminalizing customers undermine trust.

7. The authors assert that existing music download platforms using DRM-systems are in reality not a success (p. 193-195) – not even iTunes.

8. Consumers are supposed to decide whether to purchase legal content on the basis of an transaction cost calculus. "The customer is willing to pay for the avoidance of expected transaction costs when downloading illegally. He is not willing to pay for the usage of the data" (Will 2005, p. 99).

9. Within the current paradigm the situation can be improved, if DRM systems are designed conforming to privacy principles, with increased end-user involvement, more user-friendly design, and with greater interoperability.

10. However this cure might not be enough and alternative business models and revenue models need to be developed, focussing on services. People would be willing to pay for added value (recommendations, preview etc.). Users might also accept collection of personal data if they get in turn more individualised services. Content providers should actively involve end-users providing them with more options and choice what usage rights to obtain. Under these conditions, new services based on "user-oriented DRM" (p. 199) are more likely to be accepted.

While old DRM seems to be the illness it purports to cure (adapted from Karl Krauss, the Austrian writer's famous sentence about psychoanalysis), new user-oriented DRM seems the healthy way out. By and large I share the reasoning presented, and indeed INDICARE has always pointed to the shortcomings of the old business model and the potential of new business models (cf. e.g. INDICARE 2004). However I would like to add six remarks to enrich the picture drawn by the authors.

1. With respect to transparency and user involvement requested, when it comes to data collection and privacy, I would go even further and stress the potential of combining DRM and PET (privacy enhancing technology) as Korba and Kenny (2002) have done in their seminal paper "Towards meeting the privacy challenge: Adapting DRM" (cf. also Tóth's introduction to Privacy Rights Management (PRM) in the INDICARE Monitor 2004).

2. I would not underline that legal download platforms can't be a commercial success. Although the IFPI:06 Digital Media Report's message "legal online buying is catching up with illegal file-sharing" contains a considerable portion of wishful thinking, the strategy of the music industry combining law suits against P2P file sharing services, legal actions against individual uploaders (ca. 20.000 in 2005, cf. IFPI 2006, p. 18), threatening campaigns, deteriorating quality of content on filesharing servers, and improving their own offerings in terms of scope and interoperability should not be underestimated. There is no a priori that the big players of the music industry must fail.

3. I can imagine new service oriented offerings ruled by somehow transparent DRM. I can also see that these might be perceived as a "fair deal", thus increasing the acceptance of those services. But would this change the basic flaw of DRM as pointed out by the authors themselves, namely that DRM systems are not in line IT-security principles (see point 4 above)?

4. While I see the potential of new business strategies where you pay for added-value and not for content, I doubt if this model does justice to creators, and I am afraid that this approach might also help to erode the foundations of copyright and creative works.

5. An important reason why consumers behave illegally and why people feel so uncomfortable with DRM is not mentioned. Restrictions imposed by DRM violate the consumers' sense of ownership. The intuitive understanding of "property" is linked to ideas such as long term possession, unlimited use and the right to resell. Remember Thomas "If men define situations as real, they are real in their consequences" (the so called Thomas theorem). The fact that property rights with respect to digital goods imply a change from ownership to rights of disposal (licensing) is obscured even by the content industries themselves still suggesting that you buy music when you pay for it. This argument has been elaborated in an INDICARE Monitor article about the mind-set of pirates(Böhle 2005).

6. The authors introduce type of homo oeconomicus who calculates transaction costs when looking for content (see point 8 above). This argument has to be differentiated based on the previous remark, and furthermore because empirical research tells us that consumers are willing to pay for content itself if the payment (or a considerable share of it) goes to the creators themselves (cf. Madden 2004; see also Regner and Barria 2005). Consumer behaviour is obviously more value-oriented than expected. You may play the David-Goliath-game, while at the same time respecting creators. Research into piracy (see point above) also indicates that the social reputation to be gained from savvy filesharing within groups is rather important.

Bottom line
The most innovative aspect of the study is in my view its scrutiny of data flows taking place and data traces being produced when using DRM systems, combined with concrete ideas on how to improve the situation: by transparency, pseudonymity options, and "privacy labels". The general reasoning on DRM has very strong points like the contradiction between DRM systems and IT-security. Consumer behaviour, however, seems to be modelled in a too abstract fashion disregarding social factors.


About the author: Knud Böhle is researcher at the Institute for Technology Assessment and Systems Analysis (ITAS) at Research Centre Karlsruhe since 1986. Between October 2000 and April 2002 he was visiting scientist at the European Commission's Joint Research Centre in Seville (IPTS). He is specialised in Technology Assessment and Foresight of ICT and has led various projects. Currently he is the editor of the INDICARE Monitor. Contact: + 49 7247 822989,

Status: first posted 22/02/06; licensed under Creative Commons