I appreciate some of the online music stores, such as Google Play and Amazon Music, because these stores give the option to download MP3 files of the purchased music. The MP3 files are high quality and—most importantly—do not contain any form of Digital Rights Management (DRM) system. Having non-DRM files guarentees the playability of the purchased music regardless whether the purchaser switches computer platforms (e.g., from Windows to Linux) or does not have access to the Internet. Even though it is easily possible for the purchaser to distribute his purchased digital music files to the rest of the world—which violates Copyright laws—such possibility of piracy seemingly did not stop music rights holders from allowing Google Play and Amazon Music to distribute non-DRM music files.
The immediate benefit of purchasing non-DRM media files is the maximum freedom granted to the purchaser on how such media files are stored and played. I would like to also explore the other benefit of purchasing non-DRM files from a consumer privacy perspective.
DRM ping home
Most DRM today requires the purchaser to use a specifically approved device with an Internet connection to display the content of the purchased media file. While there are DRMs that do not require an Internet connection (e.g., DRM for DVDs and Blu Rays), most DRM used for downloadable media require an Internet connection to authenticate the purchaser's right to display the media file. From my current understanding, such DRMs require periodic authentication in order for the purchaser to continue have access to the purchased media. Meaning, purchasers cannot simply authenticate his DRMed media once and stay disconnected from the Internet if purchasers choose to do so. An Internet connection is a necessity to access purchased DRMed downloadable media.
I believe there is a compelling argument to be made that DRMs requiring an Internet connection is unnecessarily cumbersome for both the consumer and the media publisher. But I will set aside this argument to explore another one, namely that DRM requiring an Internet connection may introduce unwarranted invasion of privacy for the purchaser.
The privacy issue stems from the lack of transparency on the DRM system. This lack of transparency is driven by the media publisher's interest to withhold information about the DRM system in order to prevent giving aid and clues to third party hackers that specialize in breaking DRM systems. If technical information about the DRM system gets published, the theory is that third party hackers would use such information to quickly develop methods to unDRM media files. Consequentially, media publishers would likely worry that unDRM media files would end up in online piracy networks.
Thus, media publishers have the incentives to not reveal what actually goes on—especially at the technical level—within the DRM system. My issue is that the bona-fide purchaser is required to have the purchaser's device ping the DRM servers to continuously authenticate the right of the purchaser to display purchased media. I wonder, during those pings, whether there are exchange of information that is more than necessary for authentication purposes. Namely, couldn't media publishers use the DRM pinging mechanism to harvest other sensitive meta data about the user that goes beyond a DRM authentication?
Offline vs. Online DRM
Whenever I insert my DVD into a non-Internet connected DVD player, the DRM embedded on the DVD ensures that I am able to display the content of the DVD while having my ability to copy the content of the DVD restricted. Because the DRM does not require an Internet connectivity, the media rights holder have no way of harvesting information about me, including the fact that I am playing the DVD at a particular time.
In contrast, whenever I play my DRM downloadable movie on my smartphone, my phone will ping the DRM servers to make sure that I have the right to display the content of the downloaded movie. By necessity, the DRM server (which acts as an agent of the movie rights holder) will know that I am currently playing a particular DRM movie using my phone device at a particular time. These are the minimal amounts of meta data that the DRM server knows about me with respect to my purchased DRM media.
I can speculate that other data—including information that has nothing to do with DRM authentication—can get transacted during the online DRM authentication. Unless there is technical transparency on the online DRM mechanism, we do not know what other information is being exchanged between our devices and the DRM servers.
If the media rights holder knows about the fact that I played (not purchased) a particular purchased movie, then the media rights holder can utilize the information for marketing purposes to tailor advertisements for me. Furthermore, the media rights holder can even profit off the information by selling meta data from the DRM authentication to other information vendors.
The privacy concern becomes greater if the online DRM authentication harvests information about the purchaser that is clearly outside the scope of the authentication process.
What if the information about the particular model of the purchaser's device gets sent to the DRM server? Then the media rights holder can use that information to estimate the income level of the purchaser merely based on whether the device is a low-end or a high-end device.
What if the DRM server notices that the purchaser's device reside in a pattern of IP addresses? Then the media rights holder can estimate the geographic location of the purchaser.
The point of this essay is to raise concern on the potential impact of continuous online DRM systems with respect to the privacy of the purchaser of online DRM media. With the increased public awareness on electronic privacy in general, this essay hopes that the public discourse also examines the privacy implication of online DRM media.
It's my hope that the media rights holders could adopt a more consumer friendly system that would respect the bona fide purchaser's right to display purchased media without further intrusions.