Guilty until proven innocent - DRM the mobile phone way

Trying, but probably failing, to make phones pigopolist-friendly

  • alert
  • submit to reddit

Designing a Defense for Mobile Applications

Digital Rights Management on mobile phones hasn't so far been much of an issue, but with highly capable multimedia devices and mobile music download services starting to appear, that is going to change. And the bad news for the consumer is that the phone industry appears to have learned from the PC business, where DRM can still be resisted because you still have a choice. Handset manufacturers and mobile phone networks, on the other hand, have a power beyond Microsoft's wildest dreams, because they really can outlaw non-DRM compliant devices. Up to a point.

The most widely deployed DRM system so far is the Open Mobile alliance's DRM system, which in its most basic form is fairly simple to get around, but which takes an interesting 'guilty until proven innocent' to content ownership. It's actually present in a wide range of handsets but most manufacturers aren't making a great deal of noise about it. Finally unveiling the Sendo X a few weeks back though Sendo did 'fess up, but although this will probably result in DRM being covered in quite a number of Sendo X write ups we should stress here that Sendo is actually better than many other companies because it's prepared to talk frankly about the issues.

You can demonstrate the guilty until proven innocent matter fairly simply with an OMA-compliant handset and yes, El Reg did indeed use a Sendo X, but it'll work with a slew of other handsets too. Take a small file you know you own and have a right to use on multiple platforms, (.smf, .rmf, .jar, .mrv, .mm, .awb, .cvg, .sis, .c3d, .opl, .wbmp, .bmp, .ngd), any of these extensions will do, and send it from your computer to your mobile phone. A .bmp mailed via Bluetooth demonstrates the effect nicely.

You can view (if it's a bitmap, that is), the file on your mobile phone. Now try to send it back to the computer, and get very confused because there is no send option available for the file. As a control you can send a file that doesn't have one of these extensions (send yourself a text file), and you'll find that this does have a send option. This is the OMA file-blocking list in action. No actual ownership rights are being associated with the files, as you'd expect to be the case with more sophisticated grown-up DRM on PCs, the phone is simply assuming that all of the file types on the content list are not owned by the mobile phone owner.

At this level the files are not actually encrypted, so a workaround is to use a third party Symbian file manager, FileExplorer, free from Handango, is one, in order to sort yourself out. Files are also transferrable via memory cards, presuming the phone has one. Mobile phones being things that ship in tens of millions, however, the majority of users won't be immediately aware that you can do this, so the networks, who are pushing hard for manufacturers to deliver DRM in handsets, won't be losing a great of money from copied ringtones and warezed widgets.

The other leg of OMA DRM 1.0 applies to content sent to the handset by vendors of some description (i.e. the network itself or third party software vendors). Content is encrypted on the handset using the the handset's IME number, so it becomes unique to that particular piece of hardware and unusable everywhere else. Nokia's OMA DRM FAQ explains as follows:

"Forward-lock is a simple mechanism which prevents content leaving the phone. This provides a basic copy protection to protect the rights of content owners.

"Combined delivery is similar to forward-lock, but additional usage rights can be added to the content, for example use only once or use for a week. This allows the previewing of content, or the adoption of a various new business models, by applying different usage rights.

"Separate delivery is similar to combined delivery but with added security. The content is delivered as encrypted files and separately from the usage rights, which are delivered via a different channel. Separate delivery also enables the super-distribution business model, in which DRM protected content can be sent from phone to phone. An example of this could be sending the content as part of a MMS to a friend - the receiver of the content can then 'acquire a license' to get a preview or to buy the content. This viral marketing is potentially a very powerful concept."

That last paragraph is worth reading a couple of times, while you digest its appeal to the networks' greed glands. Not only does it stop your villainous customers stealing stuff, it also induces them to market your stuff for you. Yum.

What happens when the villainous customer's handset breaks and they have to get a new one with a new IME number? Well, that will depend, but given how user friendly outfits in this particular industry tend to be when something actually goes wrong, customers will frequently find themselves being presumed guilty. It'll be like trying to get a computer software company to believe that you really have taken six goes to get it running on the one machine, but much worse. According to Sendo it'll depend on the vendor's attitude, but you'll likely be OK with Handango or Sendo's own shop, which is run for it by Handango. In general, says Sendo's Ron Schaeffer, "the chances are they will agree to give you an additional code. But there's nothing we can do to get around that right now, although there's couple of ways we're looking at for the future."

But it's worth thinking about how this kind of regime will apply to the people who tend to buy their handsets outside of contract and switch SIMs around in them. Your chances of getting your bought content to run on your new handset will be a lot greater if you're upgrading with the vendor you got the old handset from, you're under contract, and you've bought the content via the vendor network's approved route. That is, the network's control of you will tend to be extended, and users will tend to get stuck into the network's preferred walled garden. You can see a situation developing where the audio and video industries, currently dubious about the PC business' ability to keep control of 'their' content, start to view the mobile phone industry as a far more convincing prospect.

OMA DRM 1.0 is however really only a short term measure with a reasonable level of effectiveness in controlling copying of low value stuff like ringtones, while the OMA DRM 2.0 spec, announced earlier this year, is intended to apply to higher value content such as music and video. This will allow networks and content vendors to, they hope, derive vastly increased revenue from selling new singles to the youth market. Phones like the Sendo X are absolutely ideal platforms for this, with high quality audio reproduction and a goodly amount of expandable storage. Why would you need a solid state MP3 player when you've effectively got one in your mobile phone? Why, indeed, would you need an iPod?

Ah, but this is the point where it gets interesting. Currently the mobile phone industry benefits from having vast quantities of users who know next to nothing about the hardware they're using, and content that's too cheap to be worth putting much effort into stealing. The Register, for example, is pretty sure it's easy to steal ringtones, but we figure if it takes more than three clicks (which we think it probably does) then we can't be bothered. However, if you think about the vast majority of PC owners then they know next to nothing about the hardware they're using too. But they do very frequently know how to rip CDs and fileshare MP3s. Now, why would that be?

Once you've got mobile phones that are effectively MP3 players on the market, you can surely anticipate precisely the same pressures to be exerted on the market as are currently exerted on the PC market. People, no matter how untechnical, will rapidly discover that their MP3 collection can be transferred to their mobile phone (and anybody putting out a phone/player that won't play them might as well issue their sales team with silver handbells), platform-locked content sold via 'official' channels will become unpopular, and a few independents will be perfectly happy to sell unlocked content over the web to all and sundry.

Just as soon as it's selling something that has value the phone industry will be in precisely the same tricky situation as the PC industry, trying to figure out how to get people to buy devices that will only run DRMed content, and not coming up with any convincing answers. And it's quite probably worse when it comes to the mobile as permanently connected multimedia device. If you think about what the newer phones actually are, then they sound a lot like the fabled "BluePod" that The Register's own dear Andrew Orlowski would like so much to exist. They play music, they can hold a reasonable quantity, and they have Bluetooth for local area filesharing. So in principle they provide an even better platform for social sharing of content than PCs, which tend to need plugging into walls or are too big to fit into your pocket. And if the approved software plays hide the 'send option', then unapproved software will become swiftly popular. Interesting times ahead. ®

Related links:

Universal mobile phone DRM tech ready for prime time

Java and DRM key to mobile ambitions

Grassroots hackers create file-swapping wireless iPod


HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
Scotland's BIG question: Will independence cost me my broadband?
They can take our lives, but they'll never take our SPECTRUM
Bring back error correction, say Danish 'net boffins
We don't need no steenkin' TCP/IP retransmission and the congestion it causes
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
Samsung Z Tizen OS mobe is post-phoned – this time for good?
Russian launch for Sammy's non-droid knocked back
Telstra to KILL 2G network by end of 2016
GSM now stands for Grave-Seeking-Mobile network
Seeking LTE expert to insert small cells into BT customers' places
Is this the first step to a FON-a-like 4G network?
What FTC lawsuit? T-Mobile US touts 10GB, $100 family-of-4 plan
Folks 'could use that money for more important things' says CEO Legere
prev story


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.