Guilty until proven innocent - DRM the mobile phone way
Trying, but probably failing, to make phones pigopolist-friendly
Digital Rights Management on mobile phones hasn't so far been much of an issue, but with highly capable multimedia devices and mobile music download services starting to appear, that is going to change. And the bad news for the consumer is that the phone industry appears to have learned from the PC business, where DRM can still be resisted because you still have a choice. Handset manufacturers and mobile phone networks, on the other hand, have a power beyond Microsoft's wildest dreams, because they really can outlaw non-DRM compliant devices. Up to a point.
The most widely deployed DRM system so far is the Open Mobile alliance's DRM system, which in its most basic form is fairly simple to get around, but which takes an interesting 'guilty until proven innocent' to content ownership. It's actually present in a wide range of handsets but most manufacturers aren't making a great deal of noise about it. Finally unveiling the Sendo X a few weeks back though Sendo did 'fess up, but although this will probably result in DRM being covered in quite a number of Sendo X write ups we should stress here that Sendo is actually better than many other companies because it's prepared to talk frankly about the issues.
You can demonstrate the guilty until proven innocent matter fairly simply with an OMA-compliant handset and yes, El Reg did indeed use a Sendo X, but it'll work with a slew of other handsets too. Take a small file you know you own and have a right to use on multiple platforms, (.smf, .rmf, .jar, .mrv, .mm, .awb, .cvg, .sis, .c3d, .opl, .wbmp, .bmp, .ngd), any of these extensions will do, and send it from your computer to your mobile phone. A .bmp mailed via Bluetooth demonstrates the effect nicely.
You can view (if it's a bitmap, that is), the file on your mobile phone. Now try to send it back to the computer, and get very confused because there is no send option available for the file. As a control you can send a file that doesn't have one of these extensions (send yourself a text file), and you'll find that this does have a send option. This is the OMA file-blocking list in action. No actual ownership rights are being associated with the files, as you'd expect to be the case with more sophisticated grown-up DRM on PCs, the phone is simply assuming that all of the file types on the content list are not owned by the mobile phone owner.
At this level the files are not actually encrypted, so a workaround is to use a third party Symbian file manager, FileExplorer, free from Handango, is one, in order to sort yourself out. Files are also transferrable via memory cards, presuming the phone has one. Mobile phones being things that ship in tens of millions, however, the majority of users won't be immediately aware that you can do this, so the networks, who are pushing hard for manufacturers to deliver DRM in handsets, won't be losing a great of money from copied ringtones and warezed widgets.
The other leg of OMA DRM 1.0 applies to content sent to the handset by vendors of some description (i.e. the network itself or third party software vendors). Content is encrypted on the handset using the the handset's IME number, so it becomes unique to that particular piece of hardware and unusable everywhere else. Nokia's OMA DRM FAQ explains as follows:
"Forward-lock is a simple mechanism which prevents content leaving the phone. This provides a basic copy protection to protect the rights of content owners.
"Combined delivery is similar to forward-lock, but additional usage rights can be added to the content, for example use only once or use for a week. This allows the previewing of content, or the adoption of a various new business models, by applying different usage rights.
"Separate delivery is similar to combined delivery but with added security. The content is delivered as encrypted files and separately from the usage rights, which are delivered via a different channel. Separate delivery also enables the super-distribution business model, in which DRM protected content can be sent from phone to phone. An example of this could be sending the content as part of a MMS to a friend - the receiver of the content can then 'acquire a license' to get a preview or to buy the content. This viral marketing is potentially a very powerful concept."
That last paragraph is worth reading a couple of times, while you digest its appeal to the networks' greed glands. Not only does it stop your villainous customers stealing stuff, it also induces them to market your stuff for you. Yum.
What happens when the villainous customer's handset breaks and they have to get a new one with a new IME number? Well, that will depend, but given how user friendly outfits in this particular industry tend to be when something actually goes wrong, customers will frequently find themselves being presumed guilty. It'll be like trying to get a computer software company to believe that you really have taken six goes to get it running on the one machine, but much worse. According to Sendo it'll depend on the vendor's attitude, but you'll likely be OK with Handango or Sendo's own shop, which is run for it by Handango. In general, says Sendo's Ron Schaeffer, "the chances are they will agree to give you an additional code. But there's nothing we can do to get around that right now, although there's couple of ways we're looking at for the future."
But it's worth thinking about how this kind of regime will apply to the people who tend to buy their handsets outside of contract and switch SIMs around in them. Your chances of getting your bought content to run on your new handset will be a lot greater if you're upgrading with the vendor you got the old handset from, you're under contract, and you've bought the content via the vendor network's approved route. That is, the network's control of you will tend to be extended, and users will tend to get stuck into the network's preferred walled garden. You can see a situation developing where the audio and video industries, currently dubious about the PC business' ability to keep control of 'their' content, start to view the mobile phone industry as a far more convincing prospect.
OMA DRM 1.0 is however really only a short term measure with a reasonable level of effectiveness in controlling copying of low value stuff like ringtones, while the OMA DRM 2.0 spec, announced earlier this year, is intended to apply to higher value content such as music and video. This will allow networks and content vendors to, they hope, derive vastly increased revenue from selling new singles to the youth market. Phones like the Sendo X are absolutely ideal platforms for this, with high quality audio reproduction and a goodly amount of expandable storage. Why would you need a solid state MP3 player when you've effectively got one in your mobile phone? Why, indeed, would you need an iPod?
Ah, but this is the point where it gets interesting. Currently the mobile phone industry benefits from having vast quantities of users who know next to nothing about the hardware they're using, and content that's too cheap to be worth putting much effort into stealing. The Register, for example, is pretty sure it's easy to steal ringtones, but we figure if it takes more than three clicks (which we think it probably does) then we can't be bothered. However, if you think about the vast majority of PC owners then they know next to nothing about the hardware they're using too. But they do very frequently know how to rip CDs and fileshare MP3s. Now, why would that be?
Once you've got mobile phones that are effectively MP3 players on the market, you can surely anticipate precisely the same pressures to be exerted on the market as are currently exerted on the PC market. People, no matter how untechnical, will rapidly discover that their MP3 collection can be transferred to their mobile phone (and anybody putting out a phone/player that won't play them might as well issue their sales team with silver handbells), platform-locked content sold via 'official' channels will become unpopular, and a few independents will be perfectly happy to sell unlocked content over the web to all and sundry.
Just as soon as it's selling something that has value the phone industry will be in precisely the same tricky situation as the PC industry, trying to figure out how to get people to buy devices that will only run DRMed content, and not coming up with any convincing answers. And it's quite probably worse when it comes to the mobile as permanently connected multimedia device. If you think about what the newer phones actually are, then they sound a lot like the fabled "BluePod" that The Register's own dear Andrew Orlowski would like so much to exist. They play music, they can hold a reasonable quantity, and they have Bluetooth for local area filesharing. So in principle they provide an even better platform for social sharing of content than PCs, which tend to need plugging into walls or are too big to fit into your pocket. And if the approved software plays hide the 'send option', then unapproved software will become swiftly popular. Interesting times ahead. ®
Sponsored: Becoming a Pragmatic Security Leader