New ebook DRM isn't just easy to break, it makes no legal sense


"Lost in Translation," my latest Publishers Weekly column, looks at SiDiM, a new DRM scheme developed by the German Booksellers Association and the Fraunhofer Institute (with funding from the German government). The idea is to produce random variations in the text of ebooks so that each customer's ebook can be uniquely identified. As I point… READ THE REST


Here is a case where such a DRM scheme (uniquely marking downloaded copies) lead to a default judgement of 1.5 million USD - for sharing 10 porn movies

So - it does hold up in court.


Umm ... did you even read the article you linked to? It was a default judgement. The accused never showed up in court. It doesn't represent any kind of judgement on the merit of the case.

Why is the "In reply to" indicator suppressed sometimes?

Still the judge didn't throw this out as unwarranted. Appearing in court might have helped the defendant, but who knows - he still might have lost big time.


I love the fact that, if you have purchased many eBooks, somebody stealing your laptop can become a tremendous financial liability to you, which can potentially bankrupt the average person.

Unfortunately, I see only one solution to this very real and profound danger, don't buy ever eBooks. Doing so could literally destroy your life. Simply not worth the risk.

The only safe course, ironically, is piracy.


Isn't producing random variations in the text of an ebook the same as randomly changing notes in a song? The changes may be small but the author arranged the words in a certain way and that's how I would want to read them.

If you sell a million copies of an ebook there's no way to make a million variations without starting to distort the text, and if you can't make a million variations then you cannot know whose copy it is.


IANAL, but as far as I know, they could have sued for absolutely anything, and if the defendant does not show up, the judge would issue the default judgement.


This is little different than the idea of putting watermarks in music. I've had two music collections stolen.

If the copyright owner can hold me responsible or civilly liable when they obtain my stolen books or music on the internet, then can I have them charged with possession of stolen property?


A million variations is only 20 bits. You think it's hard finding 20 places to insert / not insert a space in something the length of a novel?


And these changes don't necessarily need to be in the actual words, the changes can be in metadata sections or additions of non-printing characters.


I think the yahoos who come up with this kind of clatter give even less of a fuck about the author's artistic integrity than they do about the actual illegality of their bullshit.


It strikes me that the extra fun(if any were needed) come in that watermark 'drm' actively encourages would-be pirates, release groups, and warez kiddies, to go hunting for hapless random users(either to obtain already-purchased copies with some sucker's watermark, or to get account credentials to purchase whatever it is they are looking to release into the wild).

Even if we assume(almost certainly too generously) that the watermarks are indelible, even for an attacker in possession of multiple copies, an attacker doesn't need to strip the watermark they just need to make sure that the watermark isn't linked to them. No need to do some sort of fancy cryptoanalytic attack, just phish; buy whatever it is, and send it to TPB.

Any 'protection' scheme that encourages malefactors to prey on paying customers seems like a... potential problem.

(And, of course, though this probably isn't seen as a bad thing by the people who would use something like this, exercising your right of first sale similarly exposes you! Sure, the system doesn't stop you from selling it; but you wouldn't want to get sued when the person you sold it to, or the person they sold it to, hoists the Jolly Roger, now would you?)


This type of DRM would only work if no one knew about it. It is so easy to break as to be laughable. People can be so stupid.


I was surprised not to see the term "traitor tracing" used to describe this DRM. At least, that's what I thought this sort of deal was called, but I may have overestimated how accepted the phrase was.


I think it is partially designed to stop or trace the professional pirate who release hundreds of science, music, sports books etc every day onto pirate sites, possibly from sources within the publisher. It will make it more difficult for them to source the originals. Its not really for catching someone with a few books hacked from his computer. Of course all DRM can be got around, the idea is to make it more difficult for the professional pirate, and a bit more scary for the amateur pirate.


The article specifically mentions randomly changing punctuation here and there. Yes, I think changing the punctuation a million times in a book would be hard to do. Of course, these changes could be hidden in bits and byte, but the article makes mention of specifically visible changes to the text.


I just had a thought.
Could the author/owner even retain copyright if they change the content? I mean, it where's the point where it stops being the original and becomes a new work?
I guess this is beside the point though as copyright is automatically granted to pretty much anything at the time it is fixed it the medium. So even if a million variants of the text were made, the one making the variants owns a million copyrights. Which would be unmanageable to register. But still legally enforceable possibly.


You're not changing it a million times, you're changing 20 to get those million different. Granted, you'd have more for error correction and what not, but it's log2(millions), not millions. Have a human set up the places that can be changed, and everything is automated after that. It's not particularly difficult to do, it's simple database work. Some would be visible yet not (how many would notice the wrong placement of a comma with respect to quotes, for example. or how many places could you use teh?)


Step 1: Buy DRM'd e-book using somebody else's name
Step 2: Distribute it all over the Interwebz, then rat them out to the authorities
Step 3: Schadenfreude


Yes, the first thing I thought of was the "Canary Trap" that Tom Clancy described in "Patriot Games".

(from Wikipedia)

The term was coined by Tom Clancy in his novel Patriot Games, although
Clancy did not invent the technique. The actual method (usually
referred to as a Barium meal test in espionage circles) has been used
by intelligence agencies for many years. The fictional character Jack
Ryan describes the technique he devised for identifying the sources of
leaked classified documents:

" Each summary paragraph has six different versions, and the mixture
of those paragraphs is unique to each numbered copy of the paper.
There are over a thousand possible permutations, but only ninety-six
numbered copies of the actual document. The reason the summary
paragraphs are so lurid is to entice a reporter to quote them verbatim
in the public media. If he quotes something from two or three of those
paragraphs, we know which copy he saw and, therefore, who leaked it. "

A refinement of this technique uses a thesaurus program to shuffle
through synonyms, thus making every copy of the document unique.

It seems to make a lot more sense in Clancy's context than as a DRM tool.