Digital rights management (DRM) is a child of the Digital Millennium Copyright Act (DMCA), passed by the US Congress in 1998 to heighten the penalties for copyright infringement on the Internet. It amends Title 17 of the United States Code to bolster copyright law and limits ISP liability for copyright infringement by online users. In doing so, it criminalizes (1) the manufacture and distribution of technology, devices or services intended to circumvent measures that control access to copyrighted works and (2) the act of thwarting an access control, whether or not there is actual infringement of copyright itself.

The main problem with DRM under the DMCA is that while the law may be well-intentioned, the DRM software used to enforce the law is not. In fact, software controls on content, whether consented to or not, are, in effect, a means to circumvent the legal process of prosecuting violations of copyright law in the courts by using a commercially provided, electronic private police force instead. In other words, software controls are a form of vigilante action; therefore, the likelihood is that such software will err on the side of its owner. This is so much so that copy protection code can prohibit a user from lawfully using the data on a legitimately purchased disk. For example, certain restrictions formally imposed by iTunes can interfere with a simple data transfer from one PC to another within a user's own home or, worse, can prevent a user from restoring their data in the event of a hard disk disaster. Moreover, DRM software can inadvertently turn innocent people into criminals, as it did in the case of Jon Johansen, a Norwegian teenager who wrote a code-crack that allowed him to view his own DVDs in countries other than Norway. His "crime" turned out to be trespassing on his own property!

Furthermore, DRM software controls constitute an invasion of privacy, especially when authentication is done via the Internet, which potentially allows hackers and other types of privacy invaders to learn patterns of user behavior. Naturally, the list of prospective intruders includes the content provider as well as the government agency that demands such knowledge under the auspices of the USA PATRIOT Act. Of course, the larger issue is that once the public is comfortable allowing corporate information providers to control the use of consumer data, the practice becomes a tremendous threat to Americans' freedom of speech. Control of data is but a small step removed from censorship.

The real criminals — the software pirates that burn millions of DVDs and other copyrighted or patented content and sell them in China and other countries lax on copyright law enforcement — are technologically sophisticated enough to break the codes and distribute their cracked content to anyone they wish because that's the business they are in. In fact, by turning up technology enforcement instead of adopting a workable business model, the rights holders have inadvertently and paradoxically caused an enormous black market to be created. As a result, there are almost as many copyright violations being committed as there are instances of legitimate, copyrighted product sales.

So digital rights management doesn't prevent crime. It over-restricts customers' rights to the point of criminalizing legitimate consumer behavior; it hurts artists economically by creating a huge black market; and it inhibits music industry profits by discouraging the development of a business model that really works. The future of DRM is rather dubious, indeed.

Arthur Gingrande [arthur@imergeconsult.com], ICP, is cofounder and partner of IMERGE Consulting, a document-centric management consulting firm. Mr. Gingrande will complete his Juris Doctor degree at the Massachusetts School of Law this coming June.