DRM knocks at the enterprise door

So far, enterprise IT isn’t mired in the DRM swamp. For the most part, the content that DRM aims to control is produced by the entertainment industry and consumed in the home. But as licensing regimes creep into the technical infrastructure, IT becomes, willy-nilly, an indirect stakeholder in the DRM debate. There are more direct links too. Although most of us don’t yet use digital audio and video as ordinary modes of business communication, some do and more will. Enterprises are going to be a major producer and consumer of digital assets, and they would want to be able to control access and track usage — if there were practical and cheap ways to do so.

IT has always sought control of all the digital data within its purview. In his Weblog, Lotus Notes creator Ray Ozzie recounts how Lotus customers yearned to prevent copying and forwarding of messages. He resisted for years, because there was no practical solution, but finally relented. “Even though it is trivially defeated,” Ozzie wrote, “and even though the documentation says that senders really can’t control what recipients do … [users] generally think that control is in their hands.”

Such “ex post facto” control of data is only conceivable when devices conspire with software. Microsoft’s Secure Audio Path, for example, enables Windows Media Player to authenticate sound cards and their drivers. The Trusted Computing Platform Alliance aims to drive such authentication into the heart of the PC, where software such as Microsoft’s Palladium can exploit it.

No architecture can plug what Jack Valenti, president and CEO of the Motion Picture Association of America, calls “the analog hole.” Not, that is, unless users of digital media become trusted hardware. But even imperfect DRM could dramatically slow the leakage of Hollywood/recording industry bits. From an enterprise perch, DRM has other potential uses. Today, private messages flow unencrypted in e-mail, unlicensed software creates liability, and Web services can’t establish trust relationships. Trusted hardware could be an ally here, but not a panacea. The real bottlenecks will be where they always have been: asserting identities, managing cryptographic keys, administering access controls. The critical issue within the enterprise is ease of use. Without breakthrough advances on that front, the technologies that spin out of the DRM war — secure hardware, trustworthy operating systems, XML rights-management languages — won’t find much traction.