Analog media generally affords the ability to read, view, or otherwise access content anonymously. Some DRM systems, however, may associate a specific identity with each use of or access to content, and communicate that information back to the content distributor using the Internet. This kind of system may benefit users by enabling them to access their content from multiple devices or remote locations, based on their identities. On the other hand, usage under such a system is not anonymous in the same way it is when one reads a book or watches a videotape.
Making usage less anonymous can raise significant privacy questions. Information about what individuals read, watch, and listen to can be quite personal and sensitive. Moreover, such information could be linked to purchase histories or other data that a content provider may possess, creating detailed profiles of individual users.
Evaluations of DRM should include an analysis of whether the DRM collects and communicates information about individual users. If so, it will be important to explore such questions as what information is collected; to whom the information is communicated; how the information will be used; with what other entities the information may be shared; and how long the information will be retained. In general, information collection, use, and retention should be narrowly limited to what is necessary to achieve the core functions of the DRM system, except where individuals have freely chosen to authorize broader use of the information. In addition, users have a right to expect that any privacy implications of DRM will be clearly disclosed.
Back to DRM Metrics Quick Reference Chart
When DRM involves the installation or alteration of software on a user’s computer or other device, there is a possibility that sloppy or overly aggressive programming could impair the general security of the device. The controversy over Sony BMG’s copy protected CDs was partly due to reports that the software they installed created security vulnerabilities which could be exploited by virus writers seeking to access users’ computers. Product reviewers, consumer advocates, and computer security experts should be alert for DRM behaviors that pose security risks. Examples of such behaviors include:
Back to DRM Metrics Quick Reference Chart
There may be other ways, not directly related to security, in which DRM could impair the overall functionality of a user’s device. DRM may drain battery or processing power. It has been reported that playing music files with certain DRM can cut the battery life of MP3 players by 25 percent. Some DRM software appears to run, and thus use processing power, even when the user is not accessing protected content – which could slow the performance of the device, particularly if multiple DRM systems operate this way and have a cumulative effect. DRM systems also could interfere with a device’s general purpose copying hardware or software; there have been reports of certain DRM modifying the operation of the device drivers for DVD burners.