Securing content is becoming more complicated.
There was a time, not so long ago, when a commercially viable multiroom/multidevice consumer offering still seemed a very distant prospect. We all knew it was technically possible — various versions were demonstrated at trade shows year after year — but there were two key obstacles. The first was a lack of consumer demand for something that seemed rather complicated. The second was the problem of moving content from one screen or device to another in a secure way.
Today, the first obstacle is becoming less of a problem. Ever more consumers in markets around the world now have access to fast, reliable and tolerably secure wireless broadband at home. More people are now accustomed to consuming content of all kinds on dozens of different CE devices, including laptops, tablets and smart phones. These devices are designed to be intuitive and fun to use. They mask the complexity behind the scenes, and that has helped raise consumer expectations of service capabilities. There are also an awful lot of those devices: In 2011, Cisco research predicted that by 2015, the number of Internet-connected devices will have reached an extraordinary 15 billion, double the number of people on Earth. By then, there may be as many as 240 million tablets, according to IHS. Global sales of HTML5-enabled mobile phones will grow from 336 million handsets in 2011 to 1 billion in 2013, says Strategy Analytics.
But the second obstacle is still there. With consumers getting used to being able to consume or interact with content of their choice on a device of their choice, digital rights management (DRM) really needs to be as good as it can possibly be. But the challenge of securing content as it passes between an ever-expanding number of devices becomes more complicated every day.
DRM systems and related technologies continue to improve, but it's not necessarily the brilliance of the technology that will give operators an edge as they try to offer multidevice services, but instead the way the technology is harnessed and presented to consumers. In the UK, BSkyB has followed a generally successful campaign to make British consumers think that it invented timeshift TV with Sky+ by putting more resources and functionality into Sky Go, which may give some people the impression that it invented multidevice TV. Sky Go lets users watch content on an iPad, iPhone or laptop, over a Wi-Fi or 3G connection, whether they already have an existing Sky subscription, satellite dish or even a TV. They just need to pay a Sky Go subscription.
One of the technologies supporting Sky Go is NDS VideoGuard Connect, used in this case to protect content viewed on iOS devices. (See Figure 1.) In the U.S., DirecTV uses the system to deliver content to iOS and Android devices. The technology enables pay TV operators to extend services to IP-connected CE devices, and to secure the delivery and consumption of content over managed and OTT networks with security tools optimized for each device. Content originally purchased online can be made available on the broadcast platform, or vice-versa, through integration with an operator's existing broadcast platform. The system also offers unique service protection at the level of the individual subscriber, thus isolating any danger if breached by one individual.
There are other approaches for operators to consider. In November, MobiTV launched its TV-Everywhere system for cable, satellite and IPTV providers. Based on MobiTV's cloud-based video distribution platform, this offers operators the ability to deliver live and on-demand content inside and outside the home on a wide range of devices. In this case, the DRM technology comes as part of a package also including content ingestion and the core technology platform.
But even with this kind of packaged system, the interoperability challenge most operators would face in trying to cater for the multidevice world in full is likely to be time-consuming and expensive because of the sheer range of devices, different operating systems, streaming standards and application rendering techniques used, and the need to interoperate with other DRM technologies in the ecosystem. Technologies such as MultiRights, from Verimatrix, specifically designed to help operators support multiple DRM systems, can help, but would not stop the costs of integration, storage and encryption all continuing to rise.
Cross-industry interoperability initiatives might help. The Digital Living Network Alliance (DLNA) is probably the most high-profile. It now has more than 200 members — including Intel, Samsung, LG, Technicolor, CableLabs, AT&T, Sharp, Sony and Verizon — and has certified more than 9000 devices. The DLNA standard incorporates DTCP/IP, a link layer within a smartcard system, which is not itself a DRM system, but instead validates whether a device is adequately protected by its DRM technology.
The other important initiative starting to gain some traction is UltraViolet (UV). In July 2011, Digital Entertainment Content Ecosystem (DECE), the consortium of 70 companies that backs UV, announced the launch of a licensing program for content, technology and service providers, and published technical specifications for UV. The system is based on a universal common file format (CFF) for downloads, which allows consumers to copy files directly between registered apps or devices running different, but UV-compliant, DRM. Licensing is managed through a cloud-based digital rights locker. So if someone buys a DVD or Blu-ray, they also receive a code that can be used to download or stream the content, with their license to do so then stored in a virtual locker. Up to six users can share a UV account, using as many as 12 separate registered devices. DECE has some powerful backers; its membership includes a who's who of the technology world (with one notable exception), some big players in the retail world and almost all the major Hollywood studios.
Consumer feedback so far is not uniformly positive, with a number of complaints about the process of registering for the service being too complicated. But if people do take to the system, UV could become hugely important, offering a workable way to make content available in the ever more complex multidevice ecosystem. It's too soon to know whether it could pose a serious threat to the closed, but lucrative, iTunes world. ITunes may be a closed system, but it is also well-established and easy to use.
We should also perhaps be cautious about an open system based on collaboration between such a large number of players. The idea of everyone working together in peace and harmony may seem nice, but it's easy to see how in some cases it might be difficult to work out exactly who should take responsibility when something goes wrong. The content creator? The retailer? The service provider?
And there's a painful irony in the fact that one of the biggest practical problems UV will face is the challenge of maintaining security over the longer term. Security requirements change constantly. Certification and testing could become extremely time-consuming, and as time passes, it will be more difficult to support devices with older, less flexible decryption or decoding capabilities. Ultimately, the most straightforward way to meet that challenge is to withdraw support from older devices, which will annoy consumers.
None of this means UV is a bad thing or doomed to failure. Any initiative based on this complex ecosystem would face the same difficulties. Which business models will operators adopt to try and get the most out of UV? Will they sell UV rights through STBs or online connections instead of, or alongside, single views of on-demand content? Will they offer consumers the use of their STBs as trusted UV devices through which they can watch UV content stored in their digital rights locker but purchased elsewhere? If they did, would any irritation over hardware the operator subsidizes and maintains being used to view content sourced elsewhere outweigh the value of being able to give a subscriber an extra service?
Consumers will play a crucial role in determining the fate of UV or similar initiatives. They may actively prefer the flexibility offered by an open system to the constraints imposed by closed systems, or they may buy into an open system inadvertently when they buy a connected TV that offers this sort of capability. On the other hand, they may also find it difficult to come to terms with a change in the definition of content ownership, which will change from buying something in a shop you can carry around, to owning the right to stream or download a file that is stored beyond their physical reach in the cloud.
Much will depend on how effectively the concept is communicated to them and how user-friendly they find the system to be. And also on somebody, somewhere in the ecosystem being prepared to take responsibility for providing and meeting the cost of the support consumers need when things don't work as they should.
In the end, the biggest danger to UV, DLNA and any other attempt to build a coherent united vision of the secure transfer of content will be the complexity of that ecosystem — the sheer number of stakeholders. The more companies and organizations involved, the harder it becomes to maneuver and the slower the rate of change if change is needed. It is this problem, rather than technical issues, that makes the process of managing DRM effectively in the multidevice/multiplatform world so difficult. Much of the technology is proven and tested; the problems are around integration and coordination. You can keep building new security technology to combat ever more ingenious attacks from the pirates — DRM vendors have to do this all the time anyway — but it can be difficult persuading everyone involved to contribute to the cost of making it work across all devices.
This is an industry where we frequently hear and read fine words as companies and organizations pledge to work together to solve common problems. But it's also an industry defined by brutal competition. If the multiplatform DRM issue is ever to be resolved, the industry will need to find some way of squaring that particularly awkward circle.
David Adams is a freelance business and technology journalist.