Sinan Kurtulmuş

Three Arguments for the Elimination of DRM

Sinan Kurtulmuş

January, 2021

In the recent years, Internet-based data transfer has become increasingly easier, and online distributions of digital media and content have become more accessible than ever. Despite that, the media industries have opted for implementations that seriously limit the use of digitally distributed content, instead of making the most of what the newly emerged technologies can offer.

What Is DRM?

DRM Content
Today, the majority of the digital media content - including films, books, video games and some music - that users can "purchase" online comes encumbered with Digital Rights Management (DRM) systems. DRM systems are technologies, based on encryption and generally implemented in software shipped with products or services, that are meant to impose restrictions on how the user interacts with or uses digital media content. They are used as a measure intended to try to stop the illegal and unauthorized distribution of digital copies of copyright protected material on the Internet.

Well-known companies like Google, Amazon, Apple, Netflix, Spotify, Steam and Kobo all make use of DRM software to protect most or all of the copyrighted content on their platforms. Yet, not many users are aware of the existence of DRM. DRM prevents users from making copies of digital files, transferring them to different personal devices, or accessing them using different devices or applications that would have been able to open them if it was not for DRM. Therefore, typically, content that is "purchased" - more precisely, made accessible through authentication to a certain user for an undefined amount of time - on one platform can only be accessed through the services provided or supported by that platform. Many objections have been raised to the widespread use of DRM systems. This article focuses on three main points.

DRM Puts the User's Privacy and Security at Risk

Digital security is already a difficult problem to solve. Frequently, new vulnerabilities and serious security holes are discovered in all kinds of software that many people use on a daily basis. DRM software often introduces new security risks, potentially leaving the user's device vulnerable to attacks. This is particularly worrisome, since DRM software often has direct access to highly sensitive data, such as credentials, purchase details, and many kinds of personal information. While the potentiality of unintentional vulnerabilities in DRM software is problematic, what is more alarming is that DRM software can contain intentional security holes, as was the case in the Sony rootkit scandal. Since these kinds of implementations are closed-source, and the disassembly of proprietary binaries may be obstructed in many ways, there is no good way of making sure that DRM systems are unmalicious and/or secure.

Even if it were possible to ensure code security, DRM software could still be fundamentally problematic in terms of privacy, because of how it operates. DRM systems do not specifically block illegal or unauthorized access; this approach is not feasible. Instead, they block all access to a DRM protected file by default, and then they allow access to certain users on a platform, if and when they are able to authenticate, and prove that they have paid for access. This means that the software has to have at least some information about the user, and/or access to locations in the file system where it can store and retrieve cryptographic keys, and perhaps credentials. This also means that private consumption is not really private if the material in question is protected by DRM. Moreover, in many cases, the information that is collected is much more than the minimum amount that is necessary.

Interoperability and DRM Do Not Go Together

Image: Maxim Hopman
Interoperability is another issue when it comes to implementing DRM systems. A digital file encoded in an open format, and compatible with any program and any device that can open it, cannot be used in, or even transferred to, other "unsupported" programs and devices, simply because the DRM software does not allow it. This is true even if the target device or program has a different DRM implementation of its own; DRM systems do not work with each other, and the files have to be transferred from a central server anyway. In fact, in the early and middle 2000s - when DRM systems were not as prominent as they are today, and their shortcomings and potential alternatives were more openly discussed - interoperability between different DRM systems, among many other flaws, was a big concern. Many experts have stated that DRM interoperability is virtually impossible to achieve, as it introduces large-scale security hazards, and a need for quick and seamless cooperation between competing entities whenever something malfunctions.

Nowadays, discussions on interoperability seem to have come to a halt. Numerous implementations of DRM systems exist, and ventures for an open standard have largely been abandoned. Meanwhile, the lack of interoperability only hurts the consumers who are willing to pay for digital media and to make online "purchases" through legal means. The situation also introduces the risk of losing access to acquired digital material in case the user wishes to leave the platform or service from which he/she has "purchased" digital content, or the service decides to disallow access to some or all of its users, citing various reasons. As a result of this, some companies enjoy a huge amount of control over the distribution of digital media, as well as intellectual content, ideas and criticisms. Content that is only available on a single platform can effectively be banned, and "purchased" material can be rendered inaccessible through software updates. This is rarely the case with hardcover books or DVDs.

DRM Does Not Prevent/Reduce the Illegal Use of Copyrighted Works

Finally, there is no good reason to believe that DRM protection reduces the illegal distribution and use of digital media content. DRM systems have been in prevalent use globally for at least 15 years. Yet, digital piracy has not died. While subscription based services that also employ DRM protections - like Netflix, Spotify, and their competitors - have significantly decreased the demand for pirated content in their respective industries for a certain amount of time, this effect was caused by the entirety of the new user experience that they offered on their platforms.

In fact, the implementation of DRM itself more than likely increases the motivation for piracy, and decreases the amount of legal purchases. This is because DRM discourages the legitimate buyer, but does nothing significant to stop illegal copying and distribution. Many works that are distributed online bundled with DRM software can easily be purchased in other digital or non-digital formats that do not have DRM, and can easily be copied. Moreover, there are many ways to decrypt DRM protected files, or to "extract" the protected content through methods like stream-ripping. In addition, there exists a fair amount of empirical evidence, which shows that many users are more likely to purchase digital media content when it is DRM-free.


Implementations of DRM are commonly used by the companies providing digital media content on the Internet. They have many drawbacks that concern the user, and provide no apparent benefit to the parties combatting unauthorized copying and distribution. Therefore, DRM systems should be abandoned in favor of the distribution of regular digital files through cross-platform, privacy-respecting and secure means.