We help our clients to manage and publish their media online - images, video, audio, whatever. They always ask my boss whether they can stop users from copying their media, and he asks me, and I always tell him the same thing: no. If the users can view the media, then a sufficiently determined user will always be able to make a copy. But am I right?

I've been asked again today, and I promised my boss I'd ask about it online. So - is there a DRM scheme that will work? One that will stop users making copies without stopping legitimate viewing of the media?

And if there isn't, how do I convince my boss?

I believe you have misinterpreted your boss's question. Perhaps he doesn't even know the right question to ask, so I'll give you the Q&A that should have occurred.

Boss: Can we stop every determined user from copying our clients' media?

You: No, this is impossible.

Boss: Can we make it difficult, such that the vast majority of determined attackers will be unable to break our content protections?

You: Yes, this is possible.

Boss: Can it be done in a way that does not impact performance of media playback such that it becomes inconvenient to our legitimate users?

You: Yes, this is challenging, but tractable.

Boss: Is it economically feasible to implement such a protection system?

You: That depends on the details of our contracts with media providers. If some providers are unwilling to license desirable content to us because of our unwillingness to protect it for them, it could be an economic imperative. We should hire one or more experts in digital rights management to implement the system if that is the route you decide to take.

No. If you let them view it, they can always make a copy of what they saw. You can make it harder for this to happen, but in the end, you can't stop a suitably determined attacker.

Short of supplying specifically tailored hardware (which is what Microsoft is pushing with its Trusted Computing 'Palladium' initiative) the answer is no, you can't stop 'em to get to the bits.

Even in the case of specifically tailored hardware an attacker with enough skills and resources can still get to your content, you just reduce the attack surface enormously.

Of course a video camera will work just as well in many cases, you'd then have to counter that with a specific set of television/monitors. It shortly stops being economically viable.

To convince the boss, just tell him what's easier to understand: you cannot stop someone from placing a camera in front of the television.

Nothing is perfect, but you can make copying a little more difficult = less worthwhile.

• You can watermark preview copies of media.
• You can serial number all copies so they can be tracked.
• You could encrypt the media, only allowing it to be decrypted by software that you control. (e.g. Adobe Acrobat documents can be set read-only. Audible ebooks can only be played in the Audible player).
• You could supply media that is of little value to anyone but a legitimate user. (eg. Pictures of my friends at a party are of little value to anyone but the people that know them).

IMHO, any attempt to DRM is annoying to legitimate end users, so I wouldn't recommend it.

Perhaps you can convince your boss by asking her to come up with an effective method of DRM, and then demonstrating how to overcome it?

Simply put, no, there isn't. Any content that can be viewed can be copied. There's no exception to this at all, unless you can bend the laws of physics in your favor :)

Long answer: Only let users browse your site by visiting your office and using a machine located there - under strict supervision, of course.

Short answer: No.

The reason you can't stop DRM no matter what is as follows: imagine a bank vault. There has to be a way in to get the money out. If there is a way in, that means someone could get in that way, therefore it is not impenetrable. If the vault is impenetrable, that means no one can get in -- meaning no one can get the money in or out, not even the people who legally have the right to access the money.

At one point you will have to abandon whatever coding/encrypting you are using to circumvent the making of illegal copies and show the content to the user in plain sight. The latest, at that point the user can simply capture the content and make copies. Which means that if you cannot control who your users are (or how they are using your technology), you cannot stop them making copies.

Now, granted that making copies off the unencrypted content might not be the most efficient way of copying (for one -- depending on where it was captured -- it might not be compressed (e.g. the capturing took place between the video card and the monitor), and therefore might take up a lot of space).

Based on the above, the technical answer -- unless you have enough control -- is that no, you cannot stop users to make illegal copies.

However, you can make it much harder for them to make those copies in the desired format by using encryption or other DRM-related techniques. Depending on your users and the popularity of your content, there might be a point where the effort required to subvert the DRM technologies is higher than what your users are willing to pay/invest. Whether there is such a point solely depends on the nature of your business and your audience.

Anything that can be viewed and understood by a human can be viewed and stored by a computer.

The best you can do is obfuscate and attempt to confuse, but any suitably determined user will succeed. You could deliver text as an image, an image with a watermark, an encrypted file with public/private keys but the best that will happen allowing you to track who 'leaked' something rather than stopping it from getting leaked.

Right now I can see 12 answers all agreeing that the answer is "No".

If your business relies on your clients' media being published with protection, then your business may already be in trouble. You need to start a conversation with your clients about the content they're generating, why they're generating it and what they hope to get from it. It rather looks like they may have an out-of-date business model, in which case they may be in danger as well.

What the clients are saying they want may be their best attempt to stipulate the solution to a problem that they're not telling you about. Try digging a little deeper into what their actual problem is. Maybe look at the Five Whys for inspiration.

I definitely don't think I'd want to be planning a long-term career on DRM right now...

As far as convincing your boss goes, boil things down to essential DRM. You sell something valuable. To prevent your customers from copying it, you lock it in a box. To allow your customers to use it, you give them the key to the box.

Hopefully, the light is beginning to dawn on your boss by this point.

Technology is not a solution. We have a legal system to deal with unlicensed replication of intellectual property. Theft is prevalent in a small segment of the population. My advice would be don't try to sell digital media that appeals to a demographic likely to steal.

The main thing you need to identify is the level of user you wish to prevent from copying the content. You will never stop a 1337 h4xx0r from copying your things and passing any knowledge of hacks to more competent techies.

As you wander down the line of the less technical able there is more you can do (such as the usual DRM) to dissuade them from attempting to copy your content. As you get to idiot user there are probably a variety of tricks you can perform that are effective enough to fool them into thinking that they cannot copy the content, however all it takes is for them to meet a competent techie and for them to provide one link for them to be able to step up to the next level.

It's a case of very much diminishing returns but there are still users out there who think that just because a website disables the right click that they cannot download the images. If your clients want to target those users (and offer substantial monies) then it might be worth pursuing a bit of obfuscation but it is a case of diminishing returns and your customers need to appreciate that all they are purchasing is a thin disguise.

the answer is simple : no

No, their is no way to prevent a user to use its camera to take a screenshot of the screen, or its recorder to record a movie, a song or anything else.

And if you're talking about preventing making "exact" copy of a digitalized content, the answer is still the same: NO.

You cant stop the viewing, but by possibly putting a serial number in each viewers video it will allow you to track copies. E.g. in the top right of the video put a small number that is unique to that user. If they copy the video and upload it you will know who did it. You could also move it around during long videos or make it appear randomly to make it harder to remove.

Just an idea. Im actually anti DRM.

You can have extermly complex DRMs (custom player, activation each time something is played/loaded), but it still won't be 100% hacker proof. And honestly, it's just not worth the trouble,

Try to just keep the honest people honest; either have no DRM at all, or just some simple ones that's easy to implement and will work on 80% of general public, leave the other 20% alone, they are probably techie enough and won't be stopped no matter what.

Allow me to argue that the answer is actually "Yes, with qualifications". It is possible to create a DRM system which is sufficiently difficult to crack, such that non-technical users will not be able to copy and redistribute the content, and highly technical users will only be able to do so with great difficulty.

So the original answer is correct: a "suitably motivated" hacker will always be able to get what he wants. But it's possible to set the bar high enough so that the number of suitably motivated hackers is approximately equal to zero.

With the hardware in use today, you cannot stop users from copying your media. And current (major) DRM-technologies is not even about that.

DRM is about annoying users who wants to copy. Hopefully so much, that most of them won't make copies.

The problem is that by annoying the users, you annoy all users.

That is why I almost never buy anything DRM-protected. And when I do, it's ONLY after I've got a DRM-free copy, so I'm sure that I'm actually able to hear/see a copy of the product.

I believe you have misinterpreted your boss's question. Perhaps he doesn't even know the right question to ask, so I'll give you the Q&A that should have occurred.

Boss: Can we stop every determined user from copying our clients' media?

You: No, this is impossible.

Boss: Can we make it difficult, such that the vast majority of determined attackers will be unable to break our content protections?

You: Yes, this is possible.

Boss: Can it be done in a way that does not impact performance of media playback such that it becomes inconvenient to our legitimate users?

You: Yes, this is challenging, but tractable.

Boss: Is it economically feasible to implement such a protection system?

You: That depends on the details of our contracts with media providers. If some providers are unwilling to license desirable content to us because of our unwillingness to protect it for them, it could be an economic imperative. We should hire one or more experts in digital rights management to implement the system if that is the route you decide to take.

As to convincing your boss you might try arguments from Cory Doctorow from this essay book.

He has some very good points.

I think the best argument is that you will be spending much programmer resources on writing features that your users will dislike. Noone wants their player to say: 'you can't listen to this song because it is on your PC already', and implementing this feature will be pain.

If it can be viewed, it can be copied.

And if one person can copy it, he can send it to a million other people.

So its meaningless to make it hard to copy, because there's always people able to copy it, who will then proceed to send it to everyone who can't.

The only thing DRM does is make it harder for consumers to legitimately use content. But this is intentional--media providers don't want you to backup your DVDs and convert them to play on an iPod: they want you to buy the same movie again from them in iPod format.

That is the real reason for DRM. They know it won't work to stop pirates; they do know it will work to stop legitimate fair use.

Yes, there's is a largely uncracked DRM in place. It's called Super Audio Compact Disc (SACD), a fantastic 5.1 surround sound format that was made to supersede original CD's. Don't think it really caught on as much as Sony, the creator had hoped, yet there's still a large following agmonst audiophiles.

The main reason it's largely unbreakable is because you need a special player to read the discs, they cannot be played on a computer or CD player, unless they're dual layers. Meaning SACD and CD data on one disc, and then they can only rip the CD data not the SACD.

So if you've got music you want to share and your clients are into high end audio. Then SACD is probably the way to go, if you want unbreakable/unshareable audio/music.

I'm inclined to agree that in a practical sense, there may be no foolproof way to prevent copying, but can I prove it? No, and I haven't heard any airtight proof yet.

Copying is inherent in normal computation, and it is irreversible. For example

X = A; // statement 1
X = B; // statement 2

When statement 2 is executed, there is no way to reverse it because X has no memory of its prior value. That is the essense of copying - forgetting that a copy was made.

From what little I know of quantum computing and cryptography, in that realm all processes are reversible, so it is possible to guarantee that copies can always be detected.

Back in the world of normal computation, if one can control the viewers of information, one can try to ensure that any copy is degraded and not as good as the original. For example, there is the watermark idea, which can be made practically invisible. Or additional information can be added that is not displayed, but which is required to show the image.

I'm not saying strong DRM is possible in normal computing. I'm just saying if it isn't, that's a strong claim, and I'd like to see an airtight proof of it. This field has a number of things once considered impossible, such as public-key cryptography and Dijkstra's mutex algorithm.

In words of a microsoft engineer "If your solution lasts for 6 months, thats eternity". Time to move to a newer implementation of the DRM solution. Hence we cannot guarantee a fool proof DRM solution. However we can make it very hard to crack/hack though by making less encrypted data in clear.

Although "what can be viewed, can be copied" is clearly true in theory, this does not necessarily sound the death knell for DRM.

If the DRM can control the hardware well enough, through to the display medium, so that there is no leak of data before the display, then any "copy" which is made of the display will likely be imperfect.

For example, a camcorder in a cinema multiplex - certainly, the viewed data has been copied, but highly sub-optimally.

For this "viewed; copied" data to be optimal, it requires a recording device which is able to record every 'bit' of data perfectly (and perhaps work in real-time).

Looking forward, you might get a DRM technology which prevents a product from being viewed when a device capable of copying it is present.