The Digital Object Identifier (DOI): The Keystone for Digital Rights Management (DRM) by David Sidman CEO Content Directions, Inc. January 26, 2001 Draft submitted to the SIIA Digital Rights Management (DRM) Working Group (Note: A revised and expanded version of this paper will be published by the SIIA DRM WG in the Spring of 2001) * * * When publishers created the Digital Object Identifier (DOI) in 1996, they had two goals in mind: 1) facilitating the creation of an e-commerce market for digital content, and 2) facilitating the creation of solutions for copyright protection/anti-piracy in the digital environment.1 The need for the first goal grew out of a recognition that computers cannot easily communicate with each other unless they both share a common, unique identifier for the item about which they are communicating; therefore a unique, unambiguous, machinereadable identifier was going to be required for all communications and transactions involving digital content throughout its entire life-cycle: preparation, formatting, publication, syndication, distribution, aggregation, retail sales/subscriptions, royalty computation, rights/permissions grants, sales tracking, financial reporting, etc. This is exactly the same function traditionally fulfilled by legacy identifiers for physical products in the physical world (such as the ISBN for physical books, the ISSN for journals, and the UPC or bar code for other physical products) - as well as legacy computer-based identifiers which already allowed computers to transact in high volumes For an excellent recap of the early history of the DOI project, see “The Digital Object Identifier: Solving the Dilemma of Copyright Protection Online,” by Bill Rosenblatt, Journal of Electronic Publishing (University of Michigan Press), Volume 3, Issue 2 (December 1997), http://www.press.umich.edu/jep/0302/doi.html. 1 © 2001 CONTENT DIRECTIONS, INC. Page 1 with respect to other non-physical (but machine-processable) entities, such as the CUSIP number for stocks and bonds (which allows billions of trades among financial institutions to clear and settle every night), the DUNS number (which denotes a company for purposes of Dun & Bradstreet credit ratings and other company identification purposes), and even the social security number (which does not physically mark human beings, but represents them symbolically in many different systems which must interoperate efficiently). Admittedly, without such an identifier for digital content, it wouldn’t be totally impossible to have an e-commerce marketplace, any more than it had been impossible for stores to sell physical products in the days prior to the now-ubiquitous UPC (bar code). But that marketplace certainly wouldn’t function as efficiently or smoothly, especially in the online world where all transactions, and even the content itself, is purely computerbased. Furthermore, the publishers recognized that all the traditional legacy identifiers only represented numbering systems in the abstract, and that none of them provided an actual routing mechanism that would link a user or business partner from the identifying number to the content itself, or to the content owner’s website. Yet this is exactly what the DOI provides, because it has behind it a resolution-and-routing system, very similar to the Internet’s DNS system which recognizes and routes domain names successfully. Furthermore, the system underlying the DOI was in fact developed by the primary inventor of the Internet itself, Dr. Robert Kahn (and his research organization CNRI, or Corporation for National Research Initiatives), for the express purpose of differentiating published, managed objects from other less valuable or less quality-assured information. The second goal, that of protecting copyright and preventing piracy (otherwise nobody gets paid), is really a subset of the first, because successful copyright protection on the Internet requires the seamless interoperation of a whole chain of different systems in order to a) work at all in preventing piracy; b) make the process a relatively friction-free experience for the end user. In fact, the relative lack of market success (so far) by today’s copyright protection solutions is a direct result of the fact that the end user experience (and also the process by which publishers have to prepare their content in the first place in order to implement these solutions) is anything but friction-free. The very success of services like Napster has proven that if content is easily discoverable and obtainable, without a lot of hassle, then 58 million people are ready to take advantage of it. Certainly some of this popularity is due to the ability to get the content for free, but a large part of it is also because it is easy and convenient to do so. If the only barrier to actually purchasing digital content were the customer’s willingness to part with his/her money, but the process was otherwise seamless, convenient and reliable – and did not involve restrictions like having to repeat the entire process every time the customer upgraded his/her PC, or wanted to move the content to a laptop to take on the road, or to send the content to several friends – then we would be seeing a lot more content being sold/distributed using copyright-protection tools. It is important to point out that the full promise of Digital Rights Management (DRM) goes well beyond mere copyright-protection in the negative sense of preventing piracy. It has many affirmative benefits as well, which in theory make it a tremendously powerful © 2001 CONTENT DIRECTIONS, INC. Page 2 marketing vehicle. It can enable free previews or samples (but require payment after a fixed number of previews or a free initial time period). It can facilitate promotions. It can allow a “teaser” of limited access (e.g. read-only) but then require purchase if the customer wants to print, copy/paste (e.g. into their own work product), or forward to others (but perhaps only to a predetermined number of people). Finally, it can enable the “holy grail” of DRM, which is superdistribution – i.e., the ability of a legitimate, paid customer to forward the content to any number of friends, provided that when each of them accesses the content, the publisher gets a payment. (This kind of viral marketing turns every customer into another salesperson – and a far more effective one than any bookstore, because he/she is forwarding the content to an actual friend who would likely have an existing interest in the content or a predilection to follow the sender’s recommendation.) DRM can even encourage customer activities which may NOT even involve payment, such as requiring a user simply to register their name and email address, or perhaps fill out a brief survey, as a precondition of obtaining access. But all of these capabilities still require successful interoperation of many different systems - from the publisher’s internal production systems, to the publisher’s web publishing system, to the DRM wrapper which encrypts or seals the content, to the hosting provider which stores the content for distribution, to the online bookstore which actually offers the content for sale, to the rights clearinghouse which checks the customer’s authority to access it, to the e-commerce vendor who takes the customer’s credit card payment, to the issuer of the key or permit which unlocks the content. Figures 1A-1B show a schematic of all these various systems and their interactions. Different DRM solutions differ widely in their approaches: in some cases each one of these systems is operated by a different provider in the DRM chain. In other cases the DRM vendor operates several components in the chain (though seldom all of them) as an outsourced service for the publisher. In still other cases the DRM vendors sell the individual systems as products to publishers, who then operate the systems themselves. But in all cases, the DRM process involves many moving parts, and these cannot interoperate very seamlessly unless, at minimum, they are all united by using a common, universal identifier for the content object in question. © 2001 CONTENT DIRECTIONS, INC. Page 3 Figure 1A – DRM process flow © 2001 CONTENT DIRECTIONS, INC. Page 4 Figure 1B – DRM process unified by DOI Thus DRM transaction are one example (out of many) where seamless interoperability is absolutely essential, but cannot easily happen with a unique, universal ID – assigned at the source by the publisher. Furthermore, the DOI offers DRM solutions a tremendously powerful tool in terms of actually preventing piracy per se. Many DRM solutions today fail at the point when the content is legitimately opened (decrypted) by a legitimate customer, at which point the content may be “in the clear” and easily copied. (Alternatively it may be bound specifically to the customer’s machine, but then that is problematical because the customer may not be able to transfer it among his/her different devices, or it may require re-purchase of their entire library every 2-3 years when they upgrade their PC or when their hard drive crashes.) Many DRM solutions also fail because it is almost impossible to prevent hacking of encryption solutions as long as the content itself, the locking mechanism, and the key are all located somewhere within the content or on the same reading device (assuming it is capable of running executable software). In fact, it was these security concerns that motivated the creation of some eBook readers which are dedicated devices – i.e., they are closed, single-purpose devices which cannot run any other software. The DOI assists these solutions in a number of different ways. One of these is that the DOI represents an “actionable identifier,” not just a unique number in the abstract (like © 2001 CONTENT DIRECTIONS, INC. Page 5 an ISBN or a UPC or a CUSIP) – i.e., it provides a permanent, reliable link back to the content owner’s server (or the server of anyone else the publisher may designate, such as a rights clearinghouse, an online sales outlet, or some other provider of DRM or ecommerce services). This ability of the DOI to “phone home” for access (e.g. to obtain the server half of a required key pair) is a very powerful tool for DRM. The very permanence of a DOI-based link represents another way that the DOI helps DRM. We’ll see in a minute just why the DOI provides a more permanent link than a URL provides, but for now let’s just point out that the significance of a permanent “phone home” link for DRM is that it represents a key enabler of superdistribution. The DOI can be embedded with confidence in the content’s secure wrapper at the outset of publication, because even if the content is then passed along from user to user over a period of years, the embedded DOI will still take the newest customer to a valid place on the Internet in order to successfully complete a DRM transaction and get access. Again, that place may be the content owner’s website, or another website that the content owner may designate as its preferred rights clearinghouse or e-commerce vendor. But whatever the target URL is, the DOI will always point somewhere successfully even if that target URL has to be changed over time. This “permanent link” feature deserves a quick explanation for those readers who are not familiar with the technology which underlies the DOI system. Unlike a URL today, which points to a piece of content based on its location (the URL literally stands for “Uniform Resource Locator”), the DOI identifies a piece of content by a permanent number which never changes once it is assigned to the content. Instead of pointing to the content’s location, the DOI points to a directory on the Internet, which in turn redirects the user’s browser to whatever is the correction location for that content today. Even over time, as the publisher may move the content to a new server, or change its server’s directory structure, or even get acquired by another publisher, the current content owner simply has to go to a single location (the global DOI Directory) and make one update in one place at one time, and the DOI that used to point to the content’s old URL will now be redirected successfully to the content’s new URL. Thus all the pre-existing links pointing to that content from all over the Internet will continue to work, unlike today when those links (URLs) would return a “404 – File Not Found” error. Figures 2A-2C show how broken URLs occur today, and shows how the DOI solves this problem. © 2001 CONTENT DIRECTIONS, INC. Page 6 Figure 2A – URLs point to the location of the content… © 2001 CONTENT DIRECTIONS, INC. Page 7 Figure 2B – …but the URLs “break” if the content gets moved to another location, or if the publisher divests that product line, or if the publisher is bought by another. © 2001 CONTENT DIRECTIONS, INC. Page 8 Figure 2C – Instead, with the DOI, the global distributed DOI Directory simply redirects the DOI (which never changes) to the current location today (even if the location changes over time). The publisher need only make one update, in one place, at one time. Conclusion If DRM solutions do not become completely unobtrusive for the end user – i.e., if they do not eliminate all barriers to access except for the customer’s affirmative decision to actually pay – then DRM will fail to be adopted by end users and by the digital content industries which produce the content, for the same reasons that copy-protection failed (and was eventually dropped by software publishers) in the PC software market during the 1980’s. With widespread adoption of the DOI, on the other hand – first by publishers themselves in terms of assigning DOIs to their content, and in parallel, by DRM vendors, Content Management/Web Publishing System vendors, Online Bookstores, and all other distribution partners who should support the DOI as their standard object identifier for digital content – then the world will see the establishment of a vibrant e-commerce marketplace for digital content. This marketplace will go well beyond simply migrating today’s print content to the online environment. Instead, it will offer publishers the ability to repackage content in new and flexible forms, including more granular, “recombinant” information products © 2001 CONTENT DIRECTIONS, INC. Page 9 tailored specifically to highly-targeted audiences.2 This will allow publishers to capture additional, incremental revenue, but over the same base of digital assets - provided the publisher uses the DOI to actually manage those assets, repackage them in various ways, sell them, control their access rights, and track the financial results. In addition to these incremental sales and profits on the revenue side, on the cost side the DOI will certainly reduce costs throughout the entire production and distribution chain (again including DRM) - once publishers and their business partners link their systems more efficiently based on this common, universal identifier. * * * Further information about the DOI can be obtained from the following sources: http://www.doi.org - website of the International DOI Foundation, the non-profit, member-support organization which governs the DOI system. Contact: Dr. Norman Paskin, Director, n.paskin@doi.org http://www.cnri.reston.va.us - website of the Corporation for National Research Initiatives, Dr. Robert Kahn’s research organization and the DOI system’s technology partner http://www.contentdirections.com - website of Content Directions, Inc., a consulting and services firm which is 100% dedicated to helping publishers adopt the DOI and helping vendors support it. Contact: David Sidman, CEO, 212-7921847, dsidman@contentdirections.com [end of paper] About Content Directions, Inc. Content Directions, Inc. is a consulting firm dedicated to promoting the adoption and implementation of the Digital Object Identifier (DOI) throughout all sectors of online publishing: text, music, video, photography, etc. The DOI is like the UPC (bar code) in the physical world, but for objects published online: it uniquely identifies digital content and provides a permanent link to the publisher, thus facilitating online transactions of all kinds including e-commerce, rights management, digital distribution, etc. The DOI has already been fully embraced in the Scientific Journals sector, where 61 of the largest international publishers have tagged over 2 million articles with DOIs and are in the process of cross-linking the entire primary Scientific Journal literature. Content Directions offers to all other intellectual property communities the same methodology which led to DOI’s success in the Journals sector. It also helps technology providers to See “Books by the Chapter or Verse Arrive on the Internet This Fall,” by Lisa Guernsey, New York Times (July 18, 2000), p. 1. 2 © 2001 CONTENT DIRECTIONS, INC. Page 10 understand publishers’ business requirements, and to design and build DOI support into their products and services. About the author Prior to founding Content Directions, Inc. in August 2000, David Sidman was Director of New Publishing Technologies at John Wiley & Sons, a leading global publisher of print and electronic products. His responsibilities included positioning Wiley as a successful electronic publisher through a combination of strategy development, internal projects enabling organic growth, and external acquisitions/investments. His accomplishments included establishing the online sales channel for print products (both through relationships with online bookstores and through Wiley's own Web Catalog), developing an internal R&D program which has incubated many of Wiley's electronic products, and initiating projects to develop the back-office production and e-commerce systems needed to support online publishing. At the industry level, in cooperation with other publishers and the AAP, he has founded and/or driven many key initiatives such as the Digital Object Identifier (DOI), as well as various standards involving Metadata, E-Books, Digital Rights Management, etc. Prior to Wiley, David was Director of Strategic Technologies for Moody's Investors Service, IT Director for the International Capital Markets Division of Barclays Bank, and various other positions involving Wall Street and the Information Industry. He is a graduate of Harvard University. Contact Info: David Sidman & Content Directions, Inc. David Sidman CEO Content Directions, Inc. 558 9th Street Brooklyn, NY 11215 Phone: (212) or (888) 792-1847 Fax: (718) 768-6777 Email: dsidman@contentdirections.com © 2001 CONTENT DIRECTIONS, INC. Page 11