Helping people with computers... one answer at a time.

Record companies have been wanting to do this for years: make files that you can use but not copy. If that's what you want, you, and they, are doomed.

I want to put data on a disk only for people to read and not for them to be able to copy. I'd like to do this for email as well. How can I do this?

No, this question didn't come from the MPAA, or the RIAA, but it certainly seems like they've been asking the same question lately. How do you create content, be it MP3's, movies, or just random data for business purposes, that can be used, but not copied.

That's right, we're talking copy-protection and digital rights management here.

My opinion? It's a lost cause.

I want to start by clarifying something: I am not advocating piracy. Copying or downloading copyrighted material is stealing, pure and simple, no matter what the technologies are involved.

As we'll see in a second, I believe that attempts to thwart copying by technological means are ultimately doomed to failure, and the business that rely on mass sales of materials with the requirement that they cannot be further copied need to start looking for a different business model.

The first thing we need to understand is that "reading" and "copying" are really the same thing. Data on a disk is just that; data. Bits. In order to be able to use the data, you need to be able to read the data from the disk. Similarly, a copy operation is just reading data, and then writing it somewhere else. If you prevent reading, you prevent copying, but you also prevent use.

There have certainly been various technologies over the years that have attempted, through hardware and/or software, to restrict who can read the data, but ultimately they've failed.

What's more common, and might point to a solution for your purposes, is not to prevent the actual copying of data, but to restrict what can be done with the data once it's been copied.

A good example of this is that when you purchase an song from iTunes, the file you download can be copied anywhere, as much as you want. I do this to back up my iTunes library, for example. You just can't use all of those copies.

Through what's called "digital rights management", the music is encrypted in such a way that only iTunes is supposed to be able to decrypt and play the music, and only if the machine it's on is authorized to play it. In practice this actually works very well. Apple allows you to pick up to 5 computers to "authorize" for each download, and you can easily move the authorization from one computer to another should you so desire.

But it's not perfect. iTunes encryption has been hacked, and you can make unprotected copies of the songs you download from iTunes. Illegal unprotected copies.

In fact, the same is true for DVDs - the content is encrypted, supposedly only decryptable by legitimate DVD players, but that too was quickly cracked. Even as I write this the (incredibly complex) encryption used on HD-DVDs and Blu-ray has reportedly been hacked.

"You can make it hard to copy and use something that's intended for mass distribution but ultimately you can't make it impossible."

As I expected it would.

The problem is that in order to be able to use something, you need to somehow legitimately be able to decrypt and read it. That means that the means for decrypting something must be present on the devices used to do so. Ultimately that makes them discoverable, with enough effort.

And that's really the bottom line. You can make it hard to copy and use something that's intended for mass distribution but ultimately you can't make it impossible.

Now, there are some possibilities depending on your particular situation, who you trust, and who you're attempting to protect your data from.

If you don't trust the people who are legitimately using your data - well, you're pretty much screwed. That's the position that the music and movie industries are in, and as I've just described, you can see how well that's been working.

If you do trust the legitimate users of your data, though, there are possibilities. The simplest is simply to encrypt the data with a password that only you and they know. I'd use TrueCrypt for this. Or, if you like, use a public key encryption scheme such as that in GnuPG - rather than requiring knowledge of a password, it requires possession of the appropriate key in order to access your data.

The trust required here is that your legitimate users won't:

  • share the unencrypted data with people they should not

  • share the password or decryption key with people they should not

As for email, the same rules apply: anyone that can view an email can copy it. Therefore if you don't trust your recipients, you're screwed. If you do trust them, then an encrypted email solution is your best bet to avoid others gaining access to the messages.

Article C2934 - February 14, 2007 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

9 Comments
Simon
February 14, 2007 7:57 PM

I can't find it now, but this reminded of me of an emailed joke I saw a while back. It was something like, the text:

"At last! I have developed the perfect copy protection: this Word document can be read only by the intended recipient, and neither copied or distributed!"

...clearly displayed in MS Word in a *digital photo* of the screen, in jpg format.

In other words, you can never plug the 'analogue hole'; and the RIAA's attempt to do so through HDCP is, thankfully, doomed to complete and inevitable failure.

Ken
February 15, 2007 8:14 AM

My most recent encounter with broken copy protection was on a game I purchased for my son. I installed it on my system, and it immediately crashed upon startup. I uninstalled/reinstalled it -- same thing. I installed it on my son's system -- same thing.

I went to the manufacturer's website to see if there was a patch available, only to find the user forum full of hundreds of complaints about the exact same thing -- the game simply wouldn't run, and crashed up startup.

The cause? The copy protection would crash on many systems. With no word of a solution/workaround/patch from the manufacturer, people started posting URLs of cracked versions of the game, just so that people who legitimately owned the game could play it with the illegal copy.

vmunster
February 16, 2007 12:33 PM

I just wanted to first say that I am not trying to shill or spam but my company actually has an email security software program that does exactly that. But our software doesn't require a server which means the only two people involved in the email thread quite literally is the author and the recipient. Our software also prevents, editing, printing, screencapturing, and forwarding of emails. And we have an authentication feature where only the email addresses you specifiy as the recipient can decrypt the message.

Leo, I know you said that DRM is quite impossible and I can agree to a certain extent. If someone tries hard enough, I'm sure most encryption algorithms can be cracked but try out product and let us know what weaknesses you see. We would really appreciate the feedback and what we can do to improve it.

Leo Notenboom
February 16, 2007 1:15 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm almost certain I can screen capture and forward anything. And even
if technically disabled (which I believe I have a technique to work
around) -- a digital camera can still work wonders these days.

The fact remains: if the recipient can see it, it can be copied.

Somehow.

Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFF1h7wCMEe9B/8oqERAvmeAJ4oiiO1h31oZG3qmawDDfIMkDvp6gCfWBfa
1jIbuIRxYesKpqPBiCQff4Y=
=kxPh
-----END PGP SIGNATURE-----

Greg
February 16, 2007 4:32 PM

ANYTHING that can be recorded visually or audibly can be copied.

A book can be photo copied or scanned and OCR'ed. A movie on a film reel can be camcordered in the theater. And if something's been encrypted, once it's been decrypted by the receiving party, you have to trust them not to misuse it or leave the decrypted copy laying around in a manner than can be duplicated.

There is only one way to ensure your greatest ideas are never copied... keep them to yourself (and make sure you don't talk in your sleep). :-)

Roberta Gallant
February 17, 2007 6:11 AM

Hello, Leo,

What causes windows applications not to respond?
Microsoft should now hurry up and create much more solutions for windows applications when they do not respond sometimes. Do you agree with me?

Simon
February 17, 2007 6:27 AM

Roberta:

see http://ask-leo.com/not_responding_what_does_it_mean_and_what_do_i_do_about_it.html

For future reference, this is the box to comment on this article, e.g. my comment above. The 'ask your question' searchbox is at the top right of the page.

Just so this post won't be *completely* off-topic, one the basis that everyone likes a wikipedia link, http://en.wikipedia.org/wiki/Analog_hole

h
April 25, 2007 10:53 AM

Google's book search has a very nice feature which prevents copying.

Roberta Gallant
July 21, 2008 12:38 PM

Hello, Leo,

This is Roberta Gallant in Concord, New Hampshire, again. I have a problem in
the Add Or Remove Programs windows. Almost all the software programs I installed into my computer are missing from the Add Or Remove Programs list window? What should I do about this issue now?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.