I want to put data on a disk only for people to read and not for them to be
able to copy. I’d like to do this for email as well. How can I do this?
No, this question didn’t come from the MPAA, or the RIAA, but it certainly
seems like they’ve been asking the same question lately. How do you create
content, be it MP3’s, movies, or just random data for business purposes, that
can be used, but not copied.
That’s right, we’re talking copy-protection and digital rights management
My opinion? It’s a lost cause.
Become a Patron of Ask Leo! and go ad-free!
I want to start by clarifying something: I am not
advocating piracy. Copying or downloading copyrighted material is stealing,
pure and simple, no matter what the technologies are involved.
As we’ll see in a second, I believe that attempts to thwart copying by
technological means are ultimately doomed to failure, and the business that
rely on mass sales of materials with the requirement that they cannot be
further copied need to start looking for a different business model.
The first thing we need to understand is that “reading” and “copying” are
really the same thing. Data on a disk is just that; data. Bits. In order to be
able to use the data, you need to be able to read the data from the disk.
Similarly, a copy operation is just reading data, and then writing it somewhere
else. If you prevent reading, you prevent copying, but you also prevent
There have certainly been various technologies over the years that have
attempted, through hardware and/or software, to restrict who can read the data,
but ultimately they’ve failed.
What’s more common, and might point to a solution for your purposes, is not
to prevent the actual copying of data, but to restrict what can be done with
the data once it’s been copied.
A good example of this is that when you purchase an song from iTunes, the
file you download can be copied anywhere, as much as you want. I do this to
back up my iTunes library, for example. You just can’t use all of those copies.
Through what’s called “digital rights management”, the music is encrypted in
such a way that only iTunes is supposed to be able to decrypt and play the
music, and only if the machine it’s on is authorized to play it. In practice
this actually works very well. Apple allows you to pick up to 5 computers to
“authorize” for each download, and you can easily move the authorization from
one computer to another should you so desire.
But it’s not perfect. iTunes encryption has been hacked, and you can make
unprotected copies of the songs you download from iTunes. Illegal
In fact, the same is true for DVDs – the content is encrypted, supposedly
only decryptable by legitimate DVD players, but that too was quickly cracked.
Even as I write this the (incredibly complex) encryption used on HD-DVDs and
Blu-ray has reportedly been hacked.
intended for mass distribution but ultimately you can’t make it
As I expected it would.
The problem is that in order to be able to use something, you need
to somehow legitimately be able to decrypt and read it. That means that the
means for decrypting something must be present on the devices used to do so.
Ultimately that makes them discoverable, with enough effort.
And that’s really the bottom line. You can make it hard to copy and use
something that’s intended for mass distribution but ultimately you can’t make
Now, there are some possibilities depending on your particular situation,
who you trust, and who you’re attempting to protect your data from.
If you don’t trust the people who are legitimately using your data – well,
you’re pretty much screwed. That’s the position that the music and movie
industries are in, and as I’ve just described, you can see how well that’s been
If you do trust the legitimate users of your data, though, there
are possibilities. The simplest is simply to encrypt the data with a password
that only you and they know. I’d use TrueCrypt for this. Or, if you like, use a public key encryption
scheme such as that in GnuPG – rather than
requiring knowledge of a password, it requires possession of
the appropriate key in order to access your data.
The trust required here is that your legitimate users won’t:
share the unencrypted data with people they should not
share the password or decryption key with people they should not
As for email, the same rules apply: anyone that can view an email can copy
it. Therefore if you don’t trust your recipients, you’re screwed. If you
do trust them, then an encrypted email solution is your best bet to
avoid others gaining access to the messages.