Most people associate the action of downloading a file to be making a copy of the file – and they are right. And in the world of Intellectual Property Rights (Copyright) we always talk about controlling of making copies. But are these two things incompatible?
Here we discuss some of the reasons why downloading is necessary and the impact if it is stopped, and then look at secure downloads – stopping use of downloaded content, or controlling use of downloaded content – to achieve a cost-efficient and secure approach.
As is so often the case in IT, it depends on what is actually happening at the technical level that decides success or failure. (Lessig’s Law says what you do is decided by the programmer.)
Let’s take the case of information being viewed in the browser.
Everything you view in a browser is automatically downloaded to a cache on your hard disk. The Temporary Internet Files (or cache) folder is used by browsers to store webpage content on the computer hard disk to speed up viewing. So the cache lets the browser download only content that has changed since you last viewed a web page, instead of downloading all of the content every time the page is displayed. That makes downloading much quicker!
Depending on the information you are trying to protect, however, you might not want to stop it anyway. For example, there are big overheads if you open a PDF on a server and then smooth scroll down the page with every single line of pixels being sent over the network. If you did this there could be major server overheads or response time problems, or likely both.
So if downloading is to solve a performance problem, why is controlling downloads (secure downloads) such a problem?
The Internet was made to facilitate sharing information, so it is difficult to stop people from being able to download files, especially if you want some people to be able to download them, but not just anybody or everybody.
If you have your information on a server in an unprotected form, there are several free tools available (do an Internet search on ‘download website’) that will transfer a publicly accessible web site onto someone’s hard drive, where they can be examined at leisure. So if you want to stop illegal downloading you will need to keep the information you want to protect in an encrypted form so it is of no use to anyone without information from you, or you put it on a server that is not publicly accessible. But then you must be sure that the recipient is not going to misuse it.
There have been some ingenious approaches to try and stop unauthorized downloads of content by using secure downloads:
Of course, none of these will prevent the recipient, once they have downloaded the file(s) from then passing them on, or uploading them to one of the torrent download sites. It may have been a lot of work for nothing?
So if you want to prevent other people from making your files available for illegal downloads you have to do something more to protect them than just relying on secure download software. That will involve using encryption since that is the only really effective tool to stop people from using files they have got hold of when they should not. An encrypted file is no use to anyone without the software to decrypt the file (it need not be in a ‘standard’ format like OpenPGP), and also the keying information to go with it.
Now this all starts to get a bit complicated. Users have to be ‘authenticated’ in some way, keying information has to be given to them secretly (if they know what the information is they can give it away just like they could give away the unencrypted files) – that is why passwords are a useless method of protection because they can be given to others. Also the keying information must not be part of the protected file or it can be too easily recovered and all protected files compromised. Users also have to be prevented from being able to make uncontrolled copies or they can still compromise the system.