I'll try here to raise the issues that potential epublishers might like to think about, but inevitably some of this analysis is opinionated.
DRM is unpopular with customers, and for good reasons. See About eBooks, For Customers. Many people won't buy ebooks if they include DRM. This is especially important now, during the early stages of the ebook industry. What's happening is that early-adopters – the first people to try out ebooks – are technically literate and are noticing the limitations of DRM. And if early adopters don't like the system then it won't easily move on to become mass market.
There is an argument that using DRM means higher sales, because there will be less pirate copies floating around. For a bestseller this is probably a valid argument. For anything else it seems spurious, because it's so difficult for a potential customer to track down a rare pirate that it won't be worth their while. You can see the difference in music pirating. Popular music is easy to find in pirate form on Peer to Peer networks. But specialist music is far more tricky.
Genre is also an issue. For example Science Fiction books are more likely to be pirated than romances, because in general the customers are technically more skilled. But then Science Fiction readers are also likely to be more DRM aware and put off by its limitations.
Authors and copyright owners may demand their work is published with DRM, irrespective of whether that will mean lower income or not, because the negative emotional value of risking piracy outweighs the economic positives. In this case you have no choice. But you may be able to persuade authors and copyright holders that weak DRM is acceptable and strong DRM isn't needed.
The most successful music download system is Apple iTunes/FairPlay, with more than 80% of the legal download market. It uses weak DRM, allowing multiple copies on computers and almost unlimited copying direct from these computers on to handheld devices.
Strong DRM, by comparison, might limit the customer to one computer and/or one handheld device. It's far more risky from the customer's point of view. If their computer crashes irrecoverably, they've also lost the digital items they bought. I don't know of any examples of strong DRM used in a commercially successful way. But then commercial success in the digital download arena is a strange beast, as nobody seems to make any money – success is measured by how many items you can shift while making the smallest loss
Does weak DRM encourage piracy? It doesn't seem likely. A few iTunes downloads probably find their way on to iPods that don't belong to the purchaser, but not many because the transfer has to be direct, not over the Web or by email. And certainly some tracks are ripped from iTunes to CD and the CDs find their way into friends' collections. The tracks can also be ripped from CD to unprotected MP3s, and while this surely happens, there are quality problems.
With eBook text, the quality issue doesn't add any protection, so some types of copying need to be even more carefully controlled. For example, if you allow full printing, there's a chance somebody may have a PDF driver included amongst their print drivers ( I do!). So anything they can print they can also turn into an unprotected PDF.
In general, for ebooks there's no need to get too paranoid about copying the encrypted file direct from one machine to another, but there are good reasons to be paranoid about allowing too much sampling and any printing.
I've seen epublishers with very strict DRM controls on transferring encrypted files between machines, even down to no transfers allowed at all. Their customers will inevitably lose the ebooks they buy. I wonder how long these companies will be in business? Or even if they care.
There is a financial overhead in running a DRM system. You'll need a web server that deals with decryption key requests and allocations, and web pages for transferring key allocations. Or alternatively you'll need to rent these services from somebody. It's a significant overhead.
In the long term, you have to maintain this server indefinitely, otherwise your customers will lose the ebooks they purchased. If somebody else is supplying the DRM server service to you, they have to maintain it indefinitely, or the same applies.
The clear winner is Adobe (ebook PDF). PDF is a very popular format, and has lots of security options. The company won't be going out of business soon. Customers have to download a special PDF reader (not the normal one) to read their books, but no big deal.
The second option has to be Microsoft Reader. Quite similar to the Adobe system in many ways, and the company isn't about to disappear. It also needs a customer download for ebooks to be read.
Everything else is minor league, but some systems may still be worthwhile. For example the Palm (hand-held) eReader DRM looks interesting, though I'm not convinced about it either way (maybe something to look at later).
The small ebook DRM companies? I haven't seen one I'd invest in. But who knows?
More TinHat articles on Ebooks and Epublishing