DRM is a lie
Charlie Demerjian at the Inquirer recently wrote about DRM in an article titled “DRM is a complete lie - Opinion It has never protected a single thing” with which I totally agree. I suggest taking the time to read it since it tells the ugly truth about something that might become an integral part of our lives and is already causing a lot of misery.
As a computer scientist with some knowledge in security and cryptography (and having the privilege to study with professor Adi Shamir from RSA) I must say that it is true that DRM protects nothing. The whole premise underlying a DRM system is that the key to unlock the content can be acquired by the user and so the content can be decrypted (and then in theory also converted to DRM-less formats). According to DRM supporters the users do not know how the system works internally so given the media and the key they won't know what to do with it, however from scientific point of view it is common knowledge that the details of any system can always be discovered with some reverse engineering so if the key is revealed so is the secret.
A few examples to illustrate it are DVD protection and Apple DRM (broken both by Real Networks and by DVD Jon). Not only that they were both broken but rather they are broken by definition and people even went into the trouble of creating programs to strip this DRM (the same principle holds for WMDRM although no program is yet available on the Net for stripping it, but of-course one is bound to arise sooner or later). Compare this to RSA, which is not broken, and with a sufficiently large key cannot be ever broken on computers as we know them today, disregarding how fast they become (unless one solves a very hard mathematical problem that is considered by many to be solvable only on a quantum computer but this is a different subject altogether, and quantum computers are a totally different beast). Yet once the key is known, the fact that RSA is not broken is irrelevant since any system that gives the user the key is by definition keeping no secret and hence is insecure.
Another interesting example is the broadcast flag, the flag is not securing the media in any way, it is just saying what one can or can't do and by the DMCA it will be illegal to violate the terms of the flag and so even though nothing is physically enforcing the usage policy, the existence of the flag is the protection. I would like to argue that it is just as good as DRM.
Of-course Microsoft and Apple and Google know it very well, so why all the fanfare around DRM? And why are Apple and Microsoft (and now Google) selling the DRM concept to the studios/labels? I have to agree again with the article that this is business related and it essentially gives control to the content owner and makes it possible to re-sell the same media over and over again. The best example here is UMD, the law makes it illegal to rip a legally purchased DVD and copy it to a PSP and Sony, in an attempt to take an advantage of this, thinks that one should buy the movie again.
Another question that we need to ask ourselves is what’s in it for Microsoft and Apple? The answer here is very simple - world domination. Computer companies like Apple and Microsoft try to control the software that forms the basis for everything people do. They do not want open standards they want their stuff to be the de-facto standard and then maybe they will license it or portions of it. Microsoft has always been doing it with Windows and Apple is doing it now with the iPod and their Fair Play DRM system. And for all the naive people that yearn for a standard DRM system, I say that you have a fundamental flaw in your thinking since there is already a standard system and it is Apple's Fair Play. When you control 80% or 90% of something you are the standard. The problem is that the standard is not open and cannot even be licensed, which goes back to world domination.
Another example regarding world domination (although unrelated to DRM) is what Microsoft did with the XBOX 360. They made it a great MCE extender in order to promote MCE but crippled its ability to play video with Windows Media Connect also in order to promote MCE. But this is not all; Windows Media Connect is based on an open standard (called UPnP AV) and works with many devices. One would think that the XBOX 360 is just another device and therefore it should be possible to use the XBOX 360 with other UPnP AV servers (e.g. the ones used by those other devices or with TVersity) and that those can be an alternative to Windows Media Connect. Well, surprise surprise, Microsoft made it impossible to do this by making the XBOX 360 deviate from the standard for no reason whatsoever (I mean if they added some features and improved the user experience it would be kind of ok, but they just removed features) and they also chose to keep the details secret in attempt (futile?) to block others and achieve you guess it, world domination.
So given all that, what is the future of DRM? It will die out a natural death just like Windows is loosing its importance to the Internet (which is 100% based on open standards). For some reason that I cannot explain, history shows that all the attempts made by one to attain world dominance will eventually fail. It keeps happening to Microsoft, which e.g. went into all this trouble to define its proprietary network standard and its own private Internet and eventually had to accept TCP/IP and the public Internet.
I just wish we, as a society, could avoid wasting all this energy attempting to dominate the world and instead learn to work together. Look at the Internet, the WWW, email, RSS, so many great things happen when people put aside their ego and ambition to dominate others and just focus on promoting the state of things, so why do we keep repeating the same mistake?
As a computer scientist with some knowledge in security and cryptography (and having the privilege to study with professor Adi Shamir from RSA) I must say that it is true that DRM protects nothing. The whole premise underlying a DRM system is that the key to unlock the content can be acquired by the user and so the content can be decrypted (and then in theory also converted to DRM-less formats). According to DRM supporters the users do not know how the system works internally so given the media and the key they won't know what to do with it, however from scientific point of view it is common knowledge that the details of any system can always be discovered with some reverse engineering so if the key is revealed so is the secret.
A few examples to illustrate it are DVD protection and Apple DRM (broken both by Real Networks and by DVD Jon). Not only that they were both broken but rather they are broken by definition and people even went into the trouble of creating programs to strip this DRM (the same principle holds for WMDRM although no program is yet available on the Net for stripping it, but of-course one is bound to arise sooner or later). Compare this to RSA, which is not broken, and with a sufficiently large key cannot be ever broken on computers as we know them today, disregarding how fast they become (unless one solves a very hard mathematical problem that is considered by many to be solvable only on a quantum computer but this is a different subject altogether, and quantum computers are a totally different beast). Yet once the key is known, the fact that RSA is not broken is irrelevant since any system that gives the user the key is by definition keeping no secret and hence is insecure.
Another interesting example is the broadcast flag, the flag is not securing the media in any way, it is just saying what one can or can't do and by the DMCA it will be illegal to violate the terms of the flag and so even though nothing is physically enforcing the usage policy, the existence of the flag is the protection. I would like to argue that it is just as good as DRM.
Of-course Microsoft and Apple and Google know it very well, so why all the fanfare around DRM? And why are Apple and Microsoft (and now Google) selling the DRM concept to the studios/labels? I have to agree again with the article that this is business related and it essentially gives control to the content owner and makes it possible to re-sell the same media over and over again. The best example here is UMD, the law makes it illegal to rip a legally purchased DVD and copy it to a PSP and Sony, in an attempt to take an advantage of this, thinks that one should buy the movie again.
Another question that we need to ask ourselves is what’s in it for Microsoft and Apple? The answer here is very simple - world domination. Computer companies like Apple and Microsoft try to control the software that forms the basis for everything people do. They do not want open standards they want their stuff to be the de-facto standard and then maybe they will license it or portions of it. Microsoft has always been doing it with Windows and Apple is doing it now with the iPod and their Fair Play DRM system. And for all the naive people that yearn for a standard DRM system, I say that you have a fundamental flaw in your thinking since there is already a standard system and it is Apple's Fair Play. When you control 80% or 90% of something you are the standard. The problem is that the standard is not open and cannot even be licensed, which goes back to world domination.
Another example regarding world domination (although unrelated to DRM) is what Microsoft did with the XBOX 360. They made it a great MCE extender in order to promote MCE but crippled its ability to play video with Windows Media Connect also in order to promote MCE. But this is not all; Windows Media Connect is based on an open standard (called UPnP AV) and works with many devices. One would think that the XBOX 360 is just another device and therefore it should be possible to use the XBOX 360 with other UPnP AV servers (e.g. the ones used by those other devices or with TVersity) and that those can be an alternative to Windows Media Connect. Well, surprise surprise, Microsoft made it impossible to do this by making the XBOX 360 deviate from the standard for no reason whatsoever (I mean if they added some features and improved the user experience it would be kind of ok, but they just removed features) and they also chose to keep the details secret in attempt (futile?) to block others and achieve you guess it, world domination.
So given all that, what is the future of DRM? It will die out a natural death just like Windows is loosing its importance to the Internet (which is 100% based on open standards). For some reason that I cannot explain, history shows that all the attempts made by one to attain world dominance will eventually fail. It keeps happening to Microsoft, which e.g. went into all this trouble to define its proprietary network standard and its own private Internet and eventually had to accept TCP/IP and the public Internet.
I just wish we, as a society, could avoid wasting all this energy attempting to dominate the world and instead learn to work together. Look at the Internet, the WWW, email, RSS, so many great things happen when people put aside their ego and ambition to dominate others and just focus on promoting the state of things, so why do we keep repeating the same mistake?
