Is Interoperable DRM Really Less Secure?

Crouch and hold writes "Are closed DRM schemes like FairPlay more secure than interoperable ones? Based on the number of cracks, it doesn't look like it. 'When it comes to DRM, what history actually teaches us is that one approach is no more secure than the other in practice, as they relate to the keeping of secrets. Windows Media DRM has had fewer security breaches than Apple's FairPlay, yet WM DRM is licensed out the wazoo: there are more than a dozen companies with WM DRM licenses.'"

+5 informative

[macadamia_harold]

Windows Media DRM has had fewer security breaches than Apple's FairPlay, yet WM DRM is licensed out the wazoo

I had no idea that the MS licensing department was actually an orifice.

Re:+5 informative

[DECS]

FairPlay = 2 Billion songs, 10 million movies

MS PFS DRM = 100,000 songs sold?

MS Zune DRM = 250 songs sold?

Leave it to ArsTechnica to suggest that number of exploits or number of licensees somehow relates to the complexity of managing DRM across multiple vendors.

Microsoft is also better suited to handle multiple vendors, as it already licenses OEM Windows, WinCE and various other products. Apple has only ever tried to license the Mac OS and Newton, license FireWire, and franchise iPods though HP, and license ad campaigns like Made for iPod. Apple isn't set up to license FairPlay, nor is it within its core competency.

A riddle of warfare between Apple and Microsoft: Steve Jobs and the iTunes DRM Threat to Microsoft presents DRM as a shot across the bow of Microsoft's flagship, but suggests that, beyond DRM, "Apple is targeting another Microsoft mainstay with a missile that may cause far more damage than the iPod and iTunes together." 2007 - Apple Strikes Back chronicles the recovery of Apple over the last decade, and Apple's Open Source Assault hints at how Apple will engage Microsoft. What is Apple up to?

Re:+5 informative

[Eustace+Tilley]

You have been answered twice already, but I cannot resist telling you again.

Cryptography is used so that a message from A can be read by B but not by C. With DRM, B and C are the same person.

The message from A (the publisher) must be readable by B (the consumer) but not by C (the consumer).

I hope you understand now why DRM is a concept flawed in its fundament.

DRM would be useful. So would a perpetual motion machine. It is wishful thinking to believe that the sheer utility of a function means it is capable of being produced.

Hang on, you can't have it both ways...

[spoco2]

Windows Media DRM has had fewer security breaches than Apple's FairPlay, yet WM DRM is licensed out the wazoo: there are more than a dozen companies with WM DRM licenses. Hang on... so in this case, where it's a Microsoft product that's fairing better you apparently can being into play the 'well, it's not used on nearly as many devices as the Apple version' shtick. Yet when OSX fares better than Windows in virus threats you aren't allowed to use the exact same and just as legitimate argument that Windows is installed on VASTLY more machines than OSX, and as such is a MUCH greater target for compromise?

How does that work?

Insecurity vs policy

[Space+cowboy]

I'm not suggesting this is official Apple policy, but just because something has been cracked more times than any other doesn't actually imply much. If Apple deliberately set the bar low, then they fulfill their obligation and allow the counter-culture to flourish as much as the "official" party line. Hmmm, who would that benefit ?

I know some very smart engineers at Microsoft, and I know some very smart engineers at Apple. Devising a hard-to-break DRM system wouldn't be beyond any of them, and iTunes really doesn't go to too much effort. I'll let you draw your own conclusions :-)

Simon.

Re:Insecurity vs policy

[kfg]

If Apple deliberately set the bar low, then they fulfill their obligation and allow the counter-culture to flourish as much as the "official" party line.

Bingo!

Apple is doing the minimum necessary in order to be allowed to sell content. Microsoft is trying to do the maximum possible in order to sell the security system to the content owners.

Their markets are entirely different, so their products are entirely different.

KFG

funny

[ArbitraryConstant]

Funny how Apple supporters dismiss this reason when it's applied to Windows security, but when it supports Job's reasons for keeping FairPlay closed it's accepted.

Fewer security breaches?

[Incoherent07]

It only takes one. Last I checked the FairUse4WM hole still hasn't been fixed.

It could just be poor implementation

[Infonaut]

Funny how Apple supporters dismiss this reason when it's applied to Windows security, but when it supports Job's reasons for keeping FairPlay closed it's accepted.

You're right to point out the contradiction. However, another way of interpreting it is just that FairPlay is simply not as well-iplemented as Windows Media DRM. That would be an interpretation consistent with the view that Windows gets cracked not just because of its market dominance, but also because of its flaws in implementation. Maybe Apple simply isn't as good at DRM as Microsoft, which isn't necessarily such a bad thing.

Who has the best BAD IDEA?

[IBitOBear]

It's like that thing were people propose a truly horrific law because they know they will be "forced to settle" for a merely terrible law.

No Digital Restriction Management is good. NONE of it.

I am not anti-encryption.
I am not anti-artist.

But any scheme that involves someone "selling" or "giving" me something so provisionally that they can then just take it back is simply a BAD IDEA.

The next step down this road is the one where some Bad Actor gets to send people threatening letters and blackmail that is "unprintable", "read only once", "no screen shot", "read only for 1 minute", watermarked to prevent your camera from taking a picture of the screen. Leaving you, in turn, with no proof for a complaint and then leaving the police with no clues while they are pondering over your corpse.

Eh, so what, at least some music executive is *sure* to get to split the full 99-cents that he ripped off the consumer for, in the name of an artist who got a bill for overages in production.

Oh, wait... which kind of Illegal Prior Restraint (commonly misspelled DRM) was good again?

It is _NEVER_ helpful to repeat the artificially biased question as if it represents something worth answering.

The question, as stated, presumes facts not in evidence, namely that the DRM that is harder to break is in any possible way "Better".

Security through Obscurity

[flaming+error]

Does Swiss Cheese have more holes when its package is opened or when it is closed?

Re:fairplay vs. wm?

[suv4x4]

Doesn't mean anything when you consider the market share of Apple vs. all of the Microsoft-licensed stores combined. Clearly people will be cracking the more-popular DRM, and that happens to be Apple's FairPlay.

You know, I once started thinking a lot and realized nothing ever means anything. It's all just a bunch of people arguing over unprovable hypotheses in a one-up-man-ship style and eventually spinning whatever facts they have in their disposal to reach a goal determined in advance before any analysis was done.

Wow. I'm boring.

You missed a bit

[Space+cowboy]

Quite an important bit, actually.

Apple had to sign over the right for the record-labels to pull their entire catalogue from the iTunes store, if a breach happens and Apple don't fix it in a timely manner.

Jobs doesn't care about DRM, but (because he's sane) he doesn't want to lose the iTunes store either - here's his nightmare scenario:

• Apple licence fairplay to all who'll pay the fee
  
• Some no-mark MP3-player company pays the fee, gains the licence, but screws up and somehow the encryption codes are made public - a bit like the first crack of DVD's was because some no-mark company screwed up their encryption key
  
• Apple release a fix
  
• No-mark company doesn't release the fix for *their* client-base, maybe there's no firmware update...
  
• Apple lose all their iTunes songs from the "big 4".
  

Now Apple can try and pin liability on No-mark company, but at the end of the day, the iTunes store contract is between Apple and [insert record label], and if fairplay is compromised, [record-label] are fully entitled to pull their catalogue...

See it now ?

Simon

Does licensng DRM lead to success?

[mveloso]

Again, this question isn't the right question. DRM is not interoperable. Using the word "interoperable" is deliberately confusing, because DRM by definition isn't interoperable. It's a method of restriction, not an operatable thing per se.

The operative word is "third party licensed."

Audible.com is licensed to multiple vendors. How have those vendors done? Besides the iPod, Audible.com's DRM is licensed to a number of other players. Has it been a major factor in anyone's purchase? Possibly, if they want to listen to audible.com content.

WMA/Plays for Sure is licensed to multiple vendors. How have those vendors done? The market has spoken.

Zune WMA isn't licensed. The market is in the process of working out how the Zune is doing, but the prognosis isn't good.

FairPlay isn't licensed. The iPod is doing great.

The iPod is reallly a good example of what's called a "Network Effect Monopoly." People buy iPods because it has the most accessories. The iPod has the most accessories because people buy iPods. Etc etc etc. eBay is the same: people sell on eBay because the buyers are there. The buyers are there because everyone sells on eBay. Ad infinitum.

Will licensing FairPlay change this? No. If Apple licenses FairPlay to hardware makers, it'll make the iTMS even more dominant. If Apple licenses FairPlay to other stores, it'll make the iPod even more dominant in hardware. If it licenses FairPlay to everyone, then Apple will sit on the dominant DRM system, period.

As I said before, there isn't one thing that makes the iPod successful. But of those things, DRM is definitely not one of them.