Slashdot Mirror
The DRM Scorecard
An anonymous reader writes "InfoWeek blogger Alex Wolfe put together a scorecard which makes the obvious but interesting point that, when you list every major DRM technology implemented to "protect" music and video, they've all been cracked. This includes Apple's FairPlay, Microsoft's Windows Media DRM, the old-style Content Scrambling System (CSS) used on early DVDs and the new AACS for high-definition DVDs. And of course there was the Sony Rootkit disaster of 2005. Can anyone think of a DRM technology which hasn't been cracked, and of course this begs the obvious question: Why doesn't the industry just give up and go DRM-free?"
Just because the ability exists to crack it, doesn't mean that the average Joe on the street can do so.
It discourages casual copying, nothing more, but I can't imagine it was intended to do any more. Nobody's that stupid.
"It is possible to commit no errors and still lose. That is not a weakness. That is life." -Peak Performance
Frivolous lawsuits. Until the RIAA finally realizes that its lawsuit tactic isn't working it's the only attempt at DRM that hasn't been made completely useless yet. Unfortunately I don't see that happening unless/until they lose bigtime in multiple court cases.
The same effect has been observed in software for years, Windows XP had an activation thing built in, anyone who knew what they were doing would bypass it, anyone who didn't (and didn't know anyone who did) would eventually go and buy superfluous copies of software they already owned.
Okay, let's try Alex Wolfe's argument in a different context:
"When you list every major law implemented to "protect" life and property, they've all been broken. Can anyone think of a law which hasn't been broken, and of course this begs the obvious question: Why doesn't society just give up and go law-free?"
DRM doesn't have to be perfect to do its job, anymore than law enforcement has to be "perfect". It just has to be effective enough to keep Joe Average from copying the file. Whether or not DRM is actually "good" or "bad" for media producers is a completely different argument, but Wolfe's sophomoric reasoning does nothing to address it.
DRM is just "an electronic lock".
There's a well known saying "Locks secure you against honest people" (or words to that effect).
The hard-core/organized/professional criminals have the skills, technology and motivation to bypass these "security measures".
Remember people, locks aren't about making you secure, they're about making you FEEL secure.
s/locks/airport security screening procedures/
s/locks/the department of homeland security/ (well, that and political empire-building and creating a police-state by stealth)
Smokey The Bear Says: Only YOU can prevent the violation of your civil rights "in the interest of National Security".
Visit CryptoGnome in his home.
A mechanism that is difficult to crack (whether that is a physical lock or DRM or password) makes it harder for the cracker and reduces the likelihood of someone actually doing the cracking. That removes casual crackers from the equation.
It also makes the cracking act more deliberate and makes it far harder for someone to claim: "That diamond got in my pocket.... I just found it on the sidewalk and thought it had been thrown out." or "Oh that music on my MP2 player... I thought it was free!"
Engineering is the art of compromise.
There's only one copy protection system I know of that hasn't been (meaningfully) cracked, and that's MediaCipher, created by Motorola for the cable TV crowd. Ironically, it was one of the first ones ever created. (Of course, it helps that the boxes implementing MediaCipher are only rented -- never sold -- to end-users.)
Copy protection next showed up in a major way for computer games, most notably for the Apple ][ computer. This fetish briefly spread into applications software as well as games, until the users thundered, "No Fscking Way." It took about four to six years for this to shake out.
Despite the fact that there is no conclusive evidence that copy protection has any meaningful impact on sales, anti-copying measures are still used extensively, but by no means universally, throughout the games industry. In particular, Unreal Tournament's initial anti-copying measures are little more than perfunctory, and are later dropped entirely.
Near as I can determine, copy protection advocates claim as axiomatic that unsanctioned copying will depress sales to livlihood-threatening levels. They cleave to this axiom with a fervor usually associated with religious fundamentalists. However, every time this axiom is honestly examined, mitigating or even entirely contradictory evidence is discovered. Yet the myth persists.
It's not the technology we need to combat (since Turing proved it can never work). It's the defective thinking.
Schwab
Editor, A1-AAA AmeriCaptions
Unfortunately, the analogy doesn't quite hold. Breaking into bank vaults is more like performing a brute force attack on a DRM scheme, every time you wanted to break it. DRM schemes don't work like that. Typically once a scheme is compromised, it becomes possible for anyone subject to it to break it almost instantly. All it takes is for someone to write a quick tool that automates the cracking process and all the barriers presented by the DRM scheme pretty much fall away.
I'd say that DRM schemes are like having one giant bank vault. Yes, it will eventually get compromised, and once it is, everything inside is trivial to take.
Fundamentally, you're spot on. It is a hell of a lot worse than bank vault security. You can't have the party it's secured against also the one it decrypts for. It just makes no sense! All DRM is crackable by definition, they know this, they just want to make it as much of a hassle as possible.
No, it's flawed because it CAN be cracked easily: The decrypting key is in the firmware contained in your DVD player.
In cryptography, we have an explanation using Alice and Bob. Alice is communicating with Bob, while Eve (eavesdropper) tries to decrypt the message. Alice and Bob have the key to decipher the message, but Eve doesn't. She wants to decrypt the communication *without* the key.
A --- E --- B
Alice in this case, is the Digital Media producer (or encrypter), and B is your DVD. You're Eve. The problem with DRM is that Eve *HAS* the key. By cracking the DVD software (some disassembly, debugging and you're done), Eve can obtain the key from Bob.
A --------- B E
This is the problem with DRM. It's flawed by design. The DMCA is a legal "patch" to this algorithm, punishing Eve if she gets the key from Bob. The problem with DMCA is that the punishment doesn't apply to all countries, and trying to enforce it results in attacking freedom of speech.
It is all about enforcing a monopolistic distribution channel, a walled garden. They are trying to get all of the pie, not just a chunk. I went into more detail here:
http://www.theinquirer.net/?article=29161
-Charlie
Sure there is. A correctly employed OTP is completely, mathemathically proven, uncrackable.
But there is no uncrackable DRM-technology. There can't be. By nessecity the users machine MUST contain all the information needed to decode the media. If it didn't, it couldn't display it. If it can display it, it fundamentally CAN also save it in an unrestricted format.
Yes, it may be more or less tricky to get at the keys. But it'll always be *possible*.
Locks are a good way to keep honest people honest, but they should be simple and unobtrusive. The reason why we have key locks on our front doors instead of complicated biometric systems (this may be the wrong audience for this comment) is that they are simple, cheap and less prone to failure.
Remember the front door is public, the lock is public but only the owners have the key. The front door system works because not everyone who can get to the door has the key. DRM simply doesn't work because you have the content, the lock and the key.If this were really happening, what would you think?
Not trying to be a troll. But I strongly disagree with the hive-mind about DRM being as hopeless as the comments proclaim.
Frist off, digital piracy isn't that different from brick-and-mortar piracy -- sellers will always try to find ways to prevent theft, and those who want to pirate stuff will always find ways to circumvent the checks. This is human nature and the it'll probably never change.
Second, while we (rightly) think that the RIAA could save itself a lot of effort by revamping its model, that argument doesn't scale to other media. For example, movies. Movies are expensive to make, and don't sell in the same volumes as songs. The RIAA might easily solve its problems by moving to an AllOfMp3-like model, and pricing structure. But the MPAA won't be able to do the same -- charging 10 cents a movie will mean that they need to sell about 150 times the volume to make similar profits. Charging even $4 a movie will be enough incentive for people to go back to bittorrent. So clearly, its a never-ending tug of war, and while we think the RIAA/MPAA should in good faith adjust it's pricing model etc. the MPAA (at least) can't rely on the same good faith from its customers.
But of course, the RIAA and MPAA are not blameless. And neither are Apple and MS and anyone else creating DRM schemes for multimedia formats (in fact, perhaps the Apple and MS folk are more guily than the RIAA/MPAA. Thier real sin is, they are trying to exploit a side-effect of DRM by not openly licensing thier DRM schemes and not making them interoperable/platform-agnostic. They have seen the side-effect of locking in customers by not licensing thier DRM schemes and by using proprietary formats, and they're frothing at the mouth with the possibilities of locking in customers, and getting duplicate revenues from those that do defect.
At one point, I was actually willing to give MS some props for trying to rally the industry around a single DRM scheme (PlaysForSure) and keeping the API for it open. The lack of PlaysForSure on Macs and Linux is a big problem, and using WMA is a bigger problem, but the real sin was when they came out with yet another DRM system for the Zune. (Unless their PlaysForSure contracts made it a necessity by stipulating that MS will never come out with a PlaysForSure device or something like that - I wonder).
And Apples fault is in how they choose to license FairPlay. They seem to have some arbitrary 'coolness factor' that needs to be met before they license FairPlay (which they do license out). For example, it's clear that the Xbox ppl have given iPod integration a lot of importance, and they must surely have approached Apple to license Fairplay so that even protected songs could be streamed to the 360 from a PC/Mac or iPod. The fact that this doesn't work today can only be because Apple did not license FairPlay. A terrible sin, for what would have been a very cool and easy to use feature. They did not think about the benefit to their users first -- they thought about lock-in instead.
This is really what's wrong with DRM today. Companies are having a field day with trying to lock in consumers, and not giving any thought to enabling them to use thier property in as many fair ways as possible. The focus is completely on lock-in, and disabling, rather than enabling, and maintianing an audit trail without hindering.
The solution might come from the market, in time. But for that people need to be very vigilant about shunning DRM schemes until these companies learn thier lesson and start inter-oprating with each other. That doesn't look like its happening anytime soon -- what with iTunes downloads crossing the 3 billion mark the other day. Consumers only have themselves to blame if they endorse DRM in this manner.
The solution might come faster through litigation. Either through class action lawsuits (iTunes customers who want to migrate so a non-apple mp3 player, who get pissed because thier collections are now worthless), or Congress (ve