Peter Gutmann is a researcher in the Computer Science Department, Auckland, NZ. He has published a very long and technically detailed report, A Cost Analysis of Windows Vista Content Protection, that probably will be accessible to only the most technically literate. Nonetheless, the paper is an exemplar of the kind of analysis that many aspire to, but that only few actually produce. It should be required reading for anyone who intends to build a HD video capable system based on a Vista machine and/or who is interested in system security issues.
At the risk of sounding like an apologist for Microsoft, there are real costs to the bleeding edge. I kept Windows XP SP2 rather than upgrading to Vista precisely because MSFT never gets the first release of anything right.
Some nits:
- With a favorable nod to Cory Doctorow, Gutmann argues in Note C that if the DRM system security is not perfect, there is no point. I continue to believe that this is a canard. The goal of the studios is not to defeat professional pirates. Any well funded opponent will be able to defeat any security system on platforms such as standard PCs for the home. Instead, the goals include making the level of effort required to defeat the system sufficiently high that it discourages the causal user. This is the so-called "keeping honest people honest" goal. Another goal is to make it difficult for an expert to transfer their knowledge to the casual user. As Gutmann points out in several circumstances, Vista may not yet reach this goal, especially with respect to AACS protect content.
- While AACS encryption key management scheme is adequately discussed, there is no mention of Blu-ray's additional security layer, BD+. Perhaps not enough was publicly known at the time Gutmann did this work since BD+ has not yet shipped (this Fall?) and since Microsoft is apparently relying on third party support for Blu-ray capable software.
- Notwithstanding his Note B, the title is inaccurate since there is no real economic analysis. The paper does present a long list of real problems with economic implications to be sure, problems that result Microsoft's approach to content protection and business models generally.
Nits notwithstanding, this is a terrific analysis.