In the past few weeks it seems that there are more anti-DRM articles being published. For the avoidance of doubt, I'm not suggesting a conspiracy. These sentiments tend to go in cycles and right now the anti-DRM cycle is increasing. One example is is an article by Google's Jeremy Allison (writing as an individual, not as a representative of Google). Allison's article is polite and (wrongly) reasoned. (Other contributions are much less so on both scores, about which I'll have something to say shortly.)
Allison is right to point out that encryption is not DRM. Thereafter our views diverge. Allison says that DRM can't work and is a lot like magic or the Star Trek physics of dilithium crystals. On what evidence are these assertions based? A key case in point is the breaking of the AACS encryption system used in both HD-DVD and Blu-ray.
DRM in my view is the association of use rules and use consequences (payment and audit data) with digital information and the assertion of those rules at a distance in time and space.
Allison is right to point out that the secrets that enable consumer use of content have to be shared with the consumer and are thus vulnerable to attack. However, the purpose of DRM is NOT to prevent professional pirates from obtaining protected content. With enough funding, tools, and sophistication, any security system can be compromised.
Rather, the goals of most DRM implementations include "keeping honest people honest," raising the bar on causal piracy, and making it difficult for professionals to transfer their knowledge to ordinary consumers via software.
DRM has also been used to enforce business models, for example, Apple's FairPlay DRM. The European Union apparently believes that Apple's DRM has served to exclude devices from other vendors using protected content from iTunes. Steve Jobs' recent anti-DRM comments seem intended more to shift the blame for Apple's alleged monopolistic behavior to the record labels rather than some anti-DRM religious conversion.
Nevertheless, a close reading of the AACS standards indicates that they were created knowing in advance that various devices, content, and keys would be eventually compromised. Rather, AACS provides the means for revoking compromised devices and/or content should the movie studios and their distributors desire to do that.
Conditional access systems used by Satellite TV vendors are compromised. They make a business decision regarding when to update cryptographic information. That decision is, I believe, based on estimated losses.
Thus content protection schemes do not have to be perfect to be useful. To the contrary. They do have to have the ability to modify / upgrade / enhance software and cryptographic information.
Recent Comments