The Choice Between DRM and Security

gormanly writes "Victor Yodaiken has an article up on Groklaw in which he discusses how DRM may decrease security and reliability. He raises several questions that the developers of DRM technologies ought to answer - because not all computers are merely personal entertainment systems for 'content' consumers." From the article: "Sony BMG put DRM software onto CDs that broke the basic system security and made the entire system slower and less reliable. Imagine that your children put such a CD on your computer and opened an avenue for hackers to make copies of your business memos and personal email ... We are entering the era of ubiquitous and safety critical computing, but the developers of DRM technologies seem to believe that computers are nothing more than personal entertainment systems for consumers. This belief is convenient, because creating DRM mechanisms that respect security, safety, and reliability concerns is going to be an expensive and complex engineering task."

The Rights of Artists Vs the Rights of Listeners

You know, for a while there, I really thought David Bowie had something in a 2002 New York Times article where he speculated on the future of music and its copyrights:

'The absolute transformation of everything we ever thought about music will take place within 10 years,' he wrote, 'and nothing is going to be able to stop it. I see absolutely no point in pretending that it's not going to happen. I'm fully confident that copyright, for instance, will no longer exist in 10 years, and authorship and intellectual property is in for such a bashing. Music, itself, is going to become like running water or electricity...'

Now, this DRM business seems to be just a sign that not only will music copyrights stand but we are also going to lose some of our rights as to what happens when we attempt to merely listen to a purchased recording.

Perhaps these new DRM actions overstep the bounds of consumer rights so far that it ensures copyrights will always be in place? What I mean is that the focus and question seems to not be, "What are the artist's musician's rights?" so much as "What rights do we even have as consumers?"

Have I angered the mod gods with my slightly offtopic (and idealistic) Bowie quote? :-) I hope not.

Re:The Rights of Artists Vs the Rights of Listener

Do I have the right to buy DRMed music as a gift for somebody else?

When I buy DRMed music by downloading it to my own PC, then (some implementations of) DRM will bind the downloaded music to a licencing key on my machine. So if the bought and downloaded music is intended as a birthday gift for someone else, how will he/she be able to play it on his/her PC? Or how will I be able to play it on my laptop, if I downloaded it on my desktop?

While DRM is intended to increase music sales, the implementation of DRM technologies that binds a DRMed tracks to a license key on the downloading PC will prevent this track from playing on other (peoples) machines. So buying DRMed music as a gift for someone else won't be an option if DRM prevents playback on other PC - which isn't very good for music sales.

Rootkits and security holes are just one kinf of pain that comes with DRM. The inability to playback bought tracks on the OS of your choice (say Linux), or a different PC than the one used for the download, is another pain.

Re:The Rights of Artists Vs the Rights of Listener

As a customer (please - if you think of yourself as a giant sucking mouth consumer, this is what happens) you are king. Don't want DRM music? Don't buy it. There are places where you can buy music without DRM (and some of these places give the option of downloading in lossless formats).

When that executive of a recording industry association in Europe (I forget which one) said that 'being able to listen to the music you bought off us on a Mac or Linux is a privilege and not a right' he was entirely wrong. No, his association companies receiving my money is a privilege and not a right, and a privilege I can revoke at any time.

If you don't like DRM, be a customer not a consumer - revoke the offending company's privileges and buy your music elsewhere. Musical ability is extremely common in the human population, and the internet has made it easier than ever for people to distribute their work. What the record companies put out is in the main the cult of the personality.

Re:The Rights of Artists Vs the Rights of Listener

yes, but if they see revenue dropping (or even think that they aren't making as much as they should), they'll start crying "PIRATES!!!!11!" and demand new legislation to allowing them to use broomsticks in means other than originally intended and stop t3h eb1l p1r4at35.

DRM = liberty

Replace 'DRM' with 'liberty' throughout that paper for an interesting take on things...

wishful thinking

Although I doubt it will happen, the government should hold the companies using DRM software accountable if it causes financial harm to an individual.

Once something is digital, it flows free

Here are some issues:

1. One goal of DRM developers is to prevent "digitization".

That first point sums it up. How do you stop something in its raw digital format from being copied?
You can't, David Bowie is correct in his assumption about music flowing freely like electricity or water.

Maybe one possible scenario is that a digital tax will be added to all machines that can play digitized music/games/etc. in order to make up for the lost revenue.
Another idea is to package the music/software/game with something that is above and beyond what you would normally get from just a plain disc. Add something to the packaging that makes people want to buy the product and not just download it. You could add writing, pictures or objects that people could enjoy that can't be easily reproduced with a copy program.

So qouthed the poet

In the words of a known company, "most people don't even know what DRM is, so why should they care about it?"

Responsible software?

Since when have software developers accepted any responsibility whatsoever for their own software, let alone the effect it has on peripheral applications or the OS at large? Ever read all the disclaimers in the typical EULA? What makes anyone think that DRM software is going to be any different?

One last Rally

DRM is a nice keyword to be used to describe something in both a negative and positive light.

The media industry is about to die the same way the blacksmithing and wagonsmithing (?) industries died with the advent of the car.

They're desperately trying to hold on and to make themselves work in the new order, but it's just not happening. The cat's out of the bag. The genie's out of the bottle, etc.

Some companies are very openly embracing the new reality and adjusting their business models-- Apple, for example. They use DRM as a watch word to make the others feel safe and secure as Apple slowly digests their dying corpus. But Apple *IS* digesting them.

DRM is the media industry's last rally before the old dinosaurs die and the young, swift mammals take over. It sounds bad, but will never be anything but a minor annoyance.

No! Wrong!

It is not going to be a "complicated" engineering task.

It is an "impossible" engineering task.

Repeat after me.

There is no such thing as DRM.

There is no such thing as DRM!

There has never been a functional DRM system, and there never will be, because it is impossible to create one. You can cripple your products, annoy or even imprison your customers, and shut out OS/FS competitors from compatibility, but you cannot "manage" your "digital restrictions." Not in this universe.

It's a jail. Things only need to escape once. Once they escape they're on the internet in open formats and the game is over.

Re:No! Wrong!

Of course the next step in DRM will be special booths that you have to be strip searched to enter, then and only then will you be allowed to listen to content on DRM protected devices. You will be searched again while leaving the booths. :) Then and only then will DRM work, and damnit someone will find a way around it.

DRM is avoiding the underlying issue.

DRM is what the industry is using to avoid the real issue at hand. The real issue is that movie and music industry have become too greedy and see the consumer as a revenue source and not a customer. They have come to expect a certain amount of money without adapting to a changing marketplace. People expect movies and music to be of high quality and freely transferable to other devices like iPods. The industry won't except that because their business model has worked for decades without problems. With the growing digital media revolution, they have found it difficult to adapt, so out of fear and ignorance they have chosen draconian DRM measures to safeguard their empire instead of pleasing the paying consumer. While it may work in the short term, it is destined to fail in the long wrong because the consumer's dollar has the final say... I hope.

http://religiousfreaks.com/ [religiousfreaks.com]

It's really quite simple - virus scan!

If the various virus scanner companies can resist getting into bed with the guys foisting this DRM stuff on us, and make their virus scanning utilities detect this crap _like_any_other_virus_or_malware_, then it wouldn't be much of an issue.

I know, I know - if the DRM wasn't there to begin with it wouldn't be an issue. But like virii and malware, it is probably here to stay. Just give me reliable tools to crush this stuff.

Steve

There are no answers

He raises several questions that the developers of DRM technologies ought to answer - because not all computers are merely personal entertainment systems for 'content' consumers."

And how likely is it that they'll ever be forced to answer these questions? Considering the deep pockets of both the music and video industries and how much pull they have via their lobbyists, it's likely they'll never be pressed to answer these types of important questions. Without some more high profile issues like those witnessed with the Sony fiasco, the average consumer will probably never be the wiser as to the depths of contempt these companies have for their customers. To them, every single person is a potential thief.

Why not use DRM for security

PC owners need to take control of their PC to secure the machine. If content owners can control what content buyers do with their data, then perhaps PC owners should exert similar control. Perhaps not every application on a PC should have the right to send any bit of data over a network. Preventing keyboard loggers, file snoopers, IM buddy list readers, etc. is effectively a type of DRM -- "sorry MalWare.exe, but only one copy of that SSN is allowed". As with P2P applications, DRM is just a tool that can be used for "evil" or "good". Perhaps PC owners can use that tool to secure their data and their machines.

This may also be a non-issue in a few years...

I'm concerned about DRM as much as anyone here, possibly moreso because I work in an laptop-based educational environment and DRM is going to affect students in the classroom and when they're at home.

On the other hand, if Microsoft is serious about security and the other OS platforms grow in popularity, people should eventually end up with just as many access rights as they need to function on their computer and no more. If a DRM like Sony's rootkit were to try to install itself, it would either fail or trigger a warning allowing people to make an informed (yeah, yeah, I know) decision about whether to install the stuff or not.

Any technique used by DRM makers to sneak tracking software into a computer can be used by (more) malicious types to sneak software into a computer. OS makers serious about security would be forced to either patch the problem or offer their own "safe" brand of DRM (as Microsoft seems to be doing). Either way, 3rd party DRM creators probably won't ultimately win this battle.

Workaround

Buy music from ALLOFMP3.com.
DVDs, leave it to the standalone DVD Player.
Anyting I want copies of, Download.

DRM vs. other goals

The main problem with DRM is that in current legislation with DMCA and related laws, DRM has the highest priority in computing. Basicly every computer task has to comply with DRM, or it is a "circumvention device". Security, Audition, Reliability... everything has to take second seat behind DRM. And only if something bad happens due to this priorising (like in the case of the Sony Rootkit), this rule gets questioned for that particular event.

The most convincing argument the article brought was, what would happen if the 'analog hole' gets plugged, and every analog recording device has to comply with DRM. Imagine the bad boys robbing a store just taking a portable video player first and start playing a movie in front of the surveillance camera: According to the potential law the camera has to stop recording, otherwise it would record an illicit copy of the movie! But if surveillance cameras are taken out of the law, who hinders the bad boys to buy one and take it to the cinema to record the movie?

DRM is not orthogonal to other computer tasks. It gets in the way of everything. It has to audit every piece of information moved. And it is not able to take in account the importance of the movement or the effects it has if it stops the movement of information. It can't decide from the context if it should shut down the task or let it run. It's all or nothing. If it encounters a trigger, it will shut down the task anyway, may the data stream be generated by the underage son trying to rip a CD or by the brake sensors telling the brake to stop the car immediately.

Freedom of Choice

In the end, it's not about DRM software, system security, greed or anything else. It boils down to this: am I free to do what I want? To listen to the music I want when I want, to watch the TV programs I want to watch, to download the internet content/software I want to have on my machine. To quote the phrase, "freedom isn't free," nor is it profitable.

If "consumers" (and that word should become an epithet) are allowed to have true choice, free access to everything, they will choose the things they want. If the companies providing those things charge a minimal fee for the privilege, they will make money. The conflict arises because "consumers" want something for nothing and producers want more money than is reasonable for their products, beyond the mere expense of producing them.

It's all going to come to a head eventually. Things can either be free or they can be metered, like electricity and water. And don't forget, the power company can cut you off at any time. Of course, if you're smart, you can generate you're own electricity. In the end it's a battle of wits between producers and consumers; I think it's safe to say the consumers hold the ultimate edge, for if they don't consume, producers will not have the resources to produce.

Huh? Just one machine? DRM applicance.

Who here has just one computer? My kids each have their own (my daughter is building her third). Old machines get retired to guestroom use. I have two on a KVM, and a half dozen nearby. Of course, we're not all geeks, and some people have only one comp {shudder in Horror}.

I don't like DRM. Not at all. They'll have to discount it heavily, or have some pretty compelling content (which is nowhere to be seen) before I buy. But it will probably be a dedicated DRM applicance, 'cuz there's no way to secure a PC computer. None when the user has root and access to hardware. Not even strong crypto.

Screw the poster

I can't believe this. I never thought I'd see the day. Someone using the fact that Micros~1 writes a terribly insecure operating system to argue that DRM and IP is a bad idea.

I'm not saying that enforcing IP rights on media files via proprietary software is a good idea.

The fact that Windows' terrible security model makes it a trivial task for user-space programs to comprimise the security of a computer, doesn't mean DRM-enforcing techniques are a TERRIBLE IDEA.

What a HORRIBLE, AWFUL scar on the front page of Slashdot. Shame on Slashdot (again)

A new approach to intellectual property

Let's assume that safeguarding intellectual property is, in fact, impossible. Can we still come up with a system that rewards people for their efforts? I believe we can. Basically, an artist, programmer, or filmaker would give their product to a government agency (much like a national library) and that product would be available free to any citizen for the asking, except for the cost of manuals, etc. The artist would be paid a bountya ccording to how many people take delivery on their product, so he gets compensation. The revenue would come from the tax stream, again like libraries. Now before you start railing against creeping socialism, think this system through. Everyone would have the most productive, up-to-date software, older versions wouldn't need to be supported. Also, basically everybody indulges in one form of entertainment or another, so drawing from the tax base isn't unreasonable.

NO way

The only 100% non-crackable digital data is the data that was not created yet (adapting from the software-piracy statement). The more protection schemes appear, the more piracy schemes appear, soon or later. Lets change the way things are sold, lets kill the current "money industry".

DRM inherently disrupts proper operation

The problem with DRM is that it inherently disrupts proper operation of your computer. A general purpose computer cannot both stop you from playing digital data off media, and copying it. DRM is incompatible with reliability.
-russ

Philosophy, not engineering

It is ancient philosphical, not current engineering problem.

Consider the universe (brahma) consists of three fundamental substances (gunas) in dynamic balance: energy (rajas), information (sattva) and entropy (tamas). Can you remove one of them (information in case of DRM) from any system without seriously disturbing the system structure?

It is higly predictable what results can be achieved by limiting sattvic principle from human culture...

This kind of myopia is all too common

I installed Nokia's software for backing up the phone numbers in my 6800 phone to my hard drive via USB. The program also allows you to download games and ringtones into your phone. Imagine my disgust when I saw that the program wanted to load every time I started my machine. There was really no way to completely exit it. It also insisted on putting an icon in my system tray that couldn't be removed.

ATTENTION NOKIA: YOUR PROGRAM IS FOR MY FREAKING PHONE YOU SELF-OBSESSED MORONS!!! Why the hell should it take up valuable resources and screen real estate ALL the time? Sheesh.

Huh? Money to spend?

He raises several questions that the developers of DRM technologies ought to answer - because not all computers are merely personal entertainment systems for 'content' consumers.

While I think that raising the DRM security issue is valid especially in light of the Sony issue, this particular point that I've quoted is likely to blow up on users because inevitably someone will ask "but why are you running music /media / games on critical machines or work machines or critical work machines anyway? Non-issue, just stop playing music on you work network! Easy!" At least, this is what I see happening.

Inevitability....

The outcome of the war is inevitable. Faster data streams, encryption with communities of trusted participants, and smarter generations of users will only lead to more undetectable trading of media. Any efforts to protect content will always be circumvented, and creates tension between consumers and producers.

There is only one type of intellectual property...trade secrets, and it is only property as long as it is a secret.

Some are more equal than others

Keep in mind that an essential requirement of both DRM and Government is that the master key be held by someone other than the nominal owner of the computer. Government can be bought off by including a built-in "back door" as with the late unlamented Clipper chip, but that's not enough for DRM.

Trouble is, that's also going to play Hob with businesses' need for reliable backups. They need to be able to restore a secure system in case of failure, and don't want to have to prove to Intel (or whoever) that they are the One True Rightful Owner to get the master keys.

Conclusion: businesses will have some way (bound up in massive contractual terms with Draconian penalties) to acquire the master keys to their machinery at the time of purchase. The rest of us will have to beg Intel, IBM, Microsoft, etc. for access to the machines we paid for.

"Impossible DRM"

I don't think it's impossible to create DRM that won't undermine your system; DRM acheived with encryption can effectively limit the reading of a file to one computer or to that computer and a handful of devices. The DRM would enable the computer to read the file, not prevent it from doing anything. It would "work" (in the sense of preventing unauthorized listening) on any computer, music player or toaster, but only "work" (in the sense of allowing authorized listening) on suppported systems.

The real problem with, say, the Sony/Sunncomm DRM is that it's trying to prevent you from copying files that are written in an open format. Doing this means removing functionality from a system. Therefore the DRM must damage your system, but fortunately can only work on specific systems.

The type of DRM I described in the first paragraph is what the record companies really want. And if there must be a DRM system, I'd really it rather be one that wasn't going to try to harm my computer.

I guess the problem is that as long as the model persists in which albums are sold in physical form in stores and have to play on a variety of "consumer electronic" devices without hassle they will always have to be protected by the harmful type of DRM if they are to be protected. And yet this type of DRM is also doomed to failure (anything released on a CD that can be read in anything resembling a CD player will be on the Internet within a few days of its release, regardless of the DRM attached to it). It appears that DRM that degrades a CD's quality has been rejected, and we seem to be in the process of loudly rejecting DRM that tries to modify users' computers. I don't know if there are any more steps beyond creating a new encrypted music format and protecting the secret better than they did with DVDs.

It's really not DRM vs. Security.

It's simply MY security vs. THEIR security.

And if it's a matter of using my own assets to enforce one or the other, I'll choose me, thank you very much.

The outcome is in out hands

Perhaps the next generation of Disc technology whether it be blu ray or HD DVD will be the new battleground for DRM. The threat is that there are many people out there with more money than sense. They will buy it up because they are to lazy to care about the implications of rewarding companies that force DRM down your throat. Its the obligation of those in the know. Namely /. readers to inform others so that they can make a better decision.

http://www.stockmarketgarden.com/ [stockmarketgarden.com]

Dead heat

I don't think we will ever be free of DRM but then nor do I think DRM will ever be what the music industry wants. I suspect what we will end up with is the sort of DRM that we currently find on DVD which is good enough to stop casual copying. It might be possible to go one step further as is being tried with next gen DVD but much further than that and you are going to start to annoy a large portion of Jonny Sixpack users.

IIRC HD-DVD has the ability to kill keys. I wonder how long it will be before human error accidently adds a good key to the kill list and screws up a huge number of players.

Format change

This is all about selling back catalogs in a format change. Record execs thought that moving to the digital age would mean buying Dark Side of the Moon in a 4th format.

The music industry thrived on the big format changes from LP to tape, and from tape to CD. Now, CD can easily become the new format without having to go back and buy it.

Their solution? Make the conversion cost you money. It's just the latest degradation of fair use.

Both

According to Microsoft trustworthy computing, DRM and security are the same thing. I call BS.

Felten on CD copy protection and spyware

Ed Felten's blog [freedom-to-tinker.com] had an excellent analysis [freedom-to-tinker.com] of why CD copy protection will inevitably lead to spyware. The crux of the matter, as Felten sees it:

So if you're designing a CD DRM system based on active protection, you face two main technical problems:

1. You have to get your software installed, even though the user doesn't want it.
2. Once your software is installed, you have to keep it from being uninstalled, even though the user wants it gone.

These are the same two technical problems that spyware designers face.

He's had a lot to say about the Sony rootkit, all of it interesting.

Unrealistic expectations

Let's take a look at rights management. When recordings were made on wax cylinders, there was little or no concern for what rights could and could not be protected. Granted you had to speak or sing in a stage voice to make any kind of decent impression on the wax, and that brought about a somewhat unique situation in that while everyone who used the technology could both make recordings and play back with the same device, it was practically useless for either copying or mass production.

Next came 78's. These were cast in a mold and made of the miracle plastic bakelite. Since the recording machinery was expensive and complex, as was the disk manufacturing process, the door was opened to both rights management and mass production. Improvements in technology lead to the 45 and the 33 &1/3 LP & EP albums.

While the technologies which used mechanical force were dominating the marketplace, a competing technology, based on magnetic recording also existed. Magnetic recording was less expensive, and much harder to mass-produce, but it was capable of making copies fairly easily. The new difficulty was that a small portion of the magnetic image was erased every time it was played.

Finally the digital technology emerged as the primary vehicle for copyrighted audio materials. At first it was not a problem, because individual users were unable to afford the technology to duplicate and/or create recordings which were theoretically perfect copies. But today it's hard to get a computer that can't accomplish this feat. So the audio industry turned to the promise of DRM. Unfortunately, though it will take many more incidents like Sony's debacle, we will reach a level of understanding where we realize that as long as the technology is in the hands of everyone that can duplicate these forms of media, that they will be copied.

The only way that we will see any form of successful rights management will be for the audio industry to develop a technology which is as popular and as acceptable as the LP. It may take the form of a holographic crystal or some other 'futuristic' media. But as long as the ability to manipulate the bits is available to end users, DRM will continue to fail. IMHO it is an unrealistic expectation on the part of the audio industry to believe that there will ever be a digital solution to a digital problem. In the meantime I believe that any damage to computers and infrastructure brought on by companies who cannot accept the fact that DRM will never work should be punished to the full extent of the law.

the wrong model

A lot of content producers want access to [their] purchased media, hence why DRM fails, you break the security of the node that's really built to be independent. Then again, having centralized control makes administration & enforcement easy.

You have 2 conflicting models here.

For DRM to succeed, there needs to be a decentalized model. Apple fairplay eludes to it, but Apple too wants easy administration, hence a centralized system is the result. Businesses don't want to do things the hard way anyhow...

Virgin Music

I tried to find out details on the DRM on my son's christmas gift of a CD from Virgin Music Group. Does anyone know how bad this is? ( I know, all DRM is bad.)

Thank God, he chose to NOT to agree to installing the software, but was that too late, like Sony?

My state (OK) has already sued Sony, is Virgin next?
This computer appears to be fine, bzzzz ss8 dfkla8 ksfja ;)

More software = more to go wrong

Anything you add to a computer runs this risk. DRM is going to be particularly invasive of the OS, so more likely to cause chaos, but the same problem goes for any software...

"personal entertainment systems for consumers"

"the developers of DRM technologies seem to believe that computers are nothing more than personal entertainment systems for consumers"

Worse than that, they seem to have this impression that it's okay to modify my computer to work how they think it should. This isn't even just DRM, I'm getting incredibly fed up with programs which automatically install themselves on the desktop/quick launch bar (the Quicktime player, as an easy example, which I almost solely want to launch by double clicking on a file), and/or auto-run at startup (Creative used to be terrible for this - install soundcard drivers, and suddenly it plays an intro movie on the desktop at login, and you have an application launcher stuck to the top of your screen).

</rant>

From Centralization to Decentralization

It seems that we are approaching the end of the "Big Labels". Here are the reasons I predict for the downfall of these aforementioned labels.

1. People can gather, record, produce, and distribute their music anywhere in the world from a single computer.

2. Everyone inherently seems to feel that music has been overpriced and overmanaged for a long time.

3. People don't mind paying to download.

4. p2p downloaders statistically (RIAA numbers!)are the biggest customers of pay per download.

5. Inevitability of open formats which are cross-platform for distributing all sorts of music and video type files.

With business cycles there tends to be shifts in certain industries. For example sometimes an industry will be in a shift of Centralization (Big Labels for distribution of millions of CD's/Vinyl/Tapes), future market conditions can cause this shift to head in the other direction (Indie Labels, Web Distribution) which is Decentralization. The music industry is decentralizating and with more and more artists forming their own labels the Big Labels become useless empty shells with only their intellectual property left to earn them money. The death of the CD will be the death of the Big Labels for this will remove the last reason for their existence.

Not really a good article...

IMHO, this article, while well written doesn't really paint an accurate picture of the way DRM will likely be implemented on the PC, and how that will affect security. But before I go any further, let me state for the record, I am apposed to the concept of DRM in every way, and everytime I think about how bad the issue can get, I feel sick in my stomach.

About the only good line in the article is "DRM technology is sometimes described as security technology when it is really licensing technology -- something very different.". This is of course marketing at work, people rename things to make them less ugly sounding, just like Microsoft's "Genuine Advantage Validation Tool" could far more easily have been called something along the lines of "Windows Anti-Piracy Validator", however the latter just has such bad implications, even though that is exactly what it is. So the author demonstrates in the second sentence of the article exactly what it is he is trying to say, but then proceeds to use IMO very bad examples of what he means.

I have been diligently reading all DRM mentioned articles on /. over the last few years, and I feel I have a fair idea of what the industry envisages happening. Let's look at Microsoft's software activation technology, which is there primarily to prevent piracy of their intellectual property, I believe it's consequences are similar to what we can expect from DRM, a pain in the ass, but the majority of people accept it, and more importantly, it works pretty well, without creating security problems.

What I personally hate about software activation is that Microsoft made a far more secure way of protecting their software from casual piracy, but did not take the time to make it easier for their customers to keep track of their paid for software. Our company often has the task of fixing computers, which occasionally involves reloading Windows and or Office, and if the client doesn't know where their Office Product key happens to be (Windows key is normally stuck on the box), we end up "legally" having to tell the client we are unable to reload Microsoft Office onto their machine until such time as we have a valid CD-KEY. What I would like from Microsoft Activation is something similar to the way the WoW [wow-europe.com] (the US release is the same or similar I would think) authorisation key system works. When one buys a copy of the game, they get an authorisation key with it, they then logon to their respective regional website, and create a new account, during the account creation they are required to input their authorisation key, once the account creation is complete they will NEVER require the authorisation key ever again. If their house burnt down, they could copy their friends WoW CD, use it to install the game on their new PC, and carry on playing. Obviously, Microsoft Activation has to work a little differently, seeing as we don't have to pay a monthly subscription to use it (yet). But it should work the same, the customer should to create an "account" with Microsoft, once done they can authorise copies of Office or Windows or whatever onto it, if the computer needs to be reloaded, they will always have access to their paid for software.

Right, now onto DRM, to get back to the attached article's point about security, I believe that when and if Microsoft's codename "Palladium" technology is released, if done right, will not negatively impact the integrity of the host computer's security, all that Palladium will do is prevent other programs of that computer from accessing the memory of that program, which is why DRM advocates like the idea of Palladium, it should be practically impossible for hackers to reverse engineer software which utilizes Palladium, as they have no way of seeing the memory of that active program. Assuming Palladium works as intended, everything is protected with the help of encryption, so it is still *possible* for the hacker to work out the private key, but unlikely, and the only other wa

Flamebait

The whole article is just flamebait. Any software you install can introduce risks, and there are already a host of things that pose similar threats. It's silly/stupid to think that DRM is unique in this way. Users should not be misled into believing that other applications (like word processors, web broswers, anti-virus programs, games, etc.) are inherently safe and don't have the same set of issues outlined by the article's author.

Dilution of DRM to level of mutual dissatisfaction

DRM will be diluted until it reaches a subliminal level (in terms of customer awareness / acceptance). With VHS VCRs, that was Macrovision, which was non-annoying to most users and easily circumvented (with copyguard buster boxes) by those who cared enough and spent enough to do so. It worked well enough for the content producers to be less than actively malcontented, and poorly enough for people who really cared to get around it.

This is sort of the situation we have now with copy-protected recordings: the copy protection works well enough for companies like Sony to feel comforatable making releases (though they are going to have to find some new method after the rootkit fiasco, obviously)-- they have settled for reducing the number of seeds or sources to unauthorized distribution channels. This may be where the balance is finally struck: DRM just restrictive enough to stop the casual user from distributing or seeding. Coupled with lower prices to the public **AA may have steady and tolerable sales, even if unsatisfactory in terms of their historical business practices.

BOYCOTT ALL DRM

It is up to us the consumers to win this battle. We MUST refuse to buy or support DRM in entirely. Period. Boycott any and all DRM media and be completely infelxible in this.

Benjamin Franklin Said It Best

"Those who would trade liberty for some temporary security, deserve neither liberty nor security". --Benjamin Franklin

DRM or security?

Is there a question here? Lose one bad thing and gain one good thing... I think the choice is obvious. DRM, of course :) What good is your computer if there's a risk that publishers aren't milking every penny out of you they can?

Joking aside, though, the rootkit was a HUGE security risk, and took Digital Restriction Enforcement (I've started calling it DRE, as that's what it really is) to a new - though still completely ineffective - level.

It's how you use it...

While I agree that (to take an example) the guys running Sony's DRM program are sleazebags for doing what they do, people also need to take more responsibility for their own computer systems; this means learning how to use root or Administrator accounts properly. Even on Windows it's possible to let your children use the computer without letting them have the ability to install random crapware on it. People like the convenience of doing everything as root, but it's just dumb.

Yes, but....

The song begins to play automatically just as our fictional victim recognizes that he is experiencing a heart attack and he desperately clicks the Skype window to dial emergency services. But all he sees on the screen is a big notice:

DETECTION OF UNLICENSED USE OF MEDIA: SYSTEM SHUT DOWN.

It is unlikely our Congressmen would give a twit about the logic of this example. The remedy is clear: the survivors sue the spammer for damages.

Similar to courts upholding that city police can confiscate and auction off the car of a guy cruising for prostitutes EVEN THOUGH IT WAS HIS WIFE'S CAR.

The law's the law and civil lawsuits are today's answer for cleaning up whatever collateral damage they cause.

DRM Induces Piracy Too

Content owners must learn to compete with free. DRMed content is worse than free. Much worse. If you make your product worse than equivalent products that people can steal for free, then people will steal it.

Easy

That's an easy one, Roseanne Barr is much funnier

Re:DRM is part of our war on terrorism.

> So if we talk negatively about DRM, we are abating the terrorists?
I'd love it if we could abate all the terrorists. Or did your finger slip and you meant abetting?

Re:SONY ROOTKIT DID NOT DECREASE SECURITY

So the rootkit couldn't be used in conjunction with the big WMF exploit, which I'm sure hasn't been patched on all machines yet?

Re:SONY ROOTKIT DID NOT DECREASE SECURITY

It prevented the virus checkers from spotting malware on PC's with the SONY DRM on it. Think about the combination of the WMF exploit and the SONY Rootkit. You go to a site it downloads malware onto your system. You think you are secure because you have virus scanners and you scan daily, but the SONY rootkit prevents your scanners from picking up the worm on your machine. That is a reduction in security.

Note: Sites can be hacked and trojan downloads installed unbeknownst to the websites. So you could potentially be going to gospel/business website and end up with undetectable malware on your machine. My sister went to a site to buy some glass cylinders for her lab and ended up with a virus.