The DRM Scorecard

An anonymous reader writes "InfoWeek blogger Alex Wolfe put together a scorecard which makes the obvious but interesting point that, when you list every major DRM technology implemented to "protect" music and video, they've all been cracked. This includes Apple's FairPlay, Microsoft's Windows Media DRM, the old-style Content Scrambling System (CSS) used on early DVDs and the new AACS for high-definition DVDs. And of course there was the Sony Rootkit disaster of 2005. Can anyone think of a DRM technology which hasn't been cracked, and of course this begs the obvious question: Why doesn't the industry just give up and go DRM-free?"

DRM is doing it's job

[dirk]

No one ever expected DRM to stop all copying. That was never it's purpose. The purpose of DRM was to curb copying, which it has done. Everyone realizes there will always be a way to get around DRM (or anything else really) if you really want to. But if you can implement DRM and stop 50% or 75% of copying, that is a big improvement. That is exactly what they did. They implemented a solution that will reduce copying by the average person, which means more money in their pockets since less people are copying CDs and giving them to friends (and no, I'm not claiming every person who copied a CD would go and buy it, but certainly some of them will).

DRM works under the same concept as locking your car. IF someone really wants in, they will get in. But it certainly cuts down on the casual person who will take an easy opportunity, but doesn't care enough to put in the effort to get around the measures you put in place.

Re:Geeks do- everyone else doesn't.

[Original Replica]

The Average Joe doesn't need to be able to crack it himself. He just needs to get ahold of a cracked copy. Which he can.

Certainly there are some things which come to mind

[zuki]

Perhaps this has already been mentioned, but the dongle systems that protect many Mac music applications and plugins seem to have held up so far, as in either iLok [ilok.com]
or some of the Synchrosoft dongles. Logic Pro 7 is not really something that has been cracked yet either, to my (admitedly limited) knowledge.

From what I recall reading, when H2O did manage to [k] Nuendo, it took them so long that I think they said
they were not going to bother doing it more, as the process was just too annoyingly time-consuming.

Theoretically, these systems could probably be made to protect anything which is a software-based application. Not sure if this qualifies as DRM, rather than just some 'copy-protection'
technique but certainly it has helped ensure that many small developers of quality audio plug-ins survive because their creations cannot be cracked.

Z.

Apple iTunes Video

[IdahoEv]

Last time I checked, you can strip the FairPlay DRM from iTunes music files pretty easily, but nobody has released a tool that does the same for video files purchased from iTunes.

So ya can't yet burn that episode of "Lost" you bought on iTunes to a DVD.

Grammar Nazi

[Haganah]

That does not "beg the question" at all. http://en.wikipedia.org/wiki/Beg_the_question [wikipedia.org]

Re:Cable HDTV DRM

[afidel]

HDCP has been cracked but unless you have a display with DVI and no HDCP support it does you very little good. The problem is the HDCP protected signal is a full bandwidth signal, not the compressed OTA or disk steam, and there is currently no system available that can really deal with capturing that much data in real time that is in the consumer price range.

Re:HDMI

[sssssss27]

From Wikipedia:
"Cryptanalysis researchers demonstrated fatal flaws in HDCP for the first time in 2001, prior to its adoption in any commercial product. Scott Crosby of Carnegie Mellon University authored a paper with Ian Goldberg, Robert Johnson, Dawn Song, and David Wagner called "A Cryptanalysis of the High-bandwidth Digital Content Protection System". This paper was presented at ACM-CCS8 DRM Workshop on November 5, 2001.[1]

The authors conclude:

"HDCP's linear key exchange is a fundamental weakness. We can:

* Eavesdrop on any data
* Clone any device with only their public key
* Avoid any blacklist on devices
* Create new device keyvectors.
* In aggregate, we can usurp the authority completely."

It must be noticed, however, that for this attack you first have to break Blom's scheme (the linear algebra based key exchange system). In the case of HDCP you need a minimum of 39 device keys in order to reconstruct the secret symmetrical master matrix that has been used to compute all device keys.

Around the same time that Scott Crosby and co-authors were writing this paper, noted cryptographer Niels Ferguson independently claimed to have broken the HDCP scheme, but he did not publish his research, citing legal concerns arising from the controversial Digital Millennium Copyright Act [1].

The most well-known attack on HDCP is the conspiracy attack, where a number of devices are compromised and the information gathered is used to reproduce the private key of the central authority.

This is called "the Smart Cow problem"

[Spy der Mann]

From Wikipedia [wikipedia.org]:

The Smart Cow Problem describes the method by which a group of individuals, faced with a technically difficult task, only requires one of their number to solve the problem. Having been solved once, an easily repeatable method may be developed, allowing non-technically proficient entities to accomplish the task. The term Smart Cow Problem is thought to be derived from the expression: "It only takes one smart cow to open the latch of the gate, and then all the other cows follow." [1]

This has recently been applied to Digital Rights Management (DRM), where, due to the rapid spread of information on the internet, it only takes one individual to defeat a DRM scheme to render the method obsolete. [2]

      1. ^ http://www.wired.com/news/business/1,60901-0.html [wired.com] Buck a Song, or Buccaneer? , retrieved 2007-02-13
      2. ^ http://www.wired.com/news/digiwood/0,1412,67556,00 .html [wired.com] Give Your DVD Player the Finger, retrieved 2007-02-13

Re:Geeks do- everyone else doesn't.

[ucblockhead]

The Average Joe doesn't need to crack it. The Average Joe just uses the torrent that The Knowledgeable Joe uploaded after running the ripper he downloaded from a site run by The DRM-Cracking Expert Joe.

Re:The only thing really not broken... yet

[bleak sky]

MiniDisc uses SCMS (Serial Copy Management System), and it's relatively trivial to defeat. It's not encryption, it's just an extra bit set in the S/PDIF stream. See http://en.wikipedia.org/wiki/Serial_Copy_Managemen t_System [wikipedia.org] and http://www.esrac.ele.tue.nl/~leon/scms/ [ele.tue.nl] (or Google for SCMS killer) for more information.

Re:DirecTV

[XedLightParticle]

You're right in that what's currently used for digital cable and satellite TV feeds hasn't been cracked. But this has a history, at least in Europe, of being cracked, holes found in the algorithms and all sorts of fun, then 6 months after it gets public known they change encryption system, and the TV pirates can start over. The encryption systems have in that way gotten so tough to crack that the pirates have found other ways, the most common way to get around the encryption today, is to get a receiver of which you can replace the firmware, and in that way get the receivers to share the smartcards with each others over the internet, for the time being the TV providers knows it's happening, but they fail to figure out how to prevent it, so instead they spread rumours that their encryption providers in Israel are able to detect when cardsharing occurs, but I have yet to hear about them catching anyone in that way.

Re:HDMI

[CityZen]

Actually, an HDMI input card is only $249.

See: http://www.blackmagic-design.com/products/intensit y/ [blackmagic-design.com]

DTCP hasn't been cracked

[timecop]

DTCP encryption and it's correspondent M5 cipher hasn't been cracked.
And unlikely that it will.

And DTCP is the DRM of choice over high-speed digital buses such as 1394 and now over ethernet with DTCP-IP.

Re:Geeks do- everyone else doesn't.

[donaldm]

Looked for the smiley but you are wrong (should have stayed with "Windows") :-).

Locks in many forms have been around for a very long time http://inventors.about.com/library/inventors/blloc k.htm [about.com] however eventually they do get cracked.

Re:All bank vaults and locks have also been cracke

[Opportunist]

I dare to say I speak for many when I say, I don't mind paying for content. But I insist in being able to use content I pay for.

I buy my music. I also buy my movies. I don't want so many that I couldn't afford it, and likely I wouldn't buy enough to make the industry survive. A handful of movies or music discs a year isn't really making or breaking it for them.

But I do want to use those items in the way I intend. I want to be able to hear that music in my car, I want to be able to watch those movies on my computer. If this isn't possible, the item I paid for is not what I want. Now, the licenser can dictate how I may use the item, that's his right. But he should at least inform me about it, so I can avoid wasting money on it. If the DVD tells me it won't play in my computer, I won't buy it. The product does not match my requirements.

Unfortunately, this information is not given. All you get is "this item is protected by copyprotection technology", which can mean pretty much everything from "it won't work in anything but our own players" to "it's just CSS encrypted, so all you need is a player that can handle it". I won't know 'til I slip in the DVD into my drive.

Now, the opened medium is more often than not impossible to return. No matter what you do, the store won't take it back. I checked with my lawyer, and they even have the right to do that.

So, consequence? I feel wronged. I feel tricked into buying something that I cannot use. Consequence? I don't give a fuck about copyright laws and remodel the disc to do what's intended with it: Giving me access to the content I licensed.

So far, no problems with my conscience at all. I paid to see the movie, so I feel entitled to do what's necessary to see it.

I can see that it's only a minuscle step from here to "why the heck go through all the hassle and even spend money on it, when you can get it free and hassle-free through the net?". I can see why people take that last step, too. Actually, I can see that a lot of people even got wind of this way of acquiring movies that way:

1. Buying a movie that doesn't play.
2. Lament with their "clued" friends and ask for a way to see that movie.
3. Friend tells him about P2P.
4. People stop buying and start downloading.

Re:The BBC and Licensing?

[FireFury03]

The BBC's iPlayer has recently come under fire for being Windows only and DRM-riddled, but what can they do? They can either implement some form of UK-based DRM or not attempt to show programmes online at all.

DRM is unnecessary - they can simply restrict access by IP address to UK residents. This would put the "protection" on par with their DVB streams (which they are actively pushing to be unencrypted), which are geographically restricted to (more or less) the UK. Just because you are delivering content over IP doesn't mean you need extra protection - it's just as easy to proxy a DVB stream to a non-UK IP address as it is to proxy an IP stream to a non-UK IP address.

The BBC's charter requires that they make the content available for all licence payers without tieing them to equipment sold by specific manufacturers. The current iPlayer does not meet the charter since it requires you to use Windows. They have not said when a Linux version will be available, only that they will review the situation every 6 months (which implies it will take several years). Also, they keep saying they are aiming for a platform agnostic solution by releasing players for Windows, OS X and Linux - that is _not_ platform agnostic - what happens if I want to play content on my phone or other device not running these OSes? The *only* way to be platform agnostic is to use an open standard and thus allow anyone to implement a player for a platform of their choice.

I'd prefer the DRM version then to wait for some form of non-DRM equivalent to be implemented!

As a licence payer, I would prefer them not to waste my licence fee on this crap if they aren't going to implement it in a platform agnostic way in accordance with their charter. Using the licence fee to pay for a system that can only be used on a platform produced by a single vendor (a totally unethical vendor at that) is unacceptable.

Re:Geeks do- everyone else doesn't.

[Yer Mom]

Pay for it (requires a credit card)

Not always. You can buy iTunes credit (in £15 or £25 blocks) in supermarkets in the UK, and they take cash. Not a great deal of use if you just wanted to buy a couple of tracks, mind...

usage Nazi: "begs the question"

[FreeBSDbigot]

No. Nope. Uh-uh. It does not beg the question [wikipedia.org].

Re:Geeks do- everyone else doesn't.

[Applekid]

The subtle wordplay in the statement that perhaps wasn't entirely obvious is that a dishonest person, dedicated enough, could break/pick/destroy the lock anyway.

Re:hmmmm

[Anonymous Coward]

..begs the obvious question

Beg what? You sure? Read this [begthequestion.info].