The DRM Scorecard 543
An anonymous reader writes "InfoWeek blogger Alex Wolfe put together a scorecard which makes the obvious but interesting point that, when you list every major DRM technology implemented to "protect" music and video, they've all been cracked. This includes Apple's FairPlay, Microsoft's Windows Media DRM, the old-style Content Scrambling System (CSS) used on early DVDs and the new AACS for high-definition DVDs. And of course there was the Sony Rootkit disaster of 2005. Can anyone think of a DRM technology which hasn't been cracked, and of course this begs the obvious question: Why doesn't the industry just give up and go DRM-free?"
Geeks do- everyone else doesn't. (Score:5, Insightful)
It discourages casual copying, nothing more, but I can't imagine it was intended to do any more. Nobody's that stupid.
The only thing not cracked yet... (Score:5, Insightful)
Re:Geeks do- everyone else doesn't. (Score:5, Insightful)
To do otherwise is naive at best.
Re:Geeks do- everyone else doesn't. (Score:5, Insightful)
Ummmm, lets think about that:
1) It only takes ONE person to "crack" and copy music, a movie, etc. and make it available to all the average Joes.
2) It only takes ONE person to create a patch or an app and every average Joe can use it.
Where do these newbies come from on here? Sheeez.
DRM isn't supposed to be foolproof (Score:5, Insightful)
The same effect has been observed in software for years, Windows XP had an activation thing built in, anyone who knew what they were doing would bypass it, anyone who didn't (and didn't know anyone who did) would eventually go and buy superfluous copies of software they already owned.
Bad arguments and bad reasoning (Score:5, Insightful)
"When you list every major law implemented to "protect" life and property, they've all been broken. Can anyone think of a law which hasn't been broken, and of course this begs the obvious question: Why doesn't society just give up and go law-free?"
DRM doesn't have to be perfect to do its job, anymore than law enforcement has to be "perfect". It just has to be effective enough to keep Joe Average from copying the file. Whether or not DRM is actually "good" or "bad" for media producers is a completely different argument, but Wolfe's sophomoric reasoning does nothing to address it.
Why DRM? (Score:4, Insightful)
There's a well known saying "Locks secure you against honest people" (or words to that effect).
The hard-core/organized/professional criminals have the skills, technology and motivation to bypass these "security measures".
Remember people, locks aren't about making you secure, they're about making you FEEL secure.
s/locks/airport security screening procedures/
s/locks/the department of homeland security/ (well, that and political empire-building and creating a police-state by stealth)
Smokey The Bear Says: Only YOU can prevent the violation of your civil rights "in the interest of National Security".
Re:Geeks do- everyone else doesn't. (Score:5, Insightful)
Given that assuming everyone in the entire media industry has the combined intelligence of a bowl of fruit is irrational and unreasonable, malice (although not exactly the "Buwahahaha evil" type of malice) is the most reasonable explanation.
All bank vaults and locks have also been cracked (Score:4, Insightful)
A mechanism that is difficult to crack (whether that is a physical lock or DRM or password) makes it harder for the cracker and reduces the likelihood of someone actually doing the cracking. That removes casual crackers from the equation.
It also makes the cracking act more deliberate and makes it far harder for someone to claim: "That diamond got in my pocket.... I just found it on the sidewalk and thought it had been thrown out." or "Oh that music on my MP2 player... I thought it was free!"
Re:Geeks do- everyone else doesn't. (Score:5, Insightful)
The point was that the RIAA/MPAA is taking a dual-pronged approach, as is visibly obvious- they are targeting torrent sites with an offensive barrage of lawsuits to prevent downloading and they are targeting the media with an offensive barrage of DRM to prevent casual copying which is decentralized and untraceable.
Is this approach effective? To some degree, yes, it is. Will it ever be 100% effective? No, it will not.
A Long-Standing Illusion (Score:5, Insightful)
There's only one copy protection system I know of that hasn't been (meaningfully) cracked, and that's MediaCipher, created by Motorola for the cable TV crowd. Ironically, it was one of the first ones ever created. (Of course, it helps that the boxes implementing MediaCipher are only rented -- never sold -- to end-users.)
Copy protection next showed up in a major way for computer games, most notably for the Apple ][ computer. This fetish briefly spread into applications software as well as games, until the users thundered, "No Fscking Way." It took about four to six years for this to shake out.
Despite the fact that there is no conclusive evidence that copy protection has any meaningful impact on sales, anti-copying measures are still used extensively, but by no means universally, throughout the games industry. In particular, Unreal Tournament's initial anti-copying measures are little more than perfunctory, and are later dropped entirely.
Near as I can determine, copy protection advocates claim as axiomatic that unsanctioned copying will depress sales to livlihood-threatening levels. They cleave to this axiom with a fervor usually associated with religious fundamentalists. However, every time this axiom is honestly examined, mitigating or even entirely contradictory evidence is discovered. Yet the myth persists.
It's not the technology we need to combat (since Turing proved it can never work). It's the defective thinking.
Schwab
Re:All bank vaults and locks have also been cracke (Score:5, Insightful)
I'd say that DRM schemes are like having one giant bank vault. Yes, it will eventually get compromised, and once it is, everything inside is trivial to take.
Re:Bad arguments and bad reasoning (Score:3, Insightful)
Re:Geeks do- everyone else doesn't. (Score:5, Insightful)
That's an interesting viewpoint.
Are you also of the opinion that auto industry executives hold the naive view that auto theft-deterrent systems are infallible?
When I first got into the Apple warez scene in the early 80s, I asked somebody older and wiser why, say, they bothered to put copy protection on Wizardry when clever guys like me could easily crack it.
"Because," he pointed out, "if the copy protection prevents just one person from copying it, it's done its job."
And that's why copy protection on CDs and DVDs exists today: to deter casual copying. Much to their disadvantage, most people out there just aren't as technically adept as Slashdot readers.
Can you clarify why you believe that folks who use DRM don't understand this? It requires quite a stretch, but if you think you have solid evidence, I'd like to hear it.
Uncracked DRM (Score:3, Insightful)
My idea of a cracked DRM is one that allows you to use the product exactly is if the DRM was not included. I think starforce which is used for gaming was never fully cracked. At least not the latest version. I remember seeing a crack for a game (I forgot its name, go figure) which used starforce that required you to physically unplug your dvd drive from the motherboard in order to work... Starforce was such a violent protection that even the game companies themselves decided to ditch it. It would do havoc to your machine and I even heard several cases were a DVD drive was rendered useless because of it.
As someone has already mentioned, no DRM is uncrackable but some of them require a lot of work. The DRM's of popular products will always be cracked because of the demand but there are many people who use niche products that are usually not worth the effort for the skilled crackers. These will just have to take the pill and suffer quietly.
Re:Why DRM? (Score:3, Insightful)
So you never lock your car, or your house, or anything you own?
Re:Geeks do- everyone else doesn't. (Score:5, Insightful)
So take this "deter casual copying" crap and smoke it. If the residents of MySpace can work out how to copy and trade DRM'd stuff then anyone can.
Re:Apple iTunes Video (Score:2, Insightful)
DRM and honesty (Score:3, Insightful)
The purpose of DRM is to force honest people to repurchase music every time the format changes.
Once you understand that, the obsession with DRM makes more sense.
Re:All DRM has been cracked? (Score:2, Insightful)
Re:Geeks do- everyone else doesn't. (Score:3, Insightful)
Re:All bank vaults and locks have also been cracke (Score:5, Insightful)
Fundamentally, you're spot on. It is a hell of a lot worse than bank vault security. You can't have the party it's secured against also the one it decrypts for. It just makes no sense! All DRM is crackable by definition, they know this, they just want to make it as much of a hassle as possible.
The Alice and Bob analogy (Score:5, Insightful)
In cryptography, we have an explanation using Alice and Bob [wikipedia.org]. Alice is communicating with Bob, while Eve (eavesdropper) tries to decrypt the message. Alice and Bob have the key to decipher the message, but Eve doesn't. She wants to decrypt the communication *without* the key.
A --- E --- B
Alice in this case, is the Digital Media producer (or encrypter), and B is your DVD. You're Eve. The problem with DRM is that Eve *HAS* the key. By cracking the DVD software (some disassembly, debugging and you're done), Eve can obtain the key from Bob.
A --------- B E
This is the problem with DRM. It's flawed by design. The DMCA is a legal "patch" to this algorithm, punishing Eve if she gets the key from Bob. The problem with DMCA is that the punishment doesn't apply to all countries, and trying to enforce it results in attacking freedom of speech.
Re:Geeks do- everyone else doesn't. (Score:4, Insightful)
Are you also of the opinion that auto industry executives hold the naive view that auto theft-deterrent systems are infallible?
Re:Geeks do- everyone else doesn't. (Score:2, Insightful)
Locks are for Honest People (Score:2, Insightful)
The fact is, humans need these reminders. They give people who know what is right permission to do the right thing.
Re:Geeks do- everyone else doesn't. (Score:5, Insightful)
If they determine that the cost of adding DRM (licensing fees, lost sales, etc.) is less than the benefit (more legal purchases in place of casual copying), then they can say that DRM helps them (in the short term). I think that they have believed this to be the case.
Re:All bank vaults and locks have also been cracke (Score:3, Insightful)
Re:Apple iTunes Video (Score:3, Insightful)
Re:Geeks do- everyone else doesn't. (Score:5, Insightful)
The question is not whether people can do it, its a matter of whether they actually will.
To get DRM-less content, they need to:
Each step filters people, and those people pay. Simple as that.
The real question is how long the RIAA will take to realize that there are alternatives to this model.
Re:Geeks do- everyone else doesn't. (Score:4, Insightful)
And that's why copy protection on CDs and DVDs exists today: to deter casual copying. Much to their disadvantage, most people out there just aren't as technically adept as Slashdot readers."
'Cept most are adept enough to just download a copy from someone whose already cracked and transcoded it.
Re:Geeks do- everyone else doesn't. (Score:5, Insightful)
It's the convenience, stupid (Score:3, Insightful)
"Available" is a relative term.
For your average iPod-buying Joe, it's easier to find a desirable song by buying a CD on the way home or to search and download it from the iTunes Store, than it is to find a reliable and spyware-free Gnutella client, search for the song, eliminate all the junk matches, find one that's good quality, and download it.
I like using the iTunes Store to download singles because it's MUCH more reliable and usable than browsing for free MP3s, as long as the iTunes Store actually carries said singles. It's also much, much faster at downloading movies.
For the non-geek, legal DRMed media files are generally easier to find, easier to download, faster to play, and usually have their metadata tagged properly too. The only downsides are that you can't give it away to your friends and it costs more. But like Linux, cracked multimedia files are only free if your time is worth nothing.
Re:Geeks do- everyone else doesn't. (Score:3, Insightful)
Which is what the MAFIAA continues to say, and I find it a bit insulting. It's basically implying that all honest people would instantly be dishonest, were it not for the wonders of locks or DRM.
Anyway, I disagree. The point of a lock is only sometimes to "keep honest people honest" -- for example, a bathroom door which is normally closed should have a lock, so you know when someone is in there. This is certainly not the case of other locks, for example -- it's not as if people think an unlocked front door or an un-DRM'd file is an invitation.
The point of a locked front door is, it deters people without training in lockpicking, and if it's sufficiently well done (deadbolt, etc), it can be difficult or impossible to enter without leaving significant damage, or creating enough noise (with the alarm, if the lock fails) to alert the neighbors.
In other words, it's not to prevent someone from getting into your house, it's more to deter them, and to prevent them getting away with it. DRM does neither effectively.
Well, Apple did it -- watermarking. It could be done much more subtly, though, probably some type of stenography -- hopefully nothing that'd worsen compression much, possibly only at certain points in the file, hopefully in a way that could withstand re-encoding. The trick would be not to reveal any details about it until people are already leaking their copies, then start nailing people based on it -- again trying to keep the details confidential as long as possible.
It would eventually be defeated, but it's a much better way of deterring people from sharing those files in the first place. DRM, as currently implemented, controls far too much (watermarks in no way prevent fair use), and doesn't really deter anyone -- because you know whether it's cracked or not, and once it's cracked, it's no more dangerous than any other cracked media. But watermarks, you never really know if it's cracked, and if it's not, you'll be able to watch it, but they will be able to track you down.
I think the fact that the majority of the industry uses DRM instead of watermarking proves that DRM is about control, not about stopping piracy.
Re:Bad arguments and bad reasoning (Score:2, Insightful)
It has nothing to do with content protection (Score:5, Insightful)
http://www.theinquirer.net/?article=29161 [theinquirer.net]
-Charlie
Re:Geeks do- everyone else doesn't. (Score:3, Insightful)
Re:Geeks do- everyone else doesn't. (Score:5, Insightful)
Re:Geeks do- everyone else doesn't. (Score:4, Insightful)
With you there, I could find the cracks (easily); mostly I don't care to
Not necessarily, a lot of people, like me, simply say "fuck it" entirely and stick to what they already have.
Re:All bank vaults and locks have also been cracke (Score:3, Insightful)
Now, obviously the honor system doesn't work. If DRM vanished tomorrow, most Slashdotters would still keep downloading. It provides something to bitch about more than anything. The fundamental problem is that Slashdot has decided it doesn't like the media industry's business model. It doesn't actually have anything to do with DRM in the overwhelming majority of cases--precisely because every single kind of DRM has been cracked. It's not a real deterrent to Slashdot. But it's good for the go to pretend that it was supposed to be and you beat "the man."
The only real deterrent is the law, which is why there's all the sabre-rattling here. You don't want to pay for the content. You've all but declared it every single time this issue comes up. There aren't many people here who carve a rational balance. Most of you will continue getting it for free because a) you can and b) you don't think they deserve money in the first place (or "not as much as they charge" in the truest mob fashion). Rationalize all you want, but that's all it comes down to.
There need to be massive changes in the media industry. Lots of things which are fundamentally clear have become confused in the fiery rhetoric and the balance is wrong. But if you won't come to the table, why should they?
Re:Geeks do- everyone else doesn't. (Score:3, Insightful)
The casual copiers of today visit a p2p-network and download the already-cracked, unprotected files. They don't notice that these files ever had DRM.
Re:Geeks do- everyone else doesn't. (Score:3, Insightful)
>"That's right!"
It's more like the media execs were asking for it, so the IT execs sold it.
I work in one of those huge companies that defined those crackable, ineffective DRM standards.
I'm a security expert in that company. I know the other security experts. There's not one of them that believes the DRM standards can work, because we understand that DRM cannot work from a fundamental point of view. It is an intractable problem.
So the engineers and security experts that defined those standards, in my opinion, to a one, did not think the DRM standards would last long and as such, dutifully rolled out the pointless technical specs knowing in the long terms it would not matter. The keys would fail. The IT execs got their solution based on unsupportable assumptions (the keys in the equipment can be hidden from the owner of the equipment) and the unsupportable assumptions turned out to be just that. The media execs got what they asked for and were disappointed when they found that the assumptions were so easily violated.
What failed, as is typical, is that the execs were deaf to the technical arguments of the experts and went for it anyway. They will do so again and again, because snake oil sells.
Re:All bank vaults and locks have also been cracke (Score:4, Insightful)
But there is no uncrackable DRM-technology. There can't be. By nessecity the users machine MUST contain all the information needed to decode the media. If it didn't, it couldn't display it. If it can display it, it fundamentally CAN also save it in an unrestricted format.
Yes, it may be more or less tricky to get at the keys. But it'll always be *possible*.
Re:Geeks do- everyone else doesn't. (Score:2, Insightful)
You know that's satire, right?
I don't disagree. I'll admit to opening the occasional medicine cabinet. But I don't actually CARE what I see, and I'm certainly not trying to swipe anything. These days voyeurism is practically a national past time, not a vice.
Re:Geeks do- everyone else doesn't. (Score:4, Insightful)
Re:Geeks do- everyone else doesn't. (Score:3, Insightful)
Locks are a good way to keep honest people honest, but they should be simple and unobtrusive. The reason why we have key locks on our front doors instead of complicated biometric systems (this may be the wrong audience for this comment) is that they are simple, cheap and less prone to failure. The DRM systems created today are complicated, expensive (especially in hardware cost), unreliable and confusing. A simple restriction against copying marked files in software would do just as well to keep honest users honest and would avoid all the complexity and expense.
Neither DRM nor simple copy prevention will protect against users who really want to get around it as the problem of protecting such media is fundamentally impossible to solve. Even if a perfect system could be devised, until the day CDs become obsolete unrestricted copies will be widely and easily available. Neither consumers nor hardware manufacturers have much incentive to actively support DRM, even if most consumers are only apathetic. Simple economics and the constant competition between vendors will prevent DRM from gaining the strangle-hold required for it to be effective, which is fortunate for us all since such a strangle hold would create its own problems.
The best form of DRM would be standardised machine-readable copyright information that could be embedded as metadata in or alongside a file. This would at least force users to knowingly override copyright restrictions when they copy restricted files. Do this right and you could even get adoption in open source operating systems - I can imagine uses tracking ownership of code and managing packages.
Keys work locks (Score:5, Insightful)
Locks are a good way to keep honest people honest, but they should be simple and unobtrusive. The reason why we have key locks on our front doors instead of complicated biometric systems (this may be the wrong audience for this comment) is that they are simple, cheap and less prone to failure.
Re:Geeks do- everyone else doesn't. (Score:5, Insightful)
Here's music exec Joe Shmoe. He's fairly intelligent when it comes to business related topics. He has a masters in BA. He doesn't understand jack about all that computer stuff, but that's not his biz. His biz is music.
Then here's Alex. He may or may not have a degree, but he sells Joe the DRM tools for his music. He knows both, commerce and computers.
Joe realized that Alex' DRM tools were cracked. Alex knows that too, and he knows well that the spin of "we make it uncrackable" doesn't hold water. But he also knows how Joe thinks. His selling strategy thus is:
1. Cracking DRM is another burden, which keeps a few more people from copying.
2. Cracking DRM has been made illegal, which keeps another few more from copying.
3. Our DRM solution costs less than the losses due to illegal copying.
Joe understands that. And thus Joe buys.
DRM is here to stay! (Score:3, Insightful)
Frist off, digital piracy isn't that different from brick-and-mortar piracy -- sellers will always try to find ways to prevent theft, and those who want to pirate stuff will always find ways to circumvent the checks. This is human nature and the it'll probably never change.
Second, while we (rightly) think that the RIAA could save itself a lot of effort by revamping its model, that argument doesn't scale to other media. For example, movies. Movies are expensive to make, and don't sell in the same volumes as songs. The RIAA might easily solve its problems by moving to an AllOfMp3-like model, and pricing structure. But the MPAA won't be able to do the same -- charging 10 cents a movie will mean that they need to sell about 150 times the volume to make similar profits. Charging even $4 a movie will be enough incentive for people to go back to bittorrent. So clearly, its a never-ending tug of war, and while we think the RIAA/MPAA should in good faith adjust it's pricing model etc. the MPAA (at least) can't rely on the same good faith from its customers.
But of course, the RIAA and MPAA are not blameless. And neither are Apple and MS and anyone else creating DRM schemes for multimedia formats (in fact, perhaps the Apple and MS folk are more guily than the RIAA/MPAA. Thier real sin is, they are trying to exploit a side-effect of DRM by not openly licensing thier DRM schemes and not making them interoperable/platform-agnostic. They have seen the side-effect of locking in customers by not licensing thier DRM schemes and by using proprietary formats, and they're frothing at the mouth with the possibilities of locking in customers, and getting duplicate revenues from those that do defect.
At one point, I was actually willing to give MS some props for trying to rally the industry around a single DRM scheme (PlaysForSure) and keeping the API for it open. The lack of PlaysForSure on Macs and Linux is a big problem, and using WMA is a bigger problem, but the real sin was when they came out with yet another DRM system for the Zune. (Unless their PlaysForSure contracts made it a necessity by stipulating that MS will never come out with a PlaysForSure device or something like that - I wonder).
And Apples fault is in how they choose to license FairPlay. They seem to have some arbitrary 'coolness factor' that needs to be met before they license FairPlay (which they do license out). For example, it's clear that the Xbox ppl have given iPod integration a lot of importance, and they must surely have approached Apple to license Fairplay so that even protected songs could be streamed to the 360 from a PC/Mac or iPod. The fact that this doesn't work today can only be because Apple did not license FairPlay. A terrible sin, for what would have been a very cool and easy to use feature. They did not think about the benefit to their users first -- they thought about lock-in instead.
This is really what's wrong with DRM today. Companies are having a field day with trying to lock in consumers, and not giving any thought to enabling them to use thier property in as many fair ways as possible. The focus is completely on lock-in, and disabling, rather than enabling, and maintianing an audit trail without hindering.
The solution might come from the market, in time. But for that people need to be very vigilant about shunning DRM schemes until these companies learn thier lesson and start inter-oprating with each other. That doesn't look like its happening anytime soon -- what with iTunes downloads crossing the 3 billion mark the other day. Consumers only have themselves to blame if they endorse DRM in this manner.
The solution might come faster through litigation. Either through class action lawsuits (iTunes customers who want to migrate so a non-apple mp3 player, who get pissed because thier collections are now worthless), or Congress (ve
Casual Copying / Fair Use (Score:3, Insightful)
Nor does it try to prevent the street sellers, who mostly buy their stuff from the above, mass duplicate and sell cheaply.
What it's intended for, is to screw more money out of the average consumer.
When i was a kid, my parents would buy me music on vinyl records, and record them to audio cassette for me to play, because being a kid i would invariably ruin the media at some point. When that happened, they would make me another copy. Similarly, they would make copies to play in the car (tapes often got damaged if they were left on the dashboard in hot sunny weather, and i doubt there are many cars which can play vinyl).
DRM will stop these law abiding citizens from making their own personal-use copies, and force them to buy multiple copies of their media, and there are even more reasons to format-shift now:
CDs - to play in the car
CDs - for kids to destroy
Digital files - to play on a media center
Digital files - for an ipod or cellphone
Ofcourse, those who pirate media will continue to do so, and will be better off than those who don't. Eventually more of those people will choose to pirate media instead so that they gain the benefits of drm-free media.
Re:Geeks do- everyone else doesn't. (Score:3, Insightful)
I can't tell if they are stupid or evil, but I always thought business men were really smart, learn really fast and have a huge outlook. None of that can be said about music industry executives.
I guess they've been sitting on their asses receiving a shower of money for too long. They can read the writings on the wall, but it's too much for them to handle.
My country has a lot of textile industry. Years ago, the WTO decided to open the textile market to China in 10 years. The industrials had 10 years to change their business models, and did nothing. The 10 year period has ended and Chinese textiles invaded the market. Now they are all crying and demanding government protection. Factories are shutting down like crazy and many people are being thrown into unemployment.
Just like the oil business executives, they stick to their dying business model and try to protect it with all kinds of artificial measures. They just can't face the truth.
Re:Geeks do- everyone else doesn't. (Score:1, Insightful)
That of course assumes there is no such thing as an honest person.
After all, a truly honest person wouldn't need to be locked out of your house. An honest person, being honest, wouldn't consider stealing in the first place. Otherwise he isn't exactly honest, is he?
Your friend may be older, but he ain't a whole lot wiser.
Re:Geeks do- everyone else doesn't. (Score:4, Insightful)
Re:Geeks do- everyone else doesn't. (Score:3, Insightful)
A simple example is your front door. Locked or not, one kick and someone has access (assuming you have a normal wood-framed door).
Another example, with 5 minutes of research, and a $20 device, you can open most locked car doors. Ever call triple-A? It takes them less than 5 seconds to open most car-doors. 3-seconds with mine.
The GP was correct, locks keep honest people honest. They do nothing for stopping dishonest people. The same goes for DRM.
Re:Geeks do- everyone else doesn't. (Score:2, Insightful)
Would I like a world where everybody is honest? Sure. But I, by far, prefer a world where everybody is free.
Re:Geeks do- everyone else doesn't. (Score:2, Insightful)
Unfortunately this results in (for me, and many others, I would guess)
Oh, and by the way. I'm not arguing my points on a moral basis. Of course you should buy your copyrighted intellectual property from the legal copyright holders. What I'm saying is simply what I do!
Re:Geeks do- everyone else doesn't. (Score:5, Insightful)
Re:Geeks do- everyone else doesn't. (Score:2, Insightful)
You left out
4. Joe's company gets bad press for selling CDs that don't work in many cd players
5. Joe's customers go online to download copies of the CDs they bought but now can't play on their computers, rip to their iPods, etc
6. A percentage of the customers mentioned in 5 decide that since they are downloading songs from the CD they bought (which Joe's propaganda campaign has been telling them is illegal anyway) they might as well download music from other CDs (which they haven't bought) too
7. Retailers get sick of having to deal with Joe's CDs being returned at a much higher rate than anything else since people consider discs that won't play on their particular hardware defective.
8. Sales of Joe's CDs plummet [wsj.com] while his competitors cash in [arstechnica.com] by promoting the fact that their music is DRM free