The DRM Scorecard

An anonymous reader writes "InfoWeek blogger Alex Wolfe put together a scorecard which makes the obvious but interesting point that, when you list every major DRM technology implemented to "protect" music and video, they've all been cracked. This includes Apple's FairPlay, Microsoft's Windows Media DRM, the old-style Content Scrambling System (CSS) used on early DVDs and the new AACS for high-definition DVDs. And of course there was the Sony Rootkit disaster of 2005. Can anyone think of a DRM technology which hasn't been cracked, and of course this begs the obvious question: Why doesn't the industry just give up and go DRM-free?"

Cracking DRM needs to be easier to use

[Anonymous Coward]

we (geeks) can do it because we are prepared to go through the many steps to remove the DRM
the average joe needs a (free) really easy (integrated) app that strips the DRM, no command line stuff or blind them with options
and (in|un)stallers hell i bet they dont even know what DRM is other than the dialog in their player saying "sorry you dont have a license"
just a simple .exe "click here to remove any DRM found on your system",
no need for finding keys or running multiple apps to crack it just a press button and joe can play his file again

the easier it is to do something the more people will do it

Re:You mother fuckers are pissing me off

[v1]

you're trolling, but with a valid point. The bottom line is that the idea itself is fundamentally flawed. You cannot give the public limited access to information that requires their full access (however carefully managed you make it) without making it vulnerable to defeat. The only true three purposes at this point are (1) to make casual infringement difficult enough to be inconvenient, (2) to prevent use of IP in a way that you really don't feel like letting them use it, and (3) to give them a legal defense. (if you fail to defend your IP you tend to lose it in court)

They know how evolution works. The most draconian systems they come up with today will be childs play eight years from now. So in reality, for as nasty as they look now, they will be almost pointless 10 yrs from now. (look at CSS...) So what they're doing now really this isn't any worse than CSS was when it was made, relatively speaking. Six years from now we will look at this and yawn, as we feed a spindle of old blue rays into a reader (at 25 seconds each) and download our entire collection to our data cube.

Cable HDTV DRM

[nukem996]

Last I looked Cable HDTV DRM still hasn't been cracked which sucks if you want to use a myth box. You can only get an HDMI with HDCP signal out which I also don't think has been cracked. I really hope they do crack it so I can watch the HDTV that I pay for on my computer whenever I want. As a side note I once talked to my friend(who works for comcast) about driving a GNU/Linux driver for the CableCard. He told me it would be hard and was 100% sure we would be taken to court. The CableCard apparently looks to make sure the hardware using it is certified. Cracking that shouldn't be to hard but apparently the deal that at least comcast has with the content providers is that if there DRM is cracked they have 30days to fix it otherwise they have to recall all devices with the DRM capability and destroy them. Then they can issue new ones with newer DRM, otherwise they risk losing that content.

Re:Geeks do- everyone else doesn't.

[mark-t]

And the irony of all this is that the industry isn't even hurt by typical casual copying, which is often be done for the private use of the copier anyways.

DIVX

[MBCook]

I don't rember ever seeing DIVX [wikipedia.org] ever being cracked. The fact that it failed in the market and you could get the exact same content off of a non-DIVX DVD aside, I don't know of a crack for it.

But everything that has been in use for a little while or on successful product? Yeah, it's cracked. The article doesn't even begin to mention all the software protection schemes that are no longer effective.

We have everything we need... almost

[BlueParrot]

TOR
Plausible deniability
Analogue hole

What we miss is a file sharing program that makes use of a TOR like network and stores the files in a plausibly deniable container by default (i.e no need to be a computer geek) so that everyone can use it. Such a program would essentially be a tactical nuke against the record label's business model. Some time ago I may have considered promoting this immoral, but after I had a night ruined by region codes ( my girlfriend* at the time had bought me a present while visiting the states ) I sort of want to see this bullshit fail as much as possible. Unfortunately I don't know shit about designing a decent network so I can't write the stuff myself, but if things continue the way they do it is only a question of time before somebody does it.

*Yes yes, I know I'm not supposed to have had a girlfriend and post to slashdot... If it helps maintain the stereotype I could disclose that I'm nocturnal, skinny and still living with my mother...

Re:Geeks do- everyone else doesn't.

[langelgjm]

It discourages casual copying, nothing more, but I can't imagine it was intended to do any more. Nobody's that stupid.

Of course not. That's why the MAFIAA and similar parties use the legal system to fill the holes that technology can't. If you can't actually stop everyone from doing it, simply make it illegal, and sue anyone who gets past the initial hurdles.

DRM and IP law, the technological and the legal - the two work in tandem, but I would say that the end goal is perfect control over content. Anything less than perfect control is, after all, simply an unexploited opportunity for profit.

The psychological answer

[Anonymous Coward]

Why doesn't the industry just give up and go DRM-free?

It's impossible for them to trust consumers not to rip them off if given unencumbered music - never mind that they've been doing so with every previous media up to an including the still ubiquitous CD without the ever-predicted imminent collapse of the commercial entertainment industry. I suppose the reason behind the reason is that since, as an industry, they live largely by appropriating the value of the work of others, they naturally expect everyone else in the world to behave likewise towards them.

Pathetic, no?

Re:Bad arguments and bad reasoning

[Anonymous Coward]

Not a perfect analogy: DRM is more like a lock than a law(although the fact that the DMCA makes it illegal to break DRM complicates things, most "piracy" would already be illegal without any DRM scheme cracking). Still, the overwhelming majority of locks in production can probably be picked, and I don't think anyone's suggesting that these locks are useless.

FairPlay on videos not cracked

[Shrubbman]

What annoys me is that while current versions of QTFairUse strip the DRM off audio files just fine, nobody as of yet has put out a simple tool to strip off FairPlay from Apple's video files. If it's the same DRM scheme you'd think they'd just extend FairUse to do video files as well, but they've just not done that. I guess there must be some issue with the exploit they use that precludes using that hole for video as well I suppose...

It's been what, 2+ years since Apple started selling videos and still no crack?

Re:DirecTV

[Dun Malg]

I don't think DirecTV's DRM has been cracked since they replaced it a few years ago.

DirecTV encryption isn't classical "DRM". It's a live, encrypted delivery system rather than a chunk of data in a fixed medium, which makes it a moving target. It would be quite possible (though not exactly trivial) to record a given segment of the data stream and hack the particular key used to encrypt it, thus "breaking the DRM" on that particular block of content. This could not be done in a timely enough manner (i.e. in real time) to make it worthwhile, though, which is why no one does it.

The BBC and Licensing?

[aslate]

Although a rather unusual case when it comes to the world-wide status of DRM, the BBC has a reason for implementing DRM.

As one of the few British channels to make their content available online they have fine line to cross. The commerical channels funded by advertising offer a week or so's worth of TV to download for free with popular shows having a minimal fee (£0.99 to rent or £1.99 to purchase). This is all well and good, but the BBC cannot operate under this model. Either they release their content for free or don't release it at all to the British public.

There are few paths the BBC can take. At the moment for their online streaming media they use Geo-Targeting and attempt to restrict access to the UK public (although this can result in false negatives/positives) but provide the content itself for free. If they make it available to all for free they are breaking several points of their Royal Charter. They can either show the British public the shows for free and without advertising or broadcast it to foreigners with either a charge or adverts, but they cannot show it to the UK audience with adverts or a charge. This is where the problem lies.

The BBC's iPlayer has recently come under fire for being Windows only and DRM-riddled, but what can they do? They can either implement some form of UK-based DRM or not attempt to show programmes online at all. The BBC often doesn't own the content the broadcast in full and therefore aren't able to make their content available without caveats, and many of the companies they produce media in conjunction with require this. Coupled with their charter they are stuck with no online media at all or some form of DRM inbetween. I'd prefer the DRM version then to wait for some form of non-DRM equivalent to be implemented!

Re:Geeks do- everyone else doesn't.

[imtheguru]

Mod parent up.

This is indeed the root of any high-distribution system and is applicable to several domains--piracy, drugs, airborne diseases. It only takes one copy on a viable transmission medium to start the ball rolling.

it really doesn't beg that question.

[buddyglass]

Can anyone think of a DRM technology which hasn't been cracked, and of course this begs the obvious question: Why doesn't the industry just give up and go DRM-free?

The industry isn't trying to make uncrackable DRM. They're trying to make DRM that's just annoying enough so that the majority of users don't go to the trouble. Expert users will always crack whatever they put out. That wouldn't be a problem except for the ease of distribution BitTorrent affords and other P2P services afford. The same principle applies w/ the RIAA lawsuits. They're not trying to sue everyone who pirates music. They're just trying to get enough publicity so that people start thinking, "Gee, if I download that song then there's a chance, however remote, that the RIAA is going to sue me. Even if the law is on my side and I win, that would be a colossal hassle. Maybe I'll just buy it instead."

Re:Geeks do- everyone else doesn't.

[QuantumG]

Maybe you haven't been paying attention, but the RIAA/MPAA are losing.

The Answer: Greed Makes You Stupid

[rudy_wayne]

"this begs the obvious question: Why doesn't the industry just give up and go DRM-free?"

The entire entertainment industry is so consumed with greed that they are no longer able to think clearly. The failure of DRM is so painfully obvious, but the MPAA, RIAA, BSA, etc. are so blinded by greed that they can't see it. To them, the failure of DRM is proof that they need bigger badder DRM along with bigger badder laws to punish people. This is what greed does to you.

The secret to success is simple: make a good product and sell it at a fair price. But when you are bkinded by greed and convinced that you're losing billions of dollars to "piracy", you think that the secret to success is to control your precious "intellectual property" with the most draconian iron-fisted methods possible.

Preventing competition

[bitspotter]

Ed Felten took a whack [freedom-to-tinker.com] at this question a while back that stuck with me in the context of HDCP DRM.

First: Why is the weak system worth spending 10,000 gates for? The answer doesn't lie in platitudes about speedbumps or raising the bar -- any technical bumps or bars will be obliterated when the master secrets are published. ...

So temporary piracy prevention doesn't seem like a good explanation.

A much more plausible answer is that HDCP encryption exists only as a hook on which to hang lawsuits. For example, if somebody makes unlicensed displays or format converters, copyright owners could try to sue them under the DMCA for circumventing the encryption."

Because if there's anything a tech mogul hates worse than his own customers, it's his competition.

DRM in a Nutshell: [r30.net]

An encryption system is a way to deliver information securely, even through the hands of the thieves.

A DRM system is a way to cut out the middleman, and deliver information securely into the hands of thieves directly.

See the problem?

Confusing the thief for the customer is why DRM can never work.
Confusing the customer for the thief is why DRM can never sell.

Re:All bank vaults and locks have also been cracke

[Eravnrekaree]

I dont like the analogy of a bank vault at all. Its not like people are breaking into a video store and stealing videos. These are usually people who have lawfully purchased a video and want to use it for their own private purposes but this has been restricted by DRM. DRM circumvention is often an attempt for a consumer to simply use something they legally purchased for their own private use, such as making back up copies or playing it on their computer, or copying to their ipod. I dont see any problem with that unless they are distributing it to others, Once a person has legally obtained some work, it should be theirs to do as they please with it for their own private use.

We already have copyrights to protect the producers of works. DRM is going too far as it restricts the users rights to use something for their own private use, for which they have legally purchased.

doesn't

[begbiezen]

doesn't matter what anyone says, neither my mom or my dad, nor my three sisters, nor any of my cousins know how to use any tool to remove drm. and i doubt they ever will. most of my cousins and sisters can handle the likes of limewire though.

Re:The BBC and Licensing?

[tkrotchko]

"The BBC's iPlayer has recently come under fire for being Windows only and DRM-riddled, but what can they do?"

Send everybody who pays for a TV license a card with an ID and password.

Person must first log into the web site with their ID and password, and then they can stream the programs using some sort of open CODEC or even Flash.

The solves 98% of the problem. And it's one of those good enough solutions that lawyers and bureaucrats will turn down because they're not thinking rationally. They're looking for a 100% protection solution that can never exist. They're only making it harder for their customers, and it makes no difference to "protecting" the content.

Re:it really doesn't beg that question.

[dido]

They're trying to make DRM that's just annoying enough so that the majority of users don't go to the trouble of buying the product legitimately in the first place. There, fixed it for you. This is a fine line these benighted fools must walk, as they are engaged in marketing a product that is inferior to and which can be more easily and cheaply obtained from illegitimate sources.

perhaps it was too subtle.

[User 956]

You're missing the point. That whole post was about the misuse of the phrase "begging the question". [wikipedia.org]

Re:Geeks do- everyone else doesn't.

[Anonymous Coward]

I purchased Galactic Civilizations II. A huge part of my choice was to support a company that did not put anti-copyright onto their game. I am very glad I did, as this game is one of the best I have ever played. Shortly after purchasing it, I did not play it much. I realized I was not into turn based games. But when I played again a few months later, I realized that I liked this change from FPS and RTS games.

Now after a year of playing it every few months, I realized this was a great purchase. If they had put copy protection on the game, I probably would have just passed it over. I took a chance and I was rewarded. I have purchased quite a few games that turned out to be horrible. Purchasing this one based partly on its choice to not use copy protection felt like just buying another game, except that it turned out to be a wonderful game.

Re:We have everything we need... almost

[AnyoneEB]

Wow, once again showing some truth to the meme that all technology is better in Japan. Winny [wikipedia.org] (and its successors Share [wikipedia.org] and Perfect Dark [wikipedia.org]) appear to be far more advanced than any p2p popular in the US, although Wikipedia points out that they assume high speed connections which are most common in Japan.

What I find really interesting about those programs though is that they are all closed-source Windows programs. Is Windows really that overwhelmingly pervasive in Japan? Or is it just too difficult to write a cross-platform app which looks pretty and has good Japanese language / Unicode support? And why would a p2p app be closed source? That seems very strange to me.

Re:DRM technology which hasn't been cracked (also)

[Anonymous Coward]

I'm thinking of a few dongle based audio applications that are not cracked yet.

For example: Steinberg Wavelab 6 & Cubase 4, Apple Logic Pro, and several other audio apps are incorporating dongles... one of the Arturia soft-synths has it too and remains uncracked.

Now there once was a crew called H2O which cracked the Cubase v3 dongle and it sounds like that was a serious bitch and a really tough nut for them to crack. So IMO these dongle based protections may in fact be raising the bar for copy protection. Not that they are uncrackable, but it sounds like the amount of time/effort/brains required is now prohibitively expensive. And thus several of these applications remained un-cracked. Nobody has been willing or able to successfully pull it off.

From the descriptions of Blu-Ray's protection, it sounds like if a movie/disk is cracked, that crack will only work on that one movie/disk. I think we may be moving into a new era where cracking is so challenging that nobody wants to go through the effort/trouble due to the level of difficulty and complexity.

I guess it remains to be seen. I don't think I ever would buy a dongled application. And I'm generally willing to trail the bleeding edge now. I'll accept lesser quality, or older stuff, for the sake of cheapness, either getting stuff used/discounted, or downloading, etc...

If these big corps can force the majority into paying if they want to use the product, then I'm almost cheering them on. It may bring people to demand more fair changes in the laws back into consumer/masses favor. Or it could spawn more development in the areas of creative commons and linux. Maybe that's part of why people have been so lazy and uninterested in copyright and patent laws. If stuff is so easy to copy up until now, who cares? They get it anyways for free and buy a little bit here and there...

uncracked DRM

[olman]

Hmm.

I propose Xbox 360 DRM.

Essentially un-hacked after all this time. Interestingly enough it's been possible to run warez for long time but ONLY if it's right region and no modification whatsoever is possible (cheats etc)

However, homebrew software, cross-region mods, or any modification to the games: Big Ix-Nay.

Yes, if you go to extreme lenghts and took the necessary steps long time ago it's possible to change the region code of the console. The kernel vulnerability was patched and there's no way to un-patch unless you exploited the vulnerable kernel to obtain one of the encryption keys. Or in other words, if this is news for you, forget about it.

Re:security != technology

[Opportunist]

Good luck trying to get this information past any tie.

I've been in the computer security biz for a long while now. You'd be amazed how many suits think of security as a product to buy, to install and then never think of it again. When you tell them that it should be audited and reviewed every now an then at least (personally my suggestion is every month or at least every two months), they look at me bewildered and reply with something akin to "but we just bought the security you mentioned. What gives, is it not secure?" (implying "Are you selling snakeoil?")

You have no idea how hard it is to get it past an exec's skull that security is an ongoing process and evolving, not something static that you set in stone for now and forever.

Re:It's the convenience, stupid

[icebrain]

But some people enjoy working on their homes, and like the satisfaction of getting done and knowing that they did it. And I know that if my choices were either:

A. work overtime so that I can pay someone to do it, or
B. not work overtime and do it myself

I'd choose B. Working on a house is more interesting than sitting at a desk driving Catia all day, and (usually) the frustration level isn't any higher. It may take me longer overall, but I'd be at home with my family instead of at work.

Re:Geeks do- everyone else doesn't.

[msormune]

Locks also keep dishonest people from stealing things from honest people.

Re:Geeks do- everyone else doesn't.

[Hellkitten]

The GP was correct, locks keep honest people honest. They do nothing for stopping dishonest people. The same goes for DRM.

Sorry that's not what DRM does.

DRM prevents honest people from using the stuff they buy in ways they are legally entiteled to, pissing them off and turning them into dishonest people

The only reason I have on occasion bought DRM burdened material is because I expect the DRM to be breakable, now or later. I'll be doing something that is legal, but not approved by the copyright holder, when converting that material to any format I choose. If I was interested in uploding material and breaking copyright law I wouldn't bother buying anything in the first place, I'd just download it. Unfortunately the RIAA and MPAA and their sister organisations in other countries are continually pushing stronger DRM to keep their product inferior to what the pirates are offering.