With the pending court cases around Europe and Steve Jobs’ recent open letter ‘Thoughts on Music’ there’s a lot of talk about DRM at the moment, so, I thought now might be a good time to have a closer look at what it’s all about. In this article I’ll start by having a look at what DRM is, what effects it has on us, the consumers, and why I feel it will never work. I’ll end by having a look at how DRM is counter-productive for the content producers and at some alternatives.

[tags]DRM, Piracy[/tags]

So what is DRM? The acronym stands for ‘Digital Rights Management’ and as the name suggests it refers to software systems designed to control what people can do with digital media like music and video. The idea is that the content is stored in an encrypted form and can only be played back by software that is approved by the authors of the DRM, the software controls the use of the media in accordance with the rules of the DRM in question. There are two things you should note about this, firstly, this immediately ties the consumer to certain programs, and hence certain platforms, and secondly, this entire system is dependent on the software being based around some form of secret (i.e. security by obscurity).

The motivation behind DRM is to prevent piracy. This is why it has been embraced by content producers like the big music labels and movie studios, they see it as a panacea that will end their perceived losses due to piracy. From the point of view of the consumer however, it is nothing other than an encumbrance. It gets in your way when you want to play back your content on your choice of platform or device, it gets in the way when you want to back up the music or movies you have legally bought, in short, it stops you doing what you want with stuff you have paid for. Because of DRM it is not possible to play the music you buy with any software you want, or with any portable player you want. Instead you have to use specific software which is generally not available on all platforms, and you have to use specific portable players. This is obviously nothing but an annoyance for consumers. In order to make this seem more palatable to the average consumer the large companies have come up with imaginative names for their DRM technologies like Fair Play and Plays for Sure but ultimately all DRM gets in your way, the only question is how much.

Because of the dominance of the iPod and the iTunes store the most common DRM technology you are likely to meet is Apple’s Fair Play. I have an iPod, I use the iTunes Store and a lot of my music is ‘protected’ by Fair Play. Personally I don’t feel it gets in my way too much except that I can only play my music with iTunes and on my iPod. I can’t play it in Linux, or with the music software of my choice. I’m also a bit of a nerd so I have a lot of computers but Fair Play only lets me play my music on a maximum of five computers. For the average person that is probably enough, but I’m starting to run into problems!

Apart from being just annoying DRM can also have much more negative affects on consumers and their machines. Two examples in particular spring to mind. The first is the fiasco when Sony intentionally shipped music CDs that contained software to hack every PC that the CD was inserted into. The idea was to prevent that machine ripping the CD. The software that was installed was a root-kit and it had the nasty side-effect of leaving the PCs it was installed on open to malicious attack. Basically, in the name of DRM Sony illegally hacked people’s computers and installed dangerous software. They were forced to pay some fines and replace the CDs but personally I think they got off FAR too lightly for a criminal act like that.

The other example is Windows Vista which has really gone DRM mad to the point that it is seriously getting in people’s way. When you are playing DRMed content in Vista almost 100% of your machine’s resources are diverted to protect that content, this means you can’t do anything else on your machine other than watch the content, forget about multi-tasking, that’s a thing of the past if you want to enjoy DRMed content! For all the details you could possibly want on the DRM technologies in Vista and full details on why it’s bad for users check out episodes 74, 75 and 77 of the Security Now podcast.

It’s obvious that DRM is not in the interest of regular people like you or me. We gain no advantage from being encumbered by DRM, only problems. Hence, the only possible reason for its existence is to keep the content providers happy. They believe that it is protecting them. It is certainly true that Apple could never have gotten permission to sell music online without implementing DRM, the big four record labels would never have stood for it! So, the reason we have ended up where we are is that the content providers believe DRM protects them. The question is, does it?

I’d say the evidence is pretty clear on that, and the answer is a resounding NO! If you don’t believe me, fire up your favorite peer-to-peer file sharing software and search for what ever ‘s in the charts at the moment. It’s easy to get at pirated content. It’s everywhere! So why has DRM failed? It has failed because it is fundamentally flawed. The problem is that it depends on some form of secret to work. That secret means interoperability is not practical because secrets get out too easily when lots of people know them. It also means that any computer that can play DRMed content has software that KNOWS the secret installed on it, so smart hackers/crackers will always be able to figure it out. Windows Vista is a great example. It’s jam packed full of the latest and greatest DRM technologies but it wasn’t even out a wet week before reports came out claiming that the DRM had already been cracked! Bottom line, all DRM gets cracked because the ability to un-encrypt the protected content HAS to be on your machine. The reason no un-crackable DRM has yet been invented is because it’s impossible to do! Security by obscurity is a fundamentally flawed concept.

Because DRM doesn’t work, and indeed can’t work, it is actually having the inverse effect to what it was intended to do. It is NOT preventing piracy, but rather, encouraging it! Consumers have a simple choice, they can either pay to have content they cannot use as they wish, or they can get un-restricted content for free. Which is the more appealing? Would you rather pay for music you can only play on one player and on one brand of portable player and on no more than five computers, or would you rather have content that you can use with any software, on any OS, on any portable player, and on as many machines as you want? This is why it’s high time DRM came to an end. All DRM has managed to do is annoy people. It has not prevented piracy and never will. The more the content creators treat you and me and everyone else as criminals, the more people will fight back, and the less likely they will be to part with their hard-earned cash for restricted content.

So what’s the solution? I think it’s pretty simple, make it easy to buy music that consumers can actually use as they wish and you’ll soon see a rise in legitimate music purchases and a fall in piracy. Since DRM can’t be made interoperable without distributing it’s secret and hence weakening it, the simplest option is of course to bin DRM and just give out totally un-restricted content. That may sound extreme but sites like eMusic are doing just that and it’s working well for them. There are also other less drastic options for fighting piracy that do not restrict the consumer. I recently purchased an un-DRMed movie online. The download I got has a unique watermark in it that ties my copy of the movie to me via my credit card. If that copy is put on bit torrent or some other peer-to-peer network I’ll be held responsible. However, I have a DRM free movie that I can use on any computer, with any operating system, and any player I want. The only requirement on me is that I not be a criminal. Sounds fair to me!