DRM does not work
by Volker Weber
DRM depends on encryption. Encryption depends on secrets. Since you need to know the secret to decode what has been encrypted, you must obtain the secret to view/hear what has been encrypted. Although you possess the secret, DRM system go to great length to keep you from ever knowing it. However, once in a while somebody makes a mistake and the secret escapes. This has happened many years ago with DVDs, and now has happened again with HD-DVDs.
Once the genie is out of the bottle, you can't get it back in. The only thing you can do is to invalidate the secret and issue a new one*. Which means breaking all existing players. And the cycle begins again.
As it happens, some people will try to put the genie back into the bottle. As it just happened at digg.com, who received a take down notice for a link to the secret. They complied only to find themselves in front of a stampede of angry users:
Repeat after me: DRM is bad for the customer.
*) This a bit simplistic. There is more than one secret. But if one of them escapes, the door is open, unless you no longer use it.
Comments
"[...] Since you need to know the secret to decode what has been encrypted [...]"
Especially when talking about digital media streams, wouldn't it be technically more correct to differentiate between encoding/decoding (which does not need a secret) and encrypting/decrypting (which does need a secret)?
Ok, call me picky, but to play a not DRMed track I need to decode it and to play some DRMed track I additionally need to decrypt (i.e. need the secret).
Picky, but not picky enough. If I remember correctly, Bruce Schneier said in Applied Cryptography that the term "en-/decrypting" is offending to some cultures - the politically correct term would be "en-/deciphering" :)
After years of trying there are now multiple proofs that the DRM concept doesn't work.
What's the point with RIAA for getting ridiculed once more?
Or are they really that arrogant to believe they can keep outsmarting everybody out there?
Well, there's a lot of smart people at the music companies. The problem is, they're not technology people .... so they're fairly vulnerable to people telling them technical solutions will work, when they won't. Because of their technological innocence, I would say. When we first went to talk to these record companies -- you know, it was a while ago. It took us 18 months. And at first we said: None of this technology that you're talking about's gonna work. We have PhD's here, that know the stuff cold, and we don't believe it's possible to protect digital content.
Steve Jobs
Spot on!
Thanks Hanno... :-)
