Is Interoperable DRM Really Less Secure?

Crouch and hold writes "Are closed DRM schemes like FairPlay more secure than interoperable ones? Based on the number of cracks, it doesn't look like it. 'When it comes to DRM, what history actually teaches us is that one approach is no more secure than the other in practice, as they relate to the keeping of secrets. Windows Media DRM has had fewer security breaches than Apple's FairPlay, yet WM DRM is licensed out the wazoo: there are more than a dozen companies with WM DRM licenses.'"

fairplay vs. wm?

[applegoddess]

Doesn't mean anything when you consider the market share of Apple vs. all of the Microsoft-licensed stores combined. Clearly people will be cracking the more-popular DRM, and that happens to be Apple's FairPlay.

Insecurity vs policy

[Space cowboy]

I'm not suggesting this is official Apple policy, but just because something has been cracked more times than any other doesn't actually imply much. If Apple deliberately set the bar low, then they fulfill their obligation and allow the counter-culture to flourish as much as the "official" party line. Hmmm, who would that benefit ?

I know some very smart engineers at Microsoft, and I know some very smart engineers at Apple. Devising a hard-to-break DRM system wouldn't be beyond any of them, and iTunes really doesn't go to too much effort. I'll let you draw your own conclusions :-)

Simon.

funny

[ArbitraryConstant]

Funny how Apple supporters dismiss this reason when it's applied to Windows security, but when it supports Job's reasons for keeping FairPlay closed it's accepted.

Re:+5 informative

[thedarknite]

and here was me thinking that their licensing was forced into orifices.

Fewer security breaches?

[Incoherent07]

It only takes one. Last I checked the FairUse4WM hole still hasn't been fixed.

It could just be poor implementation

[Infonaut]

Funny how Apple supporters dismiss this reason when it's applied to Windows security, but when it supports Job's reasons for keeping FairPlay closed it's accepted.

You're right to point out the contradiction. However, another way of interpreting it is just that FairPlay is simply not as well-iplemented as Windows Media DRM. That would be an interpretation consistent with the view that Windows gets cracked not just because of its market dominance, but also because of its flaws in implementation. Maybe Apple simply isn't as good at DRM as Microsoft, which isn't necessarily such a bad thing.

Re:Insecurity vs policy

[kfg]

If Apple deliberately set the bar low, then they fulfill their obligation and allow the counter-culture to flourish as much as the "official" party line.

Bingo!

Apple is doing the minimum necessary in order to be allowed to sell content. Microsoft is trying to do the maximum possible in order to sell the security system to the content owners.

Their markets are entirely different, so their products are entirely different.

KFG

Who has the best BAD IDEA?

[IBitOBear]

It's like that thing were people propose a truly horrific law because they know they will be "forced to settle" for a merely terrible law.

No Digital Restriction Management is good. NONE of it.

I am not anti-encryption.
I am not anti-artist.

But any scheme that involves someone "selling" or "giving" me something so provisionally that they can then just take it back is simply a BAD IDEA.

The next step down this road is the one where some Bad Actor gets to send people threatening letters and blackmail that is "unprintable", "read only once", "no screen shot", "read only for 1 minute", watermarked to prevent your camera from taking a picture of the screen. Leaving you, in turn, with no proof for a complaint and then leaving the police with no clues while they are pondering over your corpse.

Eh, so what, at least some music executive is *sure* to get to split the full 99-cents that he ripped off the consumer for, in the name of an artist who got a bill for overages in production.

Oh, wait... which kind of Illegal Prior Restraint (commonly misspelled DRM) was good again?

It is _NEVER_ helpful to repeat the artificially biased question as if it represents something worth answering.

The question, as stated, presumes facts not in evidence, namely that the DRM that is harder to break is in any possible way "Better".

What a silly question

[shaitand]

Since there are no effective DRM schemes out it seems silly to evaluate which are 'more secure'. What do you do; count the ways available to bypass the DRM? There are easy cookie cutter utilities to crack them all.

Wrong question

[j235]

What you should be asking is "Is any DRM really secure?" It doesn't matter how open the DRM scheme is, if there are holes, an enterprising cracker can find them.

Because WMV sucks

[kerouacsgp]

"Windows Media DRM has had fewer security breaches than Apple's FairPlay, yet WM DRM is licensed out the wazoo: there are more than a dozen companies with WM DRM licenses"

Hmmmm.... could it because no one really cares about downloading wmv files? The point is that if the product sucks, no one will bother even to break into it.

Security through Obscurity

[flaming error]

Does Swiss Cheese have more holes when its package is opened or when it is closed?

Digital Data = Copyable

[domukun367]

It seems to me, when looking at the big picture, that digital data is being distributed to customers. Digital data is exactly copyable, due to its nature.

Now this digital data is encrypted, however if it can be decrypted (i.e. played!) then the encryption can be broken. It might prove to be difficult, but it will be broken.

There are two possible ways that the big content distributors can go:

(1) Get rid of DRM and change your marketing and pricing model so that it is convenient and cheap enough for most consumers to just by the media through the channels that they provide.

(2) Remove digital data distribution and instead distribute media in the form of a sealed, enclosed device (with speakers, no other outputs) that only plays the media that you have purchased.

Option (1) is the logical conclusion to most people and the neolithic companies will eventually (maybe in 10 years?) realise this and go with it. Option (2) is just not feasible, due to cost, space and sound quality issues.

You missed a bit

[Space cowboy]

Quite an important bit, actually.

Apple had to sign over the right for the record-labels to pull their entire catalogue from the iTunes store, if a breach happens and Apple don't fix it in a timely manner.

Jobs doesn't care about DRM, but (because he's sane) he doesn't want to lose the iTunes store either - here's his nightmare scenario:

• Apple licence fairplay to all who'll pay the fee
  
• Some no-mark MP3-player company pays the fee, gains the licence, but screws up and somehow the encryption codes are made public - a bit like the first crack of DVD's was because some no-mark company screwed up their encryption key
  
• Apple release a fix
  
• No-mark company doesn't release the fix for *their* client-base, maybe there's no firmware update...
  
• Apple lose all their iTunes songs from the "big 4".
  

Now Apple can try and pin liability on No-mark company, but at the end of the day, the iTunes store contract is between Apple and [insert record label], and if fairplay is compromised, [record-label] are fully entitled to pull their catalogue...

See it now ?

Simon

Re:+5 informative

[Heembo]

This is only true over time. When you first open and then license a new DRM, more eyes could mean more BREACHES...

Does licensng DRM lead to success?

[mveloso]

Again, this question isn't the right question. DRM is not interoperable. Using the word "interoperable" is deliberately confusing, because DRM by definition isn't interoperable. It's a method of restriction, not an operatable thing per se.

The operative word is "third party licensed."

Audible.com is licensed to multiple vendors. How have those vendors done? Besides the iPod, Audible.com's DRM is licensed to a number of other players. Has it been a major factor in anyone's purchase? Possibly, if they want to listen to audible.com content.

WMA/Plays for Sure is licensed to multiple vendors. How have those vendors done? The market has spoken.

Zune WMA isn't licensed. The market is in the process of working out how the Zune is doing, but the prognosis isn't good.

FairPlay isn't licensed. The iPod is doing great.

The iPod is reallly a good example of what's called a "Network Effect Monopoly." People buy iPods because it has the most accessories. The iPod has the most accessories because people buy iPods. Etc etc etc. eBay is the same: people sell on eBay because the buyers are there. The buyers are there because everyone sells on eBay. Ad infinitum.

Will licensing FairPlay change this? No. If Apple licenses FairPlay to hardware makers, it'll make the iTMS even more dominant. If Apple licenses FairPlay to other stores, it'll make the iPod even more dominant in hardware. If it licenses FairPlay to everyone, then Apple will sit on the dominant DRM system, period.

As I said before, there isn't one thing that makes the iPod successful. But of those things, DRM is definitely not one of them.

Re:It could just be poor implementation

[edschurr]

People are probably simplifying it too much. That is, it's a compound of reasons. It would be difficult to posit the actually balance. However, the quality of the implementation is at least possible to evaluate.

iPod is doing great, but Itunes not

[Anonymous Coward]

They've sold what 100 million or more iPods, and 2 billion iTunes.
So 20 tracks, or 2 albums per iPod, sold to people who are into music (because they bought an iPod!)

So for all the hype iTunes isn't a success, it's only looks successful because the other DRM heavy stores flopped so badly.

So I fully agree with your last comment. That DRM wasn't the reason iPod succeeded. I think iTunes isn't the reason it succeeded either, if it was they'd have sold much more music than 2 CDs worth, it's the cool small neat stylish iPod itself that succeeded.

Re:+5 informative

[DECS]

FairPlay = 2 Billion songs, 10 million movies

MS PFS DRM = 100,000 songs sold?

MS Zune DRM = 250 songs sold?

Leave it to ArsTechnica to suggest that number of exploits or number of licensees somehow relates to the complexity of managing DRM across multiple vendors.

Microsoft is also better suited to handle multiple vendors, as it already licenses OEM Windows, WinCE and various other products. Apple has only ever tried to license the Mac OS and Newton, license FireWire, and franchise iPods though HP, and license ad campaigns like Made for iPod. Apple isn't set up to license FairPlay, nor is it within its core competency.

A riddle of warfare between Apple and Microsoft: Steve Jobs and the iTunes DRM Threat to Microsoft [roughlydrafted.com] presents DRM as a shot across the bow of Microsoft's flagship, but suggests that, beyond DRM, "Apple is targeting another Microsoft mainstay with a missile that may cause far more damage than the iPod and iTunes together." 2007 - Apple Strikes Back [roughlydrafted.com] chronicles the recovery of Apple over the last decade, and Apple's Open Source Assault [roughlydrafted.com] hints at how Apple will engage Microsoft. What is Apple up to?

Re:fairplay vs. wm?

[gnasher719]

'' Why would people do that? The best target, surely, is the easiest one to crack (assuming price and availability are equal)? Because you don't have to crack for everyone, you just crack the content you want to release and then let everyone copy the released content. ''

You will find that the Fairplay cracks were published with the goal of allowing customers who _paid_ for their music use that music without the disadvantages of DRM, and _not_ in order to allow them to make illegal copies. Since there are many more people owning iTMS songs with Fairplay DRM, there is much more reason to crack Fairplay to "liberate" that music.

Since 90 percent of the music is sold without DRM anyway, cracking DRM in order to copy the content is not very productive.

DRM is 'logically' infeasible.

[hAckz0r]

To achieve this concept of the mystical DRM you need three things: 1) Encrypted playable data, 2) the magic key, 3) the algorithm for applying that key to the data and sending it to the computers hardware. The problem is that you have to give the user all three components in order for them to play the music or watch the movie, otherwise its unusable. The producer of the DRM has but one goal, to keep the owner from knowing or accessing one or more of these components while still being able to put the three together when and how needed.

Whats wrong with this picture? Logically, if you can put them together in order to play the media you can 'read' the unencrypted data, and if you can read it you can copy it. The "magic" in DRM is simply the "how" that they keep you from knowing how to put them all together. Its nothing but a secret designed to prevent you from accessing your own computers data while playing the media. Everything else is nothing but hype with smoke and mirrors. The only people that truly benefit from the distribution of DRM are the ones designing, producing, and selling it the DRM itself, not the media that it encodes. The Media boardroom executives at the major studios are just not smart enough to realize the hype that they are being fed by these DRM designer companies. Bottom line, you can't make a DRM that is unbreakable so it prevents nothing so far as the goal that it is being sold for. Its a sham and it needs to be recognized for what it is.

To the professional black-market vendors all the DRM smoke-and-mirrors is merely a speed bump because they just physically copy the whole disk/file bit by bit and bypass the need to even decode the data, it's the user needs to do that and their player will happily do that for them. Making the much sought after DRM-free Internet down loadable version of the file is a little harder, but then you only need one pissed-off geek to put it out there and the game is over. Just one. Thats something that the all the Board Room Exec's should all think about. How much has the price of what they produce gone up due to the DRM they have uselessly added to their product? How many fewer people have purchased their product due to the DRM making it more expensive and in many cases completely unusable? If there is one thing I know is that the bottom line in their check book is what matters, and they are being duped by the technology vendors just like the snake oil salesmen of years ago.

Re:fairplay vs. wm?

[mcrbids]

You will find that the Fairplay cracks were published with the goal of allowing customers who _paid_ for their music use that music without the disadvantages of DRM, and _not_ in order to allow them to make illegal copies.

The whole idea of a "goal" behind publishing or selling X or Y is just stupid. Sorry. How many gun manufacturers would there be today if they admitted publicly that ANY of their guns were manufactured to satisfy the needs of criminals? How many tobacco companies had the goal of killing their clientelle?

If it's published or sold, it's a tool. It's not necessarily a tool for any specific purpose - you can easily use a lock pick to clean your fingernails. It's the people who USE the tool who determine its "goal". And then, it's not the tool, it's the user who is to blame.

An example is copyright. A social tool with the "goal" of ensuring the rights of content creators to profit from their works at the expense of content consumers. But, since any tool is just a tool without any explicit goal, the CopyLeft license turns the "goal" of copyrights on its ear by making the content consumers also copyright holders.

So having a "goal" behind DRM crack distribution is just pointless.