Is Interoperable DRM Really Less Secure?

Crouch and hold writes "Are closed DRM schemes like FairPlay more secure than interoperable ones? Based on the number of cracks, it doesn't look like it. 'When it comes to DRM, what history actually teaches us is that one approach is no more secure than the other in practice, as they relate to the keeping of secrets. Windows Media DRM has had fewer security breaches than Apple's FairPlay, yet WM DRM is licensed out the wazoo: there are more than a dozen companies with WM DRM licenses.'"

+5 informative

[macadamia_harold]

Windows Media DRM has had fewer security breaches than Apple's FairPlay, yet WM DRM is licensed out the wazoo

I had no idea that the MS licensing department was actually an orifice.

Re:

[thedarknite]

and here was me thinking that their licensing was forced into orifices.

Re:

[rampant mac]

Wait until you see which orifice they come knocking on when they want more money.

I'm gonna make you squeal like a pig. Weeeeeeee!

Re:

[drinkypoo]

I had no idea that the MS licensing department was actually an orifice.

Every department at MS is an orifice. What's more, they're all the same orifice. If somehow truth-in-advertising were enforced, just like Courtney Love's band, they would have to be named Hole. Or at least, something like that.

Re:+5 informative

[Mr2001]

It's not a question of licensees choosing WM DRM because they trust it more than FairPlay - Apple doesn't license FairPlay at all, so Windows Media is the only choice for a third party.

Re:+5 informative

[networkBoy]

True enough, but I've always looked at it as such:
Closed DRM == one set of eyes for the "good" guys (arguably the bad guys in this case but whatever) == pwned by the freedom fighters.
licensed DRM == several sets of eyes, eyes with different corporate mentalities, eyes with different outlooks, thus sorta like OSS == less breaches.

-nB

Re:

[Heembo]

This is only true over time. When you first open and then license a new DRM, more eyes could mean more BREACHES...

Re:

[DrSkwid]

Encryption is only any good if it can withstand it's algorithm being revealed.
Anything else and it's eventually screwed.

Re:

[mpe]

Encryption is only any good if it can withstand it's algorithm being revealed.

Which is one reason proprietary encryption tends to be not very good.
However actual security depends on a complete system. A good algorithm implimented badly can be worst than a poor one implimented well. There's also the problem that security is only as good as that of the weakest component.
Usually when you use encryption you trust the recipient with the plaintext. Whereas with DRM this just dosn't hold. Instead you rely on a c

Re:

[julesh]

Closed DRM == one set of eyes for the "good" guys (arguably the bad guys in this case but whatever) == pwned by the freedom fighters.
licensed DRM == several sets of eyes, eyes with different corporate mentalities, eyes with different outlooks, thus sorta like OSS == less breaches.

I don't think this works for DRM. DRM is a deeply flawed concept -- in the long run, it can't work. Sooner or later, there will be a breach that's irreparable. Many eyes can't prevent this because it's a fundamental problem with

Re:

[TheSunborn]

DRM is a flawed concept because you have to give the key to decrypt the stuff to people you don't trust(Your customers)

DRM is currently trying to hide the fact that each customer have the key, by hiding it deep down some complicated software, but hiding the key, don't solve the problem, that anyone really looking for it, will find it. (And once a single user have found it, it(Or the content it decript) can be shared with anyone).

Re:+5 informative

[Eustace Tilley]

You have been answered twice already, but I cannot resist telling you again.

Cryptography is used so that a message from A can be read by B but not by C. With DRM, B and C are the same person.

The message from A (the publisher) must be readable by B (the consumer) but not by C (the consumer).

I hope you understand now why DRM is a concept flawed in its fundament.

DRM would be useful. So would a perpetual motion machine. It is wishful thinking to believe that the sheer utility of a function means it is capable of being produced.

Re:

[Eustace Tilley]

Do these questions mean that you do not agree that DRM is fundamentally flawed? Do you believe "the average Joe won't attempt to decrypt a message" is an adequate defense?

Re:

[CastrTroy]

iTunes isn't really as popular as they would have you believe. As of January 2007, they've sold over 2 billion songs [wikipedia.org]. Britney spears on the other hand has probably sold 100 million songs just as a single artist. However sales of CDS including CDRs,Audio, and other formats are around 30 billion annually [wikipedia.org]. Now, i'm not sure how much of that is accounted for by Audio CDs, but even if it's 1/10 of the sales, and there's 10 tracks on a CD, then you got about 30 billion songs sold per year.

Re:

[mpe]

Why is DRM a flawed concept? Why can't it work in the long run? Why would any breach be irreparable? What is the fundamental problem with the concept?

Because at some point you need to turn "sound" into something a human ear can hear. And "video" into something a human eye can see.
It is close to impossible to do this in a way no machine can record. Even if someone needs to build custom microphones and cameras which closely match the characteristics of human sense organs.

People are already working on open

Re:+5 informative

[DECS]

FairPlay = 2 Billion songs, 10 million movies

MS PFS DRM = 100,000 songs sold?

MS Zune DRM = 250 songs sold?

Leave it to ArsTechnica to suggest that number of exploits or number of licensees somehow relates to the complexity of managing DRM across multiple vendors.

Microsoft is also better suited to handle multiple vendors, as it already licenses OEM Windows, WinCE and various other products. Apple has only ever tried to license the Mac OS and Newton, license FireWire, and franchise iPods though HP, and license ad campaigns like Made for iPod. Apple isn't set up to license FairPlay, nor is it within its core competency.

A riddle of warfare between Apple and Microsoft: Steve Jobs and the iTunes DRM Threat to Microsoft [roughlydrafted.com] presents DRM as a shot across the bow of Microsoft's flagship, but suggests that, beyond DRM, "Apple is targeting another Microsoft mainstay with a missile that may cause far more damage than the iPod and iTunes together." 2007 - Apple Strikes Back [roughlydrafted.com] chronicles the recovery of Apple over the last decade, and Apple's Open Source Assault [roughlydrafted.com] hints at how Apple will engage Microsoft. What is Apple up to?

Re:

[SeattleGameboy]

You are not comparing apples to apples.

While FairPlay only deals with download purchases, WMDRM not only handles purchased downnloads, but subscription downloads as well.

And while it is true that the number of "purchases" by iTunes dwarfs that of any other music services, if you count the number of subscription downloads, the numbers are much much closer.

Not to mention than subscription DRM is much harder problem than the straight purchase download DRM.

There is only one reason Apple is not licensing FairPla

Re:+5 informative

[DECS]

Sure throw in subscriptions. 25,000 subscribers = 1 DRM key each. You don't get to count individual songs, because once they stop paying they lose them all.

Surely you realize that Microsoft's PFS and Zune are not making money because of ultra low revenues? That's why all the stores are tanking, and none of them brag about how many subscribers they have or songs they are selling.

Subscription/Rental DRM is harder to manage; it makes the player a less attractive product. And it's far more onerous.

Apple had eaten up market share long before the iTunes Store opened. Most iPod users aren't even using the iTS to a great extent - 25 songs on average is not holding people to the iPod. Outside regions with a store, there are plenty of people still buying iPods.

fairplay vs. wm?

[applegoddess]

Doesn't mean anything when you consider the market share of Apple vs. all of the Microsoft-licensed stores combined. Clearly people will be cracking the more-popular DRM, and that happens to be Apple's FairPlay.

funny

[ArbitraryConstant]

Funny how Apple supporters dismiss this reason when it's applied to Windows security, but when it supports Job's reasons for keeping FairPlay closed it's accepted.

Re:funny

[applegoddess]

Never said anything to the contrary, in fact I agreed with you: http://slashdot.org/comments.pl?sid=221484&cid=179 44918 [slashdot.org]

It could just be poor implementation

[Infonaut]

Funny how Apple supporters dismiss this reason when it's applied to Windows security, but when it supports Job's reasons for keeping FairPlay closed it's accepted.

You're right to point out the contradiction. However, another way of interpreting it is just that FairPlay is simply not as well-iplemented as Windows Media DRM. That would be an interpretation consistent with the view that Windows gets cracked not just because of its market dominance, but also because of its flaws in implementation. Maybe Apple simply isn't as good at DRM as Microsoft, which isn't necessarily such a bad thing.

Re:

[edschurr]

People are probably simplifying it too much. That is, it's a compound of reasons. It would be difficult to posit the actually balance. However, the quality of the implementation is at least possible to evaluate.

Microsoft ? Good ? In the same sentece ?

[DrYak]

Maybe Apple simply isn't as good at DRM as Microsoft,

You're implying that Microsoft is good and anything else appart leveraging a monopoly ?
In light of a long past of being able to suck in anything they managed to make ?
With a long history of making the most easily cracked OS and whose product are the most targeted on, even when Vista is still in Beta and has a lower market share than Linux, or when IIS couldn't ever dream about reaching Apache's widespread ?

You must be kidding.

Re:

[suv4x4]

Funny how Apple supporters dismiss this reason when it's applied to Windows security, but when it supports Job's reasons for keeping FairPlay closed it's accepted.

You've seen nothing yet. They're prepping a Chewbacca defense post as well.

Re:

[PapayaSF]

Doesn't mean anything when you consider the market share of Apple vs. all of the Microsoft-licensed stores combined. Clearly people will be cracking the more-popular DRM, and that happens to be Apple's FairPlay.

Indeed, and let's also note that a sample size of 2 is rather small to support the conclusion that licensing a DRM system doesn't make it less secure. From a purely statistical standpoint, isn't it obvious that the more people who know about a secret, the less likely it is to stay a secret? You can

Re:

[prockcore]

I don't think those scenarios are likely, but I tend to believe Jobs when he says he doesn't want to take the extra risk.

I find it ironic that Apple refuses to license fairplay out of fears of piracy.

Re:

[king-manic]

Indeed, and let's also note that a sample size of 2 is rather small to support the conclusion that licensing a DRM system doesn't make it less secure. From a purely statistical standpoint, isn't it obvious that the more people who know about a secret, the less likely it is to stay a secret? You can't license a DRM system without telling more people exactly how it works.

And to get conspiratorial for a moment, what if a competitor of Apple's decided to sabotage iTunes by releasing its secrets? That would be easier if there were licensees to target for espionage. Or what if the major labels set up an iTunes competitor, licensed FairPlay, then "accidentally" leaked the secret? They could then pull their music from iTunes, leaving themselves as the only legal source for the music.

I don't think those scenarios are likely, but I tend to believe Jobs when he says he doesn't want to take the extra risk.

Security by obscurity hasn't worked that well through out history. for instance germany didn't fair so hot in WWII with their enigma encryption. When releasing any type of encryption you must assume yoru enemies will be aware of the method and to ensure the method is hard to crack despite this. DVD encryption made the assuption they wouldn't and it was cracked easily. With this in mind if Jobs had wanted a strong DRM I think they would have done a better job. They only made "good enough" drm. The whole sub

Re:

[mpe]

Security by obscurity hasn't worked that well through out history. for instance germany didn't fair so hot in WWII with their enigma encryption. When releasing any type of encryption you must assume yoru enemies will be aware of the method and to ensure the method is hard to crack despite this. DVD encryption made the assuption they wouldn't and it was cracked easily.

There is also another problem. Enigma (and Lorenz) only had to protect information for a period of time measured in hours or days. Even if c

Re:

[Cheapy]

Does that apply to viruses and Operating systems too?

Re:

[gnasher719]

'' Does that apply to viruses and Operating systems too? ''

There is a huge difference. An operating system is supposed to be uncrackable. Many eyes looking for improvements will find cracks and fix them, many eyes looking for cracks will find cracks and exploit them. Openness both helps and hinders.

DRM systems are crackable. What keeps people from cracking them is that the cracks are kept secret. There is no point looking for improvements, because the locations of the cracks are known (to a few people). Mor

Re:fairplay vs. wm?

[suv4x4]

Doesn't mean anything when you consider the market share of Apple vs. all of the Microsoft-licensed stores combined. Clearly people will be cracking the more-popular DRM, and that happens to be Apple's FairPlay.

You know, I once started thinking a lot and realized nothing ever means anything. It's all just a bunch of people arguing over unprovable hypotheses in a one-up-man-ship style and eventually spinning whatever facts they have in their disposal to reach a goal determined in advance before any analysis was done.

Wow. I'm boring.

Re:

[dwater]

Marvin, is that you?

Re:

[aussie_a]

Exactly. But that doesn't refute the claim that they're as (in)secure as each other.

Re:

[julesh]

Doesn't mean anything when you consider the market share of Apple vs. all of the Microsoft-licensed stores combined. Clearly people will be cracking the more-popular DRM, and that happens to be Apple's FairPlay.

Why would people do that? The best target, surely, is the easiest one to crack (assuming price and availability are equal)? Because you don't have to crack for everyone, you just crack the content you want to release and then let everyone copy the released content.

Re:

[gnasher719]

'' Why would people do that? The best target, surely, is the easiest one to crack (assuming price and availability are equal)? Because you don't have to crack for everyone, you just crack the content you want to release and then let everyone copy the released content. ''

You will find that the Fairplay cracks were published with the goal of allowing customers who _paid_ for their music use that music without the disadvantages of DRM, and _not_ in order to allow them to make illegal copies. Since there are ma

Re:

[mcrbids]

You will find that the Fairplay cracks were published with the goal of allowing customers who _paid_ for their music use that music without the disadvantages of DRM, and _not_ in order to allow them to make illegal copies.

The whole idea of a "goal" behind publishing or selling X or Y is just stupid. Sorry. How many gun manufacturers would there be today if they admitted publicly that ANY of their guns were manufactured to satisfy the needs of criminals? How many tobacco companies had the goal of killing the

Re:

[Anonymous McCartneyf]

Actually, MS never had its own store for the original Plays4sure. It just licensed the format to other people.
The price to license Plays4Sure to a WMA/MP3 player: $0.10 a player.
The price to make Plays4sure WMAs, for sale or rent: one Windows OS. Making Plays4Sure WMAs is built into 2003 Server, and Windows Media Player can make Plays4Sure WMAs as well.
MS's specialty is, of course, Windows OSes. Their MediaPlayer is almost as critical to, and central to, their OS as Explorer is. When Europe made MS s

Hang on, you can't have it both ways...

[spoco2]

Windows Media DRM has had fewer security breaches than Apple's FairPlay, yet WM DRM is licensed out the wazoo: there are more than a dozen companies with WM DRM licenses.

Hang on... so in this case, where it's a Microsoft product that's fairing better you apparently can being into play the 'well, it's not used on nearly as many devices as the Apple version' shtick. Yet when OSX fares better than Windows in virus threats you aren't allowed to use the exact same and just as legitimate argument that Windows is installed on VASTLY more machines than OSX, and as such is a MUCH greater target for compromise?

How does that work?

Re:

[rolfwind]

Not defending Apple's DRM, but give it a break. Apple/Linux have decent internet marketshare compared to Windows on the internet - where are the actual security breaches?

The summary states both PlaysForSure and Apple's DRM has breach, not just the one or the other.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[drsmithy]

Not defending Apple's DRM, but give it a break. Apple/Linux have decent internet marketshare compared to Windows on the internet [...]

_Conservatively_, Windows would have 8x - 9x the "internet marketshare" of OS X or Linux.

Re:

[applegoddess]

It doesn't, and it's a preposterous argument. Jon Johansen argues that in the context of Steve Jobs' little blurb about DRM, it's not a valid argument that popularity matters, but everywhere else it does matter, and it's plain stupidity when you consider anything not in the context of the number of users.

Re:

[julesh]

Hang on... so in this case, where it's a Microsoft product that's fairing better you apparently can being into play the 'well, it's not used on nearly as many devices as the Apple version' shtick

Hmmm...? Last figures I saw suggest fairplay only had 54% market share (it's on the register, sometime in '06, I think). That's hardly absolute dominance. OK, so it's 5 times as much as the nearest competitor, but those competitors ALL use WMA.

Re:

[mgblst]

Why is this such a logical problem for people, you can have it both ways.

Apple can have the more secure DRM, but it is attacked more, so there are more breaches.(whatever that means)

And Apple can have a more secure OS.

These two things have nothing to do with each other. I don't think that this is a complicated subject, but many people here seem confused. If you only judge these two things on how many breaches they have, then yes, that is a problem. But if you judge the value of the OS, or the DRM on how eas

Insecurity vs policy

[Space cowboy]

I'm not suggesting this is official Apple policy, but just because something has been cracked more times than any other doesn't actually imply much. If Apple deliberately set the bar low, then they fulfill their obligation and allow the counter-culture to flourish as much as the "official" party line. Hmmm, who would that benefit ?

I know some very smart engineers at Microsoft, and I know some very smart engineers at Apple. Devising a hard-to-break DRM system wouldn't be beyond any of them, and iTunes really doesn't go to too much effort. I'll let you draw your own conclusions :-)

Simon.

Re:Insecurity vs policy

[kfg]

If Apple deliberately set the bar low, then they fulfill their obligation and allow the counter-culture to flourish as much as the "official" party line.

Bingo!

Apple is doing the minimum necessary in order to be allowed to sell content. Microsoft is trying to do the maximum possible in order to sell the security system to the content owners.

Their markets are entirely different, so their products are entirely different.

KFG

Re:

[Ahnteis]

Which means that Jobs' argument against licensing the DRM is bogus -- which is the whole point of the article. (Yes, I know we aren't supposed to actually read them. Sorry.)

Re:

[Eustace Tilley]

Too bad you didn't read the article.

Jobs' argument against licensing is:

"Apple cannot license FairPlay to others, says Mr Jobs, because it would depend on them to produce security fixes promptly."

Insecurity of the DRM technique is a side issue. Whether or not the technique is robust, the requirement that any flaws be patched throughout the FairPlay world in two weeks precludes is a powerful argument against licensing.

Re:

[Blakey Rat]

Remember the gem about how Mac OS gets fewer viruses because fewer computers run it? That applies too. How many music tracks has Apple sold with Fairplay compared with music tracks with Microsoft's DRM? Tons more.

Red Herring

[soft_guy]

Not licensing Fair Play has nothing to do with making it more secure. It has to do with being able to roll out fixes to counter security breaches in a timely manner.

Re:Red Herring -- binary, not source...

[anon mouse-cow-aard]

Article is way off the mark because it does not take into account the different corporate goals... MS is not "open" because it is licensing it's DRM, it is simply fulfilling the extend and extinguish and platform hegemony objectives...

MS is licensing an entire platform, so having their DRM on every possible platform is already a goal. They only need to license binaries for the platforms they support already (Windows, mobile, etc...)

Apple if they want to license to non-Apple platforms has two un-palatable

Re:

[julesh]

Have you actually read his essay? It makes perfect sense, if you ask me. Perhaps they've found some holes tricky to fix, yes. But they still need to be able to respond quickly to a hole that the record companies demand they fix quickly (that this hasn't happened over previous holes doesn't mean it won't happen in future).

Anyway, QTFairUse isn't a DRM crack, it's a player crack. Player cracks are almost impossible to prevent (not that DRM cracks are much harder...) without OS support. I bet Apple releas

Fewer security breaches?

[Incoherent07]

It only takes one. Last I checked the FairUse4WM hole still hasn't been fixed.

Re:

[solitu]

Time you checked again. It doesn't work anymore.

Re:

[Don_dumb]

Only if you update. I am not using WM11, I have no need.

Re:

[julesh]

Which is a classic example of Jobs' point -- there are plenty of vendors out there still selling WM10 (and WM9) content, so there's no necessity to update to the latest version of the DRM, despite the fact that a fix for the flaw has been released.

If you were using an iPod with FairPlay, however, you wouldn't have a lot of choice -- your only source of content would be iTMS, which would have forced you to upgrade by only offering content in the latest version.

Who has the best BAD IDEA?

[IBitOBear]

It's like that thing were people propose a truly horrific law because they know they will be "forced to settle" for a merely terrible law.

No Digital Restriction Management is good. NONE of it.

I am not anti-encryption.
I am not anti-artist.

But any scheme that involves someone "selling" or "giving" me something so provisionally that they can then just take it back is simply a BAD IDEA.

The next step down this road is the one where some Bad Actor gets to send people threatening letters and blackmail that is "unprintable", "read only once", "no screen shot", "read only for 1 minute", watermarked to prevent your camera from taking a picture of the screen. Leaving you, in turn, with no proof for a complaint and then leaving the police with no clues while they are pondering over your corpse.

Eh, so what, at least some music executive is *sure* to get to split the full 99-cents that he ripped off the consumer for, in the name of an artist who got a bill for overages in production.

Oh, wait... which kind of Illegal Prior Restraint (commonly misspelled DRM) was good again?

It is _NEVER_ helpful to repeat the artificially biased question as if it represents something worth answering.

The question, as stated, presumes facts not in evidence, namely that the DRM that is harder to break is in any possible way "Better".

What a silly question

[shaitand]

Since there are no effective DRM schemes out it seems silly to evaluate which are 'more secure'. What do you do; count the ways available to bypass the DRM? There are easy cookie cutter utilities to crack them all.

Re:

[dido]

Right on. The DRM problem on a general-purpose computer is, from a security standpoint, completely [schneier.com] impossible [schneier.com]. If I have absolute control over my entire computer, and this is still possible today because systems like TCPA haven't been forced down everyone's throats, then any attempt by anyone to restrict what bits I can and cannot copy is doomed to failure. And once I have done it, I can publish my break to the world if I so desire. These people might as well go on rolling a huge boulder up a hill, only t

Re:

[DrSkwid]

You mean something where the manufacturer has total control over the hardware such as the Xbox and Xbox 360 ?

cracked and cracked

Re:

[mpe]

You mean something where the manufacturer has total control over the hardware such as the Xbox and Xbox 360 ?

Even if someone were to build a video player which was entirely self contained (only connector being an IEC to supply power) which could not be examined in any way it still wouldn't stop people being able to pirate content played on it.
Were anyone to build such a device it would probably be more useful for screening EM radiation...

Re:

[donaldm]

From the Article "I've left out all manner of obvious circumvention techniques such as burning to CD or recording an audio stream, since those are not true cracks". Well it may not be a true crack in the Authors eyes but it still effectively gets around any DRM because if you can see or hear something then that something can easily be copied to a distributable media that is effectively DRM free. This is very simple to do although it may be slightly inconvenient and you will most likely loose some quality de

Re:What a silly question

[ajs318]

The only way DRM can work is if every consumer is forced to have a special DRM chip in their head and it would be interesting or horrifying to see if the consumer would accept this blindly or fight against it.

Under Thatcher, nobody would ever have stood for such a thing. There would have been rioting in the streets, people burning effigies, punk rock benefit gigs and all sorts. People who had the brain chips fitted would be on the receiving end of flying bricks crudely scratched with "SCAB". We'd be out marching with placards, chanting "Maggie Thatcher's GOT one, [name of major Brain Chip proponent] IS one". Decrepit coaches would be brought out of retirement to ferry Flying Pickets around, and enterprising kids would be hard at it poking holes in old oil drums to make braziers to flog to the striking workers.

Under Blair, there would just be a bit of polite tutting and moaning, followed by total passive acceptance. The Working Classes (who mostly think they aren't working class anymore just because [1] they have mobile phones and DVD players and [2] a whole new social class has grown up beneath Working) would even be saying things like "Well, it's probably a good thing. I mean, I've been looking for ages for a reason to cut down the amount of media I copy, or even give it up altogether; so I mean, this chip-in-the brain thing is a good idea really."

Talk about licking your arse and calling it chocolate .....

Security through obscurity never works, however...

[strider44]

DRM can only be secure through secrets and confusion so it's pretty necessary.

Re:Security through obscurity never works, however

[QuantumG]

Or, ya know, hardware. Which can be made tamperproof by suicide mechanisms.

Re:

[Tharkban]

and won't be bought by me.

I'm going to go out on a limb and say enough people will object to autodestructing chips that hardware manufacturers will not produce them.

Re:

[QuantumG]

They suicide when you try to open them.. I didn't think I'd have to explain that.

Hang on, get your terms right

[Senjutsu]

The interoperability that Jobs said was less secure, the interoperability that Norway wants, isn't offered by Microsoft's WMV either. Norway is demanding that Apple allow fairplay encrypted files to be converted into files DRM'd under Microsoft's PlaysForSure(OrNot) DRM model or anyone else's, not that they start licensing FairPlay.

Because WMV sucks

[kerouacsgp]

"Windows Media DRM has had fewer security breaches than Apple's FairPlay, yet WM DRM is licensed out the wazoo: there are more than a dozen companies with WM DRM licenses"

Hmmmm.... could it because no one really cares about downloading wmv files? The point is that if the product sucks, no one will bother even to break into it.

Re:

[Zontar_Thing_From_Ve]

"Windows Media DRM has had fewer security breaches than Apple's FairPlay, yet WM DRM is licensed out the wazoo: there are more than a dozen companies with WM DRM licenses"

Hmmmm.... could it because no one really cares about downloading wmv files? The point is that if the product sucks, no one will bother even to break into it.

Windows Media has certainly been hacked, but the hacks involve getting a legal license first and then removing the DRM. One of the alt groups on Usenet late in 2006 posted the WMV

Security through Obscurity

[flaming error]

Does Swiss Cheese have more holes when its package is opened or when it is closed?

Re:

[Mike1024]

Does Swiss Cheese have more holes when its package is opened or when it is closed?

Well, some obvious examples of licensed DRM schemes being cracked are DVD, Blu-Ray and HD-DVD.

It is my understanding that all three were cracked due to poorly implemented software players; for example DeCSS used code reverse-engineered from Xing, and HD-DVD was cracked by trying the entire contents of memory as the volume key, until the volume key was found.

Seems to me 'crap coding in third party players' has caused several DR

Does it really matter?

[gd23ka]

DRM is in of itself not secure because it will get cracked wide open each and every time
somebody comes up with a scheme. Take the digital broadcast / subscriber card hacker arms
race. They are already light years ahead of whatever Apple or Microsoft are cranking out
and they will be well prepared if "trusted computing hardware" comes out.

These people have phisticated lab equipment and are capable of cutting the chips wide open,
manipulating chip fuses, patching rom masks etc. They will extract Disney's latest

To Be Fair...

[Hobbex]

What Jobs seemed to be claiming wasn't that having fewer implementations would make it harder to crack (he admitted that it can always be cracked), but rather that it made it easier and faster to release new versions when the old ones had been cracked.

Re:

[R3d M3rcury]

...and, from his article, this is important because if Apple does not fix such problems in a "few weeks time", the record companies can pull their content.

So, if the record companies feel Apple should license FairPlay, they should be willing to adjust this timetable.

Jobs' statements seem contradictory

[nobodyman]

Jobs' statements seem to boil down to this:

"We want music without DRM. But we can't license FairPlay, 'cus hackers would... remove the DRM. The DRM we claim we dont really want. Yeah."

Yeah I'm being trite, but I still find think it's a contridiction to campaign for DRM-free music while claiming that you're worried about your DRM being compromised.

My hunch is that Fairplay is less about iPod lock-in and more like Zune lock-out. iTunes is your classic loss-leader* as it really only exists to add value

You missed a bit

[Space cowboy]

Quite an important bit, actually.

Apple had to sign over the right for the record-labels to pull their entire catalogue from the iTunes store, if a breach happens and Apple don't fix it in a timely manner.

Jobs doesn't care about DRM, but (because he's sane) he doesn't want to lose the iTunes store either - here's his nightmare scenario:

• Apple licence fairplay to all who'll pay the fee
  
• Some no-mark MP3-player company pays the fee, gains the licence, but screws up and somehow the encryption codes are made public - a bit like the first crack of DVD's was because some no-mark company screwed up their encryption key
  
• Apple release a fix
  
• No-mark company doesn't release the fix for *their* client-base, maybe there's no firmware update...
  
• Apple lose all their iTunes songs from the "big 4".
  

Now Apple can try and pin liability on No-mark company, but at the end of the day, the iTunes store contract is between Apple and [insert record label], and if fairplay is compromised, [record-label] are fully entitled to pull their catalogue...

See it now ?

Simon

Re:

[Budenny]

See it now?

Not really. First, they would be careful who they licensed in such a case - bonds posted and so on.

Second, if you imagine the size of this in the real world, the record companies might have the right to withdraw the catalogue, but that would increasingly seem self defeating. All that would happen is, Apple would have to fix it going forward. Maybe by withdrawing the license? Maybe by firmware updates for everyone else. Don't start arguing there are no technical solutions, there will be.

Whate

Re:

[dangitman]

Not really. First, they would be careful who they licensed in such a case - bonds posted and so on.

If they were too careful, they would probably be targets of anti-trust litigation. Apple has already been targeted by European countries over their DRM. What if some country threatened legal action if they didn't license their DRM to everybody, or if they were deemed to charge too high a price for it?

Why should it even be Apple's business to get into some licensing mess if they don't want to? Your comment shows just how problematic licensing can be. Why waste time with all that crap, when you could focus

Re:

[julesh]

Jobs' statements seem to boil down to this:

        "We want music without DRM. But we can't license FairPlay, 'cus hackers would... remove the DRM. The DRM we claim we dont really want. Yeah."

Did you actually read what he said? What he said was more like, "if we license FairPlay, when hackers work out how to strip the DRM we won't be able to release a new version to stop them quickly enough, and the record companies will shut down iTMS."

Re:

[prockcore]

Did you actually read what he said? What he said was more like, "if we license FairPlay, when hackers work out how to strip the DRM we won't be able to release a new version to stop them quickly enough, and the record companies will shut down iTMS."

It wouldn't shut down, the major labels would pull their music and iTMS would have the same music that eMusic currently has.

If Jobs hates DRM so much, and if iTMS really does "just barely break even" as mac users like to claim, then why not just drop the major la

Re:

[julesh]

If Jobs hates DRM so much, and if iTMS really does "just barely break even" as mac users like to claim, then why not just drop the major labels and go with eMusic's indie-only model?

Because they'd lose the market share that less them sell 5 times as many downloads as their nearest competitor, and drives the sale of iPods, which is where they make their real profit. Besides, they made $452 million in the last quarter due to iTMS. iPod sales (of which they'd lose about half if they stopped selling popular m

Re:

[Lars T.]

Did you actually read what he said? What he said was more like, "if we license FairPlay, when hackers work out how to strip the DRM we won't be able to release a new version to stop them quickly enough, and the record companies will shut down iTMS."

It wouldn't shut down, the major labels would pull their music and iTMS would have the same music that eMusic currently has.

If Jobs hates DRM so much, and if iTMS really does "just barely break even" as mac users like to claim, then why not just drop the major labels and go with eMusic's indie-only model?

I don't see the motivation of keeping the major label's music on the store.

Gee, maybe because he sees the iTS as a service to iPod customers and not as a means towards world domination? Nah, that can't be it.

Not to mention that there is pretty little point in doing exactly what eMusic does - not to mention that you would then complain that they were ripping of eMusic.

Digital Data = Copyable

[domukun367]

It seems to me, when looking at the big picture, that digital data is being distributed to customers. Digital data is exactly copyable, due to its nature.

Now this digital data is encrypted, however if it can be decrypted (i.e. played!) then the encryption can be broken. It might prove to be difficult, but it will be broken.

There are two possible ways that the big content distributors can go:

(1) Get rid of DRM and change your marketing and pricing model so that it is convenient and cheap enough for most cons

Does licensng DRM lead to success?

[mveloso]

Again, this question isn't the right question. DRM is not interoperable. Using the word "interoperable" is deliberately confusing, because DRM by definition isn't interoperable. It's a method of restriction, not an operatable thing per se.

The operative word is "third party licensed."

Audible.com is licensed to multiple vendors. How have those vendors done? Besides the iPod, Audible.com's DRM is licensed to a number of other players. Has it been a major factor in anyone's purchase? Possibly, if they want to listen to audible.com content.

WMA/Plays for Sure is licensed to multiple vendors. How have those vendors done? The market has spoken.

Zune WMA isn't licensed. The market is in the process of working out how the Zune is doing, but the prognosis isn't good.

FairPlay isn't licensed. The iPod is doing great.

The iPod is reallly a good example of what's called a "Network Effect Monopoly." People buy iPods because it has the most accessories. The iPod has the most accessories because people buy iPods. Etc etc etc. eBay is the same: people sell on eBay because the buyers are there. The buyers are there because everyone sells on eBay. Ad infinitum.

Will licensing FairPlay change this? No. If Apple licenses FairPlay to hardware makers, it'll make the iTMS even more dominant. If Apple licenses FairPlay to other stores, it'll make the iPod even more dominant in hardware. If it licenses FairPlay to everyone, then Apple will sit on the dominant DRM system, period.

As I said before, there isn't one thing that makes the iPod successful. But of those things, DRM is definitely not one of them.

Re:

[melikamp]

Great post. I was laughing at "interoperable" too.

No user base for WMA cracks

[iamacat]

Why would DVD Jon or anyone want to develop a crack that only benefits a minority of users and applies to audio format that is non-standard even after decryption. iTunes is the most popular download service and Apple has geek appeal. Its no surprise that there are more cracks.

Re:

[julesh]

Why would DVD Jon or anyone want to develop a crack that only benefits a minority of users and applies to audio format that is non-standard even after decryption.

Because:

(a) hardware players that support WMA are cheaper than those that support AAC. If all you care about is yourself, and you don't have an iPod, why would you pick FairPlay?
(b) if you want to release stuff, rather than just crack it for your own use, why does it matter what format it comes from... you'll want to transcode to MP3 (which is the

Neither are secure.

[Jessta]

Closed DRM schemes like FairPlay are not more secure than interoperable ones. Generally because both aren't secure.
They both attempt to accomplish something that is impossible.

Security requires communication between two or more trusted parties, if any of the parties are not secure then the communication isn't secure. With all DRM schemes there is only one trusted party, the content producer. The other party being the consumer who can't be trusted.
Without 'Trusted Computing'(trusted by the content producer n

No, no no!...

[karot]

...Don't encourage them by implying that DRM can be licensed and is a legitimate option.

DRM is bad bad bad, and is broken whether licensed or not. Don't use it, that's the answer :)

uh.. DRM is EVER secure?

[Lord Bitman]

You can't get less than "no security"..

a question

[PopeRatzo]

from TFA:

'When it comes to DRM, what history actually teaches us is that one approach is nomore secure than the other in practice, as they relate to the keeping of secrets.

I'm confused, isn't DRM about protecting a copyright instead of "the keeping of secrets"? What is TFA trying to say here?

DRM is 'logically' infeasible.

[hAckz0r]

To achieve this concept of the mystical DRM you need three things: 1) Encrypted playable data, 2) the magic key, 3) the algorithm for applying that key to the data and sending it to the computers hardware. The problem is that you have to give the user all three components in order for them to play the music or watch the movie, otherwise its unusable. The producer of the DRM has but one goal, to keep the owner from knowing or accessing one or more of these components while still being able to put the three

Security Through Obscurity

[thedbp]

Ahem. This is going to feel mighty good.

The only reason that PlaysForSure isn't cracked all the time is because no one really uses it on a large scale. Since Apple dominates the DRM music field, and most DRM'd music sold is from Apple and includes FairPlay, then of course people are going to attack FairPlay more than PlaysForSure. If it were the other way around, PlaysForSure would be just as insecure as FairPlay.

I don't really believe that, of course - but it was nice to turn the whole security through obscurity argument around for once so Windows fanboys could see how freaking STUPID it is.

Closed, non-interoperable DRM isn't a DRM

[webrunner]

It has nothing to do with rights, it's just a pissing match between companies to lock each other out.

It's CMM - Corporate Monopoly Management.

The ones pushing proprietary DRMs probably could actually care less about piracy.

I'm Tired of the DRM Articles

[Luscious868]

DRM is a huge pain in the ass for consumers and digital distribution of media that uses it is never likely to take off in the same fashion as it's physical medium counterparts unless it's easy to use and not very restrictive like Apple's FairPlay. Part of what makes FairPlay acceptable to me is the ability to burn purchased content to a CD that I can then take with me and listen to in any CD player that I wish. If FairPlay didn't have this ability I wouldn't use it. Likewise I'll never buy a "digital download" version of a movie or TV show unless I have the ability to burn that movie or show to a DVD. IMHO anything with DRM that doesn't let you burn to some kind of physical media that can then be played back on other devices (players, portables or other PC's) is essentially a rental and isn't worth it. I think most consumers agree which is why I'm tired of these DRM articles. A huge factor in any media format leap is convenience. Does anyone here really think that either CD's or DVD's would have taken off as they did if they didn't involve huge leaps in convenience for consumers? Quality played a part sure, but I'd argue it was the convenience of CD's and DVD's that really caused them to take off. Being able to leap back and forward between tracks instantly and not having to flip back and forth between sides was a huge factor in moving from tapes to CD's. Likewise the ability to skip back and forth easily through movies (and not having to rewind tapes to watch them) was a huge factor in the move from VHS tapes to DVD's. Not to mention never having to worry about a bad tape or VHS player destroying your music or movie. A poster on Slashdot said something a while back that I completely agree with. Everyone is looking at HD-DVD and Blue-Ray, freaking out about the DRM, and wondering which will be the next big thing in video and I think they are off the mark. All that HD-DVD and Blue-Ray offer over their DVD counterparts is more space and HD content. Newsflash, most consumers don't have an HD TV and won't anytime soon. Even when there's an HD TV in every home, HD TV's are expensive and most homes have more than one TV anyway so most consumers would then probably have one HD set in the living room and regular TV's elsewhere. I think some kind of hybrid DVR / Apple iTV kind type of box with a price point of around $200 bucks would be poised to be the next big thing in video. Consumers want a leap in convenience more than they want a leap in quality because at this point the leap in quality requires a large investment in expensive new hardware to pay real dividends. Why pay thousands of dollars for one brand new large HD TV in the living room and a bunch of HD-DVD's and/or Blue Ray discs (when you probably already own the content on DVD) who's improvements in quality can only be seen on that one expensive large TV in the house when you can spend between $600 and $700 dollars and have set top box hooked up to each TV in the house that lets you record, share with the other boxes and play back content recoded by the DVR and/or download, share with the other boxes and playback movies and TV shows that you've downloaded from the Internet. IMHO that latter option makes a lot more sense than shelling out all that money for a new HD TV set and bunch of content in HD that I've already paid for just to get better picture quality. My point is that convenience sells. DRM that isn't convenient won't sell and DRM that is convenient will. The box that I spoke of above could be DRM'd to the hill as long as I could share the content with the other boxes, have a backup system or the ability to re-download content that I paid for if I lost it and as long as it had a simple interface and "just worked" it would be a hit much like the iPod / iTMS combination. The RIAA and MPAA are to stupid to get it that and I have no doubt they'll DRM consumers to death and turn them off to digital distribution completely if they are left to their own devices. All they have to do is look at Napster. Napster didn't offer higher quality. Napster offered the con

Secure?

[Dachannien]

Why are we using the word "secure" to indicate whether a DRM scheme has been cracked or not? A cracked DRM scheme has no negative security implications for the user, but calling it "insecure" makes it sound to Joe Sixpack like it's dangerous, when in fact, a cracked DRM scheme is a good thing.

Also, a DRM scheme being a little bit cracked is like being a little bit pregnant. Either it's cracked or not. CSS, for instance, is cracked (weaknesses in the scheme allow keys to be recovered through brute force).

Not a question of interoperability vs. security

[RetiredMidn]

Whether a DRM scheme (or any other software implementation) for that matter is more or less secure because of interoperability is in the margins; security is a question of implementation, not licensing. (Some have made the point that open schemes are subject to more scrutiny and more likely to identify flaws early; perhaps so, but I still argue that the difference is probably marginal.)

The point Jobs raised in his essay is that it's harder to propagate fixes to software that is broadly licensed across many vendors, which in turn means that vulnerabilities remain in the field longer. He also asserts that this could threaten the agreement between Apple and music companies, although you might want to add salt to that to suit your tastes.

There is no such thing as open interoperable DRM

[elgaard]

All DRM systems are closed.
And their only purpose is to hinder interoperability.

DRM systems are closed towards content creators and distributors.
DRM media are closed towards users.

I do not care if iPod and Zune Restrictions systems are "interoperable"
because there will be no interoperability with my Linux computer.