Digital Rights Management (DRM): is it in its death throes?

In this opening salvo, I will reprise the technical terms and history of DRM and thereafter I will try to keep you abreast of the issues for computer users in general and free software in particular. Hopefully, I will in fact be chronicling the death throes of DRM.

"The Skibbereen Eagle has it's eye on the Czar". Thus did a small, obscure Irish newspaper in West Cork in 1857 advise the Czar of all the Russias about his China policy.

I like that. I like to think of the Czar, deliberating late into the night on high affairs of state only to receive the ominous news that the Editor of the Eagle was training a beady eye on his foreign policy. The chill of the Russian winter must have seemed positively warm by comparison.

I'm no Czar in waiting. I'm not even the editor of a latterday Eagle but I am an advocate of the technical advantages of Open Source and yes, its politics too, and in a series of occasional articles I shall pose as the the wily, ever-vigilant editor, monitoring the machinations of the contemporary Czars of digital technology. Yes Mr.Ballmer, Mr. Gates, that's you that is. The Eagle is watching.

DRM: a thumbnail guide

Let me start with some definitions. DRM stands for Digital Rights Management. As we will see it has more to do with digital restrictions management--and that is exactly what Richard Stallman has called it.

Perhaps they've got us all by the short and curlies

Microsoft's version was called Palladium and now runs under the name Next Generation Secure Computing Base (NGSCB). This has even involved computer manufacturers selling machines with the Trusted Module Chip installed. I am sorry to have to tell you that Dell is one of the culprits. Yes, that Dell, the same Dell that is selling laptops with GNU/Linux pre-installed! I wonder if these machines are using this chip, or is it confined to Windows users? If not, avoiding the iniquitous Microsoft Tax may be false comfort. Perhaps they've got us all by the short and curlies.

Basically, companies like Microsoft want to exercise an intrusive control over your computer and what you do with it, especially rich-media content like music and video in terms of copying to other machines you own or just sharing with family and friends. They aim to do this by trying to control both software and hardware. Now, I do not for a moment condone commercial piracy as it is essentially parasitic and has serious links to organized crime, but everyone should resent being labelled as a criminal, or potential criminal, for simply wanting to do what most people do in every other sphere of life.

when they call it trusted computing what they really mean is that they don't trust you

Unless you live in a dictatorship, the assumption should always be that you are innocent until proven guilty, but certain software and hardware companies have managed, by bullying tactic, underpinned by coffers and war chests bloated by the digital equivalent of danegeld, to invert that legal paradigm. So, when they call it trusted computing what they really mean is that they don't trust you.

In the annals of retailing, the mantra was always that "the customer is always right" (even when they were being obnoxious). Microsoft and others clearly don't subscribe to that philosophy. Maybe they don't hate you, but they just don't trust you. Trusted means they trust themselves to have configured your expensive computer and your expensive software so that you cannot do with them what you want. By now, you are beginning to understand that you bought the hardware and software but you don't really own it - if by ownership we mean the right to do with it what you want.

That's bad, but it gets worse

Even if you don't run music and or video content on your computer, you may well find your machine hobbled by features of DRM which will be constantly polling your hardware to police your activities. One of the effect of that will be to diminish machine performance. Ross Anderson wrote a very detailed analysis of the political. economic and technical implications of DRM. If you like having the bejasus scared out you, this is definitely one you should read as a key text. Ross understands the issues perfectly. You really need to read it twice to grasp the enormity of it all. It's rather like what Heisenberg said about Quantum Mechanics: if you aren't shocked by it, you just haven't understood it.

You might say, serves Windows users right for their apathy and ignorance if they are prepared to tolerate being treated like tethered financial milch cows. You don't even need to be a free software evangelist to see that licence lockouts, documents deleted/blocked because the software that created them is pirated and blocked too will have serious consequences for inter-operability in heterogeneous systems and reading archived data using both Windows and GNU/Linux.

Be afraid. Be very afraid

Here is just a flavour of how DRM can cripple your system: prevents copying for backup purposes, forces you to purchase duplicate hardware in order to play "protected" media thus increasing your costs (and cluttering the electronic eco-system with unuseable junk), files saved on specific hardware and software years ago may now be unreadable because of DRM restrictions and even setting up a home media server system may be fraught with difficulties. If you are playing DRM media on an MP3 player, portable video device or just on your humble laptop, battery life can be affected too. If you exist digitally on a tight budget, DRM is bad news too: it ramps up the costs of computing. The detail is too big to catalogue here but if you have a strong stomach you can read Peter Gutman's analysis of the true cost and effects of DRM. Be afraid, very afraid. This might make the adoption of Microsoft's OOXML standard look like a minor distraction by comparison. As for embedded DRM in industrial, mission-critical systems, let's not even think about that one.

Microsoft's motives may have more to do with killing off the anti-virus industry with claims of "trusted computing", tieing in users to their software which will only run on certain hardware platforms and trying to promote rented software. The possibilities are endless--and hardware manufacturers know that hardware without software is junk; they know that unless they start writing their own or use free software, producers of proprietary software like Microsoft and Apple have them over a barrel. Some of the FUD surrounding DRM makes the FUD Microsoft put out about GNU/Linux sound almost benevolent.

They never learn: Canute, canal owners, Gemstar and DVD Jon

Although things look bleak, history has some lessons for us and they give cause for hope. Canute thought he could command the tide to go back, or at least he was trying to show his sycophantic courtiers the vanity of their conceit. Guess who drowned? Fast forward to the Industrial Revolution in England and enjoy the spectacle of the canal owners (the superhighway of the day) trying to persuade the British Parliament to pass a law banning the new-fangled railways. Guess who won?

Like Generals who are always preparing to fight the last war, the media industry is always behind the curve

Like Generals who are always preparing to fight the last war, the media industry is always behind the curve and trying to impose an outdated business model on the world. Finally, in our time, Gemstar's video recording system was a clever algorithm which could only remain secure provided it was not used. Once the genie was out of the bottle, the simple codes were freely available in newspapers and VCR owners only needed to key in a series of digits to record a programme.

In an attempt to prevent commercial piracy of DVD content, manufacturers build in encryption to bar copying--but like all the previous examples it was not long before it too was broken. Several people worked on reverse engineering the DeCSS software but the person best remembered for this was "DVD Jon", who also went on, amongst other things, to reverse engineer FairPlay, hack iTunes DRM and launch doubleTwist.


Many end users, both Windows and GNU/Linux, hate DRM, for both technical and political reasons. Hackers too hate it and have consistently broken and defeated its security measures. It seems that this is having some effect at last. The purveyors of DRM are now beginning finally to realise that there is simply no such thing as one hundred per cent security, and that unless you don't actually release the software containing the security feature(s), it will always been out in the wild and fair game for hacking. It may be that the DRM edifice is crumbling at last. This may be motivated by a recognition that it is a futile exercise trying to keep ahead of the hackers or simply a realisation that there is perhaps actually more money to be made from freeing their software from the encumbrances of DRM. Either way it is good news and that will be the subject matter of a future article.


Verbatim copying and distribution of this entire article are permitted worldwide, without royalty, in any medium, provided this notice is preserved.