"Ye cannae change the laws of physics!"

Scotty the Engineer was always my favorite character in the original "Star Trek". Sure, Captain Kirk was the hero, he was at the heart of all the action, and got to romance all the green-skinned women, but if he wanted that amazing ship to actually do anything he had to ask Scotty. He had to ask him nicely.

If you think about it, Scotty had all the real power in that show. If he told Kirk the dilithium crystals were drained, there was never any real argument, the captain would cry like a whining child, but in the end he had to face reality and wait for Scotty to fix it.

I always thought Scotty should have said "no" to the Captain more often, especially when Kirk would ask for something completely outrageous and, more often than not, violating the laws of physics. But engineers don't like saying no to management, and poor Scotty would end up having to make the magic happen week after week, until even as a child I began to suspect that his skills had more to do with the scriptwriters than his deep understanding of the laws of the universe. Still, he did end up with a reputation as a miracle worker, which can't be so bad.

Trying to make Digital Rights Management (DRM) work in the real world is like asking engineers to do "Star Trek" style magic, rather than real engineering. DRM simply cannot work. For less technical readers who might be wondering what I'm going on about, DRM is the attempt to control copying on a digital file, or sometimes even to add a restriction on what how many times such a file can be copied. It's usually applied to online music or movies, but it's never sold to the consumer for what it actually is, an added restriction on what can be done with something they've paid for. DRM is always explained as the "wonderful new technology that will help protect your medical records from thieves". The truth is, it can't even do that.

DRM is often spoken about in conjunction with encryption, which actually is a massively useful technology that can protect your medical records from thieves. DRM uses encryption, but encryption isn't the same thing as DRM. Encryption is based on secrets, usually known only to two communicating parties. People snooping encrypted traffic end up with what appears to be random noise, only the people who have the secret key can make sense of it. Decades of real scientific research goes into creating sophisticated encryption algorithms and methods such as public-key cryptography, on which almost all Internet commerce is based, which allows a secret key to be derived from publicly available information. But the point of all encryption is that the key is a secret. It has to be a secret, as it's the basis of the privacy between the two parties.

Now let's consider DRM. DRM is applied to digital data by one party, usually the vendor of a music or movie, and encrypts the data to be protected using an encryption algorithm and a key. The other party in the transaction, the consumer of the music or movie, is then given the encrypted data, knowledge of what algorithm is used to encrypt the data, and a copy of the encryption key used to encrypt the data. All of these things must be supplied to the consumer in order for them to be able to use the data, without them there's no way the consumer can listen to or watch the data they've just bought. Yet DRM is supposed to be able to restrict what the customer can do with the data. How can this be done given the fundamental reality of the situation described above? The magic of dilithium crystals?

Sure, there's gobs and gobs of extra software in the process which is usually run at the consumer end of the deal, trying to obfuscate and hide the fact that the consumer possesses all the information needed to decrypt the file they've just been given. They have to have been given this, else they can't listen to the song or watch the movie. Claiming that this process can ever be made secure from the people you've just given all this information to is like believing you can create a secure bank vault by drawing chalk lines on the pavement, piling the money inside and asking customers to "respect these boundaries". The media industries are trying to sell what they consider to be valuable data without any means of prohibiting access to it. This is not a businesses model that is ever going to work.

The recent case of the release of the hidden encryption keys for high-definition format DVD's is the perfect illustration of this fantasy engineering approach to the realities of the Internet age. This new "super-secure" DRM system has now been broken twice. Ironically the breaking of the DRM might be the push that causes the popular adoption of these new HD-DVD formats. Data formats that can't easily be copied to other devices tend to end up being unpopular, as the physical devices that store digital media are subject to wear and tear. One curious child with sharp fingernails could accidentally ruin an entire HD-DVD movie collection. The only DRM systems that don't end up ultimately being broken are the ones that don't have any content published in them that people want to watch. It really doesn't matter how clever the layers of software being added to the system are, it only takes one smart person with a debugger, or logic analyzer, to dig through them and discover the underlying truth that any version of DRM just doesn't have any secrets.

Engineers know that DRM doesn't work, that it can't possibly work. Yet just like Scotty when Captain Kirk calls from the bridge asking for the impossible they can't seem to help producing ever more complicated versions of the same broken system. Companies keep trying to create and sell DRM systems to the content industry. Having lots of money thrown at them to do this probably helps, just like Scotty liked to be thought of as a miracle worker.

In a recent talk at Google, Cory Doctorow. the Electronic Freedom activist, science fiction author, and creator of the popular geek news aggregation site http://boingboing.net said that engineers should simply refuse to create DRM systems for customers. A request for a DRM system is a sign that the customer is in denial, and isn't dealing rationally with reality. They still believe in the businesses model of the "Underpants Gnomes" from the "South Park" TV show.

Step 1: Create a DRM system.
Step 2: ???
Step 3: Profit!

Unfortunately he also pointed out that the US government also seems to be living in this fantasy world, and to a lesser extent the UK government too. One of the most misguided things going on in the world at the moment is the attempt by the US government to force other countries to adopt what they call US-style "Intellectual Property Rights". The underlying economic theory for this appears to be that the US and UK can lose their industrial manufacturing base, outsourcing it to India or China, and still maintain their primary positions in the world by controlling the information used to design the products manufactured by this cheap labor, or by selling digital content to the newly affluent consumers in these countries. This comes down to a bet that in the future digital bits will be easier to control, and become harder to copy. In the age of the Internet this is a bet against reality, as the whole history of digital computing is that bits always become easier to copy, and harder to control.

Believing in a DRM business model is like joining Star Fleet security, putting on your red shirt, and volunteering to beam down to the new unexplored planet with Kirk, Spock and McCoy. Someone will be coming back from that mission, it's just not likely to be the security guard. Always a true engineer, Scotty had the good sense to stay safely on board the ship.

Jeremy Allison

Samba Team.
San Jose, California.
29th May 2007



Comments

re Ye Cannae change the laws of physics

How true, beam me up Scotty, I have as much chance of that happening as DRM working!

Clive

Re: re Ye Cannae change the laws of physics

How true, beam me up Scotty, I have as much chance of that happening as DRM working!

Clive

Actually, the above statement is completely incorrect. You have a much greater chance of that happening than DRM working.

Have you never heard of quantum physics? Scientists have already been able to beam around subatomic particles, it is just a matter of time before they can beam human beings. Teleporting does not violate the laws of physics.

On the other hand, DRM will never work.

DRM may have government

DRM may have government support in the US and the UK, but it is a very hard sell politically anywhere else. In Canada, where I live, toadying to the US on matters like this is pure political poison. For instance, not long after the Mulrony Progressive Conservative government gave in to the US on drug patents, it went down to one of the most amazing political defeats in Cdn. political history.

On the other hand, most American music and movies are so bad that they ought to be made more difficult to obtain and use! Perhaps we should view the extra cost of DRM protected "entertainment" as a sort of mind garbage tax. (I'm such a contrarian that I must contradict myself.)

What absolute rubbish !

Of course you can make a fool-proof DRM system. The only snag is that you have to start with "trusted" _hardware_. Palladium anyone?

What really get to me is to see idiots like the author of the above crowing how "DRM can't work", who then don't seem to realise that they make the case for making "trusted" hardware *mandatory*.

Have you forgotten how strong the lobby of the audio/video industry is? Have you forgotten how narrowly we escaped having Palladium made "standard"?. Have you forgotten that those DRM-happy corporations have a very big legal point? Would you really like to risk the future of Open Source operating systems for the pleasure of ripping of a few goofy songs?

It can still happen! How? By entrenching MS Windows as the only platform on which DRM works ... because it's the only platform that's in the "trusted computing" chain? It only takes one law passed by the House to make something like Palladium *madatory* and we're out of the game.

Much as I like the Open Source development model, I really feel that we would be a *lot* of without all those idiots that you find crowing various pieces of nonsense on-line. And yes, that includes the author of this moronic piece of drivel. Can you do us all a big big favour and shut the &^*^* up?

Palladium DRM can be broken.

The author is one of the main developers of Samba, which reverse engineers the Windows fileserver and doubles it's speed, so the author is not exactly an idiot. However, speaking of idiots, you are certainly free to speak for yourself.

Let me try to explain things in a way that is simple enough for you to understand. Any DRM including palladium that requires secrecy to prevent DRM being bypassed, can be broken, and it only needs to be broken by one person to be broken for everyone. The simple fact is that whatever Windows does to allow DRMed content to be played can be done by any other application or OS. There are no "magic dilithium crystals" in Windows or palladium that cannot be done in other applications or OSes to achieve the same effect. Windows DRM, relies on secrecy (don't forget the reason why Microsoft type DRM cannot be implemented legally in open source applications is because it is based entirely on secrecy) , but keeping methods and keys which have to be accessible to software developers and hardware manufacturers secret for ever is impossible.

If you think that Windows DRM running on a Windows platform cannot be broken or bypassed by reverse engineering, the proof is in Samba, WINE, NTFS and FAT file formats for Linux/Unix/BSD and the hundreds of thousands of worms, viruses, malware, and major security infesting Windows.

Three words for you.

Dual-ported memory :-).

Have a nice day enforcing your trusted computing platform !

:-).

Jeremy.

Poster did a really great job hiding his intentions.

He or she must have been cloaked in DRM.

The poster above is making the case that if Big Business and politicians get together just one more time and push a little bit more to write Palladium into law, they are likely to suceed. Then all their worries with open source will disappear. That is such a price, to recapture the good old days before those pesky open sourcers begun unifying. And needing to believe DRM will work makes it easy to follow along with the poster's logic and write off all the people like yourself [Jeremy] who are saying the concept is unworkable. It should be clear what interests that poster represents.

How much might it be worth to Microsoft to attempt to get control over everyone's information [talk about REAL black-mailing]? Of course, knowing it is Microsoft, they will probably be cracked in one day, after which time, the cracker will know all that juicy information too. Can you imagine sensitive military secrets entrusted to that system?

Jose

It's just a different kind of engineer we'll need then.

Didn't you have to insert a chip in your PlayStation (before they had numbers) to use homemade discs?

Even hardware will be cracked if there is a will to do so.

bypassing drm

I first encountered drm when i purchased my first iTunes song. I was surpirsed that iTunes allowed the song to be "copied" to a CD in standard audio-cd format. Of course, this format is DRM free, and so once copied the song can now be re-copid any number of times, and in any format. Essentially the "copy to cd" option in iTunes could be re-labelled to "remove drm".

It struck me as so idiotic that they had gone to all that trouble to protect the data via drm, and then provided a simple drm bypass mechanism, within their own software.

I ended up only buying about four songs from iTunes and have bought none since and do not intend to ever do so. One reason being the sound quality is so poor. Second reason is that when I lost all the songs accidentally by reformatting my hard disk (forgetting the songs were not backed up), Apple provided no means to re download the songs without shelling out the money again.

"Remove DRM" ?

The song you bought from iTunes is far from full CD-quality, and the bits lost in compressing it won't come back when you burn it on CD.

That's why real music lovers don't bother with iTunes.

- They buy CDs so that they can enjoy full quality music on their genuinely good loudspeakers.

But give me an online music store where I can buy CD-quality music, and you'll get my money :)

allofmp3.com

You didn't hear it from me ...

Musician Profit

Musicians should expect to make money from the music they produce. I like to think of paying for it in parallel with giving a tip to a waiter at a restaurant. If I like the service (music) I tip generously, if I don't like it, I tip less. Tipping in restaurants is a proven honor system that lets the customer decide what the service is worth. Sure, there are some people that eat and run without leaving the tip and there always will be. But personally, I don't have a problem spending the $1 for a song I really like. I wish more of it could go directly to the musician instead of the money grubbing music middleman.

Tipping doesnt put food on your waiter's table at night

I'm sorry to be frank here, but this is a naive viewpoint shared by far too many on the internet. I worked as a waiter for many years before getting a proper job, and I can tell you right now that waiters don't live off tips, they live off salaries. Insisting that music artists live off "tips" as you put it is a fine way to drive them all out of business.

If you download a piece of music that you dont like and refuse to pay, the artist gets nothing, and has no way to get that money at all. If you go to a restaurant, eat a meal and afterwards refuse to pay because you didn't like it, then you're stealing and the restaurant would be perfectly in their rights to call the police or make you wash up for a few hours. Your system works based on the honesty of the tipper, which is a lovely thought, but it just doesn't work in the real world. Imagine this scenario: "I was just fired this week, so I can't afford this song. But I want it so badly!" Faced with a situation like this, what percentage of the public do you honestly think would pay? And can you honestly swear upon the life of a loved one that you've "tipped" for every good song you've ever downloaded, and every good meal you've ever eaten?

It was a good restaurant I worked at, and my record for tips was £91 in one day (a record that still stands, as far as I know). But this was extreme - the normal result was £5-£15 a day. Compare that to a wage of £5 an hour, working between 6 and 9 hours per shift, and you'll quickly see that your tips system is not going to pay my bills. My wages will.

These days I work as a film special effects artist. I happen to agree with Jeremy that DRM is an awful solution to an awkward problem, and I'd rather the world didn't need it at all just like you do. But the thought of others getting my months and years of hard work for free through the likes of bittorrent whilst I lose my job because not enough people "tip" is frankly equally unbearable to me. I just wish that more people could see the DRM debate through the artist's eyes for a change. Alas a larger number are rather more interested in "all you can eat - for free".

artists should change business or get real

When I buy a painting I take it home. While I'm at home I can take a knife and cut the painting to pieces, or I can just put it on the wall and look at it whenever I like. When I'm done looking at the picture I can give it away, right? Why can't I do the same with music? How come no painter is putting any DRM on his pictures? The only way artists can make a living out of their work is to make good art that I will be ready to pay for...

sorry but if you're not good enough you die....

We have a right to be paid for our work. Real enough for you? :)

> The only way artists can make a living out of their work is to make good art that I will be ready to pay for...

Oh definitely, I'm not arguing with you about this. If I do a bad job making a film and no one sees it as I result, then I can (and probably will) lose my job, and I deserve nothing less. My question to you is why would anyone *want* to pay for any art at all, regardless of whether it's good or not, when they can get it illegally for free anyway? Expecting people to pay for free art out of the kindness of their hearts is unfortunately not going to work, the world's far too pragmatic for that.

Don't get me wrong, I think DRM is a terrible solution to the problem. As you correctly pointed out, it denies you rights that should be yours. Equally, as an artist, the current technical climate denies me mine: the right to be paid for my hard work.

DRM is an awful system, and the second we find something better that lets consumers like you get my work easily and cheaply with all your rights intact (as it rightly should be over the internet) whilst still letting me put dinner on the table every day, then I'll be right beside you claiming DRM should die. Unfortunately, I'm still waiting for this magical "better system" to turn up :)

Long live the queen.

>> I just wish that more people could see the DRM debate through the artist's eyes for a change. Alas a larger number are rather more interested in "all you can eat - for free".

You are kidding, right? The only one with power under a Palladium system (the one day before it gets cracked) is Bill Gates. After you have surrendered to him, it is game over for you. We know how generous absolute dictators are, right?. Oh, wait, Bill's tax haven gives money to drug companies he owns on the side, I forgot. Poor generous Bill, how I defile his name. I should be hitting the gallows maybe two minutes after he seizes power? [On day two, Bill and 3 crackers will rule. After that, Bill, crackers, and 1/3 of the mafia will have to share in a triumverate. Except for me (I'll be swinging under a rope), everyone should have fun watching the power struggle that will ensue... for about a week. After that, everyone will know everything about everyone else.]

>> Tipping doesnt put food on your waiter's table at night. I'm sorry to be frank here, but this is a naive viewpoint shared by far too many on the internet. I worked as a waiter for many years before getting a proper job, and I can tell you right now that waiters don't live off tips, they live off salaries.

Bill Gates Jr jr jr jr, is that you? I can spot your brand of lies anywhere. Waiters make or break based on their tips. You'll earn what 2, 3, 4 dollars per hour "salary?" The real money comes on big nights when you take home a hundred bucks or more. $3.15 puts food on the table ..out underneath the starlit sky. Tips put a roof over your head (useful for when it rains and mosquitos are out snacking).

>> It was a good restaurant I worked at, and my record for tips was £91 in one day (a record that still stands, as far as I know). But this was extreme - the normal result was £5-£15 a day. Compare that to a wage of £5 an hour, working between 6 and 9 hours per shift, and you'll quickly see that your tips system is not going to pay my bills. My wages will.

Ah. That explains it. I am refering to life in the States, in particular around where I live. Over here, 10-15% per customer is expected (where tips are expected or required). Maybe you aren't Jr^4, but I think the other poster was refering to a situation closer to what I described. Personally, I hate tipping. I'd much rather the price be jacked up. If the service is that bad, I won't return, but I hate having people walking around me on pins and needles, hoping they won't disappoint me so I'll tip them. In fact, I'm a buffet/self-serve kind of diner.

>> If you download a piece of music that you dont like and refuse to pay, the artist gets nothing, and has no way to get that money at all.

Alright. Everyone wants to do something once and get paid for life, but that just isn't realistic under some settings. DRM is an attempt to take the grease out of the wheels of commerce so that a few can get paid for life for something they did once in an environment that doesn't support that (digital distribution). There are plenty of ways for artists to earn money as-they-go, like most people. And in the current environment, most artists don't even get a shot. Being second best might mean a nice song, but why give that person a chance when you can get the best to crank out 2 tunes (or 50)? The end result is that a few artists live like kings and the rest.. wait on tables.

>> But the thought of others getting my months and years of hard work for free through the likes of bittorrent whilst I lose my job because not enough people "tip" is frankly equally unbearable to me.

You can get paid. Perform. There are many opportunities to perform. You can even become a celebrity without charging a penny for your work.. then go and milk the well-earned celebrity status.

Today, your work may not even match the combined efforts of several amateurs working together. Look what FLOSS collaboration from people *working for free* has produced: superior quality and opportunities for many doing paid work they love, and this despite the fact we are still stuck in an MS world. Opportunities are only growing. Collaboration with few bounds and based on meritocracies is simply a better model (you have to win over the troops and work, not once but daily, to keep them working for you).

Sorry but times change. Monarchies had a good run, but ...oh, wait. You are British, aren't you?

>> I'm sorry to be frank here

Don't. I don't apologize for being Jose.

Like a window...

I am firmly against DRM but reading this article made me think of how people really look at the DRM issue differently than real life. This article could be easily refactored into a tirade against the stupid companies who fill boxes with valuable merchandise (think vending machine) and then protect it with just a sheet of glass that any one with the right tools could break (aka hammer).
Just thought it was an interesting analogy.

Physical goods are not a good analogy

Unless you're imaging a company whose business model is shipping their
vending machines into your home.

Jeremy.

pedantic nitpicking

Actually, there was a Next Generation episode where Scotty revealed that the secret to being a "miracle worker" is to lie about what you're actually capable of. So I think Scotty was telling Kirk "No" about as often as you would've like him to ;)

The only people who care about DRM are the theifs amoung us

Yes thats right, just like Jeremy makes a living from "reverse-engineering' whish is a polite way of saying software theif.

And yes, DRM was created for one purpose, that is to stop theft of music and content. The ONLY people that DRM effects are those who want to steal or get something for nothing.

Yes artists, musisions, programmers (real programmers), writers or whatever have a right and vital requirement to be paid for their services.
NO its not your right to be able to steal it, regardless if its software, or a picture or a song, that is (just bits in a file).

As a programmer and musician I know how many hours and years it takes to develop those skills.

A musician may create a song that is 3 minutes long, but it may have taken them 20 years of learning and development to get to that stage.

And because its recorded in digital format, you believe you have a right to steal it, then you have the hide to whine about DRM which if it was not for you theifs would not even exist in the first place.

DRM - you have yourself to blame.

Reverse-engineering - means "I dont have the skill to develop this technology myself so ill make a living from looking over the sholder of the "smart guy" in class.
(in school thats called cheating !!, in life its called theft).

Back to top