Wednesday, February 07, 2007

Steve Job's mixed DRM message

Steve JobsSteve Jobs has told the music industry to let Apple sell unencumbered MP3 music files through iTunes (via Open Rights Group). Unfortunately he comes to this sensible conclusion via some nonsensical reasoning:

"To prevent illegal copies, DRM systems must allow only authorized devices to play the protected music. If a copy of a DRM protected song is posted on the Internet, it should not be able to play on a downloader’s computer or portable music device. To achieve this, a DRM system employs secrets. There is no theory of protecting content other than keeping secrets. In other words, even if one uses the most sophisticated cryptographic locks to protect the actual music, one must still 'hide' the keys which unlock the music on the user’s computer or portable music player. No one has ever implemented a DRM system that does not depend on such secrets for its operation.

"The problem, of course, is that there are many smart people in the world, some with a lot of time on their hands, who love to discover such secrets and publish a way for everyone to get free (and stolen) music. They are often successful in doing just that, so any company trying to protect content using a DRM must frequently update it with new and harder to discover secrets. It is a cat-and-mouse game. Apple’s DRM system is called FairPlay. While we have had a few breaches in FairPlay, we have been able to successfully repair them through updating the iTunes store software, the iTunes jukebox software and software in the iPods themselves. So far we have met our commitments to the music companies to protect their music, and we have given users the most liberal usage rights available in the industry for legally downloaded music."

Jobs is quite wrong to say that licensing FairPlay would make it useless. If it's at all sensibly designed (and I don't think Apple are entirely incompetent) FairPlay will not contain global secrets that compromise the entire system (in the way that the DVD player keys compromise CSS, even apart from the weakness of the cipher). If it did, like CSS, they would be very hard to hide in amongst the millions of iPods and iTunes installations out on the interwebs. (This is just the application of Kerckhoff's principle to DRM rather than cryptosystems.)

And, as "DVD Jon" Johansen observes: Microsoft have licensed their own DRM system to dozens of companies, but it has not been broken any more often than FairPlay.

No comments: