Posted by: reformedmusings | September 9, 2008

The tragic comedy of Digital Rights Management

Trust no one. That was Fox Mulder’s motto on the X-Files. It also seems to be the motto of some software, music, and video producers. They incorporate all kinds of what they call Digital Rights Management (or more appropriately Digital Restrictions Management) or DRM into their products. While they have some legitimate concerns, the cure is worse than the disease.

Sony perpetrated perhaps one of the most egregious violations of their customers’ trust and property when they used a rootkit to protect some music CDs that they sold. Rootkits are the holy grail of malware, bypassing almost all security, living on and using an unsuspecting user’s computer and virtually incapable of detection through normal means. Once Sony deposited their rootkit on your computer (and without your knowledge), another hacker could exploit Sony’s malware to control your computer, steal your sensitive data, and turn your computer into a spam bot. The rootkit also communicated back to Sony’s servers without the user’s knowledge or consent. All because you legally purchased a Sony music CD and made the mistake of playing it on your computer. Sony eventually relented and provided a tool for removing the malware (the “fix,” BTW, caused serious crashes and opened up its own security holes), but by then others had already published detection and fixes for it. Sony eventually abandoned this DRM approach, or so they say…

One of the greatest tragedies of the Sony episode was that PC security companies like Symantec and McAfee were very slow to respond. Why? Sony is a big company with lots of resources. Few of the folks who pledged fealty to protect you wanted to challenge the Sony giant to do so. Only F-Secure of Finland (highly recommended by me) and SystemInternals (since taken over by Microsoft) here in the US dared raise the alarm. It was Mark Russinovich of SystemInternals who originally (and accidentally) found Sony’s rootkit and produced the first detection mechanism for it. Microsoft lives for DRM, so even they didn’t object to this compromise of their operating system’s security. This episode showed the user community who their real friends were. If you are relying on Symantec or McAfee to defend you against big money interests, you are seriously deluded, my friend. And if you can’t trust them when it really counts, when can you trust them? They are like having an army to protect you until you are actually attacked, at which time they flee the field of battle.

The good news is that outraged victims sued Sony in a class action. Sony settled that suit out of court, although the actual financial impact to Sony was minimal.

So did Sony abandon DRM? Not hardly. A subsidiary of Sony, SecuROM, produces a new and more sophisticated approach which they swear isn’t a rootkit. Many users disagree with that assessment. I am particularly amused with this statement on their website:

Please be assured that this service is installed only for security and convenience purposes.

Now ask yourself, whose security and convenience? Certainly not the customers’.

The latest row over DRM concerns a new game from Electronic Arts: Spore. It uses the SecuROM DRM to limit the number of time it can be installed. Originally SecuROM protection had to call home every 10 days to continue working, but EA backed off of that approach after a serious uproar. So again, system-level software that you don’t want or need is installed on your hardware, compromising your mission-critical system. One irony is that, just as with all DRM schemes, Spore’s DRM was cracked before the final version of the game even hit the shelves. So as usual, only legit users suffered from the DRM, not the pirates.

The backlash on Amazon and other forums has been incredible. At this writing, there are 1585 user reviews on Spore, of which 1476 are bottom-of-the-barrel 1-star ratings which all cite the DRM in one way or another. Here’s a screenshot, just in case Amazon purges these reviews:

Spore reviews on Amazon

Spore reviews on Amazon

It’s so bad that Amazon UK deleted all its 1-star ratings, removing critical information for potential victims. Again, hackers have already cracked the protection so legitimate users are the only ones suffering from this DRM. This outcome was predictable after 2K’s fiasco with Bioshock. Tom’s Games has a great video on the failure of that SecuROM DRM along with adverse customer impacts here. The SecuROM turned out not to work correctly, producing even worse restrictions on users plus system problems. Hardware, especially CD/DVD writers, became inaccessible to their owners. Extensive workarounds were published on the Atari forums. And again, cracks are readily available to disable the SecuROM DRM, so only legitimate users suffer. So Sony didn’t give up on DRM, they are taking it to a new level of failure. Maybe another class-action lawsuit would be in order for those who lost hardware accessibility.

Please note that I haven’t begun to touch on music and video DRM, including Vista’s draconian system that compromises your hardware to placate music and video publishers. One could write a book on that ongoing fiasco.

Now, I’m not condoning piracy. Not by any stretch. But DRM does not and never has prevented piracy. They routinely crack whatever comes their way. That’s the dirty secret of DRM. During my last trip to an unnamed Asian country, I saw vendors selling DVDs for yet-to-be-released first-line movies. Do you think that they were inhibited by any DRM scheme? To pirates, DRM is like soft butter in the way of a hot knife.

Even the most draconian DRM schemes are quickly cracked and so only affect legitimate users. If there’s a DRM system that hasn’t been cracked within days of its release, I haven’t heard of it. Even legitimate users resort to the cracks so that they can make legal “fair use” backup copies or transfer them to another medium (e.g., rip a CD to an mp3 player). The highly-touted ACCS on HD DVD and Blu-Ray DVDs was cracked within days, and subsequent codes compromised even more quickly. Finding the code for a particular movie simply involves searching Yahoo! or Google for it. Music CDs and mp3 files are trivial to strip. Even the protection on major operating system distributions and office suites is readily defeated. It’s a never-ending game in which only legitimate users lose. That would be you, eh?

I personally believe, along with many others, that the revenue-loss claims by RIAA, MPAA, and software producers like Microsoft are outlandish and unsupportable. All their claims include unprovable assumptions. When cracks appear almost instantly, it mocks their investments in user-inconveniencing DRM systems. In desperation, they take to suing children (and here). Like I always say, if you can’t innovate, litigate.

When an online music store shutters its doors, users are left hanging. The most recent example is Microsoft MSM’s Music store closing and discontinuing its support for its DRM keys. All its former customers are now left out in the cold. They will have to crack the DRM on their songs to protect their investments. The vast majority will just be out the hard-earned money they spent. Or, they can just come over to Linux…

Don’t hide behind your Apple. Apple has one of the largest DRM distributions in the world through its iPod music and videos and iPhone software. There’s nothing open about Apple and hasn’t been since the introduction of the Mac. No help there.

And the punchline? First, don’t buy anything with DRM. Vote with your wallet. It may mean that you miss out on buying something that you might like, but hey, you’ll live. I haven’t bought anything with protection at all in the last two years since I left Windows, and nothing other than Microsoft Windows and Office for decades before that. Feeding the monkeys only encourages them.

Second, DRM is non-existent in Linux. Again, I don’t by anything with DRM even to use under Linux. I refuse to feed the monkeys. Even so, all the DRM schemes of which I’m aware (and that’s a lot) don’t do anything (Windows system services, rootkits, etc.) under Linux. There are free Linux programs to play and/or rip virtually anything available irrespective of any DRM present, including most HD DVDs and Blu-Ray DVDs, for fair use purposes. Under Linux, users actually get the digital content for which they paid. No one can tell them what they can or cannot do on the hardware for which they paid. Linux is truly free, and freedom tastes of reality.



  1. […] And some folks wonder why I don’t publish more in digital form. The tragic comedy of Digital Rights Management « Reformed Musings __________________ Chris Coldwell Lakewood Presbyterian Church (PCA), Member • Naphtali Press: […]

  2. […] victims take another hit I wrote earlier about the Tragic comedy of Digital Rights Management. Well, it just became funnier in a tragic way. In addition to Yahoo! and MSM shutting down their […]

  3. […] wait, there’s more. Don’t forget Microsoft’s  Digital Rights Management, which prevents you from playing CDs or DVDs for which you’ve paid, and allows media industry […]

  4. […] course, Ubuntu still blows Windows 7 out of the water. Windows 7 is loaded with DRM which limits what you can do with the media and hardware for which you paid hard-earned money. It […]

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: