Wednesday, February 7, 2007

DRM - A sneaky threat

DRM, officially known as Digital Rights Management and also known as Digital Restrictions Management is a technology that is already here, inside many pieces of hardware (yes, possibly in YOUR hardware too). This article intends to provide you with some information concerning the the problem of DRM while keeping things as simple as possible.

But what is DRM without all this "technical mambo-jumbo"? DRM was designed as an attempt to control piracy. It is an encryption system and as such, it is based on "authorization". Basically you can play media files encrypted with DRM only if you have the "key" to allow the media player to use it. Unfortunately the way DRM was designed and implemented has several flaws, flaws that often violate user freedoms.

DRM is actually not a new concept, in the past some unsuccessful forms of DRM have been implemented. An early example of DRM is the CSS (Content Scrambling System) algorithm which when it first came out, allowed the "DVD Forum" to be in control of all consumer hardware capable of decoding DVD movies, restricting the use of DVD media even to the users who had the legal right to make backup copies of their movies.
  • DRM limits your options: If you want to play a file locked with DRM you have to use media players, mp3 players or CD Players that support DRM. iPod owners for example can only listen to the music they have purchased through the iTunes music store through their iPod, they cannot play it on non-apple devices. The famous Sony rootkit software which was installed by some music CD's in Windows PC's was a way of enforcing a kind of DRM to the end-users. Songs bought through the Napster service can only be played on players carrying the Microsoft PlaysForSure logo.
  • DRM restricts your rights: In most countries you have the right to make backup copies of music/movies/software for personal use, with DRM this option can be limited by the provider of the keys. Some services such as Napster only allow you to listen to the music you have downloaded if you have an active subscription but as described in the Wikipedia article: "But as soon as the user misses a payment the service renders all music downloaded unusable.". This is the reason DRM is also known as Digital Restrictions Management.
  • DRM can violate your privacy: The use of keys that must be retrieved from the Internet allows people who control this information (such as online music stores) to create a "profile" of your options. Should it be misused by someone, such information may be a potential threat to your privacy.
  • With DRM you no longer buy music, you rent music: It is possible to use DRM to limit specific actions of the end-user. Napster for example charges users who wish to use the music on their portable device an additional 5$ per month and pay an additional $.99 per each track to burn a track to CD or to listen to the track after the subscription expires.
  • DRM may pose a security threat to your system: Imagine the following scenario, which may become a very important security issue in the future: Your motherboard, like most new motherboards, may possibly have hardware DRM chips. What if a worm exploits a security hole and configures that chip to lock you out of your computer? Thanks to the way DRM is designed, it would be impossible to recover your data since no LiveCD would boot on a DRM-protected system... Matters can become even worse: What if it's not a worm that does that kind of damage but a cracker? He can blackmail you for money to give you back access to your data (this HAS actually happened in the past but it was with "plain" encryption, not DRM), or if he sells your data to other people who might be interested (other businesses etc.)? If Windows Genuine Advantage which is a software lock can actually lock you out of your computer, imagine what a hardware-level lock could do...
Some people have expressed the opinion that "crackers will probably workaround DRM soon". Indeed they will possibly workaround DRM protection of some systems but the nature of DRM is related to the Internet and any workaround will be patched soon. Furthermore, in some countries, such as the United States , it is illegal to circumvent measures taken to protect copyright such as encryption and this means that it is illegal to try to workaround DRM (see the DMCA - Digital Millennium Copyright Act). You may say "I just won't install any DRM stuff" but, as I have mentioned above, you may actually already have DRM in your hardware!

This is only a small part of the problems caused by DRM. There are many more problems that exceed the purpose of this article. The links below contain much more detailed information about DRM and I strongly recommend visiting them.

LINKS:
DefectiveByDesign.org | Wikipedia Article - Digital Rights Management | DRM.Info | DigitalFreedom.org | GNU | StopDRM | FreeCulture | EFF - Electronic Frontier Foundation | StopDRMNow.org | DMCA - Digital Millennium Copyright Act

Note: All of the opinions stated above are personal and do not in any way target specific businesses or services. Every example provided above is taken from wikipedia.org and does not reflect my personal opinion on the services.

No comments: