Why DRM Doesn’t Work

by on October 10, 2007 · 0 comments

It’s a few weeks old, but be sure to check out Cory Doctorow’s excellent explanation for why copy protection can never work:

[Encryption] works brilliantly. You can download an email privacy program that uses standard, public encryption algorithms to scramble your email so that only its intended recipients can read them. You know that messages can only be read by the authorised sender and the authorised receiver because you are the only ones who know have the key.

It’s great for email, but it can never work for movies, TV shows or music, because in the case of “copy protection” the receiver is also the person that the system is meant to guard itself against.

Say I sell you an encrypted DVD: the encryption on the DVD is supposed to stop you (the DVD’s owner) from copying it. In order to do that, it tries to stop you from decrypting the DVD.

Except it has to let you decrypt the DVD some of the time. If you can’t decrypt the DVD, you can’t watch it. If you can’t watch it, you won’t buy it. So your DVD player is entrusted with the keys necessary to decrypt the DVD, and the film’s creator must trust that your DVD player is so well-designed that no one will ever be able to work out the key.

This is a fool’s errand. Because the DVD player has the key, it’s always possible that it can be extracted by academics, hardened hackers – or just kids who are in it for the glory.

Doctorow makes an analogy to the speed of light, but I think a better analogy is that DRM systems are to computer science what perpetual motion machines are to physics. Anyone who says he’s got an unbreakable DRM scheme is either clueless or lying. Yet DRM snake-oil salesmen, like the charlatans who periodically claim to have invented a perpetual motion machine (or infinite compression algorithms), are perpetually coming up with clever new ways to obfuscate the fundamental impossibility of what they’re trying to accomplish. If you make a system complicated enough, it can be difficult to explain its flaws in laymen’s terms. But that doesn’t mean it doesn’t have them, or that they aren’t fatal.

SHARE: 0 comments

Tim Lee / Timothy B. Lee (Contributor, 2004-2009) is an adjunct scholar at the Cato Institute. He is currently a PhD student and a member of the Center for Information Technology Policy at Princeton University. He contributes regularly to a variety of online publications, including Ars Technica, Techdirt, Cato @ Liberty, and The Angry Blog. He has been a Mac bigot since 1984, a Unix, vi, and Perl bigot since 1998, and a sworn enemy of HTML-formatted email for as long as certain companies have thought that was a good idea. You can reach him by email at leex1008@umn.edu.

Previous post:

Next post: