Monday, July 2, 2007

Is effective DRM possible?

The short answer is yes, but only by returning to analog publishing formats. The rest of this post is the long answer. Along the way I'll be giving a basic description of how DRM (digital rights management) is supposed to work today.

So why isn't DRM effective with digital publishing? Because digital formats don't degrade. Every bit of every song or movie is meant to stay uncorrupted for all time. The error correction used on the internet and on physical media are designed to ensure this. If the data does get corrupted --- from a scratched disk, or a failed hard drive --- the song or movie basically becomes unplayable around the damaged region and is permanently lost. So what's this got to do with DRM? Well to make a perfect copy a digital file all you need to do is perfectly replicate all the bits in the file. As long as you can read the bits of a digital file someone will always be able to invent a way to make a permanent copy of them. So DRM doesn't focus on preventing copying (although ideas such as ARccOS unsuccessfully try to). Instead, the more successful attempts at DRM use encryption technology. The idea is that the bits that make up the media file are encrypted so that they are apparently a completely random jumble of bits. The legitimate purchaser is given the cryptographic key (a long sequence of numbers) that is used by the playback software to transform the random bits back to their original form, on-the-fly. Sound's reasonable?

But there's at least two fundamental flaws with this approach to DRM. The first is the well established key distribution problem in cryptography. Surprisingly, perfect theoretical cryptography exists. It's called the One Time Pad. But it's more or less impractical because it assumes that the cryptographic key is kept perfectly secret, it's perfectly random, and it's the same length as media file itself. Even just the "perfectly secret" bit should convince you that this isn't going to work for mass publishing of media. Every individual would have to take delivery of two files per purchase, sent through separate secure channels such as one by the internet (the actual movie), and the other by post (the key). Then every individual would have to declare, under the threat of dire consequences, that they would never let any other individual have both the encrypted media and key files at once, and would never distribute their own unencrypted version. So DRM typically uses a scaled back approach. When you buy a DVD you receive both the encrypted media file and cryptographic key on the same disk.* When you buy a song, from iTunes for example, you download the encrypted media file and you download the cryptographic key for that file. From a key distribution perspective, both of these approaches are dumb because the key is basically delivered to you in the same way as the media. To compensate, publishers go to great lengths to hide the key on the DVD, or in the case of iTunes, on your hard drive somewhere. They also try to protect the schemes used to reassemble the key. But this can only last so long. At the end of the day, if the key and the media are distributed together, someone will always figure out how to recover the key and make that knowledge open. Which then allows every Tom, Dick and Harriet to decrypt and copy the media illegally. Examples of this are DVD Jon's original cracking of the CSS DVD protection, and the recent discovery of several HD-DVD/Bluray title keys that use the newer AACS protection.

So what's the second fundamental flaw? Consider for a moment the unlikely possibility that music and movie studio research discovers an uncrackable way to hide a key, such that only authorised software can reconstruct it. But at some point in the chain of events between your song or movie being legitimately decrypted, and when it emerges on your speaker or monitor, the file exists in your playback device's memory in unencrypted form. Even though this occurs in small chunks at a time it is possible for an enterprising cracker to discover the region of computer memory where it resides, and take a copy of the unencrypted media chunks. Reassemble the chunks, and voilĂ , you have a perfect copy of unencrypted media. Perhaps the best known example is software that extracts songs being played back with iTunes. Apple quite successfully figured out how to hide keys on a system. So successfully that it was easier for crackers to extract the files from memory after iTunes decrypted it for them. Operating systems like Vista now go to great lengths to provide internal media playback services that retain DRM until the the last possible moment before it emerges from your screen or speakers. These systems partly rely on the latest generation of audio/video connector standards, such as HDMI/HDCP. But even then, there is the assumption that all the hardware manufacturers play ball. There is already an example of HDMI hardware that removes HDCP protection. In fact, I believe digital audio/video connectors is one of the dumbest decisions that the entertainment industry could make if they are serious about DRM. Sure, we get much better quality, but we also get more opportunities to make perfect digital copies.

So why would a return to analog technology make DRM easier for the studios? Analog signals have the property that it's essentially impossible to make a perfect copy. In contrast, there's negligible error in digital to digital copies. This is because analog has an infinite range of values, not just 0 and 1's. Even the best hi-fidelity hardware and recording formats cannot perfectly reproduce an analog signal. At a physics level, electrical components all inject a small amount of noise into analog signals. Digital is so much better because you can continuously clean up all that noise (to restore things back 1's and 0's), but in analog you don't know what's noise and what's real signal. Think back to the dark days of VHS tapes. Even leaving aside technologies such as MacroVision, when you tried to copy a VHS tape from the video store to another VHS tape, the end result was often really poor quality. If your friend then tried to copy your copy, then the result might be unwatchable. Hang on to your copy for a year or two and it would also become unwatchable because the analog magnetic signals (and the plastic tape) degrade over time. In short, even though copying was fairly easy, there were serious physical constraints on how far a copy could propagate. These days, thanks to the media studios fascination with the idea that digital technologies are easier to protect, illegal digital copies can very quickly and perfectly be distributed around the planet.

Footnotes: * This is a simplification of CSS encryption for DVDs. Part of the key resides with the playback device. The situation becomes even more complex in AACS encryption for HD-DVD/BluRay; but doesn't alter the basic argument.