Researcher: DRM technology fails in practice
Copy-control tech is simple in theory, but simple to hack too
IDG News Service - Digital rights management (DRM) technology has deep flaws despite the hope of content providers that encrypted files will deter illegal file sharing, a computer security researcher said Monday.
DRM is a catch-all term for a variety of methods used to limit content sharing. Techniques include digital encryption of songs and encoded limits on the number of times content can be accessed. But DRM technologies are far from foolproof, and the ones developed so far have been easily circumvented by adept hackers, said Ian Brown, a senior research manager at the Cambridge-MIT Institute in England.
DRM won't protect the music and film industries, which have spent the past decade lobbying for new laws to protect their content but neglected trying to find better ways to monetize their offerings, he said. Bands such as U2 and the Grateful Dead use their music more as a promotional tool, relying on touring and merchandise for revenue, he said.
"It's the business models that need changing, not the technology," said Brown, whose doctoral thesis in part covered DRM technologies. He spoke at the Changing Media Summit in London.
DRM technology is simple but making it work is difficult, Brown said. The data has to be decrypted to be used, and the "analog hole" remains -- the ability for determined bootleggers to use a microphone or regular video camera to record content for posting on file-sharing networks.
So-called watermarks -- instructions regulating the usage of the file that are invisible to the users -- can be removed by a determined programmer, allowing them to post a file to a P2P (peer-to-peer) network, Brown said. The algorithms used for watermarks are still "primitive," Brown said.
DRM technologies may be most effective for time-based events where encryption would only have to hold for a short period, such as the broadcast of a live sports event, Brown said.
The progression of DRM technology is closely watched. Music and film industry officials argue that DRM is crucial to preserving revenue in the face of piracy. Consumer advocates say DRM technologies can be too restrictive for consumers who legitimately paid for content and want to share it on several devices.
"Fundamentally, it's an antiuser technology," Brown said. "It's a technology that allows content owners to provide data to their customers with restrictions on how they can use it that aren't justified by copyright law.
Microsoft Corp. is incorporating features into its next-generation OS, Windows Vista, to take advantage of DRM capabilities of TPM (trusted platform module) chip sets. TPM chip sets have the capability to store the keys, passwords or certificates attached to DRM-enabled files and only allow decoding by authorized users.
France is debating legislation that would require companies developing DRM technologies to provide enough information so other companies can make interoperable systems. Apple Computer Inc. has lashed out at the measure, saying it will encourage music piracy.



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Overcome Top 7 Admin Challenges of Active Directory
- As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
- Insiders Can Ruin Your Company. Take Action.
- Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
- Top Solutions and Tools to Prevent Devastating Malware
- Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
- Streamline Compliance and Increase ROI
- Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will...
- X-Ray of the PCI Process-4 Proactive Steps
- This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into... All Gov't Legislation/Regulation White Papers
- Optimizing Networks for the Cloud
- Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
- Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
- Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
- Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
- Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
- Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
- Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn...
- Virtualize Business-Critical Applications with Confidence
- Virtualizing business-critical applications has become a key focus for organizations as they move along their virtualization journey. With the launch of VMware vSphere®... All Gov't Legislation/Regulation Webcasts