In the US, France and a few other countries it is already forbidden to play legally purchased music or videos using GNU/Linux media players. Sounds like sci-fi? Unfortunately not. And it won’t end up on multimedia only. Welcome to the the new era of DRM!

Author: Borys Musielak

In this article I would like to explain the problem of Digital Rights (or restrictions) Management, especially in the version promoted by Microsoft with the new Windows Vista release. Not everyone is familiar with the dangers of the new “standard” for the whole computer industry. Yes, the whole industry — because it goes way beyond the software produced by the giant from Redmond and its affiliates.

DRM, Trusted Computing — what kind of animal is that?

Quoting Wikipedia:

Digital Rights Management (generally abbreviated to DRM) is an umbrella term that refers to any of several technologies used by publishers or copyright owners to control access to and usage of digital data or hardware, and to restrictions associated with a specific instance of a digital work or device. The term is often confused with copy protection and technical protection measures; these two terms refer to technologies that control or restrict the use and access of digital content on electronic devices with such technologies installed, acting as components of a DRM design.

A similar (but a bit more specialized) term to DRM is Trusted Computing. The term is intentionally misleading. It does not try to improve the security of the user, but rather wants to ensure that the user can be “trusted”. Obviously it’s not about the trust, it’s about the money. The companies that deliver content (specially multimedia, but it’s not restricted to media only) to the client want to be able to control the way it is used. For example, they want the content to be displayed on approved media only, banning all the “illegal” applications (illegal does not mean that it violates the law, but rather the agreement between the client and the company that sells the media). More on Trusted Computing can be found (as always) in Wikipedia.

So, what’s wrong with the practice? Why shouldn’t the companies be able to control their content? The idea of DRM has two aspects that are important (and may be dangerous) for computer users. First aspect is technological, the second is ethical. We are going to cover both.

In a nutshell, the technological aspect is that DRM implies that the software, or even worse — hardware — should be manufactured not for the highest stability and performance, but rather for the best copyright protection possible. This means, that we — the users — are supposed to pay more money for a product that is defective (does not allow certain functionality for non-technical reasons) and provides an inferior performance.

Ethical aspect is even more dangerous. In the world of DRM, it turns that we cannot do whatever we want with the legally purchased products (like software, music, videos or text documents). What we can and what we cannot do is decided by the provider, not by ourselves. For example, a DRM-protected product can be disabled at any time by the producer if he believes that we violate the terms of the agreement. This means that your collection of “protected” music can be rendered useless (e.g. by decreasing the quality or even deleting the content) in a matter of seconds, without your approval. It that some horrible vision of a sick and evil overlord? Nope. This is an upcoming, terrifying era of DRM.

DRM by example

So, what does DRM look like? Can we see it or is it hidden? Actually, quite a lot of famous companies have already decided that DRM is the way to go. Below we present only a short list of the most popular formats that are affected (tainted) by the “rights protection”:

• DVD — the disk itself does not contain any hardware DRM, but a lot of providers decided to use the restrictions recommended by the DVD CCA organization, such as CSS (content scrambling by using encryption mechanisms) or RPC (region codes).
• HD DVD — the new standard that will probably replace DVDs has been unfortunately tainted by DRM since its creation. The main restriction used is AACS, a modern version of CSS.
• AAC — audio file format invented and promoted by Apple and its iTunes Music Store. In the version with FairPlay (sic!) protection system, it contains DRM-type restrictions (encrypting) aimed at making it impossible for competitive portable players to support this format (encrypted AAC works flawlessly only on Apple products like iTunes player or iPod and a few other players approved by Apple)
• Windows Media — each of the media formats of the Windows Media pack (WMV, WMA, WMP or ASF) has been tainted by some kind of DRM, usually meaning that the content is symmetrically encrypted and if the keys are not accessible, the user can watch/listen to only the scrambled version of the content (very low quality).

Pic.1 iPod coffin designed by Jeremy Clark

What is interesting and not widely known, DRM is not restricted to media only. It can be used to secure any other “digital goods”, especially the software. The idea to restrict access to proprietary software using hardware DRM technology is getting more and more popular around major software vendors, like Microsoft and Apple. If this gets implemented, the software producer will be able to, for example, block the use certain programs if they recognize it harmful or illegal. This could mean blocking programs of competitors if they violate the company’s internal rules (e.g. enable the user to play encrypted DVDs or AAC files, even though it is not illegal to do it in the user’s country). Blocking Peer2Peer clients, like eMule or Gnutella (nevermind if used legally or not) could be another option. And there are many more options available, provided that DRM is publicly accepted…

The price of DRM, or… what says Gutmann

Peter Gutmann in his recent publication analyzed the cost of Windows Vista Content Protection [PDF version by Max Moritz Sievers] with emphasis on the actual cash to be spent for the computer user if these recommendations are implemented by the hardware vendors. The article is interesting, but long and very technical, so I decided to summarize the main points here. If you prefer to read the original article, we strongly recommend you doing so. Otherwise, you can read our short summary, so that you know what we are talking about.

So, what will happen if the Microsoft vision comes true?

• If you have recently bought a high-end sound card you may be surprised, since in Windows Vista you won’t be able to play any “protected content” due to the incompatibility of interfaces (S/PDIF).
• Significant loss of quality of the audio may be common due to the need to test every bit of streaming media for the use of “protected content”
• The idea of open-source drivers will be abandoned since the whole DRM thing is based on the fact that the content decrypting takes place in a “black box” and only a few selected corporations may have a look at it. Security through obscurity, that’s what it’s called. Open source stands in complete opposition to this concept.
• Removing any standards from the hardware world is one of the Microsoft goals. According to the Microsoft theory, each device will need to communicate with the operating system in a unique way in order for DRM work as required. This will enforce the incompatibility of the devices, killing the existing interface standards.
• Denial of Service attacks will be a common place. The new era of DoS attacks will be more harmful than ever before. This is connected with the tilt bits introduced in Windows Vista. The malicious code will be able to use the DRM restrictions in any suitable way and the detection of this activity will be almost impossible if not illegal (sic!) thanks to the infamous DMCA act that prohibits the use of any reverse engineering techniques used to either understand or break DRM.
• The stability of the devices will be decreased due to the fact that the devices will not only have to do their job but also “protect” (who? obviously not the user…) against the illegal use of the audio and video streams. This “protection” requires a lot of additional processing power and of course a lot of programmers man days. Who’s gonna pay for that? Of course us — the customers.
• Issuing the specification by Microsoft seems to be the first case in the history when the software producer dictates the hardware producers how their hardware should be designed and work. Seems dangerous, especially when we all realize the intentions of Microsoft.

The conclusions are rather sad. If the major hardware vendors like Intel, NVidia and ATI take these recommendations seriously and implement them in their products, it may occur that the client will not only get an inferior product (defective by design), but will also have to pay the extra cost of implementing DRM restrictions (the vendors won’t be probably willing to spend the extra costs for something that does not give them any profits).

Update: there has already been a Microsoft response to the Gutmann’s paper: Windows Vista Content Protection - Twenty Questions (and Answers). The advocacy is however very poor. The Lead Program Manager for Video (Dave Marsh) confirmed most of the Gutmann’s conclusions, but presented them as “inevitable” and “providing additional functionality”. The OSNews readers seem to agree that Marsh’s response was basically the act of admitting the guilt

What we have covered so far are only the technical costs of DRM/Trusted Computing in the form proposed by the Redmond giant. The ethical costs of the “innovation” are even more interesting… or rather depressing. Read on.

DRM and freedom, or what says Richard Stallman and FSF

According to Stallman,

DRM is an example of a malicious feature - a feature designed to hurt the user of the software, and therefore, it’s something for which there can never be toleration.

Stallman is not the only person respected in the IT world who believes that DRM is pure evil. Another known DRM-fighter is John Walker, the author of the famous article “Digital imprimatur: How big brother and big media can put the Internet genie back in the bottle”. Walker compares the Digital imprimatur with DRM in the Internet and computing in general.

In Windows Vista it has been decided that the most restrictive version of DRM ever known will be implemented. If the Redmond dreams come true and the large hardware producers also decide to implement the DRM bits in their chipsets, it may lead to the situation in which we — the users, practically won’t be able to decide about our own software of legally purchased media. And this is actually only the beginning of what we can expect if a massive consumer protest against DRM does not begin. In the near future it may turn out that we will not be able to run any programs that violates one of the absurd software patents in the US or any kind of so-called intellectual property (just as if the ideas could have an owner!). And almost everything will be patented or “owner” in some way by that time.

I have a science-fiction vision of the IT underground, where the only hardware not tainted with DRM is made in China and using it is illegal in most of the “civilized” countries. And the only software that allows users to do anything they want with it is (also illegal) the GNU software, developed in basements by so-called “IT terrorists” — Linux kernel hackers, former Novell and Red Hat employees and sponsored by the Bin Laden of the IT — Mark Shuttleworth. Sounds ridiculous? Well, hopefully so. But I don’t think Microsoft and Apple would be protesting when this ridiculous and insane vision comes true…

What is it all about and how can you protect yourself?

So, where is this all heading to? It seems that, for Microsoft, controlling the desktop software market is not enough anymore. Now they try take control of the hardware market as well. Currently only by “recommending” their solutions to external hardware companies. But in the future, if the current pro-DRM lobbying proves successful, it may happen that Microsoft and other big software companies will be dictating how the hardware is designed. And all this — of course in their argumentation — only for securing the end user and protecting the intellectual property of the artists and programmers. This situation is rather paranoid. The hypothetical pact between the software vendors, hardware vendors and the content providers (RIAA, MPAA) could slow down the innovation in the entire IT industry for many years. This would be also one of the first times in the history where certain new technology is introduced not based on the customers’ demands, but rather on the need of large and influential companies. The customers (those aware of their rights) cannot be satisfied by this kind of agreement by no means.

So, how can you protect yourself from this “pact of evil”?

1. First of all — ignore the hardware and software using DRM techniques to restrict the rights of the user. Do not purchase music, movies and other content secured by DRM mechanisms. Instead, use alternative services recommended by the Defective By Design campaign — these are the tools and services DRM-free.
2. Secondly — talk, talk and once again, talk — make your family, friends, co-workers aware of the dangers connected with the use of DRM in the products. This is the best way to educate people what DRM really is and why they should care. Nobody wants to be restricted. When people become aware of the restrictions, they will not buy the products that restrict them. Simple enough

Pic.2 CC by-nc Randall Munroe

Breaking the DRM — it’s… easy

OK, and what if we have already legally purchased some content (like multimedia or text document) secured by some kind of DRM? Do not worry. Most of them has been broken a long time ago. For example, in order to play an CSS-encrypted DVD under GNU/Linux, you can use almost any player like VLC, MPlayer or Xine with libdvdcss2 enabled (this is a non-licenced library used to decrypt DVDs encrypted with CSS). If you posses music in AAC format (e.g. purchased at iTunes), you can easily convert them to a friendly format using JHymn without losing quality. The story repeats with each and every new introduced DRM technology, like encrypted PDFs, Windows Media, or recently HD-DVD (see the muslix64 post on BackupDVD) and BluRay.

Breaking the DRM restrictions is hard but always possible, due to the fact that all DRM mechanisms need to use symmetric encryption in order to work. This kind of encryption requires the keys to be hidden either in the hardware or software — in both ways it’s possible to access them by the hacker, analyze and find the way to decrypt the data streams. If you are interested in the details of DRM hacking, read the lecture of Cory Doctorow for Microsoft Research about the nonsense of DRM.

OK, but is it legal?

We know that we can break almost any DRM restriction using easily available open source software. But what about the legal part? Is it legal to do this at home? Well, this depends… Depends on where you live actually. For instance, if you have the misfortune of being located in the United States or France, you are prohibited by law to play your legally purchased music or films (sic!) that are secured by DRM if you don’t buy an approved operating system (like MS Windows or MacOS) with an approved media player (like PowerDVD or iTunes). In the US this has been enforced by the DMCA act. In France, a similar act called DADVSI.

Fortunately, in most other countries, it is still completely legal to use free software to break any DRM restrictions, like DeCSS to play your DVDs. What we, as the free software supporters, need to do is to constantly watch the law-makers in our own countries so that they do not try to introduce similar restrictions as in France or US. In Poland, for instance, a protest led by one of the big pro-Linux portals and thousands of computer users made the leading party to abandon the project to introduce a DMCA-like law in Poland. Free-software supporters in other countries, like the United Kingdom go even further and try to completely ban the use of DRM in the British law system.

Of course, breaking the restrictions is fighting the results, not the causes. The real problem is the pure fact that DRM exists and is widely accepted by the (unaware) majority. If the computer users do not unite and protest against including DRM in more and more products, nobody will, and the DRM will become our every-day experience which we will need to fight just like viruses or malware. This year may be the one in which the major decision will be made both by the industry (whether or not to apply DRM in the products) and by the customers (whether or not accept DRM as is). If we miss this fight, we may have to accept what we get. I don’t think we can afford missing it. Do you?

More info on DRM

• Defective By Design — the anti-DRM campaign
• BadVista.org — Free Software Foundation campaign against Windows Vista
• The Right to Read — the article by Richard Stallman
• Can you trust your computer? — another article by RMS about “Trusted Computing”
• Digital imprimatur: How big brother and big media can put the Internet genie back in the bottle — a famous article by John Walker
• RealNetworks rep to Linux: DRM or die! — RealNetworks reaction on Linux not supporting DRM
• Linus on DRM — Linus Torvalds does not protest against implementing some DRM in the Linus kernel (as long as it can be disabled)
• A Five Minute Guide to Opposing DRM — the article by Bruce Byfield about opposing the DRM in a smart way
• The big DRM mistake — Scott Granneman about the general mistake of the DRM concept

Copyright (c) 2007 Borys Musielak
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.