October 6, 2003
News and Notes on DRM
1. I want to briefly comment on the EFF’s Trusted Computing report. Really, I have very little to add aside from thanks. It’s a well-written, balanced discussion with affirmative policy recommendations – can’t ask for much more than that.
Read the whole thing, but pay close attention to this part of the DRM analysis:
“[R]emote attestation is the linchpin of DRM policy enforcement. If a remote system lacks reliable knowledge of your software environment, it can never have confidence that your software will enforce policies against you. (You might have replaced a restrictive DRM client with an ordinary client that does not restrict how you can use information.) Thus, even though other NGSCB features aid DRM implementations, only remote attestation enables DRM policies to be instituted in the first place, by preventing the substitution of less-restrictive software at the time the file is first acquired.”
So, let me try to parse that: DRM could be more effective even without remote attestation, but, if you can override the attestation, then it’s possible for you to be running a system that gets around the other security features, too. Do I have that right?
2. Read the Trusted Computing report with this (via Felten). Given how impotent DRM is today, how long until trusted computing is implemented effectively? Will we not see a long series of systems that can be cracked with the equivalent of a shift key before anyone gets it right?
3. BTW, just curious: did anyone ever crack Apple iTunes’ DRM? There really isn’t much a reason to, given that you can get around it by using some utilities to convert and recompress to MP3, or by burning to CD and then reripping. But I wonder if someone did it anyway.
4. And how is WMA fairing these days? I know it was cracked a few years ago, but that hole was fixed in later versions.
Filed by Derek Slater at 6:39 pm under General news
Comments Off on News and Notes on DRM
