Even simpler: if you send the decrypted signal to a TV for display, you can send it to something that "talks" like a TV, but is actually a (n unencrypted-)DVD burner. Or that uploads it to the Intartubes while playing it.

I know! They can booby-trap the DVD players so that if their memory is read, they break open a cannister of Sarin!

But wait...you'd still have to be able to send the information to the TV unencrypted.

I know! We could make it so the TV itself has the key, so that e.g. Sony DVDs can only be played on Sony players attached to Sony TVs! That way, everyone would have to have a different setup for every company that makes DVDs, and also it would get rid of riff-raff who want to make their own DVDs, because they won't work with ANY player!!!

A monopolist's wet dream. Nightmare for the rest of us. Fortunately, IBM already tried that and got spanked, though it took decades. Fortunately I think that era has ended.

Good article, Cory, but your editors missed one gaffe:

"This means that ultimately, DRM only effects people who buy media honestly, rather those who nick, borrow or cheat their way to it." (Emphasis added)

I believe the correct word-choice here is "affects," regardless of which side of the Atlantic you hail from.

"The thing is that when they say that you can't travel than fast than the speed of light"

huh?

The Guardian article should've been on a wiki!

"you can't travel than fast than the speed of light"
->
"you can't travel faster than the speed of light"

Nit-picking aside, very nicely put, and it's a good article overall.

How many non-geeks do you expect will make it past the opening paragraphs about the physics of lightspeed travel? Or the sentence, "to understand this, you need to understand a little bit about cryptography"?

RE: Anoymous - Hey, it's the Guardian. What did you expect?

RE: Xopher - they tried that and it didn't work.

Also, where you say "The thing is that when they say that you can't travel than fast than the speed of light" I think you mean "The thing is that when they say that you can't travel faster than the speed of light" in the first line of your quote above.

Another typo slipped past ed, "you can't travel than fast than the speed."

I hear they're working on that speed of light thing...

http://www.dw-world.de/dw/article/0,2144,2754172,00.html

I used to work at a software company with a guy who was responsible for the licensing subsystem of our product. The licensing model required a key to unlock the software and additional keys to add concurrent connections, add-on features, etc..

My friend and most of the engineering team understood that the licenensing was a weak defence at best.

However, every once in a while, some bright shinny product manager, fresh from MBA school would storm into his office and get all worked up about someone publishing a crack on the internet.

Now, you have to understand that this was software for large corporations. Sure, someone might use a copy without paying us, but nobody who was going to crack it would have paid for it anyway.

My friend would patiently explain essentially what Cory has explained. I.e., we've given them the software and the code to validate the key is part of the software and they run that software on a machine that is completely under their control so their isn't any way to completely protect the software.

He would explain this, and the product manager would go away looking dejected. But then, he would return looking like he'd had a Eureka moment and shout "Dongles!".

Now, dongles, like dedicated DVD players, only make the task harder. But as we've seen with the Xbox, even hardware-based DRM can still be broken.

Plus, my friend would always ask, how would we handle the multiple product keys we supply (for additional connections, add-on products, etc)? We would have to specify that they leave five feet of space behind their servers to handle the chain of dongles sticking out the back.

Anyway, I could always tell when this had happened to my friend because he would come into my office and tell me "I've been dongled again."

Another garbled sentence -- "the only ones who know have the key"

"You know that messages can only be read by the authorised sender and the authorised receiver because you are the only ones who know have the key."

All music, movies and software should just be free. When the creators ask for compensation and the investors ask for a return, just tell them that they are doing the community a service and shutting down piracy at the source. Come to think of it, we shouldn't have any money either.

in the article you state:
"The thing is that when they say that you can't travel than fast than the speed of light, they're talking about the fundamental principles of physics: it's impossible to get beyond lightspeed, even if science fiction movies help us conceptualise it."

this is not true.

what is forbidden is accelerating objects or particles that exhibit *non relativistic or "at rest" mass"* to exactly lightspeed. the problem is, as the object has a rest mass it also acquires a relativistic mass as it approaches lightspeed. the closer to lightspeed it gets the heavier it gets...in essense to accelerate an object with a rest mass to lightspeed takes an infinite amount of energy due to the fact that the object's relativistic mass would be infinite also at lightspeed.

oddly enough though, there are serious academic attempts to circumvent einsteins special relativity constrictions barring ftl travel:
http://en.wikipedia.org/wiki/Faster-than-light

the jury is still out.

Re: Anonymous #10

You're right, the only options are DRM-ed media or giving all media away for free.

Oh wait, not it isn't. I pay money to eMusic every month, and they pay money to artists and investors, and yet I don't have to worry about DRM on my music files.

Of course even if your suggestion was the only alternative to DRM, that wouldn't affect Cory's argument, which is that effective DRM is impossible. If your business model requires a perpetual motion machine to work, that doesn't mean you should keep spending money on companies that promise to deliver perpetual motion machines. It means your business model is broken.

What is the license for this text? Is it copyrighted by the Guardian, or can I translate it and post on my site?

Anonymous (11):

That's an amazingly anti-free-market position you are taking under the guise of disparaging anti-DRM sentiments as akin to communism.

DRM is a means of imposing artificial price supports on music, movies, books, software, and so on. Like a system of agricultural production caps and import quotas, these controls act through the restriction of supply such that the operation of the law of supply and demand produces a price (and profit) desired by the controllers of production. Government-enforced DRM is in some ways an element of central planning of the entertainment sector of the national economy.

In the absence of government backing for this kind of capitalist racketeering, supply, demand, and price would be free to seek a more natural equilibrium. This would undoubtedly lead to adjustments in the market and cause some amount of economic pain and probably lead to the collapse of the music, film, and television industries as we know them. Many people would probably dislike the result, but singers would go on singing, writers would go on writing, painters would go on painting, and so forth.

The risks and rewards of investing in large-scale entertainment enterprises would certainly change, but I think there would still be wealthy individuals willing to put up money for a chance to be part of the creative process. Creativity is attractive in itself to many (if not most) people: it seems unlikely that letting entertainment rights seek their own balance of supply and demand would eliminate entertainment as a human endeavour.

Hey anonymous -- you have my permission to translate the article for your site. Which language are you translating it into?

Cory (#16) - That would be Hebrew. Perhaps you will find it of interest... I will send you a link when it's done.

I've been making this argument for years, most recently in this article:

http://bjimba.blogspot.com/2007/02/impossibility-of-drm-russells-law.html

Here's hoping that having Cory weigh in on the side of reality will have *some* effect on the potential snake-oil purchasers.

Is there really a rigorous physical law or mathematical proof that DRM is impossible?
I mean rigorous, not by way of analogy or platitude, as "If it can be seen/heard/read, it can be copied."
(Hmm... maybe that's it!)

It's intuitively obvious, but if you have a theorem or law, then, End of Story, no? Just as they won't grant a patent on a perpetual motion machine, you cannot legislate something physically impossible. (I know, I'm living in a fantasy world - it doesn't stop Congress from doing it anyway!)
I'm guessing it is some combination of the Halting Problem and the 2nd Law of Thermodynamics. Takers?

Really really simple version: Once the media is no longer digital but is a picture / movie / sound then it can be captured by so many sources that it can be easily made 'free'... take a photo of your screen for copyright pictures, plug your sound out into a microphone plug for songs, camcorder to a movie [or better yet screen capture, or better yet decrypt straight to a 'free' file]

If we can see / hear / watch something we have enough technology to record it.

A good article, if a little bit depressing for people who try and control information for other reasons (e.g., preventing personal data from disappearing) given the relationship between DRM schemes and information security (something I wrote about here).

I hear they're working on that speed of light thing...

The thing about that is that it's a blue-sky pure science research project. It's not engineering.

Engineering is the application of *known* principles to solve problems. There is no known principle to do DRM securely, therefore secure DRM is not an engineering problem. Assigning engineers to the task annoys the engineers (who generally know better) and, predictably, yields no results.

Finding new principles is the task of scientists.

Unfortunately, one difference between pure research and engineering is that (as a rough guide) pure science is expected to pay off in 50 years or more, while engineering is expected to pay off in 5 or less. (The area in between, 5-50 years, is applied science.)

I get the impression people aren't that patient. If you're willing to wait 50+ years, you might get a secure DRM system — or you might not, or you might get something completely other. Science is like that, especially pure.

@William Morriss, who said:
"A good article, if a little bit depressing for people who try and control information for other reasons (e.g., preventing personal data from disappearing) given the relationship between DRM schemes and information security (something I wrote about here)."

Disclaimer: I'm a layperson in this field, not an expert.

That aside, I think you are dealing with a different kettle of fish with information control on what I presume to be semi-centralized systems (Hospital/bank/other business backoffice data systems and the like). In that case it's more like straight-up cryptography, at least the way I understand it, where you are trying to prevent leaks to the outside world - not to the legitimate user. The failing in that model is the whole "users writing down the password/using easy passwords" problem, plus the "portable mass storage devices" problem you point to in your linked blogpost.

DRM is different, as Cory puts it, in that the person legitimately using the data in question is also the person the cryptographic/DRM system is supposed to prevent from getting the data. (that doesn't parse well, but I think it's understandable).

This isn't to say you don't have a difficult job - security is never easy - but at least your problem isn't as large as that of the DRM pushers!
-cajun

@William Morriss: There are differences between DRM and the situation in companies; if you work out the list of who's protecting what from whom on whose machines, the companies are in a much better position. It's still hard, but doable.

In particular, the company owns the machines. Thus, it can control them to a degree that would be unacceptable in a consumer product. The techniques are well-known, if you're willing to pay the cost.

Which, of course, is the nub: there's a cost to security as well as benefit. Banks do it, because the benefit outweighs the cost, to the extent the benefit outweighs the cost. For most other businesses, the cost of security breaches is pretty much negligible, so they don't.

As a side point, just because Microsoft can't get security right doesn't mean it can't be done. It's another case of cost and benefit: until a few years ago, the cost to Microsoft of viruses and worms was so small that they did nothing at all about security. They are trying to do better now, but fixing a decade's worth of accumulated security problems is not easy — and even today the cost to them is fairly small.

Remember when there were all those articles about how the United States was changing over to an "information economy," rather than working on keeping our industrial base competitive? That version of reality was based on the assumption that DRM and copyrights are enforceable when really large amounts of money are at stake.

Ooops.

Copyright is mostly a way of making sure that the creator or licensee, not some other shmoe, makes a few thousand or million dollars off some piece of work. When you're talking about small, scrambling entrepreneurs in a fast-growing country paying a substantial chunk of their working capital for expensive licensed software, when the disks the software is distributed on cost a few cents each ... it's just not going to happen.

I'm not saying that it's right or wrong, or that it should or shouldn't happen. I'm saying that's how it works.

===

If you want a second general demonstration of DRM not working, I can give you one for text (i.e., books): Say you're selling encrypted e-books. If you're making enough money for anyone to care about breaking your DRM, every paper-and-ink plaintext copy of one of your titles is a massive crib. Your encryption will not stand up to that.

If your encryption proves recalcitrant, or the pirate just doesn't want to have to bother, they buy a paper-and-ink copy of the desired title and pay a typist to keyboard it. If they're being fancy, they can hire two typists, and run programs that flag any divergences between the two versions (i.e., typos).

Bye-bye encryption, bye-bye DRM.

People will have to find other ways to get paid for their creative work. It's not impossible. The point is that DRM isn't the way to do it.