DRM: failure by presumption of guilt

Since the launch of the Apple Music Store, I have used filesharing software maybe twice. I simply haven’t found the need, and when I want a song, I’m happy to pay $1 for it. I was never super happy about the DRM, but Apple’s DRM didn’t ever prevent me from going about my usual dealings. I authorized my wife’s computer and my sister’s computer with my account, and that’s about as widely as I need to share my music. Even after a hard crash of my older Mac, I was easily able to “deauthorize all machines,” and manually reenable each one.

Now, though I’m evidently not a huge anti-DRM activist, I think DRM is a particularly poor business and technical choice. In a DRM-enabled world, every appliance has to implement the prescribed constraints and treat every user action with great suspicion. In other words, with DRM, paying customers are guilty until proven innocent. DRM is the only technology which is entirely dedicated to disabling features for the primary user of the application. How weird that we’re spending brain and computer cycles on forcefully removing features?

So last week, I bring up iTunes to play some music for my last stretch of thesis writing. Two songs into my writing frenzy, iTunes stops playing. I click play, and the authorization dialog appears, claiming that my entire machine isn’t authorized. Weird, but whatever. I type in my password. Random unexplained failure. My machine won’t authorize. My songs won’t play.

By the next day, the music store was fixed, my songs played again, and I’d received a serious reality check about the consequences of DRM. What if I hadn’t had network connectivity? What if Apple hadn’t fixed the bug quickly? What if Apple changes business model altogether in the future? Who owns the right to play my songs? Is it revocable in some way?

In theory, I knew about these issues, and I’ve written about them before. But it’s a completely different thing to have this happen to you personally, right when you really want to listen to that song. It’s this uncomfortable feeling, much like when a police car pulls up behind you, you get a rush of adrenaline, check your speed, breathe a sigh of relief because you’re safely under the limit, then wonder defiantly “why the heck is this police car on my tail?” It’s a violation of your privacy, as if the music store owns you and has some kind of veto power over what you do.

These failures are bound to happen more and more. As more appliances support DRM, as more content is DRM’ed, the proper operation of the DRM backend is now on everyone’s everyday critical path. And that’s really the question we should be asking: what happens when the system fails? What happens to honest consumers? With DRM, the answer will always be “unauthorized by default.”

That’s why, starting today, I will be decrypting and backing up all of my songs. That’s why everyone will do the same over time. And why consumer protection laws, much like those being debated in Europe right now, will eventually become more commonplace. And that’s why DRM will fail.







4 responses to “DRM: failure by presumption of guilt”

  1. […] Naturally you can pay big bucks to various analysts to get their reports that explain the challenges to existing business models that DRM is supposed to answer. And there are whole organizations focused on the subject. And this post where a previously happy user of a locked silo DRM recounts his discovery of the underlying thinking in the schemes- you are presumed guilty. Especially sharp point “DRM is the only technology which is entirely dedicated to disabling features for the primary user of the application. How weird that we’re spending brain and computer cycles on forcefully removing features?”. And it isn’t just brains and machine resources that are invested. This 2003 post by Bill Rosenblatt, a paid consultant to the DRM enterprises, explains why it isn’t content companies paying for this reduction in capability, although it is clear that Bill thinks they should. […]

  2. […] CSS (content scramble system) was hacked by a teenager in Norway just weeks after its release. . Even Apple has gotten push back on its DRM strategy with the iTunes and iPod offerings. […]

  3. […] say, the authentication servers fail? Well, by the natural principles of secure system design, (and as I’ve written before) the default policy is “deny.” Windows can’t contact the WGA servers? You must be […]

  4. […] It gives the fans what they want in a variety of options (and no fucking around with the failed DRM restrictions that the music industry disastrously tried to impose), and cuts out the middle man so […]

%d bloggers like this: