<div class='os_post_top_link'><a href='http://www.pcworld.com/resource/article/0,aid,125227,pg,1,RSS,RSS,00.asp' target='_blank'>http://www.pcworld.com/resource/article/0,aid,125227,pg,1,RSS,RSS,00.asp</a><br /><br /></div><i>"Digital rights management (DRM) technology has deep flaws despite the hope of content providers that encrypted files will deter illegal file sharing, a computer security researcher said Monday. DRM is a catch-all term for a variety of methods used to limit content sharing. Techniques include digital encryption of songs and encoded limits on the number of times content can be accessed. But DRM technologies are far from foolproof, and the ones developed so far have been easily circumvented by adept hackers, said Ian Brown, a senior research manager at the Cambridge-MIT Institute in England. DRM won't protect the music and film industries, which have spent the last decade lobbying for new laws to protect their content but neglected trying to find better ways to monetize their offerings, he said. Bands such as U2 and the Grateful Dead use their music more as a promotional tool, relying on touring and merchandise for revenue, he said."</i><br /><br />I had a hard time understanding exactly what the loophole being mentioned here is. It looks like all Mr. Brown is concerned about is the "analog loophole", i.e. the fact that nothing is preventing a bootlegger from sticking a camera or microphone near the source of the DRM content and then bootlegging that copy. I know for a fact that multiple software companies are doing research where they would embed watermarks in the actual frames of a video itself so I guess his fears are being addressed there (at least for video). Other than that, what else can one do?

Suhit, I think you're looking at Ian's perspective backwards. He's against the current DRM model, saying that it doesn't deter skilled hackers, and that music companies need to develop a new model. So, saying he's "worried" about the analog loophole isn't quite the point; rather, the analog loophole is one example of how DRM doesn't work.

Of course, the music industry's goal is watermarking + signed output + TCPA to make it tough to use the analog loophole, but that's going to be very, very difficult to do in a complete sense. Their approaches will just make it hard for the average consumer. A skilled "hacker" will be able to use different hardware or different operating systems to rerip the music in some fashion or another, whereupon they can post it on a P2P network. (Unless you're talking about preventing unsigned music from being played through signed/watermark-checking speakers. That's impractical for the foreseeable future, although in 20 years it might be doable.)

--janak

...and the author is looking at it backwards from the companies' point of view. ;-)

They don't care about dedicated crackers and pirates; those guys they have investigators and law enforcement to rely on.

What they want to deter is the "enthusiastic amateurs", the informal social networks of folks that trade stuff around, the dorm-room servers with 30,000 songs they never listen to...

This is the middle ground between the pros who, as he points out, have the resources to (eventually) break anything, and the harmless (commercially speaking) "casual copiers" who make a copy to use on more than one device at a time or to give to a friend or relative.

DRM is about stopping the peer-to-peer leeches, as I believe the crackers refer to it, not the crackers themselves.

And from their point of view, DRM is the only alternative to suing their own customers.