Republishing the Rules - The Ultimate DRM Hack

by The Walrus

"We'd like to be vertically integrated from the moment of creation right through to the moment of delivery"  - Rupert Murdoch

Shame on us.  We've been squandering the very thing the most powerful media magnate on the planet lusts after with all his heart.

While our minuscule hacker hive buzzes with aimless activities ranging from cracking DVD encryption to co-opting Microsoft's Media Encoder into DivX, the real power to publish is being systematically and subversively removed from our economic grasp.  The power to steal is overwhelming the power to share and the real victims will be our children.

What am I haranguing you about?  Digital Rights Management, simultaneously the most liberating and oppressive concept within the modem computer world.  DRM, as it's casually known, is a class of computer systems that control access to data in its myriad forms.  These systems are complex, expensive, and represent (((Big Media's))) last stand against the notion of a fair, non-profit oriented means to get creative data to its consumer.  Even the company names in this space sound ominous: Intertrust, LockStream, Microsoft.

So what, you say - we'll hack the things.  Rupert, Eisner, Gates... they don't stand a chance.  Well, maybe we will and maybe we won't, but the point here is not about hacking your way to free copies of Star Trek - The Last Generation.  It's about telling the story of how you did it.  And about getting your story published and distributed the way you want it distributed, not the way Big Media wants to do it.

Let's get real here - any reasonably sophisticated DRM has a few common components:

Device Registry:  These exist because Big Media wants to control where the creative data actually goes and how long it stays there.  Cool with me, no problem, so long as it's their creative data.  But what about my creative data?  Who's going to control where that goes?  Left unchecked, the answer is Big Media or nobody.  Nobody may sound like a decent answer to you, but if you spent six years creating this data, you may want to at least get acknowledgment from people who are using it and like it.  And, maybe you'd rather not bother them after they've acquired it onto their first device.  Plus, maybe you included some sort of value condition (like an advertisement or subscription) that is assessed based on the number of consumers you have.  Maybe you buy food from the proceeds.

Encryption:  Generally, the garden-variety stuff, as it's reasonably difficult to hack.  It's a waste of time to hack it anyway, as the back door is usually left wide open during the events that occur on a computer after stuff has been decrypted.  It's actually this little back door problem that is at the root of the most oppressive aspects of DRM: It leads to the design and construction of electronic devices that embed a private enterprise's approach to controlling any data that shows up on that device.  Again, cool with me - it's their device and if I don't want it I don't buy it.  But what about my creative data?

Packager:  A packager takes the creative data and prepares it for distribution under DRM control.  They often embed cute little features, like the ability to create a stand-alone program that, on a target computer, can access operating system memory space and perform intrusive, privileged acts like deleting data.  Again, cool with me so long as it's their data and I granted them, through some sort of license, the right to do so.  But, do you think for a second that a private citizen such as yourself could afford to use such a powerful tool?  Think again.

Keys:  Every DRM has keys.  Keys are often hackable, but they are also immensely powerful mechanisms for enabling a prescribed sequence of events to occur on millions of computers.  Why would we even consider leaving such power in the hands of private enterprises?

DRM companies are undergoing their first round of shakeouts, and as any Economics 101 student knows, only a few will be left standing.  DRM is a commodity, which means - under the track currently underway - one company will eventually dominate (think Microsoft).  The notion that consumers will use multiple DRMs based on which creative data they choose to consume is ludicrous.  The architectural underpinnings of these systems are just too weak, which translates into too many bugs and too many hoops for the Average Joe to jump through to use the creative data.  Heard any Blue Matter music tracks lately?  I didn't think so - and neither does Blue Matter.

There's a massive issue at stake here - the opportunity (not the right) for individuals to obtain the same, or better, level of DRM capability as the big boys and, in the process, to make sure the one DRM left standing is as robust as possible and provides equal opportunity for all.  Just like Linux, FTP, or Telnet.

It's time for a call to arms.  It's time to petition the IETF to develop an open protocol for the common elements of DRM.  It's time to distinguish the common elements from the value added elements and to create a framework for the competitive circus that now exists in the DRM marketplace.

It's time to donate our skills and abilities towards the creation of this system and to use our hacking skills to break it and to fix it.  It's time to wrestle the power to publish and control distribution of creative data away from the hands of a few individuals and into the hands of the Internet user.  It's time to educate our children that the opportunity to publish and compete with Big Media is theirs and the right to consume is limited by ethical behavior.  Soon, it will be too late.

The technology is close enough; it's now about economics, sociology, and seizing opportunity.  Make your opinion heard.