Jeremy Allison on DRM not ever working

Just read a good piece by Jeremy Allison over on ZDNET. Why DRM won't ever work is a good explanation of the fundamental flaws with the concept and implementation of DRM. It is a great piece to share with folks who don't understand DRM.

DRM is applied to digital data by one party, usually the vendor of a music or movie, and encrypts the data to be protected using an encryption algorithm and a key. The other party in the transaction, the consumer of the music or movie, is then given the encrypted data, knowledge of what algorithm is used to encrypt the data, and a copy of the encryption key used to encrypt the data. All of these things must be supplied to the consumer in order for them to be able to use the data; without them, there's no way the consumer can listen to or watch the data they've just bought. Yet DRM is supposed to be able to restrict what the customer can do with the data. How can this be done given the fundamental reality of the situation described above?


They have to have been given this, else they can't listen to the song or watch the movie. Claiming that this process can ever be made secure from the people you've just given all this information to is like believing you can create a secure bank vault by drawing chalk lines on the pavement, piling the money inside and asking customers to "respect these boundaries". The media industries are trying to sell what they consider to be valuable data without any means of prohibiting access to it. This is not a business model that is ever going to work.

Jeremy Allison also mentions a recent Doctorow talk:

In a recent talk at Google, Cory Doctorow. the Electronic Freedom activist, science fiction author, and creator of the popular geek news aggregation site Boing Boing said that engineers should simply refuse to create DRM systems for customers. A request for a DRM system is a sign that the customer is in denial, and isn't dealing rationally with reality.

We agree with this whole heartedly. DRM is fundamentally anti-user and engineers should not be working on schemes that hurt the users of their software.

The GPLv3, final version due out later this month, works to address this in the way it handles DRM.