Express your Rights
In order for consumers to fully embrace online purchases of digital media, especially music, they will want the right to transfer that purchased music to all the places where they might render the media (car stereo, home stereo, portable music player, or a computer at work). Consumer electronics devices, such as music players, complicate each sale of digital goods in two ways. First, the rights to transfer become part of the purchase deal, and second, because music encrypted by one technology can only be decrypted by the same technology, this transferability may not be possible.
This latter point — DRM forking, or the lack of interoperability between DRM solutions — is likely to blossom into war in the years to come. Microsoft, Real and others are keenly aware of this and are working hard to gain an early foothold. The Motion Picture Experts Group (MPEG) is also working on standards. But a music industry consortium, the Security Digital Music Initiative (SDMI), is the most high-profile effort to establish interoperability in DRM, albeit for music only. The SDMI, however, has yet to release a deployable specification. Though device manufacturers are largely in line to include SDMI, right now, it’s vaporware.
Adding to the SDMI’s woes has been an unpleasant round of press regarding whether or not some of the candidate SDMI technologies can be cracked. The SDMI had asked hackers to help them choose technology by posting some samples for crackers to gnaw on. The allegations were that crackers had broken more of the technology than the SDMI would admit. Still, the purpose of the testing was to help SDMI find weaknesses in candidate technologies, not to show the world that they’d built an "unbreakable code."
Without the support of the major labels and electronics companies, no DRM solution for portable music players has much of a chance to become truly ubiquitous. So, in spite of its delays and tarnished image, SDMI is likely to succeed eventually, but it will also likely coexist with other solutions.
The Bottom Line
Crackers will always find a way to get at protected content, but technology will make it difficult enough that most people will not bother. That’s probably enough to satisfy the bottom-line concerns of content owners. Most content will be in obfuscated data files which are free and freely tradable but unplayable, and the right to render those data files under various conditions will be sold to consumers. The biggest battleground is not the personal computer, where many DRM solutions can run side by side, but consumer electronics, where only one DRM solution will be implemented per device.
The trickiest part of making decisions today is that nobody knows what technology will prevail tomorrow. As a result, the wisest content owners will stay with non-exclusive technology and distribution agreements, and keep their investment in any given technology small enough that they can jump ship if and when it is in the best interest of their business to do so. With those things in mind, content owners have a new and growing world of opportunities to profit from selling in the greatest shopping mall known to mankind — the World Wide Web.
Challenge | Winner(s) Announced | Key Size / Encryption Type | Cracked in... |
Netscape's SSL Challenge | July 1995 | 40-bit / RC4 | 8 Days |
RSA's DES Challenge | June 1997 | 56-bit / DES | 96 Days |
RSA's DES Challenge II-1 | February 1998 | 56-bit / DES | 41 Days |
RSA's DES Challenge II-2 | July 1997 | 56-bit / DES | 56 Hours |
RSA's DES Challenge III | January 1999 | 56-bit / DES | 22 Hours |
CSC's Challenge | January 2000 | 56-bit / CSC | 62 Days |
RSA's RC5-64 Challenge | none yet | 64-bit / RC5 | 3 ½ years running, with estimated less than 3 to go |