I can’t believe that in 2011 people still think DRM can work for anything but limit end user choices, security and privacy. Here is an article from EFF explaining what is going on with this on the HTML standardization front. Please join this struggle and sign EFF’s petition.
In case you don’t know or understand what this is all about, here is my attempt at explaining, by writing a fictional conversation between a DRM Programmer and a Technology Literate User.
DRM Programmer: I want you to buy my data (Movie/Music/Book/Game) and then be able to read (Watch/Listen to/Play) it but not copy it.
Technology Literate User: That is impossible, on computers reading is copying.
D: I will protect the data by encrypting it.
T: If you encrypt the data I won’t be able to read it.
D: I will give you a decryption key so you can decrypt the data and read it.
T: If you give me the decryption key, and let me read the data, I can then write (E.g. save) it, unencrypted, to somewhere else, and therefore copy it.
D: O.k. so I won’t just give you the key, instead I’ll wrap it in my own software that will contain the key, so that it will be the only software that can read my data, and it will only let you read the data and not write it or save it.
T: By forcing me to use your software you are probably already limiting my freedom and forcing me to use devices and operating systems made by big technology vendors and preventing me for using free and interesting alternatives. Also you are preventing me from writing or buying other software that will help me with my disabilities. But I could probably use programming tools and extract the key from your software so I could decrypt the data without it.
D: I don’t care about your freedom, your weird operating systems, or your disabilities. But I don’t want you to extract the key, so I will use hacking tools to tamper with your operating system and make it hide what my software is doing from you.
T: So you are essentially protecting your data with spyware. If you tamper with my operating system like this, others will probably use what you did to undermine my security and privacy. But I guess that since this is my computer, I will be able to prevent you from doing that by using an Anti Virus or find out what you are doing with administrative software inspection tools.
D: If you can use the administrative tools you could probably steal my key again. That is not good, so I will work with the makers of the Operating System so that they won’t let you use your administrative tools against my software.
T: So you will make the operating system of my own computer work against me, and not let me know what is going on? Once again you trump my security and freedom only to protect your key and data. I wouldn’t want to use an operating system like that (If I realized that is what it is doing), I will use another instead, and if I really wanted to read your data, I will run your operating system and your software in a Virtual Machine.
D: If you could use a virtual machine like that, you could probably read its memory and get my key and my data again, so I will support the operating system vendor’s initiative to make sure that the operating system only runs on authorized hardware and that authorized hardware only runs the vendor’s authorized operating system and software. I think you will like it, because it will prevent all those viruses your are so worried about from working.
T: If you let the operating system or hardware vendor do that, you will undermine my security and privacy because I won’t be able to tell what is going on on my device (And virus writers will probably find ways around the protection mechanisms, like they always do), and you will undermine my freedom to use anything truly innovative or disruptive because the vendor will be able to block anything that posed danger to its business model. You already told me that you don’t care about my privacy or freedom, but you will care when the vendor will decide for you what your software will do and what data you can sell at which price because it can block anything it doesn’t like.
You know what? I won’t really worry about it too much, because hackers will find weaknesses in the software and hardware and will tell me how to maintain my privacy, security and freedom.
T: You know what? I’ve decided your data is so compelling, and the vendor’s devices are so cool that I don’t really care so much about my freedom, security or privacy. So I bought your devices, software and data, but now it won’t work because of your DRM system! what do I do? hello? hello? you there?