Random Thought on DRM

I was thinking about DRM lately, and one idea that crossed my mind was this: what about a system where every executable contains a serial number. The serial number would be long (and therefore resistant to brute-force attacks). It would be used whenever connecting to the (company) servers to get updates, play multiplayer games, or any other downloadable game content.

You could then install the software wherever you wanted, without any kind of server validation, but if too many computers with the same serial number started asking for the exact same update or multiplayer access, then we could assume the game had been pirated. That serial number could be automatically blacklisted from server access. In other words, if someone uploads their copy to a pirate website, they would end up harming their own copy and all the pirates could also be blocked from accessing the server. Optionally, the application could either be disabled or could start show a nag message about buying the software.

While it doesn’t actually stop anyone from using the application (unless the application is disabled, as indicated above), this system is resistant to a variety of hacks. Using a long serial number means people can’t just guess a different serial number for their copy. If they rewrite the serial number to something else (like a bad serial number), they still can’t access the server.

This system would also accomplish a couple of good things. It would allow the application to continue working even if there were no DRM servers running (e.g. if the company goes bankrupt). It allows users to install the application where they want without needing to remember a registration code (the registration code is built in). Users would never have to worry about unregistering their copies on old computers (if you computer suddenly dies or your hard drive goes bad, no problem because the only thing that matters is whether it’s asking for updates or server access). It allows the company to recognize and selectively ban copies that have been spread on the internet by pirates.

While I was thinking about this, I realized that it only works very well for software. And it works better for multiplayer games than single-player games. (If someone pirates a single-player game, doesn’t care about updates, and doesn’t care about downloadable content, it doesn’t really restrict them.) Theoretically, this DRM system could be open-sourced, too, because it doesn’t get harmed by the fact that people can see what’s going on inside the code. Plus, it would be nice to see people’s reaction to the phrase “open source DRM”. I don’t think I’d want to do that, though, because I think open-source DRM would attract too many confederates who want to either destroy the system or build-in backdoors. One other possible problem with the system is that a pirate could hack the application to point it to another server, then setup their own (open source) copy of the server elsewhere, serving up copies of the updates and other downloadable content. This would a somewhat dangerous strategy, though, because it means setting up a website. Websites can get shutdown, they cost money, and it means that their identity might be revealed. Still, I’ve seen websites that were clones of other websites, in an attempt to get some ad-traffic based on someone elses’s content.

Unfortunately, it’s not a system that can work for things like movies or music, because they don’t benefit from updates, server-access, or multiplayer access. Well, the other day, I stumbled on one company seems to be trying this strategy with music:

Is the World Ready for the Successor of the MP3?

A leading technology company is set to launch a new digital music file format that will embed additional content for fans including lyrics, news updates and images in what could be a successor to the ubiquitous MP3 file.

Music labels, bands or retailers could then also send updates to the music file every time they have something new to announce such as the dates of future tours, new interviews or updates to social network pages.
(Source: Wired Magazine)

What they seem to be doing in this case is embedding a serial number in the MP3 metadata. They then update the file with new data (images, lyrics, etc) if you have a valid serial number. I don’t think their system works very well, though. First, once someone gets the update, they can pass it around to everyone else, giving them access to the images and lyrics. Also, I’m unclear on what happens if you have 40 songs by one artist. Are all 40 mp3s going to get updated with tour dates? That seems inefficient. And, what if someone had one legitimate mp3 on my system, and 39 pirated mp3s? Would that mean that the one legitimate mp3 be enough to get all the tour date and news information? While it’s generally a step in the right direction, I don’t think it’s going to be terribly beneficial to the music industry. Maybe it will help pull-in some of the music fanatics that absolutely need the best.

Amazon Video on Demand

I discovered Amazon’s Video-on-Demand service over the weekend. They let you rent movies over the internet, and I thought it was pretty cool. I rented Hellboy 2, and they had some sort of promotion going on, so I saw it for 99 cents. They give you two options: you can stream the movie an unlimited number of times for a 24-hour period, or you can download it. The downloaded version also has a 24-hour window which starts the first time you play the movie. They use DRM to prevent you from having a permanent copy — which is fine by me, since they would have to charge full-price ($13.99) if people were buying rather than renting the movie. The whole thing saved me a trip to the rental store, and the hassle of “is every copy already rented out?”

The only problem I had with it was that I couldn’t get good bandwidth while streaming the movie off their servers. The stream was coming across at 350 Kpbs (the lowest of Amazon’s four bitrates) even though I have a 1.5 Mbps connection. As a result, I kept getting annoying popups saying that the bandwidth was too low (although the movie itself never stuttered). I think it might be a problem with my ISP.

iTunes goes DRM-free

iTunes Music Store Finally Ditches DRM, Adds New Prices
January 06, 2009

After years of fits, starts, threats and ultimatums, Steve Jobs and three major labels have come to terms on a deal: Music will be available immediately on iTunes without DRM restrictions. Free of the limitations that currently restrict music playback to Apple products, the new plan will let consumers choose from three price levels instead of the 99-cent song model the store implemented on day one.
(Wired)

I have to say: it always seemed like DRMed music seemed like an impossible task. I understand why they wanted to do it: record companies make their money from music sales, music piracy is easy, and music sales have been on a downward trend for years. I don’t begrudge the music-industry’s desire to make money. They spend a lot of money promoting new artists. Most of those artists flop. And, now, thanks to piracy, they’re getting shrinking revenue on their successful acts. But, the problem is that so much non-DRM music is out there, that DRMing some of the copies has no effect. Stores still sell CDs, and those are DRM-free. But, once a consumer (any consumer) has a DRM-free copy, they can upload it to the internet, and now the internet has a copy. It’s absurd to sell half the music in DRM-free CDs and then think that adding DRM to the digital copies is going to have any effect on anything. If they really wanted to use DRM as a strategy in combating piracy, they would need to DRM every copy of a particular album (and even that would have problems – like the analog hole or hackers breaking the DRM).

It’s too bad we need to pay $0.30 per song to un-DRM music that we already bought. (I’d be more inclined to burn the music to a CD, and rip them back into mp3.)