Digital Restrictions Management (DRM) is bad for consumers because it deprives you of control over how – or even whether – you can use the digital products you buy.

While it’s not news that Microsoft has treated its customers with contempt, their household name is helping to carry concern on the issue from geek circles into the mainstream. A personal example illustrates the point: only two weeks ago a friend asked me to recommend a peer-to-peer file sharing app so she could get hold of unencrypted music. She was sick of paying for tracks only to find they wouldn’t work the way she expected.

I’m quite happy to pay for tracks. I want the artists to get paid for me purchasing a copy. But if I end up not being able to, for example, play that track on my mp3 player (because I happen to have one that won’t play DRM files) or burn to a CD (because Microsoft won’t let me) then I’m going to resort to other means.

I could always just buy the CD of course… but that’s old-fashioned ;o) I like the whole digital music thing, I like that it’s immediate and takes up no physical space, but currently it doesn’t serve my needs – unless I get hold of it illegally.

To my mind, there can be no more powerful demonstration of the commercial folly of DRM. Record labels, software companies and film distributors take note: putting obstacles in the way of your customers is bad for business. Customers spend more on products that are the easy to buy and use. The more difficult you make things for them, the less they’ll buy.

Do you have a tale of DRM frustration to tell? Are you going to lose out when PlaysForSure stops playing? Where do you buy your DRM-free tracks from? Hit the “Comments” link and share your thoughts.

45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2

Once again, that is all.

[1/6/07 - Edited to add] BoingBoing has the scoop on the unusual way this new key came to light.

AACS is Hollywood’s attempt at restricting what you can do with your HD-DVD and Blu-Ray disks – the latest in a succession of ill-fated measures designed to protect the failing business models of media middle-men.

The recent attacks on the system allow you to use software tools to decrypt high-definition disks and remove restrictions on accessing their content.

Now disc collections can be backed up; assistive technologies for disabled people can be implemented; extracts of works can be taken for academic study, review or parody; and artists are free to build on their cultural heritage by re-mixing it to create new content.

Many of these rights are enshrined in copyright law, but DRM systems prevent their exercise.

The AACS DRM system has fallen victim to the darknet in a familiar and highly predictable fashion. It’s fatal flaw is common to all DRM: the keys that keep it working must be given out with the media and the machines required to play it, else they will be useless; yet those keys must remain a secret or someone will use them to break the DRM. How do you keep a number secret if you’ve printed millions of copies of it and sent them all over the world?

Under these circumstances it can only be a matter of time before the keys are discovered and the restrictions are undone.

AACS was supposed to be robust against the discovery of its encryption secrets. The system includes an update mechanism for hardware and software players that can stop copied disks from being played by revoking compromised keys. However it turns out this mechanism is less than practical.

Exposed keys can be replaced, but this is largely irrelevant because the mechanism for extracting them is already known. It is trivial to uncover new keys once they have been released. Unfortunately for AACS, there is no way to fix the vulnerabilities in its internal mechanisms that allow this to be done.

In order to mitigate the key management burden on vendors of HD-DVD and Blu-Ray players, the AACS licensing authority promised that it would give 90 days notice of a key revocation event to allow the manufacturers to update their products. That means the AACS-LA can make up to four updates per year to try to recover from security breaches.

Therefore, if it takes less than three months for the attackers to extract a set of encryption keys from the system, then AACS is forever broken.

This sounds like a challenge, and sure enough, it took a good few months for the first set of keys to be discovered, which would suggest a modicum of success for the defenders. However, attacks only ever get better. To put the situation into perspective, consider that according to Freedom To Tinker the latest AACS keys have already been exposed, even though they’ve yet to be released!

Quoth the blog:

To be successful in the long run, AACS needs to outpace such attacks. Its backers might be able to accelerate the blacklisting cycle somewhat by revising their agreements with player manufacturers, but the logistics of mastering discs and shipping them to market mean the shortest practical turnaround time will be at least several weeks. Attackers don’t even have to wait this long before they start to crack another player.

The writing is on the wall for AACS, so we can all look forward to enjoying high-definition content without being restricted to the agenda of a few greedy corporations. But will the media moguls now learn their lesson and start channeling the millions they’re wasting on DRM into improving their products instead?

Calling Mr. Porky to runway one – it’s time for your flying lesson…

Now the MPAA are abusing US copyright law to try to remove all references to the HD-DVD processing key – published by Arnezami – from the web.

In response to this news, I would like to say the following:
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

That is all.