DRM Software Industry Must be a Cash Cow

I realized something today – we are in the wrong industry guys! We should all be writing DRM software! I mean, at least in theory. I would never do it because I find the idea of DRM morally reprehensible and intrinsically flawed. In fact, I think most self respecting programmers think the same way and stay away from that sector of the market. But it must be a fucking cash cow!

Ok, you don’t see it yet. Let me explain. Imagine doing highly abstract cryptography for people who are so technologically inept that they can’t even spell the word cryptography. Imagine working on products that no one actually expects to work. Let’s face it, even the big fat movie studio executive that just paid few mill to some shifty software company is expecting their DRM to actually prevent the final product from hitting usenet and torrent boards. And best yet – you don’t even have to do much quality assurance because your client doesn’t really give a fuck how this software will affect the machines of their clients. Even if you fuck up, and write something that actually can damage end-users optical drives (hi there Starforce!) you still get paid. It’s your client, not you will need to deal with the customer support, the bad PR, refunds and etc.. Hell, maybe they will even hire you back to write another DRM scheme for them.

What was the last big DRM thing? BioShock? Yes, it’s old news but I don’t recall anything more recent – I haven’t been paying much attention. That one however generated so much buzz it actually registered on my radar (few things do these days). Personally I haven’t used it, but I hear that the game has not only a built in rootkit, but also multi-step online activation process, and that it calls home all the time. In fact I hear that most people who bought it just downloaded a crack to get rid of that garbage.

If you were to slow, I will repeat it for you slowly:

In fact I hear that most people who bought it just downloaded a crack to get rid of that garbage.

Yes, DRM is such a pain that legit customers are cracking their own legally purchased copies (invariably breaking the DMCA) because the copy protection is such a pain. Can you see the irony here? The copy protection which was supposed to maintain the integrity of the package and prevent this sort of thing from happening is being easily removed by a widely available patch that appeared a week after the release of the game.

I guess we can’t forget about ACS and they lovely t-shirt I bought that has their super-sekrit encryption key printed on it. :mrgreen: DRM is really a joke – and not particularly funny one at that.

Remember Bob, Alice and Eve from your cryptography lessons? Bob and Alice always try to communicate, while Eve is listening. Most cryptographic problems involve securely passing information between Bob and Alice while protecting it from Eve. DRM poses a peculiar problem because it does not follow this model. When you work with DRM you want to send messages between Bob and Alice while protecting them from… Alice. After all, Alice can’t be trusted as she might share them with Eve. You can probably see why serious security researchers don’t actually bother working on one of these problems – it’s stupid, and unsolvable. If Alice can read and comprehend the message, she can pass it to Eve. Period. Entertainment industry calls this “The Analog Hole” while the rest of us refers to it as “The Reality”. The problem with this supposed hole is that it can’t be closed with software. That’s just how it works – you have to use hardware. Can you see where this is going?

Nah, you don’t see it. I didn’t see it at first either so let me tell you. Who do you blame when your DRM gets cracked? Anyone? Anyone? The hardware vendor of course. You thought I’m gonna say “the previous developer” but no – that’s who you blame at a real software shop. At a DRM shop you blame the hardware vendor for dropping the ball, and not making their shit impeccable, and impervious to everything including a voltmeter and a soldering iron attack. At some point the data must be analog, unless they figure out a way to directly stream content into a wetware DRM chip implanted into your head. So really, this is all a matter of where do you patch into the electronic system to recover the data.

Hardware folks know it, but they must play ball or they will be locked out of the content. What good is a next-gen DVD player if it can’t play any of the next-gen DVD’s? So you end up with a system that has two broken components: software that doesn’t work, and hardware that is intentionally slow, complex and expensive which doesn’t work either.

Since plugging the analog hole is an engineering task on par with building perpetum mobile, hardware people will always struggle with implementation. If you are behind the schedule, give the hardware folks a half assed incomplete spec to work from and then change it 3 or 4 times. Oh, and remember to revert to a previous spec at least once in that process to get them totally confused. Then you can blame them on delays. If the client asks why the spec is so shitty, or why you change it so often tell them details leaked out on the internet and you have to do this to keep implementation details secret. Sigh… I wish we all could play this game, but out in the real world developers are actually expected to deliver software which works, is on schedule and doesn’t mess up your system. Only DRM makers can churn out some piece of garbage that doesn’t really do anything beyond making your machine unstable, and still get paid.

But let’s get back to Bob and Alice again. There is a second part to this equation that few people talk about. Bob actually doesn’t send the message himself. He dictates the message to Eve who then encrypts it and hand delivers it to Alice. Confused? Think about it – I’m talking about the human element. How do you get a zero day scene release?

Ok, there is more than one way – I’ll grant you that. But more often than not you get a zero-day by having a supplier close to the source. Usually there are thousands of people involved a movie production, post production, publishing and distribution. They all have internet access and most of them probably have been known to download stuff without paying for it. Any one who touches the source can leak it and tracing such a leak is extremely difficult because copying digital data usually leaves no evidence. The only way you can work is backwards – if you nab the uploader you may or may not be able to work your way back to the supplier.

This is what I mean by Eve encrypting and delivering the message to Alice. Most movies get leaked onto the interwebs long before they get the DRM treatment. So you are really building software to protect something that is already available out there.

Let’s summarize:

  1. you build cryptography software for a client that doesn’t understand cryptography
  2. you are working on a problem that is known to be unsolvable
  3. your client does not expect your software to actually work
  4. stability of end-user’s machine is not an issue
  5. compatibility with hardware/software on end-users’s machine is not an issue
  6. ethics are not an issue – your client doesn’t care if you use a rootkit or a trojan
  7. support is mostly not an issue – at most you might just need to provide an un-installer for the rootkit
  8. if all else fails you can blame the hardware vendor for delays

All you are really expected to do is to cripple user experience to the point where they will just go and download illegal copy. So you make a shitty piece of software cobbled together any which way, make it do some hard-core math to facilitate your half-assed encryption, then charge the gullible but unreasonably wealthy client an arm and a leg and move on to the next victim. Pure profit.

Naturally, I bet the DRM industry does have some honest, hard working people who take pride in their work. They will probably come here and yell at me for talking shit. I’m not knocking you guys – I admit, cryptography is a fascinating subject. I’m sure that the software you build uses very cool ideas, and is actually very effective. I’m really happy that you get to work on those hard and challenging issues – I really am. In fact, I will think about all the hard work you did next time I’m watching (or playing) a pirate copy of the movie (or a game) that your software was supposed to protect. :mrgreen:

[tags]drm, digital rights management, drm software, copyright, copyfight[/tags]

This entry was posted in technology and tagged , . Bookmark the permalink.

12 Responses to DRM Software Industry Must be a Cash Cow

  1. Matt` UNITED KINGDOM Mozilla Firefox Windows Terminalist says:

    My god.. it suddenly all makes sense :shock:

    Reply  |  Quote
  2. Steve CANADA Internet Explorer Windows Terminalist says:

    Bwhahaha…I am ONE of those people who bought Bioshock and downloaded a crack. In fact, I mentioned it on the 2kgames forum. As I do not live in the US, I am not under/a victim of the DCMA. :) Yay.

    Reply  |  Quote
  3. Luke Maciak UNITED STATES Mozilla Firefox Windows Terminalist says:

    Heh, you got to love DMCA. It’s a law created to protect the DRM systems precisely because of what I just wrote about. They are all flawed by design. Let’s face it – most of the good cryptographic algorithms used right now have been around for years, and given sufficient key sizes they still remain unbreakable. DRM usually gets cracked in days if not hours from release. If it worked we would not need DMCA,

    This law really just ends up hindering security research in this country. :(

    Reply  |  Quote
  4. Mackenzie UNITED KINGDOM Safari Mac OS says:

    “When you work with DRM you want to send messages between Bob and Alice while protecting them from… Alice.”

    Word. Total fuckin’ idiocy. This is why I’ll never choose a PC over a console. With console, it’s futureproofed and you can actaully play the game without online registry, patches and various other bull, because the copy protection comes from the fact it’s on a console platform, and can’t be played on a PC without a massive emulation unit that crops up 2 or 3 generations later when noone cares anymore. If you play on PC, your gonna be buying contaminated software because they can’t trust that their customers won’t hack and distribute a game, because PC is a means towards that, but it’s impossible on a Nintentoid or XboxGeneration(360xn) where n is the number of console generations since original Xbox.

    Reply  |  Quote
  5. Luke Maciak UNITED STATES Mozilla Firefox Windows Terminalist says:

    I think most consoles do have some built in DRM though – it’s just that most people don’t notice the same way you don’t notice the CSS encryption that is built into your DVD player appliance.

    Note that you probably won’t be able to simply copy an Xbox 360 game by burning the original media.

    Besides Xbox and PS3 have hard drives and an actual mini OS which can be used to host DRM software that is much more annoying than the simple hardware based encryption lockdown.

    Oh, and it doesn’t work either since last time I checked torrent sites had all the latest X-Box titles available for download :)

    Reply  |  Quote
  6. Muhammad SINGAPORE Mozilla Firefox Windows Terminalist says:

    @ Mackenzie:

    I think your “console-over-PC” argument is a bit flawed. With consoles, the protection is already built into the hardware. You can’t use the same machine, which you play the game on, to make a backup and store it in the console’s HDD. Nor can you play a backup of the game you purchased, as Luke had mentioned.

    Moreover, a game like Galactic Civilizations 2 (for the PC) has somehow proven that a game with no copy protection whatsoever, can actually be successful. Instead of punishing the end user from buying the game, it rewards them for it, by providing free additional content and the ability to re-download the full version if your physical media ever got scratched, which won’t be too much of a problem, as you do not need the media to be in your optical drive to play.

    Now, I just hope that Spore won’t be subjected to the same protection hassle. But since it’s an EA game….

    Reply  |  Quote
  7. Mackenzie UNITED KINGDOM Safari Mac OS says:

    Yes- This is “Good” DRM. Unobtrusive, functional DRM right into the hardware. This is because a console is Something You Buy too Play Games On. But a PC is a Personal Computer, with all sorts of interesting things like a GUI and CD burner and such- Basically, a means towards piracy. A console is not, playing games is what its intended for, not playing games, multimedia, running buisness clients, browsers, CD burning, chopping up and hacking software, rah rah rah.

    A manufacturer would never sell a game that made the PS3 burn itself out after one use, because there’s no need too, and the backlash would be massive. But a manufacturer making Starforce that affects a coupla geeks uberdrives too prevent them using their PC’s too bittorrent their game all over the interwebs, a game that’s had thousands of manhours and millions of bucks poured into it? Sounds fair too me. End users PC problems isn’t a problem for them. The game getting massively distributed for free is.

    The thing is

    I don’t care about making a backup. Or patching it. Or whatever. I pay my 40 quid, I get a hardcopy of gamedata. That game is henceforth my responsibility as an OBJECT, not data. PC gaming, for the fanboys screaming about mousecontrol, isn’t worth it. Running games on a PC is virtual suicide, in terms of rootkits, security protection, etc. What do you expect if you want too buy software that costs insane amounts too develop, for a platform which can send it pinging worldwide in a matter of seconds?

    Reply  |  Quote
  8. Luke Maciak UNITED STATES Mozilla Firefox Ubuntu Linux Terminalist says:

    @Mackenzie – ok, there is couple of things here that should be addressed.

    First – every Xbox or PS user is also a PC user. Therefore every Xbox and PS user has access to easily downloadable and burnable pirated games for their platform.

    Second, like Muhammad said, a games without any copy protection are successful and turn out profit. Why? Because DRM is an illusion of security. It is supposed to stop Joe Average who has no computer from ripping the game and uploading it on the torrent site. Unfortunately, statistically speaking while Joe Average hits torrent sites every day, he is usually a leach who never fucking seeds.

    Joe Average is not going to rip the game – Bob “The Warez Dude” will, and he has both the knowledge and the tools to circumvent the DRM.

    In effect, whether the game has copyright protection or not, it still ends up on the torrent site. So whoever wants to download the game will download it, DRM or not.

    You don’t believe me? Show me one game or a movie that cannot be found on a torrent site or Usenet because of the strong DRM?


    [quote post=”2244″]What do you expect if you want too buy software that costs insane amounts too develop, for a platform which can send it pinging worldwide in a matter of seconds?[/quote]

    Once again, cracking and distributing an Xbox or PS game is not much different from cracking and distributing a PC game. Btw, you do realize that most of the development for these platforms is actually done on PC’s right?

    Hell, I can even download and seed a Xbox game from my PC despite the fact that I don’t actually own an Xbox.

    The fear that the PC release of the game will get cracked and pirated more easily is unfounded.

    Reply  |  Quote
  9. vacri AUSTRALIA Mozilla Firefox Ubuntu Linux says:

    Wow, Mackenzie, words fail me. How can you be wrong about so many things? I mean, Luke got in on a good swag of things, but some other points:

    1) “Good” DRM? No, good DRM is exactly what Muhammed pointed out – something that rewards you for doing the right thing. DRM cannot be good if it limits you as a valid customer in any way – if product + drm < product alone, the DRM cannot be good

    2) PC gaming sucks? No, PC gaming is different to console gaming. I recently had an argument with a console ‘tard who lambasted PC gaming as being useless. I then listed the 70+ games I have on my PC (including legacy ones) and only 20 were also on console. Of those 20, a maximum of 8 were on any single given console.

    Windows games and console games are very different beasts. If you don’t like PC gaming, that’s fine, but PC games give you a lot more variety than consoles do. Don’t try to disguise your dislike for windows games behind a screen of calling others mousecontrol fanboys.

    3) Starforce didn’t intend to destroy optical drives. I don’t know how you figured this was their intention. And it wasn’t the ubergeek crackers that got their drives destroyed.

    4) You don’t care about patching? Funny, I thought patching improved the original product. If you can’t patch, you can’t improve. I can understand the lack of care about backups – most people are lazy, myself included – but to suggest patching is not worthwhile is inane.

    5) Running games off the optical disc is bad. Bad for your disc, bad for your optical drive. If your game needs constant access to the disk (or even just to start up), that’s more handling of the optical disk, which is far more prone to failure than a hard drive. Handling includes you manually swapping out disks to play another game.

    6) How do you reconcile your argument of “I’m paying for the disc not the data” with things like XBox live where you can pay to download stuff to your drive without using an optical disc?

    7) Luke did a better job of it but I think it needs to be repeated: if you can’t find XBox games for download on the intart00bs, you must be blind.

    Reply  |  Quote
  10. Muhammad SINGAPORE Mozilla Firefox Windows Terminalist says:

    I don’t believe that buying a game/song/movie can be equated to a normal object that you buy per se. This is because it isn’t subjected to normal wear-and-tear due to prolonged use. Unlike tangible objects, data is not subjected to elements which can cause it to become dis-functional.

    If you buy a tangible object, a chair or dvd for example, you cannot realistically expect it to work 50 years from now. No matter how good you take care of it, the materials will undoubtedly fail, due to normal stresses and wear-and-tear. This has to be expected even if you use it normally.

    However, with data, you can expect it to work 50 years from now. It is not subjected to stresses. It does not get weathered from use. I can make a copy in case a freak accident wipes it from the harddrive. You can’t do that with objects that you can buy from the store. The same rules don’t apply. Making a copy doesn’t mean you are pirating it. It just means that you are protecting your purchase.

    Mackenzie, you say you don’t care about making a backup. But what if that disc which you store the data get scratched, get mouldy? It will lead to data corruption, rendering the game useless. But it’s not your game that is corrupted, it’s the media, a container which holds the game, that makes your game corrupted. The data cannot magically make itself unreadable.

    And one thing to note, there doesn’t seem to be any warranty period when you buy a game/software/music/movies. If your disc becomes unplayable 7 months after you buy it, that’s too bad.

    Thus, i don’t believe that the rules of buying tangible objects apply to that of buying data. I respect intellectual property and the artists that create them. But the industry needs to learn that you cannot treat purchasing data with purchasing tangible objects.

    Reply  |  Quote
  11. jambarama UNITED STATES Epiphany Linux Terminalist says:

    Hey guys don’t be so rough on MacKenzie. The reason he’s so down on PC gaming is clear – look at what platform he’s on. There is what, 1 decent game released for Macs each year? :)

    PS – yeah I’ve got an XP box for gaming. I’m not proud of it, but it does scratch the itch…

    Reply  |  Quote
  12. Luke Maciak UNITED STATES Mozilla Firefox Windows Terminalist says:

    @jambarama – lol true. Hmmm… I think there is a WoW client for Apple.. I think. Other than that, you could probably run some games via parallels.

    @Mckenzie – hey, I hope you didn’t run away. The fact that we don’t agree doesn’t mean I don’t enjoy your comments. ;) It’s nice to have people with different points of view around here.

    Reply  |  Quote

Leave a Reply

Your email address will not be published. Required fields are marked *