Researcher: DRM technology fails in practice

Digital rights management (DRM) technology has deep flaws despite the hope of content providers that encrypted files will deter illegal file sharing, a computer security researcher said Monday.

DRM is a catch-all term for a variety of methods used to limit content sharing. Techniques include digital encryption of songs and encoded limits on the number of times content can be accessed. But DRM technologies are far from foolproof, and the ones developed so far have been easily circumvented by adept hackers, said Ian Brown, a senior research manager at the Cambridge-MIT Institute in England.

DRM won't protect the music and film industries, which have spent the last decade lobbying for new laws to protect their content but neglected trying to find better ways to monetize their offerings, he said. Bands such as U2 and the Grateful Dead use their music more as a promotional tool, relying on touring and merchandise for revenue, he said.

"It's the business models that need changing, not the technology," said Brown, whose doctoral thesis in part covered DRM technologies. He spoke at the Changing Media Summit in London.

DRM technology is simple but making it work is difficult, Brown said. The data has to be decrypted to be used, and the "analog hole" remains -- the ability for determined bootleggers to use a microphone or regular video camera to record content for posting on file-sharing networks.

So-called "watermarks" -- instructions regulating the usage of the file that are invisible to the users -- can be removed by a determined programmer, allowing them to post a file to a p-to-p (peer to peer) network, Brown said. The algorithms used for watermarks are still "primitive," Brown said.

DRM technologies may be most effective for time-based events where encryption would only have to hold for a short period, such as the broadcast of a live sports event, Brown said.

The progression of DRM technology is closely watched. Music and film industry officials argue that DRM is crucial to preserving revenue in the face of piracy. Consumer advocates say DRM technologies can be too restrictive for consumers who legitimately paid for content and want to share it on several devices.

"Fundamentally, it's an antiuser technology," Brown said. "It's a technology that allows content owners to provide data to their customers with restrictions on how they can use it that aren't justified by copyright law.

Microsoft is incorporating features into its next-generation OS, Windows Vista, to take advantage of DRM capabilities of TPM (trusted platform module) chip sets. TPM chip sets have the capability to store the keys, passwords or certificates attached to DRM-enabled files and only allow decoding by authorized users.

France is debating legislation that would require companies developing DRM technologies to provide enough information so other companies can make interoperable systems. Apple Computer has lashed out at the measure, saying it will encourage music piracy.