Microsoft DRM: Who Pays the Piper Calls the Tune?
There’s a great column over at Wired News by computer security expert Bruce Schneier on the remarkable speed with which Microsoft acted to close a hole in its Windows Media DRM scheme. (Hat tip to Slashdot for featuring Scheiner’s column.) Schneier does a great job at teasing out what is really going on here: this patch got the rush treatment, while other critical Windows vulnerabilities remain unfixed, because it affects Microsoft’s relationships with Hollywood and the media industry. Although that’s certainly correct as a descriptive matter, Schneier may actually be letting Microsoft off a little too easily here, for reasons I’ll briefly explain.
A brief chronology, for those who haven’t been playing along at home. (As ever, the go-to resource on current developments in DRM is Derek Slater’s A Copyfighter’s Musings; Derek has been all over this story from day one, and I’ve distilled much of the following from his blog.)
- August 25: Engadget reported that a new application called “FairUse4WM” had been written that stripped DRM protections from Windows Media 10 and 11 digital media files. PC Magazine reported that the FairUse4WM program was mostly just a graphical front-end and minor update to drmdbg.exe, a program that began circulating online in January 2005.
- August 28: Microsoft issues a patch to disable the FairUse4WM program.
- September 2: The creators of FairUse4WM respond with a new version that works around Microsoft’s patch (and indeed, if the Engadget report is accurate, extends FairUse4WM’s capabilities for the first time to Windows Media 9 content).
Playing whack-a-mole with hackers is a chump’s game, and Microsoft surely knows it. Computer scientists believe that it’s not even theoretically possible to create unbreakable DRM, and the very public battle, if anything, just serves to publicize FairUse4WM and rally defenders to its side. So why is Microsoft doing it? Schneier says:
But to Microsoft, this vulnerability is a big deal. It affects the company’s relationship with major record labels. It affects the company’s product offerings. It affects the company’s bottom line. Fixing this “vulnerability” is in the company’s best interest; never mind the customer.
So Microsoft wasted no time; it issued a patch three days after learning about the hack. There’s no month-long wait for copyright holders who rely on Microsoft’s DRM.
This clearly demonstrates that economics is a much more powerful motivator than security.
No doubt Microsoft is indeed hoping to maintain good relations with content providers as it prepares to launch its own digital media service. It’s quite debatable, however, whether spending company resources on a futile campaign against the developers of a circumvention tool is a sensible part of this, or any other, digital media business strategy. The landscape is littered with failed technological protection measures — so many of them, in fact, that it’s pertinent to ask whether any dollars spent propping up yet another DRM system in fact create shareholder value.
So what is the alternative? The alternative is to accept a certain amount of seepage at the margins of any distribution system for digital media as a simple cost of doing business, much as retailers budget a certain amount each year for “shrinkage” of inventory that is lost but unpaid-for. This is, in fact, the approach that the movie industry has taken for many years. It reacted to the easy cracking of the CSS encryption system for DVDs by doing precisely nothing to alter or improve CSS. Today’s DVDs are still encrypted with CSS, which remains breakable by those with the technical capabilities to do so. Yet selling DVDs remains a quite profitable business, notwithstanding the vulnerability of the movie industry’s DRM system to circumvention. If that’s good enough for Hollywood, why not for Microsoft?
Filed under: Digital Media, Encryption, Microsoft, Music, Software
It signals to the media companies that they are serious about throwing money at the problem, even if it is one they can’t win.
Precisely so! And if I were a Microsoft shareholder (and I’m not, although my wife
is[correction] was, until very recently), I’d have some questions about whether throwing my money away was really a smart thing for the company to do. There are higher corporate values at stake here, it seems to me, than maintaining good relations with one’s suppliers.Tim: higher corporate values? at Microsoft? Surely you jest
More seriously, DRM is a very serious problem for MS. If the studios and labels decide WMA/V can’t be trusted, that leaves Apple as the only game on the block for home media consumption, and that would be very bad for MS’s long-term health.
Luis, I’m sure that that is what some Microsoft executives are actually thinking. But the Apple example actually cuts the other way, doesn’t it? It proves that content providers won’t abandon a profitable distribution channel even if it is proven to be technologically vulnerable. FairPlay, iTunes’s DRM system, has never been airtight, and Apple seems to have become less and less interested in protecting it against what is, by now, a quite highly developed ecosystem of circumvention utilities. One could draw from the FairPlay example, just as with CSS, the lesson that content providers will happily continue to sell content through a distribution channel with flawed DRM, so long as they continue to make some money from it. Couldn’t Microsoft plausibly say to a balky record label: “we’re sorry to hear that you have decided not to include your content in our online music store, which (did we mention?) will be the world’s largest from the day it opens because of its tight integration with Vista”?
Couldn’t Microsoft plausibly say to a balky record label: “we’re sorry to hear that you have decided not to include your content in our online music store, which (did we mention?) will be the world’s largest from the day it opens because of its tight integration with Vista”?
Unless Zune is a hit (which seems very unlikely) the first non-MS software tens of millions of Vista users will install will be iTunes. Apple clearly isn’t afraid to use iTunes as leverage- see the discussion over pricing, for example. Microsoft has no comparable leverage in this space (fewer users, less appealing software, less appealing hardware), so it has to impress the industry in other ways. Assuming it sticks to the Urge ‘all you can eat’ subscription model, it likely can’t provide better revenues to the labels. As far as I can see, that leaves only one advantage over Apple that MS can dangle in front of the labels- DRM. If they sink to Apple’s level of leakiness, they’ve got nothing at all to offer to the labels that they can’t already get from Apple.
That would be very optimistic of MS
That isn’t to say that MS wouldn’t get deals from the labels even with leaky DRM- obviously they already have. But this is MS. They never play just to participate in a market- they want to dominate it, and that means that WMA must be the only label-approved music distribution format. If the labels offer their music in both WMA and iTunes’s format, they’ve lost. Once they control the format, they get all the other benefits of being the gatekeeper- a position they are obviously very familiar with. So, again, it isn’t good enough to be on par with ITMS- they have to trump it, and trump it in a way that is appealing to the labels.
[Not sure that last part is coherent; my brain is melting into my first memo ATM
(That last comment was me, but I accidentally logged in with an old test account. Oops.)
[...] Now, on this blog I have missed few opportunities on this blog to tweak Microsoft for the failings of its products. And it’s not as if the company isn’t constantly providing a stream of crummy technologies for reviewers to pan. (What made that great internal Microsoft iPod video simultaneously hilarious and bittersweet was that Microsoft applies exactly the same philosophy to product development as it does to packaging design — never develop an elegant solution where a kludgy one will do.) But there’s another culprit here who bears a good deal of the responsibility for the failings of the Zune, and that’s the Supreme Court. [...]