Medium Low

On the evening of May 1, 2007 a bellwether event in the saga of Digital Rights Management (DRM) took place. Users of digg.com revolted against the site's administrators and overruled their decision to remove an important DRM "secret" from the site.

Time will tell if this story bubbles up to the mainstream press. It should, because it represents the first time that such secrets have been revealed in such a public (and uncontrollable) way.

The secret that was revealed is an encryption key for HD-DVD discs, specifically the "processing key". The two new high definition DVD formats, Blu-Ray and HD-DVD, both use much more sophisticated DRM strategies than the old DVD format. They both use the Advanced Access Content System (AACS). AACS uses a combination of keys to encrypt content. One key is associated with the player, another with the disc and the "processing key" is the master key. Crackers had already published ways to discover the player keys and the title keys. On February 11, "arnezami" published his discovery of the processing key on the Doom9 forum. The processing key is "the one key to rule them all." Thus, this is a Very Big Deal.

The AACS system is designed so that the controlling "authority" (AACS-LA) can disable old keys (they can invalidate keys in your player) and issue a new key to be used during the manufacture of all subsequent discs. That's what they announced they would do on April 16.

But the cat is out of the bag. arnezami's technique can be used again to obtain the new processing key. His technique exploited weak security in an unnamed software HD-DVD player, so it may be a little more difficult to repeat the feat. But it will certainly be accomplished.

I should point out that I believe in copyright. Artists and other content creators should have the right to control the distribution of their creations and earn compensation for their labor. I have a 40GB iTunes library, and every single song in it was ripped from a CD that I own. But I detest DRM and have never purchased content that was "managed" by it (at least not effective DRM - my DVDs are obviously encrypted with CSS but these days CSS might as well not exist). I am perfectly willing to respect copyright, but I strongly feel that I should able to make any personal use I desire of content that I've legally purchased. But personal use ends at the boundary of my personal device collection. It does not include giving copies to my friends or reproducing the content in a public domain like the Internet.

As many have commented, we are witnessing the end of the DRM "experiment". With regards to AACS in particular, we will reach a point where new keys are being cracked as fast as the AACS-LA can issue them. It will still take some time, but eventually content distributors will have no choice but to give up. It will not be economical to try to keep up with the crackers. Technology is not the answer. Education is. Perhaps it's unlikely, but the only solution is educating people that stealing content is wrong and convincing them to respect copyright on moral grounds.