AACS - More Useless DRM
In November 2002, the now-famous "Microsoft Darknet Paper" laid out the argument for why DRM is not only futile in a P2P world, but actually counter-productive (because DRM drives otherwise legit customers to the Darknet).
Well, now we have yet another example of the futility side of the equation. Princeton professor Ed Felten recently posted a lucid discussion of the new AACS encryption system intended for use on next-generation high-density DVD media (a.k.a. Blueray or HD-DVD). The verdict: it will not slow P2P sharing of movies. Why? Because its design essentially ignores the P2P reality we live in.
The chief improvement of AACS over its thoroughly discredited DVD precursor, CSS, is that it provides for a much larger number of "device keys," which in turn makes it easier to revoke the keys of any player key that has been cracked. But here's the problem, succinctly described by Educated Guesswork:
And of course, AACS only works if you can identify which key was compromised. If people just rip their DVDs and post the compressed plaintext, there's no way of knowing which player was compromised and so you can't revoke it.
In other words, one smart hacker in Moldova extracts the key from a licensed player (likely not terribly hard for a motivated attacker with a lab), uses the key to rip movies from HD-DVDs, and posts the resulting files to the P2P networks. From there, even the most unsophisticated can simply download the movie, with no need to circumvent the DRM. And the guardians of AACS are powerless to do anything about this threat, because they have no way of figuring out what device key has been compromised.
So why are they bothering with it? Not because it will slow "digital piracy" (always the public justification for DRM and laws like the DMCA that support it), but because it will give the Hollywood Cartel more power over the market for next-gen DVD players. When a Chinese company makes a player that fails to pay AACS royalties, or makes its product too easy to modify, or ignores region coding, or otherwise fails to toe the line, the Hollywood Cartel can "revoke" that player's device key. Suddenly, everyone who owns that player can no longer play new movies.
Ah, yes -- use DRM to punish the innocent in the hope of pressuring player makers into obedience, all the while doing nothing to slow filesharing. Isn't it time we started to question the premise of DRM sytems like this, as well as the laws intended to support them?