Can DRM be future-proof?

When you infect a music CD with malicious anti-copying software, how long can you expect it to work for? Unlike most software, music CDs are liable to be loaded into computers decades after they're pressed; can an anti-copying program anticipate the state of computers in twenty years and ensure that their programs won't destabilize computers in the future?

Princeton's Ed Felten and Alex Halderman continue to pre-publish sections from a major paper on the lessons to be learned from the Sony DRM debacle, in which it was discovered that the music label had deliberately infected its customers' computers with malicious software that spied on them, destabilized their computers, and exposed them to attack from other malicious entities. The software had no easy means of de-installing it, requiring many music fans to reinstall their operating systems.

Today's installment is "CD DRM: Compatibility and Software Updates" and it addresses the question of the longevity of media with anti-copying/use-control software embedded in it — how can the companies that force these technologies on their customers minimize the harm to future systems, and ensure that users run updates when they have no incentive to increase the efficacy of technologies that treat them as attackers?


Compared to other media on which software is distributed, compact discs have a very long life. Many compact discs will still be inserted into computers and other players twenty years or more after they are first bought. If a particular version of (say) active protection software is burned onto a new CD, that software version may well try to install and run itself decades after it was first developed.

The same is not true of conventional software, even when it ships on a CD-ROM. Very few if any of today's Windows XP CDs will be inserted into computers in 2026; but CDs containing today's CD DRM software will be. Accordingly, CD DRM software faces a much more serious issue of compatibility with future systems.

The future compatibility problem has two distinct aspects: safety, or how to avoid incompatibilities that cause crashes or malfunction of other software, and efficacy, or how to ensure that the desired anti-copying features remain effective.

Link

Previous installments of the Sony DRM Debacle Roundup: Part I, Part II, Part III, Part IV, Part V

(Sony taproot graphic courtesy of Sevensheaven)