DRM is DUM

The following links point to a great talk that succinctly explains why DRM just can't work. The basics is that digital content must be enciphered in order to be 'protected'. The way cryptography works is that you have a cryptographic algorithm, a cryptographic key and the enciphered data. This is fine in most cases because you have two parties who each have a secret key, sending enciphered data to one another, using a cryptographic algorithm that is commonly known to the attacker. The attacker can intercept the data, and knows the algorithm, but can't decrypt it because they don't have the key. With DRM, the attacker is also the recipient and ends up with the data, the cipher and the key. On a DVD, the data is stored encrypted, and the DVD player has the algorithm to decode the data... but where's the key? It's where it has to be... it's either on the disc or on the player. All DRM systems work this way, there is no way around it, and cryptography is useless if the attacker has the data, the algorithm and the key.

Video: Cory Doctorow's "DRM and MSFT: a product customer wants"
http://content.digitalwell.washington.edu/msr/external_release_talks_12_05_2005/11476/lecture.htm

Text Version : http://www.craphound.com/msftdrm.txt