Blog posts ranting about how awful DRM is or complaining about the RIAA and the MPAA are a dime a dozen, so this one won't be another of those. I think there's a more fundamental problem, one that people don't seem to talk about as much:
You can't protect a sequence of bits while also distributing it for consumption.
Sure, I can protect a sequence of bits I send to one or a small handful or receivers. You and I can get PGP--a freely available military-grade encryption protocol--and I can send you a message that nobody else will ever be able to read, even if they can see all the communication between us. But if I make a song and "sell" it to a million people to listen to, then the idea that I can still protect its distribution at that point is ridiculous. It's like walking into a crowded room, shouting something private as loud as you can, and then getting upset when it comes back to you a week later from someone else. Paper money can be kept in safes. Cars can be locked. Information just doesn't work that way.
The practical manifestation of this is that DRM is famously ineffective. For example, the DVD and HD-DVD formats were both designed, at great expense, to contain strong encryption, with the key only available to licensed DVD player manufacturers and a few other corporations. Both were cracked relatively quickly. There are plenty of cracks in Blu-ray's armor, too. Encrypting something well--keeping it secret--and making it available to millions of people to view are incompatible goals. On a similar note, I once checked out an "e-book" version of a book I owned from a local library, just because I was curious what it would be. It could only be opened in a program called Adobe Digital Editions, with particularly intense DRM--it needed an internet connection to run, so that Digital Editions could connect to an Adobe server, exchange cryptographic keys, and make sure that the book was still "on loan" to you. But, like all DRM schemes, it had a relatively obvious weakness--I could view the pages. It was writing out all the carefully protected content, in pristine unencrypted form, to my computer's framebuffer. So I hit Print Screen, fired up Paint, and pasted in the title page. I wrote a quick macro using the excellent AutoHotkey that did some additional voodoo, let it run overnight, and 1300 automatic Print Screens later I had a folder full of neatly cropped JPGs. I clicked "view as slideshow" and my book was mine again.
You can't share a secret with a million people and expect them to keep it.
There's one more elephant in the room that I think deserves some attention. Two elephants, actually: Apple and Google. Despite its fundamental technical weakness, DRM used to have a bit of efficacy in preventing the average Joe from copying and sharing media designed for mass consumption. This is simply because it makes the fundamentally possible sufficiently inconvenient. The average Joe isn't going to write many AutoHotkey scripts. He's not going to write an audio driver that reencodes all that DRM'd music in his ITunes library as MP3s instead of sending it to his sound card. But nowadays, the average Joe somehow has access to all this stuff. He listens to tons of music. Most of my college friends, regardless of whether they're technically inclined or not, have many gigabytes of music. If they were actually paying $0.99 a song, many of them would have a Bugatti's worth. Clearly, what they're doing is not paying, and it's not rocket science either. And Apple and Google are the big enablers.
Yes, this album art is the intellectual property of System of a Down. I'm sure they don't mind. If they ever send me a takedown notice, this post will implode in a puff of irony.
I remember when I got my first IPod in 2004. I bought it used from a friend, and it still had 3GB of his music on it. A few weeks later, I was listening to a different friend's IPod on a bus trip when mine ran out of batteries. I noticed that it had a lot of the same albums, and that the occasional artist name was misspelled in the same way. So I asked around and found out what all the cool kids were doing: swapping IPods. You have a 3GB music library, and I have a 3GB library. I take your IPod home for a weekend, use a little utility off of the internet to circumvent its laughable DRM, and merge all the tracks with my library. Then I put that library back onto your IPod, and now we each have 5GB of music instead of three. (The missing 1GB, in this example, is overlap between our original libraries.) Part of the reason that Apple makes billions from the IPod is because IPod was the new Napster. Copying songs from IPod to IPod is way faster than downloading them from virus-ridden P2P networks and is even less traceable, since there's no internet connection involved. I'm sure that part of the reason the Zune never took off is because Microsoft put a lot of thought into making a really strong DRM scheme, and opening up the kinds of possibilities an IPod offers was apparently more work than people were willing to do.
Google opens up an additional Pandora's box of information freedom so easy anyone can open it. Type in something like "family guy s02e01" and you'll get tons of sites where you can simply download that episode, a number of torrents and a few sites where you can actually stream it without leaving your browser. I know a number of people who get their textbooks by typing in the name plus "filetype:pdf". What really hit me, though, was when I opened Youtube earlier today and typed in "system of a down". On the first page, there was a playlist--a relatively new Youtube feature--containing a wide variety of songs by the band. The videos were just still pictures of each album cover, but they were HD, so the sound quality was pristine. One click later they were all on autoplay. Napster had nothing on this.
As a result, I'm surprised that Apple and Google aren't taking more heat from the likes of the RIAA. If the trade associations want to keep up the Quixotic fight for DRM, Apple and Google seem like the logical targets--not single moms whose kids once used KaZaA. Yet both they and the legal community seem stuck in denial. I know a number of people whose music libraries currently exceed 30GB; assuming 3MB per song, that's about 10,000 songs. According to the Copyright Act, each one of those if punishable by a fine between $750 and $150,000--for a total of, you know, somewhere in the $7.5m to $1.5b range. Between that and the DMCA, most of my friends, your friends, and millions of other people are criminals, and we each owe a corporate association or two astronomical sums of money. Yet those laws have resulted in only a handful of lawsuits, most of which have settled out of court. How can we take this legislation seriously?
What I would really like to see is not the RIAA and MPAA shifting their focus to Apple and Google, though either of those would be lots more palatable than their current victims. Instead, I wish they and all the other parties who care about copyright would be willing to take a levelheaded look at the way media is being consumed. I wish they'd step back and be realistic about the options content creators have. DRM is not really one of them. You can't share your bits and control them, too. There are other, more sustainable ways of making a living. Artists can go on concert tours. They can do private shows for hire. Film producers can show their work movie theaters and get paid at the box office. If you look at it that way, sharing becomes the good thing your preschool teacher always said it would be. The more people see your work, the more will care about you, and the bigger your audience becomes to which you can sell your services. A song or movie you get from a friend comes implicitly vouched for, and you're more likely to pay attention to its creators. As Richard Stallman famously said, information wants to be free. I think its time we stopped fighting that and started embracing it.