consulting question.... (DRM)

John Gilmore gnu at toad.com
Tue May 26 21:49:48 EDT 2009 

It's a little hard to help without knowing more about the situation.
I.e. is this a software company?  Hardware?  Music?  Movies?
Documents?  E-Books?  Is it trying to prevent access to something, or
the copying of something?  What's the something?  What's the threat
model?  Why is the company trying to do that?  Trying to restrain
customers?  Competitors?  Trying to build a cartel?  Being forced to
do it by a cartel?  Is their product embedded?  Online?  Hardware?
Software?  Battery powered?  Is it on a phone network?  On the
Internet?  On no network?  What country or countries does the company
operate in?  What jurisdictions hold its main customer bases?  How
much hassle will its customers take before they switch suppliers?
What kind of industry standards must the company adhere to?  What
other equipment or data formats do they have/want to interoperate
with?

Most DRM is probably never cracked, because the product it's in
never gets popular enough that anyone talented wants to crack it.
If they only sell a thousand units, will they be happy?  Or do they
hope/plan/need to sell millions of units?

Most DRM exists to build a cartel -- to make an artificial monopoly --
not to prevent *customers* from copying things, but to prevent
*competitors* from being able to build compatible or interoperable
equipment.  This is largely because US reverse-engineering law makes
such a cartel unenforceable in court, unless you use DRM to make it.

> Can anyone point me at good information uses I can use to help prove 
> the case to a bunch of skeptics who are considering throwing away 
> their hard-earned money on a scheme that, in light of security
> experience, seems foolish?

Why should we bother?  Isn't it a great idea for DRM fanatics to
throw away their money?  More, more, please!  Bankrupt yourselves
and drive your customers away.  Please!

It's only the DRM fanatics whose installed bases of customers
are mentally locked-in despite the crappy user experience (like
the brainwashed hordes of Apple users, or the Microsoft victims)
who are troublesome.  In such cases, the community should
intervene on behalf of the users -- not to prevent the company
from wasting its time and money.

	John

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list