A Digg riot and AACS

A Digg riot and AACS

Summary: AACS, the DRM technology used to protect HD-DVD and Blu-Ray discs (though Blu-Ray has additional schemes it can use), has been broken for awhile, at least since February 13th when this Wired blog post appeared.

TOPICS: Security, Servers

AACS, the DRM technology used to protect HD-DVD and Blu-Ray discs (though Blu-Ray has additional schemes it can use), has been broken for awhile, at least since February 13th when this Wired blog post appeared. The "processing key," which is posted on the referenced Wired blog in hexadecimal form, is a 16 byte value that, combined with the Volume ID (which, thus far, has been fairly predictable, as it's usually based on the title's name and date of release) has been enough to strip DRM protections from HD discs.

Clearly, content companies don't want knowledge of the flaw to spread widely. This led the AACS LA (the licensing group for AACS) to send a "cease and desist" letter to pressure Digg, the community-driven site which can bring blog posts and / or articles which otherwise might have languished in obscurity to front page (and possibly server-busting) popularity, not to include links to sites that included the hex code for the processing key. This resulted in the Digg community waging a day-long war on the policy using the tools Digg had previously given them. Practically nothing but links that included the banned string of characters managed to escalate its way to the Digg front page yesterday. This caused Digg to back down on the new policy, and things are slowly returning to normal on the site.

People power at work, to be sure, but underlining again that DRM thus far has failed, for the most part, to create a system that is truly bulletproof. It also makes clear that large groups of people will use the Internet to prevent attempts to block the dissemination of information and / or software that will take advantage of flaws in the various DRM systems used.

I've noted before that I'm not against DRM in principle. I see DRM as potentially enabling individual music or video producers to create media at home and sell it over the Internet using cheap servers they either own themselves or lease at low prices ($20.00 a month isn't atypical, and provides decent bandwidth allocations for artists just getting off the ground). DRM would enable them a revenue stream, whereas uploading unprotected music runs up against human desire for free media, something that is harder to fight given how easy it is to consume digital media through an iPod. Jaywalking is easier to do if you don't have to go out of your way to do it (e.g. there isn't a metal railing lining the sidewalk).

Granted, I have also noted that I won't buy media that prevents me from playing my music and videos anywhere I want. To be more precise, I want an environment where playback devices for my media are widespread. I accept that I can't play my DVDs in my friends tape-based VCR.

In other words, the limitations of DRM systems are limitations because DRM support is not as ubiquitous as current DRM systems used in, for example, DVDs. I continue to buy CDs for that reason, even though I own a Zune.

Some believe the answer is for companies to sell unprotected digital media on the Internet. EMI has famously agreed to sell unprotected music through iTunes. I wonder, though, how many of those files will find their way onto trading networks. I still think unprotected music carries risks. Is the risk greater than selling unprotected music on discs? I think so, because CDs aren't as transferable as a file on a server somewhere. Hurdles, even low ones, often help to encourage most to follow the rules.

One way for musicians and producers of video content not to care if a file is posted on a trading network is to interleave ads into the media stream. Peter Gabriel's We7 music download service proposes to graft 10 second advertisements into music files. The revenue would come from selling ad space.

I see some problems, chief among them a philosophical lament. An ubiquitous DRM system in many ways would be "better" for artists. Joe guitar player hardly has the marketing heft to sell ad space in his musical creations, which puts big companies back in the driver's seat in ways an easy to use DRM system would not. So much for putting the little guy on par with big content distribution companies. I'm just guessing, but I suspect that, eventually, content companies will end up with most of the ad revenue for songs by unknown artists.

Second, would ads pull in enough revenue to earn $1.00 per song, or $20.00 in the case of DVDs?

Consideration of advertisement opportunities in the video space might offer an answer. I expect that video advertisements won't be like those you see in current TV broadcasts, as they are too easy to zoom past in a TiVo world. Rather, advertisements would be interleaved into the structure of the video, much as TV advertisements increasingly overlay the lower corners of the show you are watching. This won't be removable, as the video content the advertisement overlays simply won't exist in the video stream.

This by itself won't generate $20.00 per video file, though ongoing sale of ad space for the same video content might. This would be possible in Internet-connected DVD players. The exact placement and dimensions of overlayed content would be known by the studio, and they could sell ad updates that would overlay the "burned-in" advertisement. If you watch your movie through a player not connected to the Internet, you will see the burned-in ad. If you watch through an Internet-connected player, you will see the updated advertisement.

Such "ad overlaying" would be possible with digital music as well, and people might voluntarily opt for such updates, as they will get tired of the same burned-in ads fairly quickly.

Is all of this even necessary? Some will point out that DVD DRM protections have been broken for a very long time, and software which can copy DVDs is widely available. In spite of this, DVDs still experience strong sales and constitute a critical part of the revenues studios generate from a movie, easily surpassing the 25% studios typically earn from theaters.

On the other hand, DVD sales growth has slowed dramatically of late, with flat sales last year in the United States and diminishing revenues in Britain and Germany (according to a recent article in the Economist).

Just to keep things balanced, 50% yearly growth rates between 1997 and 2002 probably weren't sustainable, anyway. During that period, people were buying into the DVD ecosystem through purchase of players, leading inexorably to strong DVD sales growth rates. Complaints about slowing growth in a mature market sector probably derives more from a publicly traded company's desire to show growth that justify rising share prices. Making consistent profits isn't good enough. Profits have to GROW if the stock market gambling casino is to continue generating free money.

Still, music sales HAVE gone down, and quite dramatically, and that's a market where digital downloads are simple and fast (music files are relatively small). Video downloads take up more space, though even so, it still takes a decent amount of time to download multi-gigabyte video files (though MPEG-4 does an end-run around that somewhat). That protects DVD sales to a certain extent (that and DVD extras, though you can get even these by downloading an entire DVD "package" ripped using DeCSS tools, though that, at least, is something you can't economize through MPEG-4 transcoding). HD discs raise the barrier even more, with typical capacities in the 25-50GB range (HD-DVD discs are almost always dual-layer, and Blu-Ray are increasingly so).

With download speeds typical today, that's like stuffing a chicken through a straw. I experienced the broadband future while working in Geneva, however (download speeds were astoundingly fast at the World Health Organization), and that future will make large file downloads not such a big deal. Perhaps video producers will take the route charted by dinosaurs, opting to grow DVD package sizes ever larger in hopes of staying ahead of widening data pipes.

I doubt they would succeed with that approach, however. Think how long standard definition TVs existed in the market. People aren't going to rush out and buy the "next big thing" in television display systems until holographic projectors put you in the middle of the movie action.

What seems clear in the failure of AACS, however, is that studios will have a heck of a time maintaining the integrity of DRM protections. This leads me to believe that, in future, consumers should expect a heck of a lot more ads.

I'd prefer that wasn't the case, but we consumers aren't cooperating, so studios will get their money where they can.

Ten years down the road, the only way to see a movie ad-free may be in a theater. That stinks, but unless we consumers agree to pay for unprotected content on a regular basis, I don't see an alternative.

Topics: Security, Servers

John Carroll

About John Carroll

John Carroll has delivered his opinion on ZDNet since the last millennium. Since May 2008, he is no longer a Microsoft employee. He is currently working at a unified messaging-related startup.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion