DRM: The bigger they are, the harder they fall

[Bob Russell]

Has anyone noticed that most digital rights protection schemes seem to be broken pretty quickly? Especially the big boys. DVD CSS protection, MS .lit e-books, various MP3 protections like for iTunes and others. It seems that they all get broken, and I'm sure the new hi-def video standard DRM will be broken also.

Most likely this is being applied mostly for personal use of content. I would like to think that piracy is not the main usage of these utilities. But I can't even advise breaking DRM for personal use because there may be laws restricting usage depending on where you are, and how literally you interpret the law. It has been argued by famous "Jon" that DRM is not about piracy anyway, but about licensing and controlling of hardware manufacturers. And others have pointed out it's not about piracy but market segmentation -- once you adopt their standard, you don't buy from a competitor because it isn't compatible.

But what I really wanted to point out in this editorial is that the one obvious example of a DRM that isn't broken (yet) is the eReader DRM. What's remarkable about this exception is not that eReader DRM is so unbreakable that no one has been able to do it. What is remarkable is what appears to me to be the distinguishing feature that causes it to be left alone... it is remarkably user friendly!

With eReader, you can install on Palm or PPC or other eReader platforms, they have free versions of the reader software and you can even loan it to a friend if you are willing to type in your credit card number into their device. (No, the credit card number is not even stored there, it's just used on the fly to create a hash code to verify the credentials.)

So could it be that the DRM schemes that serve the customer the best, and show reasonable flexibility in their impositions, are also the ones that are less likely to become targets for avoidance. That would be another argument supporting the fact that DRM is making criminals out of the average consumer.

Well, with our knowledgeable audience here at MobileRead, I'm sure someone will find some other examples that are lesser used DRM schemes that have not been broken, and some may want to argue that the only reason eReader has not been hit is because they are not big enough yet. Certainly it's not the scale nor does it have the negative image of Microsoft.

Maybe I can't prove it, or even convinceingly argue the point, but I sure like to think that DRM schemes that come close to being fair and reasonable are the very ones that will not face the onslaught of cracking software that some of the more onerous DRM schemes will face.

I wonder what others think about this eReader exception to the rule?

P.S. No... this article is most definitely NOT a call to crack any DRM software. There's no reason to think this particular one is an especially challenging exercise, and the protection restrictions are quite reasonable relative to other protections schemes. It's the DRM I choose for purchases myself. So the only time we might really need a cracking utility is if eReader goes out of business. Let's hope that never happens, and that e-books are more and more successful every year!

[doctorow]

Quote:

Originally Posted by BobR

But what I really wanted to point out in this editorial is that the one obvious example of a DRM that isn't broken (yet) is the eReader DRM. What's remarkable about this exception is not that eReader DRM is so unbreakable that no one has been able to do it. What is remarkable is what appears to me to be the distinguishing feature that causes it to be left alone... it is remarkably user friendly!

Although I agree with you (to some extent) that eReader is user-friendly, I disagree with your premise as to why nobody has cracked eReader DRM so far.

In most circumstances, crackers don't crack a protection for the sake of customers who find it cumbersome to deal with. Crackers crack protections to gain respect and fame in the underground scene, as well as for personal satisfaction. There's always a competition among crackers and cracking groups in who'd be the first to bring out a crack for this or that application, game, or platform (e.g. XBox).

So why has nobody (at least officially) cracked eReader yet? Because given its limited audience, a crack for it wouldn't make a big furore in mainstream magazines. The cracker would miss what's most important to him: fame. Like you said, Bob, the "big boys" were all cracked - because only the big boys cause enough trouble for news agencies to write about and subsequently for the cracker to dwell in fame.

[rlauzon]

Quote:

Originally Posted by BobR

With eReader, you can install on Palm or PPC or other eReader platforms, they have free versions of the reader software and you can even loan it to a friend if you are willing to type in your credit card number into their device. (No, the credit card number is not even stored there, it's just used on the fly to create a hash code to verify the credentials.)

But, once again, we have DRM that locks content not to a person, but to something that a person has. Something that is impermanent.

How long do you normally keep a credit card?

Quote:

Originally Posted by BobR

So could it be that the DRM schemes that serve the customer the best, and show reasonable flexibility in their impositions, are also the ones that are less likely to become targets for avoidance.

In the case of eReader, most likely because the pain hasn't reached unbearable levels.

But let's wait and see what happens when the new eInk readers come out and the people who bought eReader books can't read them on their new eBook reader.

[BasilC]

The thing that really annoys me is DRMed Adobe Reader books, because they'll only work with Adobe Reader, which is still useless. If it's just text, it's not too bad (but slow between pages), but if it's a book with diagrams or tables, forget it! Especially tables, because the conversion software never knows where the text ends and the table starts. If only you could use PalmPDF, PDF to Go or RepliGo with DRMed ebooks.

[gadgetguru]

EREADER: With it DRM-scheme, there's little justifiable ground to break it unless it is for piracy. So how do you justify breaking it? For academic reasons?

But as it get a larger audience, I'm sure someone out there will break it. Even just for fun, or for reputation (that's the motivation of most hackers - not money, not own-use convenience, but fame).

[Jorgen]

I agree fully with doctorow.

The owners of eReader books are married to eReader platforms forever, something they may regret unless they can find an eInk reader taking that format. Maybe eReader should secretly release a program that will crack their DRM.

jorgen

[surur]

I disagree with the whole premise. WMA and WMV has not been broken yet, and it has huge exposure, with lost of commercial content available locked with it. Cracking PlayForSure would unlease gigabytes of music for only $10. I would love to unlock my MSN or Yahoo music, like I could my Itunes music.

Surur

[filip]

I think that the ereader drm is not (yet ?) cracked because of it's small exposure.

But I don't think this drm is greater than others...
I plan in a near of far future to change my pda and to go to the linux side.
All the books that I've brought with this drm (as for mobipocket) will be useless.

And don't say that I can read on my pc/laptop, they are under linux too...

The danger with drm format is that if you don't stay with the os/pda you had when you brought your book(music,film) it'll be useless to you.
And can you tell what be your os in 1-2-5-10 years from now ?
Can you tell also what will be the status of ereader in the futur (companies are not imortals...).

Ph

[rmeister0]

I don't know about you guys, but I have some credit cards I've had for decades.

I put the question to you: how to you tie a drm scheme to somebody, as opposed to something somebody has?

I guarantee nobody is giving out their credit card numbers to their friends.

eReader has wide support across OS X, Windows, PPC and Palm. IIRC only Mobipocket has similar across the board reach with secured content.

Yes, the big danger is the Gemstar scenario where eReader goes out of business. But because of how the drm model works your content will continue to work on new Palm, PPC and Windows/Mac computers, whereas under Gemstar moving your content to new devices was not possible because you needed a server to authorize you.

I suspect that if eReader did go under, we'd see a hack around the encryption to move content off. There won't be anyone around to sue you.

But more to the point, I don't buy ebooks for permenance. I buy them for convenience and typically don't keep them. If I want to keep something, I buy a paper book because I don't have to worry about crashes, platform issues, or any other such nonsense.

The bottom line: if you hate DRM, you'll hate eReader as much as anything else because you hate DRM. If you dislike DRM because of the limitations it usually imposes, you won't mind eReader because it is not as restrictive as any other.

[doctorow]

Alex posted a flowchart how the eReader DRM might look like:
https://www.mobileread.com/forums/showthread.php?t=2367

I'm sure this is not the right place to discuss in detail how to crack DRM - MR guys would probably mind - but it should be obvious even to the layman how vulnerable eReader DRM is. Having disassembed and reverse-engineered eReader, one could write a tool that:

a) takes your credit card number and the filename of the protected book as inputs
b) prints the book in plaintext (or to be more precise: in Palm Markup Language (PML)) as output.

Sure, one could argue that the protection isn't fully cracked as it still requires a legit credit card number the book was originally encoded for. But that's how it is with public-private-key encryptions (such as RSA or El-Gamal) - if properly (!) implemented, there's no way how you can get around this problem then by using the original key (here: the cc number, or at least its hash code) to decrypt the file.

[rmeister0]

Quote:

Originally Posted by doctorow

Sure, one could argue that the protection isn't fully cracked as it still requires a legit credit card number the book was originally encoded for.

The same could be argued about MS Reader as you still need the activation key, but most people consider it 'cracked'. The end result is the same: a copy of the file without DRM encumbrance.

[murrayp]

Quote:

Originally Posted by rlauzon

But, once again, we have DRM that locks content not to a person, but to something that a person has. Something that is impermanent.

How long do you normally keep a credit card?

That's not a problem. The eReader store and Fictionwise let you reset your card number and you re-download your books at any time.

[SKELTER]

I recently attempted to buy an ebook in secure Palm Reader format but, I don't have -and refuse to get- a credit card. So although I can buy the book from Fictionwise using Micropay there is no way to unlock it. I think this is the most compelling and legitimate reason to hack the DRM. I can't be the only person in the world who doesn't have a credit card. I do have debit cards which until now I have found allow the same functionality but now feel like an excluded 2nd class citizen, banned from buying a product I want simply because I wont jump on the debt bandwagon.