Why the AACS Key is a Non-Story

One of my friends asked me why I hadn’t written about the recent publicity surrounding the [AACS Processing key](http://www.google.com/search?client=safari&rls=en&q=09+f9+11+02+9d+74+e3+5b+d8+41+56+c5+63+56+88+c1&ie=UTF-8&oe=UTF-8) that’s proliferating on various blogs, news sites, t-shirts, and songs.

Part of the reason is, of course, that I’m lazy. As said friend well knows, I’d much rather drink beer than almost anything else. But that’s not the entire reason.

The other reason I haven’t written about it is that it’s actually a big pill of non-story. The AACS copy protection system, like all DRM systems, is never going to do what it says on the tin. The fact that it was broken in less than two months merely reinforces the point once again. But, it’s not really news.

The problem with AACS and every other DRM system is that they are simply trying to achieve the impossible. Really.

All DRM systems are built around cryptographic techniques where the message (in this case, a film) is encrypted with a key. The idea in cryptography is that only the person with the key can decrypt the message. So, lets say Mr. T wants to send a message to Mr. H without Mr. F reading it, he can give the key to Mr. H and only Mr H. will be able to read the message.

Encrypted communication forms the basis of online banking, shopping, e-commerce, and of course, military command and control systems. They work and work well. But, when applied to DRM systems, they fall apart. Not because weaknesses in the cryptography itself, but because of who it’s trying to stop from reading the message.

In a DRM system, the person who is given the key is also the person the system is designed to prevent from reading the message. Read that again as it’s the fundamental problem with DRM systems. In other words, when you buy an HD-DVD disk, the movie studio has to provide you with a way to de-crypt the contents (otherwise it’s just a shiny bit of plastic). But, they don’t want you to be able to de-crypt the contents unless your playing the movie on a standard player hooked up only to a television.

Therein lies the inherent weakness of DRM. They have to give you the ability to decode the contents, but also prevent you from decoding the contents when not allowed. The problem for DRM is not one of crypto, but rather that a machine cannot be made that can’t be tricked into giving up it’s secrets.

Crypto systems work because the sender isn’t stupid enough to send the key along with the message. In a DRM system, that’s exactly what happens. So the AACS system is broken.

The situation with DRM is a bit like the ending of [Wargames](http://www.imdb.com/title/tt0086567/). One of these days the content industry will realise that the effort to win is futile and the best way forward is not to play. In the meantime, they will continue to send out stupid letters, hold back technological innovation, and drive up the cost of hardware and software for everyone.

This entry was posted in Uncategorized. Bookmark the permalink.