<?xml encoding="utf-8"?>
<A HREF="Content006#b" NOPUSH><</A>
intercepts of your messages, snickering at you. 

Best of all, there\'s only one secret: the key. And with dual-key crypto it becomes a lot easier for Alice and Bob to keep their keys secret from Carol, even if they\'ve never met. So long as Alice and Bob can keep their keys secret, they can assume that Carol won\'t gain access to their cleartext messages, even though she has access to the cipher and the ciphertext. Conveniently enough, the keys are the shortest and simplest of the secrets, too: hence even easier to keep away from Carol. Hooray for Bob and Alice. 

Now, let\'s apply this to DRM. 

In DRM, the attacker is *also the recipient*. It\'s not Alice and Bob and Carol, it\'s just Alice and Bob. Alice sells Bob a DVD. She sells Bob a DVD player. The DVD has a movie on it -- say, Pirates of the Caribbean -- and it\'s enciphered with an algorithm called CSS -- Content Scrambling System. The DVD player has a CSS un-scrambler. 

Now, let\'s take stock of what\'s a secret here: the cipher is well-known. The ciphertext is most assuredly in enemy hands, arrr. So what? As long as the key is secret from the attacker, we\'re golden. 

But there\'s the rub. Alice wants Bob to buy Pirates of the Caribbean from her. Bob will only buy Pirates of the Caribbean if he can descramble the CSS-encrypted VOB -- video object -- on his DVD player. Otherwise, the disc is only useful to Bob as a drinks-coaster. So Alice has to provide Bob -- the attacker -- with the key, the cipher and the ciphertext. 

Hilarity ensues. 

DRM systems are usually broken in minutes, sometimes days. Rarely, months. It\'s not because the people who think them up are stupid. It\'s not because the people who break them are smart. It\'s not because there\'s a flaw in the algorithms. At the end of the day, all DRM systems share a common vulnerability: they provide their attackers with ciphertext, the cipher and the key. At this point, the secret isn\'t a secret anymore. 

-- 

2. DRM systems are bad for society 

Raise your hand if you\'re thinking something like, \"But DRM doesn\'t have to be proof against smart attackers, only average individuals! It\'s like a speedbump!\" 

Put your hand down. 

This is a fallacy for two reasons: one technical, and one social. They\'re both bad for society, though. 

Here\'s the technical reason: I don\'t need to be a cracker to break your DRM. I only need to know how to search Google, or Kazaa, or any of the other general-purpose search tools for the cleartext that someone smarter than me has extracted. 

Raise your hand if you\'re thinking something like, \"But NGSCB can solve this problem: we\'ll lock the secrets up on the logic board and goop it all up with epoxy.\" 

Put your hand down. 

Raise your hand if you\'re a co-author of the Darknet paper. 

Everyone in the first group, meet the co-authors of the Darknet paper. This is a paper that says, among other things, that DRM will fail for this very reason. Put your hands down, guys. 

Here\'s the social reason that DRM fails: keeping an honest user honest is like keeping a tall user tall. DRM vendors tell us that their technology is meant to be proof against average users, not organized criminal gangs like the Ukrainian pirates who stamp out millions of high-quality counterfeits. It\'s not meant to be proof against sophisticated college kids. It\'s not meant to be proof against anyone who knows how to edit her registry, or hold down the shift key at the right moment, or use a search engine. At the end of the day, the user DRM is meant to defend against is the most unsophisticated and least capable among us. 

Here\'s a true story about a user I know who was stopped by DRM. She\'s smart, college educated, and knows nothing about electronics. She has three kids. She has a DVD in the living room and an old VHS deck in the kids\' playroom. One day, she brought home the Toy Story DVD for the kids. That\'s a substantial
<A HREF="Content008" NOPUSH>></A>