Microsoft News Tracker

I’ve only mentioned the FairUse4WM crack of Microsoft’s digital rights management in passing ([1], [2]), but now Microsoft’s inability to protect the assets of its media customers has predictably taken a serious turn:

British TV network BSkyB has suspended its broadband movie download service, after a Microsoft security patch on Windows Media’s digital rights management was cracked.

A notice on the Sky by Broadband service’s home page reads: “In order to make an essential update to the Sky by broadband security system, we are sorry that access to all movies and some sports content has been temporarily suspended.”

The patch had been rushed out by Microsoft after the appearance of a utility, called “FairUse4WM,” designed to circumvent the media player’s DRM. As DRM aims to prevent unauthorized copying of content, such circumvention could have jeopardized the business models of several subscription services that rely on the technology.

Days later, the creator of FairUse4WM released a new version that cracked Microsoft’s patch. However, while this version allowed individual files to be stripped of DRM, it did not enable people to download and strip subscription services’ entire catalogs.

Microsoft’s response has been to assure its Windows Media licencees via memo that it has teams “working around the clock” to beat FairUse4WM, according to Engadget, which originally reported the story.

The Engadget report of the Microsoft memo is here.

I’m not going to delve into the pros and cons of digital rights management, but Microsoft has clearly gotten itself into another whack-a-mole business like security patching, only with a less understanding customer set. Bruce Schneier at Wired News:

If you really want to see Microsoft scramble to patch a hole in its software, don’t look to vulnerabilities that impact countless Internet Explorer users or give intruders control of thousands of Windows machines. Just crack Redmond’s DRM.
…
But to Microsoft, this vulnerability is a big deal. It affects the company’s relationship with major record labels. It affects the company’s product offerings. It affects the company’s bottom line. Fixing this “vulnerability” is in the company’s best interest; never mind the customer.

So Microsoft wasted no time; it issued a patch three days after learning about the hack. There’s no month-long wait for copyright holders who rely on Microsoft’s DRM.

This clearly demonstrates that economics is a much more powerful motivator than security.

Schneier is betting that it will take Microsoft a lot less time to patch the new DRM hack than to figure out that bulletproof DRM is a hopeless quest.

Don’t change the channel if you want to catch the next act in this melodrama. Unless you’re watching on BSkyB.