Why DRM on music CDs always leads to spyware

Ed Felten is my idea of a great academic: he’s both a clever thinker and a brilliant explainer. As an example of what he can do, see this terrific account of how attempts to put DRM on music discs leads inexorably to the mess from which Sony BMG is now trying to extricate itself. Sample:

If the music is encoded on the disc in a format that any software program can read, the only way to stop programs from reading it is to install software on the user’s computer, and to have that software actively interfere with attempts to read the disc, for example by corrupting the data stream coming from the disc. We call this “active protection”.

For example, suppose the user wants to use iTunes to read the disc. But the DRM vendor wants to stop the user from doing this, because iTunes can be used to make copies of the disc. The active protection software will detect this and will interfere to ensure that iTunes gets a garbled copy of the music.

Here’s the key issue: Active protection only works if the DRM software is running on the user’s computer. But the user doesn’t want the software on his computer. The software provides no value to him at all. Its only effects are to stop him from doing things he wants to do (such as listening to the music with iTunes), and to expose him to possible security attacks if the software is buggy.

So if you’re designing a CD DRM system based on active protection, you face two main technical problems:

1. You have to get your software installed, even though the user doesn’t want it.
2. Once your software is installed, you have to keep it from being uninstalled, even though the user wants it gone.

This is just an excerpt. Read the full post for pleasure and enlightenment. Ed’s conclusion is: “Having set off down the road of CD copy protection, the music industry shouldn’t be surprised to have arrived at spyware. Because that’s where the road leads.”

Yes, siree.