Bad DRM!

Here's what's wrong with DRM in a nut shell.



There are two parts to the process - the client side - your computer or portable player - and the server side - where important information is stored about your license.



The client side - the stuff on your local computer pretty much works until you reformat your hard drive or buy a new computer. Frequently your license doesn't move over. That's super irritating.



That will be easily fixed in the future when you get some kind of smartcard USB adaptor thing that you can plug into your machine once a month to certify that you are you. Simple.



(Writing to a device like a Minidisc or iPod works well as long as your PC license is up-to-date because you can only write to those devices - not read from them. Making them "write-only" solves A LOT of problems. Of course, Sony, since they own a big record label, had to go a step further and [try to] make it so you can only write to your Minidisc three times, which is really irritating, and involves a local database on your PC that can also get wiped out pretty easily.)



The other part of the process is the server side - this is where things can get really messed up and where you have virtually no control over the process. For instance, if your license grants you the ability to download to three computers, that information has to be stored on a central server.



If you reformat your hard drive you should reasonably expect that you should be able to re-download your music onto that computer. The server decides if this is allowed or not.



With some DRM you can take your licenses off the one computer and move them to another - but this is not universally true. Also, consider that if your hard drive craps out, and you don't have time to back up your licenses, then there's nothing you can do about it except call customer service and hope for the best.



The Microsoft DRM license backup procedure is very strange and not universally implemented (because it needs to be authorized for each and every song).



And the Apple system for iTunes, FairPlay, which is pretty good, in that it is a closed solution that Apple controls, still has problems, because if you reformat your hard drive without decertifying your machine, you have used up access to one machine forever, unless you can beg another machine authorization from iTunes customer service.



Again, once we have something like the little smartcard USB adaptor goody, we can assign your music licenses using that, rather than your non-portable harddrive.



Your music is assigned to YOU as represented by your USB dongle and not to your computer, which is not YOU. This actually could be implemented now with a floppy disk or a writable CD - the main thing is that there is a unique identifier that is you and that ties you to your licensed music. You can make backups of it. You could give it to a friend, but since it checks in with the server every month of two, abuse could be spotted, and you could be politely asked to stop sharing your identifier.



Now, it is quite possible to screw up the server side if your database isn't 100% accurate, as Buy.com appears to have done. I bought some tunes from them and I am quite sure I didn't download them to three computers. When I went to reauthorize some music (after formatting my hard drive!) I got some weird error from their server. It didn't say, "You've used up your licenses." No, it said,

https://secure.buy.com/licenser/licenseInfo.aspx?sku=200680895&failed=true&errorNumber=-2147024809 . I converted -2147024809 into hexadecimal (FFFFFFFF80070057) and searched the web to find out what the error means. It turns out it doesn't mean anything except "bad parameter" - a sort of generic COM error. Useless.



After four email messages to them, they finally reset my licenses, but not until they had accused me of being a criminal and using the music for commercial purposes. Sigh.



Now, buy.com says quite clearly in their online help that you can check to see, for each piece of music, how many times you are allowed to download it, and how many times you can burn it to CD, and so on. This is because each piece of music has its own rules. Well, none of that information shows up now on their web site. My hypothesis is that they went and renegotiated their deal with the record companies and the old rules got thrown out, thus invalidating their database. But who knows - I just know that the "user experience" of using buy.com wasn't so good.



Since I am working on DRM and also just out of curiousity, I am trying a lot of different services.



I have tried the following on-line music services:



  • Real Harmony (good timing - all songs 1/2 price for now);
  • Real Rhapsody (via Comcast);
  • buy.com;
  • iTunes;
  • MusicMatch;
  • AOL Music Net;
  • Sony Connect (works like iTunes except for Minidisc); and
  • Wal-Mart (I got a free song from so I guess maybe that doesn't really count).

I'm trying as many services as possible - at $.49 to $.99 a song, it's pretty cheap research into the "user experience." I read about http://www.allofmp3.com which is a site in Russia where music is half price - and they are the only site with the Beatles! I'll check them out soon, if I can talk myself into giving my credit card number to some people in Russia.



Microsoft is launching a new site this fall on MSN that includes a really cool rental model and I bet their servers will work. A "rental service", like Rhapsody provides, where you get access to 700,000 for $10.00 a month, is really good, and works just like you would expect. I like Real Rhapsody a lot - what a great service. (The non-rental version of the Microsoft music store is launching this week.)



The DRM system I am working on (which currently uses Microsoft technology but we'll see if that's how it ends up) has to address the "user experience" issues. My client and I have good ideas about fixing that without having to wait for a smartcard to track everything.



I personally like the potential of DRM even though the current implementations have inherent problems. Physical distribution of music is going away - fast! So the sooner we figure this DRM stuff out and make it truly user-friendly the better. Nobody wants to feel ripped off.