Wednesday, December 07, 2005

The DRM Pandemic

Unless you’ve spent the last few weeks housesitting Saddam Hussein’s “spider hole,” you’ve heard about Sony’s software that silently installed itself on listeners’ PCs in an attempt to keep its CDs from being ripped. Instead, the listeners got ripped, thanks to a just plain ugly job of programming that opened a massive security hole in their computers.

I bring up this issue because last night, I tried to play some music stored on my PC that’s protected with Microsoft’s Windows Media Digital Rights Management (DRM) system. I purchased the songs months ago from Napster’s (legal) music store. I’ve got one copy on my PC and one on my music player, so I’m not even close to the limit on the number of copies of each song that I’m allowed to make by the DRM.

When I tried to play one of the Napster-sourced songs on my PC, instead of music I got a dialog box that said “License Acquisition Project page to upgrade to Premium.” After being unable to translate that message with my Captain Midnight Decoder Ring, I thought that the problem might be with Napster, so I launched it only to be told that I had to upgrade to a new version. After downloading and installing the upgrade, I tried to play a couple of the songs through Napster, only to learn that I no longer had a valid license for the music, Napster no longer had the right to sell the song, or both.

This is the second time in the last two months that I’ve had a similar problem. The first time, I got an error message from Microsoft’s Windows Media Player that said that my licenses were corrupt and had to be replaced with a backup (which of course I didn’t have.) Napster walked me through getting around that problem, and I’m now waiting for them to reply to my customer service email and help me fix the latest problem.

I’m a fairly sophisticated user, yet I’ve lost control of content that I purchased months ago and I need help from tech support. If this is a problem for me, it’s going to be at least an order of magnitude bigger problem for most consumers. The only reason why the DRM piñata hasn’t spewed over the entire media and consumer electronics landscape is that there still aren’t a lot of actual DRM consumer users…but that’s about to change.

Today’s DVD players use a security system called CSS (Content Scrambling System,) which encrypts the content on manufactured DVDs. The problem is that once an enterprising programmer named Jon Lech Johansen figured out how to derive the encryption keys for each movie, anyone with a personal computer and DVD drive could remove the encryption and make their own perfect copies. Because CSS is hard-wired into all DVD players, and because every new disc has to play on the entire installed base of hundred of millions of DVD players, the movie studios are stuck.

Enter Blu-Ray. This almost-here, super-duper high definition replacement for DVDs uses three security systems: Advanced Access Content System (AACS,) which is the next-generation version of CSS, BD+, which enables content providers to update DRM on already-installed Blu-Ray players, and ROM-Mark, which is a defense against bootlegging. AACS allows content providers to limit access to their content through an Internet connection to the viewer’s player. For example, a vendor could specify that a disc can only be watched for a maximum of 72 hours following the first time that it’s played. BD+ enables content providers to completely disable the ability of a Blu-Ray player to play discs, in the event that the current DRM system is compromised. Consumers would be required to install a DRM upgrade before they could play any more discs. Sounds great! What could go wrong?

Well, let’s see…you get a disc from Netflix in the mail, and when you put it into the player, the disc tries to “call home” over the Internet. What if your Internet connection is down or the content provider’s server has crapped out—will the disc play or not? What if a BD+ “upgrade” that’s hidden on the Blu-Ray disc you just bought manages to trash your player’s ability to play anything? How will that get fixed? Or what if someone who’s less then scrupulous manages to distribute a BD+ upgrade that will only allow certain movies to play?

According to the Digital Entertainment Group (DEG,) more than 147 million DVD players and more than 5 billion DVDs have been sold to customers in the U.S. since 1997. A hot DVD can sell several million copies in its first week. If something goes wrong with the AACS or BD+ code for an equivalent Blu-Ray disc, the carnage will be massive. If the disc won’t play, are video retailers and rentailers going to be willing (or able) to support customers? If the players themselves are damaged, who’s responsible for fixing the problem—the content provider or the player manufacturer?

DRM, by its very nature, is an accident waiting to happen. DRM systems create a game of cat & mouse between DRM developers and hackers: A new DRM system is released, hackers figure out how to break it, the DRM vendor works around the hack, the hackers work around the fix, and so on. Sooner or later, something is going to go wrong with either a hack or a fix, and when it does, lots of people are going to hear about it. One guy who got ripped off by an Internet camera store posted the story on digg and turned the name PriceRitePhoto into a synonym for sleaze. Imagine what will happen when a few million people find out they can’t play that shiny new Blu-Ray disc they just bought.

Content providers, consumer electronics and computer companies have to start looking beyond DRM to come up with better market-based ways to limit piracy. If version 1 of a DRM system doesn’t stop piracy, release a more powerful (and onerous) version 2; repeat indefinitely. However, there’s always a point past which it doesn’t make sense to protect content. We could have bank vault doors on our homes and apartments to make them burglar-proof, but they’d be massive overkill. Instead, we live with wood or metal doors with cylinder locks and deadbolts, even though we know that they won’t stop a determined burglar.

There is no practical DRM system that will stop a determined pirate. Sooner or later, someone will find a way around the DRM. Rather than engineering DRM systems for “worst-case scenarios,” we need legal, pricing, packaging and distribution strategies, along with content protection, that discourage pirating and encourage purchase of legitimate copies. The sooner we focus on the carrot rather than the stick, the better.


Anonymous said...

Mr. Feldman: Did you ever get a response from Napster to your request to fix your DRM problem resulting in the error message "license acquisition project page to upgrade to premium"? I am having the same issue. Thanks.

Unknown said...


Here are the instructions I received from Napster. I did finally get it to work, but as you'll see, the process is complicated, and I eventually had to use all the steps in order to get my content back:

We apologize for the difficulty that you are having. Please follow the procedure below to resolve this issue.

This process involves reinstalling Windows Media Player, which is a general troubleshooting step and is useful if the existing installation is corrupted or is causing issues with media playback.


1. Click this link
to open the web page in a browser window or manually copy and paste the link into your browser's address bar.
2. Click on the appropriate Download Now button for the version of Windows that you are using.
3. The File Download dialog box should appear, click run/open.
4. Once downloaded, the installer should start.
5. Follow the on-screen instructions.


1. Double click on My Computer
2. Double click on your Local C: drive
3. Double click on the Documents and Settings folder
4. Double click on the All Users folder
5. Left click on the "Tools" menu in the top of the Window.
6. Left click "Folder Options"
7. Left click "View"
8. Left click "Show Hidden Files and Folders" so that there is a check mark/bullet in the circle.
9. UNcheck the box for "Hide Protected Operating System Files (Recommended)"
*This will bring up a security warning about making these files visible, once we have finished the troubleshooting steps, you may go back and recheck the box if you'd like. This will not harm your computer in any way.

10. The DRM folder should now be present.
Rename the DRM folder to "DRM2"


To check that Windows Media Player is properly installed, or prepared to accept licensed content, please try the following:

1. Navigate to C:\Program Files\Napster and locate a file called WMP_upgrade.wma.

2. Right-click on this file and select "Open With>Windows Media Player."

3. You will be prompted to perform a security upgrade. Choose "YES/OK"

4. You should then see a message box appear within Windows Media Player indicating that "your Windows Media Player is up to date."

5. Return to Napster and make certain your tracks play.


If you receive an Error that tells you to Upgrade to Premium, or any other "License Acquisition" Errors,
follow these steps to reset the licenses:

**Close out Napster before performing these next steps**

Rename your db2.bin , db30.bin and lastdb2.bin files
1. Double click on My Computer
2. Double click on your Local C: drive
3. Double click on the Program Files folder
4. Double click on the Napster folder
5. Double click on the User Data folder
6. Locate db2.bin , db30.bin and lastdb2.bin
7. Rename these files to db2.old , db30.old and lastdb2.old

Now let's open up Napster again. You may notice that your tracks do not appear in the library.
Use the following method to restore the tracks.

1. Open Napster and click on "File>Import Tracks to My Library"
2. Double-click My Documents, then My Music. If you store your tracks anywhere else on your computer, please navigate there.
3. Click Select All on the right and then OK. Your tracks will be reimported to your

Restore your Playlists:
1. Drop down the Artist menu by the search to 'Member'.
2. Search for your own member name.
3. You should see My Playlists on the left. Drop it down and Right-Click and Save As to re-save your playlists.

If you have any issues importing your tracks back, such as not being able to locate them or they will not let you retrieve your purchased tracks (trying to make you pay for them again), you will need to perform a "Copy Library":

1. Click My Account from the main interface.
2. Select "Copy Library".
3. Click "Show Available Tracks" to retrieve a list of tracks available for download.
4. Make your selections by clicking the plus signs to expand the Artists section. Highlight the Artist(s) you would like to restore and click the checkmark boxes of the desired tracks. If you would like to restore all tracks, use the "Select All" to include all available tracks.
5. Click the "Download Selected" button to begin the restoration process.
6. Switch to your library and click Download Status to view the progress of the downloads.