DRM for Hackers, Or, Do As I Say, Not As I Do

Oh, the irony. PSP firmware hackers want to encrypt startup screens to protect their rights and reputations as content creators, so one of them has created a content encyption scheme (i.e. DRM)

I truly sympathize with the motivations behind this effort. As Xart, the creator of this tool says on the forums

“That is why I am using DAS, to fully protect work that I spent a lot of time on.”

Unfortunately, that same exact argument is made by Sony, Universal, Disney, Viacom, and every other media company that wants to use DRM – They want to protect the work that they spent time and money building. (Note: this is a thought experiment, not a defense of the enforcement practices of the RIAA, MPAA, or other body.)

I’d be willing to be good money that Xart and the other folks on the PSP homebrew forums are stridently “anti-DRM”. (I put scare quotes there, because in online discussion today, being pro-DRM is like being pro-headaches, or pro-expensive auto repairs. DRM is a bogeyman, and is past being a useful term for discussion.)

The irony is lost on most of the commenters, many of whom simply want to use it to protect their own content:

” So… you mean that we can encrypt our games? Cool! Just like Sony…”

One commenter brings some specific knowledge of security:

[I]f the key is in your program, and the encrypted data is in your program, and the algorithm to decrypt it is in your program, (and all three have to be if you want to decrypt your stuff at any point on the PSP), then anyone with a disassembler (or psplink and gdb) and enough free time can find it, reverse it and alter it any way they like. Security through obscurity is not real security.

Well, there’s the rub with any DRM scheme. If you give the end user the program, the key, and the algorithm, you’ve already defeated your own encryption scheme. (Good references here and here)

I don’t have much more to say – only that we need to re frame the DRM discussion away from that toxic term and the easy to hate corporate monoliths, and focus on the reality – that people, real, warm-blooded, living breathing artists of all stripes (musicians, videographers, PSP firmware hackers) want and need legal and technological tools to protect the value of their unique creations.

I agree with the spirit of “anti-DRM” movements but I can’t help but feel that the time and energy should be spent less on being anti-something that’s bad, and more pro-something that’s better.

[SW: Edited for clarity and typo correction]