If there’s one thing that’s certain, it’s that there’s no shortage of air time when it comes to new DRM hazards to worry about.

In this case, whilst The EU is not too occupied with persuading Microsoft to allow outside developers access to its server interfaces (or fining it $3 million a day for non-compliance) it has decided to look into the implications of the next round of DVD standards. 

To further add to the plot the French government passed a law requiring DVD players to be able to process all the standards and not just some of them.  A challenge for licensing at the very least. 

Now it seems that you can’t possibly have DVD standards these days, without having DRM standards thrown in.  And at the moment there are two contenders for the crown – Blu-Ray and HD-DVD.

Well, at least we aren’t at the level of VHS versus Betamax, or are we?

To give the current situation a positive note the proponents are following the best practice for industry standards, SLOO (or SLagging Off the Opposition).  Back in August last year proponents of HD-DVD, one of the two competing next-generation DVD standards, had harsh words for the newly announced DRM technologies adopted by the Blu-Ray standard.

At the bottom of the argument is a ‘simple’ dilemma.  Do you build your DRM approach into the hardware or do you put it in the operating system.  Well we know Microsoft’s answer to that one because they don’t have any choice (watch this space when the Windows Advantage system starts to stop ‘illegal’ copies of Windows from running!).

If you do it in hardware then it is ‘theoretically impossible’ to bypass the controls.  However, if someone finds out by studying the hardware how to break the DRM controls, then they are totally broken and there is no possible way of recovering the situation.  To give the reader some kind of feeling for what can be achieved, in the early days of the satellite chip controlled systems a new control chip was completely broken within a month of its introduction, and fixes to counter the breaking were broken within a few hours of being issued.  So hardware is not necessarily the answer to the DRM maiden’s dreams.

Blu-Ray use the argument that it is stupid to have one-shot DRM controls because they are rather like virginity.  Once lost – gone forever.  So better far to have the ability to change as and when you must.  But to do that you need an operating system.  Now Microsoft know a thing or two about operating systems,  including how easily and regularly hacked they can get.

Of course, both proponents (or do I mean combatants) have an interesting weak point that doesn’t seem to get a mention.  A big number of DVD players are on PCs (Windows, Mac, Unix or whatever), and they are controlled purely by software because the hardware just passes over whatever it reads.  So at the software level all the proposals can be attacked, and they can be attacked on a multiplicity of operating systems.  Attackers are able to choose the most suitable environment for their purposes.  And they can exploit whichever weaknesses offer them the best advantage, because, unlike law-abiding people they don’t care about the niceties of legislation like the Digital Millennium Copyright Act that make it an offence to even examine security controls let alone break them.

So who cares what the DRM controls are, if they are open to extreme attack or subversion?  And if the attack is against the movie Lord of the Rings then it will likely be successful.  A lot of money would likely be at stake and money is one of the three great drivers (power and sex are the other two, in case you wondered) so there would be plenty of reasons to attack a DRM system of whatever persuasion.  Fortunately book publishing, high value reports, and most corporate information is well under the radar and does not merit the attentions of the really serious hacking community.  But films and music – the seriously big consumer purveyors do.

So there you have it.  More than one standard jostling for position.  More than one approach.  Both claiming supremacy.  And both open to question.

What next in the DRM wars?