13 October 2009
The Internet has come a long way since its inception as a military communications network. More and more information is becoming available, and broadband Internet access speeds are ever increasing. Until recently, music and video media file sizes were just too big to transfer in a timely manner. However with residential broadband speeds of up to 30Mbps now available in Australia (BigPond 2007), illegally downloading large multimedia files – such as music, videos and even full high-definition movies – is becoming easier and extremely fast. DRM is the entertainment industry’s answer to the illegal distribution of copyrighted works over the Internet.

The Internet has come a long way since its inception as a military communications network. More and more information is becoming available, and broadband Internet access speeds are ever increasing.
Until recently, music and video media file sizes were just too big to transfer in a timely manner. However with residential broadband speeds of up to 30Mbps now available in Australia (BigPond 2007), illegally downloading large multimedia files – such as music, videos and even full high-definition movies – is becoming easier and extremely fast.
DRM is the entertainment industry’s answer to the illegal distribution of copyrighted works over the Internet. There are several different flavours of DRM on the Internet, all using similar encryption-based technologies. This paper will focus on Apple’s FairPlay Digital Rights Management System, as used in iTunes and in Apple’s hardware playback devices: the iPod, the iPhone and Apple TV.

For and against: why is DRM necessary?

“The motive for DRM schemes is to increase profits for those who impose them”
- Richard Stallman, President, Free Software Foundation

Illegally sharing music and videos over the Internet has become commonplace. It became evident to media distribution companies that they would need to find a way that satisfied the world’s desire for easy-to-access media, while maintaining copyright integrity and the rights of the media producers. Apple, in consultation with the “big four” music companies (Universal, Sony BMG, Warner and EMI) (Jobs 2007), developed the FairPlay DRM system so that they could provide the ease-of-access that is so desired through the iTunes Music Store: an on-line music library that iTunes users can purchase music from.
FairPlay limits who and what can play music legitimately purchased from the iTunes store. At any one time five computers and an unlimited number of iPods, iPhones or Apple TVs can playback a single track purchased from the iTunes store. This ensures that recording artists and movie producers receive payment for the purchase of their works.
There are groups, such as the Free Software Foundation, that oppose the use of DRM and DRM-enabled devices: “DRM technology is simply a prison in which users can be put to deprive them of the rights that the law would otherwise allow them.” (Defective by Design 2007).
It is argued that DRM schemes are an offence to freedom, and that imposing restrictions on media that is legitimately purchased is a deprivation of rights. Media producers however would argue that not imposing DRM would endanger their livelihood and income.
It should be noted here that nobody is arguing that media producers should not receive payment for their works. Those that oppose DRM are arguing that after purchasing media, one should be free to use it as they choose.
Since the campaign for DRM-free media has gained weight, Apple has responded with iTunes Plus; a library of select DRM-free media available at a slightly more expensive price than that of the standard library.

iTunes, iPods, iPhones… I what?

I work. I play. iPod.
They’re the accessory to have – your own personal music library right in your pocket. Apple’s iPod was one of the first devices commercially available that supported DRM protected music – and since the fifth generation of the iPod (at the time of writing, the current model is the seventh generation) protected videos as well.
The integration of FairPlay into the iPod and other related devices is almost totally seamless. After purchasing a song or video from the iTunes store, the user’s computer is automatically authorised to play that song or video – and as soon as that song or video is copied onto an iPod or iPhone, they too become authorised to play that music (iTunes Help 2007).
Users can copy their music onto as many iPods or iPhones as they want – there are no limits. They can, however, only share songs they purchase at any one time across five computers (Jobs 2007). While this might be an issue for some, the majority of users will never require that their music be playable on more than one or two computers.
FairPlay doesn’t restrict what devices you connect your iPod or iPhone to in order to playback media – so you can playback a video on a big-screen TV and not have FairPlay whinge. The only trick FairPlay has up its sleeve is that users cannot copy music from more than one iTunes library at once – that is, they can’t collect all their purchased music, then go to a friend’s computer and download all their purchased music as well. iTunes will ask before wiping the iPod’s entire memory and re-synching the new library.

The workings of FairPlay

FairPlay is backed by a secret encryption based technology that Apple keeps under lock and key – for good reason – but we can still gain an understanding of how FairPlay works without pulling the actual numbers up from the iTunes source code.

Every user that purchases music from the iTunes store is required to have an Apple account (iTunes Help 2007). This account is used to verify the user’s identity and is also the key to authorising computers to playback DRM-protected files.
As part of the authorisation process, iTunes generates a unique identification number based on the processor’s serial number and other traits specific to the individual computer that it is running on. That number is then transmitted to the iTunes Music Store servers and stored as an ‘authorised computer’ for that Apple account.

When a song is selected and purchased, iTunes generates a user key that is sent to the Apple servers. The servers then send back the purchased song, which is sent back along with a master key. The iTunes client then scrambles the song using the master key, and locks it using the user key so as to reduce server load. This process is similar to the RSA cryptography method – however the scrambling takes place entirely on the client side.

Using this process means that iTunes does not have to check with the Apple servers every time it plays a song – instead it keeps a library of authenticated keys on the local machine. Sending the user key to the Apple servers also means that users can copy DRM-protected files between authorised computers.

In order to play back a song, iTunes looks up the user key that the song was purchased with and uses that key to unlock the master key. The master key is then used to unscramble and play the song.
This is the same for an iPod or other device – when an iPod is synched with iTunes, all the keys are copied to the iPod.

If a user does not have the required keys to playback a song in an iTunes library, they are prompted to authorise the computer using the Apple account that purchased the song.
If a song is not playable on the computer, then it is not copied across to the iPod.

References

BigPond (Telstra) 2007, BigPond Cable Extreme, accessed 2 October 2007, from

Jobs, Steve 2007, Thoughts on Music, accessed 2 October 2007, from

Free Software Foundation (2007), Defective by Design, accessed 2 October 2007, from

Free Software Foundation (2007), Official Website, accessed 2 October 2007, from

Electronic Frontier Foundation (2007), Official Website, accessed 2 October 2007 from

RoughlyDrafted.com (2007), How FairPlay Works: Apple’s iTunes DRM Dilemma, accessed 2 October 2007 from

iTunes 7.4.3 Help (2007), accessed 2 October 2007, from Apple iTunes : Help [F1]