The consumer loses once more

DRM strikes again. This time, apparently, the PC version of Gears of War stopped working. This time it seems to be caused by an expired certificate.

Even though I do not play Gears of War, I take issue in this because of a multitude of problems:

First, it’s another reason where DRM does nothing to stop piracy but punishes the honest user for buying the original – no doubt, the cracked versions of the game will continue to work due to the stripped out certificate check.

Second, using any form of DRM with any type of media is incredibly shortsighted if it requires any external support to work correctly. Be it a central authorization server, be it a correct clock – you name it. Sooner or later you won’t sell any more of your media and thus you will shut your DRM servers down, screwing the most loyal of your customers.

This is especially apparent with the games market. Like no other market, there exists a really vivid and ever growing community of retro gamers. Like no other type of media, games seem to make users to want to go back to them and see them again – even after ever so many years.

Older games are speedrunned, discussed and even utterly destroyed. Even if the count in players declines over the years, it will never reach zero.

Now imagine DRM in all those old games once you turn off the DRM server or a certificate expires: No more speedruns. No more discussion forums. Nothing. The games are devalued and you as a game producer shut out your most loyal customers (those that keep playing your game after  many years).

And my last issue is with this Gears of War case in particular: A time limited certificate does not make any sense in this case. It’s identity that must be checked. Let’s say the AES key used to encrypt the game was encrypted with the private key of the publisher (thus the public key will be needed to decrypt it) and the public key is signed by the publishers CA, then, while you check the identity of the publishers certificate, checking the time certainly is not needed. If it was valid once, it’s probably valid in the future as well.

Or better: A cracker with the ability to create certificates that look like they were signed by the publisher will highly likely also be able to make them with any timed validity.

This issue here is that Gears of War probably uses some library function to check for the certificate and this library function also checks the timestamp on the certificate. The person that issued the certificate either thought that “two years is well enough” or just used the default value in their software.

The person using the library function just uses that, not thinking about the timestamp at all.

Maybe, the game just calls some third-party DRM library which in turn calls the X.509 certificate validation routines and due to “security by obscurity” doesn’t document how the DRM works, thus not even giving the developer (or certificate issuer) any chance to see that the game will stop working once the certificate runs out.

This is lazyness.

So it’s not just monetary issues that would lead to DRMed stuff stop working. It’s also lazyness and wrong sense of security.

DRM is doomed to fail and the industry finally needs to see that.

HD-DVD unlocked

Earlier, it was possible to work around the AACS copy protection scheme in use for HD-DVD and Blueray on a disc-to-disc basis.

Now it’s possible to work around it for every disk.

So once more we are in the situation where the illegal media pirate is getting a superior user experience than the legal user: The “pirate” can download the movie to watch on-demand. He can store it on any storage medium he pleases (like home servers, NASes or optical discs). He can reformat the content to another format a particular output medium requires (like an iPod) without having to buy another copy. And finally, he is capable to watch the stolen media on whatever platform he chooses to watch it with.

The original media on contrast is very much limited:

The source of the content is always the disc the user bought. It’s not possible to store legally acquired HD-content on a different medium than the source disc. It’s not possible to watch it on any personal computer but the ones running operating systems from Microsoft. The disc may even force the legal user to watch advertisements or trailer in advance to the main content. There is no guarantee that a purchased disc will work with any player – despite player and disc both bearing the same compatibility label (HD-DVD or Blueray logos). It’s not possible to legally acquire the content on-demand and it’s impossible to reformat the content to different devices.

Back in the old days, the copy usually was inferior to the original.

In the digital age of DRM and user-money-milking, this has changed. Now the copy clearly provides many advantages the original currently can’t provide or the industry does not want it to provide.

I salute the incredibly smart hackers that worked around yet another “unbreakable” copy protection scheme allowing me to create my personal backup copy of any medium I buy so that I can store the content on my NAS and I have the assurance that I’m able to play it when I want and where I want.

I assure you: My happyness is not based on the fact that I can now downloaded pirated movies over bittorrent. It’s based on the fact that I can store legally purchased HD content on the harddrive of my home server and watch it on-demand without having to switch media.

Piracy, for me, is a pure usability problem.