A common argument against DRM is that it punishes paying customers without successfully preventing piracy. Legitimate users are restricted from freely using the content or software that they rightfully own, while illegitimate users can still download the very same content, and use it without restrictions – and without paying the publisher.

As a music consumer I can empathize with those who oppose DRM. Some of my CD’s, from jazz label Blue Note Records, refuse to play in my PC and can’t be converted easily into compressed music files, preventing me from listening to these songs using my portable media player. Although I found ways around these annoyances, they certainly discouraged me from purchasing additional “copy controlled” CD’s. Fortunately the label stopped protecting CD’s a few years ago and even announced that its entire catalog will be available as DRM-free MP3 files.

It’s not unlikely that Blue Note Records’ decision to move away from DRM was inspired by an open letter that Apple Inc. CEO Steve Jobs published a few months earlier. Dubbed “Thoughts on Music”, the letter called the major music labels to allow selling their music without DRM. Back then all the music files sold through Apple’s iTunes Store were protected via the company’s Fair Play DRM. The protection allowed customers to play the music only in Apple’s iPod players or in a limited number of computers installed with the iTunes software. Apple invested a lot of efforts enforcing these restrictive terms, but to no avail. In the letter Jobs stated that “DRMs haven’t worked, and may never work, to halt music piracy”. In January 2009, Apple announced that it had reached an agreement with the major music labels to remove DRM from all the songs on the iTunes Store.

When even RIAA’s spokesman Jonathan Lamy admits that “There is virtually no DRM on music anymore, at least on download services”, it’s clear that this is more than a fad. This begs the question why there’s no sign of a similar trend when it comes to software DRM. After all, both content publishers (e.g. music labels) and ISV’s wish to protect their intellectual property and revenue, so in principle both should have similar incentive to use DRM, or to drop it if indeed its impact on user experience outweighs its effectiveness in keeping pirates at bay. This is exactly where the differentiating factor that makes ISV’s less willing to drop DRM is – the effectiveness of the protection.

There are many forms of software protection, with varying levels of security. With that said, effective software protection is a far more feasible goal than effective media protection. Copying media is performed using digital ripping and encoding, resulting either in identical or virtually identical discs, or in compressed files of very high quality. Media DRM aims to prevent the creation of such copies or files, but even if some security products are successful to a certain degree, users can always create reasonably good copies using relatively simple methods. Due to a principle known as the “Analog hole”, non-interactive content such as music, movies or text, can always be copied via analog connection (e.g. the simple line-out connector of a sound card). Granted, the resulting copy is not bitwise identical to the original and suffers from some loss of fidelity, but the quality is usually good enough for widespread illegal distribution over P2P networks. There is no equivalent loophole in software DRM, where high technical expertise is required to combat the protection, and in many cases (when protection is implemented properly) – without success. The fact that software protection is not sensitive to analog attacks makes it, by definition, far more secure compared to its media counterpart.

The ongoing growth I see in the number of ISV’s implementing SafeNet software protection and software licensing solutions convinces me that most of them understand that protecting their software is an essential task, with very tangible benefits. Many of them abandon their homegrown protection implementation due to the very same weaknesses discussed above – poor user experience combined with poor protection level (for the sake of completeness, the cost of maintaining homegrown solutions and lack of scalability also play an important part in these customers’ decision to switch).

The effective protection is probably the main reason why so many ISV’s choose to continue and protect their software products using DRM solutions, but it’s worth mentioning one relatively unique case of an ISV that decided to try and drop DRM and see if indeed the number of paying customers would increase, as many DRM-naysayers claim. The company that attempted this brave experiment is Ubisoft, one of the world’s largest computer and video game companies. Their Prince of Persia series of games has been extremely successful for years and has always had copy protection implemented. In 2008 Ubisoft made waves in the gaming scene by releasing a new sequel of the game with no DRM of any kind. Far less surprising were the illegal copies of the game that became available on P2P networks right on its official US release date. The pirates didn’t have to work hard this time, as there was no DRM to circumvent. Ubisoft didn’t publicly respond to this outcome, but the fact that they returned to use DRM in all of their subsequent releases, speaks volumes.

That’s it for now. I’m off to playing a game of Prince of Persia 2008, legit of course.