Original URL: http://www.theregister.co.uk/2001/02/15/welcome_to_net_how_ms/

Welcome to .NET – how MS plans to dominate digital music sales

It's a lot more complex than the air supply stuff, too...

By John Lettice

Posted in Software, 15th February 2001 19:13 GMT

Once upon a time Microsoft discovered the Internet, and the browser wars ensued. More recently it's become apparent that the company sees music sales as the Next Big Thing, but so far, the extent, intricacy and all-encompassing nature of its plans for Digital Rights Management and secure content distribution haven't been widely grasped. When they are, the browser wars may look like a sideshow.

Essentially, there are three major components to the plan. First, the ubiquitous platform - Windows Media Player is reprising Internet Explorer as an integrated part of the OS, so it will become the client of choice manque, and the associated technologies will become the standard technologies. Second, there's the music business. Presented with a near-universal (one might muse that Apple can expect another visit on the subject of MS Office shortly) platform and associated protection mechanisms, the record companies can surely be induced to adopt it. Especially if they still can't figure out an alternative mechanism for stopping their revenues escaping via the Net.

Finally, there's the matter of securing the data itself. Get all of these steps right, ubquitous platform, near-universal adoption by the people who actually produce the data, and bullet-proof security, and Microsoft has a goldmine on its hands. And the mechanisms themselves can and will be applied to .NET, where - as Microsoft was saying just the other day - "the protection of digital content must accompany the facilitation of Internet services." It's surely no coincidence that the guy who's been closest to content, consumer group head Rick Belluzo, has just been kicked upstairs to COO. It's content, and controlling it, right?

Given that Microsoft has the ubiquitous platform already and the content providers will follow if it all works, security is the part of the picture to focus on. As Microsoft explains it: Content owners can use digital rights management (DRM) technology to protect Windows Media files by packaging them. A packaged file is encrypted with a key, and contains information about the content, such as the title, author, and copyright. To play a packaged file, a user must first obtain a license. This license contains the key to unlock the packaged file and specifies the rights that are allowed, such as unlimited play on a computer."

Your personal licensing made easy

There's quite a bit of cute stuff associated with this. Microsoft's Secure Audio Path technology is designed at an operating system level, allegedly) to keep the content encrypted right up until the machine's sound card is actually playing it. This means that if an application tries to intercept the data stream it needs to break the encryption as well and: "Decrypting an isolated Windows Media file would require breaking industrial-strength cryptographic algorithms." Extending the security to the audio playing device, incidentally, requires Microsoft approved signed drivers for that device, so the system also integrates with the signed driver regime the company is introducing.

But there's a lot more to it than that. The operating system will provide users with a central repository for digital certificates, passwords and licences, and will support "silent" licence aquisition. Your PC will just go ahead and check you're licensed to play what ever music (or use whatever data) you acquire, and will only need to bother you whenever it needs a credit card number. Another cute bit is that the licences you acquire each come with a revocation list which "contains all the application certificates of those player applications known to be broken or corrupted."

So if, or more likely when, previously trusted certificates become compromised they are automatically rendered invalid by the very act of you licensing more content.

What happens if you want to play the music on another PC, or you give it to a friend, or your hard disk gets trashed and you lose all your licences and certificates? Give it to a friend and it's cool, the friend just needs to get the right certificate. You can back up your certificates and restore to another PC, so that's cool too. But apparently you can only do this a number of times, the number itself not being something Microsoft seems yet to have specified. So if somehow your stuff accidentally gets backed up and then restored to a couple of thousand PCs, it's all going to go on the revocation list, and stop working.

We have your PC's fingerprints...
One of the reasons it's able to do this is "individualization." Windows Rights Manager "individualizes the critical components of each run-time client. Individualization binds the run-time client to the machine on which the client was initially installed. Every consumer is given a different executable file and different certified license keys. This significantly reduces the danger of global breaks. If a specific Rights Manager client becomes compromised, it can be disabled from acquiring licenses for new media files."

You can spot a likeness here - is the Product Activation technology used in Windows XP somehow related? Product Activation sets out to individualise the PC, and although you can see how useful Rights Manager's individualisation of the player client is in the narrow but potentially lucrative field of digital music, you can see how even handier it would be to broaden it. Wouldn't it be great (not from your point of view, obviously, you're just a user) if you knew absolutely about absolutely everything each and every individual PC was allowed or not allowed to run?

Or do. A CD ROM burning capability will likely ship with XP, and by some strange coincidence: "Rights Manager has the ability to set the appropriate license right to 'burn-to-CD.' To burn a protected Windows Media file onto a CD-ROM, the consumer must have a license that includes the right to do so. CD-ROM-burning applications are required to honor the rights set by the content owner and distributor." Or what? But the idea of getting a lid on burning will certainly appeal to the music business.

Inevitably one's thoughts turn to the matter of how, or even whether, the plans can be circumvented or stopped. As far as competing with it is concerned, the signals are contradictory, but with Netscape's experience in mind sensible people aren't going to believe the nicer sounding stuff anyway. Microsoft says: "All of the Rights Manager application programming interfaces (APIs) are open and published, which allows third parties to customize and extend their digital rights management system. Microsoft only provides the core components."

Well, up to a point, Lord Copper. As a Microsoftie told Wired earlier this week: "The Secure Audio Pathway is a component of Windows, but only works with Windows Media technology in order to keep the system truly secure. At this point, we don't know whether that will change. There are other forms of complexity and security risks if we start adding in other solutions to our system." So it's open and shut, right?

And in the Dotnet bind them...
If the content providers don't embrace it wholeheartedly, it clearly doesn't work. But if they do, refusenik users are likely to find life difficult. On an individual scale it will be hard (or if the lovable music business has its way, next to impossible) to get hold of content that doesn't conform to the Microsoft standards, and on a broader level swapping data will attract Napster-style flocks of lawyers. You could, as Linux and Mac users currently try to with Windows, treat the matter with what the late George Brown called a "complete ignoral," but this time around it would be rather harder, as Microsoft would have stuff you wanted access to.

It won't, ultimately, be a problem for Microsoft if non-Microsoft clients have access to the DRM feast, because by then Microsoft will have something far bigger - it'll own the standards for controlling access to digital content, and so long as you pay, you can run a Mac or linux if you like. Welcome to .NET... ®

Related story

WinXP to include pirate music 'terminator'

Microsoft's reading list

Secure Audio Path
FAQ on Windows Media Right Management
How license acquisition works