Several of my colleagues have pointed me to a highly-publicised paper entitled “A Cost Analysis of Windows Vista Content Protection” by Peter Gutmann, a researcher at Auckland University. Now anything from this academic outpost always captures my attention because I’ve always found their security researchers to be pretty smart. Rather appropriately, Peter describes himself as a “professional paranoid”. He’s certainly been spreading an awful lot of it about with this paper.
In essence, the paper slams Microsoft’s decision to incorporate content protection in Vista. It pulls no punches, pointing out the downside of incorporating such protection (on performance and security) and even suggesting that “The Vista Content Protection specification could very well constitute the longest suicide note in history”. I recommend you read the paper. But bear in mind that it is peppered with comments such as “details are sketchy” and “it’s possible there may be inaccuracies present”. Also check out an interesting critical response from a DRM blogger called Paul Smith, as well as the critical comments on his own posting.
Clearly this debate will run for some time, as most commentary so far contains elements of spin, fear, doubt and uncertainty. That's unfortunate because there are some potential security implications that need to be surfaced. But politics, technology bias and a general lack of solid information continue to cloud the real issues, which are all about the difficulties of implementing DRM and the desire of Hollywood to enforce it on platform suppliers.
