I’m a bit late with this post, but anyway. Prof. Lenz has posted another DRM related entry with good comments, in which a couple of interesting points are raised. Let me first talk about the “effectiveness” of DRM. To keep my argumentation clear, I will discuss a couple of other noteworthy points in a next post.
Lenz refers to the 2001 Copyright Directive’s definition of the word “effective”. Article 6, Paragraph 3 states:
[…] Technological measures shall be deemed “effective” where the use of a protected work or other subject-matter is controlled by the rightholders through application of an access control or protection process, such as encryption, scrambling or other transformation of the work or other subject-matter or a copy control mechanism, which achieves the protection objective.
Lenz correctly points out that this definition is “slightly circular”: in case DRM simply “achieves the protection objective”, it is already considered “effective”.
This, say, legal effectiveness is of course very different from DRM’s theoretical effectiveness: as DRM always relies on a “security through obscurity” approach, it can theoretically never be “effective” – most DRM systems are indeed hacked within days or weeks after their release.
Lastly, there is also something like DRM’s real-world effectiveness, which relates to what I said in my previous entry: most DRM systems “work” fine, simply because the consumer doesn’t care, or doesn’t know any better.
So, to summarize: if you fear (or know) that the theoretical effectiveness of DRM is near 0, but you want to keep its real-world effectiveness as close to 1 as possible, then the only way to do that is by maximizing its legal effectiveness. In human language (and I’m talking about the content industries): if you fear (or know) that your DRM will be compromised, but you want to keep consumers within its boundaries, then you need a helping hand from the law (= anti-circumvention provisions).