Experienced Points

Experienced Points
The Impossible DRM

Shamus Young | 3 Apr 2009 17:00
Experienced Points - RSS 2.0

I am known, when people recognize me at all, as either "The Webcomic Guy" or "the anti-DRM guy." The word "crusader" is sometimes used in describing my opposition to DRM. While I'd much rather be famously funny than famously cranky, I'd rather be viewed as an eccentric grouch than simply bend over and suffer more injustice and insults at the hands of the industry's increasingly inept efforts to thwart piracy by punishing people who pay for games. (i.e. non-pirates. Like me.)

I've talked about DRM in forums, in email, in my webcomic, on my blog, and - on exceptional occasions when I leave my lightless underground cave - with people in the real world. The problem of software piracy seems pretty simple at first glance, and people are always suggesting new and elaborate ways to guard against it. I mean, we're just stopping people from copying data, right? That's just keeping secrets. Cryptography. People successfully protect data all the time. What's so special about computer games? What if the executable was encrypted with that cryptography that would take hundreds of years to break with a supercomputer? What if the game was on an external bit of hardware (like a USB drive) and not on the computer? What if the game was encrypted on the user's hard drive and the key to decrypt it was stored on the DVD, which would need to be in the drive at all times? What if they just, you know, came up with a better system that just protects stuff better?

But here is the super-secret truth for all of you armchair cryptographers: It's impossible. You can't do it. I don't care how smart your programmers are or how much money you spend, there is nothing that can prevent people from pirating a game short of never releasing it. I don't mean "impossible" in the sense that we need better computers or more advanced cryptography. I mean that the idea of preventing someone from copying a playable PC game is impossible in the same way that giving yourself a piggyback ride is impossible. (A disclaimer: I'm talking about single-player PC games here. In an MMO, what you're really paying for is the data streaming off the server, and it's easy to protect that with a login.)

Over the years, DRM has employed increasingly sophisticated levels of encryption and obfuscation. They scramble the software and require you to go online to unscramble it. Little traps are hidden in the program to lock it to your particular PC, to require the disk be in the drive, or that you enter the third word in the second paragraph on page eight of the manual that rhymes with "tedious." But all of this is a waste of time if I'm trying to prevent you from copying the game, because sooner or later the full, functional, unscrambled data has to end up in memory if you're going to actually play the thing. No matter how many locks I put on the software, I have to open them all up in order for you to play, and at that point you can plunder the data and sail away with it.

There is no way for me (the publisher) to let you (the gamer) run a program but somehow not duplicate the thing. It is just as impossible as giving you a book that you can read but can't copy. Sure, I can make the book harder to copy. I can print it in low-contrast text that foils cheap photocopiers. I can print it on a busy photocopier-confusing background like a big book of CAPTCHA. I can print it with just a few words per page, which will make it insanely expensive to reproduce. I can make it difficult for you to make copies, but as long as it's possible for you to read it, you can copy it, even if it means re-typing the book yourself.

So this is why games are so readily cracked: The job of DRM is to let you have the game without letting you have the game. Good luck with that.

Comments on