There’s been a lot written about the deficiencies of DRM over the last couple of days, with some justification too. Recent efforts have been pretty shoddy, with very little effort devoted to allowing content creators to get true credit for their work and more to serve corporate interests. There’s some pretty complex political wranglings to sort out here, between the content providers and hardware and software manufacturers. Does this mean the end of DRM? I doubt it.
Granted, there are some huge hurdles to overcome in a) creating standards so that the content owners control the game, not the vendors and b) creating a watertight system so that this more than just security through obscurity. The problem gets even harder in the enterprise environment where the use cases are much more complex than the consumer world, but there’s growing momentum behind finding a solution. Only last week at RSA I witnessed long lines of hundreds of people queuing to get into the Trusted Computing workshop. Their aim was to get a handle on a technology that, used properly, can help us build an environment from the ground up where we can control where our data goes and who gets access to it. There’s a long way to go, and as many have pointed out, without oversight this technology can be subverted more than others to serve the needs of big vendors. However, the foundations and the motivations are there to solve the problem.
As security professionals and as consumers, we sit on both sides of the fence. We need to help information owners protect their sensitive data, but after the meeting to discuss how they’re going to do that, we want to listen to a few tunes while checking our e-mail. We’ll surely be highly instrumental in finding a solution.