The Sony DRM fiasco is due to a common failure of requirements management logic. If an engineered system relies on certain properties, whenever you add a new requirement, you need to check consistency. You have a boat that has EnoughCargoSpace and ReasonableEnergyCost and you decide to add the requirement CantLeak. So you encase the entire boat in a meter of steel. Amazingly the boat no longer meets its other requirements. The weightless nature of software encourages people to forget that there are inescapable tradeoffs. If you impose a rule “B: The DRM system is all powerful” then you have contradicted “A: No Software Can Turn Off Security.” DRM engineers need to come to terms with “Some of the properties of a computer are more critical than protecting IP.” In my drm paper (published in LinuxDevices in 2002) I discussed potential security and safety issues when DRM interacts with embedded software. It’s bad enough to open a door to virus software on home PCs, but imagine the effects in medical devices and elevators!
See also Moshe Yudkowsky on the ColdPlay story
Update: See also – no kidding.
Update: So how much of the Song BMG fiasco was caused by bad engineering practices and how much was caused by bad management practices? These two types of bad are often synergistic.
Update: Boing Boing covers continuing fallout.
Update: See the Linux Devices story on DRM