Apple Music's Digital Rights Management explored

There is a great article (followed by some nice follow-ups) on MacRumors detailing the particulars about Apple's DRM for the Music Store feature in iTunes.

The summary is that you are allowed to (as Jobs said in his speech on Monday):

  • Play a purchased song on up to 3 Macintoshes
  • Play a purchased song on any number of iPods (synchronized to one of those Macs)
  • Burn a purchased song onto any number of CDs (audio or AAC)
  • Share a purchased song over the network (to one of the other 3 authorized computers)
  • Use a purchased song in other applications (that can use QuickTime for playback)

The only piece that I found a little confusing was the sharing part. It was a bit misleading in the presentation, because it sounded as if you could share any song with any number of players that were in your network over the cool Rendezvous technology. It turns out that for the AAC-encoded purchased songs, you can only play back on another Macintosh with the appropriate authorization (which Apple provides 3 of for you).

We did some digging into the files (still trying to find the old Apple "Dumpster" program for dumping out the contents of a QuickTime/MP4 stream) and found a number of useful pieces of data. First, your email address (i.e. your Apple ID) is stored in the song. This is undoubtedly to hook your song to your Apple ID which in turn allows them to hook it to the computers authorized to play the music. Second, your name is stored in the song. This is presumedly to allow you to find out where the song came from.

It is still uncertain whether the songs are encrypted with some kind of specific key and that key is handed to the iTunes software or what. However, conjecture is that the iPod is not capable of doing any sophisticated decryption with its tiny, power-saving CPU, so either the encryption doesn't exist, or it is likely removed when you load your pod.

More information should be forthcoming, and I'm not advocating the avoidance of the DRM that is in use by Apple. I think that they have the right idea in making a flexible, but present, digital rights system that you must actively circumvent in order to steal, but for which there is little reason to do so under normal circumstances.