I was thinking about DRM lately, and one idea that crossed my mind was this: what about a system where every executable contains a serial number. The serial number would be long (and therefore resistant to brute-force attacks). It would be used whenever connecting to the (company) servers to get updates, play multiplayer games, or any other downloadable game content.

You could then install the software wherever you wanted, without any kind of server validation, but if too many computers with the same serial number started asking for the exact same update or multiplayer access, then we could assume the game had been pirated. That serial number could be automatically blacklisted from server access. In other words, if someone uploads their copy to a pirate website, they would end up harming their own copy and all the pirates could also be blocked from accessing the server. Optionally, the application could either be disabled or could start show a nag message about buying the software.

While it doesn’t actually stop anyone from using the application (unless the application is disabled, as indicated above), this system is resistant to a variety of hacks. Using a long serial number means people can’t just guess a different serial number for their copy. If they rewrite the serial number to something else (like a bad serial number), they still can’t access the server.

This system would also accomplish a couple of good things. It would allow the application to continue working even if there were no DRM servers running (e.g. if the company goes bankrupt). It allows users to install the application where they want without needing to remember a registration code (the registration code is built in). Users would never have to worry about unregistering their copies on old computers (if you computer suddenly dies or your hard drive goes bad, no problem because the only thing that matters is whether it’s asking for updates or server access). It allows the company to recognize and selectively ban copies that have been spread on the internet by pirates.

While I was thinking about this, I realized that it only works very well for software. And it works better for multiplayer games than single-player games. (If someone pirates a single-player game, doesn’t care about updates, and doesn’t care about downloadable content, it doesn’t really restrict them.) Theoretically, this DRM system could be open-sourced, too, because it doesn’t get harmed by the fact that people can see what’s going on inside the code. Plus, it would be nice to see people’s reaction to the phrase “open source DRM”. I don’t think I’d want to do that, though, because I think open-source DRM would attract too many confederates who want to either destroy the system or build-in backdoors. One other possible problem with the system is that a pirate could hack the application to point it to another server, then setup their own (open source) copy of the server elsewhere, serving up copies of the updates and other downloadable content. This would a somewhat dangerous strategy, though, because it means setting up a website. Websites can get shutdown, they cost money, and it means that their identity might be revealed. Still, I’ve seen websites that were clones of other websites, in an attempt to get some ad-traffic based on someone elses’s content.

Unfortunately, it’s not a system that can work for things like movies or music, because they don’t benefit from updates, server-access, or multiplayer access. Well, the other day, I stumbled on one company seems to be trying this strategy with music:

Is the World Ready for the Successor of the MP3?

A leading technology company is set to launch a new digital music file format that will embed additional content for fans including lyrics, news updates and images in what could be a successor to the ubiquitous MP3 file.
…
Music labels, bands or retailers could then also send updates to the music file every time they have something new to announce such as the dates of future tours, new interviews or updates to social network pages.
(Source: Wired Magazine)

What they seem to be doing in this case is embedding a serial number in the MP3 metadata. They then update the file with new data (images, lyrics, etc) if you have a valid serial number. I don’t think their system works very well, though. First, once someone gets the update, they can pass it around to everyone else, giving them access to the images and lyrics. Also, I’m unclear on what happens if you have 40 songs by one artist. Are all 40 mp3s going to get updated with tour dates? That seems inefficient. And, what if someone had one legitimate mp3 on my system, and 39 pirated mp3s? Would that mean that the one legitimate mp3 be enough to get all the tour date and news information? While it’s generally a step in the right direction, I don’t think it’s going to be terribly beneficial to the music industry. Maybe it will help pull-in some of the music fanatics that absolutely need the best.