What will AACS (Advanced Access Content System) do next? Will it succeed?

At the moment, they appear to be in a lot of trouble. While they do periodically update player keys, the time between updates is much too long (6 months) and software players get hacked again too quickly. The deck is stacked against them for speeding up the update process since it requires them to identify a hack, notify the vendor, wait for the vendor to issue a patch and roll it out, then later release discs that revoke the old keys. On the latter, it's very difficult to hide keys in a PC software player and attackers can target the weakest one. Given that several updates have been hacked before the new discs were released, it seems they aren't going to win this battle.

They do have two tools they haven't deployed yet. The first is called sequence keys. This allows a disc author to segment the video and encrypt slight variants of each scene, encrypted under different keys. This would allow them to rip a disc using a particular tool (or find the video on P2P) and identify which model of player was used by which variants appeared in the output. However, I think it's unlikely this will ever be used since it complicates authoring significantly and only helps in identifying the player keys to revoke. This is only the first phase of the long process I described above and won't speed up the other steps.

The other is to go after the online server itself. Currently, only Slysoft has hacked AACS, and they are hiding the player keys they are using by putting them on a server. Other ripping software authors were copying those keys from them, so they decided to stop providing them in the app itself. This also makes it harder for AACS to identify which player keys need to be revoked. AACS could make up fake MKBs (key blocks) and send them to the Slysoft server. Depending on the decryption result, they could zero in on which keys Slysoft has. It's sort of like the game of Mastermind, where I tell you what parts of your guess are right. The downside is this also only targets the identification phase, it doesn't speed up other steps of their update process.

It will be interesting if they come up with something else. As things stand, it looks like AACS is becoming irrelevant if they don't come up with fundamental changes to their update process.

A lot of millions have been paid by media companies to develop DRM systems, but generally it's just a matter of time before they get bypassed. I am wondering if you think that this happens because these systems were not well designed, or we can't really design an unbreakable DRM system?

It's a matter of incentive. People who make players have the opposite incentive -- do as little as possible since free content sells more players. To put it more generously, they don't get any of the revenue from a studio that sells more copies if there is less piracy, and they usually have to bear all the cost of adding protection. Why should they care?

When we designed BD+, our goal was to let studios spend the money developing the security on a per-disc basis. All the player manufacturers had to do was provide a simple, compatible VM environment. That way if a studio cares more about protecting a particular title, they can put more effort behind its software protection. They are in the best position to measure if the DRM impacts their sales and decide how much to spend on it in the future.

That's the exciting thing for me about BD+. It's really the first time these principles have been brought into play in the mass market. It's an opportunity to prove if common memes about DRM are true or not. How much more money does a title make if it's not available on pirate networks for a few months after release? That's a question you can't ask with DVD since there is no example to use.

This year should be very interesting.