Microsoft confirmed Friday that the software code, written by a programmer using the pseudonym "Beale Screamer," can strip off the protections that prevent a song from being copied an unlimited amount of times.
The company's digital media division has spent much of the day talking to record labels and content partners in an effort to respond to Screamer's software, said Group Product Manager Jonathan Usher.
Nevertheless, the damage to Microsoft's overall digital rights management (DRM) software campaign is slight, Usher said. The company has built in a means to update the protections for cases such as this. Some music on the market may lose its locks, but the software as a whole will remain secure, Usher said.
"We have been forthright that no technology and no DRM is 100 percent secure," Usher said. "We anticipated...hacks and designed renewability into the system."
It is critical for Microsoft's future in the media industry that its DRM software remain trusted, or at least secure enough to bar the vast majority of people from breaking through. The company has touted its media protection system as a core attraction of the Windows Media file format and has spent considerable time in the past few years trying to persuade music labels and Hollywood studios to distribute their content through it.
The DRM software allows a content owner, such as a record label, to set rules on how the content can be used. A song, for example, could be downloaded and played for a month, it could be played just three times, or it could be restricted from being transferred by a listener to an MP3 player or a recordable CD.
Although few examples of copy-protected music can be found in an online world still enamored with unrestricted MP3s and file-swapping services such as Napster, Microsoft has made some steps forward. Several of the big record labels are experimenting with the idea of releasing ordinary CDs that can't be copied to hard disks but include Windows Media digital files for use on a computer.
This is at least the second time that Microsoft's DRM technology has been compromised. Programmers in 1999 created a workaround for security features used in Windows Media audio version 4 the day after it was released. The bypass program, called "unf***.exe," was promptly distributed online.
That program did not actually crack Microsoft's codes but nevertheless highlighted a major flaw in encryption techniques.
For any PC audio format, the media player has to decode the data to a plain, uncompressed digital format before it can be played on speakers or headphones. Unf*** exploits this weakness by capturing the decoder output before it gets sent to the PC's sound card, which creates the speaker signal.
Although workarounds have long been available to copy data in an uncompressed format after it leaves the PC's sound card, unf*** was the first to work directly on Windows Media files, producing a higher-quality copy.
Screamer's software has limitations as well. It works only on the most recent version of Microsoft's DRM technology, in which a fairly small amount of content has been encoded.
Moreover, to make Screamer's software work, a computer user must already have a valid license, or digital permission slip, to listen to the song. The software essentially uses information found in this license to fool the DRM software, stripping off the protective technology entirely.
This means that someone downloading a protected song from the Web without first paying for it, or otherwise getting the rights to listen to it at least once, would be unable to use Screamer's software. But purchasing a CD with Windows Media files on it, in conjunction with the software, could allow someone to strip off the protections and distribute the files online with no restrictions.
In a list of instructions, and in a manifesto against current copyright policies distributed with the software, Screamer predicted that Microsoft would find a way around the hack. But the code should help people get a head start on breaking through the next updates, raising the possibility of a fast-moving online arms race.
"You know that Microsoft is going to make some changes that will render my software useless," Screamer wrote. "You've got the source code, so use that as a starting point to change with them."
The author's manifesto also contains a screed against the controversial Digital Millennium Copyright Act (DMCA), which makes it illegal to make or distribute software that is specifically designed for cracking through copyright protections. This software would be illegal under that law, Screamer wrote.
To re-protect the content now online, Microsoft said some people who listen to Windows Media files with this protection will be asked to download tiny bits of code that will make the Screamer software ineffective.
Jay Samit, senior vice president of EMI Recorded Music, said he wasn't worried about the hack even though his company distributes some content using Microsoft's technology. No EMI music has been distributed using the latest version of the DRM system, he noted.
"Anything anybody can build, someone can break," Samit said. "This will be a quick fix. For most people it's still easier to walk into a store and shoplift a CD than it is to build or use this software."