Why weak DRM is OK

Ed Felten has a very nice series of posts about HDMI security. As Ed observes, the actual security protocol that HDMI uses is very weak, despite the fact that it's well-known how to design a stronger system. Similar comments apply to the DVD copy protection system CSS. Felten suggests an explanation:
First: Why is the weak system worth spending 10,000 gates for? The answer doesnt lie in platitudes about speedbumps or raising the bar any technical bumps or bars will be obliterated when the master secrets are published. Its worth noting, too, that the data stream they are protecting uncompressed super high-def (1080i) video blasts so much data so fast that theres no affordable way for a would-be pirate to capture it, at least today. About all that can be done with such data streams today, at reasonable cost, is to display them, or to run them through simple format converter boxes. In future years, capturing the video stream will become a viable piracy strategy, but by then the master secrets will almost certainly have been published. So temporary piracy prevention doesnt seem like a good explanation.

A much more plausible answer is that HDCP encryption exists only as a hook on which to hang lawsuits. For example, if somebody makes unlicensed displays or format converters, copyright owners could try to sue them under the DMCA for circumventing the encryption. (Also, converter box vendors who accepted HDCPs license terms might sue vendors who didnt accept those terms.) The price of enabling these lawsuits is to add the cost of 10,000 gates to every high-def TV or video source, and to add another way in which high-def video devices can be incompatible.

If you're familiar with the DMCA, you won't find this to be a surprising situation. DMCA doesn't require you to design a strong DRM system, just one that's "effective"--whatever that means. I'm not a lawyer but as far as I can tell it basically means one that works as long as nobody is attacking it. Back in the old days, we used to say that you couldn't do strong DRM without trusted hardware, since any attacker could just break your software and get the keying material. But the DMCA's anti-circumvention procedures act as a kind of legal hardware security module--break the security and you've broken the law. Better than hardware tamper-resistance, in some sense.