Ice cream, any flavor only $100
In an earlier diary entry, I suggested that Palladium-based DRM implementations aren't looking so hot for publishers, because they can be defeated by a hardware attack which supposedly costs under $100 and requires little more expertise than current attacks against software-only DRM.
Fred von Lohmann explained why Palladium DRM would still be a good proposition for publishers, even if these assumptions were correct: publishers would get "a $100 hardware hurdle for the average couch potato". Fred thought that that kind of expense (and the effort of physically installing a mod-chip-style device) would eliminate 90% to 99% of the attackers who would be willing to attack DRM with software they could download from the Internet. He also claimed that, statistically, practically no computers users ever open their computers at all.
So the suggestion is that, if you think statistically, a $100 barrier is an extremely effective security measure, especially when you compare it to the (amortized) barrier of approximately $0 -- in the long run -- for defeating all extant software DRM schemes.
This again shows how DRM's security model is very different from traditional security (although Schneier seems to suggest that that, too, is a matter of costs traded off against benefits). In traditional security, if you heard that a $100 technology, the means of constructing which were well-known to everyone skilled in the art, and schematics for which had been openly published, could defeat your security, you would probably not want to claim that you were secure. In the DRM world, this may be considered a reasonable risk, because the measure is still guaranteed to be effective against most attackers. Yes, there. Now I've articulated a specific difference. In regular security, if any attacker succeeds, the security measure has failed. (Schneier, infra, will worry about how "well" it fails, but read that article.) In DRM security, if fewer than n% of attackers succeed, the security measure is good enough, and is satisfactory.
A strange paradox resulting from this is that the discovery publication of a practical and effective exploit against a system may not affect the system's "security" according to this definition! (If the exploit isn't appealing and easy and cheap enough for n% of attackers to use it, it will be deemed not to matter, even though any individual attacker is in principle able to use it at any time.)
A corollary of this is that you can create a system and publish your own exploits against your own system in advance (and not patch against them), and your system may still potentially be "secure". That is counterintuitive.
