Apple CEO Steve Jobs’ posts rare open letter: ‘Thoughts on Music’ – calls for DRM-free music

Apple CEO Steve Jobs has posted a rare open letter, “Thoughts on Music,” on Apple’s website. Here it is verbatim:

Steve Jobs
February 6, 2007

With the stunning global success of Apple’s iPod music player and iTunes online music store, some have called for Apple to “open” the digital rights management (DRM) system that Apple uses to protect its music against theft, so that music purchased from iTunes can be played on digital devices purchased from other companies, and protected music purchased from other online music stores can play on iPods. Let’s examine the current situation and how we got here, then look at three possible alternatives for the future.

To begin, it is useful to remember that all iPods play music that is free of any DRM and encoded in “open” licensable formats such as MP3 and AAC. iPod users can and do acquire their music from many sources, including CDs they own. Music on CDs can be easily imported into the freely-downloadable iTunes jukebox software which runs on both Macs and Windows PCs, and is automatically encoded into the open AAC or MP3 formats without any DRM. This music can be played on iPods or any other music players that play these open formats.

The rub comes from the music Apple sells on its online iTunes Store. Since Apple does not own or control any music itself, it must license the rights to distribute music from others, primarily the “big four” music companies: Universal, Sony BMG, Warner and EMI. These four companies control the distribution of over 70% of the world’s music. When Apple approached these companies to license their music to distribute legally over the Internet, they were extremely cautious and required Apple to protect their music from being illegally copied. The solution was to create a DRM system, which envelopes each song purchased from the iTunes store in special and secret software so that it cannot be played on unauthorized devices.

Apple was able to negotiate landmark usage rights at the time, which include allowing users to play their DRM protected music on up to 5 computers and on an unlimited number of iPods. Obtaining such rights from the music companies was unprecedented at the time, and even today is unmatched by most other digital music services. However, a key provision of our agreements with the music companies is that if our DRM system is compromised and their music becomes playable on unauthorized devices, we have only a small number of weeks to fix the problem or they can withdraw their entire music catalog from our iTunes store.

To prevent illegal copies, DRM systems must allow only authorized devices to play the protected music. If a copy of a DRM protected song is posted on the Internet, it should not be able to play on a downloader’s computer or portable music device. To achieve this, a DRM system employs secrets. There is no theory of protecting content other than keeping secrets. In other words, even if one uses the most sophisticated cryptographic locks to protect the actual music, one must still “hide” the keys which unlock the music on the user’s computer or portable music player. No one has ever implemented a DRM system that does not depend on such secrets for its operation.

The problem, of course, is that there are many smart people in the world, some with a lot of time on their hands, who love to discover such secrets and publish a way for everyone to get free (and stolen) music. They are often successful in doing just that, so any company trying to protect content using a DRM must frequently update it with new and harder to discover secrets. It is a cat-and-mouse game. Apple’s DRM system is called FairPlay. While we have had a few breaches in FairPlay, we have been able to successfully repair them through updating the iTunes store software, the iTunes jukebox software and software in the iPods themselves. So far we have met our commitments to the music companies to protect their music, and we have given users the most liberal usage rights available in the industry for legally downloaded music.

With this background, let’s now explore three different alternatives for the future.

The first alternative is to continue on the current course, with each manufacturer competing freely with their own “top to bottom” proprietary systems for selling, playing and protecting music. It is a very competitive market, with major global companies making large investments to develop new music players and online music stores. Apple, Microsoft and Sony all compete with proprietary systems. Music purchased from Microsoft’s Zune store will only play on Zune players; music purchased from Sony’s Connect store will only play on Sony’s players; and music purchased from Apple’s iTunes store will only play on iPods. This is the current state of affairs in the industry, and customers are being well served with a continuing stream of innovative products and a wide variety of choices.

Some have argued that once a consumer purchases a body of music from one of the proprietary music stores, they are forever locked into only using music players from that one company. Or, if they buy a specific player, they are locked into buying music only from that company’s music store. Is this true? Let’s look at the data for iPods and the iTunes store – they are the industry’s most popular products and we have accurate data for them. Through the end of 2006, customers purchased a total of 90 million iPods and 2 billion songs from the iTunes store. On average, that’s 22 songs purchased from the iTunes store for each iPod ever sold.

Today’s most popular iPod holds 1000 songs, and research tells us that the average iPod is nearly full. This means that only 22 out of 1000 songs, or under 3% of the music on the average iPod, is purchased from the iTunes store and protected with a DRM. The remaining 97% of the music is unprotected and playable on any player that can play the open formats. Its hard to believe that just 3% of the music on the average iPod is enough to lock users into buying only iPods in the future. And since 97% of the music on the average iPod was not purchased from the iTunes store, iPod users are clearly not locked into the iTunes store to acquire their music.

The second alternative is for Apple to license its FairPlay DRM technology to current and future competitors with the goal of achieving interoperability between different company’s players and music stores. On the surface, this seems like a good idea since it might offer customers increased choice now and in the future. And Apple might benefit by charging a small licensing fee for its FairPlay DRM. However, when we look a bit deeper, problems begin to emerge. The most serious problem is that licensing a DRM involves disclosing some of its secrets to many people in many companies, and history tells us that inevitably these secrets will leak. The Internet has made such leaks far more damaging, since a single leak can be spread worldwide in less than a minute. Such leaks can rapidly result in software programs available as free downloads on the Internet which will disable the DRM protection so that formerly protected songs can be played on unauthorized players.

An equally serious problem is how to quickly repair the damage caused by such a leak. A successful repair will likely involve enhancing the music store software, the music jukebox software, and the software in the players with new secrets, then transferring this updated software into the tens (or hundreds) of millions of Macs, Windows PCs and players already in use. This must all be done quickly and in a very coordinated way. Such an undertaking is very difficult when just one company controls all of the pieces. It is near impossible if multiple companies control separate pieces of the puzzle, and all of them must quickly act in concert to repair the damage from a leak.

Apple has concluded that if it licenses FairPlay to others, it can no longer guarantee to protect the music it licenses from the big four music companies. Perhaps this same conclusion contributed to Microsoft’s recent decision to switch their emphasis from an “open” model of licensing their DRM to others to a “closed” model of offering a proprietary music store, proprietary jukebox software and proprietary players.

The third alternative is to abolish DRMs entirely. Imagine a world where every online store sells DRM-free music encoded in open licensable formats. In such a world, any player can play music purchased from any store, and any store can sell music which is playable on all players. This is clearly the best alternative for consumers, and Apple would embrace it in a heartbeat. If the big four music companies would license Apple their music without the requirement that it be protected with a DRM, we would switch to selling only DRM-free music on our iTunes store. Every iPod ever made will play this DRM-free music.

Why would the big four music companies agree to let Apple and others distribute their music without using DRM systems to protect it? The simplest answer is because DRMs haven’t worked, and may never work, to halt music piracy. Though the big four music companies require that all their music sold online be protected with DRMs, these same music companies continue to sell billions of CDs a year which contain completely unprotected music. That’s right! No DRM system was ever developed for the CD, so all the music distributed on CDs can be easily uploaded to the Internet, then (illegally) downloaded and played on any computer or player.

In 2006, under 2 billion DRM-protected songs were sold worldwide by online stores, while over 20 billion songs were sold completely DRM-free and unprotected on CDs by the music companies themselves. The music companies sell the vast majority of their music DRM-free, and show no signs of changing this behavior, since the overwhelming majority of their revenues depend on selling CDs which must play in CD players that support no DRM system.

So if the music companies are selling over 90 percent of their music DRM-free, what benefits do they get from selling the remaining small percentage of their music encumbered with a DRM system? There appear to be none. If anything, the technical expertise and overhead required to create, operate and update a DRM system has limited the number of participants selling DRM protected music. If such requirements were removed, the music industry might experience an influx of new companies willing to invest in innovative new stores and players. This can only be seen as a positive by the music companies.

Much of the concern over DRM systems has arisen in European countries. Perhaps those unhappy with the current situation should redirect their energies towards persuading the music companies to sell their music DRM-free. For Europeans, two and a half of the big four music companies are located right in their backyard. The largest, Universal, is 100% owned by Vivendi, a French company. EMI is a British company, and Sony BMG is 50% owned by Bertelsmann, a German company. Convincing them to license their music to Apple and others DRM-free will create a truly interoperable music marketplace. Apple will embrace this wholeheartedly.

This letter will prove to be a defining, transformative moment for the music industry. And, if the music labels balk, with The Beatles’ Apple Corps settlement behind them, Apple is free to eliminate the middlebronfman.

Note, too, that Jobs has deftly positioned Apple as the anti-DRM company, just as Microsoft has inflicted the heavily-DRM-laden Vista upon the Windows sufferers.

As we’ve often written, as recently as January 24, 2007, “We do wish the music labels would give up on DRM altogether which would just about solve everything.”

And, from our MacDailyNews Take on January 14, 2007, “We wish DRM didn’t exist. Apple doesn’t need it: the iPod, iTunes, and the forthcoming iPhone are each plenty strong enough to appeal to large swaths of consumers on their own merits. Plus, DRM is so easily removed, that it’s pointless. The mass pirates, about whom the music labels are supposedly worried, aren’t going to let a little DRM get in their way, so the only people that DRM is affecting are regular, law-abiding consumers who just want to listen to their music. Thankfully, Apple’s iTunes Store does allow music to be burned without DRM to music CD to be played in CD players and/or transferred to any device they desire. We are all for selling music without DRM. Hopefully, someday we’ll get there.”

Related articles:
Apple Inc. and The Beatles’ Apple Corps Ltd. enter into new agreement – February 05, 2007
Norwegian Ombudsman: Apple’s FairPlay DRM is illegal in Norway – January 24, 2007
Major music labels ponder DRM-free future – January 23, 2007
Clash, Pink Floyd manager: ‘DRM is dead’ – November 06, 2006
Study reports the obvious: most music on iPods not from iTunes Store – September 17, 2006


  1. Wow! Steve really lays it out just as it should be. To those who dislike DRM… I agree with you…but Apple signed agreements with the music companies that forbid distributing music otherwise. I personally did NOT know that these agreements give them the right to completely withdraw ALL their music in a few weeks time. That would tend to make you maintain the DRM.

    Way to go Steve…very, very well said.

  2. I said in one of my earlier posts that what happens in Europe is positive despite what some people think. The pressure on label companies will mount to the point where the only option for them will be to drop the whole DRM thing altogether. I am glad that Apple is ready to seize the opportunity that arises.

  3. And there it is. Apple and its FairPlay DRM isn’t the culprit behind incompatible stores and players. It is, and always has been, the record labels.

    The socialists in Europe are typically acting without any understanding of the facts. Protect the consumer? Not their motive, never has been. They are protecting their jobs, which requires that they look like they are protecting the consumer.

  4. To imply that licensing a DRM technology to another company increases the risk of it being compromised is shear nonsense. Firstly, who is to say an Apple employee is any more trustworthy than a Microsoft employee – if both companies were relying on the same software for their music business, both would have as much to lose. But more importantly, knowledge of how an encryption system works does not make it vulnerable. Jobs is utterly wrong in suggesting that this is “secret software”. Take PGP for example – the software is open source – we can all download the source code and examine every line in minute detail. But it does not make PGP encryption any more vulnerable to being broken. Encryption security does not depend on knowledge of the algorithm – if it did, it would be an embarassingly poor system and not worthy of the Apple name, or any other self respecting software company.

    Apple has absolutely nothing to lose, in terms of increased risks of broken security, by licensing this to other companies. Nothing.

    It has everything to lose in terms of loss of monopoly.

    Steve’s RDF strikes again.

  5. Wow. Way to go, Steve. Very articulately and clearly stated. Assuming the statistics are accurate, put in this context, the big 4’s constant harping about DRM sounds petty, paranoid, and piggish.

    Makes you wonder what true benefit they (the big 4) gain by forcing this crap on distributors and consumers. There’s probably a huge helping of simple fear of change involved. Maybe the RIAA has some Svengali-like control over the recording industry…

  6. so first the Europeans go after Apple and I guess if the Zune and its system of DRM takes off, Microsoft will be second. Sounds like the real issue is the 4 big music companies. Norway, France, are you listening?

  7. I love how this is specifically addressed to the music companies, and cleverly gets the consumer so easily on Apple’s side against the stupid requests of the Big Four.

    Bravo, Steve. As always, well done.

  8. At last — the whole thing, laid out logically, and with clear alternatives.

    Let’s hope the Euros, especially Norway at the moment, read this and act sensibly from this moment on.

  9. @Reality Check–
    You are simply willfully ignoring the multiple arguementst that Jobs laid out in regards to sharing FairPlay. And you obviously don’t understand the meaning of “monopoly.”

    MPN word “Strength” as in “Give me strength to deal with idiots like Reality Check.”

  10. Reality Check:

    So, “Convincing [the big 4] to license their music to Apple and others DRM-free will create a truly interoperable music marketplace. Apple will embrace this wholeheartedly.” is just blowing smoke?

    All distributors of online music will benefit from DRM-free music. Why is the electronic distribution of tunes treated so differently from CDs? What, honestly, is the RIAA trying to protect?

    Get real…

  11. Gregg Thurman: You know accuse the Scandinavian consumer regulatory bodies of “acting without any understanding of the facts”, but the truth is that YOU know absolutely NOTHING about the Scandinavian consumer regulatory bodies.

    Are you trying to make a statement of public policy? If so, do you have any idea what kind of regulatory track record these bodies have in other ares of consumer protection? Have you studied whether the underlying legislation successfully identified the problem, and whether the regulatory bodies are correctly addressing it?

    Can you even spell the official names of the Scandinavian regulatory bodies, or list who the principal people are? I would bet the answer is no – you probably know absolutely nothing that would actually help a policy analysis.

    And yet here you are, spouting ideology, rather than citing facts, and pretending you know the true motivations and goals of people whom you have never met and know nothing about.

    That’s just plain stupid and hypocritical, and undermines any arguments.

    You are welcome to your opinion and conclusions, even if they are based on nothing but ideological hot air.

    But if you want to convince anyone else who doesn’t already agree with you, then start taking your own advice, and stop commenting as if you have first hand knowledge of something that you plainly don’t.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.