One year ago I had a column in this space, The Impossible DRM. I made the case that DRM is impossible, but I left a loophole there saying I was talking about single-player only games, and that MMO games operated under a different set of rules.
And now we have Assassins Creed 2, a game which blurs the line between MMO and single player. As I'm sure you're read elsewhere, you must be online in order to play this single-player game. If you disconnect, you drop out of the game. The game came out for the PC at the beginning of March, and if rumors are true then the game wasn't cracked until this week. So the DRM lasted for six weeks. While probably not a record, it's certainly one of the longest-lived DRM systems of the last several years. While I think the system is offensively anti-consumer, this whole sad business has given us a look at just how much damage piracy is (not actually) doing to the industry.
Publishers have been bemoaning that 90% of their sales have been lost to piracy. While I pretty much agree that 9 out of 10 PC players are pirates, it's important to remember that not every download is a lost sale. The skulls of
John Riccitiello and Bobby Kotick (heads of EA and Activision) are particularly well-armored against this concept. But here we have a well-reviewed, high-profile, AAA title, with incredibly dense coverage that was ostensibly impossible to pirate for six entire weeks. (Which is when the bulk of sales take place.) If every download was a lost sale, then a piracy-proof game should have somewhere in the ballpark of ten times the usual sales. Assassins Creed 2 should be burning up the PC sales charts, dwarfing the sales numbers for its predecessor. Looking around at the sales charts on VGChartz, it would appear that this is not the case.
Laying aside the fact that the system is reprehensible, and that it's probably done little for the Ubisoft bottom line, I do think what they're trying to do is possible. They failed this time (again, assuming rumors are true - I don't mess with pirate sites and I haven't tested any of this first-hand) but the concept is feasible. You really can get an exceptionally strong DRM system like this.
Traditional DRM systems work (roughly) by encrypting the game in various sneaky ways and then un-encrypting it when the customer wants to play. Crackers then either nab the now un-encrypted data, or look at the exact actions the software took to unlock the game and write their own software to do the exact same thing. As I said in the earlier article, it's impossible to stop this. If someone can run the program on a machine they control, they can copy it. End of story.
But this new system isn't trying to protect data sitting on your hard drive. It's protecting data (and perhaps even game logic) sitting on a remote server, which is orders of magnitude more difficult to overcome. This can still be broken with time, but in a well-designed system (that is, a system a lot better than the one Ubisoft just rolled out) you can make it take incredibly long to reverse-engineer the server behavior. (Note that I'm simplifying this to make it as non-technical as possible. There's no need to comment and tell me I'm failing to account for asymmetric key encryption and such.)