Last Friday, a group of programmers released a piece of software called PyMusique that allows songs to be purchased from iTunes service and then, essentially, stripped of the DRM.  By Monday, Apple had plugged the hole in its server software that enabled PyMusique to work (thereby requiring all iTunes users to upgrade to the latest software).  The next day, the programmers -- including a 17-year-old high school student from Pennsylvania and legendary DRM hacker Jon Lech Johansen of Norway -- found a new hole and released an updated version that works again -- and still does, at this writing.

Like Johansen's DeCSS hack to DVD encryption, PyMusique was originally created to give Linux users a way to obtain music from iTunes.  A Windows implementation of the original software was also released, but the latest version is for Linux only.

PyMusique apparently takes advantage of the fact that when a user purchases a track on iTunes, iTunes ships the encryption key along with the track; then the client software uses that key to create a FairPlay DRM package.  PyMusique simply skips the last step and decrypts the track directly, resulting in a file that the user has purchased legitimately but is then unencrypted.  In other words, PyMusique effectively makes iTunes behave like a paid MP3 download site, such as Michael Robertson's MP3Tunes.

Apple has not threatened legal action against the PyMusique programmers, but even though the software does not really break the FairPlay encryption, it bypasses it in a way that would be unlikely to survive a DMCA 1201 challenge.  PyMusique essentially works by making the iTunes server believe that it is legitimate iTunes client software, which is a common enough hacking ploy. This would work easily if iTunes were to send the content decryption key in the clear.  It's hard to believe that this is what iTunes actually does, i.e., the server must encrypt the key itself before sending it to the client.  In other words, PyMusique must work by breaking that encryption. 

This is the most direct of the many hacks to iTunes that have appeared since the service's introduction (though in the end, it does incrementally more than what's already possible with the standard iTunes software: enabling users to burn unencrypted music onto CDs). PyMusique and other hacks are indicative of two things about iTunes.  First, that the FairPlay DRM -- which Apple engaged an outside contractor to develop -- is a purpose-built solution for iTunes, not a DRM platform like Windows Media DRM or Sony OpenMG; and like most such things, it is bound to be less robust. Second, it proves the rule that a DRM-based service's likelihood of being hacked is directly proportional to its popularity.  (This may be one reason why we haven't seen any hacks to OpenMG.) 

PyMusique will hardly be the last hack to iTunes.  Will any record companies pull their material from the service, given how supposedly vulnerable it is?  We think not.  One of our other rules about DRM hacks is that their mere existence does not necessarily mean that all files packaged in that DRM are suddenly out in the open.  On the other hand, perhaps this experience teaches us something about the true value of DRM in preventing piracy versus its perceived value to content owners.