The preliminary specs of AACS were released four months ago by a consortium that consists of players from the three industry segments that inevitably need to collaborate on a DRM-related technology: consumer electronics (Toshiba, Panasonic/Matsushita, Sony), media (Disney, Warner Bros.), and information technology (IBM, Intel, Microsoft).

The last time this set of industry segments successfully collaborated to produce a content protection standard for physical media, the result was the Content Scrambling System (CSS) for the DVD.  CSS was a direct reflection of the content industry's unwillingness to subsidize copy protection, which it believed was technology vendors' responsibility.  As a result, the CE contributors, Matsushita and Toshiba, designed a content protection technology whose primary design criterion was low cost of implementation rather than actual effectiveness. Meanwhile, the media industry got the US Congress to pass a law (DMCA 1201) that makes hacking copy protection illegal, regardless of the purpose of the hack. 

The rest is history: although the MPAA likes to pretend otherwise in its public pronouncements, CSS has been a failure.  The media industry has had only moderate success in using DMCA 1201 to stop makers of DVD copying software that circumvents CSS, and it has lost billions of dollars due to DVD piracy. 

This time around, the three industries have agreed on a spec that eschews the major flaws of CSS, and that the media industry has apparently been able to persuade the technology backers of AACS to design something that is considerably more costly to implement, without any subsidy.

The designers of AACS have evidently built on innovations introduced to optical media by DivXNetworks, whose enhanced DVD copy protection scheme is gaining popularity among device makers -- demonstrating that incremental client hardware cost need not be an insurmountable barrier -- if not the major film studios.  AACS features strong 128-bit AES encryption, the latest US government standard.  Encryption keys for devices, which are assigned by the AACS Licensing Authority, can be retired if they are discovered.

AACS also provides for additional rights to content that can be activated if the device has an online connection (the default right is simply "play").  Through online license distribution, content providers can offer rights to unlock bonus content, make controlled copies onto secure storage media, transfer content to other devices, and so on.

The Blu-ray camp is going two steps beyond AACS.  First, it is requiring that Blu-ray disc manufacturers embed a globally unique identifier in the physical media through a process called ROM Mark. The identifier is embedded holographically and is not part of the data on the disc. This ensures that only legitimately manufactured discs will play on Blu-ray players.  This process is very hard to duplicate and presumably involves digital signatures or other cryptographic devices that identify the hardware and software used in the manufacturing process.   

Second, the BDA is specifying the use of renewable encryption through a mechanism called BD+.  If AACS (or some future protection scheme) is hacked, individual devices can be rendered inoperable until they download and implement a new scheme. 

In sum, the BDA is making sure that every link in the chain, from disc manufacturing through to the analog outputs of players, is both secure and under its control.  This is typical of the strategies of the two movie studios who are backing Blu-ray, Disney and 20th Century Fox. 

And it may tip the balance in the looming format war in favor of the rival HD DVD.  This will happen for the usual reasons: all else being equal, HD DVD will be cheaper to implement.  Makers of Blu-ray players will pass the additional costs on to consumers, who will vote with their wallets; consumers will derive no direct benefits from any of the extra security features in Blu-ray. 

The movie studios have made great strides since the DVD days in convincing consumer electronics vendors to incorporate strong and costly security features into devices in order to be able to play their films; they should consider it a coup that both Blu-ray and HD DVD camps are embracing AACS.  Yet Disney and Fox are betting that the incremental cost of Blu-ray security will diminish over time; this is a risky position to take, one that the market may not favor.