Digital Rights Management Primer
Here's probably my favorite part of the chapter:
The fundamental difference between encryption techniques and DRM challenges is the trusted parties. In usual encryption scenarios, the end users are assumed trustworthy and a malicious third party is assumed to be the threat that the user needs to defend against. In contrast, DRM assumes that only the devices are trustworthy, and that the users are the potentially malicious interlopers. This is why DRM cannot depend on encryption technology alone--it is only one technical component of a complete DRM solution. Vendors that brag about the strength or complexity of their encryption are saying little about the robustness of their DRM.