This is the most successful DRM system for digital music downloads, so it's worth looking at how it works.
The music is encrypted and it's always stored in its encrypted form (.M4P). It can only be decrypted (listened to) with the correct decryption key.
The decryption keys are stored in three places:
On Apple's servers.
On the customer's computer(s)
On the customer's iPod(s)
Transferring a key from one place to another requires the permission of the Apple server, and this is how control is maintained over the customer's use of the encrypted music file.
But the music can be transferred from the encrypted file to a CD (seven times only) and the CD version is not encrypted and has no restraints. It's also possible to burn the files to unrestricted MP3 format. There's a theoretical quality loss, but some people don't feel the loss is noticeable.
Five computers can hold the same keys for one customer. You can de-register (de-authorise) a computer and replace it with another, but if a computer is lost or crashes permanently, you've forfeited one of the five.
Independent software engineers have created programs that remove or otherwise get around the FairPlay DRM, such as DeDRM, and reveal the underlying AAC format music file.
Most people don't even realise there's a DRM in the iTunes system, which means it's been cleverly designed and clearly doesn't often get in the way. But technical customers who see the DRM generally don't like it. And in the long run those who don't know about it are going to run into problems when they've upgraded their computers a few times and lost their computer-transfer credits.
For more technical details see Wikipedia's FairPlay page.
More TinHat articles on Ebooks and Epublishing