Cory Doctorow is not the first person to say it, nor will he be the last, but he certainly said it well in his popular talk on DRM he gave at Microsoft (Microsoft Research DRM talk):
DRM systems are broken in minutes, sometimes days. Rarely, months. It's not because the people who think them up are stupid. It's not because the people who break them are smart. It's not because there's a flaw in the algorithms. At the end of the day, all DRM systems share a common vulnerability: they provide their attackers with ciphertext, the cipher and the key. At this point, the secret isn't a secret anymore.
However, DRM does hide (sort of) secrets, they just have nothing to do with the plaintext. Read on...
Of course, everything that Doctorow says about DRM's effectiveness is correct. There will never be DRM for consumer media that can't be broken. It simply cannot prevent determined attackers from breaking it; at best, it merely slows them down for a relatively trivial period of time.
The fact that DRM will always fail isn't why DRM is important. From a technical point of view, DRM is a joke. Really, the long term usefulness of any particular DRM scheme isn't in the technology, but in the law that defends the technology. Once broken, all of DRM's usefulness is provided by statute, by the anti-circumvention provisions of the DMCA.
For example, CSS, the DVD encryption scheme, was broken years ago. Anyone with half a clue can now get ahold of DeCSS and decrypt DVDs. Yet, Hollywood studios still encrypt DVDs, not because of the remaining efficacy (none) of the encryption scheme, but because the encryption scheme is the pass that gets them in the legal door of the draconian DMCA. No manufacturer of DVD players refrains from making a DRM-free DVD player because they are stymied by CSS, but because the draconian penalties for violating the DMCA are more than adequate deterrence.
Why, then, are companies spending so much money on researching and developing "robust" DRM systems? Even if you spend millions on development, in the unlikely best case scenario, your encryption scheme will last for a few weeks or months. After the DRM scheme is broken, all the research and development dollars spent on making strong DRM no longer provide any return. The only return is coming from the fact that you have DRM at all, because the DMCA doesn't care whether the DRM is weak or strong. The DMCA only cares if it is "effective," which most people take to mean, well, pretty much that it is an encryption scheme, period
For example, I don't see any reason why a slightly more sophisticated version of a Vigenere Cypher wouldn't trigger DMCA protection for a media that used it. The company using the slightly modified Vigenere Cypher would have all the legal protections with few of the costs. No one could sell a device that used the same cypher without permission without running afoul of the law. So, why not?
I think it is because it would demonstrate quite clearly what the DMCA is really about. Obviously weak encryption would make it clear to everyone that the DMCA isn't about stopping pirates, but controlling the market and raising barriers to entry. In contrast, if you use a "robust" DRM scheme, it looks like you are really concerned about piracy, that the DMCA is really protecting something very valuable.
DRM is hiding a secret, but it is doing so much as a Potemkin Village hides a secret.