If you were going to ask a "someone" how they meant to define "derived work", you would ask Congress, not the author(s) of one out of a million contracts which happen to make use of that term.
You're right that it's upsetting that (mostly) people who don't really work with copyright would end up answering it, but that's the nature of law, or at least until you start electing[/appointing/etc] authors. (Cynic: or until those people start funding election campaigns.)
It's only after you have determined that something is a derived work, that you go study licenses. Until that point, licenses are irrelevant.
Real were not circumventing DRM. They ADDED iPod compatible DRM to the music they were selling, to keep the record labels happy. Apple didn't want Real to be able to sell iPod compatible DRM infested music.
It has nothing to do with circumventing DRM. Anyone with an audio cable could already do that.
Being able to do that without being licensed and thus having the proper keys and procedures would be a defect in the iPod software. If Real just wanted to put the music on the iPod, the iPod always support non-DRMed formats (mp3, AAC).
'intended to block 100% of non-iTunes clients' [...] to improve iTunes, not curb competition.
In what universe does this statement make sense?
In the universe where you have DRM, being able to circumvent it is a defect and/or security hole. So why is someone fixing it a surprise?
Signing certificates are normally encrypted. Stealing the file will do no good unless you know the decryption passphrase. For example, to get a package into our local debian repository such that it can install/upgrade in our production environment, you'd not only need the gpg signing keys, but the 60+ character passphrase (which is NOT written down) to go with it.
You know you've landed gear-up when it takes full power to taxi.