DRM fails utterly

From John Siracusa’s “The once and future e-book: on reading in the digital age” (Ars Technica: 1 February 2009):

Nuances aside, the big picture remains the same: DRM for digital media distribution to consumers is a mathematically, technologically, and intellectually bankrupt exercise. It fails utterly to deliver its intended benefit: the prevention of piracy. Its disadvantages, however, are provided in full force: limiting what consumers can legally do with content they have legitimately purchased, under threat of civil penalties or criminal prosecution.

AACS, next-gen encryption for DVDs

From Nate Anderson’s “Hacking Digital Rights Management” (Ars Technica: 18 July 2006):

AACS relies on the well-established AES (with 128-bit keys) to safeguard the disc data. Just like DVD players, HD DVD and Blu-ray drives will come with a set of Device Keys handed out to the manufacturers by AACS LA. Unlike the CSS encryption used in DVDs, though, AACS has a built-in method for revoking sets of keys that are cracked and made public. AACS-encrypted discs will feature a Media Key Block that all players need to access in order to get the key needed to decrypt the video files on the disc. The MKB can be updated by AACS LA to prevent certain sets of Device Keys from functioning with future titles – a feature that AACS dubs “revocation.” …

AACS also supports a new feature called the Image Constraint Token. When set, the ICT will force video output to be degraded over analog connections. ICT has so far gone unused, though this could change at any time. …

While AACS is used by both HD disc formats, the Blu-ray Disc Association (BDA) has added some features of its own to make the format “more secure” than HD DVD. The additions are BD+ and ROM Mark; though both are designed to thwart pirates, they work quite differently.

While the generic AACS spec includes key revocation, BD+ actually allows the BDA to update the entire encryption system once players have already shipped. Should encryption be cracked, new discs will include information that will alter the players’ decryption code. …

The other new technology, ROM Mark, affects the manufacturing of Blu-ray discs. All Blu-ray mastering equipment must be licensed by the BDA, and they will ensure that all of it carries ROM Mark technology. Whenever a legitimate disc is created, it is given a “unique and undetectable identifier.” It’s not undetectable to the player, though, and players can refuse to play discs without a ROM Mark. The BDA has the optimistic hope that this will keep industrial-scale piracy at bay. We’ll see.

How DVD encryption (CSS) works … or doesn’t

From Nate Anderson’s “Hacking Digital Rights Management” (Ars Technica: 18 July 2006):

DVD players are factory-built with a set of keys. When a DVD is inserted, the player runs through every key it knows until one unlocks the disc. Once this disc key is known, the player uses it to retrieve a title key from the disc. This title key actually allows the player to unscramble the disc’s contents.

The decryption process might have been formidable when first drawn up, but it had begun to look weak even by 1999. Frank Stevenson, who published a good breakdown of the technology, estimated at that time that a 450Mhz Pentium III could crack the code in only 18 seconds – and that’s without even having a player key in the first place. In other, words a simple brute force attack could crack the code at runtime, assuming that users were patient enough to wait up to 18 seconds. With today’s technology, of course, the same crack would be trivial.

Once the code was cracked, the genie was out of the bottle. CSS descramblers proliferated …

Because the CSS system could not be updated once in the field, the entire system was all but broken. Attempts to patch the system (such as Macrovision’s “RipGuard”) met with limited success, and DVDs today remain easy to copy using a multitude of freely available tools.

Where we are technically with DRM

From Nate Anderson’s “Hacking Digital Rights Management” (Ars Technica: 18 July 2006):

The attacks on FairPlay have been enlightening because of what they illustrate about the current state of DRM. They show, for instance, that modern DRM schemes are difficult to bypass, ignore, or strip out with a few lines of code. In contrast to older “patches” of computer software (what you would generally bypass a program’s authorization routine), the encryption on modern media files is pervasive. All of the software mentioned has still required Apple’s decoding technology to unscramble the song files; there is no simple hack that can simply strip the files clean without help, and the ciphers are complex enough to make brute-force cracks difficult.

Apple’s response has also been a reminder that cracking an encryption scheme once will no longer be enough in the networked era. Each time that its DRM has been bypassed, Apple has been able to push out updates to its customers that render the hacks useless (or at least make them more difficult to achieve).

Apple iTunes Music Store applies DRM after download

From Nate Anderson’s “Hacking Digital Rights Management” (Ars Technica: 18 July 2006):

A third approach [to subverting Apple’s DRM] came from PyMusique, software originally written so that Linux users could access the iTunes Music Store. The software took advantage of the fact that iTMS transmits DRM-free songs to its customers and relies on iTunes to add that gooey layer of DRM goodness at the client end. PyMusique emulates iTunes and serves as a front end to the store, allowing users to browse and purchase music. When songs are downloaded, however, the program “neglects” to apply the FairPlay DRM.

DRM converts copyrights into trade secrets

From Mark Sableman’s “Copyright reformers pose tough questions” (St. Louis Journalism Review: June 2005):

It goes by the name “digital rights management” – the effort, already very successful, to give content owners the right to lock down their works technologically. It is what Washington University law professor Charles McManis has characterized as attaching absolute “trade secret” property-type rights to the content formerly subject to the copyright balance between private rights and public use.

Microsoft’s BitLocker could be used for DRM

From Bruce Schneier’s “Microsoft’s BitLocker” (Crypto-Gram Newsletter: 15 May 2006):

BitLocker is not a DRM system. However, it is straightforward to turn it into a DRM system. Simply give programs the ability to require that files be stored only on BitLocker-enabled drives, and then only be transferable to other BitLocker-enabled drives. How easy this would be to implement, and how hard it would be to subvert, depends on the details of the system.

Good description of Fair Use & 1st Sale

From Scott Kleper’s “An Introduction to Copyfighting“:

I think a lot of people incorrectly assume that Copyfighters are people who believe that copyright should be abolished and that everything should be free. Copyfighters aren’t saying that all media should be freely distributed. We are saying that as consumers of media (film, television, software, literature, etc.) we have certain rights that we would like to protect. One of these rights is Fair Use. Fair Use means that you can reuse copyrighted work without permission as long as you are commenting on it, or copying/parodying the original. Fair Use is what allows you to quote song lyrics when writing a review of a new CD. Another right is First Sale. First Sale means that when you buy something, you own it and are thus entitled to sell it to someone else. First Sale is what allows you to buy a book, read it, then sell it on half.com for someone else to enjoy.

Most of all, we simply want the right to use the products we buy in the way that we see fit. We don’t want to be sued by a manufacturer for opening up a product to see how it works or sued by a media company for moving a file from one device to another. We believe that when we buy a CD, we should be able to convert it to another format to play on another device. We shouldn’t have to pay again to turn it into a ring tone. …

Songs bought on the Apple iTunes music store can be played only on a fixed number of devices that you have unlocked with your iTunes ID. Sounds reasonable, but after a few system reinstalls, maybe a replaced motherboard, a change of jobs, etc., all of a sudden, you no longer have access to any of your “authorized computers” and you have to get Apple to remove them all so you can start again. You can’t play iTunes purchased music on your non-Apple portable music player and you can’t play Windows DRM files on your iPod. Consumers are supposed to understand and care about this?

The worst part is that these schemes end up only hurting the people who are trying to be good. If you use a commercial downloading service, like iTunes Music Store, it means that you have rejected the dubious legality and poor user experience of the “illegal” services. You have paid your 99 cents and been handed something that is less valuable than what you could have gotten for free. You get a file with complex and arbitrary restrictions in a proprietary format. Meanwhile, the people who decided to keep on infringing aren’t suffering — they get unrestricted files.

Arguments against the Web’s ungovernability

From Technology Review‘s “Taming the Web“:

Nonetheless, the claim that the Internet is ungovernable by its nature is more of a hope than a fact. It rests on three widely accepted beliefs, each of which has become dogma to webheads. First, the Net is said to be too international to oversee: there will always be some place where people can set up a server and distribute whatever they want. Second, the Net is too interconnected to fence in: if a single person has something, he or she can instantly make it available to millions of others. Third, the Net is too full of hackers: any effort at control will invariably be circumvented by the world’s army of amateur tinkerers, who will then spread the workaround everywhere.

Unfortunately, current evidence suggests that two of the three arguments for the Net’s uncontrollability are simply wrong; the third, though likely to be correct, is likely to be irrelevant. In consequence, the world may well be on the path to a more orderly electronic future-one in which the Internet can and will be controlled. If so, the important question is not whether the Net can be regulated and monitored, but how and by whom. …

As Swaptor shows, the Net can be accessed from anywhere in theory, but as a practical matter, most out-of-the-way places don’t have the requisite equipment. And even if people do actually locate their services in a remote land, they can be easily discovered. …

Rather than being composed of an uncontrollable, shapeless mass of individual rebels, Gnutella-type networks have identifiable, centralized targets that can easily be challenged, shut down or sued. Obvious targets are the large backbone machines, which, according to peer-to-peer developers, can be identified by sending out multiple searches and requests. By tracking the answers and the number of hops they take between computers, it is possible not only to identify the Internet addresses of important sites but also to pinpoint their locations within the network.

Once central machines have been identified, companies and governments have a potent legal weapon against them: their Internet service providers. …

In other words, those who claim that the Net cannot be controlled because the world’s hackers will inevitably break any protection scheme are not taking into account that the Internet runs on hardware – and that this hardware is, in large part, the product of marketing decisions, not technological givens.

An interesting way to look at DRM

From “The Big DRM Mistake?“:

Fundamentally, DRM is a about persistent access control – it is a term for a set of technologies that allow for data to be protected beyond the file system of the original machine. Thus, for example, the read/write/execute access control on most *nix file systems will not only be applicable to the original machine but to all machines.

Stated in these terms, I agree with the aims of DRM. However, it is the ways in which large media and software businesses have mis-applied DRM that have ruined the associations most users have with the technology.

DRM Workaround #18: HP printer cartridges

From “Cartridge Expiration Date Workarounds“:

In light of the lawsuit against Hewlett-Packard over the expiration date of their cartridges, two ways to fix the problem:

1) Remove and reinsert the battery of the printer’s memory chip

2) Preemptive: Change the parameters of the printer driver

Search for hp*.ini … In it there is a parameter something like pencheck. It is set to 0100. … Set it to 0000 in the file and save the file and REBOOT.

More distribution channels = more viewers

From “NBC: iPod Boosts Prime Time“:

NBC’s “The Office” delivered a 5.1-its highest ratings ever-last Thursday among adults 18 to 49, a bump the network credits in large part to the show’s popularity as an iPod download. …

Such a connection between podcast success and broadcast ratings success is particularly significant because the NBC data is among the first available evidence of what network executives have been gambling on when striking their new media deals-that the new video platforms are additive because they provide more entry points into a show for consumers. …

NBC is confident that the iPod exposure contributed to the rise. …

The iTunes offering is bringing new audiences to the show that would not otherwise have watched, said Frederick Huntsberry, president of NBCU Television Distribution. “Consumers have choices, and we are not reaching all consumers with one technology,” he said.

ITunes is one way to bring fresh eyeballs to the network, he said, in particular the younger demo that uses video iPods. …

Yet ABC has also seen a ratings increase for its iTunes shows. To date since their debut on iTunes in October, both “Lost” and “Desperate Housewives” are up versus the same period last year. …

That growth and the knowledge that iTunes distribution possibly grew and certainly did not cannibalize ratings gave the ABC Disney Television Group the confidence to add another round of iTunes programs last week …

DRM ratchets up, but never quite works

From Edward Felten’s "DRM and the Regulatory Ratchet":

Regular readers know that one of my running themes is the harm caused when policy makers don’t engage with technical realities. One of the most striking examples of this has to do with DRM (or copy-restriction) technologies. Independent technical experts agree almost universally that DRM is utterly unable to prevent the leakage of copyrighted material onto file sharing networks. And yet many policy-makers act as if DRM is the solution to the file-sharing problem.

The result is a kind of regulatory ratchet effect. When DRM seems not to be working, perhaps it can be rescued by imposing a few regulations on technology (think: DMCA). When somehow, despite the new regulations, DRM still isn’t working, perhaps what is needed is a few more regulations to backstop it further (think: broadcast flag). When even these expanded regulations prove insufficient, the answer is yet another layer of regulations (think: consensus watermark). The level of regulation ratchets up higher and higher – but DRM still doesn’t work.

The advocates of regulation argue at each point that just one more level of regulation will solve the problem. In a rational world, the fact that they were wrong last time would be reason to doubt them this time. But if you simply take on faith that DRM can prevent infringement, the failure of each step becomes, perversely, evidence that the next step is needed. And so the ratchet clicks along, restricting technical progress more and more, while copyright infringement goes on unabated.