Technology Liberation Front: The Technology Liberation Front » Archive » Regulation begets Regulation
Ryan Radia
· 1 year ago
You make an excellent point and I certainly sympathize with Public Knowledge's case against SOC. But while the DMCA has indeed screwed up the consumer electronics industry, it's unclear how things would change were Section 1201 of the Copyright Act repealed.
CSS, FairPlay, AACS, and many other DRM standards have been cracked wide open, but perhaps content owners would come up with more robust DRM in a world without government protection against reverse engineers. Hackers will always be a step ahead, and thus so will the determined user with some technical competence. However, considering DRM technologies like HDCP key revocation and "Phone-Home DRM", I think it might be possible for content owners to conceivably design DRM that cannot be circumvented in a manner that would make it easy for third parties to come up with a $50 box capable of circumventing it. And I am not so sure that Hollywood would simply "give up" end-to-end DRM.
MikeT
· 1 year ago
There is a rule of law issue at play here. As you observed earlier, people have become less inclined to obey the law at all anymore. It is no surprise that this should happen when you have a law that is blatantly for the benefit of one group at the expense of another, and a collapsing industry that refuses to change because it would rather spend its last gasps of breath on bloviating about "its rights."
The MPAA was lucky this summer because some damn good movies came out, but in this weakening economy, movies are a rip off. Money spent on video games provides a much higher bang for the buck; Gears of War II and Too Human will be as stunning and theatrical as any movie, but will provide 10-20 of hours of entertainment in story mode each for $60 new. A new DVD at most retailers will set you back $20-$30 and give you 1.5-2 hours of entertainment.
The fat lady is warming up for her concert...
Tim Lee
· 1 year ago
However, considering DRM technologies like HDCP key revocation and “Phone-Home DRM”, I think it might be possible for content owners to conceivably design DRM that cannot be circumvented in a manner that would make it easy for third parties to come up with a $50 box capable of circumventing it.
Ryan, what DRM is trying to do is fundamentally impossible from a technological point of view. Bruce Schneier's classic exposition of the point is as good as anything I can write. The basic problem is that an uncopyable bit is a logical impossibility. In order to let you play a given piece of content, Hollywood has to transmit to you the content and the encryption keys necessary to unscramble the content. And on a general-purpose computer, at least, it will always be possible to intercept the encryption keys while they're sitting in memory.
All DRM vendors can do, then, is obfuscate things so that it requires a lot of work to untangle how the crypto works and where the keys are stored. But this just slows hackers down, it doesn't stop them. And once one hacker figures out how it works, it becomes extremely easy to publish those details and allow everyone else to circumvent as well.
To repeat Felten's point, HDCP (and by extension, DRM in general) is not an encryption technology so much as a hook on which to hang lawsuits. DRM is about controlling the consumer electronics industry, not about stopping piracy. The DMCA gives Hollywood the power to stop disruptive innovation. This isn't an unfortunate side-effect of the DMCA, it's the primary purpose. I highly recommend Fred Von Lohmann's talk, "What is DRM Good For?" on this subject.
On the specific question of HDCP, the link encryption approach mandated by HDCP is extremely burdensome for CE manufacturers, both because it makes the hardware more expensive to produce, and because it makes testing and support a lot more difficult. So even CE vendors that didn't care a bit about fair use or time-shifting might decide to crack HDCP simply as a cost-saving and complexity-reduction measure. And knowing they couldn't stop this, Hollywood would simply have a lot less leverage.
Moreover, because it's so widely used, it would be extraordinarily difficult to patch up once broken. When dozens of vendors are implementing a DRM standard over a period of years, there's going to be a ton of collateral damage from any kind of key revocation effort, with thousands of totally innocent devices getting needlessly busted. I'm pretty sure that Hollywood hasn't pulled the trigger on AACS key revocation. The outcry as a bunch of consumers' DVD players stopped working (or had to be plugged into ethernet networks to start working again) would be too great.
Wes Felter
· 1 year ago
I think AACS LA is revoking keys every 90 days (they get cracked much faster than that, but IIRC the contracts don't allow anything more rapid). However, they are only revoking software players and the player vendors just issue updates containing new keys.
Even if they decided to revoke standalone players it wouldn't affect non-pirates because each individual player has different keys.
Tim Lee
· 1 year ago
Wes: Thanks, that's very interesting. I hadn't realized they'd started doing this.
Self Appointed Genius
· 1 year ago
Add in: all DRM schemes to date were cracked by independent programmers. Let's suppose we lost the DMCA, and Creative realized they could legally reverse engineer FairPlay, and port all iTunes Store content to their Zen devices.
They would have a very strong incentive to do this.
But that doesn't mean they would. We've seen plenty of instances in which tech companies cave to content industry demands.
Tim Lee
· 1 year ago
SAG: They cave partly because they know they can get frozen out of the market if they hold out. Without the DMCA, the content industry has a lot less leverage.
All Comments
CSS, FairPlay, AACS, and many other DRM standards have been cracked wide open, but perhaps content owners would come up with more robust DRM in a world without government protection against reverse engineers. Hackers will always be a step ahead, and thus so will the determined user with some technical competence. However, considering DRM technologies like HDCP key revocation and "Phone-Home DRM", I think it might be possible for content owners to conceivably design DRM that cannot be circumvented in a manner that would make it easy for third parties to come up with a $50 box capable of circumventing it. And I am not so sure that Hollywood would simply "give up" end-to-end DRM.
The MPAA was lucky this summer because some damn good movies came out, but in this weakening economy, movies are a rip off. Money spent on video games provides a much higher bang for the buck; Gears of War II and Too Human will be as stunning and theatrical as any movie, but will provide 10-20 of hours of entertainment in story mode each for $60 new. A new DVD at most retailers will set you back $20-$30 and give you 1.5-2 hours of entertainment.
The fat lady is warming up for her concert...
Ryan, what DRM is trying to do is fundamentally impossible from a technological point of view. Bruce Schneier's classic exposition of the point is as good as anything I can write. The basic problem is that an uncopyable bit is a logical impossibility. In order to let you play a given piece of content, Hollywood has to transmit to you the content and the encryption keys necessary to unscramble the content. And on a general-purpose computer, at least, it will always be possible to intercept the encryption keys while they're sitting in memory.
All DRM vendors can do, then, is obfuscate things so that it requires a lot of work to untangle how the crypto works and where the keys are stored. But this just slows hackers down, it doesn't stop them. And once one hacker figures out how it works, it becomes extremely easy to publish those details and allow everyone else to circumvent as well.
To repeat Felten's point, HDCP (and by extension, DRM in general) is not an encryption technology so much as a hook on which to hang lawsuits. DRM is about controlling the consumer electronics industry, not about stopping piracy. The DMCA gives Hollywood the power to stop disruptive innovation. This isn't an unfortunate side-effect of the DMCA, it's the primary purpose. I highly recommend Fred Von Lohmann's talk, "What is DRM Good For?" on this subject.
On the specific question of HDCP, the link encryption approach mandated by HDCP is extremely burdensome for CE manufacturers, both because it makes the hardware more expensive to produce, and because it makes testing and support a lot more difficult. So even CE vendors that didn't care a bit about fair use or time-shifting might decide to crack HDCP simply as a cost-saving and complexity-reduction measure. And knowing they couldn't stop this, Hollywood would simply have a lot less leverage.
Moreover, because it's so widely used, it would be extraordinarily difficult to patch up once broken. When dozens of vendors are implementing a DRM standard over a period of years, there's going to be a ton of collateral damage from any kind of key revocation effort, with thousands of totally innocent devices getting needlessly busted. I'm pretty sure that Hollywood hasn't pulled the trigger on AACS key revocation. The outcry as a bunch of consumers' DVD players stopped working (or had to be plugged into ethernet networks to start working again) would be too great.
http://www.aacsla.com/news/
Even if they decided to revoke standalone players it wouldn't affect non-pirates because each individual player has different keys.
They would have a very strong incentive to do this.
But that doesn't mean they would. We've seen plenty of instances in which tech companies cave to content industry demands.