Some thoughts on DRM. Very geeky.
Mar. 22nd, 2006 10:13 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
flewellynAs my bio says, I am a computer person, in much the same way I am an oxygen-using person. Computers and programming and technology in general fascinate me, so naturally I care a great deal about what goes on in the computer world.
One of the up-and-coming ideas, currently being advanced by the RIAA and MPAA, those same paragons of consumer advocacy that brought us the Digital Millenium Copyright Act, is Digital Rights Management, or DRM. Also known in the free software community as "Digital Restrictions Mangement", this technology is intended as a set of hardware-based cryptographic tools which will allow the computer to verify that the user is actually authorized to use certain content. In other words, a CD or DVD would be encrypted, and unless your DRM chip could verify that you had a legit copy, you couldn't use it.
Obviously, this has some people rather upset. It's a very domineering tactic, and among other things, makes it so that you no longer own the computer you buy, or the CDs or DVDs. You would use them only in the way that large, monolithic corporate interests want you to, and they could have complete control over what you were allowed to view and listen to on your computer.
At least, that's the idea. There is one teensy little problem with DRM: there is no way it could actually work.
I am not a cryptographic expert (amateur enthusiast at best), but to me the problem boils down to one of key distribution. It's very easy to build cryptographic tools, open source or not, without compromising the security, because knowing the cypher algorithm does not necessarily help you break the encryption by itself; you need the keys, or a means of producing those keys.
Traditional cryptography, also known as symmetric key cryptography, has one key which is used for both encrypting and decrypting messages. The problem there is, symmetric key cryptography has the small problem that the same key is used for both encrypting and decrypting, which means that key has to be secret at both ends. So, if the two ends are far apart, you have this problem of sending the key to the other person; how do you get it there without it being intercepted?
The newer forms of asymmetric cryptography, called "public key" cryptography, were designed to alleviate this problem. This splits the single key into TWO keys: one for encrypting, and one for decrypting. Having the encrypting key does not allow you to decrypt messages that were encrypted with it; only the decrypting key can do that. The idea here is that, basically, you distribute the encrypting "public" key far and wide, while keeping the decrypting "secret" key to yourself. Thus, anybody can encrypt a message to the holder of the secret key, but only the holder of that key can decrypt those messages. This is a very elegant solution to the basic problem of key distribution, assuring that the messages are kept private for the intended recipient.
But here's where the problem comes in. Since it was invented, cryptography has always assumed that, while the message you encrypt may be intercepted by untrusted parties, the person you intend the message for can be trusted. DRM is about locking down content, not about ensuring privacy of messages; it flips around the usual case in cryptography by distrusting the recipients. In order to make sure content is only decryptable by authorized people, you'd have to ensure that only those authorized people had access to the keys needed to decrypt. If it's public key, asymmetric cryptography, you'd have to distribute those keys somehow to the authorized people.
And any way you do that, whether by embedding them in the content or by separately enabling them, nothing prevents those authorized people from redistributing the keys to other people! Since, in DRM, the recipient is not trusted, this means that key distribution becomes a catch-22: if you don't distribute keys, then nobody can read your content, and they have no reason to buy it; but if you do distribute keys to purchasers, then they can redistribute them, everyone can read your content, and they have no reason to buy it.
Locking down the spec for DRM, requiring it in ROM, building it into the operating system...none of these things will help. The core issue is, the keys have to exist on the recipient's machine in order to read the content, and once there, they can be discovered and put to "unauthorized" use. Granted, 9 out of 10 computer users may not have the knowhow to do this, but it only takes one or two to discover the method and propagate it. DRM as a content restriction method is doomed to fail.
The technology could be put to legitimate, useful purposes, mind you, as a way for the owner of the machine to secure it against running untrusted binaries; this would allow you to, for instance, "sign" all the programs you want to be runnable with a little authorization key, and then the computer would simply refuse to run any unsigned program. This would be a huge boon for securing a system...but for the system's owner, not some third party. That, I think, would be a very good use of built-in cryptography in a computer, and should be encouraged.
But the stone cold fact is, if you have physical access to a computer, that computer cannot be secured against you. And frankly, if you're the one who bought it, I think that's a good thing.
One of the up-and-coming ideas, currently being advanced by the RIAA and MPAA, those same paragons of consumer advocacy that brought us the Digital Millenium Copyright Act, is Digital Rights Management, or DRM. Also known in the free software community as "Digital Restrictions Mangement", this technology is intended as a set of hardware-based cryptographic tools which will allow the computer to verify that the user is actually authorized to use certain content. In other words, a CD or DVD would be encrypted, and unless your DRM chip could verify that you had a legit copy, you couldn't use it.
Obviously, this has some people rather upset. It's a very domineering tactic, and among other things, makes it so that you no longer own the computer you buy, or the CDs or DVDs. You would use them only in the way that large, monolithic corporate interests want you to, and they could have complete control over what you were allowed to view and listen to on your computer.
At least, that's the idea. There is one teensy little problem with DRM: there is no way it could actually work.
I am not a cryptographic expert (amateur enthusiast at best), but to me the problem boils down to one of key distribution. It's very easy to build cryptographic tools, open source or not, without compromising the security, because knowing the cypher algorithm does not necessarily help you break the encryption by itself; you need the keys, or a means of producing those keys.
Traditional cryptography, also known as symmetric key cryptography, has one key which is used for both encrypting and decrypting messages. The problem there is, symmetric key cryptography has the small problem that the same key is used for both encrypting and decrypting, which means that key has to be secret at both ends. So, if the two ends are far apart, you have this problem of sending the key to the other person; how do you get it there without it being intercepted?
The newer forms of asymmetric cryptography, called "public key" cryptography, were designed to alleviate this problem. This splits the single key into TWO keys: one for encrypting, and one for decrypting. Having the encrypting key does not allow you to decrypt messages that were encrypted with it; only the decrypting key can do that. The idea here is that, basically, you distribute the encrypting "public" key far and wide, while keeping the decrypting "secret" key to yourself. Thus, anybody can encrypt a message to the holder of the secret key, but only the holder of that key can decrypt those messages. This is a very elegant solution to the basic problem of key distribution, assuring that the messages are kept private for the intended recipient.
But here's where the problem comes in. Since it was invented, cryptography has always assumed that, while the message you encrypt may be intercepted by untrusted parties, the person you intend the message for can be trusted. DRM is about locking down content, not about ensuring privacy of messages; it flips around the usual case in cryptography by distrusting the recipients. In order to make sure content is only decryptable by authorized people, you'd have to ensure that only those authorized people had access to the keys needed to decrypt. If it's public key, asymmetric cryptography, you'd have to distribute those keys somehow to the authorized people.
And any way you do that, whether by embedding them in the content or by separately enabling them, nothing prevents those authorized people from redistributing the keys to other people! Since, in DRM, the recipient is not trusted, this means that key distribution becomes a catch-22: if you don't distribute keys, then nobody can read your content, and they have no reason to buy it; but if you do distribute keys to purchasers, then they can redistribute them, everyone can read your content, and they have no reason to buy it.
Locking down the spec for DRM, requiring it in ROM, building it into the operating system...none of these things will help. The core issue is, the keys have to exist on the recipient's machine in order to read the content, and once there, they can be discovered and put to "unauthorized" use. Granted, 9 out of 10 computer users may not have the knowhow to do this, but it only takes one or two to discover the method and propagate it. DRM as a content restriction method is doomed to fail.
The technology could be put to legitimate, useful purposes, mind you, as a way for the owner of the machine to secure it against running untrusted binaries; this would allow you to, for instance, "sign" all the programs you want to be runnable with a little authorization key, and then the computer would simply refuse to run any unsigned program. This would be a huge boon for securing a system...but for the system's owner, not some third party. That, I think, would be a very good use of built-in cryptography in a computer, and should be encouraged.
But the stone cold fact is, if you have physical access to a computer, that computer cannot be secured against you. And frankly, if you're the one who bought it, I think that's a good thing.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2006-03-23 05:14 am (UTC)It's like if you where given a screwdriver, but you could only use it on one particular brand of screw. And if you do, then you'll be breaking the law.
If they install a thing so that it can only be used on that one particular kind of screw, and you find a way to tamper with that, you are again breaking the law.
They give the argument that it's really expensive to make these screw drivers and screws, and that they have to protect themselves from dirty stinking evil communist hippies that hate everything good and wholesome. And yet it's still just a fucking screwdriver.
Instead of jamming the justice system already unable to cope with stuff that isn't even that important, how about these people find some relatively effective ways of 'protecting' their media. And when people break it, not throw a big fucking hissy fit.
Stuff like this is just going to push free software more, and these guys are going to make even less money.
no subject
Date: 2006-03-23 11:06 am (UTC)You know what bugs me? The anti-piracy software on some PC games that have to periodically access the PC during play, (and crash it) forcing the slow-down of sloth proportions. Or the type of anti-piracy software which prevents your CD drive from actually accessing the disk. I remember one of the games I bought recently would only run in the cd-burner. When I contacted the customer rep, he stated it is due to antipiracy software installed on the disk. Fine, protect against the antipiracy. But if you make your product unsuable by implementing it, then you have done the job a bit too well.
no subject
Date: 2006-03-23 02:43 pm (UTC)no subject
Date: 2006-03-23 01:08 pm (UTC)I'd always thought of it - I'm obviously not on the same level of technical knowledge that you are, but it's basically the same idea - as a simple problem of viewability. Once you can hear or see their product, you can always use some sort of means to copy that output. Of course, they're trying to 'fix' that by making secure 'secure' connections to your monitor and othersuch convoluted solutions...but if they could just get around the fact that no one would buy it if they couldn't see it or hear it at all, then they'd be totally safe and happy! :p
rent-a-society
Date: 2006-03-23 03:33 pm (UTC)The way things are going, I can easily imagine a world where we'll be renting everything: clothes, houses, cars, dental work... The point being of course, that if you don't OWN something, it can be taken away from you by the few or one who does own it, and that threat over one's head is supposed to induce complicity.
Instead, the harder they squeeze, the more they directly encourage consumer rebellion-- piracy, smugging, and freeware black markets. They seem incapable of grasping that their greed is what fuels the problem. (Beginning with CDs that take $2 or less to produce with songs, including packaging!-- and charging $11-$23 for them! And they wonder why people download music for free!??)
Re: rent-a-society
Date: 2006-03-23 06:47 pm (UTC)no subject
Date: 2006-03-23 03:35 pm (UTC)no subject
Date: 2006-03-23 06:48 pm (UTC)no subject
Date: 2006-03-23 06:11 pm (UTC)Anyway it is an absolutely nutso idea to assume that, once unlocked, you can secure a stream from being redirected in unexpected ways; the term 'dream on' definitely comes to mind at this point, as it should have done to the collective bonce of the entertainment industry.
no subject
Date: 2006-03-23 06:47 pm (UTC)Although, even if they put the key on a chip, a hardware hacker could use a logic probe and soldering iron to get around this issue. Wire the outputs so that they always send the "accept" signal, for instance.
The real problem, of course, is that the entertainment industry wants complete control of the market. It's not about "piracy", it's about preventing competition.
no subject
Date: 2006-03-24 10:39 am (UTC)So for example if you add a layer to it such that the accept signal that it is expecting also has to be digitally signed (and is unique in each instance) then the ability to intercept/reproduce that signal won't be too much help. (This is all assuming that one can build chips that cannot be reverse-engineered. This is probably impossible - but I think one can build chips that cannot be reverse-engineered without some *very* surprising hardware.) You could do worse than watch the XBox DRM fun; www.xbox-linux.org. (Good article to start 17 mistakes microsoft made in the xbox security system).
Previous generations of hardware could mostly be reverse-engineered because they were designed to do a job in a straightforward and efficient manner. It is only recently that we have got the idea that we would be better off creating sneaky hardware, and for my money the only sensible reaction to it is simply to refuse to buy any such shitboxes.
If enough of us refuse to buy in, some Chinese company will come up with a pre-hacked version. This already happened with DVDs, region encoding, macrovision; around here you can walk into Tescos supermarket and buy a noname DVD player costing probably less than 40 quid that will ignore region encoding like it never happened.
Apropos of little enough, I met a guy from Plextor a while ago who was boasting about how the super-high density CD burning functionality, crypto functions, etc, on their drives would never be supported using Linux; the reason why as I recall was because the hardware in question simply won't answer the metaphorical telephone until you hail it the right way... so you are stuck with a black box that does nothing until you give the magic word. I doubt that he is right, since someone could surely reverse-engineer the Plextor drivers if they were really feeling up for a laugh, but then that would be totally illegal in the US if not in Europe. Either way, I told him that I'd be advising my office to avoid their proprietary features like the plague...
no subject
Date: 2006-03-24 12:26 pm (UTC)Even if you have some very sneaky hardware, though, you can probably figure out a lot with a logic probe and some testing.
posting as me this time :-)
Date: 2006-03-24 01:00 pm (UTC)Basically, under the DMCA you can reverse engineer only where and when it is necessary to achieve interoperability and when there are no other ways provided to achieve said interoperability; you have to ask first of course. And when you have reverse engineered, then be very careful to ensure that the results of that do not break any copyright law before distributing them (argh; if you remember, the argument regarding CSS was 'trade secret', and MS cut off the guy who uploaded the XBox firmware pretty quickly on copyright grounds).
Furthermore, the DMCA only permits reverse engineering for program to program interoperability. Reverse engineering for program to data interoperability, or indeed any other reason whatsoever, is not covered; since last time I looked, DVDs and the like were 'data' not 'program', then I would be very surprised if it would be legal to reverse engineer to get it to work.
See Universal Studios vs Corley...
no subject
Date: 2006-03-23 08:55 pm (UTC)There's also the scenario where Alice attacks Bob. The Sony DRM debacle showed that not only was Alice (err, Sony) trying to protect its content, it really didn't care what happened to Bob in the course of doing so. DRM uber alles.
DRM is ultimately just going to keep honest people honest. I use iTunes to purchase DRM'd protected music, and there are ways around the DRM should I ever want to do so. But this brings up the other point... DRM cannot be so over-the top as to prevent consumer adoption. The really draconian DRM schemes out there have failed because consumers don't want to deal with it (remember DIVX discs?)
no subject
Date: 2006-03-24 01:02 am (UTC)One thing in particular that troubles me about the increasing paranoia of media distributers is the concept of people no longer owning what they buy, or having the freedom to do what they like with it. I can see how it might be inconvenient for the distributers, but... seriously, buying DVDs that can only be viewed a certain number of times before becoming unreadable? Making it illegal to watch a video with more than 20 other people, or at a school, without a special license? Only being allowed to install software you've bought on one of your computers?
Along with their policy of heavy-handed lawsuits and tech support/customer service being outsourced to other countries or entirely nonexistent, it seems like they want to drive everyone into wholesale piracy. I feel that if you buy something, you own it, and they have no further say on what you do with it. You can set it on fire and eat it, use it as a urinal cake or
Fortunately the Danes tend to agree, so most CDs, DVDs and software can be borrowed at the library and legally copied. The copyright lawyers jumped like they'd been goosed and were shocked, shocked, when the government made the creation and possession of mp3s legal... as well as the copying of any digital media in the library.
Buahahahah.
no subject
Date: 2006-03-24 01:04 am (UTC)no subject
Date: 2006-03-24 01:09 am (UTC)DRM is about Corperations Thou Shouldn't Trust -- Not Trusting Thee
Date: 2006-03-24 10:46 am (UTC)I believe that this video, which I think is absolutely lovely, makes an excellent point to this fact, and I always include it whenever I bring up the concepts of DRM and "Trusted Computing."
http://video.google.com/videoplay?docid=-5115609628556940516&q=trusted+computing
(Tis thee that I love, Google.)
Re: DRM is about Corperations Thou Shouldn't Trust -- Not Trusting Thee
Date: 2006-03-24 12:33 pm (UTC)It's the Elfa! *squeezle*
And that's a wonderful video link. Thanks for showing me!
When might I talk to you more?