Copy Protection Galore

Kirk writes: "SecurityFocus is reporting that the cable industry submitted an FCC filing last week indicating that digital cable systems will use a patented, Hollywood-approved copy protection scheme called Dynamic Feedback Arrangement Scrambling Technique (DFAST). Under the scheme, HDTV-compatible recorders will refuse to tape movies, shows and sports events that have a 'don't copy' bit set. Consumer electronics makers fear an end to fair use rights, but cable companies will force compliance with DVD-style licensing agreement and the DMCA." And the Register notes that all hard drives will include copy protection by next year, under a plan put forth by the manufacturers to please the entertainment industry. Alan Cox doesn't like it, but Alan Cox doesn't call the shots here. T13.org has more information, including the specifications and some presentations explaining the system.

A matter of Marking Blocks.

[Christopher+B.+Brown]

... And if you store data using Ext2 filesystems, or ReiserFS filesystems, or BSD filesystems, or ... ad infinitum, and don't mark blocks as protected, this prevents me from storing data on the disk precisely how?

I will certainly grant that this misfeature provides some wonderful exploits for the nefarious. After all, how long will it be before some hacker constructs a WinTel virus that marks the whole disk as being "copy protected," thereby rendering it into so much chaff from the perspective of anyone that was planning to actually store data on it.

Western Digital, Quantum, Seagate, and friends will be gloriously happy at that one; it's a wonderful opportunity to sell people more disk drives.

But as for the number of ways that this is a Spectacularly Stupid Idea, I'm not sure I have enough fingers and toes to cope with counting it... I'll probably need a Pentium processor, one without the FDIV bug, hopefully!

All sites with Linux source code will be illegal..

[mikethegeek]

"And if you store data using Ext2 filesystems, or ReiserFS filesystems, or BSD filesystems, or ... ad infinitum, and don't mark blocks as protected, this prevents me from storing data on the disk precisely how?"

Simple... The MPAA/RIAA will go back to their favorite puppet, "Judge" Kaplan and get Linux/BSD and anything else that can use ext2 illegal as a "circumvention device" under the DMCA. Furthermore, the Linux source code, as it contains this "illegal" code.

Scary shit. This demonstrates how dangerous rogue judges are, and why the power of the judiciary needs to be curtailed and accountability increased.

Re:Virtualize

[Skapare]

How do you know that you're really talking to the hard drive, instead of a software emulator that makes all hard drives look the same?

First of all, this whole scheme is intended for media recording devices, such as TiVo, not for computers. The intention is to make it so that a movie recorded on the media cannot be played elsewhere, or copied by means other than what the media recording device permits.

That said, the answer to your question is this. The media recording device will interact by sending a challenge hash to the drive, which encrypts it and sends back the result. This is essentially authenticating that the drive really does have CPRM implemented, enabled, and activated. The software emulator, not having the necessary keys, won't be able to complete the challenge, and the media recording device will know it does not have CPRM media (it may still function at some level without such media, for example to record only movies without copy protection).

CPRM further is intended to prevent taking the hard drive media to a computer and copying individual files or cloning the whole drive to make an uncontrolled copy. The way this is done is via the encryption which will be different for every drive. Although the computer can use the CPRM device commands to access the read/only area, it won't have the recorder keys to make any sense of it.

Swapping an older controller onto a newer drive with the same platter configuration may not work, as the recording of the keys, and possibly of all the data on the platter space, could be done with a totally different low level format which the older controller would not understand. The best you could hope for is being able to use the older controller to low level format the platters, but that would wipe off all the keys, so all you now have in a drive w/o CPRM.

In it's current spec, CPRM is NOT something that interferes with normal computer functions, aside from reducing available capacity by 1 megabyte (get it back by low level formatting with an older controller, if you know how to) and increasing the cost by $0.17 or less. Whatever is written on the drive w/o the use of CPRM will read back the same on any computer. So you can still store "freed" movies on the drive with your BSD or Linux machine, and quite possibly even with Windows.

This copy protection mechanism requires cooperation between the recorder (subject to laws requiring implementation of copy protection logic) and the media (not subject to those laws). The recorder could be implemented to not record copy protected content on media that doesn't implement CPRM, and this would probably be it's way to be compliant with the law. Non-CPRM media can still be made, but may not work in new recorders. Manufacturers of the hard drives will probably be happy to implement this on at least some of their production to sell to the media recorder market. They may also implement it on the entire production line simply to save inventory and production scheduling costs which would likely be more than the patent royalties involved, knowing that normal computer functionality is not impaired.

What crackers will be seeking to do is extract and crack the keys, and probably implement some device that goes between a recorder and the media to completely fake the recorder into believing it has CPRM compliant media. What gets recorded may then be in the clear, or may at least be cloneable. Other potential cracks could be the ability to make a successful clone by emulating a media recorder with 2 interfaces and no copy protection. Whether crackers can crack these keys remains to be seen. Maybe the movie industry has learned and is using larger keys. OTOH, crackers have been way more resourceful than most of us have expected prior to successful cracks.

Shaking Head

[Interrobang]

The first question that occurs to me is, "Just who do they think they are?" I don't like to see people put the kibosh on Fair Use rights (or even my ability to grab something off the tube so I can watch it when I am home, or something).

I guess it all comes back to corporate control...I always knew there was more to HDTV than met the eye, and I wondered why, ever since I heard about it, alarm bells were going off in my head. Now I know.

Am I ahead of the Weltanschauung, or what?

Interrobang

Hard drives...

[Yu+Suzuki]

How can this be enforced? There's no "hard drive coalition" like the RIAA or MPAA. Anyone who wants to make a hard drive can -- and plenty of manufacturers do. Sure, the big ones will no doubt bow to the entertainment indus^H^H^H^H^Hcabal's demanads, but just as smaller DVD player manufacturers don't include regional coding, smaller hard driver manufacturers probably won't include any copy protection schemes. And there isn't yet a law that can force people to purchase a disabled hard drive; that would be an illegal restraint of free trade.

When people find that their mainstream hard drivers don't have the functionality they want, they'll simply buy hard drivers from smaller manufacturers. No big surprise there -- we already saw the same thing happen to Circuit City's ill-fated TiVo. I don't see how this situation merits such doomsday predictions; it might be inconvenient, but people aren't stupid. They know what to buy, and it won't be copy protected hard drives.

Remember, ultimately, companies are dependent on your dollar to keep them in business. Don't like their products? Don't buy them, and watch everything start to change.

Yu Suzuki

Re:what about the hard drive makers?

[griffjon]

To be totally Machievaellian, they might need to pad their Q4 HD sales. What better way to do that than to release information that the next generation of HDs will be unusable?

What the F*#*!!

[Faulty+Dreamer]

At what point did consumer rights just completely disappear? What happened to the idea that you try to please your customer? Where did that mentallity disappear to?

I do not understand how this kind of garbage keeps happening. We used to have, under "fair use", the right to "time-shift" any publicly accessible media. Television and radio shows, broadcast movies and sporting events were allowed to be recorded by law. So, how do the media companies propose to remove the capabilities that the legal systems says are perfectly allowable? By introducing a "no record bit" in the signal. These proposals (well, they are more than proposals now aren't they? But I refuse to call them "standards") are seriously just another attempt to gather more money.

But the thing that the industries involved here don't understand is that they are only going to hurt themselves in the end. Now, all of the people that have to work during their favorite shows will not only not be able to record those shows to watch them later, but they won't be able to watch them at all. How does that improve viewership of the shows that these companies claim are so important to their livelihood? If we have an evening where we are busy and we can't watch our favorite show, we can't watch that show at all. Forget about recording it because the industry says that's piracy. Be a good little consumer and sit in front of your TV when we tell you to. Well, what if we have lives beyond our television, but we still want to watch our favorite shows? Sorry, that's no longer allowed.

It just seems utterly ridiculous to me that companies keep thinking that by "getting tighter control" of their media they are going to make more money. All they are doing is wasting a lot of money on things that are going to garauntee lower viewership, alienating viewers, and pissing people off in droves. The electronics market will suffer. The consumers will suffer. And eventually, when people get so sick of trying to find ways to watch their favorite shows that they stop watching altogether, the media companies themselves will suffer.

Well, that doesn't really hurt my feelings too much. But it is amazing to see so much money wasted on something that is so utterly stupid. But, it seems stupidity is the only thing these companies are good at anymore. Once a business hits a certain size, that's it. You cannot be big and still play smart. It just doesn't seem to work.

Now, having said all of that, is it possible that the FCC will reject this? It would be nice if there were that much common sense in a government agency. The whole intention of agencies like the FCC is supposedly to uphold the law of the land. The law of the land says that time-shifting is allowable. But the law of the green (as in the green of the money of the kickbacks the FCC is bound to be getting from the industries involved) says that time-shifting is just another way of sayhing "piracy". However this turns out, I'm sure it will be another "consumers are evil, business is good" turn of events.

At what point will business realize that people are not evil just for being consumers? Legally, at least in the US, you are supposed to be innocent until proven guilty. But when it comes to business anymore it is automatically assumed that anyone that purchases any good is guilty of the most evil and vile crime that is possible with that good (or broadcast). It is not even thought, even for a moment, that a "consumer" may just be using something as it was intended, or if not exactly as intended, it isn't the evil and disgusting nature of the person causing them to do something "different" (Oh, that's a naughty word now isn't it?). It is just that they need to do it differently or they can't do it at all (especially in the case of recording a show because you aren't home at that time).

But let them do it. Once a few million consumers are pissed off and stop watching/recording their shows every day while they are working, maybe these people will finally wake up. But I doubt it. They will probably just assume that we are illegally tapping into someone else's feed.

A Note I Sent About The Hard disk Copyprotection

[peterwayner]

[John Gilmore wrote about this topic yesterday on several lists. Here's my reaction. I'm curious to hear what others think.]

I'm glad that John spent the time and energy to write a good summary of what is going on in the hard disk area. He's spot on about the dangers to our liberties.

But I was quite worried until I began to see the dangers for IBM and Intel in the scheme. This is not an easy play for them because it threatens much of the entire industry in these ways:

1) This is going to increase the cost of using PCs dramatically. Hard disk crashes are going to go from major disasters to utter catastrophes. When the disks go bad, you'll need to buy all new copies of the software, images, movies, and what not. Backing up? Well, that will be another headache that won't be possible without the right permissions. They can wave their hands, but there's no getting around the fact that installing software is going to have plenty of new red tape.

I don't see how they will be able to distinguish between the truth and a lie when a guy calls up and say, "uh, my hard disk crashed. I need to install it on a new machine." They either authorize it or they don't. In fact, they'll probably have to automate the process because it's so expensive to have an actual human on the other end.

My mean time between hard disk failures is about 2 years, but I'm a heavy user. Can we really afford to create a new class of technicians who do special hard disk replacement for 20% of America each year?

2) This really changes the nature of the business. Right now the PC and software manufacturers sell you a box, wave good bye and say, "Good luck." Support is a joke. Actually fixing the machines costs too much money. Anything worth under $400 is essentially disposable.

If they put trusted hard disks in place, then there needs to be someone to care for these disks. They can't just keep waving good bye when you walk out the door. The business model needs to change to be something like cable television. That means hiring thousands if not millions of technicians who will come to your house and fix your hard drive.

3) This is really going to slow innovation and that's really going to hurt IBM and Intel. Already the hardware guys depend heavily on upgrades to keep people buying machines. If people can't move their software to a new zippier computer, then they're not going to buy a new zippier computer. Take a look at the cable television world. Most people are still using 1970's era technology. It just takes too long for the service technicians to go to each house and replace things. But that's the only way you can run the world when you have trusted corrals for special data. You can't just let any schmoe upgrade their hard disk or any schmoe is going to be able to pirate Hollywood movies. Gosh, that's all us proles do all day long you know. Pirate content.

4) This is another opportunity for the open source community to come in and steal market share. If the press reports in Slashdot and other places are to believed, it was only a few months ago that Microsoft marched into the offices at Virginia Beach and asked them to produce the certificates for their copies of Windows. You know, those neat hologram embossed slips of paper. They didn't have one for each PC so they had to pay more than $129,000. (http://slashdot.org/articles/00/12/01/0532206.sht ml)

This is another opportunity for Red Hat or some other Linux box company to walk into companies and say, "Use Red Hat, Mozilla, and Star Office and you'll never have license problems again. The hardware guys claim that they can take care of rights management issues for you. So can we and we cost alot less."

I think this may be the greatest thing that's come along for open source OSs yet. As Princess Leia said in the Hollywood content "Star Wars", "The harder you squeeze your fingers Vader, the more planets slip through the fingers." Do those content wrangling lawyers down there ever look at the content they protect?

http://www.wayner.org/books/ffa/ for information on my book on open source software.

p3@wayner.org

I'm looking for the Man in the Middle...

[The+Monster]

...attack, that is. Since the whole thing is based on the INT 13H interface, it seems to me that a kernel module (or a .DLL for the OS-challenged) can mediate between the application requesting "secure" storage and the drive allocating it.

The easiest thing to do is simply open two files on the drive, one secured and one insecure. Then, whenever the paranoid app asks to write to the secure file, send that block of data to the insecure file, and send the same block to the secure one. Let the challenge/response mechanism built into the drive satisfy the app's desire to assure that it's talking to the Real McCoy, returning the status codes that come back from the secure file to the app.

As an added bonus, throw in the old BBS download quota bypass, and when the last block of data is written, return an error code to the app, indicating that the file is not correctly committed to disk. Also, you can have the app tell the drive to delete the secure file, releasing one "lock" (some supported schemes allow you to make 3 "portable" copies at a time, requiring verified deletion of a copy before another can be made).

Since the interface to the device has to be well-specified, this sort of approach is how the security will be circumvented. Having a copy of the .DLL will be a violation of the DMCA, of course, but so is having pirate copies of movies. Therefore, a version that can be loaded from a floppy will probably be quite popular.

And another thing...

[kennylives]

Putting copyright protection on the HD, presumably requiring the participation of the OS (not likely in the case of Free software anyway), essentially means that the PC must become a trusted client when running software.

Bruce Schneier (the very same) speaks to the idea of trusted clients in the 15 May 2000 Crypto-Gram. Here he says:

Other companies claim to sell rights-management software: audio and video files that can't be copied or redistributed, data that can be read but cannot be printed, software that can't be copied. The common thread in all of these "solutions" is that they postulate a situation where the owner of a file can control what happens to that file after it is sent to someone else.

It's complete nonsense.

Controlling what the client can do with a piece of data assumes a trusted (from the point of view of the initial owner of the file) piece of software running on the client. Such a thing does not exist, so these solutions don't work.

Besides, such a thing would put such a damper on PC sales as to make the last quarter look like a windfall...

Maybe a good idea

[KevinMS]

My first reaction is, of course, this is terrible, but then I realized, the more they push me away from tv, the more of a favor they are doing me.

History Repeats Itself

[Greyfox]

If the MPAA was paying attention they'd have noticed that we went through a copy protection phase back in the '80's. A lot of those companies went out of business. If your content is not conviently accessable, people will go elsewhere. And that's before we get the anti-monopoly laws in gear, or do you really think the courts will support legislation which makes it impossible for you to express yourself without the express approval of some media company somewhere? No one ever seems to realize that these controls will make it next to impossible to generate free content outside the corporate infrastructure. Which is a rather convienent side effect. If you're a corporation.

Re:Well, the gist of the HD article

[sickman]

I think that is a very important point, not just. We tend to blame industry execs for every ridiculous leap away from the fairness of balance of the old copyright system to the heavy-handedness on the side of property owners in the new. However, the blame, really, belongs on the people who let them get away with this, specifically us. Don't like the MPAA? Don't buy their movies. Don't like the RIAA? Don't buy CD's. It is not as hard as it seems to break away from these industry's controls. If they saw that there was a limit to how far they could push these types of technologies before people just walk away, you can bet they would calm down. I think most of us get enough EM radiation at work. Go out, go to a bar, get laid, do something else. We got along fine before these industries made us dependent on their technologies, we can get along fine without them. But we don't need to, all we NEED to do is show them that we're willing to get along without them, and the battle will be ours. Until then, they will continue to win.

Virtualize

[Sloppy]

How do you know that you're really talking to the hard drive, instead of a software emulator that makes all hard drives look the same?

This will only work in absolutely closed systems, where 3rd parties never have the ability to write drivers, and where the CPU doesn't have the ability to trap on I/O. Even MS Windows (as we currently know it, at least) running on x86 is waaay too open and functional for this to ever work.

Pet Peeve: This is not copyright protection. It's copy protection. The bad guys' goal is to make the public think that these two wildly different terms are synonymous.

Copyright protection is something that protects copyright. An example of this would be a watermark that identifies who a copy has been sold to, so that if it ever turns up in the public, the copyright infringer can be prosecuted. I don't have any objections to copyright protection.

Copy protection is a completely different beast: it makes it difficult for people to make copies, even copies that do not infringe copyright. I have objections to copy protection.

When people (innocently or otherwise) confuse these two terms, they should be corrected.

---