More On Hard Drive Copy Protection

rabtech writes: "I contacted one of the head guys working on the ATA specs [Kent Pryor of Quantum] about the 'copy protection' thing, and what that may mean for the hard drive industry. He responded, and I've posted his letter on our front page. I did point out the issue between copy protection and copyright protection: 'Yours may be the only one actually giving a rational reason for opposition.... I will pay special attention to the difference between copyright protection and copy protection. Thank you for pointing out that legal distinction. In general, we support copyright protection. The amount of copy protection that would be allowed under this proposal would not be determined by the standard, but by the software that controls the licensed devices.'" It sounds like a royal mess to actually implement hard-drive copy controls, since they require so many groups to cooperate, but the seed has been planted.

RMS's view on CPRM

[phaze3000]

From The Register.

Copy protection hard drive plan nixes free software - RMS By: Andrew Orlowski in San Francisco Posted: 23/12/2000 at 01:07 GMT

Richard Stallman says that plans to put content control into industry standard hardware pose a threat to the adoption of free software.

Proposals have been made to add CPRM (Content Protection for Removable Media) into the ATA hard disk specification, we reported on Wednesday. CPRM originates from the the 4C Entity and licensing is administered by License Management International, LLC, which also administers the CSS license.

"This resembles CSS and e-Books: it is another plan to impose additional power over people who use published information, on behalf of those who hope to control the power," he writes in emails to The Register.

"This plan seems to pose a threat to free operating systems. We will surely not be authorized in the US to implement free software to access any of the centrally-controlled data. So a free GNU/Linux system won't be able to do it."

"If users accept the domination of centrally-controlled data, free software faces two dangers, each worse than the other: that users will reject GNU/Linux because it doesn't support the central control over access to these data, or that they will reject free versions of GNU/Linux for versions "enhanced" with proprietary software that support it. Either outcome will be a grave loss for our freedom."

"We must hope that some countries refuse to pass laws to prohibit free software such as DeCSS, so that some part of the world can publish the software that will keep freedom alive, underground, in the rest of the world."

Stallman also highlights the term "copy protection". "The word 'protection' ... tries to disguise obstructionism and rampant power as an attempt to keep a program or book or song safe from harm. It is a propaganda word."

Indeed: it's a euphemism as incongruous as down-sizing or friendly fire. As an alternative, we quite like "copy control". But if you have snappier suggestions, we'd like to hear them.

--

The Register...

[while]

(which appears to be in the /. submissions killfile, but that's a different story)

Anyway, The Register (the site that also broke the story) has posted a very good FAQ on the subject:
http://www.theregister.co.uk/content/2/15718.html
(for the goat sex paranoid)

(end comment) */ }

Re:Mac hater?

[DrgnDancer]

from what I saw the site was more of a "we like the Mac, but hate apple" type thing. All their articles were about either cool Mac stuff, or screw ups by Apple (as a company, not so much related to the quality of the actual machine). This is somewhat understandable attitude. As an outsider looking in, it has always seemed to me that Apple delights in tormenting it's loyal users, who keep coming back because they like the product.

The saddest part

[Veteran]

The most unfortunate part of the entire attempt by the RIAA MPAA etc. to control everything is that the people who make all of the actual decisions - the politicians - have no clue what is actually going on. Here are the things that the politicians need to understand:

• Copy protection is not about commercial piracy.

  No copy protection scheme prevents commercial pirates from turning out identical copies of the 'copy protected' material.

  All 'copy protection' schemes are about preventing people who have legally purchased material from using their material in ways which the law has always allowed.

• Copy protection is not about protecting artists or writers.

  Copy protection is about allowing current industry companies to maintain control of artists and other people who create copyrighted material.

  'Copy protection' is about the current industry companies attempts to continue to be dominant in the recording and publishing fields.

  Current companies are terrified of the Internet because the Internet allows artists and writers to publish their works without going through a publishing company .

• There is a difference between 'Copyright protection' and 'Copy protection'.

  'Copyright protection' is the responsibility of government to protect material which is copyrighted from theft or other illegal use.

  'Copy protection' is a scheme by companies in the recording and publishing industries to control how legitimate purchasers of copyrighted material use that material . 'Copy protection' is an attempt by the recording and publishing industries to eliminate 'fair use' of copyrighted material such as LIBRARIES .

• Recording and publishing companies don't vote . The people who are affected by the schemes these companies are pushing do vote .

The only encouraging thing about the copy protected disk situation is that it is the first time that I have been able to get across to non technical people why the DMCA affects them . That is a very good thing - we need to let the non technical people understand why these things are so important to all of us.

Why are H/D manufacturers supporting this?

[Morgaine]

I can't figure out why the hard drive manufacturers are giving this scheme the time of day. If it works, it will dramatically reduce the amount of copying being done (perhaps 95% of all non-corporate copying I'd guess), and so it's absolutely inevitable that the number of drives bought will plummet. This is not to the advantage of disk manufacturers at all.

Given the profit motive, the drive manufacturing sector of the free market should be dismissing/ignoring these proposals altogether. What's happening here, what's pushing them to support it? They're definitely not addressing their customer requirements.

Who should we take this up with at IBM?

[jcr]

Good work.

Now, we need to make it very clear to the CEO's of every disk manufacturer that we can reach, that we will boycott any copy-protected drive.

They can't even be bothered to make drives with a real hardware write-protect anymore, so the security of MY data is apparently unimportant. I'll be DAMNED if I'll buy a disk that secures the MPAA's data, but can't be configured as read/only so I can keep the script kiddies from messing with it.

-jcr

encapsulation and others isssues

[mirko]

How will they manage to prevent a single raid-array disc to be copied ?
How will they ensure the raw /dev/hdxx (or sdxx) volume is not rot13-uuencoded / rot13/uudecoded on the fly ?
And btw, doing this will have an ethic impact : what about fellows who want to backup their ext2fs or reiserfs volumes ?
Does this mean we will have to pay for specific backup software with NSA backdoors (who said "MS" ?) ?
I believe there's something rotten...
--

Re:encapsulation and others isssues

[sjames]

How will they manage to prevent a single raid-array disc to be copied ? How will they ensure the raw /dev/hdxx (or sdxx) volume is not rot13-uuencoded / rot13/uudecoded on the fly ?

Neither of those things would matter in the least. The idea is that the instalation software (let's say a music download app) performs a handshake with the drive using crypto techniques perhaps it opens the out of band channel and sends a challenge encrypted in the drive manufacturor's public key. The drive decrypts it and sends a response in the public key provided to it in the challenge. The response consists of part of the challenge (possably convolved) along with a serial number. The download software applies a blackbox function to that serial number (possably with other information such as the location of the first block of the file) and encrypts the data stream using that key and a secret encryption algo.

In order to play the music, the player must handshake w/ the drive in the same way to get the serial number, and apply the same blackbox to produce the key for the stream. If the stream has been copied to another disk, the wrong key will be generated and the stream is worthless random bits.

An effective MITM attack will require that the manufacturer's secret key be extracted from the drive somehow. It would probably be stored in a tamper resistant chip similar to the ones on a smart card. That chip would handle all crypto internally to avoid logic probes on the buss. Note that the key pair could be different for each drive with the right server side design AND if the whole .NET thing takes off (the player would only work if it could transact with a server side function).

Other possable approaches involve tracing the downloader to determine the challenge or to extract it's secret key. It would also be necessary to determine the blackbox function and the encryption algo. Note that all of that might be kept in the server side software and thus be difficult to access at all.

None of that makes the system absolutely secure. It CAN be broken given enough determination. What it would do is raise the bar quite a bit higher.

Begin editorial: I find it interesting that the various content industries are willing to go through all of that for a 90% solution in order to strip away fair use rights rather than use much simpler watermarking techniques to make actual copyright infringement traceable while leaving fair use intact.

If this sort of thing actually takes off, the early 21st century will be seen by future historians as a dark age since they will have no evidence of any literature or culture, In the event of an upheaval of civilisation, a great deal of knowledge will effectively disappear along with the copy prevention infrastructure (much like DivX disks) for the simple reason that textbooks will be inaccessable. New ones will have to be written by those who have the knowledge to do so. Literature will have to be re-copied from memory (like Fahrenheit 451) or lost. All that because a few multi-millionares childishly declared "If *I* can't have it, NOBODY can have it!".

Others will, of course, call the above silly. No doubt they believe that the current societal structure will go on forever. I say tell that to the Roman Empire (go ahead, try to find a representative today). No doubt they also believed that the empire would always be there. If that's too far back in history for you, tell it to the Tsar of Russia or the current president of the USSR.

Re:No problem? Think again.

[VValdo]

Well, if this thing is software-controlled, and Linux is open-source, then all we have to do is create Linux drivers that create a workaround to defeat it, right?

Sounds like you're advocating something illegal under the DMCA, namely circumventing copy protection used to protect a copyrighted work.

It's decss all over again. They encrypt software, music, you name it onto a CD, DVD, Installer disk, whatever. You can't get it off there because that's a DMCA violation. Then they make a Windows-based installer to transfer it securely to the Hard Drive. You can't get it off the HD either-- it's another DMCA violation.

Boom. There goes your right to use any of that content in Linux, unless they feel like giving you a Linux installer.

-------------------