4C May Back Down On Hard-Disk Copy Protection

ArghBlarg writes: "As reported on the Mercury News' siliconvalley.com website, the 4C group, consisting of IBM, Intel, Matsushita and Toshiba, responsible for the dreaded CPRM rights-management standard for PC storage media, may be backing down on mandatory implementation of the standard in PC hard disks. A Linux consultant by the name of Andre Hedrick, who sits on the T.13 protocol committee, apparently confronted them during a recent meeting and got them to consider making an 'opt-out' mechanism if the standard is ever implemented in hard disks. However, the EFF says that's not good enough, and says that CPRM should never besmirch a PC hard disk's firmware, in any form. The 4C group has been eerily silent about the issue, according to the article, so this isn't over yet. (According to the Mercury article, the 4C entity promised to release a formal statement here about the 'opt-out' possibility, but no new releases were up at the time of writing.)"

Re:flash disks my ass

[much0mas]

If this is allowed to run it's course, it may very well end up like airbags in cars... "optional", but you need a government permit to even turn them off.

A Linux *consultant*?

[Ian+Schmidt]

I suppose you can call him that, but Andre Hedrick wrote and maintains the IDE code in the kernel and has for at least 2 years now.

Re:A Linux *consultant*?

[Oestergaard]

Since there is no company or organization by the name of "Linux", Andre's position in T13 is *consultant*. Nothing more, nothing less. He votes and stuff, but he is a consultant only as no person can be said to represent "Linux".

(No, not Linus either, he doesn't own even 10% of the kernel anymore)

But yes, other than that, Andre rocks (in his own special way sometimes) !

The Register has the best coverage of CPRM

[gkanai]

Forget the Merc and CNet, the Register in the UK has had the best coverage of this CPRM mess.

Everything you ever wanted to know about CPRM, but ZDNet wouldn't tell you...
CNet suckered by CPRM spin
Linux lead slams 'pay per read' disk drive plan
Stealth plan puts copy protection into every hard drive
4C retreats in Copy Protection storm
EFF's Gilmore calls for CPRM hardware boycott

How will media conglomerates report this?

[astrashe]

This is a huge issue, and we need to take it seriously. I would go so far as to say it's a "do or die" issue, perhaps more important than cryptography. We need to draw a line in the sand.

When drive manufacturers build hard disks, who are they working for? The owners of intellectual property, or us, the people who buy them? It seems to me that they're working for us. Why don't they act like it? What's going on here?

I don't want to encourage strident or peurile pseudo-political action. And I'm not sure what to do about it. But this just can't be allowed to go through. This is the sort of thing that ought to make us all consider writing checks to the EFF, at the very least.

All of the conventional wisdom about concentrating press power into a few hands, as has been the trend lately, suggests that this story won't get much play. The same dynamic exists in the debate over the giveaway of new HDTV frequencies to the broadcasters. You don't hear much about that, because the people getting the giveaway are the ones who are supposed to be protecting us from such scams.

The bad news is that all of the people who are suppsoed to be protecting us from scams like this current one are also the same people who own all of the intellectual property. Will Time/Warner allow its journalists to talk about this issue?

We have to stay focused on this. We have to tell people we know about it. We have to make noise. And we have to make sure that our lobbyists are well funded.

This is simply totally and utterly unacceptable.

Re:No way

[_ganja_]

"There's no way that HD copy protection will survive, AFAIK. Once you sell the user the hardware, you can basically kiss it goodbye."

From what I've read, its not that simple and if Alan Cox is worried about it, it will not be easy to defeat. This ain't no MP3 watermarking scheme.

The fact that this has gotten this far pisses me off a great deal, if I buy a HD I should be able to do as I please with it. Its bad enough with DeCSS bullshit, if this gets anywhere near HDs we'll have the same battle: "Sorry Linux, you don't have a licence to read the new HDs and even if a benevolent stranger were to donate a license, you can not write drivers and open the source".

What's that you say? It's only for selective content such as films and music, for now maybe but once the spread of the technology is wide enough, who knows? This is fat cat corporate heaven.

We are no longer living in interesting times but very worrying times. George Orwell seems to have only missed the date by 20 years, maybe he misjudged human nature and thought we would rollover quicker but regardless if "inititives" like this HD shit get implimented I'd say we're half way on our backs already.

It should not even be allowed in the standard.

[VValdo]

Although some manufacturers will choose to "opt out" of the CPRM stuff, SOFTWARE designers will simply require copy-control enabled hardware as one of the specs, ie:

"This software requires
32 MB RAM
Such-and-such Processor
CPRM-enabled Hard Disk"

it's embrace and extend. If the only way to run the software is w/a CPRM drive, and the software is mission-critical, then you've got no choice.

Of course, it COULD backfire and people would just stop using that software... but a potential (and likely) collaboration between software and hardware designers makes it all the more important that CPRM never get finalized as a standard.

W
-------------------

Re:It should not even be allowed in the standard.

[shumacher]

The fastest way for this to become a standard is for Microsoft Windows to require CPRM. Add Office and it's a done deal. It will be sold to consumers just like SDMI, as an enabling technology. "The HP Pavillion 9920 also features a 220GB CPRM compliant hard drive, allowing you to take advantage of the latest in games and productivity software."

Non Issue ?? - See Comp.Risks 21.18

[ckedge]

There is a message in the 21.18 Risks digest which claims that the 4C's CPRM was solely for Compact Flash media, and that John Gilmore over-reacted, that the technology is "neither intended nor licensed for use with PC hard drives", and that this 'issue' is being blown all out of proportion. It was in directly reply to John Gilmore's own Risks submission about the 'issue'.

So, can someone without a flaming streak of extremism or a conflicting interest and with some detailed technical knowledge of the facts please speak up. Is this Risks submission (from a guy from Intel) accurate?

I don't like it when zealots create a big wave and brou-ha-ha over nothing. It wouldn't be the first time.

Re:Non Issue ?? - See Comp.Risks 21.18

[Tackhead]

>We know of only one removable ATA drive: Castlewood's Orb. [ ... but ] the 4C Entity is delivering a solution tailor-made for fixed disk ATA drives, and building right into the specification for industry standard fixed drives. This is indisputable. Now ask yourself, why is it there?

Because anyone with a removable IDE rack and Win9x set to boot to DOS can use any "fixed" ATA drive like a 30 gigabyte floppy with Norton Ghost by yanking it out of one machine and shoving it into another. (Or anyone with a removable IDE rack and a Real OS and /bin/dd for that matter.)

Hell, you can do it without the rack if you're willing to open your case to unplug the drive and remove it. All the rack does is make a 5-minute operation into a 10-second one.

$20 for the drive bay. $10 for the rack. Buy one rack per drive, and one bay per box. (And yes, they exist in SCSI variants too.) Standard equipment on every box I build for myself and friends - backing up boot partitions and 'doze installs is now too easy not to do, and it's a great use for all those ~1G drives we seem to have floating around. (200M for swap and /tmp, the rest is backup for the boot partition)

But instead of our own systems, we could just as easily be replicating TiVo drives, or drives from Nomad jukeboxes. Or 30G drives full of DiVX'd $MOVIEOFTHEWEEKs that the guy down the hall just slurped down through his broadband pipe.

That's what they're scared of.

Of course, I say "fuck 'em". My right to back up my data is a right. MPAA's "right" to protect its content through CPRM isn't a right, it's called "prior restraint", and they can go piss up a rope.

(BTW, am I the only one who read "4CEntity" as "Force Entity" and parsed it as "the entity that imposes the whim of the entertainment industry upon the PC industry by force?")

Re:Non Issue ?? - See Comp.Risks 21.18

[phaze3000]

From The Register:

IBM and Intel say that The Register's story mistakenly assumes that CPRM is intended for fixed hard disks, whereas it's only intended for removable media. Is this true? Not if you examine the ATA extensions under consideration closely. FACT: The CPRM ATA call interface requires information that standard ATA hard disks need, but that packet based removable ATAPI drives such as Zip and Jaz drives,don't: such as sector start and offset information. If the CPRM proposal under consideration by T.13 was for packet-based ATAPI drives, it wouldn't need this information. FACT: We know of only one removable ATA drive: Castlewood's Orb. All others use ATAPI, or media-specific extensions on top of ATA (as with IBM's Microdrives) - that don't require extensions to the ATA command set. From our conversations with the people behind the proposal, and public documents released by the T.13 committee, we'll agree that their focus to date has been on removable drives, and it's apparent that not all of the consequences of CPRM in fixed-drives have been discussed. But unforeseen or not - and despite public protestations of their good intentions - the 4C Entity is delivering a solution tailor-made for fixed disk ATA drives, and building right into the specification for industry standard fixed drives.
This is indisputable.

Now ask yourself, why is it there?


--

Guerilla Actions?

[human+bean]

So, let us suppose that the extremely evil corporate copy protection coven have their nefarious way with the ATA standard, and these drives become a reality. What then? Perhaps:

1. Older ATA controllers will not have this built into their BIOS. Maybe there will be a run on them.
2. How much of the controller code is in flash, and can be updated? What happens if the updates get hacked? "oh, look, now it always returns 00h".
3. From what I could find of the specs, The drive serial number is on the magnetic media somewhere. How long before a "utility" is developed to overwrite/change this? A side note: Wrap this up in an email virus. Send to fifty of your ex-friends. Better than a reformat, and takes less time. I bet drive manufacturer's tech support will love this.
4. The specs also mentioned "Encrypted key space" Are parts of keys stored there? Is there a limit? Generate small encrypted random files. Register and repeat until overflowing. Tech support will love this, too.
5. How about releasing a bunch or really cool freeware, stuff the masses will want to run. Only it won't work on CPRM activated systems, and gives a short message about why not, and then suggests that the consumer return his computer for one that isn't broken.

The list goes on. You just have to think about it creatively. The best arrangement is going to be education, though. Make sure that joe consumer knows he's getting screwed, and that other folks around him aren't.

Oh, and what about Firewire and SCSI? (info?)

[VValdo]

Did anyone learn anything about the copy-control stuff that had supposedly been added to SCSI and firewire?

W
-------------------

No way

[bonzoesc]

There's no way that HD copy protection will survive, AFAIK. Once you sell the user the hardware, you can basically kiss it goodbye. It's far easier to control software that can contact the mothership through the OS it requires than it is to control hardware that can run any OS. I suppose they could try the 'License to store data on this hardware' approach, but that's silly and hard to control.

Tell me what makes you so afraid
Of all those people you say you hate

Perfect Business Opportunity

[te]

Wouldn't be a good move for some hard drive company to specialize in selling "non" copy protected hard disks, then? Sure, it'd be tough going up against the big guys, but you might create yourself a niche market...

EFF is right, not good enough

[mikethegeek]

While it's nice that the outrage among us techies bout CPRM has apparently been noticed, making it "optional" is not accaptable.

It does not need to be in there at all. If it is, even if "optional" that will still give the MPAA/RIAA and unscrupulous software vendors the ability to REQUIRE you have it or enable it for their software/media, that you BOUGHT to work.

I really believe the way to beat CPRM to death is to drive home the point that it breaks the ability to use imaging programs like Ghost. How many enterprises right now are using Ghost to maintain and deploy PC's? Tons. Breaking it with CPRM hard drives will cost firms tons and tons of money spent in needless manual setup/maitenance on individual PC's.

ways around it are obvious

[QuantumG]

bah.. the most obvious flaw is sumed up in two words "compliant software". This compliant software is protected by licenses and NDA's.. nothing technical! Any moron can reverse engine "windows secure media player" and get the keys to access the data off the drive. Once you have the data you can resave it without the copy control. Trivial. Getting around it is hardly what we're talking about here.

Re:How _could_ it be implemented?

[Jah-Wren+Ryel]

RAMBUS is the WRONG comparison to make here. You know what happened with RAMBUS? They got patents granted by the USPTO as well as patent offices for a larger number of other countries. These patents applies to SDRAM and DDR SDRAM. So, with patents in hand, RAMBUS has been strong-arming all SDRAM manufacturers to license both the SDRAM and the RAMBUS patents with the SDRAM patents costing significantly more than the RAMBUS patents - they've also said that if any manufacturer disputes them, the fees for RAMBUS and any other patents that they hold will be much higher for the disputer. All Asian SDRAM manufacturers except one have already caved to RAMBUS. The American manufacturers are putting up a fight, but who knows how it will turn out.

So, if the CPRM were to really go the way of RAMBUS expect to see 4C sue everybody in sight who offers a CPRM-disabled product. You can bet the entertainment industry would be 100% behind such suits too. They killed DAT and Beta, and are trying their hardest to kill anything else useful.

Here's what I submitted as feedback on IBM website

[Dym_]

A couple of weeks ago, I went to http://www.storage.ibm.com/feedback/feedback.htm and submitted the following:

Hello,

I am writing to you as an owner of several IBM disk drives and as an IBM investor.

I've been following recent media reports about CPRM with alarm. The proposed standard for control over information would present problems for many applications (such as free software, which I use almost exclusively) while having dubious benefits.

Please consider retracting support for CPRM. If IBM continues to support it, I'll likely boycott IBM products -- and I don't want to do that (my Deskstars and Ultrastars are working great). Also I'll divest my IBM stock.

IBM made great contributions to open source community recently, and I'd hate to see that relationship affected by the policy of the storage division.

I wonder if more feedback like this will influence their actions...

How _could_ it be implemented?

[Fross]

This CPRM code is part of the ATA specification.

Hence for it to be required in hardware (and for all those sneaky sector-based things they want to do), it must be implemented in the chipset with the ATA interface.

Sure, Intel's in 4C, but they don't make the only chipsets out there. What about AMD? What about VIA? What about Apple, whose machines also use ATA?

I see no reason, if CPRM were ever to be enforced, that these other chipset manufacturers would refrain from splintering off and making their own standard, which would prove much more popular to consumer demand. After all, what happened with RAMBUS?

Fross

Does a product/technology deathwatch exist?

[t]

Just like the dotcom deathwatch site, we need a single webpage that lists all products that consumers should avoid. It would have things like the tivo clone that was pedantic about macrovision and screwed up frequently. Similarly we would need some kind of list for products that simply kick ass. I'm sure ibm wouldn't want their storage division to be #1 in the worst 100 products list.

t.

Re:Here's what I submitted as feedback on IBM webs

[mikethegeek]

"I wonder if more feedback like this will influence their actions..."

I don't know if it would. You wrote a very reasoned response, though it may be better to mail it to them, since I doubt anyone above level F marketdrones ever read website feedback forms.

That sort of feedback IS what we need to give IBM and every HD mandufacturer. All it will take to break CPRM is to convince one company to not play the game, or to sell non-defective (CPRM free) hard drives.

This really is a case where the whole industry HAS to play ball for this to succeed. If only one or two manufacturers impliment CPRM, they could find themselves out on the proverbial ledge, while their competition is busy taking over their market share.

I shudder to think what will happen in a year or two, at the rate things are merging, when we only have 2-3 hard drive makers, instead of 6-7 like we have now... Competition is how you keep this kind of anti-consumer crap from suceeding in the market.