Slashdot Mirror
Document-Destroying Copy Protection System
Jeff Scarpace writes: "Defense and intelligence alums, including former Defense Secretary Frank Carlucci, are marketing a copy-protection system that works by taking control of your computer. Try to hack InTether, the creators say, and it destroys the document. Check out the article article here." Strangely, this system works only with Windows. Hmmm. Interesting too is the mention of SPOCK, or Security Proof-of-Concept Keystone.
Think about it, by allowing the user full control over his computer it is virtually impossible to apply digital rights management mechanisms (as you lined out) even InTether (which obviously only works, because every application can tweak the Windows OS to it's hearts content) can not stop me from booting into Linux and start dissecting it, copying any files, restore my HD to any state i like, you name it.
/dev/null ... is yours to decide. But now the Media Industry wants to protect "files", simple chunks of data, from copying. This is obviously only possible by working with a crippled OS, since copying (from the network card to ram, ram to hd, hd to ram, ram to processor ...) is what a computer does all the time, even more than computing (typical operation: Load OP a, Load OP b, Mul a*b -> a, Stor OP a; 3 copies, 1 compute) but now the OS has to trace all that copying, has to ensure it doesn't happen unauthorized, suddenly buffering becomes a major headache.
Now let's look what happened to DeCSS: it allows you to convert CSS-protected content to a form you can watch on your linux box. What you then do with it, view it, copy it, send it to
Now microsoft tells the would be Mediacontrollers: "Look here, we bend over your customers nicely, so you can screw them, all we want is a little share in the profit", and Linux, allowing all that free copying, suddenly becomes a copyright circumvention device.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
WOM - Write Only Memory!
Once again the universal turing therom [all turing complete machines are equivlent] and the makes it possible to break copy protection.
Could this be a violation of the DMCA? :)
Free Techno/Jazz/DNB/MI Music by guys obsessed with monkeys!
Note the only "military" application: Preventing casual users of turnkey systems ("Here, Sargeant. Use this machine.") from inadvertently emailing sensitive documents home.
Note what isn't in his DOD application: Preventing highly-trained adversaries (spies) from gaining access to the data.
Finally - the FUD factor: Multiple "snake-oil crypto" signs are here... "11 different layers", as though that makes it more secure than, say, 10 different layers? More layers mean more security, right? I mean, there are more of them! Or phrases like "white screen of death", as opposed to "if the software detects tampering, it deletes itself".
It's a cute hack to wrap DRM in an executable and bundle it with a file for 'doze, but it's hardly worthy of the "military grade document-destroying copy protection system" kind of hype it got in the puff piece at inside.com.
Go, Schneier, go.
-m
If this technique works for the "good" guys, it will work for "bad" guys as well.
I believe that it's in the interests of Microsoft to plug this hole unless they are paid for leaving it open.
11.0010010000111111011010101000100010000101101000
easy holes...\ =\
F8 at startup
bootdisk
read bits directly from the HD
need I go on?
=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=
The more and more content providors, be they government, entertainment or computer industry want to control information, the more and more Microsoft complies, probably more than anything to get on the government's good side. This is a disturbing trend, but sadly, not a surprising one.
Since this system and others like it are by definition incompatible with open-source software like Linux, Linux has become the defacto standard if you want to be sure that you control your own computer and the information on it. The benifits are plain to see. You can 'hack' any document you choose and know the format for, be it a PDF (as mentioned in previous story) or something that is marked as secret, or something like the format listed here.
Linux gives users the ability to control their information.
Turn that around and you can see that Microsoft is building all sorts of hooks into newer versions of Windows that allow companies to try to enforce copy control and try to preserve their 'intellectual property rights'.
Windows gives companies the ability to control their information.
If it were this simple, it's obvious what operating system that the masses would prefer if given this choice. Unfortuneately, Linux developers have shown again and again that they have no people skills, and therefore no ability to make their software usuably by Granny and Uncle Jimbo. The vast majority of Linux software has had no usability testing whatsoever. Compare this to Microsoft Windows and MacOS, for whom usuability testing with non-technical people is a major, albeit understated part of software development.
The onus here is on Linux developers and distributors. The software you work with and produce provides the ability to fight for freedom of information. Unfortuneately, these abilities go underused because the vast majority of computer users will never understand anything other than a simple point-and-click interface. Because Linux is a OS for hackers by hackers, the gains in information freedom it engenders will never be shared by the non-technically inclined.
Making Linux *easier* to use may dumb down the interface, but it means more freedom for all concerned, and therefore, a sweeter victory in the information wars.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
If you feel so strongly that a certain program is un-userfriendly, then WRITE THEM ABOUT IT!
How is somebody supposed to know that other people don't like their design if those magical 'other people' don't tell them about it?
--
Soma: because a gramme is better than a damn.
This is a little bit more serious than my previous post...
This cannot be right (+5 Insightful), for what is complete B*** S****.
I can think of, at least, two or three workarounds for this:
Just because you can think of something, does not mean it will work, if you'd really cracked Zero Knowledge protocols. Well; you'd better prepare to be world famous and prossibly dead, because you've got the combined might of the KGB, MI5 and CIA, Mossad, indeed every intelligence agency in the world chasing you around the globe.
In windows 9x, restart under "DOS command line only" mode, then use an hex editor after copying the .EXE and the protected file to another computer. You can also boot from a FreeDOS or Caldera DOS diskette to do this.
Game Over:
The original data is now useless, essentially 'corrupt', all because you throught you knew what you where doing, and did not. You've just copied some useless encrypted data. Well done. Using WinICE under Windows, while executing the .EXE to "read" a file would certainly yield interesting results...
Interesting perhaps, but useless, because the whole data set and token (key) would vary every time. So all you've got is more encrypted data. Well done.
Cracking the encryption scheme is, of course, left as an exercise for the reader. But, come on, how much encryption and "security layers" can you hide in a 300 KB windows executable ?
Left to the reader because you've got absolutely no idea what you're writing about. This is about zero knowledge protocols, something you clearly know the about the same about. All you've done, is copy encrypted data multiple times, and got different data each time.
Estimated time to crack: anywhere from 24 hours to 1 month.
Guessing again. Because this would depend on the underlying hashing algorithm. Not the Zero knowlege protocol used to access it. Repeat after me: security through obscurity does not work.
True, but this not. I suggest you do some background reading before you jump off in the deep end again.
Repeat after me: security through ego does not work either. Just because you think something is secure, or insecure does not make it so.
End of transmission.
I hope so.
Imagine the combination of this technology with the "electronic text books" profiled on slashdot a while back. Those medical, dental, and other professional schools -- and the companies that supply them -- who have decided to sell textbooks to students on digital media would be able to ensure that students had to regularly "refresh" their books through contact with the providers' servers.
Equally, digital media with a "stale date/stale - {defined condition}" feature would ensure against people selling their old books once they graduated.
I can see why the publishing/mpaa/riaa/(fill in your favorite intellectual property monopolist) communities would love this!
I am glad that the model referenced here is so obviously vulnerable to userland/client-side hacking. Otherwise this is would be an information-freedom nightmare.
D
ELITISM: It's always lonely at the top. Uninvited company is rarely welcome.
People never learn,
Yes, it's probably difficult to hack, yes you can force updates to the software, no it won't retroactively work.
If the current software version is 3.5, 3.4 has been sucessfully hacked then all files created with a versions = 3.4 will all be hackable on a machine that has not had 3.5 installed yet.
Anyone know if VMware will let you round this - Presumably the document could be read straight out of memory of the virtual machine.
Would the following attack work? Load up word + document on a low memory machine, minimize, load a huge application. Power off machine without shutdown, read data from swapfile off disk.
A trojaned copy of the application that duplicates the data to disk?
However, I suspect version incompatibilies will kill this, I suspect each service pack you download will automagically render you unable to read protected documents until the protected software is upgraded to match. Expect an upgrade an hour.
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. (Einstein)
4.
3.
2.
Have a nice day!
1.
boooooom!
This is a little bit more serious than my previous post...
.EXE and the protected file to another computer. You can also boot from a FreeDOS or Caldera DOS diskette to do this.
.EXE to "read" a file would certainly yield interesting results...
I can think of, at least, two or three workarounds for this:
In windows 9x, restart under "DOS command line only" mode, then use an hex editor after copying the
Using WinICE under Windows, while executing the
Under Linux, mount the Windows disk with appropriate rights and use Linux equivalents.
Cracking the encryption scheme is, of course, left as an exercise for the reader. But, come on, how much encryption and "security layers" can you hide in a 300 KB windows executable ?
Additionnal brownie points will be given to the reader who determines which compiler and programming language has been used to create this little thing. (Hint: look at the end of the EXE file for informative compiler strings).
Estimated time to crack: anywhere from 24 hours to 1 month.
Repeat after me: security through obscurity does not work. End of transmission.
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
I'll assume it to be self-evident that this kind of copy-protection is Bad and Wrong. Other people can start that debate.
We need to get some bad publicity going about this kind of technology:
*What if the RIAA could destroy your entire CD collection by sending the correct message to your computer?
*What if Windows crashing could destroy every book own?
*What if the MPAA could render your home-video collection useless?
If we're talking about digital copies of the above media with this kind of copy protection, *it could happen*
But what if no one bought the songs or movies or books encoded with this technology? Hmm?
Let's not let them take away our rights as we sleep!
Karma: Bored. (Thinking about resurrecting the "Anyone else is an imposter" joke.)
" Cry me a fucking river, you pansy"
A pansy is a idiot luser who can ot be bothered to learn how to use a program.
A pansy is a whiner who complains that the software someone worked his ass off to produce and then gave away sucks.
A pansy is someone who would rather bitch on slashdot then get off his butt and write documentation or test the freaking thing in the first place.
Why are you wating for someone else to do the testing? Is it too much to ask for for your pansy ass?
Screw mom and pop, they are idiots, they will eat whatever junk some corporation spoonfeeds them. They have zero awareness of the world around them, they don't give a flying donut about anything except their favorite TV show. The corps love them because they are so easily duped into paying money for useless junk wheather that's nose hair clippers or buggy software.
Let them lose their freedom they will enjoy having less choices, they will revel in knowledge that big brother is watching out for them. They will listen to talk radio and nod their heads mindlessly while consuming whatever junk is being peddled there.
The world needs stupid people and thank god there is an endless supply.
War is necrophilia.
Since the checksum file is signed at the factory, the private key would not need to be distributed - only the public key is needed to verify the signature. Any attempt to modify the executables, dll, or checksum file (including an attempt to NOOP out the checksum validation routine) would render the viewer inoperative. It would be very difficult to beat this sort of system.
The best attack against this system is to run it on a virtual machine like VMWare. The client operating system has no way of knowing that it's NOT in full control of the underlying hardware. Everything done in the virtual machine can be trapped and manipulated by the host OS.
Of course the best solution is to vote with your wallet and refuse to buy anything protected via this mechanism. Write a short letter to the offending companay saying "I'd love to buy X from you, but I will not do so as long as you use this copy-protection scheme." If they get enough letters like that they will get the clue.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
Probably easier would be to just ignore the encryption and work at the bigger weak point, which is the interface between this software and the generic user applications. Something in this software, at some level, has to send the information in plain text to outlook so that the user can view it. (Or very worst case, it draws it as a bitmap to a window.) In either case, it is theoretically possible to slip something in their that grabs the data. The obvious way is to figure out what their dll is named, create one with an identical interface, copy theirs to another name and slip yours in its place, chaining to their original one. Then, just look at the data as it streams by.
How much they are checking for this (and exactly how) are the interesting questions.
The cake is a pie
Any Windows-heads
Cipherpunk actually:)
out there have an idea how this might be implemented?
There are several possibilities, based around what are called zero knowledge protocols in cryptography.
Essentially the chipertext become stateful, it's transformed each time it's accessed, the transformation process produces a new token each time the system is used/accessed and the new token must be used to access the data, the next time.
The correct token is must be passed into the system with the change request and the new token is returned. Any data that is accessed is actually removed from the data set, modified then resubmitted with the last token. The last token, must be used the next time, the use of the wrong token, corrupts the data, because it results in an incorrect transformation, because a one way hashing function is used, reversal is unfeasible, and tampering with the system changes it's state, therefore it also 'corrupts' the data.
neat eh :) it even amazes me.
This type of system is actually used when licencing databases, and only a very small sub-set of the data is ever used, like PAF's. It can also be used when an unchangeable audit trail is required.
A side effect is the document cannot even be 'official' copied either, it's actually removed from the system instead (where it could be copied and re-inserted). However the system would show this as a new document not the original.
I'm not sure if I see how this couldn't be circumvented by dropping in a new DLL on top of InTether that decrypts the file, but *doesn't* enforce the copy-protection scheme?
Doesn;t work like that, if the copy protection scheme is not used the 'data' become garbage rather than information.
Plus, how does it control this in the first place? Where in the Win API is this level of control possible? Sounds almost like it must replace Windows kernel calls, which would mean it's hard for it to keep pace with Windows releases...
Implemented on Windows, it would almost certainly leak information via the VM, & therefore to the disk. Unless the implementing software engineer, actually got in below windows.
Plus, what's to keep me from (1) uninstalling the software; (2) backing the file up to CDROM; (3) hacking on the read-only copy? Especially if I combine it with some of the other features, like removing the right to reboot the machine?
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
- Run Windows inside of VMware
- Run a program such as GoBack
Either way you capture the data, and can go from there. You could also pull out the good old sector editors, etc.I don't know why people insist that some things computer related should be ephemeral, and undocumentable, but they're racking up some massively bad karma along the way. It'll bite back.
--Mike--
More to the point, if I put enough effort in, I can set up a perfect emulation of a Windows PC here on my Linux box. (Think in terms of running the real Windows under VMWare.) I can then hack that emulation so everything sent to the "screen" really goes to disk. Whatever method you use to detect your software is running under emulation, I can work around - run a benchmark? I just tweak the emulation's system timer so you think you're running realtime.
They might be able to get somewhere by using Net access, and sending cryptographic challenges across the wire with very tight deadlines; eventually, though, the software will decrypt the content and try to display it. At that point, it hits a debugger breakpoint, and I dump the whole of the process's memory to disk. Whoops - that's your "protected" content, sitting on disk unencrypted. And now I've killed your program off - how are you going to delete it now? You can't.
Nice try, guys, but you're never going to win: what you're trying to do is impossible. I suspect these guys know that perfectly well, though, and they're just planning to make a quick buck out of their "magic bullet" software from those who don't realise the flaws.
Schneier points out something along these lines towards the end, but doesn't seem to be given as much attention as it deserved: listen to him, he's right!
I can just see it now:
C:\> CD C:\MUSIC
C:\MUSIC> COPY
**** WARNING ****
Leet Hackering Detected!
Piracy Counter-measures Activated!
"DEL C:\MUSIC" Completed.
Incident Report Filed with the DMCA Task Force... the Patty Wagon is on it's way.
Hey, it could happen...
--
Scott Brady
I moved to Linux primarily to avoid reboots. In fact, rebooting requires root and/or console privilages.
Why should I extend those same privilages to an idiot content manager?
"Information wants to be free" properly refers to "freedom," not "free beer."
Back in the days of yore before I saw The Light of real OSen, my MS Word 95 would spontaneously do the same thing to random documents after some random actions. Microsoft -- half a decade ahead of the game, yet again!
// zyqqh
I can see this coming in handy at work as well. Any time a user sends me requirements for a project, I simply type in the wrong password...I can continue reading slashdot and kuro5hin idefinitely now. :o)
Mas vale cholo, que mal acompañado.
I believe that usability testing is performed not by developers.
This is a copout on the part of lazy eletist programmers. "We're the only developers there are. Everyone else is marketing..." Cry me a fucking river, you pansy.
If you add to a given piece of software, be it in the form of code, graphics, bug-testing, or usability-testing, you're helping to develop that software. You can make the distinction that a programmer is not responisble for testing if you work in a large programming department that has a testing or 'quality assurance' section working along side it.
How many Linux devleopers have 'quality assurance' departments backing them up? How many have usuability testing labs backing them up? Being that +90% of Linux development is done on a volunteer basis, not very damn many, I would imagine.
If you release a program, you are responsible for making sure that the testing gets done, usability or otherwise.
If you don't make your program usuable by Granny and Uncle Jimbo, you're just contributing to Microsoft and Corporate Content's stranglehold on the computer industry and intellecutal property.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
The prime reason this will fail utterly is that Windows was not designed as a multiuser system. Because of this, most Windows boxes give the user full control over what is on their machines. Someone with enough coding skills can use this to pull all kinds of interesting information out of other processes. Using the debug functions and appropriate care, I suspect a hacker could create a toothless version fairly easily.
The cake is a pie
First thing he does is divert INT 13 and have it copy everything going to/from disk into some safe storage place.
Then, he waits for the regularly-scheduled backup. Voila! He gets a mirror of everything on the drive, WITHOUT having to plough through some software package that could blow everything up.
Now, this approach CERTAINLY works for diplomatic briefcases, where there is one (and only one) access point, and where the contents are physical and therefore cannot be cloned without removal.
In the digital world, this approach is naive. You can mass-copy data, without ever "visibly" touching the original. Suicide switches become useless, in such cases, as there's no guarantee that an intruder will ever trigger the switch.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Depending on the media, the work around may be as easy as a patch cord. or knowing how to boot to safe mode.
Some info from the article:
InTether's most intriguing features are those intended to rebuff hackers. To begin with, Friedman says, the system incorporates 11 layers of security defenses. ''All have to be successfully navigated'' in order to hack the system. ''But one piece does nothing but check continually the integrity of the other pieces,'' he says. ''If you could disable a certain piece, within milliseconds our system would know.''
At that point -- probably before, he says -- InTether begins taking counter measures. One relatively mild step is to force you to reboot your computer. But if the hacker persists, and continues making ''aggressive'' attempts to disable InTether's defenses or pierce its vault, he'll get what Friedman calls ''the white screen of death.'' His InTether receiver, together with all the InTethered files stored inside it, will be destroyed. Attacks ''would have to be pretty aggressive and multiple'' in order to trigger the white screen of death, Friedman says, not so reassuringly.
As a side Note: It turns out that when an InTethered file is open -- say, a Word document -- the user cannot copy, cut, paste, or print any other Word document on his computer, including those that have not been InTethered. That's because, Friedman later explained, InTether imposes restrictions at the application level. But once the InTethered file was closed, the spell was lifted, and all normal operations resumed.
"It is a greater offense to steal men's labor, than their clothes"
Don't worry, your documents will never fall into the wrong hands....no one will have them. Hope your backups are good.
Have you read the Moderator Guidelines
The security system destroys a document if it thinks someone is trying to access it illegally?
:)
So what your saying is... my kid can blow up my dissertation by sitting at the keyboard and banging random keys?
That's kind of why I password-locked my computer in the first place, fellas.
-- In the future, everyone will code Perl for 15 minutes. --
Exactly... look out, or the Turing theory of machine equivalences will become restricted information under the DMCA! (Any Turing-complete computer can emulate any other Turing-complete computer.) Heh. Teaching theoretical computer science will become illegal! Really, that's the logical end result of the DMCA.
That would be the obvious way to break this thing... Use Wine, or VMWare, or whatever to emulate a regular Windows machine so completely that the software running on it can't tell it isn't talking to the hardware.
Then your "virtual video card" can make copies of anything, and your "virtual sound card" can save everything to disk, and the pathetic copy management software running in the emulator doesn't know and can't stop it.
Of course, it might be difficult to write a good enough emulator. One obvious challenge would be for the copy management software to only allow playback/display on devices with digitally signed drivers. If I understand how VMWare works, that would be a problem because VMWare uses special Windows video and sound drivers that interface to the VMware virtual machine. But that can be solved as well, by emulating the video and sound hardware and running signed drivers on it.
The only way this stuff could ever be somewhat secure is if the software runs on sealed-box, tamper-proof, non-upgradable, un-documented hardware. That would make writing an emulator so difficult that most people wouldn't bother.
These companies should stop wasting everyone's time and just change their business models. I, for one, would be happy to pay for a music downloading service that reliably supplied me with top-quality, high bitrate MP3s, or even better, Vorbis Ogg files. Of course, the price should be fair (i.e. low), I should be able to get just one or two songs without having to buy the whole album, and most of the money should go to the artist. One dollar per song would be acceptable to me, and the artists could make more money that way.
But that destroys the business model of the big record labels, so they will fight it to the death... their business death or the death of our freedom, whichever is the weakest.
Torrey Hoffman (Azog)
Torrey Hoffman (Azog)
"HTML needs a rant tag" - Alan Cox
"We had to destroy the copy to protect it."
This would actually be really easy to implement on Windows. Just make it editable by Word. The user tries to "hack it" (i.e. open the file)--immediately AutoCorrect jumps in and "corrects" the spelling of everything so that it is largely illegible, meanwhile AutoGrammarNazi underlines anything not found in a Dr Seuss book. Then 30 seconds later AutoSave activates and saves the document, destroying it utterly.
--
324006
Yes, I know, they disable the Windows OS screen capture. But you run a VMware session where the entire guest OS appears in a single window. Microsoft Windows can't stop Linux from capturing that screen.
In addition to VMware, I'd like to see how it handles a VNC server. Would a VNC client fail to display a protected document? If not, you can screen dump the VNC session.
Screen captures, of course, won't help you with audio files. I assume VMware virtualizes the sound card as well though, so Windows won't stop audio captures there either.
-- Don't Tase me, bro!
Or going back further, RT/11 for the PDP/11 series fit the entire operating system, including drivers, multitasking, memory management, etc, in 4K.
300K of tight assembler can contain an enormous amount of functionality.
I'm really curious to know if they thought to do something to the screen-print.
Not curious enough to install, though...
The cake is a pie
Any Windows-heads out there have an idea how this might be implemented? I'm not sure if I see how this couldn't be circumvented by dropping in a new DLL on top of InTether that decrypts the file, but *doesn't* enforce the copy-protection scheme?
Plus, how does it control this in the first place? Where in the Win API is this level of control possible? Sounds almost like it must replace Windows kernel calls, which would mean it's hard for it to keep pace with Windows releases...
It's a strange world -- let's keep it that way
Let alone VMware, what about windows hibernation support... you don't need fancy software to get a memory dump!
:)
... running it in VMWare, then suspending the
virtual machine and looking in the RAM file...?
Bet they didn't think of that!
Muahahahaha.....
"We won't use guns, we won't use bombs, we'll use the one thing we've got more of and that's our minds" - Pulp
From the artice, Intether works on windows and using OS to check if its code or documents are being hacked. But if you boot into linux (or any other OS on the system), and access the Intether software from their there can't fight back.
Obviously any such system can always be hacked because software can never prove that the environment it is running in is working is as it expected. Such software could be running on a emulator, or with a modified OS, or faked hardware abstraction level, that subverts its action, and the content protection system would never be able to detect it.
Ah, but you are missing the point that anti-DMCA people like me are trying to hammer home: this software will NOT allow legitimate, beneficial fair uses. The entire driving force behind the content industry's search for the perfect digital-rights management scheme is that digital control over digital content finally delivers the holy grail of pay-per-use into their hands. All they need is one or two more laws and maybe an object lesson or two wherein Norwegian teens or magazine publishers are slapped down by the bought guns of government to make their long-deferred dream a reality.
If I pay for a book or recording, I have an absolute and irrevocable right to do what I want to with it within my home. If I want to print a million copies and use the paper to insulate the house in winter, I have that right. Technology allows the publisher -- generally not the author, I might add -- to abridge my right. You'll pardon me if I don't get excited at that prospect.
Caught between a rock and a hard place: between distaste for those who would trade in copyrighted material without paying the creator his due and my utter loathing for the corporate swine whose millions have subverted the very government that allegedly exists to serve the people who feed the corporate machine.
Learn to spell: nickel, missile, lose, solely, amendment, speech, kernel, probably, ridiculous, deity, hierarchy, versus
SIX MINUTES? My computer can boot Win98 in under a minute. Christ, if this thing fucks up Windows even more to the point where it's taking me six minutes to boot up, there's no chance I'm touching it with a ten foot pole...
Strangely the article makes this technology out to be groundbreaking and original. This is just a docbroker a-la Documentum Workspace that features encryption and the ability to delete files that haven't been checked out of the docbase properly (or legally). There's nothing too original about this.
I think the implication to most users is no different than most proprietary software and file formats. This is a proprietary system that you need to volutarily subscribe to that imposes restrictions on you as a user using an obscured client and protocol. If you opt to use the system, you agree to its restrictions. There are free alternatives (Ogg Vorbis?) -- if you really want to make a difference you'll cast your vote in favour of these.
---
Don't you think it might provoke a response on the same level? Some "Freedom Terrorists" or the like who simply go and shoot some RIAA executives in response to such an attack. And before you declare the forming of such a group absurd: note that there already exist terrorist groupings with idealistic aims (whatever underlying agendas there may be) and that they apparently manage to recruit people. Also note, that the RIAA (for an example) is highly vulnerable to Hacker attacks (hacktivism). There is no need to shoot their executives, when a skilled hacker can hit at them from the other side of the planet.
No, i don't think it would be wise of corporations to escalate the conflict to that level. Also those squads just *might* get caught (remember Rainbow Warrior and how it was smeared all over the French Government?) and even if not the public will make the connection (if someone sent a squad to destroy napsterservers everyone in the world would know who had an interest there).
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
Personally, I think that it is kinda cool that in the midst of all the RIAA lawsuit fiasco, someone is actually working on a technical solution. I have nothing agianst Napster, warez, serialz, cardz, etc...but I do acknowledge that they are mainly used for theft.
Instead of fighting hackers with the law, these people are fighting hackers with hackers. At least the game will get a lot more interesting than the "My government can beat up your server" game that we are playing now.
I'd rather you do it wrong, than for me to have to do it at all.