Digital Display Encryption Details Leaked

Phill Hugo writes: "Cryptome has details of the High-bandwidth Digital Content Protection System which will be implemented as content control between computers and monitor screens. I wonder if continued leaking of the details of the many copy-protections systems will make them unworkable. Who's willing to follow suit in the other camps?" Your monitor will soon be a "licensed monitor device".

Declaration of Consumer Copying Rights (DCCR)

[root]

To SAVE MONEY on many duplicate court trials and to REDUCE COURT WORKLOAD, Congress should IMMEDIATELY create and pass a Declaration of Consumer Copying Rights or DCCR (pronounced "decker")... A consumer Bill of Rights that list what people are EXPLICITLY ALLOWED to do with copyrighted material.

(1) The Right of The People to make unlimited copies of copyrighted materials, which they own or hold a valid license to, for their own personal use shall not be infringed.
(2) The Right of The People to transfer ownership or licenses of copyrighted materials , and at their own discresion, (with all copies made therof, if any) to another party shall not be infringed.
(3) The Right of The People to make a copy, in any format, of a copyrighted work aired on a public or subscribed broadcast medium for time shift viewing purposes shall not be infringed.
(4) The Right of The People to possess the hardware and software and other tools necessary to carry out the above shall not be infringed. (5) These rights, as a whole, shall immediately, retroactively, and for all time preempt the portions of all contracts and licenses contrary with the above.

Seem fair? Changes? Additions?

Re:All it takes

[justin.warren]

Actually, no. Read the document, in particular section 5 - Renewability. I initially thought something similar to the leaked keys which enabled DeCSS to work its magic might occur here, but they've apparently learnt their lesson and put in something to counter it.

To summarise for those who haven't read the thing: I initially thought, "Ok, cool, so we just reverse engineer the secret keys and KSV out of the hardware that we have access to and implement in software." We don't have to know what the hell's going on, just get access to the keys. Any cryptosystem is broken if you can get a hold of the secret key(s).

Aha! But they know this is possible, so they've built in a method to get the system to check for known leaked secret keysets and KSV's. It's broadcast in the media, so your copy of The Matrix will play fine, but Antitrust knows your keys are compromised and so won't play. This is basically the same as revoking your PGP/GPG key if it becomes compromised. Actually, from my quick read of this spec, they appear to have designed a variant of public key cryptography. I'll leave the cryptanalysis of the algorithm to someone actually good at it.

Key management is the real weakness here, though. Sure, if a keyset is compromised it can be tagged as such on newer media, but old media which _doesn't_ know the keyset is compromised should play fine... unless the values are stored in NVRAM or similar on the video card or in the monitor, which would be what I'd design in if I were trying to take all your rights away.

That's a management nightmare, though. Just look at the proliferation of DeCSS. Now imagine a similar program for decoding the video stream and an online database of compromised keys. Sure, the HDCP consortium can update their compromised keylists, but there's a time delay in getting those updates out to the hardware (using the video media as the vector). Cue a game of cat and mouse with the hackers putting out keysets and the HDCP struggling to keep their updates moving.

The big problem that they don't appear to realise is that they are sending the secret keys out into hostile territory! The only way a cryptosystem can remain secure is if you can maintain security of the secret key(s). If the user were choosing the keys for the hardware themselves to protect a datastream over a local video broadcast medium, then that would be fine, because the person choosing the private keys is the person who can maintain the security of those keys.

An analogy: creating a PGP key pair and placing your public key on the 'net for people to use. Now encode your private key onto a CD, which you give to someone. They leak your key, so you issue a recovation and generate a new keypair, but every time you generate a new keypair, you publish your private key (no matter how it has been obscured). As soon as someone other than you has access to your private key, it should be assumed to be compromised.

All in all, a better attempt than CSS, but still fundamentally broken.

All it takes

[Jailbrekr]

Is for ONE person to make a device to tap into the signal going to the picture tube, and this protection scheme will be useless.

It is getting to the point where I am going to ACTIVELY pirate copyrighted media, just to show my absolute disgust for the MPAA and RIAA. This blatent manipulation of the computer and electronics industry by these monolithic giants must stop.

Missing the point

[rocur]

Everyone here seems to be missing what this actually is. This is not a plan to sell fancy encrypted monitors to plug into your computer to allow you to play streaming video over the web. This is an integral part of the data chain to be required for next generation video. That means HD-DVDs, HD-Cable, HD-Satellite, HD-VCR/PVR, etc. In order to get a license to manufacture a player, the player will be required to only output analog video (probably Macrovision encoded) or to use this encrypted digital bit stream (most likely over firewire). Which means that you the consumer get a choice of watching hi-def programming down-converted to play on your existing TV set or you get to buy a new "licensed" monitor. And oh, by the way, those of you who have already bought HDTV monitors, you are SOL, thats the cost of being an early adopter.

This doesn't require an act of Congress to mandate or any strong arm tactics against the manufacturers. It is an integral part of the evolution of video. And for you audiophiles, both DVD-Audio and superCD (or whatever Sony calls it) are already encrypted on the media.

And before you think I see this as either a good or neutral development, I don't. This is another step in the entertainment industry's plan to strip we consumers of all of our rights and force all media into a "pay-per-view" scheme.

How much are we going to tollerate?

[hhg]

We see theese kind of things popping up everywhere. "Pirate-protection" on cds, computergames, compressed music, vcrs, dvds, harddisks and now, as if it wasn't enough, The game of profit-maximizing makes buissiness out of encrypting signals in the 1m wire between my computer and my monitor. I have to ask myself one question - WHY? Why are someone allowed to control my pc? Why are someone allowed to limit the use of services I have legaly purchased? If I purchase something, I like to think of it as my own. I own my car, my tv, my bike and my books. I can do with it what I find delightful or funny - whenever I feel like it. Unfortunately some fuckhead came up with the idea of "licence-agreements" - and worst of all, most governments in the world allows this kind of development-brake to be switched on. If I would like to know how this pc operates (it runs winME), I'm not allowed to. I'm tried to be prevented from having my DVDs copied, someone tries to prevent me from copying my purchased music, someone is trying to have my purchased books time-limited, someone is trying to stop me from taping TV-shows, and now - as the top of the "kransekake", as we say in Norway, someone wants to keep me from listening in on the signal MY OWN pc tries to send to MY OWN terminal. I liked to think of my own as my own. Just as Linus pronounces linux as linux. But I'm not allowed to. This has got to stop. If this common policy continues, we are not allowed to change the lightbulbs in our own homes, we won't be allowed to open the hood on our cars, we won't be allowed to install our own car-stereo, and we won't be allowed to not watch commercials. Someone has got to say NO at some point, or civilisation is going down - driven to the ground by its own hunger for profit. I'm not a communist - far from it, but I do want to point out a communist fact, manely that the people are in charge. Or, for you american citizens, you were in charge. Then you found out that you had to let the money take control, and now it's the buissinessmen in the USA that litterally controls your lives. And when I thought you'd seen what you have become, you elect - of all the idiots in your country, Mr. George W. Bush as your president. I've gotta laugh. But everywhere else in the world, I would like you to think about what kind of control you want over your own life. Think abiut it the next time you are to elect your representate to the natonal-government. Of course we don't want to steel things - but then again, that's why we BUY it. What we are really doing nowadays is renting stuff - but noone calls it that. I wonder why...