Slashdot Mirror
Thomson's Vision: Smart Cards For Everything
ideaspin writes: "Thomson Multimedia is pushing the adoption of its smart card technology (SmartRight) in all kinds of devices ranging from TVs to PCs and set-top boxes -- basically, anything that might play digital media. Information Week has an article about it as does Webnoize(subscription only). This doesn't smell like something that would survive on the PC and consumers aren't going to be thrilled about the restrictions that such technology will bring -- no recording, limited archivability, no sharing and additional hardware for every viewing device. Interesting thing is that they are trying to convince the government to require the computer industry to adopt such a standard. Along with the copy protection schemes built into portable media and hard drives, this is one of the many ways that they are trying to lock down 'rogue' PC devices."
I don't really understand what's the problem here. The technology exists for a very long time (I'm having 3 different SmartCards in my wallet now), the only problem was that manufacturers didn't put them into their hardware. That's all. If every PC contained a cardreader, you could use it to log on to the system. I helped to implement a system like that for the European Union in Brussels years ago, but the biggest problem was that the readers had to be bought separately (very expensive at the time), and were impossible to build in a portable (which was the main reason that we wanted the security system). Yes, this technology could be used to limit copy proctection. A video or mp3-file could be linked to a specific card, so that only a person with that card can watch/listen to it. Or you could have a suscription based system : you might be able to buy a prepaid-card that allows you to watch/listen for a specific amount of time. This would be a good deal for Napster. No more free downloads. These SmartCards will appear everywhere : magnetic bankcards are on the way out (here in Belgium at least), my medial data is already stored on a system like this, and the Belgian gevoernement is going to put this chip in our passports (ID-cards) in 2 years time ! If I wanted to build a system where you had to put your passport into the computer in order to prove your identity, so that you can access the system, download data/video/audio, charge your VISA-card or a prepaid card, ... I do have to right to do that. But if you don't like it, don't use it. Just don't be surprised that you can't access certain services anymore.
The point is that this system isn't much more different than a username/password system, or your visa-card or whatever. If a service needs a prove of your identity, needs to charge you against your VISA-card or a prepaid card, or whatever ... there are already ways to do that.
A SmartCard is just a more cleverder way to do that. It's possible for instance that the service provider (say, Napster) never knows your real name or your bankaccount, but it still needs to be sure that you have the correct permissions. Napster isn't really interested in your name, it just wants to make sure that your downloaded musicfile can only be listened by someone who possesses the SmartCard that was used to download it. Or they want to charge your VISA-card (or prepaid card) direcly, without ever knowing your actual name or account.
FUD.
There is no such thing as a "cheap smart card reader/writer". You are probably thinking of magnetic strip cards which have been around for ages and definately are *not* smart. Smart cards basically are tiny computers on a chip. You can talk to the smart card and communicate with it, but you certainly can't just read/write it's memory. In fact you have no direct access to it's memory at all. As someone else here mentioned, Smart cards are designed so that if you try to tamper with them (physically or whatever) thier memory will be erased. Program, memory contents, and encryption keys, gone...
No one has found a practical attack yet. AFAIK.
--
Simon
Adding this kind of copy protection to PCs, set top, boxes etc is basically the same at the music industry's attempts at a secure digital format to replace CDs. You can't add take an existing product (i.e. CDs or PCs), add copy protection and expect it to succeed in the marketplace against it's un-secured cousins. Secured versions of existing tech offer no extra value for consumers. It's that simple.
The only way to get copy protection into people's homes is to piggy back it on something new and cool that people might actually want. DVD being a good example. High quality movies, ~7 Gig disks. Something that wasn't possible or available before. People want that, can't get it elsewhere, and will put up with CSS and the other annoying copy protections features that come with it.
--
Simon
I'll grant you the point that the Royalty checks might go down a bit - but when you make a penny or two from each CD sale (with CDs costing anywhere from $12-20 depending on the area, sales, etc...) - that's not much, unless you sell a few million copies. Add to the the fact that the record companies charge the ARTIST for promotion (ads) and concert venue rent, and all their other assorted "perks" - the possibility of an artist actually paying off those debts from income by royalty checks alone is minimal. This is why there are TShirt sales an why the admittance fee to a concert is so high. THe artist is trying to recoup some of the cost. I'd wager that most of the artist's actual income comes from these events, and is only marginally affected by royalties.
Of course, the record companies may put quotas on the royalties - saying "we will only continue to back you and allow you to make records through us if you continue to sell X units a month" - because the record company itself needs to make money - and if they don't sell X copies, their overhead costs get too high...nothing we as customers or fans can do about that - not while taking the high road and protesting the price-fixing artist-screwing actions of the record industry.
If there was a way to give a few bucks DIRECTLY to the bands I love - I'd do it in a heartbeat. Unfortunately, the industry has all but outlawed this for most contracted artists.
It's become a situation where the record industry can't lose - if customers don't buy CDs, the artist gets dropped, and if enough artists get dropped so that the company feels a pinch, they just grab some new slutty teenager or a few halfway decent looking guys/girls and pump out more schlock that the kiddies will buy. If the customers do buy CDs, it perpetuates the system, by enforcing to the record companies that price fixing is OK and screwing the artist over is OK, so long as we get our CDs.
The whole system is corrupted in such a way that the already titanically rich music industry can't be attacked financially (read: where it hurts) because they just pass the losses on to the artists - whom most of us DON'T want to hurt.
Personally, I refuse to buy new CDs. I get my music other ways. I get mp3s (mostly of bands that don't sell cds here in the states - but a few songs that I do enjoy by "local" bands), listen to Shoutcast streams (much more non-schlock out there on Shoutcast than on the actual airwaves), I buy used CDs of the artists I like, and attend a concert when I'm able. I wish I could pay DIRECTLY to some of the bands I enjoy most - but the option isn't available to me. My options are to do without much of the music I want, perpetuate a corrupt system by paying up to $20 to give a mere few cents to the artist, or to get my music in alternative ways that border on illegality at best, and at worst are blatantly illegal.
<Increase Rant Threshhold by 2>
I'm sick and tired of having schlock forced down my throat. I'm tired of being told what I should like. I make that decision. I don't like what the RIAA pushes. I don't like rap, hip-hop, r&b, dance, techno, "divas", boy-bands, girl-bands, blonde teenage singersluts, and the like. I like JPOP, Classical, "classic rock" (60's/70's stuff), and a little old-style blues and a dash of 80's "punk" thrown into the mix. I like music made by real instruments, as opposed to auto-generated on a beatbox. I like music made by a full band, rather than some guy with a few keyboards.
That's what I like. That's not what the RIAA thinks I should like, but that's what *I* like.
<End heightened rant threshhold>
Why is it that these "technologists" keep using the most fragile and expensive junk? The I-button is cheaper, nearly indestructable and better than any "smartcard" made. I have used them to unlock my house's door, log-in to my computer(linux via fancylogin, and NT via commercial software) and related websites, and more. the reader costs less than $20.00 at full retail price and requires no special drivers and is 100% linux compatable.
Anyone who designs around a smartcard is obviously paid to use it, or dosen't know how to perform basic research.
I find it funny that anyone who has any expierience in such systems would find a smartcard a viable solution, In real-world tests, my company found that smartcards were the worst solution, while we still have the prototypes ibuttons in service (2 years now, and over 300,000 uses, left in the rain over a weekend, and one was discovered after being lost for 2 weeks by the lawn maintaince people after the mower flung the ibutton+keyfob+keys 90 feet into a wall.... still works!
BTW, for less than $40.00 USD anyone here can start hacking and designing with the ibutton.... you can't do that with a smartcard.
Do not look at laser with remaining good eye.
Here is "the perfect copy-protection scheme(tm)" that should be adopted by everyone (you) and endorsed by all the major media monopolies(company):
1) You won't actually "own" a computer, handheld, phone, TV, stereo or other media device -- you just rent it. The company will provide one for you. You will be given permission to rent this device for as long as you would like. Upon request the device must be returned to the company.
2) You won't get to actually choose which content you would like to watch or listen to... the company will select this content for you (based on a comprehensive demographic marketing profile) and automatically send it to your device. You will be billed accordingly.
3) You will be contacted daily by advertisers working in close conjuction with the company to fine-tune your profile. You are expected to buy products and services so that we may determine your likes and dislikes. This information will be shared with all of our partners and affiliates.
4) CD-Burners, Floppy disks, Zip disks and other removable media are hereby banned. You really don't need to create "backups" anyway. Since you are only renting the computer and paying to view the content - there is no need to create copies. If your computer/PDA/phone/device ever becomes unusable due to hardware or software problems, please return it to the company for a replacement.
"If Linux becomes outlawed... then only outlaws will run Linux."
Stuff like Wedgetail (www.wedgetail.com) which supports a subset of a Pulic Key Infrastructure will likely become embedded once the right cost-performance point is reached. Think mobility, fly into an airport, rent/lease a mobile phone, and access your normal documents/email using a smart-card. It would just like a subscription service, possibly even generating random access keys. Sun already supports smart cards for its SunRay applications.
As for open source applications, think what a combination of Kerberos client, PGP, s/key etc on a smart card. Combine with a filesystem that supports multiple levels of security and you offer a graduation of services. If you want, you can even tie a range of personnae into each smart card, have a generic anon@mous for general use but a me@work for more confidential stuff.
LL
Not really.. how many people do you know without very much technical computer knowledge that knows that there are cracks for programs to eliminate copy protection.. or that knows about astalavista.box.sk? Not many. So it from being accessible to most people.
Proton, the electronic wallet, is implemented on every bank card you get. There are more bank cards deployed here than our population count. I personally have three bank cards, and therefore three electronic wallets, of which I use only one. Hence the skewed numbers.
The Belgian Bankers Assocation has statistics on all electronic transactions (mind you: in Dutch), that clearly show that the electronic wallet is far more popular than credit cards. Proton accounts for 51 mio transactions in 2000, credit cards only 34 mio. While these numbers may not be that big, remember that bancontact debitcards have been in use in Belgium since 1978 and are extremely well-known and way more popular than both the electronic wallet and credit cards.
Belgium is a little country, but electronic banking is one of the things we've historically been first at.
Okay... I'll do the stupid things first, then you shy people follow.
Okay... I'll do the stupid things first, then you shy people follow.
[Zappa]
Furthermore, magstripe-based bank cards are being replaced with smartcards, because they're less susceptible to failing (i.e. due to magnetic lock in your handbag, ...), and they're way harder to copy than their magstripe counterparts.
Personally, I find the credit card number scheme quite ludicrous (look ma, no code!).
Okay... I'll do the stupid things first, then you shy people follow.
Okay... I'll do the stupid things first, then you shy people follow.
[Zappa]
it would be more accurate to say "smartcards are hard to copy." paul kocher showed how to infer the contents of a smartcard by watching its power or timing very carefully.
nobody
parturiunt montes, nascetur ridiculus mus
the electronic wallet has been their obsession but consumers everywhere hate the idea. (i see american express announced just this week that they are giving up on the electronic wallet for their blue card.) the gsm sim, which emerged in the last five years out of nowhere to become the largest smartcard application, completely took them by surprise.
so don't count on thompson or their cohort for much beyond a damn fine press release. they run this sort of thing up the flagpole regularly just to see who will salute.
nobody
parturiunt montes, nascetur ridiculus mus
What is a PC? What is a computer? Will my router have to have one? Give me a break. This is exactly the kind of law that starts with the best of intentions and ends up like that annoying seat belt alarm that goes off when you put your briefcase on the passanger seat.
Someone you trust is one of us.
And people won't buy them. The point about "Thomson has sold 10 million DirecTV satellite receivers" is just stupid. Nobody buys satelite receivers. They rent them.
worse than that. They don't rent receivers at all: they pay a monthly fee to watch the shows.
That Thomson think the box is the most important thing is probably inevitable (given that they make the things) - but they're making the classic mistake. The consumer only cares about the content - and if they can get it easier/cheaper someplace else, then they will.
The technology is just a barrier for most people.
Smartcards aren't copyable. There's a lot of work in there (especially the JavaCard standards) to make sure they really are secure against copying.
Of course, over-worked contract coders forced to churn code out without time to read the manual fully have a long track record of getting it wrong !
And more then that, smart card readers are really just transcievers ... Transcievers are damn cheap :)
Free Techno/Jazz/DNB/MI Music by guys obsessed with monkeys!
I will be very interested to see how consumers react to this sort of thing. In general, the more difficult they make it to use these sorts of "services," the more people will migrate to readily available and free music.
And until they find a way to restrict my ability to record my own compositions, or they find some way to stop my guitar strings from vibrating without a properly installed license, I'll have all the music I need, and they will have none of my money.
I imagine it's pretty hard to sustain a cultural phenomenon when friends can't say "hey, listen to this!" because everything is pay-per-play. It will be quite interesting to see how effective the brainwashing has been.
sig fault
Some people buy it. That's right, some people will give up their rights if a snazzy advert tells them to.
Other people go - what, so I've got to replace all the TVs, VCRs, DVD players and PCs in my house with ones that conform to this one format (and since there's several competing ones it's difficult to pick which one to go with), and I have to pay extra for the privalige. Hmm, no, I don't think that sounds like a reasonable deal.
Mean time, there'll be a small manufacturer or two, who can't afford to produce something like this, and go on producing un-restricted platforms. Which everyone starts to buy.
Joe Public may not care too much about violations of his rights, but he doesn't want to have people try to restrict how he watches TV. You can supress minorities (Linux users & DeCSS), but if you try to stop everyone you're going to have a lot of problems. Will Joe Public vote again for his seanator if his seanator restricts his cable? Nope. So government are going to be reluctant to pass this too. Nice try Thomson.
I'm not sure about DSL, but this is the same Thomson that owns RCA, GE, and the U.S. rights to the MP3 patents. Boycott Thomson's new "Stupid Card" project and support the Ogg codec projects instead.
Will I retire or break 10K?
I think that Thomson can't and should not succeed for a number of different reasons.
Therefore, the chances of Thomson achieving their goal is quite remote considering the number of obstacles in their way and the considering that the hardware makers have historically been very resistant in implementing these changes from Day One. There are just too many obstacles in the way for them to succeed.
Self Bias Resistor
"When the pin is pulled, Mr. Grenade is no longer our friend." - Murphy's Laws Of Combat
----------
When the pin is pulled, Mr. Grenade is no longer our friend.
How many years has this been going on for. It must be 15 or so years since I first started seeing copy protection of some form. I also remember that it didn't take long for a crack to turn up on the local BBS.
Still, companies invested money in trying to make a better copy protection system. And the cracks continued to turn up shortly after. Look at the money invested in CSS, and how long did that last.
So bring it on fellas, and we'll hack it, and crack it, and find a better use for it.
I wish I could think of a witty Sig. Sigh!
If I make a copy of somthing you have, you still have the original. The fallacy that copying is the same as stealing is no different than the superstitious belief that having your picture taken steals your soul.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
It's funny: remember when SmartCards(tm) were being developed as a security measure for the consumer? Back in the old days, these devices were envisioned to help protect people from unauthorized use of their systems.
Now, I'll need a SmartCard(tm) for my coffee machine to validate that I alone paid for my coffee beans.
"My mother never saw the irony in calling me a son-of-a-bitch." - Jack Nicholson
As some documentation for my statement :), I'll offer "Courtney Love Does the Math", which appeared a year ago in Salon. It's a good read.
The Mongrel Dogs Who Teach
...didn't work in the past (DIVX)
:-))
...won't work in the future (DiVX
There are two kinds of people: 1) those who start arrays with one and 1) those who start them with zero.
Digital copyright protection is like a fishnet condom.
You see? You see? Your stupid minds! Stupid! Stupid!
Well, we would expect a company part owned by the French government to look to regulation first to try to get its stuff adopted. I agree with the others here who say that this has no (0) chance of success.
sulli
RTFJ.
Thomson has sold 10 million DirecTV satellite receivers equipped with smart cards during the past seven years
Theres a big difference between 'smartcards to view satellitte TV' and 'smartcards to view everything'. I certainly don't much like the idea of having to (presumably) pay of a smartcard in order to do what I do already. So I'd avoid a smartcard device as long as I could. That might mean turning to this 'Napster for video' they're trying to avoid.
One of the reasons Napster was/is so popular is coz they give users the opportunity to download music that costs alot. If you push up the cost you drive more people to look for ways to 'get it for free' (read: steal). Make people pay mroe to watch TV by having to use a smartcard, you make people even more keen on the idea of 'Napster for video'.
http://twitter.com/onion2k
And people won't buy them. The point about "Thomson has sold 10 million DirecTV satellite receivers" is just stupid. Nobody buys satelite receivers. They rent them.
The other problem with smartcards is I am very mobile. I check into Slashdot from at least 5 diffrent computers on a regular basis. I am not going to carry the smart card from place to place and possibly forget in in some machine along the way. Places requiring smartcards would simply no longer be visited and fall off the internet to me.
The truth shall set you free!
I worked for Thomson, in one form or another from 1990 to 1998. I have a long, and friendly, history with their North American division. How predictable the Slashdotter's response to this press release is: "I want my MTV and some multinational is coercing the Feds to take it away".
What is really driving Thomson's efforts in this area? Primarily it is this: Thomson has been systematically blocked from providing hardware into North American cable systems due to a lock on propreitary Conditional Access (CA) by 2 companies: General Instrument (owned by Motorola) and Scientific Atlanta.
Recently, through the efforts of CableLabs, the CA systems have been reduced to a CA "pod". A pod can be incorporated by a non-GI/SA hardware manufacturer so that their TV/STB/Appliance can play on a cable network. However, the cost of the pod to a 3rd party hardware vendor is nearly the cost of the set-top-box (STB) itself.
Given that Thomson has 10+ years of experience with smart card based CA systems and have deployed smart-card based systems in the DirecTV market and in the European DVB market. Ask yourself, what is Thomson's real motive? "To steal TV programming from those stinking Americans", that's what. They are Paris based after all, and North American television is the single most potent threat to the bastardisation of the French language.
No, Thomson is seeking to capitalize on the recent Tivo security breach (among other worries of Hollywood and appliance manufacturers) and leverage their appliance and excryption expertise into a standards process. Thomson offers a history of working within the multimeida standards bodies and providing standards based solutions. After all, the best security model is one where the algorithms are well known and the security is truly based upon algorithm integrity.
It is unlikely that permanent media (like CD's, DVD's, tape) will effectively be protected by any encryption scheme. As we have seen, the media easily outlasts the lifetime of the robustness of the encryption. (Of course, you won't hear this truth uttered by any marketeer courting Hollywood, be it Thomson or anyone else). But, it is realistic that temporary storage of content can be effectively encrypted and held secret for the lifetime of its use (i.e. the temporary storage and playback of MPEG streams for a few days or so). Traffic and authorization keys can change dynamically, new smart cards can be issued when the algorithm has effectively been attacked.
So that, IMO, is what they are selling. And their motives are to, over the long run, break the lock that GI/SA have over all cable distribution systems in NA. That and the subjugation of the English speaking world to the French. Neither of which would be all that bad.
Trust in them. I remember being something like 12 and busting the copy protection on a game for the apple ][ gs (woo) with a $10 dollar copy utility. No idea what I was doing. Just lots of time and patience. And that was before the internet was at everyones finger tips. The very idea of copy protection is patently absurd. Try convienence reduction. I have no doubt that I could, right now, download and burn a pirated version of PSOv2 for the dreamcast. Thanks to some 16 year old kid in Hong Kong. It's not about knowledge. It is about having the will power to spend several hours to crack something that you could pay for by working 15 minutes. Why waste the time? (If the act itself doesn't provide you with entertainment that is).
--Jimmy has fancy plans; and pants to match.
I don't know about you, but I'll be moving to a place where freedom from inherently evil large corporations is absolute: North Korea.
Given a reasonably level playing field, who would win a fight between a bear and a shark?
My analysis would be that we should just discontinue our usage of that which we do not condone, but many people are pawns, and will gravitate to that which pleases them. I don't watch nearly as much TV as when I was younger because a lot of it now-a-days is crap. If they introduce all kinds of expensive, privacy invading 'Smart Cards', into all new entertainment equipment, I'm sure I could find plenty of other entertainment options if need be. And if enough people do the same, like going back to reading books, those 'industry analysts' would get the hint quick enough and advise industry not to screw with people as much. Of course, this is my utopian dream-world, and like I said, people are pawns, and they'll let themselves get screwed anyways because they're 'being kept happy.'
Most bands are easy enough to reach, at least fanclub wise. Send cash, send often. Or, to a lesser extent, buy a tshirt, see a concert (even though these are split up too, they probably get a bigger share than from the cd sales...)
"The option isn't available to me" is so typical of America these days. Piss.
Industry analysts are so often quoted in the press, but just where do they find these people? It seems like a great job if you can get it.. getting paid to give painfully obvious, yet wholly ambiguos answers.
One example could be this: Media industry gets hard-on about this new scheme to castrate the 'stealing bastards'. Then the media industry pushes their screws to the broadcasting industry by telling they have to conform to this kind of copy control scheme by changing the way they broadcast stuff, and phasing out the old ways. That leaves the Joe P. Ublic and his old, now obsolete home entertainment system sitting in dark, wondering if they should buy the new, castrated system after all, to get -any- media coverage.
I admit, it'd be a bit of work, but media could also 'lean' on the politicos... One example of this kind of tactics is in Finland, where the old analog TV service is changed to digital by end of summer. It wasn't something customers have been demanding, nor do customers see much use, as equipment will be expensive (even set-top boxen) but government went full-steam after digitalization of TV. So we get it, no matter what we (customers) think about it. Of course, in USA it's bit different, but the way your country turns Corporate, it might not be impossible in few years' time. After all, media industry is one damn big moneybin for politicos to line their pockets from. And movie starlets still have glamour with politicos, and media can polish those politician's public image that keep the media's money flow rising. I don't sya you shouldn't vote with your wallet, but keep your eyes open that no-one doesn't come to you with big stick and ask you to 'voluntarily' give your wallet away.
Protected content is going to be sold to the masses the same way cigarettes are sold. Pause for a second and imagine if cigarettes were a new product being announced, picture the /. headline:
R.J. Reynolds, well known for its food wraps, has announced a recreational drug. In many ways similar to the illegal drug marijuana, this new drug is made from the dried leaves of plants, wrapped in paper, and is meant to be ignited and smoked. Pre-market studies have concluded that this product will be addictive and have negative health impacts. The government has required the package to contain a warning. R.J. Reynolds has said they will promote this new product heavily by celebrity endorsements and a massive advertising campaign. The question is, will the public buy it?
Okay, back to reality...
Once 14-year old Jason can't get his favorite songs on "standard" CD anymore and a new smart card protected player comes out, you can bet your fair use he's gonna bug the hell out of his parents for it. Of course, MTV will feature ads making standard CD players look "so last century" and maybe feature discounts on clothing, food and music if you present your smart card at select retailers. The industry will lure in its most valuable customers (teens and young adults) by offering discounts and heavily promoting the products with celebrities. It worked for cigarettes, and it will work again. At least smart cards aren't harmful to your health.
Don't worry though, as it has been said before, you can still record anything you can hear. For exact digital copies, ripping tools will still be made, albeit illegally. Don't want to smoke tobacco? You can still smoke marijuana, albeit illegally...
Yes I'd like to live in a world where I can make perfect digital copies of music I have purchased... It would be even better if I could get music I haven't purchased, for free. However, the reality is, we live in a world with macrovision, smartcards, DeCSS lawsuits and a large entertainment industry that couldn't sustain itself if the underground piracy that really didn't hurt its bottom line became mainstream. Just like free ISPs, you can only give away the farm for so long before you buy the farm...
Oh, and I don't smoke (well, as long as I'm not on fire).
---
DRM is like antifreeze, to the MPAA/RIAA it's sweet, to the consumers it's poison.