Slashdot Mirror
HDCP Encryption Cracked, Details Unreleased Due To DMCA
Lord_Pall writes: "There's a very good article on SecurityFocus about a Dutch cryptographer. He apparently has cracked the HDCP video encryption standard, but won't release the research for fear of reprisals under the DMCA."
Update: 08/15 06:10 PM by J : Meanwhile, see
Keith Irwin's paper
which has been released despite the DMCA.
Update: 08/15 07:00 PM by J :
And someone else points out
this old thing.
Everyone who hasn't written a paper on cracking HDCP raise your hand.
Look, these guys aren't after The Ultimate Unbreakable Encryption Mechanism. They're after something that will prevent the average person from gaining "unauthorized access" to their content. And as you note yourself, they aren't after the guys generating bootleg copies. They want to prevent the average person from being able to make useful copies of their content.
Why?
Simple: their goal is pay-per-view/use. They want to be able to rent their content out to people, and prevent said people from ever having a permanent copy. Because a permanent copy obviously defeats their ability to rent that same content to whoever has that permanent copy.
The reason this will work is that most people (obviously) aren't technically inclined and aren't capable or even interested in cracking copy protection schemes, nor are they interested in going through the trouble of "going around" the problem (e.g., by recording to analog media). They just want to view the content.
The Big Corporations know this. They're counting on it. But they need something like the DMCA to pull it off. Why?
Because they know that it's fundamentally impossible to create a crackproof system. So instead of directing their energies towards that goal, they directed it towards creating the DMCA. If people are prevented by law from creating or distributing the means to crack content control systems, then companies can successfully force pay-per-view content down the throats of the people.
The corporations also know that eventually a content control cracking mechanism will become available to the general public anyway. So when it does, they know that it can't do anybody any good if the general public can't easily get its hands on it. Why do you think they're working so hard to shut down P2P distribution mechanisms? By doing so, they successfully remove the means for the average person to get their hands on content-control cracking mechanisms and the content that would result from the use of said mechanisms.
The corporations don't care about the rights of the people. They only care about their money. They will do everything in their power to get it. The only difference I see between them and the mafia is that the corporations use law enforcement itself as their strong arm.
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
I think a fairly straight forward explanation such as "Would you want to drive a car that hadn't been independently crash tested?" or something. The ability to test encryption schemes would be easier for the lay person to understand.
-- Who is the bigger fool? The fool or the fool who follows him? --
Charming. Now foreign nationals who visit the US are afraid to release details of weaknesses.
Good, I say. Serves 'em right. Once something people want to steal is released with the format, then the details will come out, and people will steal it. By not quashing discussion, they might have been able to fix it while still in R&D, but by taking the I'm-putting-my-head-in-the-sand approach, they're shooting themselves in the foot.
The truth about Scientology, Xenu, and you: Operation Clambake
Tell that to Sklyarov.
However, even by claiming to have broken the encryption, he's placing himself at risk of being investigated, and possibly detained and questioned should he ever visit the US. (If I were to publicly announce that I had commited a crime, I would expect the authorities to take interest in me.)
Cheers,
Tim
It's official. Most of you are morons.
Intel spokesperson Daven Oswalt says the company has received several reports from people claiming that they have broken HDCP. But he says none have held up, and the company remains confident in the strength of the system.
...and yet all of these companies still think that the DMCA is good for them.
It's amazing how on how many levels the DMCA is a bad idea. It's squelching freedom of speech, and it's preventing the companies from producing technical systems that can effectively produce total control over their customers. Of course, the free-speech-squelching part is serving the total control purpose, and since it's the executive and legal divisions of the companies that decide what the companies "want," they probably are happier that way. And that is the real tragedy-- that and the fact that they can US legislation.
(To be fair, given the description of the attack, Intel is probably right that it still does prevent "casual copying." On the other hand, it angers me that they're trying to prevent casual (including fair use) copying, but don't mind that somebody willing to invest some money in hardware and a couple of weeks can start producing bootleg devices. Who's their real enemy here? Customers trying to exert fair use rights (and, yeah, maybe occasionally illegally copying content)? Or overseas customers producing and selling wholesale bootleg copies?)
-Rob
One more reason the right to post anonymously is a good thing.
Learning HOW to think is more important than learning WHAT to think.
There was a time when encryption was done to ensure it couldn't be broken. Now it seems like organziations are using the DMCA as a way to prop up bogus standrads that are dangerous due to their flaws (*cough*ebook*cough*)
Its hard enough trying to explain why Dimitry should be freed. But how can you convince a legislator or govt official that the DMCA is bad for encryption without risking prosecution? Its a scary catch 22.
Even though the Dimitry case is getting some press (Time Mag had a 2 page article - well written), I still only see proposals to slightly change the law. Not enough to allow full reverse engineering for research and the ability to expose flaws in products. Seriously - an encryption standard used to say encrypt some copyrighted work gets hacked, the victims sue showing why its such a bad encryption std and the lawyers for teh company using the bad encryption get it disqualified because its illegal to bypass encryption or copyright schemes.
Far fetched, maybe, but I really fear we will continue to see substandard encryption schemes passed off as workable because folks are less likely to publicize flaws in them if they are tied to teh DMCA.
Sure this may help open encryption standards, but we all know where the commerical money goes, so goes the world. Bad encryption standards used for IP materials and protected by the DMCA would soon be sold to businesses for privacy and such - exposing those businesses to serious exposure since the encryption std is probably less secure due to less folks trying to find flaws for fear of prosecution.
Maybe we need a contest - free tshirt to the person who manages to come up with the Chicken Little 'the sky is falling' explanation for why the DMCA is bad that'll get Joe six-pack up in arms :)
Top Most Bizarre/Disturbing Error Messages
It will be interesting to see if once it does get out, if companies will seek to hold him responsible, even if e doesn't release it himself. I winder if the DMCA covers the eventuality of having done research which facilitates bypassing encryption. It really isn't that far to go from doing research (and finding the solution) to writing the software that actually performs the operation. Will it become a crime to do research?
--CTH
--Got Lists? | Top 95 Star Wars Line
Lots of us said that for the SDMI contest we should say "yeah, I can crack that" but not release any details (even if we really could crack it). Let them sweat it out.
Now the industry is starting to get this treatment because of its own heavy-handedness. If some FUDster claims he can crack $ANTIPIRACYTECHNOLOGY but won't prove it, no one will will be able to call his bluff effectively.
Meanwhile, full-quality bootlegs continue to pour out of Taiwan. Society has nothing but reduced rights and privileges to show for all this.
Sheesh, evil *and* a jerk. -- Jade
"You can be sure that somehow, somewhere, someone will duplicate my results especially because I am telling them that I have results," says Ferguson. "Someone who is braver, who has less money, and who doesn't travel to the U.S."
This, right here, is his mistake. If, in the near future, those master keys are published, I bet a nickel that Ferguson gets hauled up for a lawsuit (or perhaps even criminal prosecution), for exactly the reasons that he states here himself. It's extremely stupid, but on the other hand, I can easiliy see an overpaid bunch of useless humanity (i.e. corporate lawyers) effectively convincing judges and law enforcement officials that Ferguson should be liable. They would be right that he probably helped along other efforts to crack the encryption doing nothing more letting people know that it was possible. Ferguson's mistake is in thinking that the dunderheads who thought that arresting Sklyarov was a good idea will let him slide after he's said this.
The world is a cold, demon-haunted place nowadays. It sickens me to be a citizen of this country that so hypocritically prides itself on being free.
-Rob
Free Hans!