HDCP Encryption Cracked, Details Unreleased Due To DMCA

Lord_Pall writes: "There's a very good article on SecurityFocus about a Dutch cryptographer. He apparently has cracked the HDCP video encryption standard, but won't release the research for fear of reprisals under the DMCA." Update: 08/15 06:10 PM by J : Meanwhile, see Keith Irwin's paper which has been released despite the DMCA. Update: 08/15 07:00 PM by J : And someone else points out this old thing. Everyone who hasn't written a paper on cracking HDCP raise your hand.

Re:They are so stupid

[kcbrown]

...and yet all of these companies still think that the DMCA is good for them.

It is good for them.

Look, these guys aren't after The Ultimate Unbreakable Encryption Mechanism. They're after something that will prevent the average person from gaining "unauthorized access" to their content. And as you note yourself, they aren't after the guys generating bootleg copies. They want to prevent the average person from being able to make useful copies of their content.

Why?

Simple: their goal is pay-per-view/use. They want to be able to rent their content out to people, and prevent said people from ever having a permanent copy. Because a permanent copy obviously defeats their ability to rent that same content to whoever has that permanent copy.

The reason this will work is that most people (obviously) aren't technically inclined and aren't capable or even interested in cracking copy protection schemes, nor are they interested in going through the trouble of "going around" the problem (e.g., by recording to analog media). They just want to view the content.

The Big Corporations know this. They're counting on it. But they need something like the DMCA to pull it off. Why?

Because they know that it's fundamentally impossible to create a crackproof system. So instead of directing their energies towards that goal, they directed it towards creating the DMCA. If people are prevented by law from creating or distributing the means to crack content control systems, then companies can successfully force pay-per-view content down the throats of the people.

The corporations also know that eventually a content control cracking mechanism will become available to the general public anyway. So when it does, they know that it can't do anybody any good if the general public can't easily get its hands on it. Why do you think they're working so hard to shut down P2P distribution mechanisms? By doing so, they successfully remove the means for the average person to get their hands on content-control cracking mechanisms and the content that would result from the use of said mechanisms.

The corporations don't care about the rights of the people. They only care about their money. They will do everything in their power to get it. The only difference I see between them and the mafia is that the corporations use law enforcement itself as their strong arm.

They are so stupid

[rknop]

Intel spokesperson Daven Oswalt says the company has received several reports from people claiming that they have broken HDCP. But he says none have held up, and the company remains confident in the strength of the system.

...and yet all of these companies still think that the DMCA is good for them.

It's amazing how on how many levels the DMCA is a bad idea. It's squelching freedom of speech, and it's preventing the companies from producing technical systems that can effectively produce total control over their customers. Of course, the free-speech-squelching part is serving the total control purpose, and since it's the executive and legal divisions of the companies that decide what the companies "want," they probably are happier that way. And that is the real tragedy-- that and the fact that they can US legislation.

(To be fair, given the description of the attack, Intel is probably right that it still does prevent "casual copying." On the other hand, it angers me that they're trying to prevent casual (including fair use) copying, but don't mind that somebody willing to invest some money in hardware and a couple of weeks can start producing bootleg devices. Who's their real enemy here? Customers trying to exert fair use rights (and, yeah, maybe occasionally illegally copying content)? Or overseas customers producing and selling wholesale bootleg copies?)

-Rob

Will the DMCA hurt encryption badly?

[baptiste]

I just can't help but think that as more and more people discover flaws in encryption standards that we the users lose in the end. If crackers won't release details of how they cracked an encryption standard, where's the motivation for that standard to be improved? You can say the bad press is enough, but heck - if nobody releases details, how are we to believe its true?

There was a time when encryption was done to ensure it couldn't be broken. Now it seems like organziations are using the DMCA as a way to prop up bogus standrads that are dangerous due to their flaws (*cough*ebook*cough*)

Its hard enough trying to explain why Dimitry should be freed. But how can you convince a legislator or govt official that the DMCA is bad for encryption without risking prosecution? Its a scary catch 22.

Even though the Dimitry case is getting some press (Time Mag had a 2 page article - well written), I still only see proposals to slightly change the law. Not enough to allow full reverse engineering for research and the ability to expose flaws in products. Seriously - an encryption standard used to say encrypt some copyrighted work gets hacked, the victims sue showing why its such a bad encryption std and the lawyers for teh company using the bad encryption get it disqualified because its illegal to bypass encryption or copyright schemes.

Far fetched, maybe, but I really fear we will continue to see substandard encryption schemes passed off as workable because folks are less likely to publicize flaws in them if they are tied to teh DMCA.

Sure this may help open encryption standards, but we all know where the commerical money goes, so goes the world. Bad encryption standards used for IP materials and protected by the DMCA would soon be sold to businesses for privacy and such - exposing those businesses to serious exposure since the encryption std is probably less secure due to less folks trying to find flaws for fear of prosecution.

Maybe we need a contest - free tshirt to the person who manages to come up with the Chicken Little 'the sky is falling' explanation for why the DMCA is bad that'll get Joe six-pack up in arms :)

Essay by Ferguson

[Apotsy]

Here is where Ferguson explains his position.

This is a very good essay. It does an excellent job of explaining the problem with the DMCA succinctly, and in a manner than anyone can understand. I'm going to keep this link and use it whenever I want to explain the problem with the DMCA to someone non-technical.

In related news

[alexjohns]

I've uncovered the secret ingredients in the Colonel's spices and McDonald's Special Sauce. I figured out where Amelia Earhart has been all these years. I know whether or not the moon landings were faked, who shot Kennedy, and how many stones there are in the Washington Monument.

I have decrypted the secret code in the Bible, correlated it with the secret codes of the Baghavad Ghita, Talmud and Qur'an and now now the inner thoughts of all gods. I have unified field theory and quantum theory and will soon have a device that will bend all matter to my will.

I know the secrets of teleportation, telekinesis, telepathy, and how to get women to want me. I know the secrets of every three-letter agency in government, the Psychic Friends network, and the US Postal Service.

Unfortunately, due to the nature of the DMCA, I am unable to share my findings with others. I suppose I'll have to get on my FTL spaceship and find a more genial planet. Ta-ta!

Good!

[JoeShmoe]

This is a Good Thing(tm)! If the details aren't released, then it's just rumor, speculation and slander against the HDCP standard!

That means the HDCP consortium can continue on their merry way to rolling out their video solution...and then after we have all this great content available...THEN we can have someone release the information (I see Lawrence Lessig waving his hand there in the back).

Think about it. If the Crack SDMI has come back with nothing but failure...then maybe we would all have GB of juicy full-quality (minus watermarks, ahem) songs sitting on our harddrive awaiting a simple watermark snipper.

Thank you DMCA! Chilling research only delays the inevitable! It doesn't stop it!

- JoeShmoe

The Complete Document

The Complete Document can be found here:

http://www.macfergus.com/niels/dmca/index.html

Very good stuff. Too bad they didn't link it in the story.

DMCA-like legislation coming ot a country near you

[hillct]

Many countries are cinsidering DMCA type legislation to bring them into compliance with the WIPO Intelectual Property Treaties. For more on the the legal constructs being cinsidered by the World Intellectual Property Organization, see their whitepaper "Technical Protection Measures: The Intersection of Technology, Law, and Commercial Licenses" (M$ Word or PDF). Take a good look at this stuff. It's important that people fully understand the actions being taken by WIPO and begin to realize that arguing about your rights or my rights isn't the critical issue. The critical issue is that if WIPO has their way, there will be no protection for citizens of any country, from potentially usurous and monopolistic IP practices.

--CTH

Re:Next DMCA test - prosecution for doing research

[wiredog]

Will it become a crime to do research?

Of course not. What, do you think some company is going to file charges and get the FBI to arrest someone from Russia just because they give a talk about their work in Vegas? Or that an industry trade group would threaten a lawsuit if a college professor tried to present a research paper? My god, people are paranoid around here! Next thing you know they'll be saying that the Big Corporations are trying to outlaw reverse engineering!