EFF Comments on HDTV Copy Restriction Plans

Seth Schoen writes: "EFF has been following the work of the Broadcast Protection Discussion Group (which was featured in a CNet article linked from slashdot on Thursday) since it was founded in November. Co-incidentally, we today released an EFF overview of this work which contains some of our criticism of these efforts to control the ability of future consumer devices to record digital HDTV broadcasts."

For Personal Use Only

[stuffman64]

As the article points out, PVR's do not use removable media (hey, now there is a good idea for me to patent... if only I believed in our patent and copyright system and it was how it should be). Therefor, it makes it nearly impossible for me to distribute/lend my copy to someone else (network TiVos are something else). This was the video industry's major gripe against VCRs when they were introduced. All though I would be quite enraged if they prevented me from recording broadcasts on a removable digital media, I would be far more enraged if I could not make digital recordings on a PVR.

Ultimately, IMHO, something like SCMS will be introduced to prevent multiple perfect digital copies originating from one source. However, SCMS was a joke for MiniDisc/DAT-- many units simply ignored the copybits or gave the option to turn them off. If worse came to worse, you can whip up a bit stripper and copy until your heart is content. Hopefully, if we end up getting a SCMS-like system on digital broadcasts, it will be taken as seriously as it was on MD/DAT and/or be very simple to beat...

...Then, of course, we would violate the DMCA and go to jail for months before our arraignment...

Re:Content?

[sallen]

If they actually had anything on TV worth _watching_, this might make a wee bit more sense. I might as well stand by the curb next to my garbage... carrying a shotgun and hollering.

Who cares - waste your money protecting it if you want. Nobody's gonna steal what's on TV. Most of us like two or three channels which we need the full package cable to get, naturally.

I don't disagree with you there, on the content angle. I loved the part in the article that said studios wouldn't broadcast their movies over-the-air unless there was copy protection. That's BS. Most studio's and over-the-air networks are owned by the same corporation. (CBS=Viacom=Paramount FOX=20th/21st Century Fox ABC=Disney) They aren't going to forgo all those ad dollars. I really don't care there as I don't park my butt in front of the TV all that often. But if they insert 'flags' to prevent recording of movies, then they'll do it with any NFL, broadcast, etc. That WOULD make me angry.

I have a very simple solution. They say they won't broadcast high def movies without copy protection? Fine. Leave me my right to time shift, and I'll leave them their's not to broadcast a movie. (As well as not being able to shut down my TV. You DO know the copy group wants to be able to shut down a TV remotely, don't you? I know they've looked at that option closely.)

kuro5hin

No, check these threads. At least you know that you won't be censored there. Also, it'd be nice to see if the kuro5hin moderation scheme works under slashdot-like loads.

Also, kuro5hin's open submission queue for stories is looking especially attractive right now. It doesn't look like the Slashdot editors are going to let any stories through that are critical of their site.

I don't see why a secure digital VCR is that hard.

[Kjella]

1. If the HDTV signal is unencrypted, flagged or not, creating a workaround, or a non-compliant device would be trivial. Since the copyprotection is a one-time thing (that is, once it's out, it's out), it won't work. (Yes this means they'll have to break all current systems, or upgrade them).

2. So let's assume we have an encrypted HDTV signal, which TVs can somehow decrypt, most likely with a CSS-style encryption, I'd guess 128/256 bit this time around.

3. We must assume that the signal being transmitted is in a format that makes it impossible to record directly, either by a varying session key (negiotiated through public-private cryptography) or artifically inflated size. If not we could just hook up any genenric device in the middle and replay the same signal.

4. Due to 3., the video will need to be able to decrypt the signal, it can't just store the encrypted signal and play it back as needed.

5. It's unreasonable to assume that the recording media, harddisk or DVD+RW, can be kept kept secure (they've dumped the contents of the Xbox already). So, we need a cryptographically strong encrypted file format.

6. Since we from 5. don't trust the disk, we can not uniquely identify it. To ensure that this is a recording we should play, we need an authentication system.

7. Presumably the best option would be to have a system like pgp, where there's a symmetric key, and public keys to find the symmetric key. Naturally the recorder would encrypt it using its own public key. This is basicly overkill until we introdouce the next point.

8. Limited sharing. In addition to adding its own key, the player could also add a limited noumber of other keys. These public keys you could get in any format you'd want that the player would understand (delivering your recorder with a stack of cards to give to your friends, an electronic version, whatever, this is public). However, since we can't trust the disk (add max noumber of friends, copy back the one without friends, add new and so on) we need either to include these keys only at recording, or keep a track of how many keys we've added pr. recording in a secure flash RAM or similar. The last is clearly preferable, and as we have a built-in encryption we might as well keep the data there encrypted too. Naturally, only the original recorder would add keys, any other would simply only play it.

9. Now I feel we have a reasonble digital VCR. It'll let you give your movies to some friends (I haven't specified a noumber, that's a matter of opinion), but you can't put it up on the Internet for all to leech. You can use standard media (harddisks, writeable DVDs, writable cds. You can backup the media, and they will still work. This was for your basic Reciever -> VCR -> TV setup. However, there is still some way to go.

10. VCR to VCR hookup. As it's all digital there's no quality loss, obviously it's a potential leak. Basicly we need a flag to tell if this should be recordable and how we should pass it on, only now that it's encrypted it's working. It would be a standard SCMS-system (No copy, copy once, free copying) The problem is that this will probably be abused by the media companies to sell you content (uhh sorry, licence you the right to see content) that you can't record. The solution would be to require by law that all broadcasts should be set to at least copy once, I don't see any possibility of technically identifying the source.

10. HD-DVD -> VCR -> TV. High Definition DVDs present a problem. Surely we'd like to be able to make a backup of a HD-DVD, and to keep one on the harddisk instead of putting in the disc every time. However unlike broadcasts a DVD can be played over and over again, and we wouldn't want an unlimited supply of copies, nor do we want an unlimited noumber of people able to make a copy, so the encoding in 10. would have to be set to no copying.

Once again I see using the recoders public key as useful, this time when buying the DVD. When buying you should get the DVD, and also the encryption key to the DVD encrypted with the recorder's public key. Once at home the recorder can take the encrypted data (I assume here the VCR has a built-in DVD player, if not, a way to request the encrypted data from the external player, which should be possible as they're harmless without a key) and create a backup that can not be played on other players.

However, you can now make as many backups you want of the file on your harddisk. So you have a disc which will play on all players, but can't be recorded, and as many backups as you want, however all backups will only play on your recorder. Naturally, this does not work with second-hand sale but it's unfortunately impossible to make neither the player nor the disc aware of this and allow a new owner to make backups.

11. When going to the store as described in 10., it's vital that the key is the recorder's, and not a public/private pair that is known. So, the key must be signed by the VCR producer. Also, all stores would have to have an (on-demand) electronic connection to a server which will give out the keys. So if the phone lines are out, no keys. The DVD will still work as a DVD, but you'd have to come back later to get key for your VCR.

12. Lost/stolen. All depends on the encryption keys, doesn't it. So, we'd want a backup of the private key to exist, however we wouldn't want someone to actually *have* the private key, nor do we want the Big Brother register of keys. Solution: Smart card or similar with the private key, encrypted with the manufacturer's key. This should be consider a valuable right up there with your silverware. With it you should be able to get a new one just like you would if it was permanently broken or you wanted to upgrade it, see below.

13. Upgrade/broken. Fundamentally, we could replace it with an exact copy, provided we had the private key. However, it would be much more convienient if we could take a different player and make it play the old disks. And we can. Once again we'll need the connection to the manufacturer, who'll return the private key of the old player, encryped with the public key of the new player.

14. For 12. there'll probably be some fundamental abuse checks. If the player is lost/stolen, a copy of the police report or similar. The upgrade feature should transparently upgrade all disks made using the old system (decrypt key with old, encrypt with new) to make it more difficult for people to use both the new and the "lost" player. The old player should be blacklisted in the server in 10., to note if someone is still buying DVDs to backup them on a "lost" or stolen player.

The automatic upgrade also saves some complexity as it won't have to deal with upgrades of upgrades of upgrades, only one generation.

15. Unsolved problems - limitations. The biggest one is the problem of what happens if one machine is replaced by several. Several old machines being upgraded to one new is no problem, but what if the family buys another machine for their son/daughter, or who gets the recorder in a divorce? Naturally, they could (and would) be designated as one of those that can play the recordings, but that doesn't give them the recorder's ability to add others that can watch them, nor can they move the DVD backups.

Potentially one could create a profile system, where each profile could get upgraded individually, however it's unlikely that people would bother using it, as there's no point until the day the problem arises. Maybe if it could be tied in with some value-adding components, like a personal TV guide with your channels, your "tell-me-when-this-is-on"-list, "record-this-for-me"-list etc., maybe some fundamental access control (pin code for those porn flicks you didn't want anyone else to see) and so on.

Another limitation is that of fair use. This grants backups (compared to none of todays DVDs, short of using DeCSS or similar), it grants lossless but limited sharing of broadcasts (compared to lossy but "unlimited" today, but I wouldn't want the 30th generation video tape, I'd say it's fair enough). However, it doesn't allow you to use that clip in any other way. The fundamental problem is that there is an unlimited noumber of copies, all exactly alike. One of the key conditions for fair use is that it usually involves a small part But those unlimited noubmer of small parts can easily be put together to an unencrypted whole, so I don't see a way to reasonably implement fair use digitally, without at the same time opening up Pandora's Box. First generation analog, at some reasonable quality will have to do, there's a balance to be kept here. As you'd have to have set-top boxes for current analog standards, I guess NTSC/PAL would be it.

16. Bottom line. The bottom line is, I haven't seen them trying very hard to come up with a technical, instead of legal, way of doing things. It's possible, it can be made fairly reasonable (except for all those that have bought a system that can't handle an encrypted HDTV), but I admit, I prefer my normal DVDs (after DeCSS) and DivXs as much as the next guy. But I see how they skew things too much to the side of the consumer, and I don't blame MPAA for trying to prevent free copying. There's a balance here between what's fair for the industry and what's fair for the consumer, but like most other things in the digital world it's very fast either 0 or 1 - rarely a good balance.

Kjella