Slashdot Mirror
Vivendi Universal vs. News Corporation
timbo_red writes: "According to a BBC story, NDS, a company 80% owned by Rupert Murdoch's News Corp is being sued by Canal+ for allegedly cracking their smart cards, which could have had a serious effect on ITV digital, the major UK competitor to Murdochs Sky digital in the UK pay TV market."
Big Corporations crushing ingenuity in the use of their products. Wow, now I never could have seen that coming. $ before innovation I guess.
I hate sigs.
It'll truly be interesting to see how the DMCA trump card gets played out in this game, goliath vs. goliath.
So it seems that Canal+ are alledging that NDS (which News Corp alledges operates independantly despite being 80$ owned by NC) cracked their smart cards and published the result online! Either something very sinister happened (but I can't see how this would benefit NC as it would simply provide digital TV service of the wrong kind to their potential customers also) or this is the act of one person (or a very small group) within NDS who were stupid enough to post the crack from a trackable IP. It would be nice to know more, anyone have any substantial links?
Never underestimate the dark side of the Source
A French subsidiary of a French multinational is suing a British subsidiary of an (Australian?) (British?) multinational in a U.S. court, over a conspiracy centered in London?
Is this some sort of Pythonic joke?
668: Neighbour of the Beast
A French Company sues a British Company in a California courtroom. I guess I don't understand why they took them to court in California. Seems kind of far for both companies. To the best of my knowledge, neither service is offered in California, are they?
So, according to the article, NDS spent "huge sums" cracking the codes. It seems to me, that if the codes were sound, it should have been mathematically impossible for them to crack it for any amount of money (short of an optical, or quantum computer, of course). And if they weren't, why did they need to spend so much money on it?
DeCSS didn't have any huge backing...
Vivendi could simply be protecting its encryption as they say, but after their actions regarding bnetd (and email responses received from them after voicing my complaint), I am definitely leaning toward the side of *anyone Vivendi takes action against.*
Anyone else feel this way?
"Are you on some kind of medication?"
"No"
"Well, you should be."
--Bean
Todays top tip:
If you're a bit drunk and squint at the screen, you can see almost everything going on in the Friday night porn show on Canal+. Hours of after pub fun, and no expensive decoder card necessary.
Here in Morocco, Canal+ Horizons (the digital service for Morocco) shut down because of local piracy of FRENCH Canal+. (in French)
I think it has a lot to do with clever hackers and the Internet propagating stuff, and very little to do with some big corporation.
It may be, however, that someone working there just happened to be a pirate at the same time, since he'd have had access to hardware to help him to crack Canal+.
Conversion Rate Optimisation French / English consultant
Hong Kong Gets Smart ID Cards
As several posts pointed out in that thread, it is only a matter of time and equipment to crack smart cards. We should also be conserned with how this technology all seems to be heading in the direction of the mark of the beast. Can it really be that long until we have to have an implant of a smart chip like this to buy and sell anything?
Lawrence Lessig is my personal hero.
Since DirecTV is happy to sue the pants off anyone hacking their access cards... made by NDS!
AFAIK is not "mathematically impossible" to break even the strongest crypto available. It is "computationally infeasable." I.e., it's mathematically possible (by factoring all the large primes that could have been used for the key, for instance), but you can't afford the time/money (mostly time) required.
"ITV Digital may be more popular than had been thought," a source close to the case told BBC News Online.
Hmm. ITV's premuim channels clearly make their money from subscription fees, so who cares if your service is popular with people who aren't willing to buy it? ITV's regular stations appear to have commercials, so maybe it wouldn't hurt them to drop their prices and encourage folks to watch them legally.
The DMCA is US law, not British/French law, asswipe.
Except the mark isn't "666", it's "VISA."
From the story:
News Corp has said that NDS chiefs operate independent of the media giant.
Interesting way of putting it. They could have said something more along the lines of "We didn't know what they were up to". Now they merely say that they didn't interfere. So, does this mean that News Corp knew what NDS was doing? :-)
You mean the EUCD. This is, after all, a European case. I don't know if this directive has been passed into law by the participant countries yet.
Well, News Corp. would have a huge incentive in these codes being broken, as it is putting a serious strain on ITV Digital who uses these cards, through people getting the TV for free. The main rival of ITV Digital? Why, if it isn't Sky Digital, part owned by...News Corporation.
I'm certainly not suggesting that Murdoch would go so far as to instruct one of his companies to undermine a competitor of another of his companies by cracking their code...but you never know.
Quick summary for US readers - Canal+ (the french cable TV channel) uses SECA encryption, which is also used by ITV Digital (formerly OnDigital), the UK's terrestrial digital provider. Terrestrial digital is basically digital TV transmitted over the airwaves.
:)
The choice of SECA was considered unwise when OnDigital selected it, as SECA was already at that point known to be broken. Naturally, pirate cards started circulating shortly afterwards. The smart cards now sell for as little as 10 pounds (about 15 dollars) and card programmers can be obtained for about three times that allowing people to keep up to date.
At the moment, the UK has an arms race between ITV Digital and the pirates. ITV Digital will start broadcasting "ECMs" which exploit weaknesses in the pirate cards to cause them to crash (so they can't display TV). The pirates promptly fix their cards and release the new version, at which point it starts over again. There are several competing pirate codes around, and new versions are being released almost weekly.
There is a rumour that ITV Digital are less diligent than they need to be in tracking down and killing pirate cards, as these cards increase their marketshare against that of Sky (Murdoch's satellite TV company, the dominant "extra" TV company in the UK). This would be a tactic reminiscent of the way that pirate installations of Windows / DOS made those operating systems the standard in the past - whether there's any truth in the rumours is obviously uncertain, however.
Anyone interested in more information should consider the newsgroups uk.tech.digital-tv and uk.tech.digital-tv.crypt, although be warned that those groups are infested with pirates, script kiddies and the usual crop of 14 year old flamers!
Whatever technology Canal+ placed on their smart cards, it would have been picked apart, prodded, poked, and eventually cracked and placed on the web regardless of funding from the big company.
In this situation, Canal+ actually has the advantage of being able to point the finger at the Big guy with the huge corporate pockets and get some payback for loss of revenue.
Good or bad? Who knows? Inevitable... definately.
Canal should count themselves lucky that they might get damages awarded by a court as opposed to what they'd get if it was joe schmoe locked in his basement who cracked the smart cards, as happened with most other smart card technologies.
I can see the motivations behind NDS wanting to know how the competition's smart cards work.. it's a simple matter of knowing what the other guy is up to. But placing it on the web was just dumb. I highly doubt this was a corporate decision. Most likely just some geek in the cube maze wanting to share the goods with friends. From what I can see in the article, they've refused to comment on the issue. Anyone have any info on where the decision to post it publicly came from?
Moral indignation is jealousy with a halo - H. G. Wells
When big boys like this start duking it out over greed based issues, and lets be honest thats what this is, the end is near, It woulda been more fun to see say sony vs disney or maybe someone else they dont already own :)
:)
Remerber when Ibm started trying to sue all the clone makers ? Or apple. Remeber when Sony sued over the betamax, or so on so forth.
I think what happens is greed reaches an apex, it cannot make money off going after the little guys distributing css, (it can try to limi it) but at some point it all falls like a house of cards when companies like this focus all their energies out of squeezing every last cent out of anyone for any reason , and in the process become a company for which litigation is their core business. V/Unv core business is supposed to be entertainment. I wouldnt know I have boycotted any materials, my small part in the struggle. But it seems no longer like a company interested in entertainment but more so litigation.
When companies like these start running around suing each other its often too late and they are only trying to salvage what they can, or make a stnd where they are, anyone know their current financials ? (the real ones please
Sig went tro...aahemmm.....fishing........
I think you're using the wrong troll post mad-libs form. Usually it's several paragraphs long, and talks about "charnel houses" a little more than that. Also some faked-up statistics.
Just trying to keep the quality of trolling at an acceptable level,
Your right to not believe: Americans United for Separation of Church and
If they want to increase their market share, why not just offer the service free or at a discount?
- Bugs in the code on the card. This is somewhat analogous to
buffer overflows and format string bugs in poorly written daemons like IIS,
UPNP, and BIND. Often the first thing that hackers will do with a new
smartcard is to explore its known instructions to try to find "read holes"
(which let you read the ROM or EEPROM) or "write holes" (which allow you to
modify the code on the card).
- Glitching. In order to circumvent the security on smart cards,
some hackers will buy a special device called a "glitcher" that momentarily
lowers the power supply voltage going to the card at just the right
time in order to get the CPU on the card to skip the desired
instruction. The result is that the security on the card can be bypassed.
In the case of DTV access cards, glitching is also used to "unloop" cards
that have been illegally modified and subsequently disabled by DTV's
electronic countermeasures.
- Replay attacks. Often a card may be convinced to accept ROM
updates by crafting an instruction packet that appears to be an authorized
update, but in fact has a forged signature on it. This is caused by the
use of weak mathematics such as IDEA and CBC, which have been almost fully
compromised.
- Communication logging. Often, critical data that passes between
a card and its peer can be observed and logged. This data can leak
important decryption keys, passwords, and data.
- Power use analysis. Hackers with access to expensive equipment
can observe how much power a smartcard uses while performing a given
operation, and can sometimes deduce decryption keys from this power trace
as a result of poor implementation of cryptographic algorithms.
- Insecure operating environments. Some smartcard designers
choose to implement things like Java or Lunix on their smartcards, which
have proven security vulnerabilities and cannot withstand a dedicated
attack.
The one thing that surprises me about this article is that NDS spent a million dollars on this research. Satellite hackers who want to steal DirecTV's signal do the same thing for free every day, and usually do a more thorough job of cracking the card. However, the one lesson to take from this is simple: smartcard security Just Doesn't Work(tm).Bill
"NDS spent huge sums cracking the code on Canal Plus smart cards, and handed the code to a website used by fraudsters, documents filed in a California court allege."
IF... they cracked any sort of code, that should be enough to subject them to the DMCA, unless there is some sort of jurisdictional issue at play. Nevertheless, if they do business in the U.S., then the DMCA would apply to them (ask Elcomsoft).
NDS spent huge sums cracking the code on Canal Plus smart cards
They must be stupid or something, according to the number of existing decoders it doesn't seem to be so hard to crack.
I thought all TV in the UK was pay. I.e. the governement collected money for each TV you own so it could run the BBC.
Software sucks. Open Source sucks less.
No becuase NDS is owned by NewsCorp which is a US-based corporation. That's why they are suing in the US.
Well, more accurately they are suing in the United States because their web of interlocking companies in their conglomerate gives them the choice of pretty much any venue and the United States, as a company run (mostly) by lawyers, who pass and sign legislation designed to employ and empower more lawyers, which are in turn reviewed and interpreted by still more lawyers, is the most friendly nation to litigation of any sort on the entire planet.
Which of course means it comes as no surprise that we not only are the most litigious society on the planet, but everyone else in the world who wants to sue seems to prefer doing it here as well.
The Future of Human Evolution: Autonomy
This case underscores the global nature of society now, an issue further underscored by the Internet itself.
Really and truly, the idea of "jurisdiction" when it comes to "e-anything" is almost incomprehensible. I publish a web page here in California about barbecues and possibly break Indian law. I publish a (perfectly legal in the US) pro-nazi page with swastikas and break German law if Germans ever (god forbid) look at it.
In this kind of environment, "legal" falls to the least common denominator, whatever's left when everything illegal everywhere is removed. Not much of an argument for "free speech" since anything on the 'net is merely communication, after all.
Remember Dimitri?
At issue is that there is no international law (that the US will respect, anyway) and as a result of this deficiency, we see all kinds of craziness.
It's going to get worse before it gets better.(sigh)
I have no problem with your religion until you decide it's reason to deprive others of the truth.
WTF is with these damn gargantuan ads that slashdot keeps putting in the stories these days!!!
(now everybody post to this thread kibbitzing about Taco being a greedy digital ne'er-do-well and posting links to junkbuster)
Must be a chick or something. When my Y chromosone kicks in, I don't need alcohol to see porn everywhere.
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
Aren't both of these companies based out of the UK? Weren't all the alleged crimes commited in the UK? So why are they filing in California? My only guess is that Vivendi has a loyal judge there, and so is trying to make the case winable by using that judge for the case.
In Canada thanks to taxes a 24 cost about 32 bucks for low end junk (Blue, Canadian and the like). In the US, the taxes are much lower, i have seen beer cheeper then pop, so you save the taxes, which are close to 50%.
The DMCA is so valuable that companies are now moving their lawsuits into US jurisdictions so it can be applied. Now we just have to set up enough concession stands around the court houses so we can actually profit from all the lawyers that flock to our judicial system to escape the injustices of individual rights found overseas.
Not that I condone this sort of activity. As my cable provider regularly reminds me: Theft of Cable Service is a Crime.
What do you mean they cut the power? How can they cut the power, man? They're animals!
The DMCA is US law, not British/French law
As four of us cowards already wrote in this part of the thread, please read the article. The lawsuit is in the State of California, which is under the jurisdiction of the United States.
Moderators: please moderate up grandparent. I see no reason to mark it Offtopic.
-- Anonymous Coward, Esq.Now that people have had the time to read the article and find that it claims California copyright violations, yes, the DMCA might very well be involved.
Spank you very much, crack smoking moderators.
Newscorp's actually an Australian company & a relatively old one at that.
Mind you Murdoch got US citizenship to buy Fox
9 times in 10 it gets moderated upward. w00t!
Perhaps they're concerned Microsoft will sue them for stealing their MO?
But dad, that's FOX!
Ahh, UNDO, UNDO!!!!
Assumption: That ITV company has done something in an attempt to remove that Canal+ competitor from it's market.
This site seems to have a lot of commentators who are/were for leniency in the prosecution of Jon Johansen for the DeCSS crack. It was a case of a clever coder revealing the weakness in a big business content protection scheme for narrowband media. The resulting broohaha looked like using a nuclear device to swat a fly.
Now we have a potential situation with many similarities. One entity may have revealed weaknesses in another's content protection system. It's a system used to sell content to a wide audience. The Owning entity can and has lost control of their content as a result of the exposure.
Is one of these cases Morally OK while the other Morally wrong? Is Goliath cracking Goliath so bad if fly cracking Goliath isn't so bad?
Comments?
J:)
Oh well, no point in steering now.
Those of you who pirate DirecTV will notice that the new cards (look for them soon) won't bear the NDS logo on them anymore. There's been a big falling out between DirecTV and NDS over the hacking of their satellite service. NDS had to warranty to DirecTV that their technology wouldn't back hacked for a certain period, or they'd have to pay DTV a huge pile of money. Well, it was hacked (very badly), and the losses sustained by DTV are actually bigger than the NDS insurance policy.
With their biggest US customer dumping them, and this silly lawsuit, I think they're headed for bankruptcy.
I wonder how many people realise just how big this story is? It was broken in the Wall Street Journal today, which said this:
"Canal officials said in the suit they were stunned when they discovered that the software code that is imbedded in its smart card was posted on the Web site DR7.com in 1999. Representatives of the site -- which appears to cater to people with interest in digital TV, computer code and other things -- couldn't be reached for comment.
"Having identified the public security breach, Canal Plus Technologies engineers set about tracing it. According to people familiar with the matter, they began developing contacts in the hacker community who could help unravel the mystery. Canal's investigation took nearly three years."
What it means is that one of Europe's biggest media companies will be suing one of the world's biggest media companies, in California, over piracy. Can you *imagine* what the damages would be?
isn't NDS based in Israel?
For those interested "ECM" stands for Entitlement Control Message, it contains the control word (encryption key) used to unlock TV services.
The ECM itself is encrypted, which is where the smart card comes in, it decrypts the ECM and passes the control word it contains to the mpeg-2 decoder.
Australian? Join EFA
And the actual breaking of the code was most likely done in their R&D facilities in Israel (assuming they actually did it, of course).
There's a very good report currently live (and will be available for the next 24 hours) running on BBC's Newsnight UK. Realvideo stream at http://news.bbc.co.uk/olmedia/video/newsnight/nnli ve.ram
There is a website that has been set up by Canal+ here: http://www.actiononecanalplus.com/
Among other things it has a copy of the papers which show that C+ have filed under:
Complaint for Unfair Competition, Copyright Infringement, Violation of the Digital Millenium Copyright Act, Tortious Interference, Conspiracy and Violation of the Racketeer Influenced and Corrupt Organizations Act.
They are demanding a jury trial.
This is exactly what ITV Digital, and its rival Sky, do. They offer cheap, or even "free", set-top decoder boxes if you subscribe with them for, say, twelve months.
Both Sky and ITV also have a number of "free-to-air" channels, too, such as the regular terrestrial channels we get in the UK, and some extra digital services run by the BBC - to recieve these all that is required is a set-top box or a iDTV (integrated Digital Television set).
Unfortunately, ITV Digital have not been doing so well financially, and the huge amount of piracy isn't exactly helping them to meet their sales forecasts - they've just made a shedload of their support people redundant, and more is to follow unless more people subscribe to their premium services.
Widespread use of that acronym started with the Sky 09 cards, Markus Kuhn used it a lot.
it's in my head
If the encryption scheme is sufficiently sophisticated, the only real, feasible way to break it will be for a legitimate user to deliberately put their key(s) on the Web or something, so that others can reprogram their smart cards with that key and watch whatever the legitimate user has access to.
To curtail this piracy, I propose that there be some motivation for the legitimate user to not reveal their key. For instance, one could use the model that many multiplayer computer games have been adopting lately -- Internet CD key validation. In this scheme, each CD key is unique, and if you try to log on with a CD key that someone else is already using, you can't log on.
Perhaps the set-top should establish some kind of two-way connection to the TV company, sends its customer key, and requests the decryption key for a given channel's audio/video stream (the "channel key"). The TV company's server will only provide the caller with the requested channel key if nobody else is using that customer key.
To prevent the customer from disseminating the channel key, the channel key gets changed every few seconds, and the new key is transmitted from the TV company's server just before the channel changes keys. This way, if the customer does disseminate the channel key, it's only useful for a few seconds.
Unfortunately, nothing prevents the customer from disseminating the updated channel keys every time a new such key is issued. However, the latency incurred in disseminating the channel keys would mean a temporary loss of the audio/video stream until the new channel key is received. This inconvenience would probably annoy pirates enough to give in and buy the damned thing. Also, this would require some (most likely expensive) equipment to reprogram the smart card while it's in the set-top (certainly not an easy feat!), or provide the signal to the set-top, which is presumably more expensive than buying the service.
The only way the typical /.er can pick up a chick is with a forklift. -- AC
Well, I know a chap who managed to crack and reprogram Canal+ (& ITV digital)cards in less than a week from scratch. He did it just to see if he could (he's in the industry as am I), and didn't need any help from the internet. He also didn't distribute his findings - he was just interested in doing it. The Canal+ CA system is ** SHITE ** and anybody who seriously thinks that you need an STEM to do the job is simply delusional. It really makes me laugh !!
Deport Rupert Murdoc!