Slashdot Mirror
Felten Follower Examines Crippled Music Disks
D4C5CE writes "Following in the footsteps of his famous professor, in his paper "Evaluating New Copy-Prevention Techniques for Audio CDs" (yes, that's pure PS), which is one of many interesting contributions to the 2002 ACM Workshop on Digital Rights Management, Princeton student Alex Halderman takes apart (bit by bit, literally) the "tricks on tracks" employed by the music industry to frustrate fair use."
Yah..But how long before that "option" is removed from the screen, and instead an "error" is indicated? From the way the DMCA has been brought upon, I dont see far.
"Do something man. Right now."
Yeah, but for how long?
Seriously, Microsoft is getting all the pieces in place, look at their "Secure Audio Path" approved drivers; they're pretty clearly planning to pull the "benign warning" lynch pin at some point.
Exactly. There is no way that an audio cd can be made copy-protected, and remain reasonably compatible with redbook CD players. It was never built in to the spec, and there is no way to shoe-horn it in to the spec now.
...as if the music industry's actions has nothing whatsoever to do with frustrating music pirates.
Let's be fair here. We all know that recent copy protection schemes do in fact (at the very least) interfere with fair use, but we can't forget/deliberately ignore the underlying goal of the music industry for the sake of sensationalism, however faulty their methods are.
"Ask not what your country can do for you." --John F. Kennedy
Whatever games they and you (and for all we know you are they) play to pretend otherwise, their goal is to squeeze more and more money out of those who legally purchase their works, thinking that as long as the market may be able to bear more, it is their duty to extract more by further restriction of rights, whatever that means to their customers.
This is also very obvious from your / their push to extend copyright perpetually, extracting more and more, not from the copyright violators, but from those who abide by the laws.
While you / they feel it is your right to push it to the edge to squeeze every last drop from the paying public who have suported you thus far, claiming you / they are just trying to make pirates pay their fair share. The fact kicking those who have been buying dozens or hundreds of new titles every a year does not make us more loyal, and will eventually lead to changes more fundamental than what you / they complain about today.
We know your industry hates discussion of fair use. If they ever showed any signs of actually caring about preserving the rights of the customer, they might have a legitimate sympathizer or two among the paying public. An approach that exhibited any evenhandedness, restoring some of what they have driven so hard to take away, would shock their opponents. There are any number of forms this could take technologically.
...because this only pisses off their existing customers. I've yet to see one CD protection that hasn't been bit-exact ripped by someone (which is all it takes).
If they can't play it in the devices they have will they
a) Call it a defective cd? Most likely.
b) When they find out it's defective by design, will they
1) Continue to buy defective CDs?
2) Get a normal CD(-R) from friends or mp3 from internet?
We get more and more DVD/CD/MP3/kitchen sink consumer players. Break compatibility with those, and the MPAA will have only themselves to thank when the customers abandon them (Who the hell pays $20-25/CD anyway, that's the usual full price here in Norway...)
Kjella
Live today, because you never know what tomorrow brings
The question is if the hardware manufacturers will begin competing for customers by providing the very best fireware in their drives, or if they will join hands with the RIAA and the snake-oil salesmen.
Maybe they will. If you cast your mind back a few years, it was touch and go as to wether a drive supported CDDA properly. Consumers educated themselves and bought drives which were known to work. This caused a demand for CDDA capable drives, and the other manufacturers caught up (Most of them, anyway!). These days its hard to find a drive that doesn't do CDDA.
The system works! (O.K, it sort of works...). I don't see why it couldn't work again.
There is no scheme yet devised that will significantly hamper true music pirates. And by that term, I mean people who create and redistribute bootleg CDs for profit. Any of those folks will just take an audio CD player and capture the music via the SPDIF output.
The music industry wants to convince the world that anyone who records a CD to their hard disc is a "pirate." They want consumers to believe that making a backup copy in case of damage is piracy. They want people to believe that creating a "mix CD" of your favorite songs is piracy. They want the public to believe that the guy who copies a CD so he can have one in his car and one at home is a pirate. In short, they are waging a campaign to equate simple copying with piracy.
In their ideal world, if you wanted a copy of a CD for the car and one for the home, you would have to purchase two of them. If you wanted a "mix CD" with numerous hits, you would choose from their canned compilations. If you damaged the CD while moving it from player to player, you would have to purchase a new one (since you would not have a backup). This is not about piracy. It's about making you pay multiple times for the same music.
I'd tend to disagree. Microsoft does at least appear to have gained a clue about security recently, and if they refuse to allow unsigned drivers outright they are opening an ugly can of worms. It takes time to get that WHQL certification that marks a driver as signed, so consider what would happen in the scenario of an exploit being found in a WHQL driver and made public immediately.
The driver vendor might be able to issue a patch almost immediately, but would then have to submit it for WHQL approval before it can be installed. Even with somekind of "fasttrack emergency approval" mechanism for this situation, that's not going to happen overnight. Now imagine the outcry from those who do have a security clue if they are left vulnerable because Microsoft decided it was in their best interests not to allow them to install the patch because it was unsigned.
The security services have the definition right; a "trusted box" is one that has the capability to break your security policy. Think about it - your firewall is "trusted" right? Yet if it breaks and starts allowing all packets through, what just happened to security. Now, tell me again Microsoft, "Palladium" is "trusted computing" and this is a good thing? ;)
UNIX? They're not even circumcised! Savages!
1. I'd have a hard time saying that the industry's intent is to destroy fair use. Where's the profit in that?
...while preventing the sort of rampant piracy that is driving small record chains out of business.
Fair use is largely concerned with being able to copy a work. The problem that I and many like me see is that it can't even be properly argued that there IS any profit in it. The point is not profit but control, with the idea that in some time in the future this can be leveraged to make profit. It's the same reason Disney are so scared to let "Steamboat Willie" fall out of copyright. You think they're going to many a fortune on that any time soon?
2. I have little doubt that the problems that are occurring are because they're trying to -comply- with spec, not obliterate it -- namely, the problems some have noted with copy-protected compact discs are because the industry is trying to protect its content while remaining compatible with an obsolete standard.
I have to wonder if you're not just having a laugh with this one. Altering a specification, for whatever reason, is quite the opposite to complying with it. The proper method of adding functionality to a specification is to create a new one. Compare how PNG could not support animation, so a new specification was made, MNG, that could. Also compare how no-one uses MNG, because they are quite happy with PNGs and animated gifs. This is how you determine whether a standard is obsolete or not, and the same logic applies to the CD. If everyone is happy with it, it isn't obsolete... or will you be listening to sounds with a frequency out of the (44100/2) = 22050Hz that CD supports?
3. I have little doubt that when the next generation of media arrives, with effective digital rights management built in, that it will have the capability to deliver content and permit fair use...
The two are the antithesis of each other. When the day comes that I can't copy a CD to play on another stereo, or just to make a backup, I've lost all pretence of having fair use capabilities in the CD.
4.
Examples, please. I have yet to see any examples that have evidence of piracy harming small record chains, while I have seen some that suggest it helps by providing wider exposure. "Piracy" has been bandied around so long as the cause of all commercial suffering that people are beginning to believe it, even using it for an excuse for failure.
5. I think that the free market will probably be the best way to determine how importantly fair use should factor in to these new designs.
Spot on correct! So when are we going to repeal the DMCA and throw out the SSSCA/CBDTPA? Let's let the free market (including all the fair-use supporting consumers) decide whether crippled content delivery will fly or not.
You're right, the average person doesn't care about the Redbook spec, but what I meant was that you can't create an audio CD that even plays on any standard audio CD player, than cannot be copied, regardless of whether it violates the Redbook spec.
In other words, if it plays on anything resembling a CD player, you can digitally copy it.
Just because scrambling the error correction throws off Windows PCs, that does not mean it is impossible to copy the disc. It might make it impossible for the average person, but not impossible.
The industry likes to threaten lawsuits over technical discussions of their various techniques, but they will never actually let one of those lawsuits be taken to court because they know they'll be bitchslapped into the middle of next week by a pissed off judge. They'd far rather stick an academian with the cost of initially retaining a lawyer rather than risk having to pay his legal fees for blatantly abusing the legal system.
So they may file a lawsuit but it'll be retracted as soon as Halderman's lawer files his first brief.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I'd tend to disagree. Microsoft does at least appear to have gained a clue about security recently, and if they refuse to allow unsigned drivers outright they are opening an ugly can of worms. It takes time to get that WHQL certification that marks a driver as signed, so consider what would happen in the scenario of an exploit being found in a WHQL driver and made public immediately.
Microsoft(tm)'s Palladium scheme will require signed drivers. There is simply no way to try to enforce that level of security while still allowing end users to insert arbitrary code into the kernel. Not with any standard definition of "driver" and "kernel".
Most likely they will "compromise". You'll be able to load unsigned drivers, but when you reboot to load the drivers Palladium will detect that the OS is no longer in a "secure" state and any software that relies on the "trust" Palladium gives will be disabled. So no running WMP. And even though Microsoft(tm) has claimed that they won't use Palladium for software licensing somebody will. It's just too juicy for software publishers to resist. So you can expect that software to break. And since guarding against virii and such is one of the trumpeted reasons for Palladium, you can expect your AV software to have a fit. Who knows what it's failure mode will be. Should it not allow anything, since it can't really trust it's own binary, or it's AV database? Or should it allow everything for the same reason? Either failure mode is quite unpleasant. Or should it continue as if nothing had changed?
Now imagine the outcry from those who do have a security clue if they are left vulnerable because Microsoft decided it was in their best interests not to allow them to install the patch because it was unsigned.
Anybody with a security clue should realize that Palladium is about creating a new level of security user which is higher than "Administrator" and which only Microsoft(tm) has access to. No more. No less. It's about taking root access away from the user and giving it to Microsoft(tm). Any security administrator who willfully gives up final control of their box to the OS vendor gets exactly what they deserve. What's remarkable is how many "administrators" are going to be dumb enough to do exactly that.
Palladium is designed to make the PC an attractive platform to media conglomerates for online content. A platform which will allow Microsoft(tm) to collect a toll on that delivery. It has nothing to do with increasing security for end users. Media companies don't trust their cusomters, nor do they trust their PCs. Microsoft(tm), by assuming control of the users computer, will be able to assure the media companies that their customers PC's can be trusted, even though the customers themselves can't be.
They are signed. The activeX which downloads the file is signed and goes through intensive checking when communicating with the server at MS.