Philips & Sony To Purchase Intertrust DRM Tech

tuxlove writes "Reuters is reporting that Philips and Sony Corp, the parents of the compact disc, teamed up on Wednesday to buy InterTrust Technologies for $453 million -- a deal expected to speed up copyright security for digital media. The acquisition by Philips Electronics and Sony of the leading U.S.-based holder of intellectual property in the field of 'digital rights management' technology is widely seen as a way to prevent Microsoft, which has been embroiled in a legal battle with InterTrust, from grabbing control of the potentially lucrative business. Philips and Sony, the electronics giants who introduced the CD format 20 years ago, said the deal would enable secure distribution of content as more films and music are sold over the Internet and other media in digital format."

If...

If their DRM is simply preventing people from illegally sharing or possessing copyrighted works, then I'm somewhat in favor of it.

The slightest breech of my "rights" to make backups and view them on any device I wish ends that feeling.

Re:If...

[Sloppy]

The only way to do one and not the other, is to have a copyright-expert judge living inside of your computer, watching everything you do. At the time that you read some data off a disk, there is no way to predict what you're going to do with it.

Re:If...

[bogie]

"The slightest breech of my "rights" to make backups and view them on any device I wish ends that feeling. "

Honestly, what do you really think is going to happen? How can they possibly introduce DRM which does what you state and at the same time preserves your right to make backups and also play your media on the existing device of your choosing.

That's just completely native to think that's possible.

Re:If...

[spitzak]

It is not impossible. Add watermarks that do not stop playback (and thus remove any incentive to remove them, and more importantly removes the ability for anybody to test if they removed them). These watermarks can then be used to locate and identify copyrighted data on the internet and then use the already-existing laws to go after the people who are distributing this copyrighted content. Also make free and easy-to-use data-sharing networks that refuse watermarked data (with a long delay before accepting or refusing data so it cannot be used as a practical test for whether the watermark has been removed).

Re:If...

[Grishnakh]

This won't work. There are two problems: 1) each media copy would have to be slightly different, since each watermark would have to be unique. This would increase production costs. 2) This would force the media companies to go after individuals who copy stuff, which is a losing proposition: how much money are they going to get for suing Joe Sixpack? Plus it wouldn't scale at all; they'd have to prosecute every Joe Sixpack who puts their DVD up on the net. This wouldn't help the big media companies protect their profits very well, so they want a way to make it impossible for people to copy stuff in the first place. If they can't make backups, then too bad. They can just buy another copy when the first one is damaged.

Oh, you say you don't like this? That it tramples your fair-use "rights"? Haha... Under the U.S. system of law, you are only granted those rights that you can afford.

Re:If...

[spitzak]

The watermarks are there to make a reliable way for a computer program to search for copyrighted data on the internet. There is no need for them them be different.

Most likely they would not go after Joe Sixpack. They would instead go after the services that are distributing the copies. They could provide a free service that tells if a piece of information is copyrighted (after a significant delay so it is not a good way to detect if a watermark was removed) and thus claim that they have provided an easy and reliable way for services to detect and reject copyrighted material.

Re:If...

[Grishnakh]

Even so, suppose Joe Sixpack rips a DVD or SuperCD and puts it up on some P2P service. From the watermark, they'll be able to tell that it's illegally distributed material, but what are they going to do about it? If it's Gnutella or some decentralized P2P, they can't do anything besides have Joe's ISP shut him down, and sue Joe directly for hosting copyrighted material on his computer. Which might scare people if a few examples are made of a few Joes, but still wouldn't provide the type of iron-fisted control that the media companies really desire.

Corrupt CDs

[yerricde]

So does this mean that Philips and Sony are now endorsing the production of digital audio discs that partially violate the Red Book standard?

Re:Corrupt CDs

[Kierthos]

I consider it much more likely that Sony and Philips will try and figure out a decent(1) copy protection scheme(2) that will not violate the Red Book standard. I mean, after all, they created the standard.

(1) I.e. something that can't be defeated with a Sharpie.

(2) As in a plot, which will no doubt raise prices of CDs or at least keep them from dropping, like they should be.

Kierthos

Re:Corrupt CDs

[JeremyALogan]

It might, very well, mean that they're buying it up to squash it. They have done much for the consumer in the way of our rights (such as forcing the different labels to NOT put the Compact Disc logo on discs that don't meet the Red Book standard). Maybe they're stepping up in support of THEIR technology.

Re:Corrupt CDs

[sconeu]

I haven't seen too much of that from Sony, just from Philips, and then only because CDDA on non-Red Book silver disks with music on them would be a trademark violation. Trademarks are "defend it or lose it", unlike other forms of IP.

Re:Corrupt CDs

[Chris+Johnson]

There's no such scheme. The 'foo' Book standards were from back in the day when media formats were invented to be read, not invented not to be readable :D

Re:Corrupt CDs

[nosilA]

I recently heard the CEO of Sony America give a speech, and one of the things he did, amazingly, was acknowledge that CD prices are far too high and that is contributing to the decreased sales. I believe the exact quote was "You know we have a problem when it costs more to buy a CD than a DVD."

He also made some other statements that astonished me, supporting fair use, at least as long as Sony products were used... but it's a start. He mentioned copy protected CDs as a reality, but said that he wanted to find a solution that only keeps down the rampant copying over the internet, not your ability to make a copy to play in your car or create a mix MD for your girlfriend.

Sony isn't going to stand up for consumer rights, but their profit motives do tend to coincide fairly frequently.

-Alison

This may not be bad after all

[myov]

"We come very much from the side of the consumer and we believe the consumer should have the right to reproduce content for their own use," said Philips spokesman Jeremy Cohen.

What does this mean for future digital media?

[Bjarne+Bula]

So far, it seems that Philips has been on the side of consumers when it comes to copy-protection on CDs. The big question now is what effect their acquisition will have on their stance.

More specifically, was their earlier stance just posturing until they could lay their hands on some "good" technology of their own, or will they continue to defend the CD standard?

Now, I don't expect Philips to be in the game to befriend the consumers, so it might just be that they want to keep others from doing too much with the CD format before they (and Sony and their other usual bedfellows) can launch their New and Improved(tm) digital media with a DRM system of their own, to secure future income and sew up the market...

Oh well, I pretty much decided to give up on buying music after BMG's announcement the other week. If they're so intent on actively trying to make it hard for me to use the music I pay for, I might as well just save me the money and trouble.

Re:What does this mean for future digital media?

[MrResistor]

I think it's much simpler than that, and it's pretty clearly stated above.

Microsoft has demonstarted that it wants to own DRM. Sony and Philips have acted defensively to prevent MS from owning DRM completely.

Thomson (parent of Philips) makes most of its money from patents. The example given in a recent Thomson company newsletter was a DVD player: Most manufacturers get a net profit of about $2 per unit, whereas Thomson makes about $5 per unit in patent royalties, or $7 if they actually make it themselves. (When I say Thomson, I also mean (judging from experience and evidence available on the company store site) Philips, RCA, and GE.)

It does seem, from recent articles, that Thomson/Philips is as pro-consumer, at least WRT DRM, as one could expect from a giant corporation. It's important to realize that they produce equipment involved in all phases of content production, delivery, and consumption, so where they will end up on these issues eventually is hard to say. They are not a content company, though, so it is profitable for them to be able to offer the consumer as much flexibility as possible. People want to be able to use the stuff they buy, and are willing to pay for that, we just aren't willing to pay the inflated prices the content companies are asking.

Disclaimer (if you haven't already guessed): I am currently employed (contract) at Thomson Grass Valley, where I service Philips broadcast equipment (which is being rebranded as Thomson MultiMedia, if you care).

Re:Question...

[Centinel]

Who thinks they'll notice us open source nutjobs not buying their "protected content"? Oh wait, I forgot, all us open souce nutjobs just want to "steal". Damn, I feel dirty...

Actually, the collective buying power of us "open source nutjobs" is a mole on the ass of the buying public. Whether we boycott or not, it won't be noticed in the aggregate against the masses buying Britney Spears and N'Sync.

Re:Question...

[Kierthos]

All too true. However, perception of artists can drastically influence album sales. Look at the whole R. Kelly thing. He had an album, which by industry and buying standards, should have been a major seller. Throw in a sex scandal, and it bombs.

It's all about perception. If the record companies, etc. perceive the "open source nutjobs" as a more significant force in the market then they actually are, then they will take notice. Of course, based on prior actions, they will unilaterally label all of them as "pirates".....

Kierthos

Lesser of the evils

[DeathPenguin]

DRM's coming at us no matter what. The first standard to be adopted, good or not, will be what stays with us. I'm glad someone other than Microsoft may be the ones introducing it, as I'm certain that MS would do everything in their power to make it incompatible with rival operating systems. It seems to me that Sony and Philips would be more consumer-friendly with DRM than Microsoft would ever be.

Re:Lesser of the evils

[muzzmac]

If DRM can do what it SHOULD do and stop illegal trading, fine. The reality is most technologies stop me from using what I pay money for in VERY legitimate ways.

In FACT most often they don't actually stop me copying. They stop me from reading on something that CAN copy. Stupid.

Re:Question...

[F13]

while I agree with your sentiments I still think that change can affected. History shows that Superpowers can be defeated, the Vietnam war and the war in Afganistan with USSR. Global economics can be change, something people see as unstoppable but global economics changed after WWI and then WWII. So is it not possible to change the current path of DRM.

While open source nutjobs might not make up much buying power they can help promote a different point of view and educated others.

Lucrative business? The gatekeeper returns!

[Ogerman]

widely seen as a way to prevent Microsoft, which has been embroiled in a legal battle with InterTrust, from grabbing control of the potentially lucrative business

Q.) Why exactly would hardware companies spend almost half a BILLION dollars on a company developing technology that makes products less useful to consumers? Why would they go out of their way to conform to Hollywood's interests? A.) To become the new gatekeepers of media of course! Of course it's a "lucrative business.." not a very ethical one... but hell, it's all about the money these days, right?

Hopefully people will boycott this garbage and it'll go the way of the Divxsaurs. At very least we now have the beginnings of a new format war. Maybe competitors will crack each others DRM systems to prove them insecure and "leak" code through 14-year-old kids in northern europe. (:

Strange times we live in. Vote with your dollars folks!!

Philips and Sony - A new era of coopetition?

[krazyninja]

As the originators of the CD format, Philips and Sony have been worried about the shifts in the market, due to undue restriction of the music distribution by DRM. This affected their revenues from royalty on CDs on one side, and affected the content market owned by Sony on the other side. With this deal, they can now hope to level the playing field. Till now, Philips has been seen to side with the customers, but Sony has traditionally stood for copyprotection with its key2audio technology. It would be interesting to see how the two merge their interests now.
This should also be seen in perspective with the recent news of Macrovision's acquisition of Midbar recently.

Re:Philips and Sony - A new era of coopetition?

[runenfool]

Even though they cocreated the standard - they do seem to be strange bedfellows in this one. Perhaps they really will reach a middle ground, a scheme where the average person (we all know people who really want to will always crack media encryption) can use their purchased goods as they see fit - up to the point where they want to violate copyright law (sidestepping the issue whether locking down internet music downloads helps the industry).

I have hope in that Philips has been seen as the good guy in this fight, but Sony? Im not too sure what their corporate take on this is.

Still, its funny how these companies are spending all this cash to prevent consumers from stealing music. I have an idea, drop the price. You wont lose revenue because people will buy a lot more music if its fairly priced. Heck, some of my friends and I have been buying movies like crazy at 10 bucks a shot - movies I would never have paid 15 or 20 for. Pretend like there really ARE market forces in the music industry and COMPETE dammit!

Re:Philips and Sony - A new era of coopetition?

[RAMMS+EIN]

I have a hard time believing peoplee who claim that record companies can increase revenues by dropping prices. Will people really buy more CDs if they are half the price, even if they can still download the music for less? I don't think so.

I think that record companies are doing the right thing to maximize their profits: try to make sure that good quality music will not be available through other channels. It's called building a monopoly (or in this case, maybe a cartel). The fact that they are infringing on fair-use rights shouldn't stop them, Micro$oft has shown that you can violate the law and get away mostly unharmed.

The people who say that making Crippled Discs (WOW) that don't play on certain devices will backfire are right, but as much as some may thing or hope. People will discover that copy-protected CDs don't work as well as normal CDs, but only if they are aware that something about the CD is different. I know several people who have bought CDs that they couldn't play on one player, but could on another. All of them thought the players were at fault, rather than the CD. Having or not having the Compact Disc Digital Audio logo doesn't matter here, people don't look at logos. They think a CD is a CD.

Personally, I don't care too much what happens to CDs. Where I live, a CD costs about 18 euros, which is more than I am willing to pay for one. If they copy protect them, I still won't buy them. No change. The copy protection schemes I've read the details about work by making a CD compatible with the way traditional CD players read them, but not with the way computer CD drives read them. It seems obvious to me that hardware manufacturers are going to make CD drives that read audio CDs the way CD players do it. Good-bye, copy protection! Problem solved. (Apparently such drives would be illegal in the USA. I don't know about any legislation that prohibits them in the EU, but IANAL, and if it isn't there yet, it may still come.)

Anyway, I think that if CDs become copy-protected in such a way that they can only be played on traditional CD players, they will soon be a medium of the past. People will have DVD players instead of CD players, and won't be able to play Crippled Discs on them, hence, they won't buy them. Perhaps the industry will move on to DVDs then, which, admittedly, have their own issues (By the way, I know that there are DVD players that are region free. Are these illegal in the USA, too? I don't believe they are in the EU, as they are sold by at least one large chain.)

One question I have at the moment is how I am going to get my music. I do not want to deny the artists that I like their money, so pirated music is not an option for me. I know there are sites that let you download if you pay for it, either in the form of a monthly subscription, or on a pay-per-download basis. Then there are a number of sites that offer music from independent artists free for the taking. Which of all those sites are good, which ones should be avoided? (I am looking for the album Moment of Glory by Scorpions and Berliner Philharmoniker at the moment, which is insanely expensive on CD.)

I hope to have entertained you with this (rahter long) piece of writing.

---
A professor is one who talks in someone else's sleep.

Lucrative?

[Quaoar]

...to prevent Microsoft, which has been embroiled in a legal battle with InterTrust, from grabbing control of the potentially lucrative business.

The lucrative business of screwing over the customer? Sounds like Microsoft already has the bases covered.

Kinda ironic

[llamaluvr]

"We come very much from the side of the consumer and we believe the consumer should have the right to reproduce content for their own use," said Philips spokesman Jeremy Cohen.

So you purchased a company that deals in copy protection?!?!

Re:Kinda ironic

[gl4ss]

well.. 'embrace and extend' :P

companies should be doing this to ms to.. buying rights to use some office format for example.. then making a buggy implementation of it that will criple randomly when read on ms office..

Re:Kinda ironic

[Asprin]

"We come very much from the side of the consumer and we believe the consumer should have the right to reproduce content for their own use," said Philips spokesman Jeremy Cohen.

So you purchased a company that deals in copy protection?!?!

In all fairness, that's a little, well, unfair. IIRC, Phillips was the company that ran the first ads on TV ADVERTISING the fact that their products let you rip, copy and mix CDs. Ok, ok, so they're the lame overpriced audio-only stereo component variety and not the slim, sexy dirt-cheap PC variety, but they did it.

(Remember? The Beatles?: [musicnote][musicnote]You got to admit it's getting better, better all the time! [musicnote][musicnote])

Re:Question...

[TheQuantumShift]

That's why I said "who thinks they'll notice". I'm also curious as to how many ACTUAL RETAIL sales of Brittney Spears and N'Sync (amongst others) there are. I'm sure any numbers the RIAA throws at us are doctored a little, not including those extra that retailers had to buy to get any at all... Aw hell, I'm drunk...

One basic problem

[jki]

I have not yet understood how any DRM or copyprotection will overcome the problem, that when the content is downloaded/played through legitimate HW&SW it can at the same time be resaved without the copyprotection - atleast in the case of video and audio. The case for software is not much more easier, as long as the software is run a non-trusted environment. Ofcourse DRM is not just about this , and it might be very much useful for collecting money from those who want to pay for what they use and not steal the content. But I don't think there's any more magic in it.

...there needs to be some more elegant solution for this.

Re:One basic problem

[Twirlip+of+the+Mists]

I have not yet understood how any DRM or copyprotection will overcome the problem, that when the content is downloaded/played through legitimate HW&SW it can at the same time be resaved without the copyprotection - atleast in the case of video and audio.

I just posted a long-ass dissertation on how Intertrust works, and I'm not going to repeat it here. But the short version is that Intertrust doesn't care about your ability to copy the encrypted media. In fact, making it easy for customers to copy encrypted media from each other is a big selling point for Intertrust, because it lets the content providers focus on what they like to do: sell licenses. If you copied the Britney Spears CD from your friend but bought your license from us, then we just saved money manufacturing, storing, and shipping that particular CD. Yay.

So copying encrypted content is good and fine. So Intertrust spends is energy instead trying to make sure that encrypted content stays encrypted all the time, up to the point where it goes analog and hits your screen or your speakers or your whatever.

It's not too hard, in principle, to do this. The ancient PGP client had an "eyes only" mode that did the same thing: it decrypted the data, displayed it, then wiped the memory where the cleartext had been, never writing anything to disk. It would have been impossible to get the cleartext out of PGP without some really intrusive method, like somehow reading the actual memory pages of the PGP process, or trojaning the PGP binary itself. So that basic methodology is not a terrible idea.

The key to this is that Intertrust isn't meant to be a general-purpose content encryption system. For example, it wouldn't work for something like stock photography, where you need to be able to place the photo-- unencrypted-- in a page layout program and do all sorts of interactive stuff to it. Intertrust wouldn't work for that at all, because as soon as you decrypted the image, the system would stop protecting it.

But think of Intertrust instead for something like video-on-demand. The set-top box and the upstream servers have Intertrust bits in them that allow you to download (or stream) HDTV-resolution movies to your home over fibre or whatever, with all sorts of customer-friendly rights features. For example, you might be able to spend $5 and get the right to download a movie to your (Intertrust-savvy) PVR and watch it all you want until you feel like deleting it. Or you might be able to spend $19 to be able to download it and burn it (with your Intertrust-savvy disc burner) to a disc that you can own and watch whenever. Or-- and this is the cool part-- you might be able to spend $1 and only have the right to watch the movie in real time once.

In general, instead of saying "you can't do that" to the customers all the time, Intertrust could (in principle) let media distributors say "you can do that, if you buy the rights to" instead, and the system would enforce the arrangement in both directions.

Re:One basic problem

[jki]

So copying encrypted content is good and fine. So Intertrust spends is energy instead trying to make sure that encrypted content stays encrypted all the time, up to the point where it goes analog and hits your screen or your speakers or your whatever.

This is exactly the thing which puzzles me - is there really the common interest to provide encrypted ladders to the level, that it is not easy or feasible to snoop and copy the data - as any phase where the content is in non-encrypted (digital) form will do. Maybe it works, but I am sceptical.

Re:One basic problem

[ives]

The ancient PGP client had an "eyes only" mode that did the same thing: it decrypted the data, displayed it, then wiped the memory where the cleartext had been, never writing anything to disk. It would have been impossible to get the cleartext out of PGP without some really intrusive method, like somehow reading the actual memory pages of the PGP process, or trojaning the PGP binary itself.

Actually it's a lot simpler: use a terminal program that allows you to save the output to disk and you've got your perfect copy.

The same thing can be done for any music format that can be played on a computer. Just create a sound device that saves the digital music stream to disk instead of playing it. It has been done and it's pretty easy (see this page).

The only way around this is to handle the decryption of the data in the audio hardware or to make it impossible to use non-official drivers like Microsoft tries to do with Palladium.

Re:One basic problem

[Twirlip+of+the+Mists]

You're ignoring the obvious. There may well be no Intertrust clients for the PC at all. If Intertrust-enabled hardware players for the various media types are cheap and ubiquitous, there will be basically no market demand for software clients. So everything you just said will be a non-issue.

Never really saw the point in playing music or movies with my computer anyway. I have a perfectly good iPod for music, and even though I've got CPU cycles to spare, I don't wanna waste 'em on a music player when I'm working.

Re:One basic problem

[Twirlip+of+the+Mists]

So, whats to stop me from putting a recorder inbetween my pvr and my tv??

Nothing. You can do anything with the analog signal that you like.

dropping a computer in there would be very simple to keep it all digital

Wrong. No unencrypted digital outputs from the device, remember?

Intertrust's mechanisms are vaporware

That's technically true, but nobody has ever claimed otherwise so what's the big deal? Intertrust is nothing more than ideas right now, waiting to be implemented.

the analog hole is still as great as ever

Exactly! Which is a good thing, because it means all those fair-use rights are safe and sound.

Re:One basic problem

[pavera]

You are a walking contradiction, extoling the benevolence and greatness of Intertrust in one post and then bashing them in the next.

no digital outs from the pvr? fine I'll get an s-video in... but in the near future pvr/dvd and other players will have digital outs, tv's are already shipping with dvi inputs... the components will start supporting pure digital out soon enough.

Re:One basic problem

[Twirlip+of+the+Mists]

You are a walking contradiction, extoling the benevolence and greatness of Intertrust in one post and then bashing them in the next.

Perhaps you should read more closely... or perhaps I should be more explicit.

1. I think DRM is inevitable, and I think that it can be, if properly implemented, a good thing.

2. I think the perfect DRM system will be one that's nearly invisible to the user, and that protects the rights of both the owner and the licensee.

3. I think Intertrust is the closest I've yet seen to the perfect DRM system. Their emphasis on rights as separate data objects that define how media is accessed and used is, as far as I know, unique in the market, and I think it would be a good thing if implemented correctly.

4. I think Intertrust, despite its virtues, depends too much on ubiquity and infrastructure. If you could flip a switch and make it an Intertrust world, I don't think most people would notice, and it would be a good thing overall. But you can't just flip a switch, and deploying Intertrust in any widespread way sounds like a vast undertaking.

There's no contradiction here-- at least not as far as I can see. It's just that my opinion is more complex than "Intertrust sux0rs, d00d!"

but in the near future pvr/dvd and other players will have digital outs, tv's are already shipping with dvi inputs... the components will start supporting pure digital out soon enough.

The key word there was "unencrypted." DVI connections between set-top boxes and TVs and projectors already use HDCP. Simply omitting unencrypted digital outputs takes care of the biggest hole in content protection.

Re:One basic problem

[spitzak]

Yes, this is something that the hardware/software manufacturers need to realize. But actually such self-contained cards could be put into PC's as well and they would really make DRM work.

If the DVD card in the PC acted much more like a DVD player and simply put the image on the screen (perhaps with an analog signal between the card and the graphics card), and the interface to the card was much more like the interface between a DVD player's remote control and the player, there would be no DVD cracks. First of all, complete documentation required for a Linux driver would not make the data any more vulnerable. Leaked source for the Windows driver would not make the data any more vulnerable. Reverse engineering the Windows driver would not make the data any more vulnerable. The ability to write a Linux driver that matched the capabilities of the Windows driver would have removed about 90% of the incentive that actual good engineers have to crack the encryption.

The problem is that hardware manufacturers are cheap and will put stuff in software if they can. Also MicroSoft strongly encourages this to force lockin to their systems. Also unscrupulous hardware manufactures insist on getting the secret information for writing this software, they could sell it at considerable profit to real pirates who make money duplicating disks.

The way around it is for the DRM consortium to get together and manufacture a closed decoding and playback chip. Do not reveal enough information that it is possible for anybody to play a disk without using the chip. Make the chip so it cannot be instructed to do anything you don't want it to do. Because of mass-production for all consumer devices as well as PC cards, there will be no incentive to try to make a software solution. And absolulely totally document the entire interface to the chip so that Linux drivers are allowed, if you fear to do this then you have made a mistake in your design and it *WILL* be cracked.

Invest in security, DRM!

[Fastball]

Win this war on two fronts my fellow geeks. Of course oppose DRM, get your felt-tip markers out, brush up on your hexidecimal. But don't miss a chance to siphon off some dollar bills from these jokers. Companies that in the security and DRM business are going to be doing swift business whether any of us like it or the stuff they produce works. Seriously, consider buying stock in small-cap companies that show iniative in this industry.

Why? Because secure digital media is a contradiction in terms. It's one of those rarities in life that are so misunderstood and unviable that people are going to wage a war of attrition in its name. I, for one, am going to capitalize on that. All while burning my CDs to Ogg. :)

in retrospect...

[dollargonzo]

look how easy it is to copy and pirate stuff now compared to, say, 20 years ago. DRM is coming, and it might have the effect of setting us back into some analogous form of tape copying in the 80s. it won't STOP piracy by any means, but it might be more difficult for the avg consumer to pirate, so the average consumer might not be as interested anymore. did tapes hurt the industry? NO. Did piracy ruin the industry? NO. so...will this ruin us? ofcourse not. those who think so are paranoid.

Re:in retrospect...

[pavera]

I disagree that DRM will make it more difficult to pirate, the difficulty in pirating in the 80's wasn't so much making the copies of tapes as it was the distribution of said copies, same today, how many people really spend hours ripping their cd's to mp3?? I've only done maybe 15 of my cds (my favorites that I want to have everywhere) I own more than 200 cd's, so already making copies is too much of a hassle for the average joe. The difference now is that distribution is free, so you only need 1 person to go through the trouble of exploiting the analog hole, and walla the world has the stuff anyway. It is advances in distribution not ease of copying that has created more piracy today than 20 years ago, and DRM will not remove the ease of distribution.

I've worked with Intertrust

[Twirlip+of+the+Mists]

My former employer had a strategic alliance with Intertrust. Guess this is bad news for them. Good.

Here's an overview of how Intertrust's stuff works, what's right with it, and what's wrong with it. This is really complex, but it's not hard to understand at all.

Intertrust's system basically works like this: the seller encrypts the media (video, picture, audio, whatever you want) into what they call a "package." The process also generates what they call a "rights package," which gets stored on a net-connected machine called a "rights server." Rights packages are, of course, also encrypted like crazy. Everything in this system is, with digital signatures like you wouldn't believe. Forgery of a rights package or of an authorization is the biggest vulnerability to the system, and Intertrust knows that.

When you buy the media, you download what they call an authorization. The authorization contains information about what rights package you bought (one media package can correspond to more than one rights package). The thing you're using to do all this-- it could be a computer running special software, or a set-top box, or an MP3 player in your car... whatever-- takes the authorization and downloads the content package from what they call a "content server," along with getting the rights package that defines what rights you bought from the rights server. At this point, you have three things: the content in its package, the rights that define how you can use that content in its package, and an authorization that ties them all together. The authorization, of course, contains some information that uniquely identifies your device, which means that only whole set-- the combination of the content package, the rights package, the device, and the authorization-- can work together.

All of that downloading and transacting is supposed to happen behind the scenes. To the user, it looks like this: Hmm, I think I want that song. Here I go, choosing a rights package from this list of three or four, and putting in my credit card number. Tap, tap, poof! Now I have the song on my MP3 player (or whatever), and I can listen to it according to the rights I bought. It's designed to be easy for the end-user and the provider both, with all the hard stuff happening in software.

Now, the interesting thing is the rights package. A record company might give away free authorizations for single-use rights packages. For instance, you might be able to go to RecordCo's web site and download any song for free and listen to it once; sort of a "try-before-you-buy" thing. If you decide you want the song, but you'll probably get sick of it, you can buy the rights pack that lets you listen to it all you want for a month, and then expires. Or you can buy an unlimited rights pack that lets you listen to it all you want forever. It's really flexible, which is something that DRM systems in general haven't been thus far.

It's worth mentioning, too, that Intertrust does not depend on a new, proprietary media format. You can encrypt anything as an Intertrust package. Intertrust controls how and when you get to access the data-- according to the rules defined in the rights package-- but what that data is and how it's formatted it is entirely flexible. You could wrap an Ogg file up in an Intertrust package if you wanted to, just by running it through the packager tool.

Also interesting is the idea that all of the pieces-- the content package, the rights package, and the authorization-- can be duplicated to your heart's content. Wanna make a copy of a CD so you don't have to worry about scratching the original? Go right ahead. But it'll only play in your CD player, because that's what the authorization says. You can make a copy and give it away, but your friend can't play it in his player because he doesn't have an authorization. He can, however, download an authorization for it quickly and easily. Intertrust calls this "superdistribution," and it's a big selling point for them.

All in all, I think Intertrust's model is the best I've seen. If the world ran on Intertrust, I think it would probably be pretty okay.

But there are problems. Intertrust's system depends on a hell of a lot of infrastructure: every device-- and I mean every device-- that interacts with the Intertrust system has to have an Intertrust client running on it, either in software or in hardware. If your MP3 player isn't Intertrust-compatible, you can forget being able to play those MP3s you downloaded from RecordCo. They simply won't work, because the device won't be able to decrypt the package. This basically means that Intertrust's system can never be used for general-purpose media content protection, because it relies too much on client code ubiquity.

The other obvious down-side is that the system is complex. I don't think it's needlessly complex, per se, but it's complex, and that means there are lots of ways that something could go wrong. That could mean inconvenience to the customer, which is death in this market.

So while it's an okay idea-- probably one that would work well for both sellers and customers if universally deployed-- it's got some serious flaws, too.

Just my two cents. I may have some of my facts wrong-- I never worked for Intertrust, but I got a ton of technical info from them under NDAs and shit, so I think I'm right in the broad sense on all of this. Hmm. NDAs. Oh, well. Fuck it. They can sue me, if they can find me.

Re:I've worked with Intertrust

[WasterDave]

I hate DRM, and all but ... fuck me, a DRM system designed by someone who knew what they were doing? No wonder it cost the wrong end of half a billion.

Dave

Re:I've worked with Intertrust

[EzInKy]

...it'll only play in your CD player, because that's what the authorization says. You can make a copy and give it away, but your friend can't play it in his player...

So not only can't I play music that I paid for in my friends player, but also that I can only listen to it on just one of my players too. That's just plain ridiculous.

Re:I've worked with Intertrust

[Proc6]

The thing you're using to do all this-- it could be... an MP3 player in your car... takes the authorization and downloads the content package from what they call a "content server"...

How many repeaters and miles of Cat5 cable will you need to drive around town connected to the internet?

Is all this bullshit really worth listening to N*Sync, or watching the latest Lord Of the Rings? I mean seriously. Was any movie you saw or song you listened to so important to you that you're willing to be bent over repeatedly, downloading licenses and calling 800 numbers with special ID codes, and keying them in on your little chiclet sized remote for your DVD player and all the other complete nonsense you're going to have to do to listen to "Oops, I did it again."? I stopped paying for cable a couple months ago, and I haven't missed it at all. Maybe the upside to all of this is we'll realize the best things in life are indeed free, and they have nothing to do with pop culture teen idols and special fx hamburger seller mega-movies with budgets the size of most small countries.

Re:I've worked with Intertrust

[devonbowen]

If the world ran on Intertrust, I think it would probably be pretty okay.

Except for the following problems:

• It eliminates the fair-use rights (affirmed by the Supreme Court) that encourage creativity and make life fun. You can no longer mix your own music or add sound tracks to your home movies.
• It gives the media companies the power to render local law useless. A country no longer has the ability to decide how they feel about rights management because the technology itself mandates it. Might makes right.
• It gives the media companies the power to micro-control your use of the content. They can "nickle and dime" you to death by making you pay per listen if they want. Your discription even mentions this ability specifically.
• It gives the media industry the ability to influence the futures of other technologies or even other companies by deciding who gets approved to use it and who doesn't. Microsoft anyone?

I admit it's my own little dream world, but I believe that technology is supposed to enhance our lives, not restrict them. Sounds like a huge leap backward to me.

Devon

Re:I've worked with Intertrust

[pavera]

You've still got the huge gaping analog hole, that only 1 person has to employ and then the stuff is on gnutella/kazaa/choose your favorite p2p and insert here. If the music comes out of my speakers and I can hear it I can make a near perfect digital copy. Simply insert line from line-out to line-in on computer sound card, fire up your favorite wav recording utility, record, convert to ogg/mp3 whatever, and wait a second, copy your now copy-protectionless file to your /share directory, and walla the world can benefit from your 5 minutes of work.
This cannot be stopped, unless the music cannot be played on speakers. (same goes for video btw, a little more involved but not a whole hell of alot more)

Re:I've worked with Intertrust

[Twirlip+of+the+Mists]

What you say has basically always been true. Intertrust has always been more of a concept shop than an implementation shop. But they have more than just patents. They also have a hell of a lot of design work that's just waiting-- modulo some details here and there-- to be implemented.

If-- and that's a huge if-- Intertrust's system can actually be made to work, I think these guys got themselves quite a bargain.

Re:I've worked with Intertrust

[Twirlip+of+the+Mists]

See, the thing is, at some point you really have no option but to accept that you can't do just anything with your media. You may not like it, but that's the way it is. Where that point is, exactly, is up to the media producers. They get to define how you can use the media they sell you, by virtue of the fact that they own the media; your options come in the form of rights packages that you can buy. If you buy the "unlimited use" rights package-- if they offer one-- then you'll be able to play the CD anywhere, any time, forever. But you'll have to pay for that privilege.

If you're unwilling to accept compromise in media rights, then maybe you ought to go ahead and start weaning yourself off of CDs and DVDs and such right now. By the time somebody actually succeeds in building a system like this, you'll be off the stuff completely and you'll never notice.

Re:I've worked with Intertrust

[Twirlip+of+the+Mists]

The analog hole is not a problem either.

Well, actually, Intertrust has nothing at all to say-- to my knowledge-- on the issue of the "analog hole." Basically their position is that the thing that needs protecting is the digital media. The bits that comprise the media stay encrypted all the time, right up to the point where they need to be played, or displayed, or whatever. Once that happens, it's all over as far as Intertrust is concerned. If you want to make an analog tape of a protected CD and give that tape away, Intertrust won't stop you.

(Makes sense to me. The only "analog hole" out there is the one that a record company exec sits on, anyway.)

Re:I've worked with Intertrust

[Twirlip+of+the+Mists]

It eliminates the fair-use rights (affirmed by the Supreme Court) that encourage creativity and make life fun. You can no longer mix your own music or add sound tracks to your home movies.

Nope, just the opposite. Intertrust's system is based on the idea of clearly defining rights, in the rights package, and enforcing them. That means you can't do anything that you don't have the right to do, but it also means that you can't be preventing from doing anything that you do have the right to do, either. Because all the rights will be out there in the open for anyone to see, you'll be able to tell at a glance whether a particular piece of media can be "fair used." (Ugh. Sorry.) If a rights package limits your "fair use" rights, you may even have legal recourse. That depends on the courts.

But like I said, Intertrust's key flaw is that it depends on a ubiquitous infrastructure. If you grant that-- for without it, the whole thing is just talking anyway-- then the customer's fair-use rights will be protected just like the provider's granted rights.

Also, this system only protects the encrypted digital content itself. It doesn't care what you do with the media once it's rendered into an analog form. If you want to take the analog audio output from your MP3 player and plug it in to a recording device, that's entirely up to you. Fair-use rights are not inherently infringed here.

It gives the media companies the power to render local law useless.

Huh? This sounds awfully FUDdy to me. The law-- and I mean local and international laws-- gives copyright holders the right to determine how their works can be used by licensees, with limits. Intertrust is simply a system for turning those rights, which are currently nebulous things defined by a fair bit of hand-waving, into algorithms that computers can understand. It's not about overriding the law at all.

It gives the media companies the power to micro-control your use of the content.

They already have that power. They just have no way of using it. This is an inherent side-effect of copyright law, because copyright law (and international treaties on that subject) says that the copyright holder gets to determine how a licensee can use a copyrighted work. This is nothing new.

In point of fact, a system like this could-- and I emphasize "could"-- be good for consumers who participate in the "disposable culture." Remember my example of a song that you really like but that you're sure you'll be sick of in a couple of weeks? The owner of that song can choose to let you buy a really cheap rights package that entitles you to listen to it all you want for a limited time, for a price of around $1. That would be a good thing in a lot of ways, no?

It gives the media industry the ability to influence the futures of other technologies or even other companies by deciding who gets approved to use it and who doesn't.

Welcome to Earth. ;-)

Re:I've worked with Intertrust

[Twirlip+of+the+Mists]

Mhh, but "forever" = "as long as the system is up and working"

Well, sort of. If you buy an unlimited rights authorization, you'll never have to talk to any of the servers again after you redeem that authorization. You'll have encrypted content that can be decrypted by any playback or display device, along with an authorization that basically just says "yup." So, if implemented correctly, you really would be able to do anything with that media any time you wanted, except make an unencrypted bit-for-bit copy of the media itself.

Re:I've worked with Intertrust

[Sloppy]

If you buy the "unlimited use" rights package-- if they offer one-- then you'll be able to play the CD anywhere, any time, forever. But you'll have to pay for that privilege.

That is exactly the current situation with CDs. I'm happy with it. For decades, the record companies were happy with it too.

Re:I've worked with Intertrust

[Twirlip+of+the+Mists]

Of course, which is why Intertrust doesn't give a damn about the "analog hole." It's a system for protecting digital media only. It completely stops working when the content gets unencrypted for playback or display.

There's no way-- yet, at least-- to "plug the analog hole" (whatever) without eliminating fair-use rights, and Intertrust has been very adamant about wanting to preserve fair-use rights along with all the other rights that apply to a piece of media. Their story-- and the technology supports this-- is that digital rights management protects both parties: the consumer, as well as the producer.

Re:I've worked with Intertrust

[Twirlip+of+the+Mists]

Well, no, not exactly. With a CD, you can make a bit-for-bit digital copy of the original and give it to somebody else. There's no legitimate reason for you to be able to do this; it's prohibited by law, and there's no "fair use" aspect to it. So it's reasonable and acceptable for this ability to go away. It'll-- in an Intertrust world, which is a far-off, distant thing-- be replaced by the ability to make bit-for-bit digital copies that only you can use (backups), or analog copies that you can do whatever you like with (fair use, home recording act compliance, et cetera).

I've yet to find anything in the Intertrust system that's prima facie objectionable.

Re:I've worked with Intertrust

[benwaggoner]

Well, it would depend on the rights that were assigned to you by the content holder. I imagine a company could assign a "works on all CD Players" right. You might also be able to go to their web site and have them issue you a new rights package for a different machine.

Intertrust doesn't define the business rules, it just enforces them. It's up to the content providers to figure out how much a pain in the arse to be.

Re:I've worked with Intertrust

[spitzak]

Although they don't have to, a reasonable business model would allow the usage to work a lot like CD's. Anybody who has a your copy can do something with the site and get a key to play it on their own player. No questions asked, except a given copy can only have a new key made every few days. This would pretty much allow you to play it on your friend's CD (and also to give them a copy, but so what) but would make mass distribution of copies impossible.

I think a lot of the ideas sound like they would work. However I strongly believe this will fail and be cracked unless they imbed it in closed hardware and reveal enough of the interface that Linux drivers can be written. This removes a lot of the cracking incentive (anger that something works on Windows and not on Linux is a far bigger motivation for development than anything else) and also helps to prove that their system is really secure and not just relying on obscurity.

Re:I've worked with Intertrust

[Kefabi]

Yeah, sounds like Intertrust put a lot of work into their system...

But tell me again, how will this stop me from buying a quiality audio cord from RadioShack and running a line from "Line Out" on my CD player to "Audio In" on my SoundBlaster?

Seems like the record companies are just in denial about the fact that their songs WILL BE ripped and shared over P2P networks. Hell, with enough lawsuits, that small P2P problem should just go away, right? Right???

Re:I've worked with Intertrust

[Twirlip+of+the+Mists]

But tell me again, how will this stop me...

It won't. As I written elsewhere, Intertrust's system is designed to protect the original digital media only. If you want to make an analog copy of the media, go right ahead. Nobody will, or even can, stop you.

Seems like the record companies are just in denial about the fact that their songs WILL BE ripped and shared over P2P networks.

The goal here is to design a system that makes ripping and sharing less convenient than just buying the appropriate license. If the music is worth having, I'll happily spend a dollar for a limited license-- or more if I want a less- or unlimited one-- rather than put up with a crappy analog copy.

But the kind of folks who will be happy with analog copies are the kind of folks that the record-- and other media-- companies aren't that interested in capturing anyway.

Re:I've worked with Intertrust

[sulli]

Intertrust has been very adamant about wanting to preserve fair-use rights along with all the other rights that apply to a piece of media. Their story-- and the technology supports this-- is that digital rights management protects both parties: the consumer, as well as the producer.

They're wrong, of course. But it's a nice sentiment.

Re:I've worked with Intertrust

[devonbowen]

That means you can't do anything that you don't have the right to do, but it also means that you can't be preventing from doing anything that you do have the right to do, either.

At the moment, I can buy a CD and I have the right to listen to it. I have the right to put it in my home movies. I have the right to program my doorbell with it. Assuming Intertrust will already exist in all these situations and any others that I can think of is just silly. Any implementation will restrict my ability to use the media more than I have ever been restricted and will stifle creative processes that I currently enjoy. We'll lose and they'll gain.

Huh? This sounds awfully FUDdy to me. The law-- and I mean local and international laws-- gives copyright holders the right to determine how their works can be used by licensees, with limits.

And those limits are rendered useless by the technology. Example... DVD region codes are not legal in Switzerland (actually, they weren't but there were some recent legal changes that may have changed that, I'm not sure). However, because my PowerBook comes with a DVD player whose firmware cannot be rewritten, I am limited by the technology despite what my local law says. Likewise, copying music for family members is perfectly legal in Germany. But this technology will give the industry the power to override that. It isn't hard to think of lots of other examples. We'll lose and they'll gain.

They already have that power. They just have no way of using it.

If they have no way of using it then they don't have that power. And this technology will give it to them. What most people seem to forget is that there is no "natural right" to copyright. The purpose of copyright in the US is to "promote the progress of science and useful arts" (as seen in the Constitution). Since they have never had this ability before, it is hard to argue that it has caused the sciences and arts to suffer. Once again, we'll lose and they'll gain.

The owner of that song can choose to let you buy a really cheap rights package that entitles you to listen to it all you want for a limited time, for a price of around $1. That would be a good thing in a lot of ways, no?

How is removing my current ability to keep what I pay for a good thing? I guess you're implying that it could be cheaper for me this way. Are you suggesting the media industry will be willing to take in less profit from me?

Welcome to Earth. ;-)

On my planet, the media industry has tried to conrol each new technology and failed every time.

Devon

Re:I've worked with Intertrust

[Twirlip+of+the+Mists]

Any implementation will restrict my ability to use the media blah blah

That's simply not so. I've had to make this point about ten times now; is no one listening? Intertrust, and similar systems, protect the original digital media content. You are free to do whatever the hell you want with the media, as far as Intertrust is concerned, once it becomes analog. Analog piracy has never been a big concern to the media producers, so they're not all that interested in trying to prevent it. The side effect of this approach is that Intertrust won't infringe on any legal, legitimate use of any protected media. In fact, it won't even infringe on illegal, illegitimate uses that occur strictly in the analog realm. If you want to put a copyrighted recording of a song into one of your home movies, go right ahead. Put the microphone right up to your speaker and press "play," or use a pair of RCA cables, or whatever you want. Intertrust doesn't care.

And those limits are rendered useless by the technology.

Congratulations. You've come to the realization that technology can be used to break laws. Whether it's deliberate or not, whether it's done by the consumer or the producer, it's possible for technology to either give or take away rights that one or the other party isn't entitled to.

The cool thing about Intertrust is that it explicitly separates the media from the rights from the exercise of those rights. If RecordCo releases a rights package that is more restrictive of the consumer than the law allows in a particular jurisdiction, then somebody from that jurisdiction can ask the court to compel RecordCo to release a revised rights package that complies with the relevant law. RecordCo, because they used Intertrust (or a conceptually similar system), can just release a new rights package that is available only to customers in that jurisdiction. Easy solution to what is, right now, an impossible problem.

What most people seem to forget is that there is no "natural right" to copyright.

Yawn. I'm not going to get into an argument about this. Copyright is the law of the land, in virtually every jurisdiction on earth. DRM is going to happen sooner or later to implement copyright protections with technology. The only question is whether the system will be technologically sound or not. And, frankly, even that question isn't terribly important, because a good DRM system will succeed in the market while a bad one fails. So really, this whole conversation is just academic. Interesting, but not really that important.

How is removing my current ability to keep what I pay for a good thing?

Because it allows you to pay less for something you don't intend to keep. More choice for the consumer is a good thing, dude.

On my planet, the media industry has tried to conrol each new technology and failed every time.

I don't know what planet that is, but you're not talking about this one. Lobbying on the part of media companies to "control new technology" is strictly a phenomenon of the 80's and 90's. You're whole take on this, in fact, appears to me exceedingly short-sighted.

Remember what Minsky said. He said, "We are in the thousand years between no technology and all technology. We're still in the dark ages."

Re:I've worked with Intertrust

[devonbowen]

That's simply not so. I've had to make this point about ten times now; is no one listening?

Listening, yes. Buying, no. First, analog piracy? Why do you say piracy? I'm talking about fair-use. Second, it's never been a big concern? Then why did the VCR case go to the Supreme Court? Why taxes on blank analog media?

True, Intertrust doesn't prevent analog use. No system possibly can unless it's wired into our brain. But you fail to show how it's a Good Thing to reserve the use of digital data only for the industry. You seem to just take it as an axiom.

it's possible for technology to either give or take away rights that one or the other party isn't entitled to.

Right. Something that isn't true now. So the introduction of this technology takes abilities away from consumers that they currently have. You just seem to think this is fine.

Yawn. I'm not going to get into an argument about this. Copyright is the law of the land, in virtually every jurisdiction on earth.

I am not arguing against copyright. Copyright is necessary. The question is the balance of power between the industry and the people. At the moment, that balance seems pretty fine. The industry is making money hand over fist and people have the ability to use the technology with little restriction. (And don't give me that bullshit about them losing money lately. They had their largest peak in profits the same quarter that Napster peaked and then they shut it down. How stupid do they need to be to not see the obvious correlation?) What you propose dramatically shifts the balance toward the industry and removes creative use from the people. I just see no benefit to that. Unless you happen to work for Intertrust, of course.

Because it allows you to pay less for something you don't intend to keep. More choice for the consumer is a good thing, dude.

It's a good thing to give the industry the ability to charge us per listen? That's so silly I don't even know what to reply. What makes you think they will give us more choice when they have the power to not do so? Just because they're nice?

Lobbying on the part of media companies to "control new technology" is strictly a phenomenon of the 80's and 90's.

This goes back to the invention of radio. How do you think the royalties system was invented? Just a bunch of guys being nice to each other? The only technologies they have been able to control are those that aren't in the hands of the people. They failed to control cassette tapes in the 70s, VCRs in the 80s, and CD/DVD in the 90s. Luckily I still have rights to use these things as I please. And, you know what? The industry has not collapsed. Quite the opposite actually. Had they succeeded in limiting these things, they wouldn't be doing nearly as well.

You're whole take on this, in fact, appears to me exceedingly short-sighted.

So because I don't agree with your vision of the future, I'm short-sighted? Nice troll. And funny you quote Minsky to make your arguments sound all intellectual and forward-thinking. His was recently one of the signatures on the amacus brief against the DMCA.

Devon

Re:I've worked with Intertrust

[Twirlip+of+the+Mists]

I was going to respond to your post, but upon reading something else you wrote, I realize that there would be no point. You said:

I consider it [the trading of music] neither illegal nor immoral.

That tells me everything I need to know about you. Only the copyright holder of a work has the right to determine how that work is distributed. This most basic principle is embodied in both national and international laws. Your arrogant denial of this fact says to me that you're not interested in accepting the principles of copyright law. Therefore, your opinion on all such matters-- especially matters concerning rights management and license enforcement-- is of no value to me whatsoever.

If you should change your opinions and decide to start living within the boundaries defined by the law, let me know. I'd like to have an intelligent discussion on this matter with you. But as long as you reject the fundamental principles on which copyright is based, I really have nothing at all to say to you.

Re:I've worked with Intertrust

[devonbowen]

This most basic principle is embodied in both national and international laws.

So now he's a lawyer. Ok, let's look at some text from the WIPO Copyright Treaty:

Contracting Parties may, in their national legislation, provide for limitations of or exceptions to the rights granted to authors of literary and artistic works under this Treaty in certain special cases that do not conflict with a normal exploitation of the work and do not unreasonably prejudice the legitimate interests of the author.

In other words, while the author has primary rights, signing countries can make exceptions to these in their local implementations. Or, if you'd like, we can look at the more recent European Copyright Directive which tells its states:

In certain cases of exceptions or limitations, rightholders should receive fair compensation to compensate them adequately for the use made of their protected works or other subject-matter.

So you can create exemptions but you should throw a little money toward the author for doing so. This clause was added because many European countries already had a tax on blank media and they were limiting some of the authors rights in exchange. Specifically, they were legalizing copying in some cases. Or, hell, let's get crazy and look at the US Federal Audio Home Recording Act of 1992 wherein it states:

No action may be brought under this title alleging infringement of copyright based on the manufacture, importation, or distribution of a digital audio recording device, a digital audio recording medium, an analog recording device, or an analog recording medium, or based on the noncommercial use by a consumer of such a device or medium for making digital musical recordings or analog musical recordings.

Wow. Did you read that? So under US law a consumer can not be prosecuted for making non-commercial copies of music they buy. Sounds like what I do. Wild, eh?

Oh well, this is getting tiring. Tell you what, you keep telling yourself that authors have absolute power and I'll keep making my legal copies. That way we'll both be happy. Oh, and next time, don't be quoting me out of context.

Devon

Re:I've worked with Intertrust

[Twirlip+of+the+Mists]

Oh, and next time, don't be quoting me out of context.

If you're so concerned about being quoted, perhaps you'd best watch what you say.

Re:I've worked with Intertrust

[seaan]

Sounds like a fairly typical well designed DRM system. I've worked on a team that was designing a similar system (we lost the bid, but the system eventually became DIVX). I also it find it interesting reading "Twirlip of the Mists" replies to complaints, because that is where I was 7-8 years ago. Aside: I suspect some of our early designs might provide prior art against some of those vaunted Intertrust patents, have to check into that one of these days.

The people asking for the DIVX design had a lot of idealism floating around. They were comparing this with the electrical meter. Before meters were invented, people were charged for electricity based on the number of lights they had in the house. The meter allowed them to actually measure how much electricity was used, and charge people based on their true use instead. The DIVX people reasoned that consumers could pay for how much or how little they actually wanted to use, and that both the consumer and the producer/copyright holder would be better off because of that.

That was back in the days when I had a looser understanding of copyrights, and the historical context in which they were placed. Some of my co-workers even now feel that copyright holders should have whatever control they want over their work, and that public libraries should be outlawed because of theft! I vaguely felt things were wrong then, but it took me quite a few years to solidify my reasoning.

Here are my current top reasons for disliking these systems:

* The protection lasts forever, or until the company dies! Nothing that only appeared on DIVX is ever going to make it into the public domain (unless future historians can make obscure disc players and crack the DIVX DRM system). Once the InterTrust server goes down, the "access rights" the consumer thought they "bought" are going to be worthless!

* The access rights, and types of access rights are under the control of the copyright holders, and they have a government granted monopoly! In reality, the government monopoly is only supposed to give them certain rights, but the DRM system allows them to pretty much do what they want (in the absence of affirmative copyright laws, which are not currently on the books, no one thought that they had to make certain things like the ability to read a book you just bought an explicitly name right in the copyright law). This is the classic problem with the DMCA, it protects DRM but places few to no limits on how the DRM may be used.

* The access rights can change based on the DRM controller's whims. You might have a legal recourse, and than again with our current society's EULAs, sneakwrap, and ever changing privacy policies I would not count on it. What happens when you find your "forever viewing" access blocked because:
1) The author dies, and the new copyright holders can't abide the work.
2) The government has decided this work is offensive (obscene/politically-incorrect/etc.), and should not be viewed by the public.
3) It turns out this item was a violation of someone else's copyright and the DRM controllers have been ordered to "shred" all copies.

Perhaps these objections would not be any trouble if DRM only protected "frivolous entertainment", but the overall trend starts to look pretty bad when you consider DRM protecting a wide range of societies output. Consider how this might have worked in the past, such as not being able to read Uncle Tom's cabin in the south, because certain states were able to block DRM rights (because of the offensive content). In the long run, DRM will be very dangerous to a free society!

Re:I've worked with Intertrust

[Twirlip+of+the+Mists]

Once the InterTrust server goes down, the "access rights" the consumer thought they "bought" are going to be worthless!

Nope. The only time you have to interact with any servers is during a transaction. You buy an authorization certificate and download that from the vendor's e-commerce server. The you download the content package (if you don't already have it), and use your authorization cert to get a rights package corresponding to whatever rights you bought. Once you've done that, your interaction with Internet servers is over. From that point on, everything is done within the Intertrust client built in to your device. If you press the "play" button, the built-in Intertrust client checks the rights package to see, for example, if your license has expired. If it hasn't, you're good to go. All the business rule logic is handled inside the device itself.

A well-written rights package will include an expiration date beyond which the rules will no longer apply. In fact, sellers might be required to include this provision or be in civil violation of Title 17. So after the copyright on a work expires-- after the work enters the public domain-- its Intertrust package will allow the user to do whatever he wants with the content.

Of course, this goes back to what I initially said. In order to work properly, Intertrust requires a lot of very complex infrastructure. Well-written, correct, and complete rights packages are a part of that infrastructure. Can we, as a society, pull it off? I don't know. I'd say the chances of deploying this system on a large scale in such a way that it works perfectly are somewhat less than 50/50. On a limited scale-- say, as part of an HDTV VOD-to-the-home system-- the odds go up sharply.

In reality, the government monopoly is only supposed to give them certain rights...

That's not true, though. Read Title 17. It grants the copyright holder absolute rights over his work and the use and distribution thereof until such time as the copyright expires. It then sets out certain exceptions to those absolute rights, such as what's commonly called "fair use." If you're the copyright holder, you get to call the shots, subject only to a narrow and clearly defined set of exceptions.

A good DRM system-- and Intertrust looks like a good DRM system to me, at least on paper-- simply allows the copyright holder to enforce his rights, granted under law, with technology. It's conceptually no different than putting a lock on your door. (Yes, it's actually quite different from that. But at the most basic level, that's pretty much what it is: using technology to make sure people don't do something that they're not allowed to do.)

As an aside, one of the areas where they're really, really interested in this kind of system is in broadcast TV. Let's use the example of a small TV station. There's no network programming on a Sunday afternoon, so the station has to go out and buy some programming to fill that airtime. They buy a syndicated movie package. The license that they buy-- which costs what you or I would consider to be a small fortune-- says that the station is entitled to air "Two Mules for Sister Sarah" six times in a 12-month period. They can show it any time of day, any day of the week, or any week of the year that they want, but only up to a maximum of six times.

What happens if that small TV station accidentally programs that movie to air 7 times in one year? They have to pay a massive fine to the syndication company, that's what. And if the movie package cost a small fortune, wait 'til you see how the fines can add up.

This happens all the time. It's hard to keep track of what programming has been aired and when, and syndication broadcast licenses are always much, much more complex than the example I gave. (The license will tell the broadcaster that they can only run the movie on a weeknight after 11:00 PM and with no more than three commercial interruptions per hour, except for the last hour and then only on days with an L in them... and so on.) So TV stations are fascinated by the idea of some kind of system that will help them keep tabs on what rights they bought and what rights they've exercised, and help them prevent accidental license violations. It'll save them a lot of money over the course of a year or two, so they're willing-- even eager-- to invest in it.

That's just one example of how DRM is a bigger issue than most Slashdotters think it is. There are many examples like it that most people have simply never heard of before.

Okay, end of aside.

The access rights can change based on the DRM controller's whims.

Again, no. Once you've bought a rights package, you're done interacting with the seller. The rights that you've bought can't be changed or revoked through technical means. And I don't mean "can't" in the sense of "it's prohibited." I mean it literally is not possible; there's no communication between the licensor and the licensees at all except for the actual licensing transactions themselves.

What happens when you find your "forever viewing" access blocked because....

Again, because the Intertrust client is completely self-contained, these things you talk about can't happen. At least not through technical means within the Intertrust framework.

Just to make sure I'm clear, the key insight here is that Intertrust calls for a self-contained DRM system embedded into whatever media devices are chosen to implement it. During a licensing transaction, the user downloads-- through whatever connection is appropriate for the device in question-- the encrypted media content itself and a rights package that defines the complete set of rules for that content's use. The rights package will codify what the user is allowed to do within the license, what he's allowed to do under fair use, and what he's not allowed to do. It will also include an expiration date, after which the DRM system will simply stop saying "no;" that date corresponds to the point at which the work is no longer protected by copyright. The big advantage here is that all of these rules will be set out in the rights package itself, and available for scrutiny. If you think a rights package infringes on your fair use rights, sue the licensor under Title 17 and let a court decide if you're right.

Re:I've worked with Intertrust

[xigxag]

If you're so concerned about being quoted, perhaps you'd best watch what you say.

Since Devon absolutely owns the copyright to his own statements, by your own admission he has absolute right to command you not to quote him out of context, or for that matter not to quote him at all.

Or do you think your grandiose pronouncement that "only the copyright holder of a work has the right to determine how that work is distributed" only applies to big corporations and not to ordinary blokes like Devon Bowen?

Or maybe you'll concede that there are exceptions to your apparent belief that copyright is paramount over user rights?

And BTW, what happens when the copyright runs out on those Intertrust encrypted tunes? Will they automatically unlock into the public domain? Do you still persist in this belief that it's impossible for Intertrust technology to possibly infringe upon a person's existing rights?

Re:I've worked with Intertrust

[Twirlip+of+the+Mists]

Since Devon absolutely owns the copyright to his own statements, by your own admission he has absolute right to command you not to quote him out of context, or for that matter not to quote him at all.

Nope. Limited quoting for the purpose of criticism is expressly allowed under Title 17. Read the law.

Or do you think your grandiose pronouncement that "only the copyright holder of a work has the right to determine how that work is distributed" only applies to big corporations and not to ordinary blokes like Devon Bowen?

I think that particular grandiose statement is absolutely correct, according to Title 17. The only exceptions are those listed under the article describing fair use, and trading music with friends doesn't qualify.

Or maybe you'll concede that there are exceptions to your apparent belief that copyright is paramount over user rights?

Nope. The law says that a copyright holder has absolute rights over his work, with only the narrow and strictly defined exceptions listed under fair use. How can they get away with this? Copyright is limited in duration.

And BTW, what happens when the copyright runs out on those Intertrust encrypted tunes? Will they automatically unlock into the public domain?

Yes. This will be programmed into the rights package that governs the media's use. This provision is already mandated by law.

Do you still persist in this belief that it's impossible for Intertrust technology to possibly infringe upon a person's existing rights?

Possibly? Sure. Anything's possible. The absence of an Intertrust-like system means it's possible for users to infringe on copyright holders' rights. A gun makes it possible for one person to shoot another. The fact that a thing makes something bad possible doesn't mean that the thing itself is bad, or that it's not better than the absence of that thing.

DRM is justified, both ethically and under law, and it's inevitable. The only question is whether we'll get a good system or a bad one. Intertrust appears, to me, to be a good one.

Re:I've worked with Intertrust

[Twirlip+of+the+Mists]

No one fucks with me and gets away with it.

So... your bad-ass retaliation is to mod me -1, Troll once every couple of months? Man, do you ever have me shaking in my boots.

Yawn.

Re:I've worked with Intertrust

[xigxag]

Limited quoting for the purpose of criticism is expressly allowed under Title 17. Read the law

Title 17 Sec 107 basically states that if an act is deemed as fair use, it is not an infringement of copyright. It doesn't "expressly allow" any particular usage but sets guidelines to determine whether that use is fair use or not. I'm only mentioning this because you seem to be unwilling to admit you are mistaken about anything, and yet, you are.

The only exceptions [to the absolute right of copyright holders] are those listed under the article describing fair use,

That would be incorrect as well. Fair use is Sec. 107. See Sec. 108, 109, 110, 111, 112, 1008 and 1202(e) for more exceptions to the rights of copyright holders.

and trading music with friends doesn't qualify

Doesn't qualify under Sec. 107, although whether it qualifies under 1008 is an open question at this point.

The other thing you're failing to notice is what happens if someone wants to make a perfectly legal "fair use" of a digital recording? How does the rights package allow for that? Let's say I want to send a 20 second snippet of a song to a buddy to explain to him why he should or shouldn't buy it. (Criticism) That ought to be permissible under sec.107. How does the rights package allow me to assert my privilege to do this? And if it allows any given 20 second snippet, then how will it prevent 10 20-second snippets, i.e. the whole song?

What happens when the copyright runs out on those Intertrust encrypted tunes? Will they automatically unlock into the public domain?

Yes. This will be programmed into the rights package that governs the media's use. This provision is already mandated by law.

So, we should be expecting those old DIVX disks to unlock after their copyright expires, too? What law is it that you say "mandates" this provision? I don't see that there is any necessity on the part of a content creator to make sure its work passes smoothly into the public domain at the appropriate time. Furthermore, I don't think it's even a given that Intertrust will be around in 95 years or more to unlock all these packages.

Re:I've worked with Intertrust

[Twirlip+of+the+Mists]

Title 17 Sec 107 basically states that if an act is deemed as fair use, it is not an infringement of copyright. It doesn't "expressly allow" any particular usage but sets guidelines to determine whether that use is fair use or not.

Wrong. Section 107 reads, in relevant part,

"[T]he fair use of a copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified by that section, for purposes such as criticism [...] is not an infringement of copyright. In determining whether the use made of a work in any particular case is a fair use the factors to be considered shall include [...] the amount and substantiality of the portion used in relation to the copyrighted work as a whole."

So the limited use of a work for purposes of criticism is, as I said, expressly permitted by law.

Doesn't qualify under Sec. 107, although whether it qualifies under 1008 is an open question at this point.

Of course it isn't. Section 1008 refers to "the noncommercial use by a consumer of such a device or medium for making digital musical recordings or analog musical recordings." If you're trading music with friends, you cannot call that use "noncommercial," because the word "commerce" refers to the exchange of goods or commodities, whether money is involved or not. If you make a recording of a copyrighted work that you own, say so you can carry it around in your car, that use is protected under section 1008 because it's noncommercial. If you give that copy to somebody else, though, that's an exchange of goods-- you exchanged the recording for nothing-- and as such as a commercial transaction. Sharing and trading of copyrighted music is not protected under 1008.

The other thing you're failing to notice is what happens if someone wants to make a perfectly legal "fair use" of a digital recording?

The law provides you with no such right. You can exercise every nonexclusive right under Title 17 using analog technology only, so DRM systems such as Intertrust that prevent the licensee from making bit-for-bit copies of media for fair use purposes are not in violation of the law.

Let's say I want to send a 20 second snippet of a song to a buddy to explain to him why he should or shouldn't buy it. (Criticism) That ought to be permissible under sec.107. How does the rights package allow me to assert my privilege to do this?

Hold a microphone up to the speaker and press "play." Or use analog audio jacks to make a recording. The system will prevent you from using the original digital media for this purpose, but because it doesn't prevent you from using analog copies of the media, it doesn't infringe.

So, we should be expecting those old DIVX disks to unlock after their copyright expires, too?

WTF does that have to do with Intertrust? I think you're confused.

Furthermore, I don't think it's even a given that Intertrust will be around in 95 years or more to unlock all these packages.

Sounds like you're not listening to what I'm saying. This issue has been beaten to death here. I've already responded to all of your questions and objections in this and other postings. If you have new questions, I'll be happy to respond to them, but I'm not interested in simply answering the same three questions over and over for people who aren't reading.

Re:I've worked with Intertrust

[Twirlip+of+the+Mists]

But think of your karma Twirlip, think of your karma... it will progerssively get lower and lower with the more troll mods you get and you can't do anything about that!

Except for the fact that I get many, many more up-mods than down-mods. Spend every one of your five mod points on me every time you get them. I'll still be capped.

You are quite irrelevant to me. You're not even an annoyance. In fact, you're kind of entertaining, in a small way. Keep up the good work.

Re:I've worked with Intertrust

[xigxag]

So the limited use of a work for purposes of criticism is, as I said, expressly permitted by law.


I find it inconceivable that you persist in claiming that the law you just quoted "expressly permits" criticism, so I suppose you are just fooling around after all.

However, for the benefit of others, it should be stated that what the law expressly permits is "fair use" and it includes examples of what might be considered fair use, such as "criticism, comment, news reporting, teaching (including multiple copies for classroom use)..."

However, as Barbara Weil Gall" points out, "If all teaching use were fair use, there would be no need for students to purchase textbooks." In other words, just because something is teaching, or criticism, or whatever, doesn't make it "fair use" and doesn't, contrary to Twirlip's assertions, make it expressly permissible. Actually, no specific instantiation of fair use is "expressly permitted," but each possible infringement must be weighed against the totality of mitigating circumstances mentioned within.

So, we should be expecting those old DIVX disks to unlock after their copyright expires, too?

WTF does that have to do with Intertrust? I think you're confused.

It has to do with your blanket assertion that Intertrust technology is obliged to allow its encrypted work to return to the public domain when we have already seen in the recent past other technology which fails to do so. I don't recall any suits being brought for this reason against Digital Video Espress, LP back when it still existed, and tellingly, now that it does exist, who do I sue when my copy of "Flashdance, the Exclusive DIVX edition" falls out of copyright? But I suppose we ought to believe that this time it will be different, based upon the unsupported opinions of a self-described non-employee of Intertrust who has no vested interest in seeing the technology succeed or fail. Wink, wink.

If you have new questions, I'll be happy to respond to them

No, I agree that this has gone on quite long enough.

Re:I've worked with Intertrust

[seaan]

The only time you have to interact with any servers is during a transaction.

This is a little different than I'm used to, but perhaps it depends upon the definition of a "transaction". I'm used to DRM systems that contact the host on a regular basis to see if the details have changed. Typically this is done by having the client contact the server in a poll transaction, usually whenever a protected item is accessed (DIVX had a complex sets of rules here), to see if a new transaction or other change of status has occurred.

So from the sounds of it InterTrust has some type of push mechanism where you have to update the rights package during a customer driven transaction, but the client does not have to actually access the server. This is better than usual, especially when combined with a "fail-open" expiration date. I've never heard of a typical DRM customer who wants "fail-open", so I imagine this is actually a "setting" in the rights package, and not something required by the InterTrust system (back to the copyright holders getting too much control issue).

The fact that InterTrust does not currently "automatically" update the rights package is probably a good thing (from the user rights standpoint), but I would not count upon it remaining that way. It is very counter to the way things are going in the industry (think Windows XP and all the automatic updating). Once updating occurs, all the actions I've mentioned have the potential to come into play. It may not even be InterTrust's plan, remember the judge who ordered SonicBlue to start keeping records of it's PVR user's actions (ultimately rejected in that case, but a hint of potential future problems).

Read Title 17. It grants the copyright holder absolute rights over his work...

I'll start by mentioning that copyright law is probably second only to the tax code in complexity, so the definition of absolute is not what any normal person would think. I'm going to break this down into two types of comments - how copyright is supposed to work, and how it actually works. Needless to say, this will be vastly simplified, and I'd recommend Litman's __Digital Copyright__ as a good next step.

In the USA, copyright is supposed to be balance that promotes the arts by giving certain temporary rights to creators, specifically to "expressions" and not the "facts" (you can copyright a novel, but not a phone book). In theory this balance is set by congress, but in fact for the last 100 years copyrights have been set by copyright conventions where various stakeholders (publishers, movie studios, writers guilds, etc.) get together and agree to a set of changes. Each of these conventions have similar styles, where the copyright holders make sweeping new claims of power (of course they claim this was always the way it was supposed to be), while the other stakeholders carve narrow exceptions for themselves. For example the 1998 DMCA came out of the 1995 convention where the copyright holders make the sweeping claim that all copies are acts of infringement, thus making the computer a "natural infringer" because it can have multiple copies of copyrighted item at once. While the convention members should have rejected this as ridiculous (it does not pass a simple smell test, this means that the copy of the book made by your eyeglasses are also an infringement), instead the stakeholders carved out exemptions for themselves (librarians got archival exemptions, the software industry got reverse engineering exceptions, etc.). The general public was not represented at the convention, and got screwed!

So now you can see why copyrights are so riddled with exemptions, because they are mostly based on overbroad claims. Another way of thinking about copyrights is that it is essentially a "contract" between a copyright holder and the purchaser. The copyright laws define the proper "defaults", and under most circumstances these defaults cannot be overridden. The classic example is the "first sale" doctrine. About 100 years ago a publisher included a notice on the book prohibiting resale of the book (this is something they could do if they had absolute rights as you imply). The courts determined that during a sale protected by copyrights (as opposed to an individually negotiated contract), that the copyright holder could not overrule the rules. This may have later have been formalized in law, but the original case basically was judicial interpretation of the copyright balance. It would not be too far off to say the last 100 years of copyright conventions have been mostly about setting the "defaults".

So lets wrap this up this discussion of copyrights with three definitions: prohibited-use, fair-use, and unregulated-use. A prohibited-use would be something like making and selling illegal copies, in other words copyright infringement. The "fair-use" is a gray area, often with conflicting precedence, but essentially allows certain actions like quoting part of a copyrighted item for review or making a back-up copy. An unregulated-use is the normal case, for example reading a book or lending a book to a friend. The problem with DRM systems is that they can block both "fair-use" and "unregulated-use". Ignoring fair-use for a moment, lets concentrate on unregulated use. There are a whole bunch of unregulated-uses, which are not formally protected by law, but are part of the default of the copyright transaction. An example is that we assume you will always be able to read/view the copyrighted work (otherwise why would you get it). Many DRM systems don't allow you to lend or resell the copyrighted item, which means they are effectively removing the customer's first sale rights.

There are two ways to look at this, and the truth is probably somewhere in-between. The copyright holders current stance, backed up by some lower-court decisions, is that they have no affirmative requirement to make "unregulated-use" easy (which unfortunately even some courts have confused with "fair-use"). In other words if the DRM system makes certain non-infringing uses difficult, the copyright holder is under no obligation to provide an alternative. I believe (or at least hope) this literal reading of the law will be overturned as the issue reaches higher courts; otherwise the "defaults" go out the window all in favor of whoever controls the DRM system (usually the copyright holder).

The positive spin on this is that new "transactions", with their own defaults may be setup. For example, I think there is general agreement that video rentals can have different rules than video sales. If it is a sale, a back-up copy by the "viewer" should be allowed, but should not be permitted for a rental. As a matter of fact, section K of the DMCA just this point. But in doing that, it also provides us with an excellent example of what happens when poorly written laws are combined with opportunistic copyright holders! In order to protect the video rental market, they required MacroVision/CopyGuard circuits in all video recording devices. But congress did not put any limits what they could copy protect, and most of the publishers proceeded to copy protect all of their products, not just the ones for rental. The end result is that the consumer was screwed out of both unregulated and fair-use rights by a congressional mandate. So in summary I am in favor adding new types of transactions, many of which we can't foresee now, which will be very good for both the consumer and industry. But congress has a poor track record of predicting them, and for the last 10 years or so has excessively favored existing copyright holders at the expense of both citizens and new businesses.

Re:I've worked with Intertrust

[seaan]

A well-written rights package will include an expiration date beyond which the rules will no longer apply. In fact, sellers might be required to include this provision or be in civil violation of Title 17. So after the copyright on a work expires-- after the work enters the public domain-- its Intertrust package will allow the user to do whatever he wants with the content.

This is a misunderstanding of copyright law, but is part of a very interesting subject. Copyright holders currently have no affirmative requirements to ensure their work enters the public domain. It used to be that in order to get a copyright, you had to send an archival copy to the library of congress. The film studios complained of the expense, and got an exemption at some point. Later this registration requirement was mostly eliminated in the 1976 copyright act. The result of the film exemption is the loss of over 80% of the silent films (between nitrate deterioration and studios destroying "worthless" films)!

If you believe the copyright balance requires the entry of the protected work into the public domain, you will be disappointed by how things are working now (not working is more accurate). In a previous post I've already mentioned the example that anything that was only released on DIVX is essentially lost to the public domain. This is a problem shared with virtually all complex DRM systems (including InterTrust under many circumstances). About the only fix I can think of, is to go back to an archival registration requirement when the copyrighted item will be protected by DRM.

There is closely related problem that is definitely a /. topic as well. Certain elements of items protected by copyright will never enter the public domain. A good example (which I have seen mentioned on /. before) is Visicalc. The original author got permission from the copyright holders to giveaway the Visicalc 1.0 program. The problem was that no one had saved the source code (the company had thrown it away as worthless), and most of the surviving media were copy-protected 5.25 inch floppies that won't work with most of today's computers. Society got lucky, because someone had made an unauthorized copy of the non-copy protected program and retained it over the years.

Lawrence Lessig has proposed that in order for software to receive copyrighted protection, they must register the source code for archiving. It is an interesting proposal (he also proposes changing the copyright term, perhaps having a different time for the program vs. the source code). Some have argued against the concept, stating that writers don't have to preserve their notes. Going back to the purpose of copyrights (to promote the progress of arts and science in the USA), I think a requirement to archive source code makes a lot of sense. Of course there are a few small issues, like making sure the build instructions get archived too :-)

Re:I've worked with Intertrust

[Twirlip+of+the+Mists]

I find it inconceivable that you persist in claiming that the law you just quoted "expressly permits" criticism...

Are you not reading? The law, as quoted, says that the limited use of a work for the purpose of criticism is non-infringing. This is not complex, or ambiguous, or difficult to understand. It goes on to say that a few key factors should be taken into consideration when determining whether a particular use is fair or not, but that doesn't change the fact that the law says that limited use for criticism is explicitly non-infringing.

I don't recall any suits being brought for this reason against Digital Video Espress, LP back when it still existed, and tellingly, now that it does exist, who do I sue when my copy of "Flashdance, the Exclusive DIVX edition" falls out of copyright?

You sue the same entity you would have sued before: the copyright holder. Go right ahead.

The court, however, will almost certainly find no justification for your suit because numerous unprotected analog copies of that movie exist, both in public and in the archives of the copyright holder. The public domain, therefore, on whose behalf you would be filing suit, suffers no harm from the inaccessibility of the data on the discs issued by the now-defunct company.

Which kind of puts the whole "what happens when the copyright expires?" objection to bed, in my book.

But I suppose we ought to believe that this time it will be different, based upon the unsupported opinions of a self-described non-employee of Intertrust who has no vested interest in seeing the technology succeed or fail. Wink, wink.

Dude, I work at a restaurant. I've been a professional chef since I was laid off by my former employer earlier this year. If you think I've got a vested interest in any of this stuff, you've got another thing coming. I just get sick of people who set up straw-man arguments and who-- deliberately or innocently-- misinterpret the law to try to argue that DRM is somehow unjust, unfair, or unlawful.

It's a free country, man. Anything that is not prohibited by the law is allowed. The use of technology to prevent the unlawful copying of copyrighted materials is not prohibited; it's totally legal. But the unauthorized copying of copyrighted works, with the narrow and specifically defined exceptions codified by law, is prohibited. Trying to bend the idea of fair use to fit anything that you might feel an urge to do is just a mockery.

Re:I've worked with Intertrust

[Twirlip+of+the+Mists]

I'm used to DRM systems that contact the host on a regular basis to see if the details have changed.

That's what makes Intertrust different from lots of other DRM systems. It doesn't include any such requirement. It's optional, of course; for example, a system built on Intertrust might allow you to buy individual viewings of a movie, but that system would really just be putting a pretty user interface on what is essentially the same set of transactions: you buy an authorization, use the authorization to retrieve the rights package, and then execute the rights package on the media.

So from the sounds of it InterTrust has some type of push mechanism where you have to update the rights package during a customer driven transaction, but the client does not have to actually access the server.

Nope. Downloading a rights package is a one-time deal. There's no mechanism for the licensing authority to contact the client, only for the client to contact the licensing authority to download new rights packages. There's no "push" involved.

Maybe an analogy will make this more clear. Let's say you go to the record store, and are given the option of buying various rights packages for a given CD. You can buy the unlimited rights package for the CD ($19.99), which lets you listen all you want, forever. Or you can buy a package that lets you listen all you want for a month ($4.99), or you can buy a package that lets you listen only once ($0.25). In any case, you go home with the CD and an index card with instructions on it. The card may say, "You can listen to this CD all you want," or it may say, "You can only listen to this CD one time."

Whichever rights package you bought, you follow the instructions to the letter. Let's say you bought the one-time rights package. After listening to the CD, you decide it's pretty okay, so you go back to the store and buy the one-month rights package. Instead of carrying a new copy of the CD home, you just pay your $5 and bring home a new index card. You follow those instructions to the letter again, and listen to the CD all you want for the next month. You can then choose to keep buying limited rights packages for as long as you like, or you can just buy the unlimited rights package. If you think you'll be sick of the CD after two months and will never listen to it again, you can just buy two one-month packages and save some money.

That's exactly how Intertrust's system works, except it's all data. The client (which is embedded hardware or software) follows the instructions on the rights package. Once you've downloaded the rights package (or bought the index card), you've got everything you need to use the media.

The fact that InterTrust does not currently "automatically" update the rights package is probably a good thing (from the user rights standpoint), but I would not count upon it remaining that way.

You can count on it until they fundamentally reengineer the Intertrust system design. It's just not built that way.

But if you want to hold up the possibility that they might do it as a reason why Intertrust should not be adopted, go ahead. Meanwhile, I'll argue that you might call somebody a dirty name in a Slashdot post, and get your posting privileges revoked. ;-) (Of course, I'm just kidding. I just wanted to point out that it's kind of silly to talk about how things might be, when that might is so far removed from the present reality.)

Re:I've worked with Intertrust

[Twirlip+of+the+Mists]

Copyright holders currently have no affirmative requirements to ensure their work enters the public domain.

That's true, but it would be easy to imagine a situation in which that particular aspect of the law is reinterpreted if all publicly available copies of a work are protected by encryption. In that case, the absence of an action on the part of the copyright holder to ensure that their work becomes available in unencrypted form upon the expiration of the copyright would amount to a guarantee that such would not occur. That's a new wrinkle, and it wouldn't be too far-fetched to imagine a court placing a new burden on copyright holders in response to it.

The key word in my sentence, of course, was "might."

In a previous post I've already mentioned the example that anything that was only released on DIVX is essentially lost to the public domain.

I am unaware of any such work that was only released in that format and that does not exist in an unprotected form.

About the only fix I can think of, is to go back to an archival registration requirement when the copyrighted item will be protected by DRM.

Which is why I said I can imagine the court deciding to require copyright holders to ensure that an unencrypted version of their works becomes available upon expiration of the copyright. Doing so by placing a physical copy with the Library of Congress places a heavy burden, while requiring a expiration date in DRM rights packages does not.

Lawrence Lessig has proposed...

Lessig's liberal ideas (and I mean that term literally, not pejoratively) on copyright and other intellectual property matters are well known. I would recommend taking his opinions with a grain of salt; they certainly have value, but they would be well-served by a more balanced and conservative approach.

In my opinion, Lessig's biggest shortcoming is that he ignores, or at best trivializes, the fact that unauthorized distribution of copyrighted works via Napster and its successors has reached levels undreamt of as few as five years ago. A world with no technology for copy prevention is a world that must work on the honor system. As long as otherwise law-abiding adults are willing to ignore the expressly granted rights of copyright holders and distribute works without permission, DRM is inevitable.

If you can figure out how to get us back to an honor-system world, I'd love to hear about it. Until then, though, the question won't be whether we have DRM or not, but rather which system or systems.

Re:Lucrative business? The gatekeeper returns!

[zurab]

Maybe competitors will crack each others DRM systems to prove them insecure and "leak" code through 14-year-old kids in northern europe.

Competitors? I thought it was the function of the RIAA (and similar groups worldwide) to make sure there are no competitors and/or competition.

While it looks like this is another DRM solution, I don't think it will matter much for consumers. Nothing will prevent both DRM implementations to interoperate within each other and/or charge additional fees to consumers for such interoperation.

Re:Question...

[SJ]

Actually, the collective buying power of us "open source nutjobs" is a mole on the ass of the buying public. Whether we boycott or not, it won't be noticed in the aggregate against the masses buying Britney Spears and N'Sync.

Don't forget though, that all of us NutJobs are usually the "Technical Person" in our respective companies.

When I found out about BMG, I distributed a company wide email saying to be careful of anything produced by BMG because of copy protection.

I then defined copy protection as

1) Won't play on your car CD player
2) Won't play on your computer
3) Won't play on your older CD player
4) Can't be put on your favourite MP3 player
5) Can't be played on your DVD player
6) May not even work at all.

Sure some of it is FUD on my part, but I now have about 50 people consciously not buying BMG stuff.

We may only be a small group of people, but we have the ear of many many more consumers. Don't forget that simple fact.

Defending their back catalog ...

[LL]

The internet has suddenly exposed the distribution mechanism wide open. Historically it was easier popping down to the music store rather than advertising for the music you wanted. The sale of old CDs/vinyls through auction sites such as eBay means that what the major studios/distributors throught of as consumable good suddenly becomes a capital good. This is the difference between lease v sale and it is impossible to radically change the pricing least the consumers revolt. Attempts so far to move towards a licensing model (a la software) have been resisted by courts (cough*DVD*cough) and experiments in alternative protected media formats indicate dawning awareness that their knowledge in the retail distribution channel is at risk.

Digital Rights Management (or restrictions for the cynical) is a mechanism for asserting their traditional control which has been weakened by P2P and parallel importing. This is a logical business decision but I suspect that defending back catalogs means less attention being devoted to new services. Why can't people mix tracks to accompany their video handhelds? Why don't people dub skits to satirise stupid commercials? Why don't people create new GC sequences of Doom-like spoofs?

Hopefully we will be entertained by novel and innovative forms of media rather than being bombarded with rehashed old forms.

LL

Re:Defending their back catalog ...

[seaan]

Digital Rights Management (or restrictions for the cynical) is a mechanism for asserting their traditional control which has been weakened by P2P and parallel importing.

Funny, this is how most of copyright laws have been argued. It was always meant to be this way, but now new technology X forces us to be more explicit. The same quoted reasoning was used to argue against player-piano rolls, radio, jukeboxes, TV, VCRs, and cable television. And each time, what was really going on was a power grab.

Read __Digital Copyrights__ by Jessica Litman for more information on this. For the last 100 years copyright law has essentially been written by the copyright holders, and they have vigorously screwed anyone not at the law writing convention (the movie studios got screwed in the 1914 law, because they were not well established enough to participate).

The truth is that DRM gives copyright holders far more powers than they ever had before, and they have gotten bad laws passed (DMCA) that allow them to circumvent the remaining consumer rights. You mention this being a logical decision, and I guess you are right: pay money for a law, and get new rights under the dual pretenses of it was always supposed to be this way and we need this extra power because of threatening technology.

The ironic fact is that much of the worst law buying was prevented, because of the industries that got screwed. The copyright conventions would write laws, but the wounded parties would hold-up the actual legislation for years. For example the 1976 copyright law was actually based on a copyright convention in 1949! You would have thought the copyright conventions authors would remember this, and try to write more fair and balanced laws. Has not happened yet!

The spate of bad copyright laws in recent years comes from a couple of problems. The first is that some industries are getting better at lobbying congress (the DMCA was being pretty thoroughly reworked as usual, when all of sudden enough juice was applied and it got passed almost as originally written by the copyright convention in 1995). The other is that the public's interest has not really been represented in the copyright laws. The best that happens is that congress gets a bad law, and tries to save it a bit by putting in some exceptions. The DMCA exceptions were very incomplete, and poorly thought out (some might argue this was because the DMCA was so flawed in theory, that the exceptions just could not overcome the flaws).

attempt backfires..

[DraconicFae]

The acquisition by Philips Electronics and Sony of the leading U.S.-based holder of intellectual property in the field of 'digital rights management' technology is widely seen as a way to prevent Microsoft, which has been embroiled in a legal battle with InterTrust, from grabbing control of the potentially lucrative business.

Microsoft responds by buying Philips and Sony for 453 billion, grabbing control of a different potentially lucrative business.

Philips & Sony vs Microsoft

[Cheese+Cracker]

"Philips said the companies would start an open licensing program and would encourage content providers to use the technology, which can protect all digital formats, including CDs, MP3 and DVD."

"Some analysts say Microsoft may lose if Philips and Sony are successful at promoting the InterTrust technology throughout the entertainment industry because Microsoft's technology, called "Palladium," would have a tougher time making inroads."

The above says it all. It's all about battling Microsoft's Palladium. Of what I know, Philips and Sony haven't signed up for Palladium, and since they're big time players on the entertainment hardware market, they can afford to develop their own standard without having Microsoft involved in the equation.

"All the major music labels, in particular BMG, Sony Music and Universal Music have been investing heavily in copy-proof technologies to protect their artists."

It's not so much about protecting the artists as it is about protecting their companies. The music industry has been used to having a steady monetary growth each year until P2P was made popular among the general public. Now they won't make as much profit as they used to. What the artists actually gets is peanuts compared to what the record companies gets. The artists sell all their rights to the record companies, and these companies can continue to make money on their music even after the artist has disappeared from the charts. (eg. collection albums)

Best solution I've seen so far...

[leabre]

I've seen a DRM for ebooks that I actually don't have any qualms with, and think it's the best that it can get and still be DRM, though I don't like DRM in the least...

It's called Libronix. Actually, it's primarily for religious publications... Libronix is an e-book reader and format... but I haven't seen any books non-Christian on the format... but that doesn't mean it doesn't exist... http://www.libronix.com

Here's how it works.

The system recognizes the "resources" that you supply it, usually from download or CD-ROM and then requres a license key... license key is keyed to the "activation" of the product. Basically, it says you can access these resources but not those ones...

You can copy the resources to any computer your want but only those PC that have a valid license can access them... if you're friend wants to, they can purchase a license from your copied file and view it themselves.

You can install the Librinix system on any other PC for backups and when it installs, just supply the activation confirmation supplied when originally activated and then "restore" the license key backed up and you can view it on any PC you want, that has your activation code. It doesn't restrict how many times you activate but you cannot use any license that was granted with an activation not your own.

This means you can use it on your 5 computers at home and your laptop but you can't necessarily do so on your friends PC unless you installed and used your activation and supply him your licences for each resource or collection of resources (I have 147 resources licensed to me)...

In all, it's fairly unintrusive but goes a long way against sharing unless you want your personal info distributed on the net...

That's the best (meaning least intrusive) implementation I've seen so far.

Thanks,
Leabre

Re:Best solution I've seen so far...

[leabre]

Until you copy the license / activation files along with the ebook file.

This is true. But unless that activation and a key file for all the resources you want are tied together, it won't work. You can't use someone elses key on your own activation (the install of Libronix initially requires an activation similar to MS WinXP Activation)...

Also, there are over 2000 individual resources. You'll be hard pressed to find an activation floating around with a license for each of the files (granted it can be cracked it hasn't yet)... it makes it an annoyance although subsequent upgrades don't seem to break previous versions... I do not know if it still gets verified with a network connection anything beyond the initial activation and each licensing. I have two licenses, together, that totals me 147 resources. Soon, I'll have a 3rd (to replace one of the two I already have) that will give me access to about 80 more resources.

It's really not a bad model at all. I doubt the *AA cartels will be as forgiving however, as this publisher is.

I've experienced worse. I've purchased a $115 book called "Fundamentals of Database Design" that has an ebook of itself on the CD-ROM (why I purchased it) but can't be activated (to print or view the images) because the ebook publisher is out of business and I can't return the book (I've contacted the book publisher) because the CD was already opened.

I've also purchased ebooks for Acrobat E-Book reader and had to reformat the system and too bad for me. Have to purchase them again. Can't print. Can't copy and paste. Can't lend. Can't give away. What's the use? EBooks are something I tend to avoid unless they are the MS Press CHM's, or some PDF's, and Libronix. MS E-Book reader books are generally more forgiving also, but all the Acrobat EBook Reader books I've encountered are locked down toothe and nail and I have no interest in further purchasing such books because of that.

Thanks,
Leabre

The real fallout from the MS antitrust case

[nickco3]

This about Philips and Sony deliberatly excluding MS from a business area they are interested in.

It might look like MS walked away clear from the antitrust case, but this is the real damage that was done. The trial dragged up all sorts of things MS had been up to, it has been reported widely - in the techie news, of course - but also in places that the suits read. Now world+dog knows what sort of man billg is to do business with, we all now what he done to the PC market. The vendors are just bill's box-shifters, living on razor-thin margins, while MS exceeds its own earnings expectations - during a recession. This is the reason Passport fell on it's face, this is the reason Nokia and all the others have frozen MS out of the phone market, and this is the reason that Philips and Sony are pre-empting them on DRM.

Where's the Federal-Judge-in-a-Box?

[Convergence]

The problem is that the only thing that can determine what is and isn't copyright infringment is a federal judge. Unless you can mass-manufacture a box with a federal judge in it, any system for 'digital control' will either be too permissive, or too restrictive.

I highly doubt it'll be too permissive; there are too many fair uses that could require the full decrypted output (legacy hardware, backup on more modern media, etc)

Given that, then there's a legitimate fair use need to break *ANY* encryption or other access controls on controlled media. If this is explicitly made legal, then at that point, there's no point in bothering. There'll be controlled media, but it'll be legal to sell products to break the protection. Those products will be very lucrative and sell extremely well as people won't want controlled and restricted media. (See playstation or other modchips.)

It'll be a pointless war, but a war the controllers can't win. Thats why they'll fight tooth and nail against this.

I worked FOR Intertrust

[Longing]

After the stock market collapsed - we'd gone public in October and couldn't sell until April, a month after March collapse, shattering most of our paper-millionaire dreams - lots of people started leaving for various reasons. When I started working there in the beginning of '98 there were just over 100 employees. By the time we'd gone public, we'd more than doubled, and many of the people we'd hired were blubbering idiots. I didn't interview a single person who was worth hiring, and yet somehow, people kept getting hired. Stock price plummeted, layoffs, layoffs, layoffs. Last I checked, it was just a handful of people. All of my ex-coworkers from there have moved on, willingly or not.

The technology was good, and somewhat complex, but not frighteningly so, but when I was maintaining running instances of the software it was not terribly stable, in ways that would make most sysadmins cry. Instead, I quit in Dec '00, as the developers weren't putting in the features I requested - needed! - to know if the software was even running properly. Makes me laugh now, but it wasn't that funny then.

Intertrust had been around for years, and in it's beginnings was staffed primarily by folk with PhDs in Computer Science and related fields. They had a research team that was brilliant, and Intertrust has such an impressive patent portfolio that I am surprised that they didn't manage to successfully sue Microsoft, as has been commented here in slashdot before. Several references in google, and there's a techdirt.com and a kuro5hin article around for those who are interested.

Re:I worked FOR Intertrust

[Twirlip+of+the+Mists]

Cool, your knowledge trumps mine, then. Did I get it mostly right in my post?

Re:I worked FOR Intertrust

[Longing]

Yes, that was an accurate summary of the technology, kudos.

Here are some more comments for those interested:

If you're licensed for (n) views of a piece of content, you can image your system and keep reverting back to that particular system image. However, you're forever stuck at that system image, and you can't let the software ever talk to the license server again. This is a pain for even determined persons, and if the content is really that important, the content provider can require in the rights package that the computer must talk to the license server before each use.

You can't use their software on an OS running in VMWare. That's my fault for mentioning it was possible. Sorry. :)

If a consumer's system crashes beyond repair, there are provisions to restore all of your licenses, but there are also provisions to flag people who request restores of their licenses an abnormally large number of times so that The Man can investigate.

Before Napster and rampant music theft, er, sharing (sorry, still brainwashed :), one of ITRU's primary target audiences was actually the medical field - ITRU envisioned doctors, insurance companies, and patients having patients' medical records in packages, with only authorized persons being able to access them.

That's all I can think of for now. Cheers!

Somebody you trust disagrees with you...

[Goonie]

The PGP documentation also emphasises that such a scheme is trivially vulnerable as, once the data is decrypted, the program has no actual control on where its output goes. It can be redirected to a file, to a printer, anywhere.

In principle, any similar scheme is vulnerable to the same hack - intercept the unencrypted data, transfer it to disk. Whilst I am aware that *in practice* this can be made harder, cryptography is no defence because, by definition, the data has to be encrypted somewhere between the data source and the output device. Ultimately, you might put the decryption in the DAC - but then somebody will either hack that chip to crack the encryption or, at last resort, just point a camera at the screen.

Of course, if the cryptography is broken directly, none of this is necessary, and according to an apparent authority on the matter that's quite likely:

Time and again, it's been demonstrated that any crypto system that precludes resourceful and clever people from getting at stuff they want will be subjected to scrutiny, attacked, and finally broken.

Who said that? You did.

Why the massive change of heart?

As for your views on the consumer-friendliness of Intertrust's scheme, I have to say the whole things sounds like a) a usability nightmare, and b) a chance for content providers to nickel-and-dime consumers into the never-never. For both reasons I would recommend consumers avoid it like the plague (at least until somebody hacks around it like CSS and region coding).

Re:Somebody you trust disagrees with you...

[Twirlip+of+the+Mists]

The PGP documentation also emphasises that such a scheme is trivially vulnerable...

Yes, it is, but that's basically what you would call the "analog hole." If you're watching "The Lord of the Rings" on your fancy-schmancy HD VOD set-top box, nobody can stop you from taking a photograph of the screen. Same thing with PGP; nobody can stop you from taking a picture of the screen with the cleartext on it, or copying the cleartext down, or leaving your laptop open while you go to the can. That's basically the "analog hole" and nobody cares about it. Well, some people care, but those people are out of touch with reality. Intertrust, as a rule, doesn't care about it.

Also, remember that we're not talking about computers here. We're talking about things like car stereos and TVs. It's a lot harder to run a debugger on your TV. The digital cleartext would be reasonably safe in an Intertrust world. Meaning it would be sufficiently inconvenient to get at that people would probably just buy the rights they want, and everybody's happy.

Why the massive change of heart?

Heh. I guess when you put my two statements right next to each other like that, it does look like a contradiction. Maybe I should have made it more clear that what I'm really talking about here is the hypothetical merits of the Intertrust system, not the literal strength or weakness of a specific implementation of it. Intertrust is so far away from being a reality right now that it's basically just a daydream, but an interesting one.

Besides, if the system-- not the crypto system, but the whole system-- is well-designed, the motivation to circumvent it will be drastically reduced. Instead of tons of people circumventing it because the system is inconvenient in a serious way, they'll get it down to the very few people who want to circumvent the system just to see if they can. That's something that you'll never be able to eliminate, but it'll be noise-level stuff.

Basically, the idea is to try to find the digital equivalent of the paperback book. You can copy a paperback book, but it's much easier and cheaper to just go out and buy the damn thing. Some people will insist on being perverse and copy their friend's paperback books, but that's just shrinkage and it's easy to live with.

If any DRM system could create the "digital paperback," I think Intertrust could. Hypothetically.

I have to say the whole things sounds like a) a usability nightmare

Nope. If implemented as it's designed on paper, it will actually be extremely user-friendly. I already explained how elsewhere. If you're interested, go read it.

and b) a chance for content providers to nickel-and-dime consumers into the never-never.

As I said in another message, content providers have the right to sell whatever licenses to their media that they want, but right now there's no practical way to do it. Intertrust would, if implemented, give them a way to sell rights packages that people actually want to buy, opening the whole thing up to market forces for price control. What you call "nickel-and-dime," I call "sell me what I want, and only what I want."

You say to-may-toh, I say to-mah-to...

Re:philips & sony vs. Microsoft

[Daniel+Dvorkin]

Philips and Sony both refuse to use Microsoft products whereever humanly possible.

Which is why I can go to www.sony.com and order a VAIO pre-loaded with Linux, right? Of course.

Re:system emulation?

[Twirlip+of+the+Mists]

I was wondering what keeps you from emulating a system that could play the original.

Well, that's the rub, isn't it. And that's part of what I was talking about when I said that Intertrust depends on a shitload of complex infrastructure being in place before it can work.

The key answer has to do with licensing. The Intertrust client is-- well, will be-- a licensed thing, and its inner workings will be a carefully guarded trade secret. So the first obstacle to building a, let's say, MP3 player emulator for your PC will be that you don't have access to an Intertrust client implementation, or any information about the algorithms used by it.

The client may include public-key encryption technology. (The actual implementation of the various encryption pieces of the system is flexible. You might implement complex and secure encryption for a VOD set-top box, because you've got the processing power to pull it off, while an MP3 player includes only simple encryption because it has to keep things simple to keep costs down and preserve battery life.) If so, the hard part would be violating the crypto system. They're sort of taking as read that there will be no Xing-like screwups with the Intertrust infrastructure, and while that's an assumption, I don't think it's a terribly asinine one.

Will that be a perfect defense? No, of course not. But I think it would probably make it inconvenient enough to stop casual hackers, particularly if (in Intertrust's vision) it's just so much easier and cheaper to use a licensed player for the protected media.

As the Linux DVD/DeCSS thing has demonstrated, though, no matter how easy, cheap, and convenient it is to get your hands on a licensed playback device, some people will insist on trying to do things their way even though it's against the rules. Intertrust's goal is to make things as hard as possible for those people without making things inconvenient for legitimate customers.

Most of what I just said is me talking. I'm not repeating any official Intertrust documentation here or anything. These are just educated guesses based on what I've learned about the system over the past year or so. Disclaim, disclaim.

Re:philips & sony vs. Microsoft

[Melantha_Bacchae]

An AC wrote:

> Even, if Philips and Sony do nothing with DRM,
> they prevent Microsoft from building a market
> around it and forcing those two companies to
> license it.

Even more important, InterTrust was involved in a ton of patent infringement lawsuits (DRM, trusted computing, .Net, etc.) against Microsoft (http://www.theregister.co.uk/content/7/25871.html ). Microsoft's Jim Desler described them as "This company's sole business focus is filing questionable patent lawsuits against us." Microsoft thought InterTrust was wearing down.

Along comes Philips and Sony (why am I hearing the "Godzilla has entered the bay!" line from "Godzilla 2000"?). Philips is quoting Mothra's pal Steve Jobs, and Sony seems to have suddenly understood just what "Godzilla 2000 Millennium" was all about. In one fell swoop, Microsoft goes from big bully with no penalties for its actions, to facing two giants and two armies of lawyers.

InterTrust tried to have Windows XP stopped. Philips and Sony could easily put paid to Palladium, Longhorn, and Microsoft's hopes for Millennium.

Shinoda: "The age of Millennium."
Io: "What does that mean?"
Shinoda: "A thousand year kingdom. It wants to create a home for itself. There is one flaw in its plan: Godzilla."
"Godzilla 2000 Millennium" (Japanese version)

Insurance policy

[intermodal]

Philips doesn't have anything to gain itself by supporting copy protection on CDs. However, if the US passes a draconian copy protection law, they certainly stand to gain from owning this company. I think this is more an insurance policy than a moral shift.

Re:css for CD's ?

[l1gunman]

CSS was not "cracked" in five lines of Perl code, though it can be expressed in five lines of Perl code.

It was cracked, sooner rather than later, because engineers at Xing created a frivolous implementation of a software CSS descrambler - one that could be disassembled, analyzed and reverse engineered *far* more easily than it would have been had they taken steps to encrypt and otherwise protect their code.

Once reverse engineered and exposed, it was leaked and expressed in many different languages. (My favorite is the 'C' implementation on the back of my CopyLeft t-shirt! ;-)

That type of watermark will not work

[spitzak]

You can't use watermarks to prevent playback. The problem is that it gives the cracker a simple test to see if they removed the watermark. They *will* be stripped then, there is absolutly no way to prevent it.

Watermarks would be useful if they identified the original source of the data but could not be detected by anything the consumer has access to. If copyrighted data appears in wide distribution, they can identify the original source. Prosecuting that person is probably not a good idea, but it will identify the type of hardware or software that leaked the data. And the threat of prosecution may reduce the incentive to pirate.