Slashdot Mirror
Report from the ACM DRM Workshop
Anonymous Coward writes "There's open skepticism from researchers about the ability of DRM to solve Hollywood's copy protection problems. Read Edward Felten's review here... Papers from the workshop are available online as well."
I just wish they would give it up, its only a matter of time when they come out with some type of copy protection, that someone will come up with a way of defeating it. Meanwhile we (the consumer) suffer because we get things like cd's we can't play in our computer.
If DRM could be implemented without restricting access to memory in my own computer I probably wouldn't mind it so much. The problem is that DRM cannot be implemented without this restriction. Any encrypted file will have to be decrypted, and that means that I can dump memory and get the unencrypted value. DRM will never work without taking away certain things about a computer that make it the extremely useful tool that it is.
Slashdotter are stupid and biased.
I'd be interested in knowing how many people _didn't_ appear or present papers at this workshop due to the DMCA.
As long as we can get the encoded version (on the disc) and decoded version (out the speaker or monitor) of media (music, movies) then copy protection is doomed.
While I agree with one person's comment, that this level of response won't make any difference *policy wise*, it strikes me as an important step that engineers *in the industry* have started saying quite blunty, "this won't work".
;-)
Having a million random geeks say "we can break anything you throw at us" carries little weight - the non-techies coming up with these crackpot schemes just assure themselves that *their* idea will make fools of the collected geeks of the world.
OTOH, having the very geeks PAID to design and implement these ideas say "uh, well, no, it really won't work all that well" means quite a lot more. Obviously, mr. clueless exec's first response would consist of firing any naysayers. After the 10th or 20th person to say "no, really, this won't work, it doesn't matter if you threaten to fire me", they *might* start to get the idea that they have at least a somewhat difficult goal.
This might mark a turning point. Not necessarily for the better, since I expect the next set of ideas to involve a lot of annoying-as-hell hardware-level DRM, but since even that will unavoidably fail, we have taken a step toward the road back to sanity.
I hope. The RIAA and MPAA could always try to get the death penalty for music pirates.
"Whad'ja do, man?"
"Downloaded an MP3 of Brandenberg Concerto #3"
"Uh, I thought that would have gone PD by now"
"Nah, when Disney discovered a 14th century precedent for Mickey, they had copyrights retroactively extended back for a full millenium."
"Bummer"
"Yeah. But at least I only *downloaded* a copy, I just get flogged plus the standard 20 year sentence. A buddy of mine made Mozart's 19th string quartet available on a file sharing network. Poor bastard, they dragged his wife and kids out into the street and shot them all, then at the actual hearing sentenced him to death by impalement in front of RIAA HQ."
It should be noted that the game industry has managed it. Consoles exist to some degree because console games can be made sufficiently difficult to copy that most people can't be bothered. And with some games costing upwards of $10 M to develop this couldn't happen sooner.
The current music industry is another story. They are dead. In 1970 the only way a record could be made and distributed was with a recording studio that cost thousands, perhaps millions, and expensive duplication equipment along with an expensive distribution chain. These days you can by a digital 8 track recorder and a PC for less than a grand and do it all yourself and then distribute it over the net. Mp3s and file sharing will change the economics of music and kill the RIAA but they will never kill it, with films it's different, digital technology offers the possibility of wrecking Hollywood.
Think about it for a sec, before putting up your slashdotisms.
Anyone can afford the Sharpie pen required to defeat today's protection scheme. But who will be able to afford the in-circuit emulator or logic analyzer needed to defeat tomorrow's scheme?
has nothing to do with the machinery, technologies, protocols, etc. It has everything to do with people. Even if the DRM technologies were perfected right now, people would still find a way around it. Why? Because they want to. IMHO we all need to remember that a system isn't just the hardware, software, and logical bits. The system also includes the people; people who create the hardware and software; people who manage and use it; people who create content, etc. People who give it all a purpose. I've never seen any hardware or software that has a purpose by itself; people give it that purpose, and it is reflected in the design. If someone's purpose is to crack DRM schemes, they will probably do so.
C|N>K
I had the opportunity to engage a luminary in the field in friendly discussion at a September DRM luncheon in Prague. He made it clear that despite the feelings of a vocal minority (us), copy protection will be accepted if not welcomed by the general population. Consumers in both Europe and Japan currently purchase such content with minimal complaint, and it seems even more likely in field testing that America will actually desire the copy protection if they are told it will lead to better sound and picture quality.
Granted, he was working within the industry, but the devastating piracy figures in a recent poll conducted among computer users made it clear that DRM will save the industry a lot of money. The poll, performed by blind surveying at three recent trade shows across the U.S., showed a staggering amount of pirated content; broken down by operating system of preference (to see what kind of effect DeCSS has had) apparently Windows users 'only' pirate about a quarter of their movie content, against Linux users' 67% and Macintosh 30%.
In the wake of this information, and the lackluster performance of the music industry in recent years, it is little wonder that they're adopting a 'Chicken Little' approach -- for them, the sky truly is falling. Hopefully, a reasonable compromise between our rights to do with our hardware as we will and the rights of copyright holders to be renumerated for their efforts will be struck; however, I am assured that if one will give, it will be the continuance of Open Source media decoders.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
"I'm glad that researchers are finally speaking up about this."
But its already too late for that. DRM is here now and being rolled out. Its also readily apparent that both Microsoft and Big Media have bet the farm on DRM.
I wouldn't bet on this changing anything, in fact with the current Orwellian government which we just elected, I wouldn't be surprised if such discussions become outlawed.
If you wanna get rich, you know that payback is a bitch
Nonsense. If Hollywood really can't protect it's works the film industry will die. It's an economic question. A reasonably large budgeted feature film costs $100 M to make and involves at a very rough estimate around 100 person years of labour. If the money cannot be recouped reasonably it's all over. No more "Good Burger", "Dude, Where's My Car", "The Cable Guy"... The world would not come to a hault if the $100,000,000.00 (it seems bigger when you type it out) movie became an impossble business decision. Yeah, a lot of actors, cameramen, and production assistants would lose their jobs, but hey, they can all go back to waiting tables, doing a job that society still considers productive enough to merit pay. We don't need to protect industries that have served their purpose in the past, but are now no longer worth what they used to be.
How typical of Microsoft.
.pdf (somewhat more Linux friendly) and the .doc (save the
paper from the Law paper) .pdf
Notice that everyone else uses
two representatives of MS posted
as if they were accentuating the fact that they were from Microsoft and too
good for
Actually, I think it is possible to create a DRM-Happy world. Just put PKI on everything and encrypt everything with it. Use decently sized keys, etc. If you manage figure out how to get the private key out of a device, the bad guys just need to refuse to re-certify that device and give it a new private key (all of these devices will need some kind of network connection. Could be a big boon to pervasive wifi...)
Of course, all of the information will be able to be 'downgraded' to old formats by redigitizing the analog signal. But with legislation like SSSCA/CDPTPA (or whatever) anything that can do that is illegal. illegal doesn't mean inaccessible, but it's probably good enough for the RIAA/MPAA/Microsoft.
It won't be perfict, but you can't have perfectly secure communication either (what with keyboard sniffers and the like). That doesn't mean you can't get very, very close.
autopr0n is like, down and stuff.
You seem to be assuming that, a priori, the only movies made require Hollywood-level expense and infrastructure... Not so, with the advent of digital video and prosumer level video editing decks. (Is a $1000 video editing card cheap? A $3000 dv cam? $2000 a/v raid? hell no. but they're a damn sight cheaper than the big-studio level stuff.) I think the coming digital age will herald the end of the Hollywood blockbuster and the dawn of a new era of smaller independent filmmaking. Because now not only the tool but the distribution media are in place to make a good movie for less than 50 grand. If you can sell digital downloads of your film for $5 and get 10,000(*) people to look at it, you've broken even. Coupled with a strengthening of film festivals and online movie-consumer websites (think the Amazon book recommendation system applied to indie films), this could turn filmmaking from a hundreds-of-people-and-millions-of-dollars effort to a tens-of-people-and-thousands-of-dollars effort with a real chance of being a profitable enterprise... I think that this would allow a purer artistic vision to shine through in most of the resulting films because with lower financial risk and fewer participants there would be less of a "design by commitee" aspect.
(*)That seems like a lot of folks, but given the scale factor of the internet... (How many of us have laughed at one point or another at the "All Your Base" or "Gonads and Strife" clips?)
News for Geeks in Austin, TX
1) Politicians only care about rich people because you need a lot of money to get elected.
2) The mass transit analogy doesn't hold because mass transit costs a fortune to build and operate, while copy protection can be broken by someone who's still living in his parents basement.
3) The disease isn't capitalism, the disease is campaign finance. It can be cured.
Diplomacy is the art of saying, "Nice doggy" until you find a rock.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
How many people actually pirated these movies Vs those who watched/bought them. Harry Potty 2 was sold out before opening night, even though the plot was quite weak in comparison to the first. I may pirate HP3 before seeing it, just to avoid shelling out for a yawner.
Meanwhilst, both of the new Star Wars movies were pretty cool (ignoring JarJar)... Yoda with a lightsaber in SW2 kicked butt. Guess which one I'm more likely to pay to see.
Good movies=good profit. If a movie is worth seeing on the big screen and DVD, then it will sell. I know a lot of consistant pirates who still have very large DVD collections, albeit of very good movies... hell, some of them even get the DVD for stuff they've already pirated.
Me, for example. I find mp3s from musicians I've never heard of (sometimes I have, doesn't matter), I like them, I go find & buy their CDs. Lather, rinse, repeat.
... I rarely listen to the radio any more ... )
Damn free music is costing me a fortune!
( Funny thing I've noticed tho
I see three specific areas of work that are key adoption blockers today and ripe for further academic and commercial research. The lack of widely-available trustworthy computing devices, robust trust management engines and a general-purpose rights expression/authorization language all hamper industrial development and deployment of DRM systems for digital content.
Translation:
1: For DRM to work, everyone in the content must be running a secure OS (presumably Windows) on specially designed hardware AND
2: A system in place on the client (presumably the .NET CLR trust management engine) must authenticate every executable on the client before execution AND
3: All content providers must use a language (presumably MS's XRML - eXtensible Rights Management Language) to 'encode' documents and executables for number 2, above.
Basically, MS is saying: if you want DRM, OSS and 'general purpose' computing devices must go away. And of course, you must serve your media using Windows.NET Media Server.
(Score:1, Redundant)
I'm sorry. Usually I just let moderation slide by like the stench from a dumpster. But sometimes the smell is just so offensive, I have to take issue. The whole freaking STORY is REDUNDANT. Moderation is a privilege (Ask me, I lost it in the great bitchslapping for moderating one of the editors), not something you forward your opinions with. The article is saying something WE ALL ALREADY KNOW, namely, that DRM won't work. To moderate someone redundant for pointing this out is ASININE. (Look that one up, broaden your vocabulary. Do it online though so you don't get drool on the big book)
Ahh, I feel better now. I hope you have some mod points left so you can mod this post accordingly.
Fascism should more properly be called corporatism, since it is the merger of state and corporate power.
DRM will only stop those people that were purchasing the CD to begin with. DRM that stops zero people is useless.
Until some Linux guy puts a proxy between the player and the internet, captures the files en route, and then cracks the proprietary encryption.
I agree the fundamental problem here is lack of imagination on the part of the **IA members, but I think the real solution will be in the form of making the content compelling enough, and cheap enough, that there'll be no motivation to steal it. Which ultimately means settling for big profits instead of obscene ones.
The point of the original article seems to be that any DRM, whether in hardware, software, purhased laws, or all three, is doomed to failure.
You mean like DIVX? We all know how well that worked
Let see here....
1. Produce multi-million dollar movies and distribute them
2. ???
3. No profit due to Step 2
Revise:
1. Produce multi-million dollar movies and distribute them DRM
2. ???
3. NO PROFIT! Who-hoo!
Sounds like the same-ol'-same-ol' to me....
If DRM worked they wouldn't need laws to protect it. You wouldn't need laws to make it illigal to break the protection because you wouldn't be able to break it.
Hollywood knows it doesn't work, that's why they need the laws.
Darwin O'Connor
Both papers are very sceptical of DRM.
Microsoft may be playing the DRM game for now, but I'm sure it's just a temporary thing... if they convince Hollywood and the record studios that Windows Media Player is the "only secure" format, they will potentially gain a short term advantage over the competition. And in this industry, a short term advantage can be leveraged into a long term industry lead... Profit !
Yeah, in the long run all the schemes will be broken and Microsoft knows it, but they're happy to play the game for now.
Torrey Hoffman (Azog)
"HTML needs a rant tag" - Alan Cox
... having a conversation with a pretty sharp friend of mine at school about all this crap about four years ago. It seemed to me as though all of these efforts to create copy-protection (the old name for DRM) were totally useless because you /can't/ protect the data. There's always a way around it. This is not encryption people. This is like saying "I want to give you something and not give you something at the same time." How the hell do you do that? You don't, that's how.
/somewhere/ ... so the best thing any programmers can do is just try to hide it through obfuscation. Since there is no REAL way to actually protect the data, instead we're going to be deluged with hare-brained schemes that just make it harder and harder for us to do what we want with our data.
... sure that might work, hypothetically. But I hope and pray that the public won't take it.
Consider watermarking. If I know there's a watermark in the data, I can fiddle it until I understand the watermark and remove it. Like other people have said, any decryption key has to be in memory
So, DRM == copy protection. Anyone else remember where copy-protection went with games and everything for the first 15 years of commercial software? More and more annoying, until finally the companies gave up. Same thing will happen with DRM unless the antagonists can learn from history.
As far as legislation, and "secure" platforms go
simon
home page
Two problems:
1. This stops working when all new components have DRM built into them.
But let's say you save your old equipment and can access the data, then:
2. Just because *you* may be able to come up with a solution, it doesn't mean that the problem goes away. The fact is, if this allows content providers to hinder the ability of law abiding citizens to exercise their fair use rights, then that's a Bad Thing.
Think of DRM circumvention as if it were spam blocking. Which would be better, a) you block your incoming spam, or b) there is no more spam. From your perspective, option a is fine, but spammers don't care. As long as option b doesn't happen, they are happy.
Content providers don't care if a few techies manage to watch their DVDs on Linux boxes or listen to protected music on unapproved devices. If most people are subjected to the imposed constraints, then they're happy. Just because you can avoid the problem doesn't mean the problem isn't there.
We shouldn't focus solely on avoiding the problems, we should be working on making the problems go away (e.g., supporting legislation that returns our fair use rights).
So, you're saying DRM won't stop the pirates, it only inconviences and takes away fair use rights from legitimate customers, *and* the record companies know this.
What we really need are laws to make that sort of thing illegal, instead of the laws that actually legalize it. The whole thing is backwards.
Yes, they have made it clear that they will go after component manufacturers, but there are a few problems. First, industry standards are non-DRM. For a sound card manufacturer to be Dolby compliant, I don't know how they will accomplish this without crippling hardware. Second, component hardware manufacturers have been a lot less willing than Intel. Assuming that they will ALL go along is questionable - and your link didn't have a firm commitment from Creative.
I do think that it's a long way from assuming this is dead. I don't think it's at all clear, yet, that they will get output-level protection - though they do want it.
-Looking for a job as a materials chemist or multivariat
Your IP has been logged, the FBI will arrive shortly. Quickly place a co-worker behind your computer.
Quoth Larne: "Until some Linux guy puts a proxy between the player and the internet, captures the files en route, and then cracks the proprietary encryption."
Ah, the reason that proprietary encryption systems have been cracked in the past has been that companies weren't trying very hard to encrypt the data. I see their attempts as token efforts, really. I think if they really, truly made an effort, they'd manage a system that would be very hard to crack. I'm not saying they should use RSA with really huge keys, but surely they can do better than they have in the past. I think you're a little too optimistic about the chances of the home user Vs. a properly funded research effort with an academic staff.
In my dream system, each system would be given a public and private key at the factory. When the system connected up to the provider, it would transmit its public key. The provider would encrypt for that key, and the viewer would decrypt ONLY within its own memory space.
You could make the case that some goober is going to strip the cable to the LCD, and try to capture the signal that way, but they can use a proprietary video system, limiting the usefulness of such a thing. And, of course, if it was me, I'd booby-trap the system so that it basically ate itself if a user tried to crack it open. A few dozen volts in a spike across the motherboard, for instance. But that's just me.
Quoth Larne: "I agree the fundamental problem here is lack of imagination on the part of the **IA members, but I think the real solution will be in the form of making the content compelling enough, and cheap enough, that there'll be no motivation to steal it. Which ultimately means settling for big profits instead of obscene ones."
Jeez, I keep hearing this, and man, you've got to give it up. Content companies don't want to hear it. They want the obscene profits, and they're willing to destroy YOUR PC to make that happen. My idea is to give them a more palatable, more profitable alternative, let them move away from PCs entirely, and allow all the little children to play nice together. Any solution which requires that content companies actually charge a fair price for their goods is doomed to failure. They're never going to agree to it. Think about it.
Quoth Larne: "The point of the original article seems to be that any DRM, whether in hardware, software, purhased laws, or all three, is doomed to failure."
Which I disagree with. DRM as it is currently being considered is of course doomed because it interferes with what people want to do and they're going to rebel. But, done more sensibly, it doesn't have to be that way. Look at the cable television market. I have premium cable, right? And, I have a digital cable box under my TV. Thus, I have access to like, fifty movie channels and so on and so forth, and my neighbor can't see them even if he taps my cable because he doesn't have the console. So it doesn't matter if he taps it or not.
Descramblers do exist, but cable companies regularly short them out with brief bursts over the line, and they have ways of detecting them and sending out an angry "cable guy".
Anyway, most people like the service as-is, and get the set-top box. It's cheap, it's no hassle, and it works great.
My point is, if the technology is as streamlined and unobtrusive as the cable set-top box, everyone will have one and no one will bother trying to defeat the DRM in it. It just won't be worth it. The system itself will be cheap enough that everyone will have a copy, and that'll be that. You'll be able to get content subscriptions of some sort, and there'll be pay per view and other special purchases -- kinda like cable.
I just think everyone's looking at this situation in the wrong way.
Farewell! It's been a fine buncha years!