Slashdot Mirror
DRM and Threat Analysis
miladus writes "A timely and concise intervention by Ed Felten
on the topic of DRM and the models used (or not used) to represent the
threats to defeat. In brief, 2 models, one based on the potential of
large scale redistribution of copyrighted files implying defeat of DRM
if one user succeeds in bringing file inquestion to P2P network; the
other, refers to the majority of users who would casually copy files.
The implications of the schematization are most interesting because
they explain some the logic behind the often confused and confusing
rhetoric of DRM advocates and the necessity for rational grounding for
technologies."
It would be far better to approach this problem on a social rather than a technical security basis.
I would perhaps like to see a model where you license a song for life. Something along the lines of paying $1.50 for a song and you get a digital certificate that licences you to own the song, no matter where you got it from.
That would mean that I could get the song quickly from my buddy down the road, and while that is downloading via the loacal bandwidth I could log on to BMI, Sony or whoever (The RIAA homepage!?!?), and pay my royalties.
No wait, I could just log on to the artist's homepage and pay the $.50 directly to him/her/them!!!
Ok, but palladium/tcpa is meant to be the *last* step in conquering the users PC in terms of copy protection. No way out. It is designed for that. It is not another bad block on your CD/DVD or anything like that. It's below all other stuff.
I don't think your argument is right, look at the traditional movie/audio market, it seems that they got crazy really after they discovered napster & co.
There's another threat model, it's the immortal music. The RIAA is very upset that CD's last so much longer than LPs. They've tried to block the resale of used CDs. With DRM, they can go back to the old mortal music model. P2P is just the scape goat. Funny how much the casual model sounds like fair use.
Until the time arrives when DRM will be built" into every speaker you buy and the construction of paper sheets with attached magnets and coils falls under the DMCA or EU-DMCA or whatever.
Sounds silly?
Intel is on the way to integrate DRM into monitors so that you can't intercept the signal and record it (e.g. a movie). It's called HDCP -
High-bandwidth Digital Content Protection.
Look here:
http://www.digital-cp.com/
DRM is impossible partially because protection against only the casual-copying model implies that someone can copy the contents and thereby uploding it onto a P2P network, burn it on a CD for a friend or sell burnt CD's meaning we also get napterization (why did Felton fail to mention this?) Also there's the fact that the antinapsterization bulletproof protection is both digitally impossible (reverse engineering is always possible (although it can be made very hard through hardware)) and analoguosly impossible (there's always hi-fi capture.) I might not be able to copy a file but I can always just re-record it.
The only possible DRM - that I can imagine - is burying storageless chips deep into our brains with builtin credit card reader that streams contents encrypted from a sattelite server on demand. That thought however is awful.
The only thing that might help is: public-education (the copyright owner has rights too you know) and/or buisiniss remodelling. Believe it or not but developing software takes millions of $ (even Windows) and record labels are not pure evil (although sometimes not far from it) and serve for the artist and the public as an important middleman.
Shouldn't software developers and artists get paid like everybody in society, they do produce valuable products (even - to some degree - Windows.)
Look a monkey!
Sad but true. It only works in a monopoly. This is great news for Tax Cut. Check out who does better next year. Remember when Ashton Tate did the anti-copy stuff on Framework? Remember when Rainbow Dongles were all the rage? It's the quickest way to get bypassed in the marketplace. How is selling encumbered products at higher prices in a competive marketplace good business sence.
It may work in a monopoly like cable, but not where there are alternatives. I've dropped all subscription TV. I have alternatives on the internet. It's a great promotion Microsoft is giving the Open Source movement with the software subscription model. They couldn't have done a better thing to promote free software. They are driving developers to the new wide open market to promote their wares on Linux. The customers are there looking for the applications.
The music industry is doing great things for Inde Bands who otherwise would never get attention, but get lost in the sea of CD's.
I love a free market where the consumer is always right! Great inovations happen!
The truth shall set you free!
Ed Felten has a valid point about the need to choose a threat model, and to stick to that choice.
However, he has not convinced me that the two threat models that he describes are the only ones, or indeed separate threat models at all.
I would view p2p networks as a means to achieving "widespread, but small-scale and unorganized, copying," and not as a separate threat model at all.
I'm also not clear about whom he's addressing: Most DRM advocates are aware of the fact that today's systems will not stop a determined adversary, and only mildly deter a casual user.
Ubi dubium ibi libertas: Where there is doubt, there is freedom.
From the viewpoint of someone who created the trust model for the MPEG IPMP framework, Dr. Felten comments are correct though he does not address the fundamental failure of DRM. The *AA of the world are trying to use technology to solve what is fundamentally social and economic failings.
As for DRM technologies, no technology can withstand attack indefinitely, Palladium not withstanding. The question really boils down to who is attacking, how much time are they willing to spend on it and what resources they have access to.
If the answer to the above question is professionals with lots of time and resources, any DRM system will be cracked.
DRM is very simple. If there is a file on your machine that others can read and write but you can not, then someone else owns your machine. If all machines are owned in this manner and the law supports it, the law has violated the first amendment gaurntee of free press. If I can't make one of these or an anyonymous handbill equivalent with my own equipment the way I chose, then there is no free press. That is a much greater threat than the colapse of the pulp music sheet industry and it's illegitimate vinyl and radio broadcasting heirs.
DRM is the largest threat to the free flow of information ever. It has the ability to undo not just the digital revolution, but the benifits of mechinized paper publication as well. Once books were chained to their shelves in libraries and only a privaledged few could look at them. DRM chains are stronger than any steel.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
...it reminds me of my younger self as C64 owner and copyright infringer.
Back then, many game producers used DRM in different ways. There was no internet, I had very little money, no access to BBS'es and copying a single game took several minutes swapping disks. Yet I knew a couple of guys who could lend me bunches of new games for copying, DRM cracked and all. Everyone I knew had boxes stuffed with illegal games and perhaps one or two originals tops. Darknet indeed.
If that was the state of things back then, how can we reasonably expect that DRM will really limit copying today? I think we'll fare better informing people about the consequences of copyright infringement - both to themselves, but more importantly to the artists. I'd like an easy technological solution, but we don't have it, and we're not going to.
Any sufficiently advanced libertarian utopia is indistinguishable from government.
"Justice" Scalia has explained that you are wrong. You see, "Most of the rights that you enjoy go way beyond what the Constitution requires." But don't worry; he promises to protect the constitutional minimum. I feel safer already.
I couldn't bother going to the link, I'll just download it off kazaa later ;)
Quite possible and 100% legitimate. The article ends with "This work is licensed under a Creative Commons License." That's practicly a request to post it on kazaa.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
The people who pay are the people who use the networks - and by definition are the networks - they pay by buying a computer and internet access for it. To clarify: the networks are paid for only by the bandwidth, CPU time and disk space of the participating peers.
In any properly designed peer-to-peer system, that is the only way the networks exist - anything centralised, anything at all, will (as p2p networks become progressively more vilified) be a target for a DoS attack (legal or technical) and a source of reliability issues.
Here's a notion: The only sane way to develop a robust P2P network is the open source paradigm (indeed, even the related but more idealogically minded free software paradigm, whose views ring strongly with those of typical p2p networks), so that there is no central point of control for the underlying program code.
Example: Freenet.
Alternatively, instead of doing it right, you can try the more money-minded approach, which doesn't ultimately care much whether the network survives, which can be neatly summed up thus:
- Write p2p program. (Doesn't matter how bad as long as it works okay.)
- Get spyware purveyors to pay you to distribute p2p program bundled with oodles of spyware, typically so that they can get marketeers and more unscrupulous people to pay them for data on clueless lusers of your software.
- Profit!
(No ??? step here, either.)Example: Kazaa. (Obviously.)
Absolute and total HORSESHIT. TCPA is the foundation for a Palladium-like system... it is the basis for removing the ownership of a PC from the purchaser and giving it to someone else. Granted, TCPA alone is not DRM... but without a platform lockdown like TCPA... there is no real DRM.
I strongly suspect that you're trolling, but that's okay, I'll bite. Sort of.
You're wrong. Go read the TCPA 1.1 specification, then spend some time thinking about how it would be used for implemantation of DRM. The problem is, as I said, that TCPA doesn't provide any support for "platform lockdown". It provices a set of services that are at the beck and call of the OS and applications. The closest it gets to providing a "lockdown" is that an OS can ask it to create and store keys and then make those keys inaccessible to any other OS or system configuration. However, this is a configurable option, and the owner of the machine gets to decide if the OS's request for exclusivity is to be honored or not. TCPA is designed to provide a set of services that are needed by users, and is under the user's control, not vice versa.
If you want some good, and very authoritative, comments on the matter, check out David Safford's paper on TCPA misinformation.
Now, while it's certainly possible to define additional functionality that *would* provide support for stronger DRM, that would be something other than TCPA, and *that* would be something worth fighting. Fearing TCPA because Palladium could be constructed is like fearing electricity because an electric chair could be built.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.