Buzzword du Jour: DRM

mattmcal writes "Though the RSA Conference in San Francisco and Bill Gates' keynote were expected to stir up several headlines on 'security' today, the news coming from 3GSM in Cannes seemed to deliver more tangible results. From Qualcomm's new DRM chipsets to NDS' mobile VideoGuard, several interesting 'DRM (digital rights management)' announcements raise the bar for distribution-shy media companies who may have increasing opportunities for driving content to mobile devices. But Intel's Barrett knows this is only the beginning of a complicated standards problem."

Re:DRM + open source

[packeteer]

Oh no, companies will still do research here. There is far too much money to be made doing research in the USA. Remember that scientific research can be patented and if its not banned itll be patented. Tonight i watched a show on PBS about cancer and how a company was able to patent a gene. Thats right they patented a gene. They didn't create the gene. Its been around as long as humans have been. But they have the patent on it. Now whenever anyone wants to do anything involving that gene (which is a genetic cause of breast cancer) they get paid. Remember in this country its not the researchers that are losing its the citizens.

Re:Please, let's call it what it is...

[pilgrim23]

Does anyone here remember the days of the Apple II, Copy protected 5.25 floppy disks, and all the various hardware and software tools developed to circumvent this silliness? Rememeber magazines like "The Computist" with articles describing how to sector edit? The (still) valid discussion that took place back then was: "I did not purchase the physical media, I licensed the software, and that license explicitly allows for backups". 20 years later and we are now attempting to make the equivelent of the COPYCAT Board, or the Central Point Options Card illegal. In other words: "Here we go again!" I seem to rememeber from history class that way back in the Middle ages the Church had a lock-down on clerks and copyists till this feller named Gutenberg came along.

Re:It's fundamentally silly

[Convergence]

Um. Thats the idea. I don't know if the CPU yet encrypts the data bus, but it wouldn't surprise me.

Go back to first principals. The schemes roughly work by: the 'untrusted system' sets a block of memory consisting of a program. It then tells the control chip to 'authenticate' that block. The control chip runs a cryptographic hash over it and only if it matches a signature will it relinquish additional encryption keys to the software in that block. It can also faithfully prove to that controlled box that the chip correctly implements this control scheme.

There's usually a bunch of other stuff for how to get 'privacy' --- by not having to disclose your mobo's public key to that controlled box, but thats about it. The motherboard chipset protects the block from 'unauthorized overwriting' from DMA in hardware or the rest of the OS.

This means that you, I, microsoft, and anyone can write an encrypted application and a boot-loader for it, distribute it to anyone and the machine will only load it *and* relinquish the decryption keys if and when it is unmodified. In an offline setting, this sort of remote control can be subverted. In any online setting, as soon as they detect a broken key, they can blacklist it.

Overall, this technology embodies what is best about well-designed ssytems. General, powerful, flexible and state of the art. Its not a joke like CSS. (which was a bad implementation of a good system design) It isn't evil per-se, but it is subject to great potential evil.

This digital control technology doesn't fully solve the age-old question of how does a distributed system trust a remote untrustable host, but it puts up a pretty tough bar to cross. Each system must obtain the secret keys in their computer individually. Any attack requireing widespread subversion or where the benefits aren't worth the hardwar hacking won't be worth it. Users can choose to leave the system, but they cannot easily subvert it.

The problem is that there are distributed systems that cannot be practically avoided. Thus the 'you have control over their machine also has a reciprocal: They have control over your machine.'

Between equitable individuals playing an online P2P game, thats not a problem. In an inequitable relationship, say between a person and a large software company or an abusive government, this sort of control is ripe for abuse.