Slashdot Mirror
MPAA Developing Digital Fingerprinting Technology
Danathar writes "The MPAA is looking to use digital fingerprinting technologies that in conjunction with legislation will enable and force ISPs to look for network traffic that matches the signatures. " From the article: " Once completed, Philips' technology--along with related tools from other companies--could be a powerful weapon in Hollywood's increasingly aggressive attempts to choke off the flood of films being traded online."
And ISPs are going to search for fingerprints in encrypted downloads how exactly?
It would be relatively easy for the next generation of P2P applications to add very basic encryption. Possibly based on a captcha (just a regular zip file encrypted against the random letters contained in a gif).
Or will the MPAA's next trick be to purchase legislation banning encryption.
Trying to make bits uncopyable is like trying to make water not wet. -- Bruce Schneier
As long as you can get it onto a computer, people are going to figure out how to make it copy it.
Just take the new napster mess where everybody is loading up on free music right now:
Napster/Winamp hack to get unprotected free music
that some of the scariest 1984ish stuff would be coming out of the fricking entertainment industry fer chrissakes.
Is it fascism yet?
Even if they managed to get the fingerprinting to work, it is dead easy to circumvent.
Instead of splitting a torrent they way it is done today, just put every N bytes in the first block etc.
Another approach can be to just encrypt each transmission from a peer to another peer with a key unique for that particular connection. XOR will work just fine. (Unless they extract the key of course, but that will require more sophisticated sniffing software).
Imagine the sheer amount of data that has to be processed...
It is sort of amusing that this technology is being developed by Philips, makers of the Philips DVP-642, probably the most pirate friendly DVD player on the market today.
Personally, I don't trade mp3's. But considering the extremist and blatantly arrogant posture that the **AA has adopted leaves me feeling no pity for any losses (real or imagined) that they may have suffered. With this in mind, I refuse to purchase any music or videos anymore... not that anything that gets released is worth a shit (let alone $20) anyway.
If they want to assume an anti-consumer posture, then they can just all go out of business. Screw em.
When all else fails, run.
We have 1TB disks coming up soon.
I don't know how many terrabytes of released music exist in the world, but I imagine it's a finite number.
We'll probably have 100TB disks, and then 10,000 TB cubes at some point in the future.
Perhaps all the worlds music will fit in the space of a cubic centimeter.
You visit your friend's house, put your cube-disk next to his cube-disk, hit "copy", and then walk home with your copy of the entire world's music.
Really, there's not a whole friggin' lot you can do about that.
Perhaps the possesion of world-music cube-disks will be the next marijuana possesion.
this to me is the least offensive method of combatting piracy
Yes, until you get your new bill from your ISP, which includes an extra $50.00 per month so that they can afford to comply with the law.
See, I'm pretty sure that the MPAA won't be paying the ISP to implement this technology, to purchase the additional equipment to use it, and to maintain it.
First I read this story today, and I swear I still want my 5 minutes back from wasting my time reading it. Then comes along this story about the MPAA developing "fingerprinting" technology. I suppose that when someone rips a DVD using DVDShrink or DVDDecryptor or any number of other programs that said program is going to copy said fingerprint wholly intact into the resulting file even if it compresses said file. Then, after I convert it to DivX format, I'm sure the fingerprint is still going to be intact. Then after I transfer it with (Insert any of BitTorrent, WinMX, IRC, FTP, etc, etc, etc, etc) the fingerprint is going to be sent intact without using a fragmented TCP packet. Assuming all this to be true, my ISP is supposed to then pick out this needle-sized fingerprint in a galactic-sized haystick.
This is pure science fiction.
I'm a big tall mofo.
Don't think so. The DMCA is there to protect media rights holders, not the common man.
... oh, wait, all privacy laws have been stripped away from US citizens since 9/11, so I guess that won't work either.
You can't, say, have a encrypted hard disk, then sue the MPAA for decrypting it when they arrest you for movie trading, based on the DMCA.
You might have a case with regards to privacy
Face it America: You're screwed.
IANAL and IRECTAL, but why do ISPs have to then shoulder the responsibility of policing all this traffic and enforcing this proposed law? I don't think it could even be accomplished, considering how many ISPs are out there, and how hard it would be to make them all put in the same effort and follow the same procedures. It seems to me the only way to force such an internet-wide filtering scheme would be to pass all the data through a government server (or servers), and that's not going to happen considering how everyones so used to things being the way they are now, infrastructure-wise.
The MPAA/RIAA need to realize that these measures they keep proposing time and again are futile. Even if your ISP started policing your traffic, you could switch to a smaller ISP that's being more lax in its enforcement and is "below the radar".
And how does the MPAA propose getting these digital fingerprints onto ALL media? And how long would it take for someone to figure out how to strip the fingerprint from the file?
When it comes down to it, *any* DRM in audio files is defeatable by playing it back on a high quality speaker and re-recording it with a high quality recorder. A similar set-up could be used (with more difficulty) for video I suppose as well.
The MPAA/RIAA need to change their tactics in a big way and figure out how they can give the market what they want at a price they want, so that everyone who's downloading movies and music today decides that the MPAA/RIAA's new way is easier, and downloading isn't worth the hassle. I think one of the big things they're releasing is that people will pay more for special features and other things that add value to their product which are simply unavailable online.
The MPAA/RIAA's realization will come, I just don't know how many more years it will take and how many eras we need to go through (Usenet era, Napster era, Kazaa era, BitTorrent era) before they realize that people out there are innovative enough to come up with a new filesharing means, always. Maybe the current crop of CEOs and managers need to be gone before that will ever happen.
Until someone invents something like ssl... oh...
^^
This is nothing more than an automated private-sector wiretap. Bad thing. I don't want the FBI monitoring private communications without proper authorization and judicial oversight, and I sure as hell don't want the likes of the RIAA, MPAA or any other AA looking at my personal communications and deciding whether or not to sue me for whatever they think they've found. The RIAA is not a law enforcement arm of the government, neither is my ISP ... and I don't want either of them to become such.
It's generally considered wrong when private individuals or organizations take the law into their own hands (see: vigilante justice.) It's even more dangerous when the organization in question is as heavily-bankrolled and as morally bankrupt as our two favorite "entertainment industry trade groups". No thanks. They can keep their grubby little lawyer fingers out of my data stream.
The higher the technology, the sharper that two-edged sword.
We have implemented a box at work that monitors all traffic for 'stuff', and its slowed us down significantly. Regardless if its Internet web traffic or simple SQL queries on internal servers.
Having this stuff mandated on our isp will just about kill our connection. ( and raise costs ) Between this and spam it will drive people off line ( which might be their ultimate goalanyway, cant download if you arent on the 'pirate-net' )
---- Booth was a patriot ----
Yes, they can.
The DMCA makes a whole lot of statements about copyright circumvention. But not much of anything about encryption. This is why CSS, with its laughably weak encryption, can be used, and anyone who pokes at the gaping goatse vulnerability-hole is then liable for horrible, horrible damages.
If you're not using encryption to protect your copyright---and if you're not selling all those "vacation" JPEGs and school papers, it's damn hard to show copyright damages---the DMCA is mute on this issue.
It is designed to protect copyright holders, not to protect anyone who uses encryption.
--grendel drago
Laws do not persuade just because they threaten. --Seneca
I would think a way to go would be to use some low-grade form of encryption using random keys that aren't known to the end-user. Something that would be trivial to break on a user's home system, but would be impractical for the ISP to process on a large-scale.
Is this feasable, or would it just turn into an arms-race of "who has the bigger processor"?
for an ISP to deal with the pressure behind the situation: "If we can't read it, we won't pass it across our portion of the Internet."
All too do-able in the hyper-paranoid post 9/11 US of A...
Afraid yet?
Take the 90-Day Challenge! http://rwmurker.bodybyvi.com/
The stupid part is that even trivial encoding changes (zip) much less encryption (DES, AES, PKC) render this useless. The way around that is actually doing application layer filtering on data, and I with them luck with that. Besides encryption still getting around this in many cases, the CPU time required to do near-real-time layer 7 processing of ALL of the packets going through an ISP is obscene. (remember this type of filtering requires persistence of those packets for a period of time in order to reconstruct the resulting media, because the few bytes in a single IP frame probably isn't enough to know if it's media). Such investment would drive every ISP except Microsoft bankrupt.
What the MPAA is really pursuing right now is watermarking (mentioned later in the article). They have proposed altering each image that goes to different movie theaters or DVDs (especially previews that go to the MP Academy), etc. By watermarking the image against a master (of 'neutral' color, it is possible to determine which copy it came from even if it has been re-encoded.
The alteration is of certain items in the image. It is not on the magnitude of a least-significant bit (which different encoding schemes would then garble). What these watermarking systems do is change it by a number of bits, and do so in a recognizable fashion. In a scene, this might change brightness of the clouds, or the brown of the ground, etc. The net is that a distinct watermark can be created on the image. By altering different items in different films (and at different times), the net result is indistinguishable to the watcher; yet when the 'master' is known to the MPAA, the patterns can be distinguished to determine the source of a pirated copy of a movie or song (regardless of how it might have been re-encoded - unless it's at REALLY low quality)
Wow, is this a kind of an april's fool or something? I don't even think I need to comment much on the infeasibility of this...
Next thing you know, the RIAA will be solving NP-complete problems in constant time or something...
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
Frankly, I don't want to have to deal with any kind of "dispute process" or take the risk that a failure of that process might land me in court. File-sharing of music and movies isn't my problem: it's not some significant social issue that we all need to be concerned about. Racism ... sure. Health care ... certainly. Undue corporate influence in Congress ... absolutely. But ... Music? Movies? Why are we even considering subverting our national communications system to serve the needs of a few large corporations? Most of whom, I might add, are foreign interests.
... some organisms survive change, and other's don't. Let the RIAA and the MPAA and all their member corporations deal with the pace of progress like every other adaptable company that survived the advent of the Internet. Gee ... the public Internet makes "rampant piracy" possible? You're losing billions? THAT'S JUST TOO GOD DAMN BAD. The world changed around you, and in any event does not exist solely for your enrichment. Deal with it.
This is really starting to get out of hand. I mean, the entertainment industry is not some great cultural treasure that must be preserved at all costs (the people that run it think so, but they are mistaken.) This is an economic matter, no more and no less. I didn't shed a tear when Westinghouse went belly up, I didn't lose any sleep when K-Mart filed for bankruptcy
The higher the technology, the sharper that two-edged sword.
Either that's really fucking awesome, or you just figured out a way to make ten thousand Slashdotters all get baby powder on themselves.
I suppose I'll go acquire some baby powder and find out.
Either way, kudos to you.
--grendel drago
Laws do not persuade just because they threaten. --Seneca
Expect "digital fingerprint remover" software to appear in the digital 'black market' as soon as this thingy is implemented.
:( :(
Then expect conversations like this to appear in bash:
[Joe]The MPAA is knocking at my house!
[1337-0]Hahahahahah you forgot to remove the fingerprint?
[PhantomZero]ROFL! Pwned!
[Joe]It's NOT funny! I have to go, bbs
[1337-0]bbs, or bbl... way l?
[PhantomZero]LMAO!
Anne_Caliguiri@mpaa.org Add to Address Book
Dear Oliver,
Thanks for your e-mail.
While Peer-to-Peer (P2P) networks allow for a great deal of opportunity
for distribution of entertainment, P2P networks unfortunately enable
massive amounts of pirate activity.
When people upload or download others' copyrighted works, that is, in
fact, illegal. There is nothing illegal about P2P technologies, if
you're sharing work that you have the rights to share. But, most
commercial works you find available on P2P networks (e.g., albums you
find in stores, movies you find in theatres or stores) were not posted
there legally.
It is only this illegal activity that the MPAA is fighting against. We
will continue to embrace technology and the opportunities it offers
responsible citizens using it legally.
Thanks again for writing, and please let me know if you have additional
questions.
Anne
thank God the internet isn't a human right.
"All you need to do is a slight file format transforamtion (just uuencode and then zip) will mask the watermarks."
You are quite correct that this will defeat the watermarking.
There would be significant side affect though. You could say goodbye to downloading a single file from multiple sources because if we were to use your proposed solution then every copy of "The Matrix" on the P2P network would be unique, therefore you would not have the advantage of pulling in all the "parts" from disparate sources.
"You can't fight in here, this is the war room!"
"This topic is absolutely chock-a-block with discussions about which burglars' tools work best to fuck over and steal from our neighbors. What next, discussions on how to cut through school zones and take kindergarten-age hostages to elude the police during a high-speed chase? "
I look at it like this. A discussion on how to preserve the privacy and liberty of those of us that do not commit copyright violations. Allowing this is like allowing the cops to tap my phone becuase my neighbor was caught committing a crime. It's unacceptable.
Steve's Computer Service, Hobbs, NM
A "little" off my own topic since I submitted the story....but the result of this I would imagine would be that p2p will start using SSL to encrypt the traffic (I put this in my text blurb for the story...but slashdot editors chopped it). Anyhow...this will NOT only defeat the MPAA, but MANY universities use trafic shapers to fingerprint Bittorrent and p2p traffic to keep it from saturating their bandwidth to the Internet. SSL encrypted p2p will effectively make packet shaping these services impossible.
If they do read slashdot for a free technical review, they can hardly ignore the same points raised over and over again:
1. Technically infeasable and economically ruinous for ISPS to scan all network traffic (unless you want to pay them for their trouble, MPAA? you could indemify us all for the resultant Internet slowdown perhaps?). You've been told so many times, you can't be that stupid.
2. Copy-protection can always be broken. It's like King Canute live action when I go to see a movie and be insulted by MPAA movie-theft ads.
3. If you drive the people to encryption, a lot more than your precious assets will go byebye, it will bring down the gravy train for everyone else, and won't they thank you for it.
Using Occam's Razor I ask which is more likely: that they either don't read slashdot or do so in such a way as only read it for the pictures.
insecurity asks the wrong question irritation gives the wrong answer
"For decades they conspired on prices and you claim they "paid the price"?!"
The price-fixing settlement was not as a result of "conspiring" for "decades." Here's what happened:
The winners here are Best Buy and Wal-Mart. The losers are the traditional record stores and indie stores that continue to get squeezed out of the business by Wal-Mart and their loss leader prices on CDs. The record companies probably don't mind; other than sending out some settlement checks and sending some crappy CDs to some libraries (as you've mentioned), this didn't hurt their bottom line. They were selling CDs to Tower Records for the same price that they sell to Wal-Mart.
You should be happy about this if:
You should be unhappy if:
The bottom line is that anybody who thinks that the price-fixing settlement was a strike against big business and a win for the little guy is mistaken. They're probably still chuckling about it at Wal-Mart headquarters in Bentonville.
Sitting in my day care, the art is decopainted.
Quote frankly I'm having way too much fun with books at the moment. Real, Dead Tree Format books. There's some great stuff being produced, not like the pap that is a "blockbuster" movie.
I walked away from new music ages ago. I neither buy new stuff nor download anything. Because I also don't listen to the radio (*shudder*), I have no idea what music is out there. Thus I don't buy any. I'm watching less and less TV, I don't download movies and I don't go to the cinema. Movies are coming out now, I don't know what they are. When I do finally find out about them, I wonder why anyone pays money to see them, apart from being able to say they paid money and saw them.