Slashdot Mirror
Sun Spearheads Open DRM
Steve from Hexus writes "If DRM is the future of controlling our media files, then perhaps the open source community can at the very least ensure that the dominant delivery system is an open standard. Hexus.net reports that Sun is spearheading a new open DRM project, which their lab workers and the open source community can contribute to. More information on project DReaM can be found at the Open Media Commons website." Tough call - DRM is coming (Or is already here), one way or another, and is better to work on creating something done right, or to object to it on moral grounds?
Hate to see open source DRM developed. That will guarantee DRM improves until it actually works. We're looking at the death of file sharing as we know it...
The NSA: The only part of the US government that actually listens.
Object of course, why would you want to help contribute to tools of corporate control!
You'd have to be an idiot to want to help in this. It would be like being asked to build a prison that is going to be used to lock you in. Even more than that, Sun are asking you to help them make this prison better, and for free. Normally people will do objectionable things for enough money (sadly), but hopefully no-one is stupid enough to do this for free.
Why would you want to help them build shackles for you!
Eh? How exactly can you even talk about "open-source DRM"? It's one of strongest oxymorons here, DRM by definition is about restricting access, while openness is about allowing it.
Even if you mean openness of only the software itself, you can't go much farther than Microsoft Shared Source -- the "look but not touch" way. What is source worth if you can't even compile it and have it working?
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
"is better to work on creating something done right, or to object to it on moral grounds?"
Open-source developer support or not, I don't think it matters.
I don't care if it's Open Source DRM with sugar on top, I don't like it and I refuse to use products that restrict the use of something I paid for. I'm doing fine just listening to my old CDs all day.
Send email from the afterlife! Write your e-will at Dead Man's Switch.
"Open DRM" at first sounds like a contradiction, yet, the modern approach in cryptographic systems is to design systems so that security depends on secret key material, not secret algorithms. It's a rule of nature that any piece of hardware that falls in the hands of the enemy will give up its secrets, and algorithm secrecy didn't stop Jon from cracking DVD encryption.
In an open DRM system, anybody could create their own DRM "universe" by generating their own set of keys to initialize the system -- this opens the possibility of using DRM to do different things than today's systems, such as protecting privacy: Sun is quite interested in providing storage records for medical records and such, and some kind of DRM would help with HIPPA compliance. (But when I look at the privacy policy I get from my Doc, there are so many people that can see my records that she could save money and just leave them on the curb.)
It's hard to picture media companies getting behind Sun, but other companies that want to build their own systems for protecting information might get on board -- Sun hopes that this will help them sell storage systems.
This could be used to grant strictly controlled untrusted access to downloaded content in general, included downloaded content ranging from cookies to SETI at Home.
The OS that supports that will need to be somewhere arround B2 security, something I know Linux, BSD and the commercial Unixes can and have acheieved, but which I strongly suspect VMS and Windows can't reach.
--dave (biased former securitroid) c-b
davecb@spamcop.net
If a DRM framework is available to implement as free software, then how can people be prevented from modifying the software to leak the cleartext of the work and then using the modified software?
The moral argument against someone else owning my data will die when I do. I think the open source community needs this about as much as an open source blue screen of death.
Having to work for a living is the root of all evil.
Are open source and DRM compatible? Is there even a theoretical way in which the end user can have access to the decryption algorithm and the decryption key (presumably this must be present somewhere), and not be able to remove the DRM? The linked web sites were both somewhat thin on details.
I am TheRaven on Soylent News
I don't wish to take easy potshots at slashdot but why do you ape the language of big news corporations in your story:
If DRM is the future of controlling our media files
There is no 'our' media.
DRM is coming
Look, all of this is a nonsense. Really the world is splitting into two directions; those who believe passionately in freedom and control over their own lives and those who haven't quite woken up to the value of, or understood what that means.
There is nothing else. DRM is haxx0r bait to be circumvented and stamped on. It's there to protect the traditional structures, the big corporations primarily. Some smaller outlets may find a use for it occasionally, but it's not there for them. There is so much good media out there with no DRM and those outlets manage to survive and thrive so I think that reveals quite a lot.
Forced DRM is not compatible with any concept of normal use or freedom or control over one's own systems and files as far as I can ascertain.
As far as Sun goes, to be honest it's preferable in the sense that an open standard is probably better than a closed one, but all said it's working under the erroneous presumption that some sort of wooly, cowering compliance and affection for DRM is about to take over the world, which it won't.
...I object to it on consumerist grounds. DRM just doesn't provide enough value for what I'm paying for.
Despite owning a Mac, I have yet to buy anything on iTMS but will still happily buy dinosaur digital audio (a.k.a. "Compact Discs"). Why? Compact discs provide me with several things that DRMed digital audio can't:
Considering that a digital album costs about the same as a CD on Amazon, the decision is a no-brainer.
pi = 3.141592653589793helpimtrappedinauniversefactory7
Let them settle on *one* standard for DRM, so that the usual suspects can crack it, and we don't have to worry about DRM anymore. Just like we don't have to worry about CSS.
We already have a number of DRM schemes and consumers are adopting them without too much fuss. Unfortunately, we're still in the early adopting phase which means there hasn't been enough time for things to go wrong for individual users. No massive loss of music/movie collections due to hard drive failure or ending a subscription. No incompatibilities between Gen 1 and Gen 2 hardware devices (and interfaces). The industry is betting that they can just slip this stuff through as fast as possible so that when all the nasty stuff goes down, users won't remember DRM-free media or will no longer have a choice.
As I see it, an OpenDRM is worse than regular DRM and should be resisted as strongly as any other DRM. It will only make it easier to for everyone to push DRM because of the common platform. At least there's the chance that competing DRMs will piss off enough people to ALL fail, or that the competition alone will force less restrictive models (a la Apple vs. Microsoft currently).
Eventhough DRM is the tool of the devil, linux should have a solid implementation. If not loads of media can't be played on linux in the (near) future, well at least not legally.. . Embedded linux would be used less and less since it is not possible to make a legal device baded on linux. There will allways be hacks and cracks around DRM, and that's a good thing, but ignoring DRM in Linux would be a major mistake. Embrace and Extend .. .
If you can't beat em, join em. Sorry, but the idea of DRM is wrong in any form.
It's on my computer I paid for, with software I paid for or have an exclusive license for. It'll be a cold day in hell when I buy something and then don't have exclusive rights to it. I'm not leasing software; in any way, shape, or form.
People keep saying DRM is here!! OMG!! I'm scared mommy! Stop acting along the lines of a bitch and realize that the power in the consumer/media conglomerate relationship lies with the consumer.
With my consumer hat fully locked into place. DRM can come, stay, go, do whatever it wants to. Simply, not on my personal hardware. If it means not having the ability to use or watch media because the majority has spoken otherwise. Then so be it.
You can either tow the line with a statement and action you believe in. Or, join em. This segues right into the reason society has faltered when it comes to most anything involving standards, morals or simply standing up for ones self. There is a lot less beating, and a whole lot of joining.
With all the problems of lost computers, lost backup tapes, etc., I would think that corporations should be required to use DRM to reduce the risk of identity theft. It may not prevent a company from selling your data (for which they should be royally reamed), but it will reduce "accidental" leaks.
Social Security numbers, credit card numbers, etc. should never appear in plaintext and managing who has what rights to read/copy/write files with sensitive data seems like a job for DRM. For example DRM would also help when a company uses a 3rd-party provider (e.g., your employer hires another company handle payroll). DRM would let the 3rd-party access the data on a one-time use basis. Any attempt to copy the data or read the data outside the specified application would fail. This type fo DRM would help reduce the chance of a rogue employee trying to sell the data.
It seems like DRM could have valuable applications for helping maintain privacy.
Two wrongs don't make a right, but three lefts do.
Even assuming I don't object on moral grounds, (which I do, strongly) how would this even work?
Free Software can never implement any Digital Restrictions Management (DRM) technology. Why? Because, a piece of DRM-compatible software must take an encrypted content file, decrypt it, and pipe the output to a user interface such as a speaker or monitor. At the same time, the software must prevent the user, at any point in the above pipeline, from copying the unencrypted content to a file. This is a fundamental problem which all DRM schemes must solve. With Free Software or Open Source software any user can modify the source code so that the unencrypted content is saved to a file, thus breaking the DRM. Therefore, Free Software can never truly implement DRM. Conversely, any system which correctly implements DRM can never fully be Free Software.
I realize that Sun is talking about open standards, which are very different from Open Source or Free Software. However, their stated aim here is to make open standards which will allegedly be friendly to Open Source. However, I think I have already proven that this is bunk, because the concepts of DRM and Free Software/Open Source software are diametrically opposed.
Therefore, what is Sun's real goal here?
The preceding comments reflect the author's personal opinion and are public domain, unless explicitly stated otherwise.
Yes, for the masses it will continue to affect them but for those who have just a bit of savvy and can use the tools that others produce, DRM will be nothing more than a minor annoyance.
Open source developed or not, a DRM is just a hurdle.
The "moral" problem is actually one of legality. It is one thing to introduce an obstacle to certain ways of using content, but to make it criminal merely for bypassing the DRM regardless of your right to the actual content is where the moral problem lies.
Currently the geographic community is working with in the OGC to develop DRM for geographic products. The plan is to get in early and define a standard to prevent cosy vendor mapping agency tie-ins.
So if we all get behind an open source open standard method of DRM then may be we can avoid the problems which are dogging DRM in the music industry.
Ian
It's better to object to it on the grounds that it will never work. If you want the person to be able to view the content, then they can copy it. Simple as that.
Dlugar
Computer Go: Writing Software to Play the Ancient Game of Go
Isn't open source DRM about as useful as a woollen condom? All the DRM I've seen (and worked with) uses obfuscated keys and black box decryption libraries; if it's open source, how does it work?
Now, I don't think that DRM has much use anyway, but where it does "work", it generally does so through obfuscation. I can't see the content providers springing for this. On the other hand, they've already been sold snake oil by other DRM vendors, so just maybe...
Realistically, though, the only way I can see open source DRM working at all is if it uses TPM in some way.
If your comment title says 'Re: Foo', I'm not likely to read it.
Repeat after me: There is no such thing as open DRM.
Yes, you can distribute the algorithms openly, but in the end every single DRM system is going to be based on secret encryption keys. It is a felony in the United States for you to read/use such encryption keys for most purposes. This is how DRM works; because it cannot work in any other way, it depends on outlawing certain types of computation to undermine the general-purpose nature of computers. This is done via the DMCA in the United States.
Repeat after me: The only reason for DRM is to eliminate general-purpose computers, and to replace them with futuristic televisions. Why are all of the media industries so scared? Because finally, individual human beings all over the world are able to create and distribute information freely. Up until a few years ago, those media industries had a stranglehold on distribution of information. Everything was broadcast-only. Everything came from a few centralized sources.
DRM is their last hope to outlaw a future that's missing all-powerful information distributors. It is their last hope to turn computers into interactive TVs.
Don't be fooled by DRM that pretends to be "open" or "decentralized." By its very definition, DRM is always closed and centralized -- even if on the legislative level rather than the software level.
As for the inevitable cries of, "DRM has positive uses for system administration and security!": There is no good use of DRM which cannot be achieved with equal ease entirely in user-controlled software. So why don't you put your energy into making easy-to-use encryption systems, and enabling them by default in your applications, instead of scheming to make general-purpose computation illegal?
DReaM on, Sun. The Open Source community isn't about writing your code for you, open standards or not.
Many of us vehemently object to DRM on its face, because it goes counter to the beliefs of the Open Source community; fostering learning and growth and a strong sense of community through sharing and improving our creations.
DRM doesn't play into that, even if your "customers" demand it. Creating an Open Source initiative to try to get the Open Source community to write the code for you, so you can lock it up under the CDDL for your customers' use, doesn't play into that.
Find another sandbox to play in, this one is ours.
I applaud to SUN's effort in attempting an open DRM standard. DRM is on its way to consumer market, whether we like it or not, but an open standard opens the gate to collaboration. Rather than debating endlessly about the moral grounds of DRM, IMHO it is best to accept reality and establish an "outpost" for open source and free use in the hostile land of DRM. Kinda like establishing a constitution in a monarchy state.
Does anyone know what the security model is? Doesn't DRM rely on the player having embedded keys to decrypt the content? If the DRM is open, won't it be trivial to extract those keys?
Over the past few years, it seems as though there has been a major divide between the interests and desires of major media companies and the end user. Major media companies have shown a strong desire to control their digital content via copy protection and DRM, using their own distinct proprietary methods and limiting the usage of said content to a limited scope (you may only play on such-and-such player, copy n times, and/or play this video in the next 24 hours). End users have shown a desire for flexibility in the way the DRM is applied. If end-user Tom purchases a music file, Tom wants to play that file on any player (software or hardware) and be able to make CD copies so he and his wife can each listen to it while driving separate ways in their respective humvees.
An open source DRM standard would make a method of controlling content widely available. The more widely available it is, the more players we can utilize in playing our DRM'd music, movie, etc. Hopefully, with Sun behind this, enough media executives will start to trust an open DRM.
Pros:
1. High level of transparency/accountability.
2. The standards will be open to everyone. (Now Joe Schmoe can write a player that can read CheapoMP3z.com's DRM'd music.)
3. It's Sun - hopefully, all the music/movie execs will recognize the name and trust them and their products.
Cons:
1. Vaporware? (open DRM is a nice idea, but when's it gonna get here? we'll not hold our breath, thanks.
2. It's Sun - do we trust them and their products?
[..]is better to work on creating something done right?
You cannot create a 'right' implementation of DRM; cryptography-theorie predicts that every method of DRM can eventually be circumvented without too much effort.
It has to do with Alice, Bob and Carol; Normally Alice is the tranmitter, Bob the recipient and Carol the malicious hacker. With DRM, Bob and Carol are one and the same person.
better to work on creating something done right, or to object to it on moral grounds?
How about work create a lot of different standards done wrong, so the whole thing gets scrapped once people get frustrated with the stuff just not working.
Opus: the Swiss army knife of audio codec
The thing is, you *do* have permission to copy copyrighted material, even that which certain organizations that end in *IAA would like to lock up with DRM - you have the right to time shift, media shift, excerpt, make backups, etc, regardless of wether they give you permission or not. But DRM lets them physically *prevent* you from excersicing these rights, which is why DRM is so objectionable.
What was called copyright way back should have been called 'sellright' or 'publishright' - and should only protect against false authorship claim, and against actually selling (eg for money) copies unless you were the rightholder. It wouldnt have hurt to make the whole thing non-transferrable and non-assignable too - eg the actual author/artist of a work holds permanent rights, even if he contracts with a publisher to actually distribute and sell copies on his behalf.
Of course, they will never use any DRM which can have any Open implementation, becuase anyone would be free to implement it and add or remove whatever features they wanted in their implementation, including an option to allow use that the persons issuing the DRM'ed content would want to prohibit. The only way that any 'Open' DRM would ever succeed is if the DRM-pushers are too ignorant to realize that.
One of the bigger risks of DRM, as I see it, is giving authority over your system to another entity. Not surprisingly, in many of the schemes pitched thus far, big business decides all and your PC must obey (see the broadcast flag). The same effect exists for the HD copy protection schemes.. the studios decide all, and your hardware must obey.
At least an open standard form of DRM could put everyone on equal footing, rathern than locking in the big media company's control over the industry. If independant producers have the same access/right/privileges as the big players, it makes for a much better solution.
Personally, I am all for a good system of protecting the rights of content producers. But, the last thing I want is that system being used to lock in the power of big business and the garbage that they peddle.
You mean the death of digital freedom in general.
DRM is much larger then just some lame p2p copyright infringement idea.
DRM will effect the very way we retain our knowledge as a society. The "keyholders" will dictate what information is acceptable and what is not.
---- Booth was a patriot ----
My problem with DRM isn't the concept itself, it's the one-sidedness of current implementations: the existing DRM systems enforce the rights the media companies want enforced, but they don't enforce the rights copyright law grants to copy-owners. An open DRM system at least offers the ability to lay down within the system all rights including the ones copyright law grants that the media companies don't like. If we lay down the standard with reference to relevant statute and case law, we can change the playing field so the media companies have to argue why a DRM system shouldn't comply with the law when they object to things like time-shifting and personal-copy rights.
The very basis of DRM is that it's and end-run around fair use.
Because it's implemented by a machine, and machines cannot know the intent of someone using the material it protects, a DRM system cannot tell the difference between infringing and non-infringing uses. Therefore the only way for a DRM system to stop copyright infringement is to stop all copying, which stops the *legal* kind, as well as the *illegal* kind.
In short, it's objectionable because it screws people out of their rights.
A DRM technique that (a) I can leverage as much as the "big boys" to protect my own content, (b) preserves more of my fair use rights, is better than one that doesn't.
These techniques, generally involve encrypted content together with decryption keys possessed, but inaccessable to the end-user ("inaccessable" being a matter of effort, of course). In a flexible system, the user would be able, to transfer those keys, or a limited number of copies of them to playback devices, in a secure mechanism -- taking encrypted content to play at a friend's house should not be a hassle, for example.
Of course, given that key possession ultimately means that they can be discovered, to be effective, such a system would require content to be personalized to keys that an end-user already possesses, so cracking one does not crack the system. Given electronic delivery of content, this is not far-fetched.
Where open source DRM shines, though, is the ability to change the access mechanisms that playback or other decrypting devices offer. Fair use is not a static set of rights, but an ever-changing set: VCR-based timeshifting was "new" recognized fair use, for example. When "code is law", and the law is subject to change, it must be possible to change the codew as well.
Naturally, changed code to be loaded on a device that handles encrypted content would have to be signed by an authority the device trusts (or only be available to deal with content encrypted by the device owner), but this would open up community development of DRM code that respects new fair use rights (assuming the rest of the hardware supported them) -- I'm thinking of a fair use right to, for example, decrypted 720p analog video output where the previously permitted resolution was 480p), testing thereof, leaving only signing required to allow its widespread adoption.
The big current weakness in all DRM schemes is that while they may allow for preset fair uses, they can not anticipate and allow for future ones. I'd envisioned that the "DRM Carrot" should come with the "Fair Use Stick" -- manufactures of devices that use DRM should be obliged to modify them to support new fair uses as they are recognised, at their expense, in a timely fashion. Open sourcing the code makes this a lot easier.
You could've hired me.
Fuck DRM. Effective DRM on music "copying" only is impossible because as long as music can be produced, it can be copied. Hence the only effective DRM is to make it impossible for a single individual to produce music without permission of the "industry". This gives two advantages to the record industry: 1: They control exactly WHO can produce music (this means that if you aren't signed, you can't produce music) 2: People can't copy their music