Slashdot Mirror
Flash Memory with Copy Protection
Castar writes "Mercury News is reporting that SanDisk has created a new type of flash memory with copy-protection logic built in. From the article: "Today, much of a consumer's digital content is held hostage on a particular kind of device, such as an iPod or a PC, because that is the only way to prevent massive piracy. But with the SanDisk flash memory card, a consumer can move the digital content to another device. If the music company insists the data can only be copied five times, the memory card itself enforces that policy in the new device, be it a cell phone or music player." Rejoice that your data can be "liberated" from the confines of your PC or iPod!"
The copy protection is between Sandisk->sandisk compatible transfers (from what I can tell)
Otherwise I assume the data will be an encrypted blob and be unusable.
liqbase
They just don't realise that a mere recording from line-out to line-in in any half-decent sound card will sound as good as the original to 99.% of the users. So they should try and prevent that as well.
Uh, they do.
Beware: In C++, your friends can see your privates!
Depends on how it is implemented. If they use one key for all the cards there, it is fairly certain that somebody will crack it and publish it.
On the other hand, if they have one private key kept only by the vendor, the public key for this on each device, a serial number on each device, and a unique private key on each device with a certificate, then it won't be cracked. Sure, DVDJon can crack his flash device, and then he could read/write the data off it. However, your device uses a different key. If he cracks it using software-only, then this could be distributed. More likely, though, he will crack it using logic analyzers and electron microscopes, and you can't exactly just post do-it-yourself instructions for that online. He could mass-produce clones of his card, but the vendor could revoke his key once they found out about it.
I'm not sure how the protection is implemented, but if they really wanted to stop hardware cracking this is exactly how they would do it. Of course, just using one key is easier, and so who knows what they really did...
Seriously guys did any of you read the full article or instantly just post here whining. I usually don't take the time to read them because I spend most my time responding to others people. However, in this case it helps to actually read, for if you did you would see that the talk from SD is that they would sell this devices in stores pre-loaded with the content you want to purchase or with content that would be 'unlocked' later.
I do not think, this device is meant for direct marketing to the public in anything resembling the way current flash drives are currently marketed. You would not be buying these and loading the DRM content onto them, the DRM content comes on them when you purchase them. The idea of this is that it will probably allow a set number of devices to read the media. When you insert it into the one device too many you get the cannot read message.
This is how it liberates the 'standard' user from music being stuck on their iPod. Most consumers (and trust me the slashdot community IS NOT most consumers) have no idea how to remove DRM from their iTunes purchases or know how to get the songs on their iPod back off. They have not had the great fortune of hearing about things like ephpod. So now they will have their DRM content on a flash disk that can go into their cell phone, PDA, PC, mp3 player and so on.
So put the foil hats away, and stop contemplating about the demise of SD because this IS NOT targeted for straight sale as a consumer media and WILL NOT replace all the drives and memories that they presently sale.
"Some days you just can't get rid of a bomb."
Step 1) Copy once
Step 2) Remove protection from your new copy
Step 3) No more DRM.
The way I've seen it work for some digital marine charts is;
1) Copy once
2) Strange unrecognised binary file
3) copy to second device
4) works in original device but not in another device.
The chart is married to the card. Copying to a PC is OK. Copying back to the original card is OK. Copying to a second card is rejected by the boat nav. Original card only please.
You can use the chart in another boat, but only if it is on it's original card. This is hardware level DRM.
Notice almost any GPS you can buy that uses a map will only take a SD card?
That is for in the future when you buy your boat or aircraft charts, they will come on a card and won't work if copied to another card. The chart and card are married and won't work without it's partner.
Charts for a local waterway won't be shared by a group of fishermen. Each will need to buy their own chart card. That's how the SD feature works.
The truth shall set you free!
They ALREADY have DRM grain. Monsanto has grain that is genetically altered to resist Roundup pesticides. This is copyrighted so that you must buy new seed grain every year - you are not permitted to reuse any grain from previous years as seed grain (i.e. make copies). This grain has been introduced into Iraq, and the new constitution enshrines American-style copyright restrictions, so Iraqi farmers who have been keeping thier own seed grain for many thousands of years will no longer be permitted to do so. There have been cases in the US and Canada where farmers have had their fields infected by stray Monsanto seeds, and were then (successfully) sued by Monsanto for copyright violation.
There are also concerted international efforts working to create grains that produce edible (but non-viable) seeds, which will truly be enforcing non-copyability via hardware means. Sigh.
I really don't like the increasing complexity of devices that don't need to be complex. Complexity tends to decrease reliability.
My last motherboard, an ASUS, had an in-BIOS MP3 player. That qualifies as "unnecessary, reliability-decreasing feature", in my opinion.
As for the latest sky-is-falling-on-copyright-infringement alarmist crap from Slashdot, pay no heed. This whole thing is a lot of horseshit that companies are using to extract money from the publishing industry. Many, many companies try to do this. If you make a commodity device (Flash storage, for instance), you're desperate to do *something* to make more money on it.
So, let's take a look at what this system is probably going to do.
Assume that the engineers *really* knew what they were doing and made *no* errors (and that security in hardware is pretty hard to do and there isn't much of a culture of that in the hardware world).
It's a pretty good bet that if properly designed (*not* necessarily the case), each device has some sort of embedded public-private keypair. They use this to transfer symmetric keypairs to do bulk data transfer between each other.
This means:
* Everything is on one IC, and there is no inter-IC bus involved. Tapping busses between ICs within a DRM-using device is a good way to break the protection. bunny broke the X-Box by using the fact that not everything is on one IC. Probably reasonable for the Flash world, where this is already the case.
* The hardware's pseudorandom number generators (that symmetric key has to come from somewhere) are secure. An attacker can twiddle power to screw up PRNGs...maybe zero them, induce current, screw with the power lines at just the right frequency, whatever. This is not trivial to avoid.
* There are *no* diagnostic interfaces left in the hardware. Trying to make every hardware engineer lose their diagnostics in the release product is like trying to convince a fish to jump out of water and stamp around on land for a bit.
* The crypto algorithm involved doesn't get broken (once it is in lots of products, you are irrevocably committed).
Remember that this is a system that relies on *zero* breaks. Maybe the manufacturer can have an "update key" and release new protected content with hidden "updates" to invalidate existing compromised keys, but this takes a while to propagate around the system. Once such a system is released, the manufacturer is gambling that not a single person, in any lab, with microscopes and the works, anywhere, can break the thing. Once it gets broken, that person can distribute all the protected content (and possibly even create a "modification" to disable the protection on other devices, if the break involves the compromise of a key). The math is *wildly* against the publishing world here. It's a safe assumption that the publishing world will make dire legal penalties, heavily watermark content (and probably tag with the IDs of devices that it passes through) to try to track down any such break, but it's still a seriously long-shot gamble for them -- and a break is likely to happen after they are widely deployed and are committed to the scheme, as happened with DVDs.
And remember that nobody gives a damn about simple data transfer. That data has to go somewhere -- the Flash drive. So now every device that *consumes* this data (sound cards, video cards, etc) has to also be similiarly secure, and not have any breaks. That is a *huge* undertaking. If one consumer is Windows running under Palladium (e.g. a trusted software MP3 player), then you have to secure a vast software system, as well as much of the hardware in a computer system, against any breaks. That means *Windows local kernel security must be airtight*. Every bluescreen you see is a violation of that! Even better, you can't use a single good prepackaged solution, because then you run into the bus-attacks-across-multiple-ICs problem -- every single device needs a custom chip, and that chip has to perform *all* the t
Any program relying on (nontrivial) preemptive multithreading will be buggy.
They already have a kind of drm fruit. Companies like monsanto that produce seeds for farmers, engineer them so that the plants dont produce seeds for a second generation or farmers are induced to sign agreements that stipulate they cannot use seed from their crops and have to purchase new seeds next year.