Slashdot Mirror
The DRM Scorecard
An anonymous reader writes "InfoWeek blogger Alex Wolfe put together a scorecard which makes the obvious but interesting point that, when you list every major DRM technology implemented to "protect" music and video, they've all been cracked. This includes Apple's FairPlay, Microsoft's Windows Media DRM, the old-style Content Scrambling System (CSS) used on early DVDs and the new AACS for high-definition DVDs. And of course there was the Sony Rootkit disaster of 2005. Can anyone think of a DRM technology which hasn't been cracked, and of course this begs the obvious question: Why doesn't the industry just give up and go DRM-free?"
Just because the ability exists to crack it, doesn't mean that the average Joe on the street can do so.
It discourages casual copying, nothing more, but I can't imagine it was intended to do any more. Nobody's that stupid.
"It is possible to commit no errors and still lose. That is not a weakness. That is life." -Peak Performance
Frivolous lawsuits. Until the RIAA finally realizes that its lawsuit tactic isn't working it's the only attempt at DRM that hasn't been made completely useless yet. Unfortunately I don't see that happening unless/until they lose bigtime in multiple court cases.
I have this massive pile of digital rights that I really need to manage. Yet every fucking piece of management software I download has been hacked. There's not even any patches for this shit. How the fuck am I, as a concerned citizen, supposed to manage my rights?
Is Blueray. That's going to last another decade.
Your ad here. Ask me how!
The same effect has been observed in software for years, Windows XP had an activation thing built in, anyone who knew what they were doing would bypass it, anyone who didn't (and didn't know anyone who did) would eventually go and buy superfluous copies of software they already owned.
Okay, let's try Alex Wolfe's argument in a different context:
"When you list every major law implemented to "protect" life and property, they've all been broken. Can anyone think of a law which hasn't been broken, and of course this begs the obvious question: Why doesn't society just give up and go law-free?"
DRM doesn't have to be perfect to do its job, anymore than law enforcement has to be "perfect". It just has to be effective enough to keep Joe Average from copying the file. Whether or not DRM is actually "good" or "bad" for media producers is a completely different argument, but Wolfe's sophomoric reasoning does nothing to address it.
No one ever expected DRM to stop all copying. That was never it's purpose. The purpose of DRM was to curb copying, which it has done. Everyone realizes there will always be a way to get around DRM (or anything else really) if you really want to. But if you can implement DRM and stop 50% or 75% of copying, that is a big improvement. That is exactly what they did. They implemented a solution that will reduce copying by the average person, which means more money in their pockets since less people are copying CDs and giving them to friends (and no, I'm not claiming every person who copied a CD would go and buy it, but certainly some of them will).
DRM works under the same concept as locking your car. IF someone really wants in, they will get in. But it certainly cuts down on the casual person who will take an easy opportunity, but doesn't care enough to put in the effort to get around the measures you put in place.
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
Last I looked Cable HDTV DRM still hasn't been cracked which sucks if you want to use a myth box. You can only get an HDMI with HDCP signal out which I also don't think has been cracked. I really hope they do crack it so I can watch the HDTV that I pay for on my computer whenever I want. As a side note I once talked to my friend(who works for comcast) about driving a GNU/Linux driver for the CableCard. He told me it would be hard and was 100% sure we would be taken to court. The CableCard apparently looks to make sure the hardware using it is certified. Cracking that shouldn't be to hard but apparently the deal that at least comcast has with the content providers is that if there DRM is cracked they have 30days to fix it otherwise they have to recall all devices with the DRM capability and destroy them. Then they can issue new ones with newer DRM, otherwise they risk losing that content.
There's only one copy protection system I know of that hasn't been (meaningfully) cracked, and that's MediaCipher, created by Motorola for the cable TV crowd. Ironically, it was one of the first ones ever created. (Of course, it helps that the boxes implementing MediaCipher are only rented -- never sold -- to end-users.)
Copy protection next showed up in a major way for computer games, most notably for the Apple ][ computer. This fetish briefly spread into applications software as well as games, until the users thundered, "No Fscking Way." It took about four to six years for this to shake out.
Despite the fact that there is no conclusive evidence that copy protection has any meaningful impact on sales, anti-copying measures are still used extensively, but by no means universally, throughout the games industry. In particular, Unreal Tournament's initial anti-copying measures are little more than perfunctory, and are later dropped entirely.
Near as I can determine, copy protection advocates claim as axiomatic that unsanctioned copying will depress sales to livlihood-threatening levels. They cleave to this axiom with a fervor usually associated with religious fundamentalists. However, every time this axiom is honestly examined, mitigating or even entirely contradictory evidence is discovered. Yet the myth persists.
It's not the technology we need to combat (since Turing proved it can never work). It's the defective thinking.
Schwab
Editor, A1-AAA AmeriCaptions
Was someone a little strapped for cash?
"Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
Unfortunately, the analogy doesn't quite hold. Breaking into bank vaults is more like performing a brute force attack on a DRM scheme, every time you wanted to break it. DRM schemes don't work like that. Typically once a scheme is compromised, it becomes possible for anyone subject to it to break it almost instantly. All it takes is for someone to write a quick tool that automates the cracking process and all the barriers presented by the DRM scheme pretty much fall away.
I'd say that DRM schemes are like having one giant bank vault. Yes, it will eventually get compromised, and once it is, everything inside is trivial to take.
one definition of insane is doing the exact same thing over and over and expecting different results.
From Wikipedia:
"Cryptanalysis researchers demonstrated fatal flaws in HDCP for the first time in 2001, prior to its adoption in any commercial product. Scott Crosby of Carnegie Mellon University authored a paper with Ian Goldberg, Robert Johnson, Dawn Song, and David Wagner called "A Cryptanalysis of the High-bandwidth Digital Content Protection System". This paper was presented at ACM-CCS8 DRM Workshop on November 5, 2001.[1]
The authors conclude:
"HDCP's linear key exchange is a fundamental weakness. We can:
* Eavesdrop on any data
* Clone any device with only their public key
* Avoid any blacklist on devices
* Create new device keyvectors.
* In aggregate, we can usurp the authority completely."
It must be noticed, however, that for this attack you first have to break Blom's scheme (the linear algebra based key exchange system). In the case of HDCP you need a minimum of 39 device keys in order to reconstruct the secret symmetrical master matrix that has been used to compute all device keys.
Around the same time that Scott Crosby and co-authors were writing this paper, noted cryptographer Niels Ferguson independently claimed to have broken the HDCP scheme, but he did not publish his research, citing legal concerns arising from the controversial Digital Millennium Copyright Act [1].
The most well-known attack on HDCP is the conspiracy attack, where a number of devices are compromised and the information gathered is used to reproduce the private key of the central authority.
To read my post please enter the first word from pages 6, 27, and 32 from the manual.
Fundamentally, you're spot on. It is a hell of a lot worse than bank vault security. You can't have the party it's secured against also the one it decrypts for. It just makes no sense! All DRM is crackable by definition, they know this, they just want to make it as much of a hassle as possible.
No, it's flawed because it CAN be cracked easily: The decrypting key is in the firmware contained in your DVD player.
In cryptography, we have an explanation using Alice and Bob. Alice is communicating with Bob, while Eve (eavesdropper) tries to decrypt the message. Alice and Bob have the key to decipher the message, but Eve doesn't. She wants to decrypt the communication *without* the key.
A --- E --- B
Alice in this case, is the Digital Media producer (or encrypter), and B is your DVD. You're Eve. The problem with DRM is that Eve *HAS* the key. By cracking the DVD software (some disassembly, debugging and you're done), Eve can obtain the key from Bob.
A --------- B E
This is the problem with DRM. It's flawed by design. The DMCA is a legal "patch" to this algorithm, punishing Eve if she gets the key from Bob. The problem with DMCA is that the punishment doesn't apply to all countries, and trying to enforce it results in attacking freedom of speech.
"this begs the obvious question: Why doesn't the industry just give up and go DRM-free?"
The entire entertainment industry is so consumed with greed that they are no longer able to think clearly. The failure of DRM is so painfully obvious, but the MPAA, RIAA, BSA, etc. are so blinded by greed that they can't see it. To them, the failure of DRM is proof that they need bigger badder DRM along with bigger badder laws to punish people. This is what greed does to you.
The secret to success is simple: make a good product and sell it at a fair price. But when you are bkinded by greed and convinced that you're losing billions of dollars to "piracy", you think that the secret to success is to control your precious "intellectual property" with the most draconian iron-fisted methods possible.
It is all about enforcing a monopolistic distribution channel, a walled garden. They are trying to get all of the pie, not just a chunk. I went into more detail here:
http://www.theinquirer.net/?article=29161
-Charlie
Locks are a good way to keep honest people honest, but they should be simple and unobtrusive. The reason why we have key locks on our front doors instead of complicated biometric systems (this may be the wrong audience for this comment) is that they are simple, cheap and less prone to failure.
Remember the front door is public, the lock is public but only the owners have the key. The front door system works because not everyone who can get to the door has the key. DRM simply doesn't work because you have the content, the lock and the key.If this were really happening, what would you think?