Slashdot Mirror
Atari Founder Proclaims the End of Gaming Piracy
OMGZombies writes "Speaking on a conference held yesterday in New York, the Atari founder Nolan Bushnell said that a new stealth encryption chip called TPM will 'absolutely stop piracy of gameplay'. The chip is apparently being embedded on most of the new computer motherboards and is said to be 'uncrackable by people on the internet and by giving away passwords' though it won't stop movie or music piracy, since 'if you can watch it and you can hear it, you can copy it.'"
said to be 'uncrackable by people on the internet and by giving away passwords'>
Sounds like a challenge!
No encryption scheme is 100%; some are just better than others. When will people learn!
Some days I get the sinking feeling Orwell was an optimist.
I wonder if game developers have ever even considered that some piracy occurs because the gamers cannot afford the games themselves. Adding a chip that prevents piracy wont result in any additional income from people who simply cannot afford the games to begin with. I for one prefer to spend my money on gas these days than games.
Why do overlook and oversee mean opposite things?
if you can play it, you can copy it.
c++;
"TPM will absolutely piracy of gameplay. Also, 640K ought to be enough for anybody."
I dunno, those "people on the internet" are pretty resourceful lol. I hear they're good at removing and replacing chips on motherboards, or at least on gaming consoles. I think he forgot about those people in their homes that don't want some stupid overlord chip overruling basic tasks on their computer. But at least he knows enough that music and videos can't be controlled no matter how hard the MPAA and RIAA try just because of the basic nature of them. Quite the smart/dumb mix.
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
This will definitely go over well with the people who were mad over even small things like the BioShock phonehome fiasco...what could possibly go wrong?
Base 13 FTW!
There is no such thing as un-crackable. There is, however, a level where cracking becomes cost-inefficient.
I still doubt TPM will take us to that level, because it will have to have almost universal adoption and that will take many years. Software or hardware exploits will be found, and adoption/versioning issues will keep them from being fixed.
They should really stop fighting the wave, and put all their anti-piracy money into creative talent and developers.
"apparently embedded in most motherboards" -- not meaning to sound snide, but where the hell have you been for the last five years? Google things like TPM, Palladium, trustworthy computing, untrusted computing, Ross Anderson...
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
A TPM is great for keeping my keys from Nolan Bushnell. It is also great to let me be sure which image of code I'm running on my machine.
It is not great at letting Nolan Bushnell look into my machine and see what code I'm running.
He smoketh the crypto crack. He should read the TPM spec and see what it really does.
Evil people are out to get you.
That's how Engadget is describing it, and I'm inclinded to agree. Firstly, it's not a "stealth chip", they tend to be prominently listed as a feature because they're so bloomin' rare and you really need one if you want to be able to use Vista's disk encryption without a dongle. Secondly, nobody has even proposed using them as a DRM measure, presumably because of the aforementioned rarity. Thirdly, this is spectacularly old news - those who follow hardware developments have been chatting about the TPM and its implications since Two Thousand and FIVE.
No kidding!!! What do you say at this point?
Your proposal advocates a
(X) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting video game piracy. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Video game pirates can easily use it to harvest gamer addresses
(X) Legitimate gamer uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(X) It will stop video game piracy for two weeks and then we'll be stuck with it
(X) Users of gamer will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from video game pirates
( ) Requires immediate total cooperation from everybody at once
( ) Many gamers cannot afford to lose business or alienate potential employers
( ) Video game pirates don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for gamer
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all gamer addresses
(X) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(X) Willingness of users to install OS patches received by gamer
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of video game piracy
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with video game pirates
(X) Dishonesty on the part of video game pirates themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Playing games should be free
( ) Why should we have to trust you and your servers?
(X) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
(X) Temporary/one-time gamer addresses are cumbersome
( ) I don't want the government playing my games
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Trusted Platform Module - not mentioned in the article. You can probably google it yourself, or wikipedia has an entry.
It's pretty much Palladium all over again. Remember that?
A hardware-based security module may have implications for game authentication. Whoopee. Not only is this nearly devoid of content, but the content that's there is essentially bullshit. The TPM is gaining a userbase, this is true - but they are FAR from ubiquitous. This isn't something you can easily install yourself either - to implement something like this would be a pretty impressive hardware hack (it's not just a chip you solder on). Making this a requirement for a PC game is just asking for failure. Either you're going to limit your market share to that of the TPM, or you're going to have to allow a workaround for the majority of PC's which will get cracked and circumvent the whole idea. Neither of these bodes well for this guy's point.
I'm disabling ads until because I choose not to reward redesigns that are less usable than "view source".
what exactly makes games so special that a chip like this could hinder piracy for games but not for movies?
Superb Hosting
Reasons why he's dead wrong (in no particular order and by no means comprehensive):
-TPM in and of itself won't protect against piracy at all if the implementation is botched.
-Tying purchased software or media to a specific hardware device p*sses people off when they repair, replace or upgrade and their DRMed stuff no longer works.
-Talk about opening up Asian markets, etc, is proceeding under the flawed assumption that those who acquire illegal copies of a game would even purchase a legit copy.
-Restricting your potential install base in this manner will reduce exposure, popularity, and ultimately sales of your game despite the opposite being your goal.
TPM = Trusted Platform Module.
The system creates a hash key based upon an analysis of the encrypted software and hardware combined together. If this matches a third party checksum, then the third party releases the decryption key to the encrypted software.
This would make sense for networked console games or PC's with broadband connections.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
I was going to make a snazzy comment on how TPM was toyed with re: OSX and it doesn't seem to be making any trouble....then compare safedisc and securom and how it was so easy to modify executables to bypass the security....or how much more controlled-hardware environments like playstations and xboxes were no trouble at all to break....
Then I remembered someone claims the end of piracy every year and I should go back to my coffee.
What the heck is a 'sig'?
I own my computer. I bought the hardware. I should be able to do whatever I want with it. The reasons the concept of copyright has been created are not compelling enough to essentially force every computer to have a police chip in it to make sure we honor it.
Need a Python, C++, Unix, Linux develop
hmm ... let's see. It's embedded on the mainboard, and as I understand it, they use that to encrypt the game key or whatever.
What happens if I have to change the mobo? Do I have to buy the game again? Do I have to re-register with a newly generated key? That would mean that there is some confirmation coming from some site, which, sorry Nolan, means someone from the intertubes will certainly be able to fake it.
"DRM is like the Ford Pinto: it's a smooth ride, right up the point at which it explodes and ruins your day."-C.Doctorow
Umm so like they just woke up from a coma and heard about Trusted Computing? ROTFL! Mind you Atari had jack to do with this technology.
Trusted Computing uses the TPM module, it's in many but FAR from all computers. It's in this laptop, it can be ADDED to my desktop's motherboard. It's designed to store measures of critical OS and hardware components like the BIOS to prevent tampering. Modify a file who's hash is stored in the TPM and is checked by a critical process and the system won't boot. There's a random number generator in there and yeah probably a private keypair too. So what I can only EVER play my game on this one machine now? It's locked to this machine? Games upgrade their stuff more than anyone else and he thinks this is the great panacea? You could do this today with your own code much the way Vista does, has that helped adoption? The TPM might be a more effective way to do it but it won't guarantee sales.
There are several games on the market and coming to market that I have not nor will I purchase simply because the DRM is too intrusive. Games that require me to be connected to the 'net for "verification" to play standalone or that can only be purchased and downloaded via DRM'd mechanisms aren't of interest to me. I and others have voted with our wallets.
Want to KILL the commercial game industry? Implement this! This guy sounds like your typical PHB who has stumbled upon something in a trade rag, seized upon the idea, and is trumpeting to anyone in management that will listen what a great idea he's found. In short he's a fool. He also sounds like he believes that everyone who's pirating games now will suddenly be forced to start buying them, wow is he and the music industry going to be in for a shock when they finally figure out this isn't the case!
GL Atari, was nice knowing you.
Build it, Drive it, Improve it! Hybridz.org
If it can be Encrypted it can be decrypted..
Then there are people that buy Copy Protection... "Ok.. if it Truly can't be copied.. Then how am I going to mass produce it." never seems to enter their minds.
There really needs to be some studies done on people that make these types of Claims.. Exactly how delusional are these people.. or is it a simple case of diminished mental capacity.. Or is it not the people that make the claims but the people that buy into the marketing Hype that have the issues that should be studied.
These types of Schemes should be rated in the number of Weeks from launch it will take for the technology to be Hacked/Cracked/Made Irrelevant by the "Internet People"..
Who needs WiFi when we can have Packet Over Sheep! http://datacomm.org/PoS-InternetDraft.txt
Long time paying customer here. Just a quick note to let you know that I would buy more games if your prices were lower (because you weren't pissing money away on stupid schemes like this) and you spent more time focusing on how to get money out of me (by offering value) rather than trying to get money out of people who have proven they are not able to/going to pay.
Anyway, thanks for letting me know about TPM. I'll be sure not to purchase hardware from vendors including it on their MBs, since I obviously cannot trust them.
they are not. Infogrammes bought the remnants of the company so that they could use the name.
FGD 135
09-f9-11-02-9d-74-e3-5b-d8-41-56-c5-63-56-88-c0
If a game or program requires a downloaded component it is pretty easy to make it impossible to crack. If every sold product has a large unique key and that key is stored in a database on the server then you can check if a key isn't used from different locations or in parellel.
For normal games, you wouldn't want to make an internet connection a requirement though.
From the article: "The TPM will, in fact, absolutely stop piracy of gameplay." I assume this TPM is a Trusted Platform Module. For example, Windows Vista Ultimate's BitLocker feature uses the TPM. But don't you need at least Windows Vista to run games for Windows that require the TPM?
Besides, is it even possible to pirate "gameplay" as such? The Tetris Company likes to assert a copyright on Tetris, but game rules can't be copyrighted. One leading case is Lotus v. Borland.
So now, crackers will actually have to buy the game and then dump the decrypted content. Atleast that guarantees another purchase.
Simple...let's go back to the cartridges... DS cartridges are already widely pirated, as were GBA cartridges before them.
I am an old fart programmer (anything past 40 is WAY old in technology) so gaming long since left me behind. Face it, asteroids was as advanced as I got.
That said, I would hope the industry would LEARN from the failure of music DRM and the HD DVD stuff (note how Blu-Ray is failing to fly off the shelves -- it was the format war, not DRM that kept it from selling, right? RIGHT!?!?)
I am sick and tired of being treated like a criminal. And that's what all this technology does. I don't share the optimism that every solution will be defeated. Impenetrable control is possible. But luckily the industry hasn't been very good at this so far. But compare the ease of defeating CSS with the difficulty of defeating ACCS and you see they are learning.
The best way to defeat this is to refuse to buy hardware that has the controls. I sincerely hope Blu-Ray dies an ignimonious death. As much as I want an HD video format (and as long as I only have 1MBit bandwidth), DVD is good enough.
Stop treating me like a criminal and I'll buy your crap. Until then, get bent.
whoops... here's the link for TPM & Apple ...
http://www.osxbook.com/book/bonus/chapter10/tpm/
I continue to be irked by the fact that 3rd parties increasingly have more control over my PC than I do.
I'm not interested in pirating someone's games or music, but I'm just waiting until a fairly obvious operation suddenly becomes disallowed to me because some peckerwood decided I should never be able to do that on my own damned PC for fear that I might be doing something they don't like.
If the media companies had their way, they'd basically get rid of the entire concept of general purpose computing and be stuck with an appliance they could control and which would force us to become a monetized revenue source with marketing options controlled by them.
I'm getting tired of crappy solutions which are mostly just restricting what I can already do.
Cheers
Lost at C:>. Found at C.
The software my company writes is tied to the TPM chip. What it prevents you from doing is taking a copy of our software and running it on another machine. When you register it, you then download an encrypted image for that specific TPM chip. Without systems level access to that machine and some pretty expensive hardware tools, there's no reasonable way to hack it. Of course, our entire application/OS is encrypted whereas encrypting an entire game would become a hinderence to game play. Therefore, I doubt it will take off.
But heck, it's the securiest OS on the planet be running those games. TPM is irrelevant then.
He must not have had his Wheaties that morning. That's the really dumbest thing I've seen him say in a long time.
He says this:
a new stealth encryption chip called TPM will 'absolutely stop piracy of gameplay'.But he also says this:
...it won't stop movie or music piracy, since 'if you can watch it and you can hear it, you can copy it.'So tell me Nolan, exactly how does that work? Do the bytes that make up movies have a different flavor somehow than the bytes in a computer program?
In short Nolan, never underestimate the power of fifteen year old kids who live in the Netherlands. Be prepared to eat those words.
PS: Wiki has a page up on TPM already. Along with links to already existing attacks.
Weaselmancer
rediculous.
...how are they now going to explain the drop in game sales?
They won't be able to blame piracy, which in actuality has been a promotional tool.
Without that promotional tool, well.... out of sight, out or mind.
Its been long established and even in some cases intentionally applied, that the non-legal distribution of software helps promotion of the software in sales.
This non-legal spread of software started before the word "Piracy" was coined by Bill Gates (as it applies to software). And Bill Gates profited off of the non-legal spread of his BASIC for the Altair computer.
I believe there are studies of this same drop in sales regarding music as piracy is cracked down on by unreasonable aggressive RIAA legal system tactics.
From a theoretical standpoint, that works assuming you can run through or predict the outcome of every possible input sequence anyone can give it. (Or at least, say, the most frequent 80-90% of possible inputs if you want bad copies.) Even a computer can't play-test a modern game to that degree of completion, though maybe a computer with a human to spend a lot of time patching conditional state changes into it could.
To my knowledge, though, nobody has gotten a system together which is theoretically uncrackable. (Without having holes in the theory, anyway.) So we haven't gone down the "if you can watch it and you can hear it, you can copy it route." Well, not for games, anyway.
Sadly, the chip was stolen before it could be used.
If you can read this, I forgot to post anonymously.
The game industry already has a copy-protect mechanism that works. It's called "game consoles".
Comment removed based on user account deletion
Umm its not new, its been in Thinkpads for years at the least.
If it does stop piracy 100% ( which i doubt ) then it will cripple the industry as he's got no clue how much piracy HELPS the market, just like it does the music market and regular software market.
+ my system wont ever have a TPM, so does that mean they are selling defective products ?
---- Booth was a patriot ----
It should be filed under "famous last words" instead.
----
You can disable TPM by unticking its option from Linux kernel configuration (mine was enabled by default).
And TPM has been around for a while. Nothing new here.
Mod points are a dangerous tool. Abuse them wisely.
More information can be found at wikipedia
Comment removed based on user account deletion
i was going to post about this. in late 80's early 90's magazines were chock full of ads for paralel port dongles, while here in brasil (a piracy heaven to these days) we were using all kinds of software that were supposed to have dongles, absolutelly free.
using hardware to lock software is like trying to hold pudding with string. it doesn't work.
proof of this is the fact that i had for some months MacOS X running in standard home-build PC. apple does everything they can to limit MacOS to their hardware, just to have people cracking the stuff.
so, here's my tip for game companies, either limit yourselves to erite games for consoles, or lower the price of original games. nothing's better than lower prices to curb piracy.
What ? Me, worry ?
Did anyone bother to point out that TPM has been discussed to death and the mere existence of the Trusted Platform Module is no news at all?
Power corrupts the few, while weakness corrupts the many.
The TPM chip that comes in computers is totally different than the hardware chips, curtained memory, and super-root apps that were in Palladium. In the NGSCB, the hardware had an active role of maintaining I/O, and managing memory.
The current version of the TPM is not in the active path at all. Fundamentally, all a TPM 1.2 chip is, is a smart card that is attached to the motherboard. The only difference between it and an Aladdin eToken that is plugged into a USB port are two things. First, are the platform configuration registers, which you manually have to put data into, and second the TPM is resettable from the BIOS screen.
TPM chips, as per the TCG 1.2 spec ship disabled and deactivated, and the user of the machine has to go into BIOS to enable the chip and take physical ownership. Otherwise, it can't be accessed by the machine in any way.
Motherboards TPM chips are rare to find. For a server I built that is to be able to boot unattended, but have all its volumes encrypted using BitLocker, I had to chase down stats on Intel's website and compare them to currently selling motherboards, then cross-reference them to make sure there was an actual chip, and not just BIOS headers.
The Atari founder is quite wrong. Using the TPM won't give much protection from pirates. We've already hard hardware devices encrypting software for decades -- the good old fashioned dongles.
Second, no modern OS ships with a trusted, sealed OS path that is forever static and can be signed from the OS company and passed directly to the TPM like console operating systems are done. Windows Server 2008 has different drivers load for RAID and other low level devices which vary widely party. For example, If you install a new role like Hyper-V on Windows Server 2008, you have to disable and re-enable BitLocker, or the OS path won't be the same. Bitlocker doesn't use OS signatures from a central source, when its enabled, it does its own signing and sealing of the boot path and other user selectable data (BIOS settings, NTFS stats, MBR, partition table.)
The Atari founder assumes too much. PCs are not consoles where having a chip on a static OS and hardware can provide adequate protection. For the TPM chip on PCs to be used for piracy protection, every gaming machine would have to have one physically present, enabled, activated, and ownership taken in the OS the chip is running under, the OS would have to have a static low level kernel that never changes from machine to machine regardless of CPU or devices installed, which for a PC is virtually impossible.
TPM chips also have been emulated too. All it takes is one person to be able to bypass the protection, and the game is cracked.
All and all, in my personal experience, TPM chips are a good thing, especially with BitLocker. A server can boot unattended but still possess hard disk encryption so someone who gets physical access to the box can't just boot a CD and copy off the server's contents. I'd recommend this for co-loc boxes, especially in these times where thieves are learning that a data center heist can net far more cash in information to sell on the ID theft market (or just plain old extortion) than a bank robbery would haul in.
A laptop owned by a company bound by corporate regs can use BitLocker or PGP to ensure the laptop has hard disk encryption, but doesn't have any more passwords the user has to remember. Finally, someone can use BitLocker + a PIN, so if someone steals a laptop or machine, they only have 3-5 guesses before the TPM refused entries or starts adding substantial delays between password guesses.
Of course, there are hard disk encryption programs with pre-boot authentication (TrueCrypt, PGP, etc.), but BitLocker is the only one that offers the feature of booting a machine completely unattended, but yet remain secure. Of course, one can have an OS boot then manually mount encrypted volumes, but BitLocker removes the hassle of this, especially if the machine is in a remote location where no admins would be present, and a network connection is not feasible.
The TPM chip in its current form is a security asset (IMHO). It, in its current incarnation, would provide little help for new DRM or antipiracy schemes.
Is apparently still a major problem. You learn something everyday
It has been around much longer. It started with the Trusted Computing Platform Alliance, which was founded somewhere between 2001 and 2002 (in the Wikipedia article, there's unfortunately not much information about its history. The organization is now called Trusted Computing Group (of course, with an SSL encrypted homepage! ;-) ).
The FSF and EFF have been upset about this for a long time, and for a good reason. The initial design of Windows Vista would have included a "trusted kernel" which would've allowed only trusted applications and documents. Luckily, they could not enforce the original design.
Cryptography 101 says that if you have ANY encryption scheme where Alice, Bob, and Eve are all the same person, it just won't work. The thing about marketing claims like this--and it is a marketing claim, doubt it not--is that if it is cracked, their entire business falls apart rather quickly.
You would have thought that any company involved in any measure of cryptography would have read Bruce Schneier. Wanna take bets on how long it takes before this scheme is cracked?
There is a glaring hole in the "TPM fixes everything" thing, as with every other piracy "solution". This time, it's called DMA.
A game or other program could license itself to a particular piece of hardware, given that that particular piece of hardware (the motherboard) has a cryptochip. How does a program then verify that it is only running on that particular hardware? It sounds like, from the article, the ploy is to encrypt part of the game program (or all of it) with the onboard TPM's public key, so that only the motherboard with that particular key can decrypt the game. Part of the registration or installation process would be to contact the vendor and obtain the part of the program in question, encrypted for your particular TPM.
That's great, but (and I love the word 'but' when referring to someone's Genius Plan to Implement DRM)...the game has to live in RAM unencrypted, or it would be too slow to play. In this case, I can make a specialized PCI/PCIe card whose sole purpose is to dump RAM. It will just DMA read all available memory and put it on its own 4GB compactflash card or some such. As soon as the unencrypted game hits my RAM, I'll have it to do with as I please. If the motherboard implements an IOMMU? I'll just hit my RAM with compressed air and freeze it, then read the bits out and hack as I please.
DRM won't work because its trust metric is screwed up. It basically says, "I trust that I'm going to run on particular hardware
The Right Reverend K. Reid Wightman,
Some kind of Secure Hardware Environment is inevitable. A combination of identity (which cost $$$, so is not disposable), network verification in realtime, and proprietary hardware can make this work. You will be able to copy a game, but you won't be able to make it run for very long. The only thing TPM lacks is a way of automatically generating "patches" of a game once a day or more often. The program's author should be able to obfuscate faster than the users can hack. This combined with the attestation facilities of TPM will make copy protection obsolete. It will be replaced by execution protection.
Regarding the title "PR department at Atari is having a heart attack"; not really!
:)
Nolan Bushnell may have founded the *original* Atari, but he left in 1979 (having sold it to Warner Communications in 1976), and I see no indication that he has anything to do with the present-day company.
Besides which, the modern "Atari" is effectively just a brand purchased and used by Infogrames which has no real relationship or business continuity with the original Atari (which split into Atari Corp. and Atari Games in 1984- both streams are now effectively defunct).
The PR department at Atari probably couldn't give a toss!
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
Nolan Bushnell is on the board of Wave Systems, who makes these chips. (Or at least he used to be.)
(I used to work at Wave myself.)