How Important Is Protecting Streaming Media?

spaj writes "In the ongoing battle with the MPAA and RIAA, there seems to be an ongoing argument about who is to blame. If you leave a $20 bill on the sidewalk, can you report it stolen when someone takes it? Of course you can, but will you be taken seriously by the authorities? When my car was broken into, I was told by the responding police officer that I might have prevented it by keeping my seats and visible areas clear of junk that would entice criminals. So, who is at fault when it comes to users abusing their right to capture streaming media for personal use? According to Applian.com's Legal FAQ, the RIAA will not come after you if you make a recording for your own personal use. I have often been torn on this issue, and I am looking for input. Adobe recently released a new format of their widely used streaming protocol, RTMP, that includes 128-bit encryption (RTMPE). I can only interpret this as an attempt to prevent capturing of the streaming media content for personal use. However, Applian has already circumvented the RTMPE protection, and you can read about it on Adobe's forums, where some users seem quite dissatisfied that their content is not protected enough by Adobe's technology. I think the main question boils down to: Who is to blame? Can you blame Adobe for not making a better encryption? Or do you blame Applian for bypassing such security features? Or do you blame the authors of stolen content for leaving the security of their material in somebody else's hands?"

Nobody is to blame

[sakdoctor]

Why does this drone on and on about assigning blame.

This just isn't sensible because DRM can't work ever. It's just not mathematically possible.

Right, now you can go back to trying to stop people "stealing" images off web pages with crappy bits of javascript. Good luck.

Re:Nobody is to blame

[plasmacutter]

if i can't bypass DRM on something i want without a lot of work, i'll just go to (choose one of virtually infinite methods of sharing files here).

It only takes one break in the chain for the pirates to get hold of it, so all it takes is one compromise of the DRM at any point in the chain, and nobody else has to bother with it.

Re:Nobody is to blame

[sakdoctor]

There is no strong or weak DRM. At some point the data is decrypted, and at that point you extract it. End of story.

It just takes one person to make it into a "cheap off the shelf tool that requires no expertise", and there will always be at least one programmer out there scratching their own itch.

Re:Nobody is to blame

[Maelwryth]

DRM may not work, but that's just the band aid. The problem the content providers really face is that we all grew up. When we were children, if we found a $20 bill on the sidewalk, we would have handed it in. We believed in doing the right thing. As we grew up, we watched our heroes (eg; the people we looked up to) throw away their ideals in the name of pragmatism. We watched wars, and death, and crime, and no one seemed to be punished for doing "bad" things.

The problem that content providers face is that we don't care anymore. Times have changed. We have watched them rake in money for thirty years, and now they want to give us toys, make us pay for them, and then take them back. That isn't going to work. We don't value them that much, and if we feel a small twinge of guilt at keeping it, then that is oh so easily justified by the way in which we have been treated.

How's that for a hypothesis?

Re:Nobody is to blame

[Tuoqui]

There is no defense against an intelligent hacker with a soldering iron.

Re:Nobody is to blame

[Strake]

Exactly. Cryptography is a method of ensuring, among other things, that a message sent from one party to another cannot be read by an attacker. However, in the case of DRM, the recipient and attacker are the same person; therefore, DRM is essentially a trivial case of cryptography, which is basically equivalent to sending the data in the clear, if somewhat more inconvenient for the movie viewer or music listener.

Re:Nobody is to blame

[tepples]

There is no strong or weak DRM. At some point the data is decrypted, and at that point you extract it. End of story.

Imagine a CPU that can apply AES encryption to sensitive blocks of RAM. In that case, you'd have to tap the CPU's L2 cache (not likely without expensive tools) to extract anything decrypted.

Re:Nobody is to blame

I like how you equate growing up to becoming a selfish, cynical bastard. I would like to subscribe to your newsletter.

Re:Nobody is to blame

[TheRaven64]

You can have a completely secure chain from the music store to your speakers, but as soon as it gets to your speaker wires it's in a form where someone can record it.

Back in the '90s, CDs came with an early form of DRM. Each CD had two flags, a copy and a copyright flag. You were allowed to make digital copies of copyrighted CDs, but not copies of copies of copyrighted CDs. I recall reading a review of a CD recorder which enforced this. It had a single cable connecting the two drives together. If the copy and copyright flags were both set, it would flip a DAC and an ADC into the circuit (one at each end). Even back then, the resolution on these was sufficiently high that in listening tests no one could tell the difference between an analogue and a digital copy of the music.

Re:Nobody is to blame

[The+Snowman]

You can have a completely secure chain from the music store to your speakers, but as soon as it gets to your speaker wires it's in a form where someone can record it.

Remember the old analog copy protection for VHS? The VCR would mess with the blank space between frames, which TVs ignored, but another VCR would gag on it and you would get a garbled signal. It would be unable to sync the frames. Without any encryption or anything sophisticated the manufacturers were able to stop VHS copying (at least until people found a way around it). Remember, this was the "last mile" so to speak, the last part of the chain going to the output device.

I think the whole idea is silly. I would leave the whole chain wide open, and rather than spend money on ineffective copy protection, I would invest in more, better movies; better television shows (I canceled digital cable partially due to time, partially due to the shitty quality of 95% of what is on it); and making customers happy. By providing customers with DVRs (which most cable companies do) that have features customers want, by providing high definition movies on demand for a reasonable price, customers will be more likely to spend money with the cable company (and to the content providers by proxy) and less effort on copyright infringement because they will be less motivated. I for one am willing to pay for these services if the cost is reasonable, even if I could get the same thing for free.

As for music, I think the middlemen (e.g. iTunes) are moving in the right direction by selling albums and songs in digital format with or without DRM (preferably without). If I can get a song for free via file sharing or spend a dollar to get a good quality version and "do the right thing," I will spend the dollar.

Nature cannot be encrypted

[six025]

Sound waves cannot be encrypted - where there is a will, there is a way. Certain people will always take pleasure from using whatever means necessary to make copies of music, or almost any art for that matter. Digital systems just make it more convenient and therefore it occurs on a massive scale.

Setting up a microphone and recording the output from the speakers might be the last resort and the lowest quality, but people will go to these lengths if it is the only way they can get something for nothing / they are not supposed to / what other people have or even because they like the technical challenge of getting the best recording they can using the tools and techniques they possess.

You Blame Adobe

[rsmith-mac]

Idealism of liberal copyrights aside, if Adobe is selling a product that is intended to keep people from copying your wares, and it is in fact it's not stopping them, then it's pretty clear who is at fault. It's a faulty product, the blame lies with Adobe. Of course if they had any brains they'd know that what they want to do is impossible, but since they're selling the product, it needs to work as advertised.

Re:You Blame Adobe

[quetwo]

The only one that I've been told that hasn't been cracked is Motorola's motoQAM MPEG encryption used by their Set Top Boxes. Of course, they make people go through background checks just to get sales calls about the encryptor (DAC 6000).

RTMPE

[MassEnergySpaceTime]

After searching around, it looks like RTMPE is nothing more than a transmission encryption that prevents a stream from being intercepted by a "middle man", analogous to wifi encryptions that prevent others from capturing your wifi network packets. If my understanding is correct, then this doesn't actually have anything to do with "stolen" content, right?

One view of importance

[blowdart]

7 years ago now I worked for a streaming media company in the UK who did pretty much all the promotional streaming for the labels. We'd put pre-release music on-line weeks before it was due for release; and, if the customer wanted it, made it available for download as well. All the tracks were free but DRMed to switch off on the day the record was released. Sometimes you'd have to enter some marketing details (although there was always an opt-out checkbox and we'd never pass details on if that was ticked).

One thing sticks in my mind. At the time Microsoft had just released the ability to DRM live streams and a particular heavy metal band wanted to play a charity concert with the proceeds going to a UK charity for a kids charity, I believe because one of them had a child afflicted by illness the charity was raise funds for. It was a small concert, tickets sold out partly because they have a huge following and partly because they were cheap, £5 if memory serves. The band knew there was a large audience for it; so they paid us (and we didn't take a profit on it) to stream the concert live. We discussed it with them and DRMed the live stream and made an archive of it available for a month afterwards. All at no cost to the viewer, not even marketing information, although at the end the band spoke about the charity for 5 minutes. When the month was up the band were going to release a DVD of the concert for sale; with all profit going to the charity. The DVD was pretty cheap too, I think around £8.50 including shipping.

The month expired and the streams were taken down, and the DRM kicked in (because stream rippers ripped the DRM as well *grin*). For the next month the band's official band bulletin board was filled with fans complaining that the streams they had ripped no-longer worked. It was pointed out the DVD was available, it was all for charity, and they'd had it free for a month, but no, lots of whining and sulking and demands that it should be free for ever.

Now you may argue that DRM is bad; and in a lot of cases I'd agree with you; but when it protects something that was free so after a while charities can make some money; well then frankly you can't complain and you're nothing but a freeloader.

Still annoys me now.

Re:One view of importance

It doesn't matter for which higher and noble purpose DRM is used, people just don't like it. People want their computer to do what they tell it to do and not what some company wants. I want to be in control of what software runs on my computer, because it's my computer and I bought it from my money. That's the whole point.

DRM is like a brainchip that prevents you from doing certain things. You wouldn't like that, would you? Why should you accept something like that on your computer then?

Re:One view of importance

[houghi]

Why should DRM be looked at differently when it is a charity? Wether it is Sony, Greenpeace, EFF or my goldfish who needs an operation is irrelevant.

They downloaded it so it is theirs. Just like I download a song from wherever. The fact that one asks money for it and the other doesn't does not matter. It is then not up to you to deactivate it, even if it was announced for whatever reason. Not because the time has expired, not because I don't have the right software anymore.

Freeloaders? Most likely yes and that is the same identical argument the RIAA and others are making.

This is not about wether the DMA is right or wrong. It is about the fact that there is no difference. What you are saying with in a lot of cases I'd agree with you; but when is actualy: I agree, exept when it affects me (Or something I believe in).

Does it really matter?

[alvinrod]

The only person who's ever to blame is the one who's doing something illegal such as violating the content owner's copyright.

The person designing the security is generally trying to do the best that they can to balance security against annoyance of said security of customers, knowing full well that it's only a matter of time before that security is broken.

You can't blame the person breaking the security either as they may only being doing so to enable fair use rights that were taken away by the security. Likewise, anyone who uses the security remove technique could only be doing so for fair use reasons. Fair use may seem sketchy when talking about streamed video online, but if you want to use parts of the video to form a rebuttal video to the points or opinions expressed in the original video I believe making a copy of the stream would fall within fair use. Also I believe it's considered fair use to use any video if providing commentary on segments of the video.

You really can't necessarily blame the content creator either. In some cases they're not even responsible for their works being available somewhere on the internet. Someone violating their copyright may have uploaded it to a video streaming site. Is lack of security on a video streaming site the fault of a movie creator if someone rips the movie from DVD and uploads it to a website?

Blame copyright violations on the people who actually commit them.

Re:Does it really matter?

[Dachannien]

The person designing the security is generally trying to do the best that they can to balance security against annoyance of said security of customers, knowing full well that it's only a matter of time before that security is broken.

The users of DRM (i.e., content providers) use DRM to minimize the effective rights of the content consumer. Ever since the specs for the DVD were first developed (if not before), DRM stopped being about preventing people from making additional copies of something, and started merely pretending to be about that, while actually being about limiting the ways in which legitimate customers can use legitimately purchased content. Region Coding and User Operation Prohibitions (that's where your DVD player forbids you from skipping the FBI warning and sometimes even ads because the content provider said so) are not and have never been about piracy prevention, yet they are an integral part of the DRM that exists on DVDs. Blu-Ray and HD-DVD kept these "features", indicating that the content industry is still playing the same tune.

The creators of DRM, on the other hand, are selling a product to the content providers, and therefore they feel a motivation to create a system that doesn't "balance" security against annoyance, but rather one that provides the content providers with as many options as possible for limiting the content consumer's effective rights.

The content providers win, the DRM creators win, and (because DRM ultimately doesn't work) folks who pirate media win, while legitimate consumers lose. There's nothing balanced about that.

Why do we always need someone to blame?

[pla]

Who is to blame?

Why do we always need someone to blame? All the sides involved have their own valid way of seeing the situation...

The content creator wants to "protect" their work; The end user wants to keep a copy for a variety of reasons. The container/transport producer gets paid by the content producer (usually); and the crackers don't actually count as a separate group, they just reflect knowledgeable end-users who have the power to make sure they can keep a copy.

Who in that chain do we call "wrong" for what they do? The creator we can perhaps call "overprotective", thinking that once the baby grows up and leaves home they can still tell it what to do. The middlemen perhaps should perhaps advise their customers better, but at the end of the day they need to eat too. The end users should of course reimburse the creators for the content, but I would consider "free" the least of the reasons to have a local copy.


Or looking at it from a slightly different angle... At every step, the situation boils down to pure self-interest. And put bluntly, I value my interests above yours - just as you value your own interests above mine.

Re:The last one

[Daengbo]

security thought who-the-hell-would-have-thought-of-implementing- something-as-dumb-as-that

Any DRM scheme falls under this heading. If I can play it on my computer (or another electronic device), I can copy it.

OK, well, I probably can't, but there are lots of smart guys on Slashdot who could. ;)

car theft fault?

[Laebshade]

When my car was broken into, I was told by the responding police officer that I might have prevented it by keeping my seats and visible areas clear of junk that would entice criminals. So, who is at fault

If you'd listen to the police, you'd realize they're giving you preventive measures you can take to lower the chance your car will be stolen. They're not blaming you, just trying to educate. You could've put a million dollars on the front seat, doors locked, and something stole it, the thief would still be at fault, but you would definitely be the laughing stock of the police station.

We can blame greed...

[m2bord]

Okay...let's look at this. Yesterday in my office, we had a conversation about a quaint method of distributin media that I had forgotten about....the public library.

The idea that a popular piece of media, in this case a book, has more than 300 readers or people on a waiting list to read a book indicates to me 300 lost sales for the book publisher. However, this notion of media distribution has long been supported by federal laws.

So we as a community need to ask, do the makes of music, movies, other media, work more than authors? Why are their works more protected than a lowly book that gets passed around like a drunken cheerleader with the publisher's blessing? There is only one answer that can satify this...greed.

Is this greed that has enveloped the movie and music industries likely to destroy this nation's information distribution system? Is the library a leak in the profit margins for book manufacturers? Do humans have an obligation to share information without profit for the continued growth of knowledge?

I think this was the original thinking behind the Open Source movement. People have tools, like computers, and need to be able to use additional tools, like software, to better ourselves. I believe that the same is true for media.

So guys...does DRM deny access to materials and put profit before the betterment of the species? (in the long term) And no, I am not saying things like an Ashley Simpson or Coldplay album can be used to help the human species evolve. Those items are best used for Olympic sports like target shooting.

Re:The last one

[Gerzel]

Ultimately that is what the recording industry wants to stop. In order to stop it they would have to have all recording devices regulated, and under that scheme the big boys would once more be the gatekeepers to mass media.

You did look at MS's "trusted" computing platforms? Who do you think is going to be trusted? Who do you think is not?