Slashdot Mirror

← Back to Stories (view on slashdot.org)

DRM Take II — Digital Personal Property

Posted by timothy on from the shhh-you're-disturbing-my-metaphors dept.

Diabolus Advocatus writes "Ars Technica has an article on a new form of DRM being considered by the IEEE. It's called Digital Personal Property and although it removes some of the drawbacks of conventional DRM it introduces new drawbacks of its own. From the article: 'Digital personal property (DPP) is an attempt to make consumers treat digital media like physical objects. For instance, you might loan your car to a friend, a family member, or a neighbor. You might do so on many different occasions and for different lengths of time. But you are unlikely to leave the car out front of your house with the keys in it and a sign on it saying, "Take me!" If you did, you might never see the vehicle again. It's that ability to lose control over property that is central to the DPP system. DPP files are encrypted. They can be freely copied and distributed to anyone, but here's the trick: anyone who can view your content can also "steal" it irrevocably. The simple addition of a way to lose content instantly leads consumers to set up a "circle of trust" that can be as wide as they like but will not extend to total strangers on the Internet.'"

5 of 356 comments (clear)

  1. dear IEEE by Anonymous Coward · · Score: 5, Informative

    Dear IEEE,

    No thanks.

    Sincerely yours,

          Everybody

  2. Whoops by Microlith · · Score: 5, Informative

    The IEEE fails to take into account something rather major here:

    First, that sounds like a royal goddamn pain in the ass and I'm a freaking software engineer. There's a reason the iPod has been so popular.

    They can be freely copied and distributed to anyone, but here's the trick: anyone who can view your content can also "steal" it irrevocably. The simple addition of a way to lose content instantly leads consumers to set up a "circle of trust" that can be as wide as they like but will not extend to total strangers on the Internet.'"

    No it doesn't, it instantly leads to people who quickly and repeatedly lose access to things they pay for, as malicious script kiddies get into their machines that they've added to the latest and greatest botnet, copy the files off, and snag the key. I can see people jacking those keys being as popular as sniffing for world of warcraft accounts.

    And it gets even more confusing:

    . To access the content inside, however, you'll need the playkey, which is delivered to the buyer of a digital media file and lives within "tamper-protected circuit" inside some device (computer, cell phone, router) or online at a playkey bank account. Controlling the playkey means that you control the media, and you truly own it, since no part of the system needs to phone home, and it imposes no restrictions on copying (except for those that arise naturally from fear of loss).

    So this key is moved into a tamper-protected circuit (irrelevant, no?) that is device exclusive. So you stick it in your phone so your music files only work there, or on your desktop and they only work there, or online and it's not even in your hands (but useless if you're not online) and this license can easily be moved around and if taken, fucks you permanently. But also somehow is magically secure enough that I can't just use it to decrypt the files and strip the DRM? And I can't somehow duplicate this key? What about key backups?

    As dumb an idea as ever, I suggest the IEEE leave this one to rot in the dustbin, and stop letting the media companies push the tech industry around.

  3. Hacked before they even began by guruevi · · Score: 4, Informative

    Since it obviously involves some type of key server to check against there are several ways from the very simple to very sophisticated. There are also several problems with it:

    1) If the DRM permits on failure then that would be the simplest way to hack it, just block the server or specific queries to servers. If the DRM disallows on failure then a lot of people would be affected when a DDoS or a firewall/router 'problem' blocks the server somewhere upstream. This can off course be mitigated slightly by only disallowing after a certain time period, but that would require the keys to be stored either locally in the media file or locally in the media player. Both issues are simple to solve.

    2) If the DRM uses a very central key server (hosted by the RIAA) that keeps track of all the 'stolen' keys then just distributing and submitting a rainbow table (easily accomplished through a botnet) of keys would be enough. If only few hold access to the key server, then there has to be some type of mechanism that finds and blocks the 'stolen' keys (where stolen is defined according to their dictionary, not the Standard English one, we would say copied to a public place). That mechanism will be very simple to either avoid (like blocking/allowing Google Bots) or mislead. Manually would be too time intensive and thus not work either.

    3) If the central keys are held by the media sellers (eg. iTunes, Amazon, Microsoft) then it only takes a media seller to go out of business to have millions of files disappear. Also if the system has to be upgraded it will be very much fun to watch a) all systems synchronize their updates without downtime and b) maintain backwards compatibility. The option to 'hack' it in 2 is still valid especially when said sellers are big enough (Amazon and iTunes come to mind)

    As with so many schemes for DRM it will not work and it will piss off the customers usually sooner than later. It will not be implemented and it will not be compatible with millions of devices/users out there. It is dead before it was even started. DRM does not work. It's akin to somebody making a perfect copy of your car (and/or license plate) and then driving off with the copy, you won't care, you won't know and/or you'll get in trouble for the other persons actions while you were the one that legitimately bought the car or applied for the license plate.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  4. Slashvertisement to another level by vivaoporto · · Score: 5, Informative
    Although it says "IEEE" in the summary, TFA name names:

    That's the dream of Paul Sweazey, who's heading up a new study group on "digital personal property" at the IEEE.

    A quick Google search brings his Linkedin profile, along with his current job position:

    President
    TeleBind, Inc.

    (Online Media industry)

    February 2009 -- Present (8 months)

    That leads us to his company homepage, Telebind Inc. Not surprisingly, their sole product is "technology and tools to create ownable Digital Property".

    This is nothing but a pitiful attempt to pass astroturfing as a peer (or standardization group) reviewed article. And it is more probable that not even he believe on his product, but want to suck a few into his scam, just like the ones who sold the rootkit to Sony.

  5. Re:It is only DRM+ by 42forty-two42 · · Score: 4, Informative

    Here's how I'd break this:

    Buy a copy of the ebook.
    Now have a friend buy another copy.

    Compare the two copies, zero out (or otherwise remove) any differences. Done.