Slashdot Mirror
DRM Take II — Digital Personal Property
Diabolus Advocatus writes "Ars Technica has an article on a new form of DRM being considered by the IEEE. It's called Digital Personal Property and although it removes some of the drawbacks of conventional DRM it introduces new drawbacks of its own. From the article: 'Digital personal property (DPP) is an attempt to make consumers treat digital media like physical objects. For instance, you might loan your car to a friend, a family member, or a neighbor. You might do so on many different occasions and for different lengths of time. But you are unlikely to leave the car out front of your house with the keys in it and a sign on it saying, "Take me!" If you did, you might never see the vehicle again. It's that ability to lose control over property that is central to the DPP system. DPP files are encrypted. They can be freely copied and distributed to anyone, but here's the trick: anyone who can view your content can also "steal" it irrevocably. The simple addition of a way to lose content instantly leads consumers to set up a "circle of trust" that can be as wide as they like but will not extend to total strangers on the Internet.'"
Yeah you know me!
what are they trying to achieve?
surely after years of being beaten to a pulp they MUST have learned that any attempt at controlling is more than futile?
Looking for people to chat about multicopters, coding, music. skype: gtsiros
All right, time to start the ol' betting pool up. Let's guess how long it'll be before someone hacks that and just permanently steals everyone's DPP. I must say, however, it's awfully nice of them to make theft easier than ever. Why bother to leave your house when you can do it from the comfort of your office chair? If you'd like to ransom their belongings you can use the Internet for that too! Thanks Internet!
You are using English. Please learn the difference between loose and lose; they're, there, and their; your and you're.
Right now, it's easy to include DRM while only upsetting we, the minority, because the average consumer never tries to use their media in a way that runs afoul of DRM. They buy song off iTunes and just use it there on iTunes, never knowing the limitations of the "product". (I use iTunes merely as an example, I know there's DRM-free music there now)
With every new push, however, the average consumer comes closer to running head-first into these limitations. When you have people's files start disapearing off their hard drive when there is no physical product, they might finally join us in asking: "Why the Hell is a collection of ones and zeroes being treated this way?"
The harder DRM advocates push, the more the consumer becomes less ignorant of their questionable ownership philosophy.
Caffeine is my anti-drug!
Duranin - A NWN2 Roleplaying Persistent World
This new development in the copyright arena is going to raise several important questions. Do we refer to this as "Dippy" or as "Da peepee"? Do we change the acronym to "Digital Pretend Property" or "Digital Property Penalties"? Will this technology never really take off, or will it only die after a multi-billion dollar campaign and several dozen slashdot debates? Only time will tell.
what they want, he tells Ars, is for digital property to "complete the emulation of the physical world."
One would think they would eventually see the change of paradigm that's been going on for... 30 years?
I wouldn't leave my car outside my house with the keys in the ignition for all to steal (well, actually, my car is terrible so I have contemplated it). However, if I could 'burn' a new car from a car 'blank' for the price of a few pennies every time I left the house I would. I would also drive it over to my friends house and not worry if I found a different way back - I'd just leave my car there and create a new one. There is no reason to treat digital media the same way as physical media unless you're trying to force people to play by your old rules when the world has moved on.
And anyone with a "link" to the key can assume ownership. So if you, or any of your friends' computers are compromised, they can "steal" your DPP protected stuff. And you can never get it back.
Of course, there is little reason to steal; people who want the files in question would simply get DPP-free versions. Only malicious sorts and vandals would bother, since there'd be no real gain from the act. But if you have a falling out with your friend, it doesn't look like you can "change the locks" so to speak. If I give a house key to a friend, and for some reason stop trusting him, I can change the locks on my house. This doesn't seem to support a similar mechanism. Also, unless you store the playkey online (which has its own problems), a hardware failure in the playkey storage device will cost you your files. Returning to the house analogy, it would be like your house burning down (okay, becoming inaccessible forever) because you lost the key to the front door.
$_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
Dear IEEE,
No thanks.
Sincerely yours,
Everybody
The point is, for most younger people: I have it, you have it, we all have it. All the time, and for free.
Anything that doesn't encompass that usage model will get bypassed in favor of stuff that will adhere to that model.
The problem is for creative types that this means they get one sale in an efficient market. The first buyer then makes their purchase available to the rest of the world for free. Why would they do that? I don't think anyone is completely sure, but a reputation or status built by sharing is part of it.
The "one sale" idea pretty much pushes things back to a patronage system. Instead of recording a song and selling copies of it, a band is paid by some rich guy to play. The rich guy gets to tell them what he likes and what he doesn't like - and if the band wants to continue living off music they will play that way. They can then distribute their work for free without any worries about compensation.
The problem is, as quite a few creative types found hundreds of years ago, a patronage system quickly ends up where everyone is trying to be just like Elvis because the people with money to spend on the arts really, really liked Elvis. Or whomever was the big favorite. So in 17th Century Europe you had playwrites coming up with pretty much rehashes of the same theme over and over again because that is what the patrons of the arts liked and would pay for.
Sounds sort of like what has happened with music recently. But the problem is while the record labels have (somewhat) learned that an endless series of "Boy Bands" aren't going to cut it any longer with a patronage system it isn't up to the marketplace - it is up to a very small number of patrons. Is that really where we want to go?
And no, I don't see the Internet making much of a difference. If the Internet lead to broad-based financial support it would. But the Internet is a way to distribute stuff for free. There is no "financial support" involved. iTunes is a myth and you might as well get over it. Nobody is making money off iTunes, especially Apple who created it as a music supply for iPods. And as many sales as iTunes has it occupies maybe 3% of music downloads today. No, no money that way.
The IEEE fails to take into account something rather major here:
First, that sounds like a royal goddamn pain in the ass and I'm a freaking software engineer. There's a reason the iPod has been so popular.
No it doesn't, it instantly leads to people who quickly and repeatedly lose access to things they pay for, as malicious script kiddies get into their machines that they've added to the latest and greatest botnet, copy the files off, and snag the key. I can see people jacking those keys being as popular as sniffing for world of warcraft accounts.
And it gets even more confusing:
So this key is moved into a tamper-protected circuit (irrelevant, no?) that is device exclusive. So you stick it in your phone so your music files only work there, or on your desktop and they only work there, or online and it's not even in your hands (but useless if you're not online) and this license can easily be moved around and if taken, fucks you permanently. But also somehow is magically secure enough that I can't just use it to decrypt the files and strip the DRM? And I can't somehow duplicate this key? What about key backups?
As dumb an idea as ever, I suggest the IEEE leave this one to rot in the dustbin, and stop letting the media companies push the tech industry around.
Actually after reading the article the guy is an idiot. The "playkey" is the whole problem with DRM. Whether downloaded off a drm server, or transferee securely br protected memory(as the article suggests). Transfer of that key is needed. Without it everything fails. What's worse in order to even be vaguely secure each music file would need it's own playkey. So for me alone that is some 5,000 keys.
If you had even the same playkey for every song title theft is easy. If each person has one playkey. Then it be ones possible to steal thousands of songs nearly instantly.
So I say again the guy is an idiot. A dumb idea so poorly thought out I wonder if he actually thought about it or pulledit out of his ass.
i thought once I was found, but it was only a dream.
Since it obviously involves some type of key server to check against there are several ways from the very simple to very sophisticated. There are also several problems with it:
1) If the DRM permits on failure then that would be the simplest way to hack it, just block the server or specific queries to servers. If the DRM disallows on failure then a lot of people would be affected when a DDoS or a firewall/router 'problem' blocks the server somewhere upstream. This can off course be mitigated slightly by only disallowing after a certain time period, but that would require the keys to be stored either locally in the media file or locally in the media player. Both issues are simple to solve.
2) If the DRM uses a very central key server (hosted by the RIAA) that keeps track of all the 'stolen' keys then just distributing and submitting a rainbow table (easily accomplished through a botnet) of keys would be enough. If only few hold access to the key server, then there has to be some type of mechanism that finds and blocks the 'stolen' keys (where stolen is defined according to their dictionary, not the Standard English one, we would say copied to a public place). That mechanism will be very simple to either avoid (like blocking/allowing Google Bots) or mislead. Manually would be too time intensive and thus not work either.
3) If the central keys are held by the media sellers (eg. iTunes, Amazon, Microsoft) then it only takes a media seller to go out of business to have millions of files disappear. Also if the system has to be upgraded it will be very much fun to watch a) all systems synchronize their updates without downtime and b) maintain backwards compatibility. The option to 'hack' it in 2 is still valid especially when said sellers are big enough (Amazon and iTunes come to mind)
As with so many schemes for DRM it will not work and it will piss off the customers usually sooner than later. It will not be implemented and it will not be compatible with millions of devices/users out there. It is dead before it was even started. DRM does not work. It's akin to somebody making a perfect copy of your car (and/or license plate) and then driving off with the copy, you won't care, you won't know and/or you'll get in trouble for the other persons actions while you were the one that legitimately bought the car or applied for the license plate.
Custom electronics and digital signage for your business: www.evcircuits.com
It's like when a five year old tells you he can't find his shoes because he lost them. But he doesn't want to get in trouble so he'll say a gypsy took them. And you know the kid is lying but when you press him - he'll start to describe the gypsy. "He had purple pants, a gold shirt, and a moustache. He had a little monkey with him."
Much the same with DRM. They've lobbied for it, they've pushed it, they've gotten people to buy it and then yanked the key servers and left them high and dry. It can't be a swindle, they just haven't found the correct solution yet! So we go around and around with the industry talking about how to do this the right way. The truth is that there is no right way. The truth is that DRM is a lie. It can't work. Ever. Whenever you hold both the lock and the key, it stops being about cryptography and starts being about how to game the system.
Read up on how people beat DRM systems. Like DVD Jon. He's not a gonzo cryptographer. He didn't break DVD by his sheer mathematical skills. No. He was a kid with a machine code monitor who found the decrypted key in memory.
But like any good lie, you have to keep telling it once you start. Because the minute you say "well as it turns out there wasn't any gypsy" that's when you get in deep trouble. Imagine the class action lawsuits that would result! No, telling the lie over and over is much cheaper. So let's hear it for DRM2. I'm sure it'll buy the industry at least six more months before the next bored kid from the Netherlands comes along.
Weaselmancer
rediculous.
A quick Google search brings his Linkedin profile, along with his current job position:
That leads us to his company homepage, Telebind Inc. Not surprisingly, their sole product is "technology and tools to create ownable Digital Property".
This is nothing but a pitiful attempt to pass astroturfing as a peer (or standardization group) reviewed article. And it is more probable that not even he believe on his product, but want to suck a few into his scam, just like the ones who sold the rootkit to Sony.
What about option three? People stop designing cars, watches, etc, because once they sell one, anyone with the "replicator" can get theirs without the original designer being paid
In a world where everything costs nothing, what would they spend money on?
It is difficult to get a man to understand something when his job depends on not understanding it.
Here's how I'd break this:
Buy a copy of the ebook.
Now have a friend buy another copy.
Compare the two copies, zero out (or otherwise remove) any differences. Done.