BBC's Plan To Kick Open Source Out of UK TV

bluec writes "Generally speaking, the BBC isn't allowed to encrypt or restrict its broadcasts: the license fee payer pays for these broadcasts. But the BBC has tried to get around this, asking Ofcom for permission to encrypt the 'metadata' on its broadcasts – including the assistive information used by deaf and blind people and the 'tables' used by receivers to play back the video. As Ofcom gears up to a second consultation on the issue, there's one important question that the BBC must answer if the implications of this move are to be fully explored, namely: How can free/open source software co-exist with a plan to put DRM on broadcasts?"

Re:Strange question

[Brian+Gordon]

In an open-source solution you can download the source and a debugger and see exactly which bytes you need to patch to break the DRM.. Finding 09 F9 was hard when hackers had a 15MB memory dump to scour, but it wouldn't be hard at all with the full source code. You don't seem to realize that an "encryption system" needs to store its key (or a method of obtaining the key) in the source or else the client can't view the content at all.

You can do some Bad Things like using a weird memory manager that puts instructions in unpredictable places but that only increases headaches all around and is still breakable.

Re:Why does DRM exclude open source?

[green1]

Real cryptographers don't try to keep the intended recipient of the message from being able to access the encryption key either. The problem is that DRM is a flawed system, you can't stop the intended recipient of a message from doing what they like with your message after they receive it... in the end they will find a way to break your system, and the fact that you had to make it possible for them to decrypt it means that you can't rely on them not being able to decrypt it.

Re:Strange question

[Kevinv]

> an "encryption system" needs to store its key (or a method of obtaining the key) in the source or else the client can't view the content at all.

This is untrue for an "encryption system". It is generally true for a DRM system.

GPG, PGP, many open source projects implementing encryption systems such as AES, DES, etc... have no qualms about their source being public. Because the keys do NOT need to be included in the source.

DRM system such as DVD encryption however requires the player to be able to decode the disc for playback, but they don't want the user to be able to playback on non-certified devices. This means the player has to have a key to decode the files. Keys don't need to be stored in the source, but the source would reveal how the key was used. It would reveal implementation problems that could make breaking the DRM easier.

Re:Strange question

[selven]

XOR encryption isn't weak. It's just extremely vulnerable to a plaintext attack. Where that isn't an issue (eg. one time pads), it's the best algorithm out there.

Re:BBC

[SkunkPussy]

In USA you're already required to pay a tax to a corporation (unless you are happy to die early from a treatable disease) - and guess what, we pay less in the UK for our health coverage than most people pay in the USA.

Re:Strange question

[SanityInAnarchy]

...and that's the major reason for the industry to move us to HDMI.

*facepalm*

You've just confused HDMI with HDCP, as so many do. I hate DRM, too, but in this case, that would be like refusing to use DVDRs because commercial DVDs are sometimes DRM'd.

The only possibility is to use a dongle / smartcard (same thing, different name)

Different form factor too, and usually a different, less sinister use, but I'll give you that.

in the display and run the signal encrypted from disk to display.

And what would that accomplish? I'm sorry, but if I'm going to rip a movie, I'm not going to do it by trying to capture 1080p video from HDMI and compressing it down to something manageable -- not when it's already on the disc in beautiful h.264 or VC-1. Maybe if there was no other way, but there's always another way, which was part of the point of my post.

Encrypting the signal from the box to the display only pushes the problem either back to the box, or into the display. If it was actually encrypted from disk to display, that just means you've got the decryption hardware (and the keys) in the display instead of inside your blu-ray player (or TV box, whatever). I really don't see how the display is harder to open up and hack around in than any other box.

But that's not even what's done with HDCP -- it takes the video from the disc, decrypts it, decodes it, then re-encrypts it and sends it to the TV. This means that the video exists in an encoded but decrypted state at some point inside the machine (set-top box, blu-ray player, whatever), and it's always possible (though it may be difficult) to retrieve a perfect-quality copy.

But all of this is offtopic, because, again, you're confusing HDCP, which is the DRM-over-video-cable scheme, with HDMI, which is a perfectly reasonable standard.

I'm running 2000+ x 1600+ on my old EIZO CRT monitor @85Hz on old analog VGA connector, HiRes graphics do not need HDMI

That is true, but after using an LCD screen, you couldn't force me to go back to analog, even 85hz analog. Once you've gone digital, VGA makes no sense -- you're taking the digital signal from the computer, sending it analog over the wire, for the monitor to make digital again before it can be displayed?

No, DVI solves that problem -- the image is sent, still digital, over the wire. And you don't hear Slashdotters whining about DVI being evil and DRM'd.

The point is, HDMI is DVI plus an audio signal. That's it. In fact, HDCP works just as well over DVI.

Now, I use a laptop as my primary computer. I have a nice 1920x1080 24" LCD on my desk. Every time I bring the laptop in there, I want to plug it in. Should I have to fiddle with all those pins and screws of VGA or DVI? Or can I just plug in that one HDMI plug? That goes doubly if you're using it for audio -- while my laptop isn't configured this way, in theory, I could plug the HDMI cable into a home theater system and have the surround sound system and the gigantic projector instantly supported.

The only real reason not to use HDMI for a new system is if you're using analog for some perverse reason, or if you're using DisplayPort instead (which is better).