IEEE Working Group Considers Kinder, Gentler DRM

slave5tom writes "An IEEE working group is trying to put the genie back in the bottle. Its scheme will allow unlimited copying of encrypted content, which will require a playkey to activate. Trying to add a cost by making the playkey 'rivalrous' (what you take I lose) and rescuing the big content players from the brink of oblivion does seem futile, but it is entertaining to watch them fight the inevitable."

Sounds kinda like a shit sandwich

[grahamsaa]

On tasty artisan bread.

Still not terribly appetizing.

Re:Sounds kinda like a shit sandwich

[paeanblack]

From TFA:
To access the content inside, however, you'll need the playkey, which is delivered to the buyer of a digital media file and lives within "tamper-protected circuit" inside some device (computer, cell phone, router) or online at a playkey bank account. Controlling the playkey means that you control the media, and you truly own it, since no part of the system needs to phone home, and it imposes no restrictions on copying (except for those that arise naturally from fear of loss).

"tamper-protected circuit": you may gain some "ownership" of some encrypted media files, but you have to give up ownership of your device.

You can just as easily label what they still control as the "content" and the encrypted files on your device as the "key". Interchanging those labels is just semantics, since you still need both parts to hear the music. The end result is that you gain no additional control over the content, and you have sacrificed control over the hardware.

No thanks.

Re:Sounds kinda like a shit sandwich

[Silentknyght]

Sweazey argues that a truly non-rivalrous system makes commerce too difficult, even impossible, and that we need to create ways for the digital world to mirror the constraints of the physical one.

On a philosophical level, I am opposed to artificial scarcity for the sake of profiteering. It scares the hell out of me. However, playing devil's advocate for myself, it *could* work to allow sharing, resale, and the other benefits currently enjoyed by physical items.

However, as the parent poster rightfully states, the whole tamper-protected circuit notion is nice on paper but going to be impossible to implement while actually "giving" it to the same people who hold the data.

Re:Sounds kinda like a shit sandwich

[icebike]

Tamper protected might mean that it simply stops working if altered. That should be enough to keep 5 9s (99.9995) of the would be hackers at bay, and would probably be good enough.

If you buy something and it gets encoded to some key you own, you still want the ability to use that key on more than one device. (computer, smartphone, ereader, TV, etc), or authorize that media on every device you own.

That is where the problem comes in. Offering device flexibility without giving the game/ebook/song to every resident in the dorm.

Even assuming you could indeed create an un-duplicable play key, people want to read/watch/play on all of their deivces.

Do you put one playkey on multiple devices, on separate playkeys on each device?

The fundamental problem is that the means of duplication is in the hands of the masses. And playkeys will be JUST as quickly duplicated as the media is today.

Baring some form of quantum entanglement you can't make a key that someone else can't duplicate.

Re:Sounds kinda like a shit sandwich

[characterZer0]

Great. So the 6th 9 hacks it and posts a torrent. The cat is out of the bag.

Re:Sounds kinda like a shit sandwich

[fuzzyfuzzyfungus]

There is a second problem: Unless the "tamper-protected circuit"(and presumably "trusted" software) is the entirety of the device, it will be completely useless, even if never cracked. Consider:

1. I receive an encrypted copy of $BIG_MEDIA_PABLUM$. It requires the super secret playkey to decrypt. The super secret playkey is stored in an unbreakable TPM.

2. My software requests the playkey, uses it to decrypt $BIG_MEDIA_PABLUM$ and hands me a plaintext copy.

3. I have a plaintext copy. I no longer care a whit about the playkey. Even if the TPM is unbreakable, and the "rivalrous" revocation mechanism impossible to defeat, what does it matter? I have a plaintext copy.

As with any DRM system, this "kinder, gentler" system requires that all the software on a system be aligned against you(and, to keep it that way, typically involves hardware measures that make it hard or impossible to replace that software, even if you wish to opt out of the "ecosystem" entirely). Thus, no matter how "benevolent" the terms of the DRM are technologically capable of being such a system will necessarily be an enemy of software freedom(or even the potential possession of software freedom) and will, in practice, be as restrictive as desired by the company or consortium that exercises cryptographic control over "your" hardware in perpetuity.

lame

[girlintraining]

Turn to page 5...paragraph 4, sentence 3, word 4. Write it in the box. Insert dongle to continue. Serial numbers, online activation, warder, blah blah blah, and the list goes on.

Guys, no matter how you want to fuck with the technology, you can't erase one simple fact: At some point it needs to be viewed by a human, listened to by a human, interpreted... by a human. That means that at some point the data comes out analog, and can be scanned, manipulated, copied, and everything else.

DRM will always be an excercise in fail.

Re:lame

[The+MAZZTer]

Actually, it is more accurate to say at some point the game has to execute code locally on the user's computer. Where the user has full control of what runs and what doesn't run. Where the user can use a disassembler to reverse engineer the game and disable the DRM.

On a console it's harder because of the locked-down nature but the hardware running the code is owned by the user and they can get access to the system one way or another and decompile the code.

Re:lame

[m94mni]

Console?

No, think iPad. Do you think a disassembler or virtualisation software will be allowed to enter the App Store? Me neither.

We are already starting to lose the hardware battle to Apple. Apple owns the hardware, not you. RIAA and MPAA owns the content, not you. Then they can make deals without bothering with pesky details such as customers.

The biggest threat to information freedom today is Apple and the iOS.

Re:lame

[guruevi]

You're still free to jailbreak your phone and the iPhone emulator in the iPhone SDK allows you to run any program you want AND decompile/debug it.

You're full of FUD and I suggest you get off the Internet. Now!

Re:lame

[asdfghjklqwertyuiop]

The point is Apple actively tries to prevent that sort of freedom. They keep releasing firmware updates that block various jailbreak methods and won't just leave some simple method to accomplish that sort of thing.

Re:lame

[Microlith]

You're still free to jailbreak your phone

Not according to Apple, who consider it a DMCA violation. Never mind the retarded acceptance of fighting the manufacturer for control over your property.

the iPhone emulator in the iPhone SDK allows you to run any program you want AND decompile/debug it.

Totally irrelevant, since you have to pay Apple $99 to load it on a non-Jailbroken device and not at all to others.

There is no FUD here. Apple is totally hostile in the mobile front and that's dangerous.

PS3 hasn't been cracked yet

[Eponymous+Coward]

There are examples of successful DRM out there. The PS3 is probably the most biggest. The PS3 has been out a long time now and it's looking like the DRM isn't going to be cracked anytime soon. The machine is definitely in the second half of its life right now and the most high profile attack was geohot's ultimately useless hypervisor hack.

Re:PS3 hasn't been cracked yet

[zmollusc]

Sony's DRM has succeeded mightily in stopping me spending money on their products. The Sony amp and speakers I bought in the 80's look embarrassed at the way their maker has pissed its good name away.

Re:PS3 hasn't been cracked yet

[Bill_the_Engineer]

Yea but Sony thanks you for your blu-ray purchases (or rentals).

Re:PS3 hasn't been cracked yet

[mea37]

And for every disgruntled consumer that won't buy their system because it carries DRM, would you care to take a guess at how many non-disgruntled consumers are pressed into playing by Sony's rules?

I don't know the number, but I'm willing to wager it's a lot higher than you'd like it to be.

Re:PS3 hasn't been cracked yet

I don't know the number, but I'm willing to wager it's a lot higher than you'd like it to be.

Yea, the number is sitting at around 36 million at the moment. I'm sure execs over at Sony are losing sleep over the 8 guys on Slashdot who didn't buy one because of the DRM though.

Re:PS3 hasn't been cracked yet

[easterberry]

you can play bootleg versions of PS3 games without paying for them. Which is basically what everyone I know who cracks their systems uses it for. Playing free games for that system on that system. So unless you're going to claim that there are no games anyone wants to play on the PS3 (which is a bad joke at best and a played out attempt at trolling at worst. So don't bother.) there is motivation to hack it.

They have succeeded in making a very difficult to crack system or a system where the potential benefit is outweighed by the potential loss if you want to go the "it's expensive if it breaks" route. Either way, they pulled it off pretty well.

Re:PS3 hasn't been cracked yet

[zmollusc]

Meh, there is no accounting for human nature (see religion, sports, soap operas), there are likely 6 billion people eager to exchange their money (that Sony can do anything it wants with) for Sony DRM products ( with which they can only do what Sony wants ).
It is better to moan about DRM than to curse some candles in the dark. Or something.

Re:PS3 hasn't been cracked yet

[Eponymous+Coward]

The big content producers mostly want you to be able to do this as well. The big problem is that they want to be paid for it.

The formula is simple: if some action has value (like format shifting), they want to be paid.

This is why I think "DRM done right" is not possible. DRM *is* rights management. It's all about stopping you from freely using the content in arbitrary ways.

How would you define "done right"?

Re:PS3 hasn't been cracked yet

[Jane+Q.+Public]

"The conversation on /. is often driven by those who reject DRM, but what about those of us who would accept it if it were done right (like me)?"

Nothing personal, just an honest response:

Most people on /. consider people like that to be the sheep who are primarily responsible for many of the world's ills. You really should get this idea through your head: if DRM ever truly became successful, eventually you would be kissing your freedom and privacy goodbye. And I would hold it against the sheep who helped allow it to happen. I'll pass on all that, thanks very much.

Re:PS3 hasn't been cracked yet

[Eponymous+Coward]

DRM needs to be turned on its head. Every day, people give up all kinds of personal information. I would like that to be protected by DRM that I control.

So, for example, if I don't like Facebook's latest privacy policy I should be able to revoke their right to my data. If I get tired of the grocery store tracking my purchasing habits, I should be able to turn it off with a click. Want to change physicians or insurance companies? It should be simple to block your old doctor or insurance company and grant access to your new doctor or insurance company.

Re:PS3 hasn't been cracked yet

[Jane+Q.+Public]

As a corollary, we should have a law such that ALL information gathering will be opt-in, never opt-out. Privacy by default.

EOL

[jeti]

So when the publisher is no longer interested in maintaining the DRM servers, I still lose my 'property'?

Re:EOL

[MobileTatsu-NJG]

So when the publisher is no longer interested in maintaining the DRM servers, I still lose my 'property'?

This is why I prefer DRM for rental instead of ownership. Renting movies and music on-line is cool. It's cheap and there's instant gratification. Purchase of content that way... yick.

Re:At least there being honest

[Darkness404]

There are always ways to make money though even though people can get your content for free. Look at webcomics, videos like Homestar Runner, etc. if you are truly -good- at what you do, you can always make money because your fans will support you.

Yes, with no scarcity there is no reason to pay for all the crap coming from hollywood with generic plots, sub-par acting, etc. but if you are truly good at what you do, you are almost always successful.

Just about every artist or product "killed" by piracy wasn't very good to begin with.

IEEE-USA also lobbies for software patents

[ciaran_o_riordan]

• IEEE-USA's brief to the Supreme Court for Bilski, last year
• Groklaw discussion
• All the other Bilski briefs (for the Supreme Court case, begun 2009, decision pending)
• Bilski overview

DRM is DOA. The real "genie" has been out....

[scottbomb]

DRM itself is like trying to put a genie back into a bottle. The original genie was let out with the LP vinyl album. They played on ANY record player and didn't need to "phone home" to get permission. Along came cassettes and then CDs. Back in the 80s, artists complained about cassette recorders making copies of their music. I also recall the movie industry crying about the VCR. ANY form of DRM is unwelcome on my devices. Why? Middlemen only get in the way. I like to make backups, just in case. I also like to play what I want, on any device I want, and I shouldn't have to ask permission to do it. I got that permission when I paid amazon.com $1 for the song.

Re:DRM is DOA. The real "genie" has been out....

[Jane+Q.+Public]

"The original genie was let out with the LP vinyl album."

Actually it was long before that. The "original genie" was let out with the paper rolls that control player pianos. They could be copied with a paper punch and some glue.

We owe a lot of our modern copyright law (up until DMCA, that is) to the lawsuits that took place over the copying of those rolls. That is also when it was first determined that software -- even software that is made "real world" by causing a machine to do something -- is properly covered by copyright law, not patents.

rights

[Tom]

Who knows, it may yet work - if it manages all rights, not just the distributors rights. For example, I want my user rights to be just as important - if it fails, it has to fail "open". If the company goes out of business, I must still be able to use the stuff I paid for. Likewise, it must automatically unlock/decrypt the content when the copyright term is over and the stuff enters the public domain.

Treat my rights as a consumer as equally important as the rights of the distributor, and we can talk about DRM. It's probably still a stupid idea, but as long as the "R" in DRM is entirely one-sided, remind me why I should even consider it as an option?

Dear $CONSUMER

[wowbagger]

From: Sony Media
To: $CONSUMER

Re: Unlawful copying of content

Dear $CONSUMER:

It has come to our attention that you are in violation of our copyrights, by making unauthorized copies of our BluRay content using a device known as a Hippocampus. We are bringing suit against you for US$10,000,000.

And now you know why researchers are trying to create an artificial one....

The Intractable Problem

[decipher_saint]

I'm sure this has been articulated better by others but it's on my mind so here goes...

How do you get money from people who wouldn't spend it regardless of DRM. That's the core problem right?

Are these not the people that DRM schemes seek to deter? Are the people who buy things with restrictions feeling pressure to circumvent these countermeasures to fully enjoy the things they buy (LAN play with no internet type games, resale purchases, etc).

If this is so, then the only thing DRM has been successful at so far is creating an environment that encourages more non-customers.

Re:At least there being honest

[Darkness404]

Right, because an internet forum is a great place to get accurate data...

Lets see here, Zombieland made $102,297,496 with a budget of $23.6 million (see http://www.boxofficemojo.com/movies/?id=zombieland.htm) . And that isn't even taking into consideration any sales from DVD sales. I'd say that is a lot of money made in profit. Note that they've made over 50 million dollars in -profit- not just sales but profit after they've paid everyone.

Can you show me a great movie/game/etc that really -has- been killed off by "piracy" and not just the fact that it didn't appeal to a wider audience or that the movie/game/etc was terrible?

Technology is coming along at such a fast pace that you don't need a studio to make a movie, you don't need theaters to make a profit. The internet is full of examples of this. In the '80s and earlier, yeah, you needed professional equipment, today? You can go out and buy a camcorder that will shoot HD video, a computer and programs that add in special effects, etc.

So go on, find an example of something "killed" by "piracy" that was truly killed by it.

Somethimes I think ...

[gerddie]

... IEEE members should read their own publication more

Re:At least there being honest

[Darkness404]

But the main question is, do we need a huge company to do all this stuff? Does having a $200,000 wardrobe budget really make the movie that much better? Heck, a lot of the stuff on YouTube is better than the trash on TV, xkcd and other webcomics are usually better than all the "professional" cartoonists with a "real" publisher and editors and the like.

And there are also ads and the like to generate revenue. Look at Google, it had a profit of over $6 billion last year, and yet it in essence gives away its chief product(s)! I don't have to pay $30.00 for a license to use Google's search engine, the majority if not all of their downloadable programs are free, the majority of Android save for a couple of Google created programs are open source, etc.

Again, there are very, very few people/companies that have been "killed" through "piracy" and had a good program that appealed to people.

they really don't get it.

[macbeth66]

I used to buy some 50 albums a year. I haven't done that in a number of years. And it is not because I am stealing the albums now. The new music sucks. There is nothing I want from them. At any price. I will admit to buying used albums, but that is for 'missing' items from my collection.

Re:they really don't get it.

[Chelloveck]

The new music sucks.

Of course the new music sucks. New music has sucked ever since Oog's children figured out you could bang sticks together, not just rocks. And it sucked even more when Oog's children's children figured out you could bang the sticks on the rocks. It's just been all downhill ever since then.

Excuse me, I'll leave and let you get back to the maintenance of your lawn.

Re:rivalrous?

[Hatta]

Rivalrous is an economics term. Zero-sum is a game theory term. Different, but related fields of study may use different terms for similar concepts.

Re:At least there being honest

[IamTheRealMike]

Lets see here, Zombieland made $102,297,496 with a budget of $23.6 million

The vast majority of movies either lose money or break even, so the big studios subsidize them with the profits made by the big hits. Picking a single very successful movie and trying to make an argument about the entire industry then isn't going to work.

Can you show me a great movie/game/etc that really -has- been killed off by "piracy"

No obviously not, because something has to be made before it can be pirated, so piracy cannot "kill" a game or movie. It can significantly reduce the probability of a sequel, presumably, but as we're talking about probably and decisions made behind closed doors that's tough to prove.

What we do know is that from time to time a loose lipped game company executive mentions that they de-prioritize PC ports of games because of piracy. This usually leads to widespread condemnation from PC gamers of course so it's not surprising that mostly they prefer not to discuss it. But I frequently read on Slashdot that "PC gaming is dying" and it's being killed by consoles.

Business is not, entirely, about rational financial decisions. If a team of people work on a big, complex project for 3-4 years and when it launches, 90% of players are pirates, that takes a serious emotional toll as well as a financial one. The next project, whoever is in charge may well look at PC game development, the piracy rates, the extra server and support costs involved in supporting the pirates etc and say "fuck that".

Technology is coming along at such a fast pace that you don't need a studio to make a movie

What a load of crap. Film technology has been advancing rapidly for more than three decades, but I fail to see movies produced in peoples bedrooms taking over the cinemas. After all, isn't the most successful movie yet made also one of the most expensive?

Re:At least there being honest

[Endo13]

Interesting that you should bring up Portal. The team for that in fact was quite small, (no more than 10 people involved, according to wikipedia) and made a very similar game before Portal on their own - with presumably very little funding. Apparently most of the time and money required in Portal compared to the previous game was to create it in the Half Life universe. And even then, going by the MSRP for the game, it's a pretty safe bet it was in fact fairly cheap to make.

As far as movies go, a lot of things that used to cost a lot of money can already be replicated fairly cheaply with a green screen and CG. And then, take Avatar for example of what things will probably look like in the future. Sure, that tech is expensive now, but only because it's new. Give it a decade or two, and anyone will be able to create their own movie with that tech, with consumer-grade equipment they'll probably be able to purchase for the equivalent of 1-2K in today's US dollars or less. That will basically put the movie industry in the same place the music industry is now: where the only real difference is that the "expensive" stuff is a lot more heavily advertised, and you'll be able to get all you want of just-as-good stuff for [nearly] free from indie sources.

Why can't the IEEE understand this?

[bzipitidoo]

I expect this kind of greed and stupidity from content makers, but the IEEE? Or are they accepting money to do something they know won't work?

Re:"Tamper-protected": The only real DRM

[TheSpoom]

The "tamper-protected circuit" is yet another attempt to bring about trusted computing, the idea that while you physically own a computer, there are parts of it that if accessed in non-approved ways, stop working. It's the only real way to implement unbreakable DRM... or at least, it makes the target the hardware, which can be much more difficult to crack than a software implementation. Think encrypted RAM with the key stored in such a "tamper-protected" chip, gooped up with epoxy and a self-destruct mechanism if it detects an attempt at physical access. They're just framing the idea in a different way; the result is the same.

If this ever actually took off, it could split the internet in two, between open and "trusted". Avoid these things like the plague, and refuse any hardware or software that uses them.