Sony Tries Using Blockchain Tech For Next-Gen DRM

Sony announced Monday that it's using blockchain technology for digital rights management (DRM), "starting with written educational materials under the Sony Global Education arm of the business," reports Engadget. "This new blockchain system is built on Sony's pre-existing DRM tools, which keep track of the distribution of copyrighted materials, but will have advantages that come with blockchain's inherent security." From the report: Because of the nature of blockchain, which tracks digital transactions in records that are particularly difficult to forge or otherwise tamper with, its application as a DRM tool makes sense and may also help creators keep tabs on their content. Currently, it's up to creators themselves (or the companies they create for) to monitor their contents' rights management. Sony's system could take over the heavy lifting of DRM. The way blockchain works allows Sony to track its content from creation through sharing. This means that users of the blockchain DRM tool will be able to see -- and verify -- who created a piece of work and when. Sony Global Education is the current focus of the DRM tool, but going forward, the company hints that the rest of its media -- including entertainment like music, movies, and virtual reality content -- may be protected the same way.

Idiots

[execthts]

Didn't they all learn - - from the BMG-Rootkit scandal - about piracy being a service problem - about tamper-protections only hurting paying customers before?

Re:Idiots

[110010001000]

Some forms of DRM have never been broken. Just look at the latest consoles.

Re:Idiots

[HarrySquatter]

Considering they are still around and still use DRM that should answer your question sufficiently.

Re:Idiots

[DarkRookie2]

Is this because of the DRM, or no one really trying since the selection of games exclusive to the console is underwhelming to say the least.
I am betting more the later than the former.

Re:Idiots

[sheramil]

Didn't they all learn - - from the BMG-Rootkit scandal - about piracy being a service problem - about tamper-protections only hurting paying customers before?

Evidently, they learned at least one thing: DRM in entertainment just forces the customer away, so they're using it in education, where at least in some circumstances the clients have no DRM-free alternatives.

Talk about perversion!

Only SONY can take a technology intended to increase freedom, and turn it into a method of censorship! Good gawd! this company disgusts me. I stopped buying their products when they started putting malware on DVD's they were selling customers.

What value added?

[arth1]

I fail to see what value a blockchain adds here over, say, signed certificates. Can someone explain the added value to either content creator, copyright holder or consumer that requires blockchain?

Re:What value added?

[Sarten-X]

My guess (and it is purely a guess, since TFS and TFA are so light on detail) is that transactions involving works will be logged in a blockchain. I buy a movie, and that purchase is linked to my particular account. I can then loan that movie to someone else, and the transfer gets logged. When it's returned to me, that's logged, too... Unless I happen to be disconnected from the blockchain-handling system, in which case I'd be stuck with the last-known state of property ownership.

If everything works like that, then a content owner could track their creation and see that I loaned a movie to someone... because apparently that's something Sony thinks they care about. Like many other DRM systems, it also allows Sony to revoke rights to works by authoritatively transferring them away, unless there's a crypto method to authorize a transfer (which is not indicated in TFS or TFA).

Pretty much, it provides nothing of technical value that wouldn't be served better by a central database. For marketing value, though, blockchain's an excellent choice right now.

Re:What value added?

But that makes zero sense. If they wanted, if there is real incentive, it is going to be trivial for some pirates to spin up a ton of servers to quickly perform a 51% attack. Or do you think sony is just going to spend millions of dollars having hash farms sitting there hashing away just in case a pirate attacks?

And more importantly, in the event the pirates successfully pull off a 51% attack, then what? Is everyone just going to roll over and say "well, the majority of hashing power has voted" and just give up on the ? No, they are going to say "well, that's not really valid anymore, so lets just ignore it and go with what sony says is legit". And now you've just invalidated the entire point of having a blockchain. "We can't trust anyone, so we'll trust the blockchain collectively...until we decide we can't trust the blockchain, at which point we'll just trust the entity we didn't want to simply trust at the beginning".

If you give up on your principles as soon as they are inconvenient, they weren't really principles to begin with. Likewise if you can stop trusting the blockchain as soon as you think it is compromised, it was never really trusted to begin with.

Re:What value added?

How can they tell where a file came from and so on?

Blockchain records transactions - and unlike a simple log "it cannot be faked". But blockchain will only record transactions that actually gets recorded.

Lets say my brother buy a Sony movie, and this is duly registered in the blockchain. So proof exist that my brother bought that. And he can pass the movie on, and register that fact in the blockchain and so on.

But I am a pirate. I copy his movie. I edit out all the trailers & other commercials. I cut some boring cry scenes.

Then I sell this movie to folks who like having "no commercials". But what do Sony gain from having blockchain here? The piracy is obvious to law enforcement - it is mostly the original movie. Blockchain do not aid in proving my obvious piracy. If they really watermark every movie differently, then they can see it was my brothers movie that got leaked. But they can't get him for piracy: "Someone may have copied the movie when the kids watched it with their friends". Sony can't demand that customers have good security, they can't hold customers responsible for being burgled or defrauded.

The blockchain has an unfakeable account of transactions. When I sell pirated movies, I obviously don't register the transactions with anyone! My black-market buyers also knows my movies aren't 'legit'. So no trail for Sony to follow.

Perhaps Sony will be able to refuse, if a stupid black-market buyer tries to return a pirated copy to a store - for a refund. But do that happen at all?

 

Re:What value added?

[faedle]

> Unless I happen to be disconnected from the blockchain-handling system, in which case I'd be stuck with the last-known state of property ownership.

That's highly unlikely, as that could be a hole to exploit. It's more likely the content won't play at all.

Re: What value added?

Youâ(TM)re technically correct that all you need to do is do a 51% attack, but doing so is specifically impractical. Thereâ(TM)s a concept of agreed-upon finality, where you need to build a certain number of blocks ahead. For bitcoin itâ(TM)s 6 blocks, and every block would cost you a lot more money than just the amount of mined BTC to pay enough mining rigs to do so consistently for an hour. It would cost a few million dollars, assuming you could find a way to rent that sort of hashpower, which isnâ(TM)t really doable. You wonâ(TM)t find a one place or multiple place that would let you rent enough machines for that, so the next option is buying mining rigs yourself. I hope you have really really deep pockets and are ready for quite an architectural/logistics challenge of setting up a few thousand machines.

BlockChains security works by crypto economics. All of them. If you donâ(TM)t take a well established BlockChain then yeah the cryptoeconomic security just isnâ(TM)t there. Thatâ(TM)s why if you want to build anything remotely securely, you should be pegging the information on like bitcoin or ethereum.

Re:What value added?

[mysidia]

I guess the idea is media creators could create a public blockchain describing their works and every playerID or userCode license that has an authorization to disseminate their work. The description of a work could actually contain enough information about various watermarks and identifying features of their works to identify both legitimate copies and Identify decent-quality rogue copies containing an identical picture or more than 30 seconds or so of audio or video: then in order to disseminate ANY work, a compliant playing device would be required to maintain an online connection and take steps to identify what work is being played --- then in order to play a work identified as matching a protected one: the player would be required to login, userId, and apply for a player hardware Id Lease containing the player hardwareId and the manufacturer+hardware IDs of the monitor and every device in the viewing chain (May require submitting a payment); wait for a short-lived Play authorization to appear on the blockchain, and maintain an internet connection to (1) Verify every 60 seconds that the play authorization is still valid for this content, and (2) The player has to transmit all the blockchain records to the HDCP display monitor, digital sound, and every device in the chain, so.... (3) The HDCP monitor also verifies the "play authorization".

The DRM could be combined with a proprietary audo/video encoding package: which would be protected by a patent,
and in order to enforce the DRM policies -- licensing the patent to decode would require that all decoders made available
be only "Compliant players". After every 3 or 4 years, there would be a new encoding/decoding package with a new patent,
and a mandatory online instant update for Compliant Players to remain compliant and be able to continue playing content
that involves removing the hardware's capability to decode media packages that are more than 2 versions behind --
and media leases can no longer be issued for older versions of the media to ensure by the time patent expires - nothing in consumers' hands can play that format anymore.

Blockchain BS

[Sarten-X]

Repeat after me, folks: Blockchain is a buzzword for a logbook.

That's it. There's no "inherent security". It's just a log with a checksum. Any can tamper with that log as much as they like, just making sure that they control enough of the verification process to authoritatively say their claims are genuine.

Seeing and verifying "who created a piece of work and when" is not really ever a problem in copyright cases. The real problems are how much of a pre-existing work was used or referenced to make a derivative work, and whether the derivative work is sufficiently creative enough to stand on its own.

With so little detail, it's difficult to speculate on precisely how Sony thinks this technology will benefit anyone (including themselves). So far, the only people who benefit from industrial use of a blockchain are the people selling a blockchain as a solution.

Re:Blockchain BS

99% of the time, blockchain is way more work for something that could be much more efficiently handled in a central database. Where blockchain really shines is when you want a system whereby no individual parties are trusted. Hence, the reason why it's so useful for cryptocurrencies. It can have other limited uses for things like smart contracts, but it seems way to many businesses are trying to use blockchain just so they seem relevant.

Same thing happened with NoSQL 10 years ago.

Re:Blockchain BS

[arth1]

Where blockchain really shines is when you want a system whereby no individual parties are trusted.

That makes sense then - no-one trusts Sony, after all.

Re:Blockchain BS

Where blockchain really shines is when you want a system whereby no individual parties are trusted.

Haha, still no. For a no-trust blockchain to work, you have to trust that the distrust between the parties is enough that there will never be cooperation in excess of 50% of the accounting. Since oligopolies tend to form when big players would rather split a market than compete with each-other, we already have proof that eternal hostility between major parties is not a stable state.

For a time, a no-trust blockchain may operate as intended, but it is a precarious state and will fail into a more stable model of either a single-authentication system or an abandoned waste of energy. Maybe the failure will be after all the early players have died, so they can go to their graves believing that their version was the exception.

Re:Blockchain BS

[postbigbang]

It's more about transactional integrity. Blockchain is more trivial to code and execute than you might think.

If one takes a vetted (!!) inventory of music and film and media and whatever, and wants to bank it among a group of producers, artists, media companies, and consumers, this method can work to achieve a transaction history of who owns what with what stipulations, and it's wickedly difficult to game.

Not that DRM works. Rather, this is transactional integrity for the lawyers and apps that will be used to assert "rights".

IMHO, it's folly and a waste of money, but rights protection is a mantra in the media business. I allows Wall Street to believe that there is asset protection, therefore stock value and price. In actuality, that's the real "customer" for this blockchain effort. And that's the charade's target: share price.

Re:Blockchain BS

[Sarten-X]

If trust is your problem, cryptography is your solution. There are crypto systems that allow a consensus of several parties to validate another party's claims.

Blockchain, by itself, is just a log where each entry includes all of the previous ones. It's useful when you want to have a small checksum to validate that the whole log hasn't been modified.

If a historic log being modified is your problem, blockchain is your solution... but that's usually not actually your problem.

Re:Blockchain BS

[Sarten-X]

this method can work to achieve a transaction history of who owns what with what stipulations, and it's wickedly difficult to game.

Rather, this is transactional integrity for the lawyers and apps that will be used to assert "rights".

So it's a normal collection of license contracts, but now with dependencies on a processing network. Lovely.

Public Ledger of Piracy

[kd3bj]

Cool. Now we'll all have a way to prove to each other how much media we've pirated.

Exactly, where is the benefit for the customer?

[grungeman]

Does this even matter anymore in management decisions? Maybe I am old-fashined, but back in the old days a product (like the Walkman) became successful because it provided a certain value for the customer.

So what happens to analog hole and re-encoding?

[140Mandak262Jamuna]

Whatever data is embedded in the created media file needs to survive going through a re-encoding process. For music is ridiculously simple to take a high quality analog output and to re-encode it. For digital, there is supposedly some mild protection in HDMI to stop casual pirating boot legging. But one can always buy a legitimate devices or hack a recorder to identify itself as a TV and download the stream for processing. It can be re-encoded with controlled biases and that can thwart any steganography in the video stream or picture files.

It is very hard to stop pirating. Pirating and boot legging is rampant in India. One film director was bemoaning that he got a congratulatory call from Dubai on his new movie on the day of the release. The company had not even begun movie distribution talks with any Dubai distributor at that time. But Bollywood thrives, they know they are going to get the money in the first week and that is all. Then the content is essentially public domain. People take clips and interpolate with some politician's speech and create funny sequences. They play the sound track and record themselves lip synching (called dub-mash) and redistribute. No one pays any royalty or digital rights. Even if a dub-mash goes viral it does not top the charts because it gets immediately boot legged into hundred you tube videos and the viewer count gets fragmented.

Through it all it some how thrives and makes some money for the creators.

Good luck

[Mathinker]

From Wikipedia:

In August 2013, DVD-Ranger released a white paper detailing their methods for detecting, and subsequently removing, the present Cinavia signal from audio files.[16] The DVD-Ranger CinEx beta software synchronises and detects the Cinavia signal in the same way as a consumer Cinavia detection routine; these identified parts of the audio stream are permanently removed, removing the Cinavia signal. Post-processing can be used to try to "fill-in" the audible gaps created.[16]

There are claims[17] that Cinavia can be removed using open source software like Audacity with an extracted audio file from a video source. The audio file is processed by decreasing pitch by 13%; the processed audio file is then merged back into the video source. This renders the Cinavia watermark unreadable.

Ah, Blockchain...

[GameboyRMH]

Is there anything it can't make worse? Mind you I don't think this will make the DRM harder to crack, just pointlessly inefficient. There's no distributed trust problem to solve here so it makes no sense to use a blockchain. A centralized database would be just as trustworthy and more efficient by an astronmical degree.

What has blockchain done for humanity so far? Empowered our criminal ownership class and driven another knife into our planet's back.

Re:What's the point?!

[Jadecristal]

The best commentary from a software company that I've seen so far is that it was costing them a non-trivial amount to deal with the support requests from "customers" who cracked software, then thought that they should get support from the company.

How can we help avoid situations like this, especially for smaller companies? I'm sure it can be done, and *believe* that DRM isn't the answer, but I'm not sure how to best... do it. If you only accept support requests online (maybe only *opening* them online?) then you can refuse to start a request for someone who isn't logged in with a registered copy of the software, I guess. Hmm...