Actually, it looks to me like just a variation of the popular "have a pre-conceived result you want to reach, then massage logic and numbers to reach it.
Perhaps this is true - the question which occurs to me is "how well does this chime with models from other economists?". If it was way out of wack with optimal predictions from other economists eminent in the field, then I'd say your supposition was right. If, on the other hand, the figures are of the same order (+/- 10 years) then I'd say your criticism isn't borne out by the facts, unless similar selection bias is evident in all economists considering copyright.
The papers that I've read on this subject (and Pollock's paper will take a bit of analysis on my part - not had time to do that yet) don't seem too far out of kilter. The consensus seems to be in the order of 7-40 years for copyright; which is way shorter than the life+{70,90} which most countries have in place. Some outriders have suggested getting rid of it, others that perpetual copyright is the only valid one. Those seem like extreme positions.
Certainly when the (UK Treasury commissioned) Gowers review concluded, (which, to be fair, concentrated on sound recordings, rather than copyright in general), the experts came up with the statement that the current 50 years should not be extended, and Gowers himself indicated that a good, evidence based, case could be made for reducing the copyright term.
So, in order to confirm or reject your hypothesis of predetermined result, I'd need to review both this paper and compare it with other papers in the subject. At first blush, I don't think your criticism is merited; but I concede I haven't looked at the paper in enough detail to say that definitively
As for the licensed crypto, you would also have to ensure that such legislation was effectively global, or people would just use a proxy based outside of the host country.
So they'd transmit in the clear (which could be intercepted) to a remote (read slow) proxy? What'd be the point if you're transmitting the information unencrypted to begin with? That makes no sense.
Sorry - not being sufficiently clear. The point was that the license that the GP suggested would apply to website owners (banks, government offices, etc.) - but that unlicensed service providers (in the USA) could not deploy encryption technology. It would be just impossible to require every US citizen to acquire a crypto license which would force their computers to adhere to US government IT restrictions. Thus, the foreign servers (whether for finance or other matters requiring confidentiality) would still have to use SSL or the like. And how would you prevent those external services being proxies (short of the USA declaring war on the entire world)? So the beleaguered US citizen would use SSL to the proxy server, and then tunnel SSL within that connection. Perfectly doable using existing setups.
Your other examples of administrative abuse don't really bear on this matter. It's one thing to go after a small group of individuals whose behaviour distinguishes them from the masses. It's another thing entirely to require wholesale filtering and mandatory spyware installation on the entire population's computer systems. It might have been possible 20 years ago, prior to widespread home Internet access. It's just not remotely plausible now.
The BBC does not work in isolation. It works in partnership with other broadcasters around the world. And in making its content freely available to licence payers in the UK it has to make sure that it doesn't abuse the rights of its partners by giving away content to those outside the UK, where the rights may be shared with or even wholely owned by those partners.
You make some good points - but I suspect that the solution which the BBC has chosen doesn't actually address the threats which they perceive. The distribution of the content within the UK is understandable - but that's a GeoIP protection, rather than a DRM based one. MS-DRM doesn't (and cannot) check to see whether the viewer is a valid UK license fee payer. If people redistribute content outside of the UK, then the BBC can hardly be blamed for that - even by the most bloody minded business partner.
It seems to me that the threats ultimately boil down to two points
The threat that content will end up all over the Internet, thus diminishing the partners revenue, or ruining their differential broadcast schedule. Given that the same content is available over DVB without any DRM at all, the DRM over TCP/IP will make little - if any - difference. The sort of people who are prepared to watch TV on their computer screens are going to know about P2P and Usenet. There is a common belief amongst content producers that "just because we can't do everything doesn't mean we should do nothing". In the era of the Darknet, however, it only needs to content to be released once. Meaning that you really have to do everything if your protection is going to be anything more than security theatre.
The threat that people will keep content for longer than the 7 days of the DRM license, thus depriving the DVD partners of potential revenue. Again - a silly position. The picture quality of iPlayer is significantly lower than that of DVD - and again because of the easy availability of higher quality rips, the "window of unawareness", upon which the "prevent casual copying" hypothesis of DRM is based, is a very, very small one.
If the MS-DRM is not cracked via the FairUse4WM method, then that probably means that the content is insufficiently compelling to be worth 10 minutes of cracking by anyone. More likely, it means that full broadcast quality rips are on general distribution, and that the inferior iPlayer clips are not desired.
I do hope that the OSC can impress upon the BBC the utter futility of the DRM mechanism. It's just snake oil that they've been sold by unscrupulous MS salesmen (not that any other DRM sales force would be any more scrupulous). As a license fee payer, I'm not much in favour of requiring extra equipment to view the content that the BBC sees fit to make available to others.
Actually, you could make a Second Amendment argument to the court. Is strong crypto still on the ITAR list? If so, it's a "munition" and the Second Amendment guarantees your right to it
I can't remember all the details, but ISTR that most publically available crypto systems were placed under the EAR (Export Administration Regulations) under the Department of Commerce, rather than the munitions list. The change happened under the Clinton administration, I think.
Anyway, I think the second amendment guarantees the right to bear arms (which various courts have indicated means firearms that can be personally carried), not all munitions in general. I'm pretty sure that your defence counsel would be less than happy arguing that your canister of nerve gas or your napalm flamethrower fell under the 2nd amendment. Good luck in trying, though!:-)
well, personally i think it's different from not giving over a key since, well, even though they're very similar, a physical key is an object and an encryption key or password is a tiny piece of knowledge. my opinion is that since it's data it ought to be treated differently. i know not everyone will agree with me there:)
Not everyone, indeed. Including most judiciaries in the world!:-)
I think most states would treat a password as like the combination to a safe. You cannot be physically tortured into revealing the combination, but refusal to obey a court order to perform the action may be taken as evidence to adduce guilt. But if the court was faced with a refusal with the statement "I don't know the combination", it would still be the prosecution's burden to prove that the refuser did know the combination. You cannot ask the recipient of the order to prove he doesn't know - that's impossible - but if there's reasonable evidence to suggest he did know it (ie, CCTV footage of his opening the safe yesterday, or production of documents which were in the safe a short while ago), then most juries would think that the recipient was lying. In the case of a crypto key, the fact that ciphertext exists on your hard disk is no evidence of key knowledge at all - any number of computer security experts would testify to that in a heartbeat.
If you have a key discipline regime which relies on rapid key changing, and you claim no knowledge of the key, then that's might well be a valid defence.
How about introducing a license to employ encryption. One where the banks and electronic trade organizations covered had a license that covered the end user. Anything done to employ encryption that hasn't been approved by an organization with a license is illegal. That'd make using PGP to send messages illegal for the guy on the street, but using a web browser to view an encrypted Internet banking page legal for the same guy.
Scary but doable I'm afraid.
Not really. As Ron Rivest illustrated with the winnowing and chaffing procedure, any one way hash function can be turned into a key based discriminator. In other words. you can send text in the clear, but with so much chaff that it is computationally impossible to determine the true text. At that point you'd field the defence that "Hey, I didn't encrypt anything. I just spammed a load of garbage packets into the stream". Would the law then become "Don't do anything we think might be suspicious"? At that point, you're saying the US government becomes an arbitrary entity, abandoning all constitutionally based jurisprudence - and the courts are happy to go along with it. On a purely practical level, since all existing OSes have crypto built in, how would you enforce this? Remember - it's not just web sites. IMAP servers, LDAP servers etc. all on the net have crypto built in. How do you enforce a rule saying that all of these systems must now comply with the no crypto law? Would the USG indemnify all service providers who suffered loss as a result of removal of transport level security? That might be a bill the US taxpayer is unlikely to wish to settle!
As for the licensed crypto, you would also have to ensure that such legislation was effectively global, or people would just use a proxy based outside of the host country. Of course, you could shut down all international Internet contacts (a la Great Firewall of China), but the cost to the economy of that would be massive.
The crypto genie is out of the bottle - it would be practically impossible to put it back in. The NSA and other TLAs tried (and succeeded) to hinder its widespread adoption within the civilian community. But in the end, the only real success was to hand crypto and security development to teams in Europe and Israel. A nice gift from Uncle Sam for us damn furriners, but not much good for the security of the USA.
Extremely unlikely. You'd be trashing the entire electronic commerce infrastructure which relies on solid encryption. And there's no way a corporately oriented government system is going to do that.
Anyway - you've got no worries. If the USG tried that, you'd use all those wonderful 2nd-amendment protected firearms to overthrow it?:-) OK - snarky Brit comment over. Back to the normally scheduled stuff.
Or, as I understand England has done, simply make it illegal to withhold your keys from government agents.
You mean the United Kingdom. Sadly Scotland is also sucked into RIP silliness.
The police and other law enforcement agencies still need a judicially signed warrant to obtain those keys. There's all sorts of stupidities in there - but let me ask a question: Why should you be able to refuse to obey a properly formed court order? If they served a legitimate court order to hand over they keys to your house, should it be legal to flip them the finger? If you think that encryption keys are somehow immune to warranted seizure, you have to say why. Alternatively, if you think that all court seizure orders are wrong, then you probably have to defend that one even more!
I don't have a problem with warranted search and seizure. I have a huge problem with the LEAs thinking that privacy is solely a cover for people to do evil things.
Even if they have no definite proof that there was anything illegal on my PC, as I cannot decrypt the contents of the HDD for them, I am arrested.
It's not quite that simple. They do have to be able to demonstrate to the court that there was a high likelihood that you were in possession of the key within a reasonable time frame (ie, if you were receiving emails encrypted with that key until yesterday, and responding with emails which were also self-encrypted under that key) then the court might hold that you had the private key until recently.
Note also: if you revoke a key with a note saying "The coppers served a decrypt notice on me" - that's an offence. If you revoke it, people ask why, and you reply "I am unable to answer that question" - that's perfectly OK. Like there would be any other reason you would answer that! Talk about dumb!
However, in the scenario you outlined (the ephemeral key in RAM), you would be able to explain the arrangement to the court. It would be up to the prosecution to prove that you were lying. You are still presumed innocent. You cannot be prosecuted for being unable to provide a key you don't have - you can be prosecuted for failing to provide a key when evidence exists to prove that you did have it, and that you could reasonably lay hands on it. Since precious little case law exists to back any of this up, there's not much guidance to go by.
Note: the RIP Act really sucks. It's a stupid law, crappily written, with a lousy code of practice with so many holes in it, it's not even funny. And that, I suspect is why you'll never receive a decryption notice. I reckon there will be precious few decryption/key seizure notices served - because the coppers are terrified that the notices will be faulty. They'll probably serve them on a bunch of people using PGP when they've already got evidence on them from other sources. That way, if any of them do the "no such key" defence, they'll rely on the jury thinking "Yeah, but they're a bunch of shifty Muslim types, so they must also be guilty of that". Or it'll be some paedophile who would attract zero public sympathy. They won't use it on marginal cases - too risky.
No, but they can make the term longer. All international treaties on copyright that the UK is bound by (including EU directives) give minimum terms, and the UK government is free to make the terms longer.
Are you sure about this? My copyright consultant colleague indicated that this wasn't the case. I was just going by his assertion. Since there is a free-trade between member states, any UK-only extension would not bind other member states to honour the extension, and hence any works out of copyright there can be imported without restriction. In other words, it would certainly affect the trade between member states, and thus becomes subject to harmonised legislation. It might be one of those cases where theoretically a member state can increase term, but as a matter of political feasibility it just won't happen.
Anyway - it's a little bit moot. Cameron didn't say a Tory government would alter the term; he said it would ask the EU to extend it. Which is why I think he was making good sounds for his audience, knowing that he wouldn't actually have to deliver on his promise.
So, you managed by completely specious fiat to start at 730 (owing to narrowing "accident" to "DIED") down to 80, most questionably by accepting 402 could be thrown out because 'excess' was defined as not one but TWO pints. I've known a lot of limeys, but I've never known a single one to sit down for ONE pint.
I have. I guess you don't know enough of them. If you recall, I was comparing the effects of smoking fumes with car accidents. Excess alcohol for driving purposes is defined two pints or greater. The Gloag paper said that a majority of accidents were due to excess alchohol. A majority, by definition is >50%, but Gloag didn't say what the majority was. Hence I assumed a 55% figure. Perhaps 51% would have been better. And yes, I focussed on died, since the effect of a slight wrist sprain isn't comparable with developing lung cancer. If the figures for serious injury were available (ie, life threatening, or causing permanent impairment) then those would be better.
Remember - the OP stated that your chances of being in a traffic accident after a driver had downed ONE pint were hundreds of times greater than catching cancer from second hand smoke. I was pointing out that such figures as I could find didn't bear out that statement. I used deaths because those were the only figures available for both populations. We can accept the much greater figures you cite below if we accept that the seriousness all hospital admissions for both second-hand-smoke related cancer and all road accidents are equivalent. Would you make that equivalence?
Seriously, if you have figures which indicate the relative risks of driving accidents after one pint (the OP's point) versus those of second hand smoke inhalation, I'd really like to see them. Not a snarky "non-challenge" - I'm genuinely trying to find out the true figures. The OP is making a serious point: if second hand smoking is no greater a risk than all public alchohol consumption, then there is no logical public health reason for allowing public alchohol consumption but denying smoking. And the legislation was floated on public health grounds.
6,386 -- AND THAT'S JUST LONDON.
But that figure represents all road accidents requiring admission. How many of those were due to someone drinking ONE pint, then having a road accident which hurt someone else? I can't obtain those figures - hence the estimates based on the BMJ figure.
If I get admitted to hospital suffering from lung cancer - what's the chance that it'll be a one day admission, then packed off home with an aspirin? Pretty bloody remote. If I get admitted to hospital with a cut forehead, or bruised ribs, I'll be in and out pretty soon, and probably not much the worse. I don't think the gross figures you cite are comparable with smoking related admissions.
I'll just arbitrarily say you're dealing with a number more like 30,000--again, just for London. So, the UK being about 60M people, London only being about 8M of them, that's a rough per 352:100k, so nationally, we need to up it to about 211,200. There. That's better.
Why would it be valid to extend the statistics for the most densely packed traffic centre in the country to those which were not so?
I wouldn't worry about it. Give it a fortnight, and he'll be making a speech showing how he's totally cool with the ho's and bitches; and that this copyright thing's gotten way outta hand, y'know? So it's time to set the music free, right? And the Conservatives have always wanted to diss copyright.
That's the thing about Cameron. He's like NFS and Palestinians. Totally stateless.
I hope he's lying to them as usual as per UK ministers' standard operating procedures.
Of course he's lying to them. Look - it's an easy option for this tosser. Copyright term is harmonised across the EU. The UK government cannot arbitrarily alter copyright term. So Cameron sends his Europe flunkie to the halls of Brussels to wail for longer copyright terms. Germany (DG) and France (Vivendi) agree, but the other states can't be arsed, so say "no".
So Dave trots back to the BPI and says "Sorry guys, we tried our best, but those poxy Dagoes and Wops got in our way again. What a pity no-one sees things the way we do in Blighty. Ah well, can't be helped. Here - have a couple of knighthoods and a peerage for services to the Peruvian economy. Pass the spliff".
What a wanker. Vacuous, smarmy and perfidious. How the fuck can anyone have less substance than Tony Blair? I mean, I didn't think Blair-lite was even possible. It's like a whiter shade of pale. Oh bugger, now I'll have Procol Harum wanting money off me.
I bet the chance of having a car accident after drinking just one pint is hundreds of times higher than the chance of you getting cancer from someone smoking near you?
Well, the effects of most car accidents are usually not fatal - in fact, most accidents don't involve injury. The effects of lung cancer and heart disease are a damn sight more serious than a smashed headlight.
But if we limit it to fatalities, the overall number of car accident fatalities in the UK in 2006 was 2920 (DoT statistics). The Gloag report in the BMJ estimated that 25% of those fatalities were attributable to alcohol - about 730, but the majority of those involved excess alcohol (2 pints or more). Lets estimate a low majority (55%) - 402. So I'm estimating that we could save 328 deaths a year by banning alcohol except in the home. But this also assumes that no-one drinking at home gets behind the wheel of a car. And this is also assuming that everyone who gets killed is an innocent victim and not the drunk driver. I reckon the figure of lives saveable is probably around 80 a year (50% fewer from lower drink driving, and 50% lower than that because it's not the drunk driver topping himself)
The number of deaths attributable to second hand smoke in the workplace was 517 (Jamroznik, published in the BMJ). That's excluding those who also are exposed to smoke at home. So by banning smoking in public places, we can save the vast majority of those people - about 500 a year.
So I think you'd lose that bet. You're more likely to catch disease from a smoker than get twatted by someone who's drunk a pint of beer and got behind the wheel of a car. Anyway - it doesn't really follow. Alcohol consumption does not render the environment inherently more toxic (it renders it more dangerous in concert with other activities); pumping toxins and carcinogens into the local atmosphere in a poorly ventilated area is obviously more directly dangerous to a persons local environment.
Have you spent much time in England? Over there, with the exception of in your own home, you are pretty much in front of a camera at all times.
Bollocks. Wandering through the countryside in Devon and Somerset, I think I was caught on camera, oh, maybe not at all. I wonder if that's because there are no cameras there. Hell, in that part of the world, they've barely got electricity. But the cider is nice...
You mean in the cities. Since I live in Bristol, I did a little camera hunt around my neighbourhood a week ago. There are security cameras in front of the local shops (owned by the shop proprietors). I'm sure the buggers litter the main shops in Broadmead and so on, but it's hardly the Big Brother scenario (ie, they're not all owned by the state, spying on the citizenry). But around residential areas? Nope. None at all.
It probably is more true in London than in all other UK cities (serves you right for living in that shithole:-) ). And of course, the London media are more prone to report what happens in London as being universally true. But the meme of "UK - the securocrat's wet dream" isn't quite true yet. There are far more worrying trends - IP traffic retention; retention of DNA/fingerprint information even when exonerated of a crime; badly formed legislation on civil emergencies, ID cards and so on. Sadly, none of these trends seem unique to the UK.
Paragraph 1 is about the "lying" white house. That paragraph does not attack the claim itself, but attacks the white house's use of it. This is not scientific, but political (obviously). It's simply a masked "Bush is evil" claim. Thinly masked.
The paragraph states that the conclusion which has been presented, that the USA is doing better than the EU on gas emissions is not justified by all of the data, but rather only an unrepresentative sample of it. It does not say that the White House is "lying" (why, by the way, did you quote that word, when it does not occur in the text? From where do you derive the quote?).
The claim is labelled false, which could indicate a failure to understand the implications of all the data, or it could illustrate mendacity on the part of the White House. But the claim is an empirical one: that when the data assembled is considered, it does not support the conclusion from Mr Snow, namely:
I would point out that the carbon -- that there is a carbon cap system in place in Europe. We are doing a better job of reducing emissions here.
Your language makes me suspect that by labelling such a critique as a "Bush is evil" rant, it becomes easier to discard its conclusions, because you can then impute the motives of intemperance and/or tribal partisanship to the author. Such meta-arguments are not justified in this case.
The rest of the first 2 pages attempts to construct a conspiracy that so obviously just doesn't exist.
I can detect absolutely no conspiracy theory being implied from the text of the paper. It constructs a chain of reporting, from the Washington Times, to a report of a statement made from the White House. If the reporting of these sources is incorrect, then please state where and why. If the conclusions drawn from the data are incorrect, then state where and why.
as the white house does that the US has lowered carbon emissions between 2000 and 2004 is entirely accurate
This is not an accurate claim. Of all the UN Framework identified greenhouse gases, only Sulphur Hexafluoride and Nitrous Oxide do not contain carbon. Methane, HFCs and PFCs all contain carbon. The White House statement focussed purely on CO2. And the baseline year of 1990 was selected and agreed upon by the USA so as to make reporting meaningful. An agreed upon year is essential specifically to stop statistical manipulation, and to prevent one-off events like the air traffic drop resulting from 9/11 from affecting the overall performance on greenhouse gas emissions.
Yes I realize you're very keen to discredit the united states. Great.
I have made no such claim, nor is any such inference from my statements justified. Please substantiate or withdraw that claim.
May I also point out that your original statement was:
But I refuse - completely - to read any "scientific" report that has "bush is evil" and "the washington times had the nerve to discredit me" on the first page.
You have explained - I think inadequately - why the first of the implications ("Bush is evil") is there. Would you mind substantiating where on the first page the report of Washington Times discrediting occurs?
But I refuse - completely - to read any "scientific" report that has "bush is evil" and "the washington times had the nerve to discredit me" on the first page.
Where, exactly, does it say this? There is absolutely no "Bush is evil" judgement on the White House on the first (or any other) page of the report. It does say that the White House misused statistical data there - which, given that the intent of the paper is to describe how data has been misused is hardly surprising, nor unprofessional.
Similarly, the reference to the Washington Times was to cite the source of the opposite point of view. What is the author supposed to do when the White House bases public policy based on misinterpretation of data, on the suggestion of an article in the Washington Times? Ignore it? Say "Well, it's OK, really, because a newspaper report doesn't have any scientific credibility anyway". There is absolutely no complaint about being discredited anywhere. Where did you see this: it seems to be neither in the web article nor the PDF report?
Of course the paper is biased: anyone who is making a point is biased. But if you wish to ascribe the motive of prejudice to the author, you must show where it is displayed. The examples you give, as far as I can see, simply do not exist.
I think the author makes some good points, but to say that his time-frame (1990 - 2004) is the "right one" misses the argument the other scientists want to make.
No. 1990-2004 is the "right one" because that's the timeframe that the USA, the EU agreed to use. From TFA:
Article 3 of the United Nations Framework Convention on Climate Change specifies that all greenhouse gas emissions analyses are to use 1990 as the base year.
And in a footnote on the same page:
The 1992 United Nations Framework Convention on Climate Change was signed and ratified by the United States and members of the European Union and made effective in 1994.
Treating the years as arbitrary is disingenuous when baseline timeframes are already agreed. Furthermore, picking the date of 2000, in the knowledge that the 2001-2002 air traffic was way down because of the 9/11 atrocity smacks of terrible cynicism.
Further is the problem with using 2000 as the reference point. In fact, it is perfectly valid to use 2000 as a reference point; it's just as valid as using 1997 or any other time. There is no magical time in terms of statistical length or any point in time that is any more valid than any other. You can argue that the submitter is "cherry picking" his own data.
The paper's author did not arbitrarily pick 1990 as his reference point. As mentioned in the paper, an agreement between various UN signatories (including the US) to the climate change framework agreed to use 1990 as a reference point so as to give a coherent window on data analysis. Thus, to select a year different to one that the US has already agreed to use leads one to the question - why?
The paper also points out that because of 9/11, the US air traffic for 2001-2002 dropped significantly (NB: I don't know if this is true or not. Intuitively, it seems likely - can anyone confirm?). Thus, the emissions from that sector dropped, but subsequent recovery has eliminated that blip from the calculations.
Also, the submission complains that the US metric shown in a positive light - surprising they'd choose something that reflects positively! - is that because only CO2 emissions are considered. Well, CO2 emissions account for nearly three quarters of all greenhouse gas emissions.
Again - there is an agreement (signed by the USA) to measure all greenhouse gas emissions, and not just the headline CO2 figure. Moreover, not all gases contribute equally by weight to climate change. ISTR that methane is worse than CO2 in terms of greenhouse gas effects, and global growth rate of CH4 emissions is greater than that of CO2.
The problem here (and I can't just blame the White House) is that governments are still treating much of the climate change problem as a national PR one. It's not: there is no such thing as the American, or European climate. If one accepts anthropogenic climate change as a problem, then one must also accept it as a global problem.
You ask the question of why wouldn't the WH spin the results positively. The answer should be that nature can't be fooled by PR and spin (anybody's spin). It really does no good to selectively use statistics to try and prove your doing well when you're not. A doctor isn't expected to report the good news that your high blood pressure is down and suppress the news that he's detected your fatal brain tumour.
Who says the chip has to be a standard, off-the-shelf device?
Economics of interoperability. If each device manufacturer goes with their own way for encryption then the devices will cost too much. As for ICEs not working against modern hardware, I think you may be incorrect there. Just as the crypto chips have got faster and harder, so have the ICEs. To take an example: TPM chips for PCs tend to come from one of three manufacturers - Infineon, Atmel and Nat Semi. Of course, HP, Dell, Sony, IBM, Toshiba and so on could all invent their own chips, their own bus controllers, etc, but then the interoperability costs become huge. So to make HD-DVDs/BDs work on all platforms, you'd basically be asking for each major manufacturer to spin custom silicon in each instance. The cost of that would be massive.
As far as attacking the HDMI stream: good luck doing real-time encoding of a raw, uncompressed HDTV stream. Currently, that requires extremely expensive hardware (if it even exists).
It does exist, and it is expensive. But were the demand higher, then those costs would come down. Secondly, it doesn't have to be real-time at all - you can do it frame by frame if you will. Or would you also authenticate and encrypt the control channels (ie, the remote controlling the player)? Pretty soon all of those encrypted channels start to require extra margins in the price of the device. It's not just a matter of signal security - it's a matter of signal security at a cost the market can bear.
The only reason that HD capture devices are so expensive is because it's much cheaper to decrypt the signals at source rather than the decoded ones. You've already demonstrated knowledge of this, but it's worth repeating - you have to protect the signal at all points, and protect it to an economically viable level. Honestly, if Sony thought it could pull the same stunt that it did with MiniDisc except for HD video, then I'm positive they would have done. They (and Toshiba) have got their own fab plants. Since they didn't do it, I don't think it was because they were stupid - it was because they didn't think it worth it.
I don't think it would be possible to extract keys from hardware, if said hardware is well-implemented.
Yes - just a small matter of implementation:)
You are correct, of course, that hardware key storage is generally more effective than software storage. The problem, however, is that key storage isn't the end of the story. Sure, you can embed a TPM chip in epoxy resin, and surface mount that chip onto the motherboard - but it can still be removed. Tricky, yes - error prone, also true. But it can be done. Which means that, assuming it's not some totally proprietary design it can be inserted into a standard PC motherboard and exploited from there. If it is a completely proprietary chip, well, the record of such security systems working is less than stellar. Tends to be of the same order as proprietary crypto algorithms. In using AES, the AACS designers made at least one good technical decision.
Even if not removing the key storage device, the buses which connect it to the rest of the system are still subject to probing via ICEs. And all of this assumes that the electrical characteristics of the systems don't exhibit any exploitable variances like key-dependent delays in processing (side-channel attacks).
And even if you had that down pat, you've still got the fact that the connection from device to display is only protected by HDCP, which was cracked years ago. And there's no real protection on digital audio outputs, so capturing that frame-by-frame and remuxing to high quality rips would still be eminently possible. The only reason there aren't HDCP strippers and HD capture devices all over the place is because AACS has been rendered moot. If the keystream still held secure, you'd simply see another attack vector.
Now here's the other problem: in order to get the backing of people like Microsoft and other likely media centre manufacturers, the HD-DVD camp had to promise Managed Copy (Blu-Ray said they would also provide it). In other words, they had to promise that copying to a non-hardware-secured device would be possible. And if you just shift the problem onto the the PC that way, you haven't really bought anything.
All told - your analysis is spot on - h/w only operations are harder to crack. But from a technical and business commitment standpoint, it wouldn't make any real difference. The incentive to crack is far greater than the technical obstacles in place.
I suppose it all comes down to the age old cliché - security is a process, not a product. And with AACS, it seems that the content producers have only semi-digested that point. Without control of the entire delivery chain - something that is both technically and legally impossible you cannot square the circle of both giving someone the key and not giving it to them at the same time.
Now that multiple keys are out, how does someone legitimately use a key to view a HD disc on Linux?
https://help.ubuntu.com/community/RestrictedFormat s/BluRayAndHDDVD is one method which can help; but a few caveats. The problem for Linux play is no longer the video codecs (recent ffmpeg builds have VC-1 support pretty much down pat, and H.264 has been fine for ages if you have a sufficiently powerful rig).
The problem is audio codecs. Most HD-DVDs/BRDs have either E-AC3 (A/52B) or TruHD audio, which ffmpeg currently cannot decode. There are folks working away on it, but it might be a while before concrete results are available. Until then, one possibility - if fiddly - is to demux the video/audio/subtitle streams under Windows using some of the tools available on Doom9 and then transcoding the E-AC3 tracks to AC-3 (or TruHD to FLAC) using EAC3To. You can then remux the video/audio/subtitle tracks into Matroska, and use mplayer or VLC to watch it under Linux. Cumbersome, and not very friendly, but you won't lose any video quality, and if it's FLAC, you won't lose audio quality either.
Unless the industry is wanting to try a dramatic price hike, which would cause those on and near the fence to rip too...?
It has been suggested that the reason for AACS, HDCP, BD+ et al is not so much to protect content, but rather to ensure that players for HD media are maintained in a small, hopefully non-competitive market. For instance, DVD players now can be picked up for little more than the price of a DVD (OK, OK, pretty crappy ones, but you get the idea). But with all of the licensing agreements for HD-DVD and Blu-Ray, together with the key issuance procedures and diligence, this imposes major costs on manufacturers, which will keep player prices high. Of course, it also ensures that TVs/computer displays have inflated prices as they struggle to build in HDCP type mechanisms.
Many of the major content producers have fingers in the consumer electronics markets too - having ultra cheap HD players isn't good for their margins. It won't last forever - nothing ever does. But perhaps the next big thing will have come along by then - HVD based disks with UHD resolution, perhaps; and the market exclusion game can begin another cycle.
I'm not an American, and UK copyright law is far more restrictive about this sort of thing
It is in some ways, but not others. For instance, parodic use is not explicitly permitted under the fair dealing defence, but the Gowers review recommended that it be explicitly included - which HMG has accepted. The courts have repeatedly held that parody is generally acceptable. News reporting, criticism and education, however, are explicitly allowed as defences. This video would almost certainly fall under the second and third items of that list.
But the real limiter in UK copyright is the actual damages provision. Unlike the USA, the UK courts require you to qualify and quantify the damages you or your company have suffered as a result of the infringement. Additional damages can be claimed for flagrant and generally commercial benefit from the infringement. But there's none of the absurdly inflated statutory damages that you see in US cases. This really does help to limit stupid de minimis cases clogging the courts, which sadly is not the case in the USA.
Don't get me wrong - I'm more than a bit unhappy with UK/EU copyright regimes, but the Gowers report (and the howls of fury it caused from Big Copyright) gave me just a glimmer of hope that a sane discussion of copyright is at least possible in the EU. Then IPRED2 happened to crush even that...
Firstly, I think it very unlikely that the current iPlayer mechanisms would/could be be ported to Linux. They're heavily dependent on Windows DRM, which in turn is heavily dependent on the Windows architecture (complete with Windows' methods for detecting debugger operations to prevent DRM bypass). Thus, while the APIs could be replicated on Linux/OS X, the protections would be trivial to bypass. Leaving aside whether MS would permit a porting effort.
OS X probably has a better shot - since you could implement the APIs without much extra paranoia, but use the inbuilt TPM on Intel Macs to ensure the OS and running environment was in a known good state. Since you can't count on a Linux box having a TPM, you can't make reverse engineering of the DRM system more difficult.
For what its worth, the tech guys at the BBC are fully aware of Linux, and it is in their plan to support it via iPlayer. The best way of accomplishing this isn't through technical means, but political. It's important for people to understand why the BBC is using DRM. They don't want to - it just increases running costs and introduces new points of failure into an already complex system. But the programme makers (who are often not the BBC) together with the contracted personnel who produce the programs insisted that any attempt to broadcast content in the clear would count as unlimited repeat broadcast. Which is fine, but it would cost the BBC a fortune to pay out as per contractual requirements. Hence the DRM enforced limitations, which are a sort of contractual enforcement by proxy. A pretty crappy one, but one which the lawyers would accept.
It's a simple problem to state, but hard to fix at a technical level - because there's no real technical problem. Existing contracts for TV works are written in language which predates the Internet and the on-demand style of viewing. Thus, it's always expressed in terms of initial showings, repeat fees, differential media exploitation rates, etc. Recent contracts which the BBC is creating are far more encompassing of alternative distribution technologies. So the final solution is to get far more sane exploitation rights written into contracts, which accurately reflect TV watching habits of the 21st century, and to stop wishing that the Internet and its on-demand modes of use would just go away.
Of course, the ultimate stupidity of all of this is that the programmes are being broadcast in digital form completely unencrypted right now! DVB-T/C/S transmissions spit this stuff out in full resolution (whereas iPlayer doesn't) which a $200 PC card can receive and store the content on a persistent device. It's almost like the the lawyers put their fingers in their ears and sang "Lalala! Can't hear you!" when this gets mentioned.
End result: Build a MythTV box with a Freeview card. You can suck down as many channels as you like and keep it for ever. Transcode to H.264 and a 500GB hard disk will keep 6 months of programming easily.
Slashdot Mirror
Perhaps this is true - the question which occurs to me is "how well does this chime with models from other economists?". If it was way out of wack with optimal predictions from other economists eminent in the field, then I'd say your supposition was right. If, on the other hand, the figures are of the same order (+/- 10 years) then I'd say your criticism isn't borne out by the facts, unless similar selection bias is evident in all economists considering copyright.
The papers that I've read on this subject (and Pollock's paper will take a bit of analysis on my part - not had time to do that yet) don't seem too far out of kilter. The consensus seems to be in the order of 7-40 years for copyright; which is way shorter than the life+{70,90} which most countries have in place. Some outriders have suggested getting rid of it, others that perpetual copyright is the only valid one. Those seem like extreme positions.
Certainly when the (UK Treasury commissioned) Gowers review concluded, (which, to be fair, concentrated on sound recordings, rather than copyright in general), the experts came up with the statement that the current 50 years should not be extended, and Gowers himself indicated that a good, evidence based, case could be made for reducing the copyright term.
So, in order to confirm or reject your hypothesis of predetermined result, I'd need to review both this paper and compare it with other papers in the subject. At first blush, I don't think your criticism is merited; but I concede I haven't looked at the paper in enough detail to say that definitively
--Ng
Sorry - not being sufficiently clear. The point was that the license that the GP suggested would apply to website owners (banks, government offices, etc.) - but that unlicensed service providers (in the USA) could not deploy encryption technology. It would be just impossible to require every US citizen to acquire a crypto license which would force their computers to adhere to US government IT restrictions. Thus, the foreign servers (whether for finance or other matters requiring confidentiality) would still have to use SSL or the like. And how would you prevent those external services being proxies (short of the USA declaring war on the entire world)? So the beleaguered US citizen would use SSL to the proxy server, and then tunnel SSL within that connection. Perfectly doable using existing setups.
Your other examples of administrative abuse don't really bear on this matter. It's one thing to go after a small group of individuals whose behaviour distinguishes them from the masses. It's another thing entirely to require wholesale filtering and mandatory spyware installation on the entire population's computer systems. It might have been possible 20 years ago, prior to widespread home Internet access. It's just not remotely plausible now.
--Ng
You make some good points - but I suspect that the solution which the BBC has chosen doesn't actually address the threats which they perceive. The distribution of the content within the UK is understandable - but that's a GeoIP protection, rather than a DRM based one. MS-DRM doesn't (and cannot) check to see whether the viewer is a valid UK license fee payer. If people redistribute content outside of the UK, then the BBC can hardly be blamed for that - even by the most bloody minded business partner.
It seems to me that the threats ultimately boil down to two points
If the MS-DRM is not cracked via the FairUse4WM method, then that probably means that the content is insufficiently compelling to be worth 10 minutes of cracking by anyone. More likely, it means that full broadcast quality rips are on general distribution, and that the inferior iPlayer clips are not desired.
I do hope that the OSC can impress upon the BBC the utter futility of the DRM mechanism. It's just snake oil that they've been sold by unscrupulous MS salesmen (not that any other DRM sales force would be any more scrupulous). As a license fee payer, I'm not much in favour of requiring extra equipment to view the content that the BBC sees fit to make available to others.
--Ng
I can't remember all the details, but ISTR that most publically available crypto systems were placed under the EAR (Export Administration Regulations) under the Department of Commerce, rather than the munitions list. The change happened under the Clinton administration, I think.
Anyway, I think the second amendment guarantees the right to bear arms (which various courts have indicated means firearms that can be personally carried), not all munitions in general. I'm pretty sure that your defence counsel would be less than happy arguing that your canister of nerve gas or your napalm flamethrower fell under the 2nd amendment. Good luck in trying, though!
--Ng
Not everyone, indeed. Including most judiciaries in the world!
I think most states would treat a password as like the combination to a safe. You cannot be physically tortured into revealing the combination, but refusal to obey a court order to perform the action may be taken as evidence to adduce guilt. But if the court was faced with a refusal with the statement "I don't know the combination", it would still be the prosecution's burden to prove that the refuser did know the combination. You cannot ask the recipient of the order to prove he doesn't know - that's impossible - but if there's reasonable evidence to suggest he did know it (ie, CCTV footage of his opening the safe yesterday, or production of documents which were in the safe a short while ago), then most juries would think that the recipient was lying. In the case of a crypto key, the fact that ciphertext exists on your hard disk is no evidence of key knowledge at all - any number of computer security experts would testify to that in a heartbeat.
If you have a key discipline regime which relies on rapid key changing, and you claim no knowledge of the key, then that's might well be a valid defence.
--Ng
Not really. As Ron Rivest illustrated with the winnowing and chaffing procedure, any one way hash function can be turned into a key based discriminator. In other words. you can send text in the clear, but with so much chaff that it is computationally impossible to determine the true text. At that point you'd field the defence that "Hey, I didn't encrypt anything. I just spammed a load of garbage packets into the stream". Would the law then become "Don't do anything we think might be suspicious"? At that point, you're saying the US government becomes an arbitrary entity, abandoning all constitutionally based jurisprudence - and the courts are happy to go along with it. On a purely practical level, since all existing OSes have crypto built in, how would you enforce this? Remember - it's not just web sites. IMAP servers, LDAP servers etc. all on the net have crypto built in. How do you enforce a rule saying that all of these systems must now comply with the no crypto law? Would the USG indemnify all service providers who suffered loss as a result of removal of transport level security? That might be a bill the US taxpayer is unlikely to wish to settle!
As for the licensed crypto, you would also have to ensure that such legislation was effectively global, or people would just use a proxy based outside of the host country. Of course, you could shut down all international Internet contacts (a la Great Firewall of China), but the cost to the economy of that would be massive.
The crypto genie is out of the bottle - it would be practically impossible to put it back in. The NSA and other TLAs tried (and succeeded) to hinder its widespread adoption within the civilian community. But in the end, the only real success was to hand crypto and security development to teams in Europe and Israel. A nice gift from Uncle Sam for us damn furriners, but not much good for the security of the USA.
--Ng
Extremely unlikely. You'd be trashing the entire electronic commerce infrastructure which relies on solid encryption. And there's no way a corporately oriented government system is going to do that.
Anyway - you've got no worries. If the USG tried that, you'd use all those wonderful 2nd-amendment protected firearms to overthrow it?
You mean the United Kingdom. Sadly Scotland is also sucked into RIP silliness.
The police and other law enforcement agencies still need a judicially signed warrant to obtain those keys. There's all sorts of stupidities in there - but let me ask a question: Why should you be able to refuse to obey a properly formed court order? If they served a legitimate court order to hand over they keys to your house, should it be legal to flip them the finger? If you think that encryption keys are somehow immune to warranted seizure, you have to say why. Alternatively, if you think that all court seizure orders are wrong, then you probably have to defend that one even more!
I don't have a problem with warranted search and seizure. I have a huge problem with the LEAs thinking that privacy is solely a cover for people to do evil things.
--Ng
It's not quite that simple. They do have to be able to demonstrate to the court that there was a high likelihood that you were in possession of the key within a reasonable time frame (ie, if you were receiving emails encrypted with that key until yesterday, and responding with emails which were also self-encrypted under that key) then the court might hold that you had the private key until recently.
Note also: if you revoke a key with a note saying "The coppers served a decrypt notice on me" - that's an offence. If you revoke it, people ask why, and you reply "I am unable to answer that question" - that's perfectly OK. Like there would be any other reason you would answer that! Talk about dumb!
However, in the scenario you outlined (the ephemeral key in RAM), you would be able to explain the arrangement to the court. It would be up to the prosecution to prove that you were lying. You are still presumed innocent. You cannot be prosecuted for being unable to provide a key you don't have - you can be prosecuted for failing to provide a key when evidence exists to prove that you did have it, and that you could reasonably lay hands on it. Since precious little case law exists to back any of this up, there's not much guidance to go by.
Note: the RIP Act really sucks. It's a stupid law, crappily written, with a lousy code of practice with so many holes in it, it's not even funny. And that, I suspect is why you'll never receive a decryption notice. I reckon there will be precious few decryption/key seizure notices served - because the coppers are terrified that the notices will be faulty. They'll probably serve them on a bunch of people using PGP when they've already got evidence on them from other sources. That way, if any of them do the "no such key" defence, they'll rely on the jury thinking "Yeah, but they're a bunch of shifty Muslim types, so they must also be guilty of that". Or it'll be some paedophile who would attract zero public sympathy. They won't use it on marginal cases - too risky.
--Ng
Are you sure about this? My copyright consultant colleague indicated that this wasn't the case. I was just going by his assertion. Since there is a free-trade between member states, any UK-only extension would not bind other member states to honour the extension, and hence any works out of copyright there can be imported without restriction. In other words, it would certainly affect the trade between member states, and thus becomes subject to harmonised legislation. It might be one of those cases where theoretically a member state can increase term, but as a matter of political feasibility it just won't happen.
Anyway - it's a little bit moot. Cameron didn't say a Tory government would alter the term; he said it would ask the EU to extend it. Which is why I think he was making good sounds for his audience, knowing that he wouldn't actually have to deliver on his promise.
--Ng
I have. I guess you don't know enough of them. If you recall, I was comparing the effects of smoking fumes with car accidents. Excess alcohol for driving purposes is defined two pints or greater. The Gloag paper said that a majority of accidents were due to excess alchohol. A majority, by definition is >50%, but Gloag didn't say what the majority was. Hence I assumed a 55% figure. Perhaps 51% would have been better. And yes, I focussed on died, since the effect of a slight wrist sprain isn't comparable with developing lung cancer. If the figures for serious injury were available (ie, life threatening, or causing permanent impairment) then those would be better.
Remember - the OP stated that your chances of being in a traffic accident after a driver had downed ONE pint were hundreds of times greater than catching cancer from second hand smoke. I was pointing out that such figures as I could find didn't bear out that statement. I used deaths because those were the only figures available for both populations. We can accept the much greater figures you cite below if we accept that the seriousness all hospital admissions for both second-hand-smoke related cancer and all road accidents are equivalent. Would you make that equivalence?
Seriously, if you have figures which indicate the relative risks of driving accidents after one pint (the OP's point) versus those of second hand smoke inhalation, I'd really like to see them. Not a snarky "non-challenge" - I'm genuinely trying to find out the true figures. The OP is making a serious point: if second hand smoking is no greater a risk than all public alchohol consumption, then there is no logical public health reason for allowing public alchohol consumption but denying smoking. And the legislation was floated on public health grounds.
But that figure represents all road accidents requiring admission. How many of those were due to someone drinking ONE pint, then having a road accident which hurt someone else? I can't obtain those figures - hence the estimates based on the BMJ figure.
If I get admitted to hospital suffering from lung cancer - what's the chance that it'll be a one day admission, then packed off home with an aspirin? Pretty bloody remote. If I get admitted to hospital with a cut forehead, or bruised ribs, I'll be in and out pretty soon, and probably not much the worse. I don't think the gross figures you cite are comparable with smoking related admissions.
Why would it be valid to extend the statistics for the most densely packed traffic centre in the country to those which were not so?
--Ng
I wouldn't worry about it. Give it a fortnight, and he'll be making a speech showing how he's totally cool with the ho's and bitches; and that this copyright thing's gotten way outta hand, y'know? So it's time to set the music free, right? And the Conservatives have always wanted to diss copyright.
That's the thing about Cameron. He's like NFS and Palestinians. Totally stateless.
--Ng
Of course he's lying to them. Look - it's an easy option for this tosser. Copyright term is harmonised across the EU. The UK government cannot arbitrarily alter copyright term. So Cameron sends his Europe flunkie to the halls of Brussels to wail for longer copyright terms. Germany (DG) and France (Vivendi) agree, but the other states can't be arsed, so say "no".
So Dave trots back to the BPI and says "Sorry guys, we tried our best, but those poxy Dagoes and Wops got in our way again. What a pity no-one sees things the way we do in Blighty. Ah well, can't be helped. Here - have a couple of knighthoods and a peerage for services to the Peruvian economy. Pass the spliff".
What a wanker. Vacuous, smarmy and perfidious. How the fuck can anyone have less substance than Tony Blair? I mean, I didn't think Blair-lite was even possible. It's like a whiter shade of pale. Oh bugger, now I'll have Procol Harum wanting money off me.
--Ng
Well, the effects of most car accidents are usually not fatal - in fact, most accidents don't involve injury. The effects of lung cancer and heart disease are a damn sight more serious than a smashed headlight.
But if we limit it to fatalities, the overall number of car accident fatalities in the UK in 2006 was 2920 (DoT statistics). The Gloag report in the BMJ estimated that 25% of those fatalities were attributable to alcohol - about 730, but the majority of those involved excess alcohol (2 pints or more). Lets estimate a low majority (55%) - 402. So I'm estimating that we could save 328 deaths a year by banning alcohol except in the home. But this also assumes that no-one drinking at home gets behind the wheel of a car. And this is also assuming that everyone who gets killed is an innocent victim and not the drunk driver. I reckon the figure of lives saveable is probably around 80 a year (50% fewer from lower drink driving, and 50% lower than that because it's not the drunk driver topping himself)
The number of deaths attributable to second hand smoke in the workplace was 517 (Jamroznik, published in the BMJ). That's excluding those who also are exposed to smoke at home. So by banning smoking in public places, we can save the vast majority of those people - about 500 a year.
So I think you'd lose that bet. You're more likely to catch disease from a smoker than get twatted by someone who's drunk a pint of beer and got behind the wheel of a car. Anyway - it doesn't really follow. Alcohol consumption does not render the environment inherently more toxic (it renders it more dangerous in concert with other activities); pumping toxins and carcinogens into the local atmosphere in a poorly ventilated area is obviously more directly dangerous to a persons local environment.
--Ng
Bollocks. Wandering through the countryside in Devon and Somerset, I think I was caught on camera, oh, maybe not at all. I wonder if that's because there are no cameras there. Hell, in that part of the world, they've barely got electricity. But the cider is nice...
You mean in the cities. Since I live in Bristol, I did a little camera hunt around my neighbourhood a week ago. There are security cameras in front of the local shops (owned by the shop proprietors). I'm sure the buggers litter the main shops in Broadmead and so on, but it's hardly the Big Brother scenario (ie, they're not all owned by the state, spying on the citizenry). But around residential areas? Nope. None at all.
It probably is more true in London than in all other UK cities (serves you right for living in that shithole
--Ng
The paragraph states that the conclusion which has been presented, that the USA is doing better than the EU on gas emissions is not justified by all of the data, but rather only an unrepresentative sample of it. It does not say that the White House is "lying" (why, by the way, did you quote that word, when it does not occur in the text? From where do you derive the quote?).
The claim is labelled false, which could indicate a failure to understand the implications of all the data, or it could illustrate mendacity on the part of the White House. But the claim is an empirical one: that when the data assembled is considered, it does not support the conclusion from Mr Snow, namely:
Your language makes me suspect that by labelling such a critique as a "Bush is evil" rant, it becomes easier to discard its conclusions, because you can then impute the motives of intemperance and/or tribal partisanship to the author. Such meta-arguments are not justified in this case.
I can detect absolutely no conspiracy theory being implied from the text of the paper. It constructs a chain of reporting, from the Washington Times, to a report of a statement made from the White House. If the reporting of these sources is incorrect, then please state where and why. If the conclusions drawn from the data are incorrect, then state where and why.
This is not an accurate claim. Of all the UN Framework identified greenhouse gases, only Sulphur Hexafluoride and Nitrous Oxide do not contain carbon. Methane, HFCs and PFCs all contain carbon. The White House statement focussed purely on CO2. And the baseline year of 1990 was selected and agreed upon by the USA so as to make reporting meaningful. An agreed upon year is essential specifically to stop statistical manipulation, and to prevent one-off events like the air traffic drop resulting from 9/11 from affecting the overall performance on greenhouse gas emissions.
I have made no such claim, nor is any such inference from my statements justified. Please substantiate or withdraw that claim.
May I also point out that your original statement was:
You have explained - I think inadequately - why the first of the implications ("Bush is evil") is there. Would you mind substantiating where on the first page the report of Washington Times discrediting occurs?
Where, exactly, does it say this? There is absolutely no "Bush is evil" judgement on the White House on the first (or any other) page of the report. It does say that the White House misused statistical data there - which, given that the intent of the paper is to describe how data has been misused is hardly surprising, nor unprofessional.
Similarly, the reference to the Washington Times was to cite the source of the opposite point of view. What is the author supposed to do when the White House bases public policy based on misinterpretation of data, on the suggestion of an article in the Washington Times? Ignore it? Say "Well, it's OK, really, because a newspaper report doesn't have any scientific credibility anyway". There is absolutely no complaint about being discredited anywhere. Where did you see this: it seems to be neither in the web article nor the PDF report?
Of course the paper is biased: anyone who is making a point is biased. But if you wish to ascribe the motive of prejudice to the author, you must show where it is displayed. The examples you give, as far as I can see, simply do not exist.
No. 1990-2004 is the "right one" because that's the timeframe that the USA, the EU agreed to use. From TFA:
And in a footnote on the same page:
Treating the years as arbitrary is disingenuous when baseline timeframes are already agreed. Furthermore, picking the date of 2000, in the knowledge that the 2001-2002 air traffic was way down because of the 9/11 atrocity smacks of terrible cynicism.
--Ng
The paper's author did not arbitrarily pick 1990 as his reference point. As mentioned in the paper, an agreement between various UN signatories (including the US) to the climate change framework agreed to use 1990 as a reference point so as to give a coherent window on data analysis. Thus, to select a year different to one that the US has already agreed to use leads one to the question - why?
The paper also points out that because of 9/11, the US air traffic for 2001-2002 dropped significantly (NB: I don't know if this is true or not. Intuitively, it seems likely - can anyone confirm?). Thus, the emissions from that sector dropped, but subsequent recovery has eliminated that blip from the calculations.
Again - there is an agreement (signed by the USA) to measure all greenhouse gas emissions, and not just the headline CO2 figure. Moreover, not all gases contribute equally by weight to climate change. ISTR that methane is worse than CO2 in terms of greenhouse gas effects, and global growth rate of CH4 emissions is greater than that of CO2.
The problem here (and I can't just blame the White House) is that governments are still treating much of the climate change problem as a national PR one. It's not: there is no such thing as the American, or European climate. If one accepts anthropogenic climate change as a problem, then one must also accept it as a global problem.
You ask the question of why wouldn't the WH spin the results positively. The answer should be that nature can't be fooled by PR and spin (anybody's spin). It really does no good to selectively use statistics to try and prove your doing well when you're not. A doctor isn't expected to report the good news that your high blood pressure is down and suppress the news that he's detected your fatal brain tumour.
--Ng
Economics of interoperability. If each device manufacturer goes with their own way for encryption then the devices will cost too much. As for ICEs not working against modern hardware, I think you may be incorrect there. Just as the crypto chips have got faster and harder, so have the ICEs. To take an example: TPM chips for PCs tend to come from one of three manufacturers - Infineon, Atmel and Nat Semi. Of course, HP, Dell, Sony, IBM, Toshiba and so on could all invent their own chips, their own bus controllers, etc, but then the interoperability costs become huge. So to make HD-DVDs/BDs work on all platforms, you'd basically be asking for each major manufacturer to spin custom silicon in each instance. The cost of that would be massive.
It does exist, and it is expensive. But were the demand higher, then those costs would come down. Secondly, it doesn't have to be real-time at all - you can do it frame by frame if you will. Or would you also authenticate and encrypt the control channels (ie, the remote controlling the player)? Pretty soon all of those encrypted channels start to require extra margins in the price of the device. It's not just a matter of signal security - it's a matter of signal security at a cost the market can bear.
The only reason that HD capture devices are so expensive is because it's much cheaper to decrypt the signals at source rather than the decoded ones. You've already demonstrated knowledge of this, but it's worth repeating - you have to protect the signal at all points, and protect it to an economically viable level. Honestly, if Sony thought it could pull the same stunt that it did with MiniDisc except for HD video, then I'm positive they would have done. They (and Toshiba) have got their own fab plants. Since they didn't do it, I don't think it was because they were stupid - it was because they didn't think it worth it.
--Ng
Yes - just a small matter of implementation
You are correct, of course, that hardware key storage is generally more effective than software storage. The problem, however, is that key storage isn't the end of the story. Sure, you can embed a TPM chip in epoxy resin, and surface mount that chip onto the motherboard - but it can still be removed. Tricky, yes - error prone, also true. But it can be done. Which means that, assuming it's not some totally proprietary design it can be inserted into a standard PC motherboard and exploited from there. If it is a completely proprietary chip, well, the record of such security systems working is less than stellar. Tends to be of the same order as proprietary crypto algorithms. In using AES, the AACS designers made at least one good technical decision.
Even if not removing the key storage device, the buses which connect it to the rest of the system are still subject to probing via ICEs. And all of this assumes that the electrical characteristics of the systems don't exhibit any exploitable variances like key-dependent delays in processing (side-channel attacks).
And even if you had that down pat, you've still got the fact that the connection from device to display is only protected by HDCP, which was cracked years ago. And there's no real protection on digital audio outputs, so capturing that frame-by-frame and remuxing to high quality rips would still be eminently possible. The only reason there aren't HDCP strippers and HD capture devices all over the place is because AACS has been rendered moot. If the keystream still held secure, you'd simply see another attack vector.
Now here's the other problem: in order to get the backing of people like Microsoft and other likely media centre manufacturers, the HD-DVD camp had to promise Managed Copy (Blu-Ray said they would also provide it). In other words, they had to promise that copying to a non-hardware-secured device would be possible. And if you just shift the problem onto the the PC that way, you haven't really bought anything.
All told - your analysis is spot on - h/w only operations are harder to crack. But from a technical and business commitment standpoint, it wouldn't make any real difference. The incentive to crack is far greater than the technical obstacles in place.
I suppose it all comes down to the age old cliché - security is a process, not a product. And with AACS, it seems that the content producers have only semi-digested that point. Without control of the entire delivery chain - something that is both technically and legally impossible you cannot square the circle of both giving someone the key and not giving it to them at the same time.
--Ng
https://help.ubuntu.com/community/RestrictedForma
The problem is audio codecs. Most HD-DVDs/BRDs have either E-AC3 (A/52B) or TruHD audio, which ffmpeg currently cannot decode. There are folks working away on it, but it might be a while before concrete results are available. Until then, one possibility - if fiddly - is to demux the video/audio/subtitle streams under Windows using some of the tools available on Doom9 and then transcoding the E-AC3 tracks to AC-3 (or TruHD to FLAC) using EAC3To. You can then remux the video/audio/subtitle tracks into Matroska, and use mplayer or VLC to watch it under Linux. Cumbersome, and not very friendly, but you won't lose any video quality, and if it's FLAC, you won't lose audio quality either.
--Ng
It has been suggested that the reason for AACS, HDCP, BD+ et al is not so much to protect content, but rather to ensure that players for HD media are maintained in a small, hopefully non-competitive market. For instance, DVD players now can be picked up for little more than the price of a DVD (OK, OK, pretty crappy ones, but you get the idea). But with all of the licensing agreements for HD-DVD and Blu-Ray, together with the key issuance procedures and diligence, this imposes major costs on manufacturers, which will keep player prices high. Of course, it also ensures that TVs/computer displays have inflated prices as they struggle to build in HDCP type mechanisms.
Many of the major content producers have fingers in the consumer electronics markets too - having ultra cheap HD players isn't good for their margins. It won't last forever - nothing ever does. But perhaps the next big thing will have come along by then - HVD based disks with UHD resolution, perhaps; and the market exclusion game can begin another cycle.
--Ng
It is in some ways, but not others. For instance, parodic use is not explicitly permitted under the fair dealing defence, but the Gowers review recommended that it be explicitly included - which HMG has accepted. The courts have repeatedly held that parody is generally acceptable. News reporting, criticism and education, however, are explicitly allowed as defences. This video would almost certainly fall under the second and third items of that list.
But the real limiter in UK copyright is the actual damages provision. Unlike the USA, the UK courts require you to qualify and quantify the damages you or your company have suffered as a result of the infringement. Additional damages can be claimed for flagrant and generally commercial benefit from the infringement. But there's none of the absurdly inflated statutory damages that you see in US cases. This really does help to limit stupid de minimis cases clogging the courts, which sadly is not the case in the USA.
Don't get me wrong - I'm more than a bit unhappy with UK/EU copyright regimes, but the Gowers report (and the howls of fury it caused from Big Copyright) gave me just a glimmer of hope that a sane discussion of copyright is at least possible in the EU. Then IPRED2 happened to crush even that...
--Ng
God damn it! What have you been told about the first rule of Usenet?
Listen to the man. Usenet is pretty much impossible. Nobody uses it. You need a Ph.D. in astrophysics to even comprehend it.
(Thinks: Is that enough lying?)
--Ng
Firstly, I think it very unlikely that the current iPlayer mechanisms would/could be be ported to Linux. They're heavily dependent on Windows DRM, which in turn is heavily dependent on the Windows architecture (complete with Windows' methods for detecting debugger operations to prevent DRM bypass). Thus, while the APIs could be replicated on Linux/OS X, the protections would be trivial to bypass. Leaving aside whether MS would permit a porting effort.
OS X probably has a better shot - since you could implement the APIs without much extra paranoia, but use the inbuilt TPM on Intel Macs to ensure the OS and running environment was in a known good state. Since you can't count on a Linux box having a TPM, you can't make reverse engineering of the DRM system more difficult.
For what its worth, the tech guys at the BBC are fully aware of Linux, and it is in their plan to support it via iPlayer. The best way of accomplishing this isn't through technical means, but political. It's important for people to understand why the BBC is using DRM. They don't want to - it just increases running costs and introduces new points of failure into an already complex system. But the programme makers (who are often not the BBC) together with the contracted personnel who produce the programs insisted that any attempt to broadcast content in the clear would count as unlimited repeat broadcast. Which is fine, but it would cost the BBC a fortune to pay out as per contractual requirements. Hence the DRM enforced limitations, which are a sort of contractual enforcement by proxy. A pretty crappy one, but one which the lawyers would accept.
It's a simple problem to state, but hard to fix at a technical level - because there's no real technical problem. Existing contracts for TV works are written in language which predates the Internet and the on-demand style of viewing. Thus, it's always expressed in terms of initial showings, repeat fees, differential media exploitation rates, etc. Recent contracts which the BBC is creating are far more encompassing of alternative distribution technologies. So the final solution is to get far more sane exploitation rights written into contracts, which accurately reflect TV watching habits of the 21st century, and to stop wishing that the Internet and its on-demand modes of use would just go away.
Of course, the ultimate stupidity of all of this is that the programmes are being broadcast in digital form completely unencrypted right now! DVB-T/C/S transmissions spit this stuff out in full resolution (whereas iPlayer doesn't) which a $200 PC card can receive and store the content on a persistent device. It's almost like the the lawyers put their fingers in their ears and sang "Lalala! Can't hear you!" when this gets mentioned.
End result: Build a MythTV box with a Freeview card. You can suck down as many channels as you like and keep it for ever. Transcode to H.264 and a 500GB hard disk will keep 6 months of programming easily.
--Ng