The people at the MPAA know "perfect digital copies" is not really an issue, just like they know the actions they are asking for won't really help commercial copyright infringement (ala "piracy") that much.
But this phrase has turned out to be very effective in getting votes in congress. It was used to get copy protection put into DAT in 1992, and "solving the digital copy problem" was the basic philosophy behind the DMCA.
Count on both the MPAA and the RIAA to milk this term as long as it remains effective, even though it is really nonsense. Basically, they are both going to continue demanding government hand-outs as long as they can. They don't care about the damage to society damage, so long as they can steal power and money.
The FCC has not yet mandated the copy protection flag (according to what I've read) but is "considering it". Here is my potential letter to the editor if they decide to make it manditory.
The FCC, at the behest of Hollywood funded congressmen, is adding a so-called "copy protection flag" into the Digital TV (HDTV) standard. This flag will give Hollywood the ability to prevent citizens from performing normal actions like recording a TV show for later viewing and using a "fast-forward" button on the shows they do allow you to tape!
Hollywood says they need this power to control your legal actions because of "piracy", but they are the real pirates because this is a massive theft of normal people's rights. Today people can make legal copies of TV shows, can legally bring these copies over to a neighbor, they can legally "pause" or "fast-forward" through the recording as they want. This FCC mandate will allow Hollywood to prevent people from performing all of these legal actions.
The FCC mandated flag is in response to intensive Movie/TV/Music industry lobbying efforts. Hollywood first tried a congressional bill, but has now made an end-run using the FCC and government bureaucracy. The FCC mandate was requested by Congressman Berman of California ($186,891 in 2002 donations), and Senator Hollings of South Carolina (only $33,000 in 2002, but $287,534 in 1999-2000).
Congressmen Hollings and Berman are just the latest who have given Hollywood and the Music industry big government hand-outs. Copyright piracy is the universal excuse for these laws, but in the end it is the ordinary citizens who are being stolen from. The length of copyrights has been extended 11 times in the last hundred years. Disney is Congressman Berman's number one contributor, and has successfully extended the copyright term from 28 to 95 years (so far). Disney was quite willing to use (free) public domain stories like Snow White and Pinocchio to make movies, but they have made an even better investment by getting laws passed so that the Disney versions won't properly go back into the public domain.
Lets look at the last time congress "helped prevent" piracy. Hollywood was screaming about potential piracy from video rentals, and Congress responded with section K of the Digital Millennium Copyright Act. The DMCA mandated that all VCRs built after 1998 had to have "copy protection" built-in. Hollywood promptly used the DMCA mandate to make all VHS _and_ DVD movies "copy proof", not just the VHS rentals.
What Congress and the DMCA actually did was to give Hollywood the ability to prevent people from performing legal actions. My new VCR prevents me from backing-up tapes that I own, something that is perfectly legal and necessary (since my toddler has already worn out a number of VHS tapes). Hollywood argues they can do this (with a straight face) because congress actually restricting which tapes they could copy protect would be government meddling.
In summary, the FCC mandate to add content control to HDTV is not actually about preventing copyright abuse. The government mandate will help Hollywood steal your rights, and eventually your money. Contact your Congressional Representatives and let them know what you think of this.
I am writing this letter as a private citizen who is greatly concerned about current and past FCC actions when it comes to copy protection. I'm referring to decisions already made about copy protection in cable boxes, as well as the upcoming Digital TV Broadcast flag.
I'm an expert in applied cryptography, and in my prior job I was the security architect for the Atalla/HP Network Security Processor product line that handles more than 70% of the Banking ATM transactions in the USA. I was also a participant of the BPDG process, although I submitted no formal comments.
The FCC decisions in favor of control will eliminate legal activities of ordinary citizens, and are in effect a non-congressional grant of privilege to whomever controls the settings of these so-called copy protection flags. Since this control has historically ended up in the hands of the copyright holders (such as the RIAA and MPAA), the effect has been to steal rights from the citizens and give them to the copyright holders.
The FCC should reject any call towards mandating the so-called copy protection provisions. Failing that, it is absolutely mandatory that the FCC control and police any use of the copy protection signal. I will agree that government meddling in this area is not welcome, but with these decisions the FCC is already doing just that! The way the MPAA misused section K of the DMCA is a clear warning as to how the broadcast flag will be misused if copyright holders are left in control (see below).
I'm not going to discuss the issues in any further detail, because they have already been well described by the EFF's letter (http://www.eff.org/IP/Video/HDTV/20020807_eff_bpd g_fcclet.html). I'll close by sharing my "letter to the editor" in case the FCC makes the broadcast flag mandatory. I think the public will find these arguments quite compelling. As an industry expert and BPDG participant, I should note that the restrictions mentioned in the second paragraph are technically feasible and will quite likely be imposed unless there is a specific government regulation that stops them.
Yes, contacting them by phone is easy, but I do have one suggestion. Instead of giving them a 5 minute speech on the phone, simply tell them that you are opposed to it. Than offer to let them know the reasons, and ask them the best way to do that.
During both of my phone calls they asked me to fax my reasons instead. It makes sense, because your carefully selected words have a better chance to get through that way. The person you contact on the phone is going to make notes, but don't count on an exact rendition of your elegant arguments. Most likely the senator will get some kind of mass summary of all calls, but important points you may have made will be lost. If you really want arguments heard (as opposed to your simple opposition), you have a much better chance with fax or email.
Norton has never made any Windozer I've installed it on unbootable
I had to rebuild my WinNT4 system from scratch twice because NAV combined with WinFAX (from the same company) caused a blue-screen upon boot. I did not quite figure out went wrong the first time, and put over 40 hours trying to recover with out the total reinstall (trying registry edits, etc.).
Once I rebuilt the system, I only reinstalled NAV (required to connect with my office). A few weeks later I reinstalled WinFAX, and boom it happened again. I used McAfee after that with no problems.
There is no need to mark a video tape with a Macrovision label. If you use the tape *legally*, Macrovision does not affect the performance of the tape or VCR.
This is an absolutely false statement. It is perfectly legal to make a back-up copy of a VHS tape. MacroVision prevents me from performing this action with newer VCRs (now that the government has mandated that all VCRs respond to MacroVision in section K of the DMCA).
My child has worn out several VHS tapes of his favorite programs. It was when I tried to make back-up copies of those tapes that I found out JVC snuck copy-protection into their product with no notification to the consumer (nothing on the box, in the manual, or on the website)! We really need a truth in advertising law, so consumers can make informed decisions about products that limit legal actions. Meanwhile JVC will not get any more of my money, or any more recommendations.
I've tried contacting Sony about replacing the Elmo tapes, but they have not answered me. This was a normal purchase, not a rental tape, which means Sony had no reason to activate the MacroVision signal on this tape. Since they did turn-on the copy protection flag on the tape (not to forget helping get a law passed that stopped me from making back-up copies), they should be responsible for replacing the worn-out tape. I figure hell will freeze over first.
I fail to see how it is a good idea to ban the sales of copy protected CDs.
One simple reason, copy protected CDs make a mockery of the 1992 Digital Recording act. The RIAA already got the benefits (SCM added to DAT etc., blank media tax), and now they are trying to get away with not living up to their side of the bargain -- consumers have the right to make digital recordings of digitally recorded music.
This is also the reason they should amend section K of the DMCA - the MPAA clearly broke the spirit of the deal. Both laws were written without anything to enforce the industry to live up to their side of the bargain, and they naturally want to fully exploit the law as it is currently written (I'll forgo detailing both industry's lack of ethics).
Since both parties have clearly shown loopholes in the existing laws (making a killing in the process), it is time to close these loopholes and force them to observe their side of the bargain. What have you got against closing loopholes?
PS: The subtext of this comment is a mock-libertarian stance, the record companies ought to be able to do what they want, and the market should deal with it. This ignores the fact that government regulations and rules are already very, very, involved (like the definition of copyright). This thinking that the current laws we have now are "natural", and the market can correct any problems with them is at best simplistic.
I don't see why the poster does not remember libertarianism applies to individuals as well! The companies have already rigged the games with rules and regulations that take away individual rights. Where does he get off that this is a totally natural process. If you scrap the current copyright laws, and (somehow) manage to design them fairly, than I could appreciate a "let the market take care of it" stance. Meanwhile, I'm glad Rep Boucher is not waiting for this mythical time and is taking steps to close loopholes that rob the citizenry!
The topic of fair use has come up in DMCA prosecutions a fair amount. The courts have already ruled that the DMCA fair-use provision does not apply to anything (another way of saying it was a worthless provision).
At least two judges are on record saying that publishers are under no obligation to "facilitate" fair-use. In the DeCSS case it was suggested people could use VHS recordings instead of DVD to obtain fair-use rights (a truly clueless opinion, given the fact that (a) much material does not appear on VHS, and (b) the VHS tapes now have technology that prevents fair-use too). Another judge suggested that people could use a camera to take multiple still shots from a movie (forget who, it was a recent case).
This issue is the primary cause of Digital Consumer . They are trying to get fair-use protected (from laws that steal them away) and enforced (from judges like the above that don't see a proactive need to protect these rights). Given the way special interests have stolen rights and property from the public in the last 10 years, I think this is a very necessary action.
One of my biggest upcoming concerns is the fact that DRM protections won't expire when the object enters the public domain. Given the length of today's copyright terms, I guess this is only of interest to far sighted people. The same types of judges who think fair-use does not need any protection are sure to ignore the fact that material only released under DRM protection expiration will never enter the public domain unless copyright holders/publishers are forced to place it there.
Don't think just because a product has been certified to meet FIPS 140 standards, that it is actually secure for the way you want to use it. Basically, FIPS 140 is a method of ensuring that the product works as it was designed. You may have implemented your design perfectly, but if the design has poor security, your product will too.
Lets say that your wireless product uses WEP. There is nothing that would keep you from getting a FIPS 140 certification for that product, even though WEP is a really broken algorithm. All the FIPS 140 cert does is assure people that you really did implement WEP.
Aside from assurance that the product works as designed, the best use of FIPS is for hardware security designs. Unlike logical security, it is fairly easy to specify the requirements and goals you want your hardware security systems to meet. The labs that perform certification also have a lot of experience in ensuring products meet their design goals. So FIPS 140 (IMHO) is an excellent standard for hardware.
Another problem with any certification, including FIPS 140, is the need to recertify anytime you change the certified sections. The way most people do this, is to compartmentalize the security sections (which hopefully rarely change). Never worked for my last job, where we had to change these types of sections several times a year.
So, to directly answer your question, I think asking for a FIP 140 certified product will not buy you much security for your problem. The idea is to solve the security problems as they are installed in your system. The Common Criteria standards will probably work much better for this (but here your organization is responsible for getting the certification, although it helps if your vendors can supply components that are already certified).
Actually, FIP140 level 1 and 2 can be met just with software (parts of Netscape are/were level 2 certified).
Open source vs. closed source should not make any differece. The key is the cost, everytime to modify it, you have to recertify it! Granted the recertification will cost less than the first time, but it is best to isolate the security sections as much as possible.
See my other post for comments about what certificaiton actually buys you.
The EFF DES CRACKER did not do anything special with the DES engine in their chips (http://www.eff.org/descracker.html). Since DES is a popular algorithm, they had a good selection of hardware library routines to choose from. The main design difficulties were packing many execution engines onto a single chip, and setting up an efficient dispatching/testing architecture that coordinates and manages the parallel processing.
In the last few years, quite a few efficient implementations of other algorithms have become more common (probably due in part to the proliferation of SSL and IPSEC accelerators). As I mentioned before, the "hard work" of managing the parallel processing has already been done, and they could easily switch the design to use some other crypto engine.
The EFF "DES CRACKER" is a brute force attack, which has nothing to do with the strength of the algorithm. It consists of a whole bunch of parallel processors that can try different key ranges. Right now they are programmed to perform DES, but they could just as easily be programmed to perform some other algorithm.
The lesson you should get from the EFF's DES CRACKER is not that something is wrong with the DES algorithm; rather it is that 56-bit keys are weak when you take into account today's computing power. If you are encrypting something important enough, you should choose an algorithm that has a larger key size.
The 3DES algorithm uses DES 3 times (hence the "triple-DES" label), and as I mentioned before provides a key strength somewhere between 112 through 168-bits. There are a number of reasons to avoid 3DES, but so far the strength of the algorithm is not one of them.
* Performance is one reason, DES is fairly slow by itself, and 3DES requires 3 iterations.
* 3DES key management is comparable to other algorithms where keys are longer than the data block size, but is trickier than single-DES (because single-DES has the property that keys can be encrypted with a single data block). Naïve upgrades from DES to 3DES render many protocols vulnerable (correcting those problems contributes to how I make my living).
* It is also important that 3DES be performed in an atomic manor, since the ability to separate the DES calls would leak information. This is just a difference in implementation (where 3DES may be more likely to have a sloppy implementation), since most algorithms would leak similar types of information if internal states were revealed.
* You might decide that you should avoid 3DES because it is being attacked the most, and therefore is more likely to fail. Of course that would only be a benefit if the attack did not work on other algorithms. Also it may be more likely that a DES break would be made public, while breaks against lesser-known algorithms are more likely to be kept private.
Another thing to consider is key size. DES is kind of lumpy, and does not allow a smooth set of choices (40-bit, 128-bit, 129-bit, etc.). But right now I think some of these key size differences are fairly academic (history will eventually make this statement wrong, but it will apply for a number of years). Once you start getting beyond a certain point, say 110-150 bits, exhaustive search is beyond any technology currently dreamed of. When you are looking at searches that are larger than the estimated number of atoms in the universe, it is going to take a completely different tack to break those types of algorithms.
There are a whole bunch of ways, in theory, to break these large key algorithms without doing an exhaustive search. The most straightforward method is an algorithmic "break", where a weakness in the algorithm is found that allows it to be broken faster than exhaustive search. That is why DES (and 3DES) is popular, because this type of breaking is considered less likely to occur in this very well studied algorithm. Most likely the weakness will come in the form of a new attack type, which today's expert designers did not protect against. But there are other problems with larger key sizes, like lack of entropy. It is very difficult to obtain the high-entropy random numbers required by 256-bit keys. With today's technology, it would be much quicker (and possibly even practical) to attack the randomness of the key generator, rather that trying an exhaustive search.
In summary, concluding 3DES is weak, merely because an exhaustive search attack has been performed against 56-bit single-DES is misguided. There are a number of good reasons to avoid 3DES, but you have not mentioned the ones I would consider valid (see above). It is interesting that you should bring up WEP, since the problems with WEP are: it was naively designed, and it was not subject to the widespread review that contributes to our state-of-the-art cryptographic designs. DES is in precisely the opposite position, because it has withstood the most rigorous reviews of any cryptographic algorithm.
PS: Another interesting point is that 2 of the 4 algorithms you mentioned as an alternative to DES need to be approached with a bit of caution. I would recommend careful study of the current cryptographic academic research before using RC4 or CAST for important uses.
Myself, and many others, regard it as amply strong, very unlikely to be cracked (as DES was)
To answer these questions, first define "better". Blowfish is faster, and for some people that is enough. When it comes to the security of 3DES vs. Blowfish, I think it is safe to say that the jury is still out on this one. Although evilviper claims DES is cracked, I don't think this is an accurate term.
There are only two attacks on DES that come even somewhat close to being an "crack": (1) exhaustive search and (2) an obscure oracle attack. The oracle attack has not received much mention recently, but requires a million+ carefully chosen plain-text trials before reducing DES's strength below exhaustive search levels.
I believe evilviper was referring to the EFF's DES-cracker which performs exhaustive searches on the DES algorithm. The exhaustive search attack is based on the key length, not the algorithm. If you use a 56-bit key for Blowfish, a Blowfish cracker would exhaustively search all possible keys even faster (since Blowfish is quicker to run than DES). 3DES key lengths are 168-bits, but their effective strength is less (probably getting close to 112-bits given lots of storage for a meet-in-the-middle attack).
So if they have comparable key lengths, is Blowfish better then DES when it comes to design? There is no easy way to tell. One way to judge is by the number of hours it has been examined, and what problems have been discovered. DES is the most publicly examined algorithm, and has stood up very well. It is hard to say, but I'm willing to bet that DES has undergone 2 to 4 orders of magnitude more scrutiny than Blowfish.
Does that mean DES is more secure than Blowfish? No! But a cautious person could believe DES was more reliable, because it has been scrutinized so much more than Blowfish. This is the primary reason banks are moving to 3DES instead of AES. 3DES may not be fast, but it is very reliable.
I worked for a large computer company for 12 years, which is a virtual lifetime in Silicon Valley. I had to get my salary "adjusted" five different times, and three of those adjustments were helped by counter offers. I've found this is a normal process when you work for the same company for a long time, where salaries are increasing. Very few companies have good enough yearly/merit raises to match the outside world (long time IBM workers being paid less than 50% of the going rate).
You should not have to quit to get your salary adjusted to current levels, and most companies recognize this. On the other hand they don't usually go out of their way to give you an adjustment. The company I worked for was fairly progressive, and only one of my pay adjustments happened without much effort on my part (good manager I think). Although I'm focusing on pay, there are a lot of other considerations that you should not forget too.
The rest of the times it took a lot of effort. You can start off playing the game by the rules. Make sure your actual job duties match your formal description, since that is how they determine the salary range. Expect to be doing the actual work of the next level for a year or so before it get recognized. Find out the pay range for that level and where you fit in percentage-wise. Obviously, the lower your salary in the range, the more room you have to get an adjustment (also obviously this only applies to large organized companies, my current start-up does not have any of this formalized).
What I often found was that even given a salary in the low range, it was hard to get adjustments. They might appreciate what you are doing, but that was not enough reason. This is where job searching and counter-offers come in. Of the three times I went down this course, twice I had offers in hand, and once I let them know I was searching and my new salary looked to be $xxx more than I was making. I should note I was serious about the job hunting, but I was open to counter-offers that addressed my needs and wants.
Your manager might not like this technique, but will normally be on your side when they consider the pain of replacing you. If your manager (or someone in the chain of command) is not on your side, just go with the new job!
The biggest key to avoiding repercussions is to make sure you don't rub anybodies face in it. Don't brag about it to your co-workers, and don't make this a yearly practice. Try to have some solid figures (this is where a job offer helps, can't get much more solid than that), and get your superiors on your side. That is the way to work for a large company for a lengthy period of time without being underpaid.
Actually, the limiting of benchmarks is a disease only common in the database industry. To the best of my recollection, this practice started right around the time Oracle put a "cheat" mode in to speed up their TPC/A benchmarks.
The point is that these clauses were pretty much only used with a small subset of customers, who purchased large expensive databases with extensive and highly negotiated contracts. Even then this was at best an unethical practice, and was most likely an illegal limitation. Later Microsoft started using it on shrink wrapped copies of SQL Server. Now Microsoft is trying to limit normal consumers, and even worse they are doing it as a stealth attack!
The reason it is most likely illegal goes to the heart of the EULA debate. In the US we have certain default conclusions in a contract, often codified as "Commercial Codes". Formal contracts can change these defaults, but the changes have to be reasonable. Typically it is much harder to change mass consumer purchases. A classic example is when a book publisher tried using a EULA equivalent preventing the purchaser from reselling the book. The courts ruled it an illegal contract since the purchaser was not given anything of value in return for giving up the right of first sale.
The biggest problem with a EULA, is that companies are trying to change a consumer purchase into a negotiated contract. Except of course that the consumer did not actually have a chance to negotiate, usually gets nothing in return, and even than the company usually reserves the right to change the EULA anytime they want to. It makes a mockery of contract law!
So the key to my post was that Microsoft is trying to limit my rights by applying a contract to a normal consumer purchase, and limit those rights without giving me a sufficient return. The mere right to run a Windows patch updating program is not sufficient compensation for me to give up the right of publishing benchmarks on an unrelated program!
Two more comments. First UTICA, the reason why people are so upset with UTICA is because it was a one-sided attempt by the software industry to change the contractual defaults all in their favor, and perhaps even making some previously illegal EULA's either legal, or even unneeded.
Second, there is little-to-no justification for an anti-benchmark clause. Yes, I have no doubt there are some poorly run benchmarks, but why should a company have prior restraint to protect against this? If a person publishes a poor benchmark, expose them and they have no credibility.
Finally, lets drive the consumer vs. negotiated point home. Consider that you buy a book, and as a condition of selling you the book I dictate that you could not publish a review of my book unless I verify your review and gave you prior written permission. I would explain that I want to make sure you have all your facts correct (because previous reviewers misquoted me). That "no review clause" would be illegal, unless you had some special relationship with me: like this was a custom made book with a specially negotiated contract, or I was giving you a special advance copy for free. Without that special relationship, copyright law covers the conditions of the book sale; and copyright law does not give me the rights to restrict your publishing of a review of my book.
Microsoft has a new version of the "critical update file" (at least for Win2K systems). Buried halfway through the EULA text (in a box which can not be printed, cut-and-pasted, or expanded) is a clause that prohibits you from providing benchmarks on the.Net components without prior written permission from Microsoft.
For some reason, Microsoft thinks that using some software for updating Windows security holes provides enough value that you will forfeit your free speech rights (by not publishing.Net benchmarks). I'm pretty sure this clause would be thrown out in most courts (and it is related to the NAI anti-disparagement wording that drew a New York state law-suit).
Of course, the other thing I wonder is why Microsoft is so afraid of.Net benchmarks being made public?
I accidentally modded Rogerborg's post down, and the only way I've found to undo that is to post in the thread (removing the moderation, but sacrificing the moderator points). I meant to moderate it as insightful, but as penance will throw in a few insights of my own.
I think Rogerborg's post is exactly right, in how it protrays the intentions the publishers (RIAA, MPAA, book-publishers, etc.). But remember this is not really a "piracy" issue, although that is the excuse they are using. Very few of them are naïve enough to think these measures would actually work to prevent anything but casual illegal copies. The only way it would be truly effective is if they can eliminate all current "non-controlled" analog devices: including cameras, TVs, monitors, answering machines, etc. Although this is just what they are asking for, they don't really expect to get it.
What is really going on here, is that the existing "gatekeepers" are looking for a way to continue their control over the distribution channels. They hope that virtually all new consumer devices and software will come with built-in DRM, that the publishers control themselves. If an author wants to publish a book, or a young film maker wants to show the next "Troops", or a garage band wants to give away samples of it's music; the only way it will happen with the proposed DRM devices is if it is first "blessed" by an established publisher so that it can work on everybody's equipment. Somewhat reducing piracy would be a nice side-effect, but that is not where the money is.
I predict the DRM controllers, if we are so unfortunate to actually have this happen, will be a third party organization controlled by the publishers. It would be consistent with past laws to have something like the RIAA sub-group that controls the "digital music media" tax money. Obviously we don't trust the consumer, so there is no possible way they will have the ability to set the controls. Some consumer groups would push for government control as the best of a poor set of choices, but they would be rightly opposed by groups concerned that they were giving the government censorship capabilities (in the US for some reason, people seem to think censorship is OK if it is done by corporations).
The fallout would be tragic, at least so far as the actual progress of arts is concerned. I'm sure the publishers would be more profitable than ever. The DRM controllers get very fine control over how the copyrighted items get used. They can eliminate fair-use of all sorts, including space-shifting, time-shifting, and archiving. The public domain will shrink even faster. Existing public-domain works will only be "readable" on the new devices if someone like project Guttenberg has taken the time to get the DRM certifications for them.
Works published only with DRM will [almost] never enter the public domain.
* First the DRM system has to last long enough for the copyright to expire. This is unlikely when you combine the ridiculously long copyright terms we have now, with the normal lifespan of electronic devices. Most of the copyrighted material will just vanish, like the way DIVX DVDs "lifetime" subscriptions did.
* Second, even if the DRM controller still exists, they would have to explicitly move the copyrighted materials into the public domain; and they have no incentive to do that. Indeed, they stand to loose money if the work still has commercial value.
There is even something worse in store for society, if the publishers actually got their pipedream of eliminating the "analog hole". The people who control the DRM essentially have the ability to be in control of recorded history. Governments have wanted this ability for years (some have even tried it with middling success). Lets say a mining disaster happens and the TV stations show amateur camcorder recordings of the incident. The next day, the local government realizes corruption helped cause the problem, and decides to downplay the incident (I'm thinking of a recent Chinese story along these lines). The news on the next day insist that only 10 people were killed (correcting earlier stories about hundred dead). When confused initial viewers decide to review the incriminating amateur recording, they find the footage is much shorter than they remember. Thanks to the DRM system, even the original camcorder recording has been edited, along with all recording stored anywhere else in the DRM system.
Is the power of a "total" DRM system something we want to put into anybody's hands, let alone governments and/or corporations? Certainly the danger is not worth an ineffective attempt at copy protection, or even to protect certain publishers gate-keeping abilities and profit margins. Some of the government support may actually have more sinister motives than just getting the next Hollywood contribution!
Yes, Replay does try to automatically skip commercials (claim about 90% success rate). The same feature is available on VCRs too, look at the JVC line for just one example. I have not seen Hollywood going after JVC.
PS: There is one difference, the skip is not instant on a VCR. The picture is frozen, and the you can hear the tape fast forwarding.
Your bank may issue credit and debit cards, but I doubt they are stored and accessed from the web like a normal e-merchant.
The closest that normal banks come to web access, is "internet banking". Account access is normally carefully controlled and monitored, but I've found some weak implementations too.
The way I'd approach this problem is to use data oriented encryption, with dedicated encryption hardware. Although I've seen traces of this suggested in other posts, I have not seen someone put it all together.
First, instead of faking up a general purpose computer as a crypto box, you are much better off getting a FIPS 140 rated hardware crypto device. They may cost a bit more up-front (although they are becoming cheaper), but dedicated devices have a lot of advantages. They are designed for security from the ground-up, and you don't have to worry about the "weekly" patch. They usually perform cryptography much faster (think SSL accelerators), and have better protection against insider attacks too.
Second, you need to break down the data access requirements. Carefully look the functions that need to be performed. Many times when you think you might need access to the data, you really can get by with something else (for example as mentioned in another thread, you can create a cryptographic hash of CC info, and compare it with a stored hash).
Most importantly, the design should not require the crypto box to decrypt the data. It does not matter how safe the crypto box keeps your keys, if the hacker can decrypt the data by hijacking an existing decryption script. So long as the crypto box can't decrypt data, the hacker could have complete control of the machine and still have no way to get the protected information. You can see this also protects against insider attacks too.
A logical questions is how do you actually use the credit card info, if the crypto box encrypts it right away, and has no way to decrypt it? The basic technique is to allow the box to make limited "translations". For example, incoming data is translated from SSL to a database key. Another transaction translates the data from encryption under a database key into a switch key. If someone absolutely has to see the data in the clear, make them use a smartcard; and have the crypto box translate the data into a format that only that specific smart card can decrypt.
You can see why you have to be so careful about knowing what functions need data access. Actually, I'm leaving a lot of things out, but here are a couple more considerations. Be very careful with the allowed translations, since you don't want to allow the attacker to translate the protection into a usable or weak format. Also don't forget about auditing all of these transactions (a Visa requirement).
I'd recommend starting by looking at crypto box vendors. A traditional way is to get a crypto box that either already supports this type of application (protecting CC info is a common problem), or to arrange for custom commands (also see Atalla, Thales, and Eracom). There is a relatively new concept of running ordinary programs on a secure box (such as nCipher). I'm kind of skeptical of this approach, since designing a logical secure interface can be fairly difficult. I recommend using PKCS#11 based boxes only with great care, since the protocol has some significant logical security problems, and is probably not the right type of tool for this issue.
I agree, I have yet to see a DRM that allows for entry into the public domain.
Even worse, many of the DRM systems won't even last until the copyright expires (even if copyrights lengths go back to some reasonable term). For example: those DIVX encoded DVDs are really useful now!
Passwords can work under limited circumstances. Think of the banking system's Personal Identification Number (PIN). The standard 4 digit PIN is a really weak password, at least from a cryptographic standpoint. The banking system uses a whole variety of techniques to make up for this weakness. Not every bank follows them perfectly, but collectively the system is not too bad.
One of the key techniques is velocity checking (only able to enter 3 bad PINs), but this really works best with centralized systems (alternative if only local velocity checking is used, find 2500 ATM's and try two trial PINS at each ATM). That is one of the main differences between this system and a UNIX like password (where you can get a password file and perform offline attacks).
There are additional safety measures. For example, a key principle of PIN input/verification is that you should not be able to create PIN-trails purely electronically. The cryptographic weakness of 5000 trails (average to attack a randomly chosen 4-digit number) is not too bad if each trail requires a user punching a PIN into a keypad. So long as the attacker has to punch each trial into a keypad (average of 5000 trials for a randomly chosen 4-digit number). Obviously 5000 is a very weak number from a cryptographic standpoint. For this reason the PIN verification products don't usually accept clear PINs, they only accept PINs that have been encrypted (with something like a key used for the ATM or POS terminal that generated it). One of the classic design issues for a PIN validation system is to make sure PIN trails are O-2^56 (single DES) instead of O-10000.
Throw in physical security like cameras at ATMs and the like, and you get a system that is basically acceptable. Of course there is a whole number of issues in the industry today. The move from single-DES to 3DES is pretty complicated (there are a lot of ways to implement 3DES systems that only have single-DES strength). You also need to worry about internet and phone banking, where the system that generates PINs (or their equivalent) are not trusted hardware devices like an ATM. I've seen naïve internet PIN systems that turn out to be great PIN crackers (i.e. they provide a method of doing O-10000 trials to an adversary).
First, I've found that a good audience can make up for a less than stellar film (I'm remembering the opening night of Stargate). That is why I usually try to catch science fiction films on opening nights, it is simply more fun.
Second, I agree there is a conflict between making the MPAA/RIAA aware of our displeasure, and going to see something like Star Wars. The truth is that I like books, music, and movies. If I did not value them so much, I would not care very much about how the MPAA/RIAA/etc. are busy screwing up the system!
That is the main reason I don't have a total ban on buying CDs and DVDs. I'll grant that it gives a mixed message, but then life is not perfect. I do know, for example, that some of the music sales drop is attributable to me (and presumably other people who feel the same way). I've gone from more than 1 CD/week purchases to less than 1 a month. I also try to buy directly from the artist when possible. Not really an effective action in the overall scheme of things. All it really accomplishes is to give the RIAA an excuse to attribute the lost sales to so-called "sharing piracy".
Information about the PIN (not the PIN itself) may be stored on the magnetic stripe of a debit or credit card. The standards are pretty vague when it comes to PIN verification, and it is mostly up the individual institution to decide how to verify their customer's PIN. By contrast the standards are very precise about the location of account numbers and expiration dates, because they are needed interoperability reasons - everyone using that card needs to know about them. PIN verification is only performed by the "bank-card-owner" (or a designated stand-in processor).
The PIN information is called a PIN-Verification-Number, and may be stored in the mag-stripe data. The PVN can also be called an offset, but essentially think of it as a cryptographic-hash (usually DES based). Local verification of the PVN used to be much more common, especially when the only place to use debit cards were the ATMs owned by your bank. The banks would place their verifications keys in every ATM, so that they could perform transactions even when the ATM was not connected. Because of both security reasons and improved communications, this is pretty uncommon now for all but the smallest of banks.
There is now a trend in the industry to not use card-based PVN, and to instead rely upon central databases. As Point-of-Sale terminals and the cross-use of ATMs owned by different banks grew, local verification became impractical. The keys used to verify the PVN were very secret and the banks did not want to share them with other banks; let alone trust them to a POS terminal (Aside: POS terminals tend to be very price sensitive, and their security capabilities are usually as minimal as the purchaser can get away with. From bitter experience, I know that trying to sell a customer POS terminals with much better security at say $205; will loose because they will buy an insecure $200 model instead!).
Finally to address another comment in the thread: If you change your PIN, and your bank uses a card-based PVN, you will need to update your card's magnetic stripe (disclaimer: I helped design a system that does exactly that, used at a number of major banks such as Wells Fargo, Citigroup, etc.). If your card does not have a PVN stored on the mag-stripe (for example, most US credit cards), than obviously you won't have to update the card when changing your PIN.
The PIN is the DES-encrypted version of the card number (account number, whatever), translated to decimal digits by substitution from the encrypted block's hex representation. If you can specify your own PIN, you actually specify an offset between the above value and the value you type to the sniff^HATM keyboard.
This is true only for the most common (US) algorithm, often called the IBM-3624 algorithm. Other algorithms handle PIN encryption differently.
Slashdot Mirror
But this phrase has turned out to be very effective in getting votes in congress. It was used to get copy protection put into DAT in 1992, and "solving the digital copy problem" was the basic philosophy behind the DMCA.
Count on both the MPAA and the RIAA to milk this term as long as it remains effective, even though it is really nonsense. Basically, they are both going to continue demanding government hand-outs as long as they can. They don't care about the damage to society damage, so long as they can steal power and money.
The FCC, at the behest of Hollywood funded congressmen, is adding a so-called "copy protection flag" into the Digital TV (HDTV) standard. This flag will give Hollywood the ability to prevent citizens from performing normal actions like recording a TV show for later viewing and using a "fast-forward" button on the shows they do allow you to tape!
Hollywood says they need this power to control your legal actions because of "piracy", but they are the real pirates because this is a massive theft of normal people's rights. Today people can make legal copies of TV shows, can legally bring these copies over to a neighbor, they can legally "pause" or "fast-forward" through the recording as they want. This FCC mandate will allow Hollywood to prevent people from performing all of these legal actions.
The FCC mandated flag is in response to intensive Movie/TV/Music industry lobbying efforts. Hollywood first tried a congressional bill, but has now made an end-run using the FCC and government bureaucracy. The FCC mandate was requested by Congressman Berman of California ($186,891 in 2002 donations), and Senator Hollings of South Carolina (only $33,000 in 2002, but $287,534 in 1999-2000).
Congressmen Hollings and Berman are just the latest who have given Hollywood and the Music industry big government hand-outs. Copyright piracy is the universal excuse for these laws, but in the end it is the ordinary citizens who are being stolen from. The length of copyrights has been extended 11 times in the last hundred years. Disney is Congressman Berman's number one contributor, and has successfully extended the copyright term from 28 to 95 years (so far). Disney was quite willing to use (free) public domain stories like Snow White and Pinocchio to make movies, but they have made an even better investment by getting laws passed so that the Disney versions won't properly go back into the public domain.
Lets look at the last time congress "helped prevent" piracy. Hollywood was screaming about potential piracy from video rentals, and Congress responded with section K of the Digital Millennium Copyright Act. The DMCA mandated that all VCRs built after 1998 had to have "copy protection" built-in. Hollywood promptly used the DMCA mandate to make all VHS _and_ DVD movies "copy proof", not just the VHS rentals.
What Congress and the DMCA actually did was to give Hollywood the ability to prevent people from performing legal actions. My new VCR prevents me from backing-up tapes that I own, something that is perfectly legal and necessary (since my toddler has already worn out a number of VHS tapes). Hollywood argues they can do this (with a straight face) because congress actually restricting which tapes they could copy protect would be government meddling.
In summary, the FCC mandate to add content control to HDTV is not actually about preventing copyright abuse. The government mandate will help Hollywood steal your rights, and eventually your money. Contact your Congressional Representatives and let them know what you think of this.
I am writing this letter as a private citizen who is greatly concerned about current and past FCC actions when it comes to copy protection. I'm referring to decisions already made about copy protection in cable boxes, as well as the upcoming Digital TV Broadcast flag.
d g_fcclet.html). I'll close by sharing my "letter to the editor" in case the FCC makes the broadcast flag mandatory. I think the public will find these arguments quite compelling. As an industry expert and BPDG participant, I should note that the restrictions mentioned in the second paragraph are technically feasible and will quite likely be imposed unless there is a specific government regulation that stops them.
I'm an expert in applied cryptography, and in my prior job I was the security architect for the Atalla/HP Network Security Processor product line that handles more than 70% of the Banking ATM transactions in the USA. I was also a participant of the BPDG process, although I submitted no formal comments.
The FCC decisions in favor of control will eliminate legal activities of ordinary citizens, and are in effect a non-congressional grant of privilege to whomever controls the settings of these so-called copy protection flags. Since this control has historically ended up in the hands of the copyright holders (such as the RIAA and MPAA), the effect has been to steal rights from the citizens and give them to the copyright holders.
The FCC should reject any call towards mandating the so-called copy protection provisions. Failing that, it is absolutely mandatory that the FCC control and police any use of the copy protection signal. I will agree that government meddling in this area is not welcome, but with these decisions the FCC is already doing just that! The way the MPAA misused section K of the DMCA is a clear warning as to how the broadcast flag will be misused if copyright holders are left in control (see below).
I'm not going to discuss the issues in any further detail, because they have already been well described by the EFF's letter (http://www.eff.org/IP/Video/HDTV/20020807_eff_bp
During both of my phone calls they asked me to fax my reasons instead. It makes sense, because your carefully selected words have a better chance to get through that way. The person you contact on the phone is going to make notes, but don't count on an exact rendition of your elegant arguments. Most likely the senator will get some kind of mass summary of all calls, but important points you may have made will be lost. If you really want arguments heard (as opposed to your simple opposition), you have a much better chance with fax or email.
I had to rebuild my WinNT4 system from scratch twice because NAV combined with WinFAX (from the same company) caused a blue-screen upon boot. I did not quite figure out went wrong the first time, and put over 40 hours trying to recover with out the total reinstall (trying registry edits, etc.).
Once I rebuilt the system, I only reinstalled NAV (required to connect with my office). A few weeks later I reinstalled WinFAX, and boom it happened again. I used McAfee after that with no problems.
This is an absolutely false statement. It is perfectly legal to make a back-up copy of a VHS tape. MacroVision prevents me from performing this action with newer VCRs (now that the government has mandated that all VCRs respond to MacroVision in section K of the DMCA).
My child has worn out several VHS tapes of his favorite programs. It was when I tried to make back-up copies of those tapes that I found out JVC snuck copy-protection into their product with no notification to the consumer (nothing on the box, in the manual, or on the website)! We really need a truth in advertising law, so consumers can make informed decisions about products that limit legal actions. Meanwhile JVC will not get any more of my money, or any more recommendations.
I've tried contacting Sony about replacing the Elmo tapes, but they have not answered me. This was a normal purchase, not a rental tape, which means Sony had no reason to activate the MacroVision signal on this tape. Since they did turn-on the copy protection flag on the tape (not to forget helping get a law passed that stopped me from making back-up copies), they should be responsible for replacing the worn-out tape. I figure hell will freeze over first.
One simple reason, copy protected CDs make a mockery of the 1992 Digital Recording act. The RIAA already got the benefits (SCM added to DAT etc., blank media tax), and now they are trying to get away with not living up to their side of the bargain -- consumers have the right to make digital recordings of digitally recorded music.
This is also the reason they should amend section K of the DMCA - the MPAA clearly broke the spirit of the deal. Both laws were written without anything to enforce the industry to live up to their side of the bargain, and they naturally want to fully exploit the law as it is currently written (I'll forgo detailing both industry's lack of ethics).
Since both parties have clearly shown loopholes in the existing laws (making a killing in the process), it is time to close these loopholes and force them to observe their side of the bargain. What have you got against closing loopholes?
PS: The subtext of this comment is a mock-libertarian stance, the record companies ought to be able to do what they want, and the market should deal with it. This ignores the fact that government regulations and rules are already very, very, involved (like the definition of copyright). This thinking that the current laws we have now are "natural", and the market can correct any problems with them is at best simplistic.
I don't see why the poster does not remember libertarianism applies to individuals as well! The companies have already rigged the games with rules and regulations that take away individual rights. Where does he get off that this is a totally natural process. If you scrap the current copyright laws, and (somehow) manage to design them fairly, than I could appreciate a "let the market take care of it" stance. Meanwhile, I'm glad Rep Boucher is not waiting for this mythical time and is taking steps to close loopholes that rob the citizenry!
At least two judges are on record saying that publishers are under no obligation to "facilitate" fair-use. In the DeCSS case it was suggested people could use VHS recordings instead of DVD to obtain fair-use rights (a truly clueless opinion, given the fact that (a) much material does not appear on VHS, and (b) the VHS tapes now have technology that prevents fair-use too). Another judge suggested that people could use a camera to take multiple still shots from a movie (forget who, it was a recent case).
This issue is the primary cause of Digital Consumer . They are trying to get fair-use protected (from laws that steal them away) and enforced (from judges like the above that don't see a proactive need to protect these rights). Given the way special interests have stolen rights and property from the public in the last 10 years, I think this is a very necessary action.
One of my biggest upcoming concerns is the fact that DRM protections won't expire when the object enters the public domain. Given the length of today's copyright terms, I guess this is only of interest to far sighted people. The same types of judges who think fair-use does not need any protection are sure to ignore the fact that material only released under DRM protection expiration will never enter the public domain unless copyright holders/publishers are forced to place it there.
Lets say that your wireless product uses WEP. There is nothing that would keep you from getting a FIPS 140 certification for that product, even though WEP is a really broken algorithm. All the FIPS 140 cert does is assure people that you really did implement WEP.
Aside from assurance that the product works as designed, the best use of FIPS is for hardware security designs. Unlike logical security, it is fairly easy to specify the requirements and goals you want your hardware security systems to meet. The labs that perform certification also have a lot of experience in ensuring products meet their design goals. So FIPS 140 (IMHO) is an excellent standard for hardware.
Another problem with any certification, including FIPS 140, is the need to recertify anytime you change the certified sections. The way most people do this, is to compartmentalize the security sections (which hopefully rarely change). Never worked for my last job, where we had to change these types of sections several times a year.
So, to directly answer your question, I think asking for a FIP 140 certified product will not buy you much security for your problem. The idea is to solve the security problems as they are installed in your system. The Common Criteria standards will probably work much better for this (but here your organization is responsible for getting the certification, although it helps if your vendors can supply components that are already certified).
Open source vs. closed source should not make any differece. The key is the cost, everytime to modify it, you have to recertify it! Granted the recertification will cost less than the first time, but it is best to isolate the security sections as much as possible.
See my other post for comments about what certificaiton actually buys you.
In the last few years, quite a few efficient implementations of other algorithms have become more common (probably due in part to the proliferation of SSL and IPSEC accelerators). As I mentioned before, the "hard work" of managing the parallel processing has already been done, and they could easily switch the design to use some other crypto engine.
The lesson you should get from the EFF's DES CRACKER is not that something is wrong with the DES algorithm; rather it is that 56-bit keys are weak when you take into account today's computing power. If you are encrypting something important enough, you should choose an algorithm that has a larger key size.
The 3DES algorithm uses DES 3 times (hence the "triple-DES" label), and as I mentioned before provides a key strength somewhere between 112 through 168-bits. There are a number of reasons to avoid 3DES, but so far the strength of the algorithm is not one of them.
* Performance is one reason, DES is fairly slow by itself, and 3DES requires 3 iterations.
* 3DES key management is comparable to other algorithms where keys are longer than the data block size, but is trickier than single-DES (because single-DES has the property that keys can be encrypted with a single data block). Naïve upgrades from DES to 3DES render many protocols vulnerable (correcting those problems contributes to how I make my living).
* It is also important that 3DES be performed in an atomic manor, since the ability to separate the DES calls would leak information. This is just a difference in implementation (where 3DES may be more likely to have a sloppy implementation), since most algorithms would leak similar types of information if internal states were revealed.
* You might decide that you should avoid 3DES because it is being attacked the most, and therefore is more likely to fail. Of course that would only be a benefit if the attack did not work on other algorithms. Also it may be more likely that a DES break would be made public, while breaks against lesser-known algorithms are more likely to be kept private.
Another thing to consider is key size. DES is kind of lumpy, and does not allow a smooth set of choices (40-bit, 128-bit, 129-bit, etc.). But right now I think some of these key size differences are fairly academic (history will eventually make this statement wrong, but it will apply for a number of years). Once you start getting beyond a certain point, say 110-150 bits, exhaustive search is beyond any technology currently dreamed of. When you are looking at searches that are larger than the estimated number of atoms in the universe, it is going to take a completely different tack to break those types of algorithms.
There are a whole bunch of ways, in theory, to break these large key algorithms without doing an exhaustive search. The most straightforward method is an algorithmic "break", where a weakness in the algorithm is found that allows it to be broken faster than exhaustive search. That is why DES (and 3DES) is popular, because this type of breaking is considered less likely to occur in this very well studied algorithm. Most likely the weakness will come in the form of a new attack type, which today's expert designers did not protect against. But there are other problems with larger key sizes, like lack of entropy. It is very difficult to obtain the high-entropy random numbers required by 256-bit keys. With today's technology, it would be much quicker (and possibly even practical) to attack the randomness of the key generator, rather that trying an exhaustive search.
In summary, concluding 3DES is weak, merely because an exhaustive search attack has been performed against 56-bit single-DES is misguided. There are a number of good reasons to avoid 3DES, but you have not mentioned the ones I would consider valid (see above). It is interesting that you should bring up WEP, since the problems with WEP are: it was naively designed, and it was not subject to the widespread review that contributes to our state-of-the-art cryptographic designs. DES is in precisely the opposite position, because it has withstood the most rigorous reviews of any cryptographic algorithm.
PS: Another interesting point is that 2 of the 4 algorithms you mentioned as an alternative to DES need to be approached with a bit of caution. I would recommend careful study of the current cryptographic academic research before using RC4 or CAST for important uses.
and a responding post about Blowfish:
Myself, and many others, regard it as amply strong, very unlikely to be cracked (as DES was)
To answer these questions, first define "better". Blowfish is faster, and for some people that is enough. When it comes to the security of 3DES vs. Blowfish, I think it is safe to say that the jury is still out on this one. Although evilviper claims DES is cracked, I don't think this is an accurate term.
There are only two attacks on DES that come even somewhat close to being an "crack": (1) exhaustive search and (2) an obscure oracle attack. The oracle attack has not received much mention recently, but requires a million+ carefully chosen plain-text trials before reducing DES's strength below exhaustive search levels.
I believe evilviper was referring to the EFF's DES-cracker which performs exhaustive searches on the DES algorithm. The exhaustive search attack is based on the key length, not the algorithm. If you use a 56-bit key for Blowfish, a Blowfish cracker would exhaustively search all possible keys even faster (since Blowfish is quicker to run than DES). 3DES key lengths are 168-bits, but their effective strength is less (probably getting close to 112-bits given lots of storage for a meet-in-the-middle attack).
So if they have comparable key lengths, is Blowfish better then DES when it comes to design? There is no easy way to tell. One way to judge is by the number of hours it has been examined, and what problems have been discovered. DES is the most publicly examined algorithm, and has stood up very well. It is hard to say, but I'm willing to bet that DES has undergone 2 to 4 orders of magnitude more scrutiny than Blowfish.
Does that mean DES is more secure than Blowfish? No! But a cautious person could believe DES was more reliable, because it has been scrutinized so much more than Blowfish. This is the primary reason banks are moving to 3DES instead of AES. 3DES may not be fast, but it is very reliable.
You should not have to quit to get your salary adjusted to current levels, and most companies recognize this. On the other hand they don't usually go out of their way to give you an adjustment. The company I worked for was fairly progressive, and only one of my pay adjustments happened without much effort on my part (good manager I think). Although I'm focusing on pay, there are a lot of other considerations that you should not forget too.
The rest of the times it took a lot of effort. You can start off playing the game by the rules. Make sure your actual job duties match your formal description, since that is how they determine the salary range. Expect to be doing the actual work of the next level for a year or so before it get recognized. Find out the pay range for that level and where you fit in percentage-wise. Obviously, the lower your salary in the range, the more room you have to get an adjustment (also obviously this only applies to large organized companies, my current start-up does not have any of this formalized).
What I often found was that even given a salary in the low range, it was hard to get adjustments. They might appreciate what you are doing, but that was not enough reason. This is where job searching and counter-offers come in. Of the three times I went down this course, twice I had offers in hand, and once I let them know I was searching and my new salary looked to be $xxx more than I was making. I should note I was serious about the job hunting, but I was open to counter-offers that addressed my needs and wants.
Your manager might not like this technique, but will normally be on your side when they consider the pain of replacing you. If your manager (or someone in the chain of command) is not on your side, just go with the new job!
The biggest key to avoiding repercussions is to make sure you don't rub anybodies face in it. Don't brag about it to your co-workers, and don't make this a yearly practice. Try to have some solid figures (this is where a job offer helps, can't get much more solid than that), and get your superiors on your side. That is the way to work for a large company for a lengthy period of time without being underpaid.
Actually, the limiting of benchmarks is a disease only common in the database industry. To the best of my recollection, this practice started right around the time Oracle put a "cheat" mode in to speed up their TPC/A benchmarks.
The point is that these clauses were pretty much only used with a small subset of customers, who purchased large expensive databases with extensive and highly negotiated contracts. Even then this was at best an unethical practice, and was most likely an illegal limitation. Later Microsoft started using it on shrink wrapped copies of SQL Server. Now Microsoft is trying to limit normal consumers, and even worse they are doing it as a stealth attack!
The reason it is most likely illegal goes to the heart of the EULA debate. In the US we have certain default conclusions in a contract, often codified as "Commercial Codes". Formal contracts can change these defaults, but the changes have to be reasonable. Typically it is much harder to change mass consumer purchases. A classic example is when a book publisher tried using a EULA equivalent preventing the purchaser from reselling the book. The courts ruled it an illegal contract since the purchaser was not given anything of value in return for giving up the right of first sale.
The biggest problem with a EULA, is that companies are trying to change a consumer purchase into a negotiated contract. Except of course that the consumer did not actually have a chance to negotiate, usually gets nothing in return, and even than the company usually reserves the right to change the EULA anytime they want to. It makes a mockery of contract law!
So the key to my post was that Microsoft is trying to limit my rights by applying a contract to a normal consumer purchase, and limit those rights without giving me a sufficient return. The mere right to run a Windows patch updating program is not sufficient compensation for me to give up the right of publishing benchmarks on an unrelated program!
Two more comments. First UTICA, the reason why people are so upset with UTICA is because it was a one-sided attempt by the software industry to change the contractual defaults all in their favor, and perhaps even making some previously illegal EULA's either legal, or even unneeded.
Second, there is little-to-no justification for an anti-benchmark clause. Yes, I have no doubt there are some poorly run benchmarks, but why should a company have prior restraint to protect against this? If a person publishes a poor benchmark, expose them and they have no credibility.
Finally, lets drive the consumer vs. negotiated point home. Consider that you buy a book, and as a condition of selling you the book I dictate that you could not publish a review of my book unless I verify your review and gave you prior written permission. I would explain that I want to make sure you have all your facts correct (because previous reviewers misquoted me). That "no review clause" would be illegal, unless you had some special relationship with me: like this was a custom made book with a specially negotiated contract, or I was giving you a special advance copy for free. Without that special relationship, copyright law covers the conditions of the book sale; and copyright law does not give me the rights to restrict your publishing of a review of my book.
For some reason, Microsoft thinks that using some software for updating Windows security holes provides enough value that you will forfeit your free speech rights (by not publishing .Net benchmarks). I'm pretty sure this clause would be thrown out in most courts (and it is related to the NAI anti-disparagement wording that drew a New York state law-suit).
Of course, the other thing I wonder is why Microsoft is so afraid of .Net benchmarks being made public?
I think Rogerborg's post is exactly right, in how it protrays the intentions the publishers (RIAA, MPAA, book-publishers, etc.). But remember this is not really a "piracy" issue, although that is the excuse they are using. Very few of them are naïve enough to think these measures would actually work to prevent anything but casual illegal copies. The only way it would be truly effective is if they can eliminate all current "non-controlled" analog devices: including cameras, TVs, monitors, answering machines, etc. Although this is just what they are asking for, they don't really expect to get it.
What is really going on here, is that the existing "gatekeepers" are looking for a way to continue their control over the distribution channels. They hope that virtually all new consumer devices and software will come with built-in DRM, that the publishers control themselves. If an author wants to publish a book, or a young film maker wants to show the next "Troops", or a garage band wants to give away samples of it's music; the only way it will happen with the proposed DRM devices is if it is first "blessed" by an established publisher so that it can work on everybody's equipment. Somewhat reducing piracy would be a nice side-effect, but that is not where the money is.
I predict the DRM controllers, if we are so unfortunate to actually have this happen, will be a third party organization controlled by the publishers. It would be consistent with past laws to have something like the RIAA sub-group that controls the "digital music media" tax money. Obviously we don't trust the consumer, so there is no possible way they will have the ability to set the controls. Some consumer groups would push for government control as the best of a poor set of choices, but they would be rightly opposed by groups concerned that they were giving the government censorship capabilities (in the US for some reason, people seem to think censorship is OK if it is done by corporations).
The fallout would be tragic, at least so far as the actual progress of arts is concerned. I'm sure the publishers would be more profitable than ever. The DRM controllers get very fine control over how the copyrighted items get used. They can eliminate fair-use of all sorts, including space-shifting, time-shifting, and archiving. The public domain will shrink even faster. Existing public-domain works will only be "readable" on the new devices if someone like project Guttenberg has taken the time to get the DRM certifications for them.
Works published only with DRM will [almost] never enter the public domain.
* First the DRM system has to last long enough for the copyright to expire. This is unlikely when you combine the ridiculously long copyright terms we have now, with the normal lifespan of electronic devices. Most of the copyrighted material will just vanish, like the way DIVX DVDs "lifetime" subscriptions did.
* Second, even if the DRM controller still exists, they would have to explicitly move the copyrighted materials into the public domain; and they have no incentive to do that. Indeed, they stand to loose money if the work still has commercial value.
There is even something worse in store for society, if the publishers actually got their pipedream of eliminating the "analog hole". The people who control the DRM essentially have the ability to be in control of recorded history. Governments have wanted this ability for years (some have even tried it with middling success). Lets say a mining disaster happens and the TV stations show amateur camcorder recordings of the incident. The next day, the local government realizes corruption helped cause the problem, and decides to downplay the incident (I'm thinking of a recent Chinese story along these lines). The news on the next day insist that only 10 people were killed (correcting earlier stories about hundred dead). When confused initial viewers decide to review the incriminating amateur recording, they find the footage is much shorter than they remember. Thanks to the DRM system, even the original camcorder recording has been edited, along with all recording stored anywhere else in the DRM system.
Is the power of a "total" DRM system something we want to put into anybody's hands, let alone governments and/or corporations? Certainly the danger is not worth an ineffective attempt at copy protection, or even to protect certain publishers gate-keeping abilities and profit margins. Some of the government support may actually have more sinister motives than just getting the next Hollywood contribution!
PS: There is one difference, the skip is not instant on a VCR. The picture is frozen, and the you can hear the tape fast forwarding.
The closest that normal banks come to web access, is "internet banking". Account access is normally carefully controlled and monitored, but I've found some weak implementations too.
First, instead of faking up a general purpose computer as a crypto box, you are much better off getting a FIPS 140 rated hardware crypto device. They may cost a bit more up-front (although they are becoming cheaper), but dedicated devices have a lot of advantages. They are designed for security from the ground-up, and you don't have to worry about the "weekly" patch. They usually perform cryptography much faster (think SSL accelerators), and have better protection against insider attacks too.
Second, you need to break down the data access requirements. Carefully look the functions that need to be performed. Many times when you think you might need access to the data, you really can get by with something else (for example as mentioned in another thread, you can create a cryptographic hash of CC info, and compare it with a stored hash).
Most importantly, the design should not require the crypto box to decrypt the data. It does not matter how safe the crypto box keeps your keys, if the hacker can decrypt the data by hijacking an existing decryption script. So long as the crypto box can't decrypt data, the hacker could have complete control of the machine and still have no way to get the protected information. You can see this also protects against insider attacks too.
A logical questions is how do you actually use the credit card info, if the crypto box encrypts it right away, and has no way to decrypt it? The basic technique is to allow the box to make limited "translations". For example, incoming data is translated from SSL to a database key. Another transaction translates the data from encryption under a database key into a switch key. If someone absolutely has to see the data in the clear, make them use a smartcard; and have the crypto box translate the data into a format that only that specific smart card can decrypt.
You can see why you have to be so careful about knowing what functions need data access. Actually, I'm leaving a lot of things out, but here are a couple more considerations. Be very careful with the allowed translations, since you don't want to allow the attacker to translate the protection into a usable or weak format. Also don't forget about auditing all of these transactions (a Visa requirement).
I'd recommend starting by looking at crypto box vendors. A traditional way is to get a crypto box that either already supports this type of application (protecting CC info is a common problem), or to arrange for custom commands (also see Atalla, Thales, and Eracom). There is a relatively new concept of running ordinary programs on a secure box (such as nCipher). I'm kind of skeptical of this approach, since designing a logical secure interface can be fairly difficult. I recommend using PKCS#11 based boxes only with great care, since the protocol has some significant logical security problems, and is probably not the right type of tool for this issue.
Even worse, many of the DRM systems won't even last until the copyright expires (even if copyrights lengths go back to some reasonable term). For example: those DIVX encoded DVDs are really useful now!
One of the key techniques is velocity checking (only able to enter 3 bad PINs), but this really works best with centralized systems (alternative if only local velocity checking is used, find 2500 ATM's and try two trial PINS at each ATM). That is one of the main differences between this system and a UNIX like password (where you can get a password file and perform offline attacks).
There are additional safety measures. For example, a key principle of PIN input/verification is that you should not be able to create PIN-trails purely electronically. The cryptographic weakness of 5000 trails (average to attack a randomly chosen 4-digit number) is not too bad if each trail requires a user punching a PIN into a keypad. So long as the attacker has to punch each trial into a keypad (average of 5000 trials for a randomly chosen 4-digit number). Obviously 5000 is a very weak number from a cryptographic standpoint. For this reason the PIN verification products don't usually accept clear PINs, they only accept PINs that have been encrypted (with something like a key used for the ATM or POS terminal that generated it). One of the classic design issues for a PIN validation system is to make sure PIN trails are O-2^56 (single DES) instead of O-10000.
Throw in physical security like cameras at ATMs and the like, and you get a system that is basically acceptable. Of course there is a whole number of issues in the industry today. The move from single-DES to 3DES is pretty complicated (there are a lot of ways to implement 3DES systems that only have single-DES strength). You also need to worry about internet and phone banking, where the system that generates PINs (or their equivalent) are not trusted hardware devices like an ATM. I've seen naïve internet PIN systems that turn out to be great PIN crackers (i.e. they provide a method of doing O-10000 trials to an adversary).
Second, I agree there is a conflict between making the MPAA/RIAA aware of our displeasure, and going to see something like Star Wars. The truth is that I like books, music, and movies. If I did not value them so much, I would not care very much about how the MPAA/RIAA/etc. are busy screwing up the system!
That is the main reason I don't have a total ban on buying CDs and DVDs. I'll grant that it gives a mixed message, but then life is not perfect. I do know, for example, that some of the music sales drop is attributable to me (and presumably other people who feel the same way). I've gone from more than 1 CD/week purchases to less than 1 a month. I also try to buy directly from the artist when possible. Not really an effective action in the overall scheme of things. All it really accomplishes is to give the RIAA an excuse to attribute the lost sales to so-called "sharing piracy".
The PIN information is called a PIN-Verification-Number, and may be stored in the mag-stripe data. The PVN can also be called an offset, but essentially think of it as a cryptographic-hash (usually DES based). Local verification of the PVN used to be much more common, especially when the only place to use debit cards were the ATMs owned by your bank. The banks would place their verifications keys in every ATM, so that they could perform transactions even when the ATM was not connected. Because of both security reasons and improved communications, this is pretty uncommon now for all but the smallest of banks.
There is now a trend in the industry to not use card-based PVN, and to instead rely upon central databases. As Point-of-Sale terminals and the cross-use of ATMs owned by different banks grew, local verification became impractical. The keys used to verify the PVN were very secret and the banks did not want to share them with other banks; let alone trust them to a POS terminal (Aside: POS terminals tend to be very price sensitive, and their security capabilities are usually as minimal as the purchaser can get away with. From bitter experience, I know that trying to sell a customer POS terminals with much better security at say $205; will loose because they will buy an insecure $200 model instead!).
Finally to address another comment in the thread: If you change your PIN, and your bank uses a card-based PVN, you will need to update your card's magnetic stripe (disclaimer: I helped design a system that does exactly that, used at a number of major banks such as Wells Fargo, Citigroup, etc.). If your card does not have a PVN stored on the mag-stripe (for example, most US credit cards), than obviously you won't have to update the card when changing your PIN.
This is true only for the most common (US) algorithm, often called the IBM-3624 algorithm. Other algorithms handle PIN encryption differently.