Cash absolutely has inherent physical value, just like gold or diamonds. The source of that value is irrelevant; what counts is that everybody agrees that they'll accept these things as payment for goods and services. (Well, not everybody would take gold or diamonds. But they would be safe if they chose to.) If you have an item that you know can be exchanged for something you want, that item has inherent value. Ta-da.
Value is nothing more than a consensual mass delusion. This doesn't make it irrelevant, however.
Digital cash is basically a tradable I.O.U. from some issuer.
But any sequence of bits can be duplicated exactly. So if you have one IOU from Fred, you have a million IOUs from Fred. An IOU from Fred, then, has no value and can't be used as the basis for an exchange. That won't work.
But a digital cash that is as anonymous as physical cash is now would still be useful.
Well, let's just say that I've never found myself pining for it, okay?
The difference about your drug dealer example is that no trust is required for that transaction. Your money, if you will, speaks for itself. It has inherent and verifiable value. If your money is good, I don't care who you are.
But would your drug dealer accept an IOU? Of course not. Not unless he knew who you were, and where you lived, and where your knees were, and how to apply force to them until he gets his money.
So we're right back where we started. Either you have to have a trust network, which blows anonymity, or the currency itself has to have inherent and verifiable value, which isn't possible with a string of bits.
I still say that digital cash is right up there with leprechauns.
Talking about what can be done, and what is likely (perhaps inevitable) is neither FUD nor silly
It is when you're trying to influence somebody's opinion. "Your heart could stop at any minute! Buy Bob's term life insurance!"
That's the textbook definition of FUD: trying to influence somebody's opinion by bringing up dire predictions that, whether strictly possible or not, have no foundation in fact.
So that's enough talk of what might happen, okay? You might get hit by a bus tomorrow, so don't waste your last hours on earth yakking about this shit.
The PGP documentation also emphasises that such a scheme is trivially vulnerable...
Yes, it is, but that's basically what you would call the "analog hole." If you're watching "The Lord of the Rings" on your fancy-schmancy HD VOD set-top box, nobody can stop you from taking a photograph of the screen. Same thing with PGP; nobody can stop you from taking a picture of the screen with the cleartext on it, or copying the cleartext down, or leaving your laptop open while you go to the can. That's basically the "analog hole" and nobody cares about it. Well, some people care, but those people are out of touch with reality. Intertrust, as a rule, doesn't care about it.
Also, remember that we're not talking about computers here. We're talking about things like car stereos and TVs. It's a lot harder to run a debugger on your TV. The digital cleartext would be reasonably safe in an Intertrust world. Meaning it would be sufficiently inconvenient to get at that people would probably just buy the rights they want, and everybody's happy.
Why the massive change of heart?
Heh. I guess when you put my two statements right next to each other like that, it does look like a contradiction. Maybe I should have made it more clear that what I'm really talking about here is the hypothetical merits of the Intertrust system, not the literal strength or weakness of a specific implementation of it. Intertrust is so far away from being a reality right now that it's basically just a daydream, but an interesting one.
Besides, if the system-- not the crypto system, but the whole system-- is well-designed, the motivation to circumvent it will be drastically reduced. Instead of tons of people circumventing it because the system is inconvenient in a serious way, they'll get it down to the very few people who want to circumvent the system just to see if they can. That's something that you'll never be able to eliminate, but it'll be noise-level stuff.
Basically, the idea is to try to find the digital equivalent of the paperback book. You can copy a paperback book, but it's much easier and cheaper to just go out and buy the damn thing. Some people will insist on being perverse and copy their friend's paperback books, but that's just shrinkage and it's easy to live with.
If any DRM system could create the "digital paperback," I think Intertrust could. Hypothetically.
I have to say the whole things sounds like a) a usability nightmare
Nope. If implemented as it's designed on paper, it will actually be extremely user-friendly. I already explained how elsewhere. If you're interested, go read it.
and b) a chance for content providers to nickel-and-dime consumers into the never-never.
As I said in another message, content providers have the right to sell whatever licenses to their media that they want, but right now there's no practical way to do it. Intertrust would, if implemented, give them a way to sell rights packages that people actually want to buy, opening the whole thing up to market forces for price control. What you call "nickel-and-dime," I call "sell me what I want, and only what I want."
I'm having a really hard time believing that any merchant is going to take a credit card for such a big ticket item, unless they pass on the card company's charge to you
I remember reading somewhere that the merchant fee on a black AmEx card is on a sliding scale. AmEx doesn't take the same percentage of a $100,000 purchase as they do of a $100 purchase. Which makes sense for everybody.
Other than plane tickets, expensive clothing, and insurance, it's pretty hard to run up the balance.
My friend buys a fair amount of jewelry for his wimmins. Stuff in the $50,000 - $150,000 range. He's a dot-com billionaire, and kind of a nut.
So, whats to stop me from putting a recorder inbetween my pvr and my tv??
Nothing. You can do anything with the analog signal that you like.
dropping a computer in there would be very simple to keep it all digital
Wrong. No unencrypted digital outputs from the device, remember?
Intertrust's mechanisms are vaporware
That's technically true, but nobody has ever claimed otherwise so what's the big deal? Intertrust is nothing more than ideas right now, waiting to be implemented.
the analog hole is still as great as ever
Exactly! Which is a good thing, because it means all those fair-use rights are safe and sound.
Of course, which is why Intertrust doesn't give a damn about the "analog hole." It's a system for protecting digital media only. It completely stops working when the content gets unencrypted for playback or display.
There's no way-- yet, at least-- to "plug the analog hole" (whatever) without eliminating fair-use rights, and Intertrust has been very adamant about wanting to preserve fair-use rights along with all the other rights that apply to a piece of media. Their story-- and the technology supports this-- is that digital rights management protects both parties: the consumer, as well as the producer.
Mhh, but "forever" = "as long as the system is up and working"
Well, sort of. If you buy an unlimited rights authorization, you'll never have to talk to any of the servers again after you redeem that authorization. You'll have encrypted content that can be decrypted by any playback or display device, along with an authorization that basically just says "yup." So, if implemented correctly, you really would be able to do anything with that media any time you wanted, except make an unencrypted bit-for-bit copy of the media itself.
It eliminates the fair-use rights (affirmed by the Supreme Court) that encourage creativity and make life fun. You can no longer mix your own music or add sound tracks to your home movies.
Nope, just the opposite. Intertrust's system is based on the idea of clearly defining rights, in the rights package, and enforcing them. That means you can't do anything that you don't have the right to do, but it also means that you can't be preventing from doing anything that you do have the right to do, either. Because all the rights will be out there in the open for anyone to see, you'll be able to tell at a glance whether a particular piece of media can be "fair used." (Ugh. Sorry.) If a rights package limits your "fair use" rights, you may even have legal recourse. That depends on the courts.
But like I said, Intertrust's key flaw is that it depends on a ubiquitous infrastructure. If you grant that-- for without it, the whole thing is just talking anyway-- then the customer's fair-use rights will be protected just like the provider's granted rights.
Also, this system only protects the encrypted digital content itself. It doesn't care what you do with the media once it's rendered into an analog form. If you want to take the analog audio output from your MP3 player and plug it in to a recording device, that's entirely up to you. Fair-use rights are not inherently infringed here.
It gives the media companies the power to render local law useless.
Huh? This sounds awfully FUDdy to me. The law-- and I mean local and international laws-- gives copyright holders the right to determine how their works can be used by licensees, with limits. Intertrust is simply a system for turning those rights, which are currently nebulous things defined by a fair bit of hand-waving, into algorithms that computers can understand. It's not about overriding the law at all.
It gives the media companies the power to micro-control your use of the content.
They already have that power. They just have no way of using it. This is an inherent side-effect of copyright law, because copyright law (and international treaties on that subject) says that the copyright holder gets to determine how a licensee can use a copyrighted work. This is nothing new.
In point of fact, a system like this could-- and I emphasize "could"-- be good for consumers who participate in the "disposable culture." Remember my example of a song that you really like but that you're sure you'll be sick of in a couple of weeks? The owner of that song can choose to let you buy a really cheap rights package that entitles you to listen to it all you want for a limited time, for a price of around $1. That would be a good thing in a lot of ways, no?
It gives the media industry the ability to influence the futures of other technologies or even other companies by deciding who gets approved to use it and who doesn't.
You're ignoring the obvious. There may well be no Intertrust clients for the PC at all. If Intertrust-enabled hardware players for the various media types are cheap and ubiquitous, there will be basically no market demand for software clients. So everything you just said will be a non-issue.
Never really saw the point in playing music or movies with my computer anyway. I have a perfectly good iPod for music, and even though I've got CPU cycles to spare, I don't wanna waste 'em on a music player when I'm working.
Well, actually, Intertrust has nothing at all to say-- to my knowledge-- on the issue of the "analog hole." Basically their position is that the thing that needs protecting is the digital media. The bits that comprise the media stay encrypted all the time, right up to the point where they need to be played, or displayed, or whatever. Once that happens, it's all over as far as Intertrust is concerned. If you want to make an analog tape of a protected CD and give that tape away, Intertrust won't stop you.
(Makes sense to me. The only "analog hole" out there is the one that a record company exec sits on, anyway.)
See, the thing is, at some point you really have no option but to accept that you can't do just anything with your media. You may not like it, but that's the way it is. Where that point is, exactly, is up to the media producers. They get to define how you can use the media they sell you, by virtue of the fact that they own the media; your options come in the form of rights packages that you can buy. If you buy the "unlimited use" rights package-- if they offer one-- then you'll be able to play the CD anywhere, any time, forever. But you'll have to pay for that privilege.
If you're unwilling to accept compromise in media rights, then maybe you ought to go ahead and start weaning yourself off of CDs and DVDs and such right now. By the time somebody actually succeeds in building a system like this, you'll be off the stuff completely and you'll never notice.
What you say has basically always been true. Intertrust has always been more of a concept shop than an implementation shop. But they have more than just patents. They also have a hell of a lot of design work that's just waiting-- modulo some details here and there-- to be implemented.
If-- and that's a huge if-- Intertrust's system can actually be made to work, I think these guys got themselves quite a bargain.
I was wondering what keeps you from emulating a system that could play the original.
Well, that's the rub, isn't it. And that's part of what I was talking about when I said that Intertrust depends on a shitload of complex infrastructure being in place before it can work.
The key answer has to do with licensing. The Intertrust client is-- well, will be-- a licensed thing, and its inner workings will be a carefully guarded trade secret. So the first obstacle to building a, let's say, MP3 player emulator for your PC will be that you don't have access to an Intertrust client implementation, or any information about the algorithms used by it.
The client may include public-key encryption technology. (The actual implementation of the various encryption pieces of the system is flexible. You might implement complex and secure encryption for a VOD set-top box, because you've got the processing power to pull it off, while an MP3 player includes only simple encryption because it has to keep things simple to keep costs down and preserve battery life.) If so, the hard part would be violating the crypto system. They're sort of taking as read that there will be no Xing-like screwups with the Intertrust infrastructure, and while that's an assumption, I don't think it's a terribly asinine one.
Will that be a perfect defense? No, of course not. But I think it would probably make it inconvenient enough to stop casual hackers, particularly if (in Intertrust's vision) it's just so much easier and cheaper to use a licensed player for the protected media.
As the Linux DVD/DeCSS thing has demonstrated, though, no matter how easy, cheap, and convenient it is to get your hands on a licensed playback device, some people will insist on trying to do things their way even though it's against the rules. Intertrust's goal is to make things as hard as possible for those people without making things inconvenient for legitimate customers.
Most of what I just said is me talking. I'm not repeating any official Intertrust documentation here or anything. These are just educated guesses based on what I've learned about the system over the past year or so. Disclaim, disclaim.
Hear, hear. It always cracks me up when I hear or read somebody deriding PDF because... well, honestly I'm not sure why. Because Adobe invented it or something. Anyway, they hop up and down and spit and gesticulate about how PDF is bad and wrong, and how TeX and XML are the only true document formats.
Meanwhile, I'm sitting here on my Mac saving everything-- web pages, screen shots, documents, basically everything that I want to keep and don't need to edit directly-- as PDF, straight out of my applications. Easy as la-la-la.
PDF is absolutely one of the great innovations of the 90's.
I have not yet understood how any DRM or copyprotection will overcome the problem, that when the content is downloaded/played through legitimate HW&SW it can at the same time be resaved without the copyprotection - atleast in the case of video and audio.
I just posted a long-ass dissertation on how Intertrust works, and I'm not going to repeat it here. But the short version is that Intertrust doesn't care about your ability to copy the encrypted media. In fact, making it easy for customers to copy encrypted media from each other is a big selling point for Intertrust, because it lets the content providers focus on what they like to do: sell licenses. If you copied the Britney Spears CD from your friend but bought your license from us, then we just saved money manufacturing, storing, and shipping that particular CD. Yay.
So copying encrypted content is good and fine. So Intertrust spends is energy instead trying to make sure that encrypted content stays encrypted all the time, up to the point where it goes analog and hits your screen or your speakers or your whatever.
It's not too hard, in principle, to do this. The ancient PGP client had an "eyes only" mode that did the same thing: it decrypted the data, displayed it, then wiped the memory where the cleartext had been, never writing anything to disk. It would have been impossible to get the cleartext out of PGP without some really intrusive method, like somehow reading the actual memory pages of the PGP process, or trojaning the PGP binary itself. So that basic methodology is not a terrible idea.
The key to this is that Intertrust isn't meant to be a general-purpose content encryption system. For example, it wouldn't work for something like stock photography, where you need to be able to place the photo-- unencrypted-- in a page layout program and do all sorts of interactive stuff to it. Intertrust wouldn't work for that at all, because as soon as you decrypted the image, the system would stop protecting it.
But think of Intertrust instead for something like video-on-demand. The set-top box and the upstream servers have Intertrust bits in them that allow you to download (or stream) HDTV-resolution movies to your home over fibre or whatever, with all sorts of customer-friendly rights features. For example, you might be able to spend $5 and get the right to download a movie to your (Intertrust-savvy) PVR and watch it all you want until you feel like deleting it. Or you might be able to spend $19 to be able to download it and burn it (with your Intertrust-savvy disc burner) to a disc that you can own and watch whenever. Or-- and this is the cool part-- you might be able to spend $1 and only have the right to watch the movie in real time once.
In general, instead of saying "you can't do that" to the customers all the time, Intertrust could (in principle) let media distributors say "you can do that, if you buy the rights to" instead, and the system would enforce the arrangement in both directions.
My former employer had a strategic alliance with Intertrust. Guess this is bad news for them. Good.
Here's an overview of how Intertrust's stuff works, what's right with it, and what's wrong with it. This is really complex, but it's not hard to understand at all.
Intertrust's system basically works like this: the seller encrypts the media (video, picture, audio, whatever you want) into what they call a "package." The process also generates what they call a "rights package," which gets stored on a net-connected machine called a "rights server." Rights packages are, of course, also encrypted like crazy. Everything in this system is, with digital signatures like you wouldn't believe. Forgery of a rights package or of an authorization is the biggest vulnerability to the system, and Intertrust knows that.
When you buy the media, you download what they call an authorization. The authorization contains information about what rights package you bought (one media package can correspond to more than one rights package). The thing you're using to do all this-- it could be a computer running special software, or a set-top box, or an MP3 player in your car... whatever-- takes the authorization and downloads the content package from what they call a "content server," along with getting the rights package that defines what rights you bought from the rights server. At this point, you have three things: the content in its package, the rights that define how you can use that content in its package, and an authorization that ties them all together. The authorization, of course, contains some information that uniquely identifies your device, which means that only whole set-- the combination of the content package, the rights package, the device, and the authorization-- can work together.
All of that downloading and transacting is supposed to happen behind the scenes. To the user, it looks like this: Hmm, I think I want that song. Here I go, choosing a rights package from this list of three or four, and putting in my credit card number. Tap, tap, poof! Now I have the song on my MP3 player (or whatever), and I can listen to it according to the rights I bought. It's designed to be easy for the end-user and the provider both, with all the hard stuff happening in software.
Now, the interesting thing is the rights package. A record company might give away free authorizations for single-use rights packages. For instance, you might be able to go to RecordCo's web site and download any song for free and listen to it once; sort of a "try-before-you-buy" thing. If you decide you want the song, but you'll probably get sick of it, you can buy the rights pack that lets you listen to it all you want for a month, and then expires. Or you can buy an unlimited rights pack that lets you listen to it all you want forever. It's really flexible, which is something that DRM systems in general haven't been thus far.
It's worth mentioning, too, that Intertrust does not depend on a new, proprietary media format. You can encrypt anything as an Intertrust package. Intertrust controls how and when you get to access the data-- according to the rules defined in the rights package-- but what that data is and how it's formatted it is entirely flexible. You could wrap an Ogg file up in an Intertrust package if you wanted to, just by running it through the packager tool.
Also interesting is the idea that all of the pieces-- the content package, the rights package, and the authorization-- can be duplicated to your heart's content. Wanna make a copy of a CD so you don't have to worry about scratching the original? Go right ahead. But it'll only play in your CD player, because that's what the authorization says. You can make a copy and give it away, but your friend can't play it in his player because he doesn't have an authorization. He can, however, download an authorization for it quickly and easily. Intertrust calls this "superdistribution," and it's a big selling point for them.
All in all, I think Intertrust's model is the best I've seen. If the world ran on Intertrust, I think it would probably be pretty okay.
But there are problems. Intertrust's system depends on a hell of a lot of infrastructure: every device-- and I mean every device-- that interacts with the Intertrust system has to have an Intertrust client running on it, either in software or in hardware. If your MP3 player isn't Intertrust-compatible, you can forget being able to play those MP3s you downloaded from RecordCo. They simply won't work, because the device won't be able to decrypt the package. This basically means that Intertrust's system can never be used for general-purpose media content protection, because it relies too much on client code ubiquity.
The other obvious down-side is that the system is complex. I don't think it's needlessly complex, per se, but it's complex, and that means there are lots of ways that something could go wrong. That could mean inconvenience to the customer, which is death in this market.
So while it's an okay idea-- probably one that would work well for both sellers and customers if universally deployed-- it's got some serious flaws, too.
Just my two cents. I may have some of my facts wrong-- I never worked for Intertrust, but I got a ton of technical info from them under NDAs and shit, so I think I'm right in the broad sense on all of this. Hmm. NDAs. Oh, well. Fuck it. They can sue me, if they can find me.
See, that's exactly my point. If digital cash is based on the principle of an exchange of promises, the currency is worthless without a robust trust network, which destroys the possibility of anonymity. I won't trust you unless somebody that I trust trusts you, or unless I know you personally. This is a simple recursive algorithm. Eventually we end up with a simple chain of contacts, and that chain can be followed very easily by either the white hats or the black hats to find, at the end of it all, innocent little you. You can't be both totally anonymous and trusted.
Also, if it's based on the idea of an eventual exchange of valuable goods when the promise is carried out, anonymity gets killed twice, because you either have to meet face-to-face to exchange goods-- which makes the whole exercise kind of a circle-jerk-- or you have to have an established trust network, which... but we've covered that before.
Nope. I did get the citation wrong, though. It's not included in All the Myriad Ways; it's in Limits. And it actually carries a subtitle: "Yet Another Modest Proposal: The Roentgen Standard."
It's unfortunately not available on the web, but Larry has given his permission for "Man of Steel, Woman of Kleenex" to be published here. It's great. And where else can you find the unforgettable passage, "But with kryptonian muscles behind it, Kal-El's semen would emerge with the muzzle velocity of a machine gun bullet."
That's three. How many flames of the submitter are we going to see in this article? I was surprised at the first one, and disappointed by the second. Reading this, I'm starting to think that maybe there's a seedy underbelly to "the community" after all. Between you and that Kevin guy who complained about people trying to "spooge off of our work" (that cracked me up), I'm really beginning to understand why open source has the reputation it does in so many circles.
Probably the best thing for "the community" in this instance is for all y'all Microsoft-haters to learn when to keep your pie holes shut and just play nice with the other kids.
I'm seeing a parallel here. It's probably mostly my imagination, but I think there might be a grain of truth to it.
Time and again, it's been demonstrated that any crypto system that precludes resourceful and clever people from getting at stuff they want will be subjected to scrutiny, attacked, and finally broken. Whenever the subject of copy protection and copy-protected media comes up on Slashdot, quick are those who like to point out that every scheme that has been deployed and that has been worth attacking has been attacked and defeated. Many people seem to hold the opinion that this is an inevitable and unavoidable fact of life in the computer age.
Then, over here in this other corner, we have a bunch of people talking about ways of representing money that are purely digital, and that are purely self-contained. After all, it's important that people be able to conduct financial transactions over the Internet with complete anonymity. So ideas like "eCash" and "eGold" get battered around as if it were only a matter of getting the details hammered out.
These two notions, when placed in juxtaposition to one another, amuse me. History-- if we can use that term to refer to a period of a decade or so-- has shown us that it's much harder to build strong crypto systems than most people realize it is, and that even apparently strong systems are vulnerable to attack in ways that can't be defended against, or even predicted. And yet, here we are, debating the virtues of trying to guarantee the integrity of intangible value itself with just such a system.
Hubris, I tells ya. It's all fun and games until somebody loses their life savings.
Slashdot Mirror
Cash absolutely has inherent physical value, just like gold or diamonds. The source of that value is irrelevant; what counts is that everybody agrees that they'll accept these things as payment for goods and services. (Well, not everybody would take gold or diamonds. But they would be safe if they chose to.) If you have an item that you know can be exchanged for something you want, that item has inherent value. Ta-da.
Value is nothing more than a consensual mass delusion. This doesn't make it irrelevant, however.
Digital cash is basically a tradable I.O.U. from some issuer.
But any sequence of bits can be duplicated exactly. So if you have one IOU from Fred, you have a million IOUs from Fred. An IOU from Fred, then, has no value and can't be used as the basis for an exchange. That won't work.
But a digital cash that is as anonymous as physical cash is now would still be useful.
Well, let's just say that I've never found myself pining for it, okay?
The difference about your drug dealer example is that no trust is required for that transaction. Your money, if you will, speaks for itself. It has inherent and verifiable value. If your money is good, I don't care who you are.
But would your drug dealer accept an IOU? Of course not. Not unless he knew who you were, and where you lived, and where your knees were, and how to apply force to them until he gets his money.
So we're right back where we started. Either you have to have a trust network, which blows anonymity, or the currency itself has to have inherent and verifiable value, which isn't possible with a string of bits.
I still say that digital cash is right up there with leprechauns.
Talking about what can be done, and what is likely (perhaps inevitable) is neither FUD nor silly
It is when you're trying to influence somebody's opinion. "Your heart could stop at any minute! Buy Bob's term life insurance!"
That's the textbook definition of FUD: trying to influence somebody's opinion by bringing up dire predictions that, whether strictly possible or not, have no foundation in fact.
So that's enough talk of what might happen, okay? You might get hit by a bus tomorrow, so don't waste your last hours on earth yakking about this shit.
The PGP documentation also emphasises that such a scheme is trivially vulnerable...
Yes, it is, but that's basically what you would call the "analog hole." If you're watching "The Lord of the Rings" on your fancy-schmancy HD VOD set-top box, nobody can stop you from taking a photograph of the screen. Same thing with PGP; nobody can stop you from taking a picture of the screen with the cleartext on it, or copying the cleartext down, or leaving your laptop open while you go to the can. That's basically the "analog hole" and nobody cares about it. Well, some people care, but those people are out of touch with reality. Intertrust, as a rule, doesn't care about it.
Also, remember that we're not talking about computers here. We're talking about things like car stereos and TVs. It's a lot harder to run a debugger on your TV. The digital cleartext would be reasonably safe in an Intertrust world. Meaning it would be sufficiently inconvenient to get at that people would probably just buy the rights they want, and everybody's happy.
Why the massive change of heart?
Heh. I guess when you put my two statements right next to each other like that, it does look like a contradiction. Maybe I should have made it more clear that what I'm really talking about here is the hypothetical merits of the Intertrust system, not the literal strength or weakness of a specific implementation of it. Intertrust is so far away from being a reality right now that it's basically just a daydream, but an interesting one.
Besides, if the system-- not the crypto system, but the whole system-- is well-designed, the motivation to circumvent it will be drastically reduced. Instead of tons of people circumventing it because the system is inconvenient in a serious way, they'll get it down to the very few people who want to circumvent the system just to see if they can. That's something that you'll never be able to eliminate, but it'll be noise-level stuff.
Basically, the idea is to try to find the digital equivalent of the paperback book. You can copy a paperback book, but it's much easier and cheaper to just go out and buy the damn thing. Some people will insist on being perverse and copy their friend's paperback books, but that's just shrinkage and it's easy to live with.
If any DRM system could create the "digital paperback," I think Intertrust could. Hypothetically.
I have to say the whole things sounds like a) a usability nightmare
Nope. If implemented as it's designed on paper, it will actually be extremely user-friendly. I already explained how elsewhere. If you're interested, go read it.
and b) a chance for content providers to nickel-and-dime consumers into the never-never.
As I said in another message, content providers have the right to sell whatever licenses to their media that they want, but right now there's no practical way to do it. Intertrust would, if implemented, give them a way to sell rights packages that people actually want to buy, opening the whole thing up to market forces for price control. What you call "nickel-and-dime," I call "sell me what I want, and only what I want."
You say to-may-toh, I say to-mah-to...
I'm having a really hard time believing that any merchant is going to take a credit card for such a big ticket item, unless they pass on the card company's charge to you
I remember reading somewhere that the merchant fee on a black AmEx card is on a sliding scale. AmEx doesn't take the same percentage of a $100,000 purchase as they do of a $100 purchase. Which makes sense for everybody.
Other than plane tickets, expensive clothing, and insurance, it's pretty hard to run up the balance.
My friend buys a fair amount of jewelry for his wimmins. Stuff in the $50,000 - $150,000 range. He's a dot-com billionaire, and kind of a nut.
So, whats to stop me from putting a recorder inbetween my pvr and my tv??
Nothing. You can do anything with the analog signal that you like.
dropping a computer in there would be very simple to keep it all digital
Wrong. No unencrypted digital outputs from the device, remember?
Intertrust's mechanisms are vaporware
That's technically true, but nobody has ever claimed otherwise so what's the big deal? Intertrust is nothing more than ideas right now, waiting to be implemented.
the analog hole is still as great as ever
Exactly! Which is a good thing, because it means all those fair-use rights are safe and sound.
Cool, your knowledge trumps mine, then. Did I get it mostly right in my post?
Of course, which is why Intertrust doesn't give a damn about the "analog hole." It's a system for protecting digital media only. It completely stops working when the content gets unencrypted for playback or display.
There's no way-- yet, at least-- to "plug the analog hole" (whatever) without eliminating fair-use rights, and Intertrust has been very adamant about wanting to preserve fair-use rights along with all the other rights that apply to a piece of media. Their story-- and the technology supports this-- is that digital rights management protects both parties: the consumer, as well as the producer.
Mhh, but "forever" = "as long as the system is up and working"
Well, sort of. If you buy an unlimited rights authorization, you'll never have to talk to any of the servers again after you redeem that authorization. You'll have encrypted content that can be decrypted by any playback or display device, along with an authorization that basically just says "yup." So, if implemented correctly, you really would be able to do anything with that media any time you wanted, except make an unencrypted bit-for-bit copy of the media itself.
It eliminates the fair-use rights (affirmed by the Supreme Court) that encourage creativity and make life fun. You can no longer mix your own music or add sound tracks to your home movies.
;-)
Nope, just the opposite. Intertrust's system is based on the idea of clearly defining rights, in the rights package, and enforcing them. That means you can't do anything that you don't have the right to do, but it also means that you can't be preventing from doing anything that you do have the right to do, either. Because all the rights will be out there in the open for anyone to see, you'll be able to tell at a glance whether a particular piece of media can be "fair used." (Ugh. Sorry.) If a rights package limits your "fair use" rights, you may even have legal recourse. That depends on the courts.
But like I said, Intertrust's key flaw is that it depends on a ubiquitous infrastructure. If you grant that-- for without it, the whole thing is just talking anyway-- then the customer's fair-use rights will be protected just like the provider's granted rights.
Also, this system only protects the encrypted digital content itself. It doesn't care what you do with the media once it's rendered into an analog form. If you want to take the analog audio output from your MP3 player and plug it in to a recording device, that's entirely up to you. Fair-use rights are not inherently infringed here.
It gives the media companies the power to render local law useless.
Huh? This sounds awfully FUDdy to me. The law-- and I mean local and international laws-- gives copyright holders the right to determine how their works can be used by licensees, with limits. Intertrust is simply a system for turning those rights, which are currently nebulous things defined by a fair bit of hand-waving, into algorithms that computers can understand. It's not about overriding the law at all.
It gives the media companies the power to micro-control your use of the content.
They already have that power. They just have no way of using it. This is an inherent side-effect of copyright law, because copyright law (and international treaties on that subject) says that the copyright holder gets to determine how a licensee can use a copyrighted work. This is nothing new.
In point of fact, a system like this could-- and I emphasize "could"-- be good for consumers who participate in the "disposable culture." Remember my example of a song that you really like but that you're sure you'll be sick of in a couple of weeks? The owner of that song can choose to let you buy a really cheap rights package that entitles you to listen to it all you want for a limited time, for a price of around $1. That would be a good thing in a lot of ways, no?
It gives the media industry the ability to influence the futures of other technologies or even other companies by deciding who gets approved to use it and who doesn't.
Welcome to Earth.
You're ignoring the obvious. There may well be no Intertrust clients for the PC at all. If Intertrust-enabled hardware players for the various media types are cheap and ubiquitous, there will be basically no market demand for software clients. So everything you just said will be a non-issue.
Never really saw the point in playing music or movies with my computer anyway. I have a perfectly good iPod for music, and even though I've got CPU cycles to spare, I don't wanna waste 'em on a music player when I'm working.
The analog hole is not a problem either.
Well, actually, Intertrust has nothing at all to say-- to my knowledge-- on the issue of the "analog hole." Basically their position is that the thing that needs protecting is the digital media. The bits that comprise the media stay encrypted all the time, right up to the point where they need to be played, or displayed, or whatever. Once that happens, it's all over as far as Intertrust is concerned. If you want to make an analog tape of a protected CD and give that tape away, Intertrust won't stop you.
(Makes sense to me. The only "analog hole" out there is the one that a record company exec sits on, anyway.)
See, the thing is, at some point you really have no option but to accept that you can't do just anything with your media. You may not like it, but that's the way it is. Where that point is, exactly, is up to the media producers. They get to define how you can use the media they sell you, by virtue of the fact that they own the media; your options come in the form of rights packages that you can buy. If you buy the "unlimited use" rights package-- if they offer one-- then you'll be able to play the CD anywhere, any time, forever. But you'll have to pay for that privilege.
If you're unwilling to accept compromise in media rights, then maybe you ought to go ahead and start weaning yourself off of CDs and DVDs and such right now. By the time somebody actually succeeds in building a system like this, you'll be off the stuff completely and you'll never notice.
What you say has basically always been true. Intertrust has always been more of a concept shop than an implementation shop. But they have more than just patents. They also have a hell of a lot of design work that's just waiting-- modulo some details here and there-- to be implemented.
If-- and that's a huge if-- Intertrust's system can actually be made to work, I think these guys got themselves quite a bargain.
I was wondering what keeps you from emulating a system that could play the original.
Well, that's the rub, isn't it. And that's part of what I was talking about when I said that Intertrust depends on a shitload of complex infrastructure being in place before it can work.
The key answer has to do with licensing. The Intertrust client is-- well, will be-- a licensed thing, and its inner workings will be a carefully guarded trade secret. So the first obstacle to building a, let's say, MP3 player emulator for your PC will be that you don't have access to an Intertrust client implementation, or any information about the algorithms used by it.
The client may include public-key encryption technology. (The actual implementation of the various encryption pieces of the system is flexible. You might implement complex and secure encryption for a VOD set-top box, because you've got the processing power to pull it off, while an MP3 player includes only simple encryption because it has to keep things simple to keep costs down and preserve battery life.) If so, the hard part would be violating the crypto system. They're sort of taking as read that there will be no Xing-like screwups with the Intertrust infrastructure, and while that's an assumption, I don't think it's a terribly asinine one.
Will that be a perfect defense? No, of course not. But I think it would probably make it inconvenient enough to stop casual hackers, particularly if (in Intertrust's vision) it's just so much easier and cheaper to use a licensed player for the protected media.
As the Linux DVD/DeCSS thing has demonstrated, though, no matter how easy, cheap, and convenient it is to get your hands on a licensed playback device, some people will insist on trying to do things their way even though it's against the rules. Intertrust's goal is to make things as hard as possible for those people without making things inconvenient for legitimate customers.
Most of what I just said is me talking. I'm not repeating any official Intertrust documentation here or anything. These are just educated guesses based on what I've learned about the system over the past year or so. Disclaim, disclaim.
Therefore, let's all adopt PDF.
Hear, hear. It always cracks me up when I hear or read somebody deriding PDF because... well, honestly I'm not sure why. Because Adobe invented it or something. Anyway, they hop up and down and spit and gesticulate about how PDF is bad and wrong, and how TeX and XML are the only true document formats.
Meanwhile, I'm sitting here on my Mac saving everything-- web pages, screen shots, documents, basically everything that I want to keep and don't need to edit directly-- as PDF, straight out of my applications. Easy as la-la-la.
PDF is absolutely one of the great innovations of the 90's.
Sure some of it is FUD on my part
I'm having a hard time understanding how this doesn't make you evil at all.
Or is it just that it's okay for you, but not okay for them?
I have not yet understood how any DRM or copyprotection will overcome the problem, that when the content is downloaded/played through legitimate HW&SW it can at the same time be resaved without the copyprotection - atleast in the case of video and audio.
I just posted a long-ass dissertation on how Intertrust works, and I'm not going to repeat it here. But the short version is that Intertrust doesn't care about your ability to copy the encrypted media. In fact, making it easy for customers to copy encrypted media from each other is a big selling point for Intertrust, because it lets the content providers focus on what they like to do: sell licenses. If you copied the Britney Spears CD from your friend but bought your license from us, then we just saved money manufacturing, storing, and shipping that particular CD. Yay.
So copying encrypted content is good and fine. So Intertrust spends is energy instead trying to make sure that encrypted content stays encrypted all the time, up to the point where it goes analog and hits your screen or your speakers or your whatever.
It's not too hard, in principle, to do this. The ancient PGP client had an "eyes only" mode that did the same thing: it decrypted the data, displayed it, then wiped the memory where the cleartext had been, never writing anything to disk. It would have been impossible to get the cleartext out of PGP without some really intrusive method, like somehow reading the actual memory pages of the PGP process, or trojaning the PGP binary itself. So that basic methodology is not a terrible idea.
The key to this is that Intertrust isn't meant to be a general-purpose content encryption system. For example, it wouldn't work for something like stock photography, where you need to be able to place the photo-- unencrypted-- in a page layout program and do all sorts of interactive stuff to it. Intertrust wouldn't work for that at all, because as soon as you decrypted the image, the system would stop protecting it.
But think of Intertrust instead for something like video-on-demand. The set-top box and the upstream servers have Intertrust bits in them that allow you to download (or stream) HDTV-resolution movies to your home over fibre or whatever, with all sorts of customer-friendly rights features. For example, you might be able to spend $5 and get the right to download a movie to your (Intertrust-savvy) PVR and watch it all you want until you feel like deleting it. Or you might be able to spend $19 to be able to download it and burn it (with your Intertrust-savvy disc burner) to a disc that you can own and watch whenever. Or-- and this is the cool part-- you might be able to spend $1 and only have the right to watch the movie in real time once.
In general, instead of saying "you can't do that" to the customers all the time, Intertrust could (in principle) let media distributors say "you can do that, if you buy the rights to" instead, and the system would enforce the arrangement in both directions.
My former employer had a strategic alliance with Intertrust. Guess this is bad news for them. Good.
Here's an overview of how Intertrust's stuff works, what's right with it, and what's wrong with it. This is really complex, but it's not hard to understand at all.
Intertrust's system basically works like this: the seller encrypts the media (video, picture, audio, whatever you want) into what they call a "package." The process also generates what they call a "rights package," which gets stored on a net-connected machine called a "rights server." Rights packages are, of course, also encrypted like crazy. Everything in this system is, with digital signatures like you wouldn't believe. Forgery of a rights package or of an authorization is the biggest vulnerability to the system, and Intertrust knows that.
When you buy the media, you download what they call an authorization. The authorization contains information about what rights package you bought (one media package can correspond to more than one rights package). The thing you're using to do all this-- it could be a computer running special software, or a set-top box, or an MP3 player in your car... whatever-- takes the authorization and downloads the content package from what they call a "content server," along with getting the rights package that defines what rights you bought from the rights server. At this point, you have three things: the content in its package, the rights that define how you can use that content in its package, and an authorization that ties them all together. The authorization, of course, contains some information that uniquely identifies your device, which means that only whole set-- the combination of the content package, the rights package, the device, and the authorization-- can work together.
All of that downloading and transacting is supposed to happen behind the scenes. To the user, it looks like this: Hmm, I think I want that song. Here I go, choosing a rights package from this list of three or four, and putting in my credit card number. Tap, tap, poof! Now I have the song on my MP3 player (or whatever), and I can listen to it according to the rights I bought. It's designed to be easy for the end-user and the provider both, with all the hard stuff happening in software.
Now, the interesting thing is the rights package. A record company might give away free authorizations for single-use rights packages. For instance, you might be able to go to RecordCo's web site and download any song for free and listen to it once; sort of a "try-before-you-buy" thing. If you decide you want the song, but you'll probably get sick of it, you can buy the rights pack that lets you listen to it all you want for a month, and then expires. Or you can buy an unlimited rights pack that lets you listen to it all you want forever. It's really flexible, which is something that DRM systems in general haven't been thus far.
It's worth mentioning, too, that Intertrust does not depend on a new, proprietary media format. You can encrypt anything as an Intertrust package. Intertrust controls how and when you get to access the data-- according to the rules defined in the rights package-- but what that data is and how it's formatted it is entirely flexible. You could wrap an Ogg file up in an Intertrust package if you wanted to, just by running it through the packager tool.
Also interesting is the idea that all of the pieces-- the content package, the rights package, and the authorization-- can be duplicated to your heart's content. Wanna make a copy of a CD so you don't have to worry about scratching the original? Go right ahead. But it'll only play in your CD player, because that's what the authorization says. You can make a copy and give it away, but your friend can't play it in his player because he doesn't have an authorization. He can, however, download an authorization for it quickly and easily. Intertrust calls this "superdistribution," and it's a big selling point for them.
All in all, I think Intertrust's model is the best I've seen. If the world ran on Intertrust, I think it would probably be pretty okay.
But there are problems. Intertrust's system depends on a hell of a lot of infrastructure: every device-- and I mean every device-- that interacts with the Intertrust system has to have an Intertrust client running on it, either in software or in hardware. If your MP3 player isn't Intertrust-compatible, you can forget being able to play those MP3s you downloaded from RecordCo. They simply won't work, because the device won't be able to decrypt the package. This basically means that Intertrust's system can never be used for general-purpose media content protection, because it relies too much on client code ubiquity.
The other obvious down-side is that the system is complex. I don't think it's needlessly complex, per se, but it's complex, and that means there are lots of ways that something could go wrong. That could mean inconvenience to the customer, which is death in this market.
So while it's an okay idea-- probably one that would work well for both sellers and customers if universally deployed-- it's got some serious flaws, too.
Just my two cents. I may have some of my facts wrong-- I never worked for Intertrust, but I got a ton of technical info from them under NDAs and shit, so I think I'm right in the broad sense on all of this. Hmm. NDAs. Oh, well. Fuck it. They can sue me, if they can find me.
See, that's exactly my point. If digital cash is based on the principle of an exchange of promises, the currency is worthless without a robust trust network, which destroys the possibility of anonymity. I won't trust you unless somebody that I trust trusts you, or unless I know you personally. This is a simple recursive algorithm. Eventually we end up with a simple chain of contacts, and that chain can be followed very easily by either the white hats or the black hats to find, at the end of it all, innocent little you. You can't be both totally anonymous and trusted.
Also, if it's based on the idea of an eventual exchange of valuable goods when the promise is carried out, anonymity gets killed twice, because you either have to meet face-to-face to exchange goods-- which makes the whole exercise kind of a circle-jerk-- or you have to have an established trust network, which... but we've covered that before.
Nope. I did get the citation wrong, though. It's not included in All the Myriad Ways; it's in Limits. And it actually carries a subtitle: "Yet Another Modest Proposal: The Roentgen Standard."
It's unfortunately not available on the web, but Larry has given his permission for "Man of Steel, Woman of Kleenex" to be published here. It's great. And where else can you find the unforgettable passage, "But with kryptonian muscles behind it, Kal-El's semen would emerge with the muzzle velocity of a machine gun bullet."
That's three. How many flames of the submitter are we going to see in this article? I was surprised at the first one, and disappointed by the second. Reading this, I'm starting to think that maybe there's a seedy underbelly to "the community" after all. Between you and that Kevin guy who complained about people trying to "spooge off of our work" (that cracked me up), I'm really beginning to understand why open source has the reputation it does in so many circles.
Probably the best thing for "the community" in this instance is for all y'all Microsoft-haters to learn when to keep your pie holes shut and just play nice with the other kids.
Does this guy sound like a stooge or what?
"This guy" is named Cindy, you idiot.
I'm seeing a parallel here. It's probably mostly my imagination, but I think there might be a grain of truth to it.
Time and again, it's been demonstrated that any crypto system that precludes resourceful and clever people from getting at stuff they want will be subjected to scrutiny, attacked, and finally broken. Whenever the subject of copy protection and copy-protected media comes up on Slashdot, quick are those who like to point out that every scheme that has been deployed and that has been worth attacking has been attacked and defeated. Many people seem to hold the opinion that this is an inevitable and unavoidable fact of life in the computer age.
Then, over here in this other corner, we have a bunch of people talking about ways of representing money that are purely digital, and that are purely self-contained. After all, it's important that people be able to conduct financial transactions over the Internet with complete anonymity. So ideas like "eCash" and "eGold" get battered around as if it were only a matter of getting the details hammered out.
These two notions, when placed in juxtaposition to one another, amuse me. History-- if we can use that term to refer to a period of a decade or so-- has shown us that it's much harder to build strong crypto systems than most people realize it is, and that even apparently strong systems are vulnerable to attack in ways that can't be defended against, or even predicted. And yet, here we are, debating the virtues of trying to guarantee the integrity of intangible value itself with just such a system.
Hubris, I tells ya. It's all fun and games until somebody loses their life savings.