Paul Hardwick: DRM

Administrivia: Possible unscheduled upgrade of Privacy Digest

Sun, 18 Mar 2007 01:39:04 GMT

Administrivia: Possible unscheduled upgrade of Privacy Digest.

I might be implementing an unscheduled upgrade of the site due to some problems with the software I am currently using to run the site. I had been working on upgrading the software to implement some new features but may have to implement sooner than originally planned. If you would like to take a peek at the planned software take a visit to http://www.PrivacyDigest.com/index.php Yes the full URL will have to be entered until I have completed the switch over.

There may be some hiccups during the process as the XML/RSS location will change along with access to the sub-topics. I plan to create mod-rewrite rules to take of this but they may not all be ready on day one.

Please let me know what you think.

EFF: Paper: Who Controls Your Television?

Tue, 13 Mar 2007 20:46:30 GMT

Today, consumers can digitally record their favorite television shows, move recordings to portable video players, excerpt a small clip to include in a home video, and much more. The digital television transition promises innovation and competition in even more great gadgets that will give consumers unparalleled control over their media.

But an inter-industry organization that creates television and video specifications used in Europe, Australia, and much of Africa and Asia is laying the foundation for a far different future -- one in which major content providers get a veto over innovation and consumers face draconian digital rights management (DRM) restrictions on the use of TV content. At the behest of American movie and television studios, the Digital Video Broadcasting Project (DVB) is devising standards to ensure that digital television devices obey content providers' commands rather than consumers' desires. These restrictions will take away consumers' rights and abilities to use lawfully-acquired content so that each use can be sold back to them piecemeal.

Consumers would never choose this future, so Hollywood will try to force it on them by regulatory fiat. DVB's imprimatur may put restrictive standards on the fast-track to becoming legally-enforced mandates, and existing laws already limit evasion of DRM even for lawful purposes. In effect, private DRM standards will trump national laws that have traditionally protected the public's interests and carefully circumscribed copyright holders' rights.

Hollywood has long pursued this goal in the U.S., but its schemes in DVB have taken place behind the public's back and outside of scrutiny by elected officials. In this paper, we will summarize and expose Hollywood's plan.

The Electronic Frontier Foundation (EFF) is the only public interest group to have attended DVB's closed technical meetings. As a condition of participation, DVB imposed restrictions on our ability to report on these meetings. Now, after key parts of DVB's new DRM specification have been sent to the European standards body and may soon be provided to other EU regulators, we are releasing this paper to help consumer organizations and EU regulators understand the significant public policy implications of various DVB work items.

CPCM: A System to Control Innovation, Competition, and Television Viewers

Despite record profits in recent years, American movie and television studios have not relented in their cries that new technologies are a mortal threat to their industry. They sued to block the VCR and the first mass-market Digital Video Recorder (DVR) in the U.S., and, having failed to stamp out recording in those efforts, they have increasingly turned to creating restrictive technical standards backed by law.

Who Controls Your Television?

Tue, 13 Mar 2007 20:37:40 GMT

Who Controls Your Television? Nurgled writes "The EFF, reportedly the only consumer rights organization to be granted membership of the Digital Video Broadcasting consortium, reports that TV and movie industry representatives have been pushing for DRM in the DVB technologies. This in itself is not entirely unexpected, but these talks have been going on in closed meetings. The EFF itself has been blocked from reporting on this until now as a condition of being allowed to attend. The proposed technologies allow rights-holders and broadcasters to severely hamper your ability to make use of broadcast television content, including the ability to retroactively blacklist any devices that consumers may already own that act in ways undesirable to the rights-holder or broadcaster. The EFF concludes that public interest and consumer rights advocates must fight back." [Slashdot: Your Rights Online]

ORG to enlighten music industry on DRM's limitations.

Tue, 13 Mar 2007 19:59:26 GMT

ORG to enlighten music industry on DRM's limitations.

Readying a white paper

The Open Rights Group (ORG) is developing a new paper to inform the music industry about the technical suitability of Digital Rights Management (DRM) as an aid to enforcing copyright.

[The Register - Music and Media]

American Studios' Secret Plan to Lock Down European TV Devices.

Tue, 13 Mar 2007 19:53:46 GMT

American Studios' Secret Plan to Lock Down European TV Devices.

EFF Exposes Standards Jeopardizing Innovation and Consumer Rights

San Francisco - An international consortium of television and technology companies is devising draconian anti-consumer restrictions for the next generation of TVs in Europe and beyond, at the behest of American entertainment giants.

The Electronic Frontier Foundation (EFF) is the only public interest group to have gained entrance into the secretive meetings of the Digital Video Broadcasting Project (DVB), a group that creates the television and video specifications used in Europe, Australia, and much of Asia and Africa. In a report released today, EFF shows how U.S. movie and television companies have convinced DVB to create new technical specifications that would build digital rights management technologies into televisions. These specifications are likely to take away consumers' rights, which will subsequently be sold back to them piecemeal -- so entertainment fans will have to pay again and again for legitimate uses of lawfully acquired digital television content.

"DVB is abetting a massive power grab by the content industry, and many of the world's largest technology companies are simply watching," said Ren Bucholz, EFF Policy Coordinator, Americas. "This regime was concocted without input from consumer rights organizations or public interest groups, and it shows."

Despite recent record profits, American movie and television studios insist that new technologies could ruin their industry. In past battles against innovation, these same studios sued to block the sale of the VCR and the first mass-marketed digital video recorder in the U.S. Having failed in those efforts, they have now turned to creating technical standards that, when backed by law, are likely to restrict consumers' existing rights and threaten the future of technological innovation.

With DVB, the plan begun by entertainment companies in the U.S. has now gone global. EFF's report is aimed at alerting European consumer groups and consumers about the dangers posed by the proposed standards and providing informational resources for European regulators.

"DVB members' active indifference, even hostility, to user rights is shameful," said EFF Staff Technologist Seth Schoen. "When American studios ask for regulatory support for restrictions pushed through the DVB Project, public officials must stand up for consumer rights, sustain competition and innovation, and tell Hollywood to back off."

For the full report:
http://www.eff.org/IP/DVB/dvb_briefing_paper.php

EFF's 2005 Submission to the U.K. Department of Media, Sports and Culture:
http://www.eff.org/IP/DVB/dvb_critique.php

Contacts:

Ren Bucholz
Policy Coordinator, Americas
Electronic Frontier Foundation
ren@eff.org

Seth Schoen
Staff Technologist
Electronic Frontier Foundation
seth@eff.org

[EFF: Breaking News]

Cuban gets stuck into YouTube, demands it squeals.

Thu, 08 Mar 2007 21:47:54 GMT

Cuban gets stuck into YouTube, demands it squeals.

'Talk, morons'

Attention-seeking tech billionaire Mark Cuban has set the legal dogs on YouTube, demanding it snitch on users who uploaded video which one of his investments owns the rights to.

[The Register - Music and Media]

WGA Reports Back To MS Even If You Choose Not To Install - Aviran's Place

Wed, 07 Mar 2007 17:06:01 GMT

Heise online reports on a very interesting action Microsoft is taking during the installation of WGA.

When you start WGA setup and get to the license agreement page but decided NOT to install the highly controversial WGA component and cancel the installation, the setup program will send your info and the fact that you choose not to install WGA back to their servers.

In addition to that it seems that the setup program send some information stored in your registry to http://genuine.microsoft.com/. While it does not specifically identify the user, it looks like it does send some identification of your computer and Windows version (see picture) to Microsoft servers.

Microsoft WGA Phones Home Even When Told No.

Wed, 07 Mar 2007 17:00:00 GMT

Microsoft WGA Phones Home Even When Told No. Aviran writes "When you start WGA setup and get to the license agreement page but decided NOT to install the highly controversial WGA component and cancel the installation, the setup program will send information stored in your registry and the fact that you choose not to install WGA back to Microsoft's servers." [Slashdot]

Techdirt: An Economic Explanation For Why DRM Cannot Open Up New Business Model Opportunities

Mon, 05 Mar 2007 02:11:01 GMT

Continuing my increasingly lengthy series of posts on the economics of non-scarce goods, I wanted to take a look at an issue that I mentioned in passing earlier this week concerning the ongoing insistence among the entertainment industry (and the DRM industry) that DRM somehow will open up new business models. I'd like to explain why, economically, that doesn't make sense.

First, to clarify, I should point out that, technically, I mean that it doesn't make sense that DRM could ever open up feasible or successful business models. Anyone can create a new unsuccessful business model. For example, I'm now selling $1 bills for $1,000. It's a new business model (well, perhaps not to the dot coms of the original dot com boom), but it's unlikely to be a successful one (if you disagree, and would like to pay me $1,000 for $1, please use the feedback form above to make arrangements). However, for a new business model to make sense, it needs to provide more value. Providing more value than people can get elsewhere is the reason why a business model succeeds. So, any new business model must be based on adding additional value.

Why DRM Cannot Open Up New Business Models.

Mon, 05 Mar 2007 02:08:11 GMT

Why DRM Cannot Open Up New Business Models. An anonymous reader writes "Techdirt has a cool post up that doesn't just explain why DRM is bad, but gives a really interesting economic explanation for why DRM cannot create successful new business models. Since the RIAA and MPAA keep insisting that DRM will create new business models, it's useful to see an argument for why that's basically impossible." As the article says, anyone can create a "new" business model. Creating a successful "new" business model is what is so elusive here. [Slashdot]

RIAA's 'Expert' Witness Testimony Now Online.

Sun, 04 Mar 2007 02:43:58 GMT

RIAA's 'Expert' Witness Testimony Now Online. NewYorkCountryLawyer writes "The online community now has an opportunity to see the fruits of its labor. Back in December, the Slashdot ('What Questions Would You Ask an RIAA Expert?') and Groklaw ('Another Lawyer Would Like to Pick Your Brain, Please') communities were asked for their input on possible questions to pose to the RIAA's 'expert'. Dr. Doug Jacobson of Iowa State University, was scheduled to be deposed in February in UMG v. Lindor, for the first time in any RIAA case. Ms. Lindor's lawyers were flooded with about 1400 responses. The deposition of Dr. Jacobson went forward on February 23, 2007, and the transcript is now available online (pdf) (ascii). Ray Beckerman, one of Ms. Lindor's attorneys, had this comment: 'We are deeply grateful to the community for reviewing our request, for giving us thoughts and ideas, and for reviewing other readers' responses. Now I ask the tech community to review this all-important transcript, and bear witness to the shoddy investigation and junk science upon which the RIAA has based its litigation war against the people. The computer scientists among you will be astounded that the RIAA has been permitted to burden our court system with cases based upon such arrant and careless nonsense.'" [Slashdot: Your Rights Online]

BitTorrent Video Download Store Falls Flat.

Fri, 02 Mar 2007 01:47:44 GMT

BitTorrent Video Download Store Falls Flat. seriously writes "We've all heard about BitTorrent going legit this week with legal movie and TV show downloads. Ars Technica took a look at the service to see how usable it was and ran into a few snags, including not being able to download or even open the video files on some computers. However, the ones that they did manage to open varied a lot in quality. Overall, they blame DRM: 'Without knowing whether browser compatibility and dysfunctional video files are a rare occurrence or not, it's hard to say whether BitTorrent's service is a good one overall. Our initial experiences have been disappointing and frustrating, and guess what the culprit is once again? DRM. Why the DRM failed to work on 50% of our purchases is not clear, but whatever the cause, it's simply unacceptable.'" [Slashdot]

Audio Watermark Web Spider Starts Crawling.

Fri, 02 Mar 2007 01:43:48 GMT

Audio Watermark Web Spider Starts Crawling. DippityDo writes "A new web tool is scanning the net for signs of copyright infringement. Digimarc's patented system searches video and audio files for special watermarks that would indicate they are not to be shared, then reports back to HQ with the results. It sounds kind of creepy, but has a long way to go before it makes a practical difference. 'For the system to work, players at multiple levels would need to get involved. Broadcasters would need to add identifying watermarks to their broadcast, in cooperation with copyright holders, and both parties would need to register their watermarks with the system. Then, in the event that a user capped a broadcast and uploaded it online, the scanner system would eventually find it and report its location online. Yet the system is not designed to hop on P2P networks or private file sharing hubs, but instead crawls public web sites in search of watermarked material.'" [Slashdot]

You Can Plead Guilty Here.

Fri, 02 Mar 2007 01:36:31 GMT

You Can Plead Guilty Here. The RIAA unveils P2PLawsuits.com, a site that allows people turned in by their universities or ISPs for copyright infringement to settle their cases in advance of due process. In Listening Post. [Wired News: Top Stories]

MPAA Fires Back at AACS Decryption Utility.

Thu, 01 Mar 2007 23:43:21 GMT

MPAA Fires Back at AACS Decryption Utility. RulerOf writes "The AACS Decryption utility released this past December known as BackupHDDVD originally authored by Muslix64 of the Doom9 forums has received its first official DMCA Takedown Notice. It has been widely speculated that the utility itself was not an infringing piece of software due to the fact that it is merely "a textbook implementation of AACS," written with the help of documents publicly available at the AACS LA's website, and that the AACS Volume Unique Keys that the end user isn't supposed to have access to are in fact the infringing content, but it appears that such is not the case." --- From the thread "...you must input keys and then it will decrypt the encrypted content. If this is the case, than according to the language of the DMCA it does sound like it is infringing. Section 1201(a) says that it is an infringement to "circumvent a technological measure." The phrase, "circumvent a technological measure" is defined as "descramb(ling) a scrambled work or decrypt(ing) an encrypted work, ... without the authority of the copyright owner." If BackupHDDVD does in fact decrypt encrypted content than per the DMCA it needs a license to do that." [Slashdot: Your Rights Online]

Berners-Lee Speaks Out Against DRM, Advocates Net Neutrality.

Thu, 01 Mar 2007 23:31:36 GMT

Berners-Lee Speaks Out Against DRM, Advocates Net Neutrality. narramissic writes "Speaking before the House Subcommittee on Telecommunications and the Internet, Tim Berners-Lee advocated for net neutrality, saying that the Web deserves 'special treatment' as a communications medium to protect its nondiscriminatory approach to content. Berners-Lee's more controversial statements came on the topic of DRM, in which he suggested that instead of DRM, copyright holders should provide information on how to legally use online material, allowing users the opportunity 'to do the right thing.' This led to an odd exchange with Representative Mary Bono who compared Berner-Lee's suggestion to 'having a speed limit but not enforcing the speed limit.'" [Slashdot: Your Rights Online]

RIAA Opposes 'Fair Use' Bill.

Wed, 28 Feb 2007 22:10:42 GMT

RIAA Opposes 'Fair Use' Bill. Congressional move to easing digital copying would "legalize hacking," say music labels. [PC World: Latest Technology News]

Action Alert - Support the FAIR USE Act!

Wed, 28 Feb 2007 22:02:50 GMT

Action Alert - Support the FAIR USE Act!

Reps. Rick Boucher and John Doolittle's FAIR USE Act [PDF] would remove some of the entertainment industry's most draconian anti-innovation weapons and chip away at the Digital Millennium Copyright Act's (DMCA) broad restrictions on fair use. Take action now and tell Congress to help restore balance in copyright now.

Technology companies play a game of Russian roulette whenever they create products with both infringing and non-infringing uses. Current "secondary liability" standards don't provide enough certainty, and if innovators guess wrong, they can be hit with statutory damages as high as $30,000 per work infringed. When it comes to mass-market products like the iPod or TiVo, damages could run into the trillions of dollars -- more than enough to bankrupt anyone from the smallest start-ups to the biggest companies. Unlike in other areas, the private assets of corporate officers, directors and investors are not shielded from liability in copyright cases.

The FAIR USE Act would eliminate statutory damages for secondary liability and allow innovators to make more reasonable business decisions about manageable levels of legal risk. Meanwhile, copyright owners could still get injunctions and actual damages for harm suffered, putting them in no worse a position than civil litigants in most other areas.

The bill would also codify the Supreme Court's "Betamax doctrine" as it pertains to hardware devices, making clear that manufacturers cannot be held liable based on the design of technologies with substantial non-infringing uses.

Finally, the bill would loosen the grip of the DMCA, which restricts circumvention of digital rights management (DRM) restrictions even for lawful uses. The FAIR Use Act adds 12 exemptions, including the ability to circumvent for classic fair use purposes like news reporting, research, commentary, and criticism.

Broader DMCA and copyright reform remains absolutely necessary, but if passed this bill would be a big first step in the right direction. Tell your representatives to support it now.

For more information, read the bill here, and check out this EFF article from last year discussing statutory damages and proposing their elimination in secondary liability cases.

[EFF: Deep Links]

Administrivia: Now we have a overheated CPU ( 60 degrees centigrade )

Tue, 27 Feb 2007 23:39:01 GMT

OK, if the DDOS attack wasn't enough. Now our server went down with a temperature overload. We were up to 60 degrees centigrade when we shut down. The CPU and a broken fan have been replaced.

Administrivia: Our data-center was hit by a DDOS attack today.

Tue, 27 Feb 2007 21:19:59 GMT

Sorry for being either very slow or off the net for a while recently. The data-center we are part of was hit by a DDOS (Distributed Denial Of Service) attack recently. At the moment it looks to be under control, but we are keeping an eye on things.

EMI to Apple, Microsoft: Ditching DRM is going to cost you

Mon, 26 Feb 2007 21:48:25 GMT

Earlier this month it was widely reported that EMI was indeed ready to cast DRM into the dark abyss and earn the company the honorable status of being the first major music label to realize that DRM alienates honest customers. As it turns out, the company is indeed open to the possibility of ditching DRM, but they expect to be paid well for it, and the online music retailers aren't ready to meet their demands.

EMI is the only major record label to seriously consider abandoning the disaster that is DRM, but earlier reports that focused on the company's reformist attitude apparently missed the mark: EMI is willing to lose the DRM, but they demand a considerable advance payment to make it happen. According to Bloomberg, EMI has backed out of talks for now because no one will pay what they're asking. No dollar amounts are known at this time.

EMI ó Ditching DRM is Going To Cost You.

Mon, 26 Feb 2007 21:46:05 GMT

EMI [~] Ditching DRM is Going To Cost You. 33rpm writes "EMI has told online music stores that selling its catalog without DRM is going to cost them a lot of money. 'EMI is the only major record label to seriously consider abandoning the disaster that is DRM, but earlier reports that focused on the company's reformist attitude apparently missed the mark: EMI is willing to lose the DRM, but they demand a considerable advance payment to make it happen. EMI has backed out of talks for now because no one will pay what they're asking.'" [Slashdot: Your Rights Online]

EMI: DRM stays.

Mon, 26 Feb 2007 21:39:04 GMT

EMI: DRM stays.

Talks break up

EMI has broken off talks with digital music download services about providing a DRM-free repertoire.

[The Register - Music and Media]

DRM Causes Piracy.

Sun, 25 Feb 2007 03:26:18 GMT

DRM Causes Piracy. igorsk recommends an essay by Eric Flint, editor at Baen Publishing and an author himself, over at Baen's online SF magazine, Baen Universe. In it Flint argues that, far from curbing piracy of copyrighted materials, DRM actually causes it. Quoting: "Electronic copyright infringement is something that can only become an 'economic epidemic' under certain conditions. Any one of the following: 1) The products they want... are hard to find, and thus valuable. 2) The products they want are high-priced, so there's a fair amount of money to be saved by stealing them. 3) The legal products come with so many added-on nuisances that the illegal version is better to begin with. Those are the three conditions that will create widespread electronic copyright infringement, especially in combination. Why? Because they're the same three general conditions that create all large-scale smuggling enterprises. And... Guess what? It's precisely those three conditions that DRM creates in the first place. So far from being an impediment to so-called 'online piracy,' it's DRM itself that keeps fueling it and driving it forward." [Slashdot: Your Rights Online]

RIAA to Parents: Pop-Ups + Viruses = Piracy!

Sun, 25 Feb 2007 03:01:25 GMT

RIAA to Parents: Pop-Ups + Viruses = Piracy!

If a parent sees pop-up ads and viruses on her computer, she can be sued for copyright infringement by the RIAA.

At least that's what the RIAA is arguing in a recent court filing in the Capitol v. Foster case, in which a federal judge made the RIAA cough up attorney's fees to a mother, Debra Foster, who had been sued because her daughter was file sharing. The RIAA lawyers had dawdled in dismissing their complaint against Foster, even after her child admitted to being the file-sharer in the house (the RIAA went ahead and got a default judgment against the child).

This new filing marks the first time the RIAA has explained its claim that parents are liable for the infringements committed by their children (a theory that has never been accepted by any court, to the best of my knowledge). The argument is pretty remarkable, built on a house of cards including the notion that "everyone knows" pop-up ads and viruses signify piracy! Here's the relevant portion of the RIAA brief:

Given that it has been established that the Kazaa file-sharing program was on the Foster family's computer, the evidence would have established that the Kazaa icon was clearly visible on the computer when defendant was using it and that there were likely a substantial number of pop-up advertisements, the types of which have been associated with the Kazaa program.

In other words, the RIAA believes that pop-up ads and a system tray icon should put every parent on the hook for every download on the computer.

In addition, it is undisputed that defendant had an account with Cox Communications. Defendant's subscriber agreement with Cox made clear that defendant, as the account holder, was responsible for what is done on her account. ...

Here, the RIAA is trying to make a private contract between Cox and the parent into a promise to the RIAA. Of course, since this is standard boilerplate in ISP customer agreements, this argument would apply equally to every broadband subscriber, whether parent, employer, library, or school.

Finally, plaintiffs believe that discovery would have revealed substantial other evidence of defendant's knowledge and material assistance in the underlying infringements. For example, the computer may well have been in a common area such that defendant heard music coming from the computer when admitted infringer Amanda Foster was using it. In addition, the evidence may have established, as it has in other similar cases, that there were viruses on the computer due to Kazaa and that defendant may have had work done on the computer that would have revealed the existence of the file-sharing program. ...

Yes, parents, that means every time you hear music emanating from a computer, the RIAA believes you have a legal duty to check the copyright pedigree of its source. Oh, and if your computer has a virus, same answer.

Similarly, plaintiffs believe that, had they been given the opportunity, they would have been able to prove vicarious infringement. Specifically, plaintiffs would have proved that, as a parent, defendant had the full right and ability to control her daughter's use of the computer at issue. Most parents impose restrictions on computer usage by their children (e.g., rules about pornography sites and chat rooms), and plaintiffs believe that defendant would have done so as well. Plaintiffs further would have proven that defendant had a direct financial interest in her daughter's infringing activities, which, of course, involve substantial sums of money in terms of the value of the recordings at issue and the potential liabilities resulting from such activities.

By this logic, the more responsible you are as a parent, the more the RIAA will be entitled to collect from you. Moreover, the RIAA is confusing the benefit to the child with the benefit to the parent. As every parent knows, just because your kids wants a new CD doesn't mean you would have bought it for them.

Let's be clear what this pretzel logic is really all about -- the RIAA wants to reach a hand into every parent's pocket in order to fuel their mass litigation campaign, irrespective of whether the law supports this. But there is a bigger risk, as well. If court's accept this argument in file-sharing cases, the RIAA will have a precedent to use against every employer, every library, and every school for every copyright infringement committed on its computers. So I'm on the side of the judge in Capitol v. Foster, who dubbed these RIAA arguments "untested and marginal."

For more on parental liability in RIAA file sharing lawsuits, take a look at the memo we prepared on the subject in 2005 (soon to be updated in light of more recent authorities, including Capitol v. Foster).

[EFF: Deep Links]

EFF - miniLinks for 2007-02-21.

Fri, 23 Feb 2007 16:14:58 GMT

miniLinks for 2007-02-21.

Free Congress!
Coders gather to open up more of the legislature's deliberations.

Republicans, Democrats Spat Over IP Rights in Congress TV
After Speaker of the House Nancy Polosi is accused of "pirating" C-SPAN, the TV service reiterates that it has no copyright interest in the video.

Chinese Lawyers Protest Sina's Blog Censorship
Fight the arbitrary nature of China's limits on free speech.

New York Times on the DJ Mixtape Arrests
"DJs continued to release tapes -- some with hastily added tracks on which rappers cursed the RIAA"

Disney Must Consider Sharing Pooh's Honey
The endless fight over the merchandising rights to A.A. Milne's work continues to plague the copyright maximalist company.

Students Balk at University's "Free" Music Deals
One insider's view of dealing with the college-only licensed music services.

Bipartisan Effort to Junk Real ID Law
Democrat Rep. Tom Allen and Republican Rep. Scott Lansley push for reform of costly, invasive national ID mandate.

A 55-inch TV Is too big for the Super Bowl
Consumer electronics mavens scratch their heads at NFL's Super Bowl rules.

UK Government Rejects Calls for DRM Ban
While faulty, DRM is good for price discrimination, Prime Minister's office says.

Framing the DRM Debate
LinuxJournal's Don Marti says it's about more than property.

Europe's Plan to Track Phone and Net Use
Data retention implementation to be far worse than original plans.

UK Now Running 439,000 E-mail and Phone Taps
Report's author declares wiretap error rate "unacceptably high."

[EFF: Deep Links]

Studios, FBI Teach Swedish Cops to Hunt File Sharers.

Fri, 23 Feb 2007 16:10:37 GMT

Studios, FBI Teach Swedish Cops to Hunt File Sharers. The FBI and the MPAA, with the Swedish antipiracy organization Antipiratbyren, are training Swedish law enforcement officers in copyright and piracy matters. [PC World: Latest Technology News]

Music moguls seek security blanket - Los Angeles Times

Thu, 22 Feb 2007 15:24:50 GMT

One way to judge the music industry's troubles is to watch annual sales figures for CDs, which have slumped 25% since 2000. But it's more revealing to chart how the major record companies' attitudes about new business models online have been shifting.

At first the shifts were almost too small to notice, as when the labels started making a handful of downloadable songs available for $2.50 or more. But as the file-sharing phenomenon grew and CD sales slipped, the changes became more pronounced. The labels started offering the rights to songs on terms that didn't cripple their online partners. They embraced Apple's iTunes Music Store, whose anti-piracy technology doesn't actually limit copying. They cut deals with file-sharing companies for subscription services that let users share the songs they rented.

Along the way, though, the major labels adamantly refused to do the kind of deal necessary to replicate what the original Napster, Kazaa and eDonkey had provided: they would not accept a flat fee a "blanket" license that lets Internet service providers sell an all-you-can-eat sonic buffet, enabling customers to download, burn and swap as much as they pleased. The rights would be included in the cost of a high-speed Internet access line, so the downloads would seem free while still generating royalties for artists, songwriters, labels and publishers.

That reticence may be giving way, too, thanks to the relentless decline in revenue. Just look at what the head of the major record companies' global trade group, let slip last month at a music-industry gathering in France. If Internet service providers "want to come to us and look for a blanket license for an amount per month," IFPI chief John Kennedy said, "let's engage in that discussion."

His U.S. counterpart, Mitch Bainwol of the Recording Industry Assn. of America (RIAA), quickly added that the licenses should be negotiated voluntarily, not compelled by the government. So that part of the labels' thinking hasn't changed. Nevertheless, Kennedy's remark reflects a potential sea change in the way the record companies do business. If the labels follow through, it could trigger the greatest explosion in innovation since engineers at the Fraunhofer Institute in Germany developed the MP3 format.

That's a big "if," but two of the four majors have already taken the first step. In England, a venture called PlayLouder MSP is negotiating deals with record companies and music publishers for a competitively priced high-speed Internet access service that will include the right to download millions of songs, transfer them to portable devices and share them with friends. The main restriction is that subscribers can't send songs to people who aren't customers of PlayLouder MSP. In other words, it's a private electronic playground for music lovers.

The company, which expects to launch its service this year, plans to put a chunk of the monthly service charges into a royalty pool that would be divided according to popularity--the more often a song is downloaded, the larger the share of the pool that its copyright holders will receive. To monitor the network and enforce its borders, PlayLouder MSP relies on technology that can identify songs as they pass through the network--and, if necessary, block them. So far, several large independent labels from the U.S. and the U.K. have agreed to let the company offer MP3s of all their songs, while two of the majors, Sony BMG and EMI, have agreed to supply songs wrapped in electronic locks. Those locks won't make much difference, though; as part of the deal, subscribers will be free to share MP3s from all of PlayLouder MSP's partners, including Sony BMG and EMI.

LA Times: Start Blanket Licensing, Stop Blanket Lawsuits.

Thu, 22 Feb 2007 15:19:11 GMT

LA Times: Start Blanket Licensing, Stop Blanket Lawsuits.

The major record labels have stayed the course for the last five years with predictable results -- they've stuck by DRM, ratcheted up their file sharing lawsuit campaign, and let revenues continue to slide. Today, the LA Times suggests some reasons to think the labels may finally be coming around to a sensible solution that EFF has long advocated -- blanket licenses for music fans to share as much music as they like for a flat monthly fee.

"If Internet service providers 'want to come to us and look for a blanket license for an amount per month,' IFPI chief John Kennedy said, 'let's engage in that discussion....'
In the past, label executives made three main arguments against the blanket-licensing concept: it turned their companies into glorified marketing firms; it forced labels to fight over a fixed pool of dollars, so that one artist's gain was another one's loss; and there wouldn't be enough money in the pool to replace all the CD sales that would be lost. The first two complaints get little mention today; instead, the make-or-break issue for blanket-licensing deals is the amount of royalties the service can generate."

"That's the right focus. Blanket licensing wouldn't transform labels into advertising companies; the only element of their business they would lose is the part that distributes plastic discs, and that's going away anyway. When consumers can choose from a virtually unlimited supply of songs, the ability of a label to find, sign and promote the most compelling artists will be even more important than it is today. And the fees that consumers pay for downloading rights represent only a portion of the money [that blanket licensing] could generate for copyright holders. There's also money to be made from advertisers, mobile phone companies, device makers and premium music services that want to insert themselves into the network."

As we point out in our white paper about blanket licensing, even a small monthly fee from the millions of American filesharers could provide more profit than the industry has ever seen.

Unfortunately, the record labels haven't done a complete 180 from their backward-thinking ways. For instance, the labels seem eager to coopt ISPs into helping push their file sharing lawsuit campaign even further, and the AP reports that the labels have radically increased their copyright notices aimed at college students. Neither of these actions will put a dime in artists' pockets or get the labels any closer to a real solution.

The LA Times story closes by saying, "You have to wonder how low [major label revenues] have to go before blanket licenses look like a better approach than blanket lawsuits." To put it another way: how much longer do ordinary music fans and innovators have to be treated like criminals before a better way forward is finally pursued?

[EFF: Deep Links]

AACS: Slow Start on Traitor Tracing.

Mon, 19 Feb 2007 20:45:38 GMT

AACS: Slow Start on Traitor Tracing.

[Previous posts in this series: 1, 2, 3, 4, 5, 6, 7, 8.]

Alex wrote on Thursday about the next step in the breakdown of AACS, the encryption scheme used on next-gen DVD discs (HD-DVD and Blu-ray): last week a person named Arnezami discovered and published a processing key that apparently can be used to decrypt all existing discs.

We[base ']ve been discussing AACS encryption, on and off, for several weeks now. To review the state of play: the encryption scheme serves two purposes: key distribution and traitor tracing. Key distribution ensures that every player device, except devices that have been blacklisted, can decrypt a disc. Traitor tracing helps the authorities track down which player has been compromised, if key information is leaked. The AACS authorities encode the header information for each disc in such a way that keys are distributed properly and traitor tracing can occur.

Or that[base ']s the theory, at least. In practice, the authorities are making very little use of the traitor tracing facilities. We[base ']re not sure why this is. They surely have an interest in tracing traitors, and failing to encode discs to facilitate traitor tracing is just a lost opportunity.

The main traitor tracing feature is the so-called sequence key mechanism. This mechanism is not used at all on any of the discs we have seen, nor have we seen any reports of its use.

A secondary traitor tracing feature involves the use of processing keys. Each player device has a unique set of a few hundred device keys, from which it can calculate a few billion different processing keys. Each processing key is computable by only a fraction of the players in the world. Each disc[base ']s headers include a list of the processing keys that can decrypt the disc; any one of the listed processing keys is sufficient to decrypt the disc.

For some reason, all existing discs seem to list the same set of 512 processing keys. Each player will be able to compute exactly one of these processing keys. So when Arnezami leaked a processing key, the authorities could deduce that he must have extracted it from a player that knew that particular processing key. In other words, it narrowed down the identity of his player to about 0.2% of all possible players.

Because all existing discs use the same set of processing keys, the processing key leaked by Arnezami can decrypt any existing disc. Had the authorities used different sets of processing keys on different discs [~] which was perfectly feasible [~] then a single processing key would not have unlocked so many discs. Arnezami would have had to extract and publish many processing keys, which would have made his job more difficult, and would have further narrowed down which player he had.

The ability to use different processing key sets on different discs is part of the AACS traitor tracing facility. In failing to do this, the authorities once again failed to use the traitor tracing mechanisms at their disposal.

Why aren[base ']t the authorities working as hard as they can to traitor-trace compromised players? Sure, the sequence key and processing key mechanisms are a bit complex, but if the authorities weren[base ']t going to use these mechanisms, then why would they have gone to the difficulty and expense of designing them and requiring all players to implement them? It[base ']s a mystery to us.

Share This

[Freedom to Tinker]

Macrovision's DRM valentine: Consumers not only need it, they will love it

Mon, 19 Feb 2007 20:30:00 GMT

Fred Amoroso is the CEO of Macrovision, a company that earns its keep by inventing and maintaining DRM systems and charging Hollywood an arm and a leg for it. The two are a good match, insofar as they both greatly fear technology, and both spin amazing tales to bolster their views.

In the wake of Steve Jobs' fashionably-late missive against DRM, Amoroso has crafted a response that seeks to convince us all that DRM is not only needed, it's actually a fantastic "enabler" that consumers should embrace. He focuses on four arguments:

DRM is broader than just music
DRM increases, not decreases consumer value
DRM will increase electronic distribution
DRM needs to be interoperable and open

DRM is indeed broader than music, and it's no surprise that the CEO of a DRM-producing company would like to see DRM put on everything possible, particularly movies, music, games and software. The reasons why we should want this are ridiculous.

How to Explain DRM to Your Dad.

Sun, 18 Feb 2007 23:02:31 GMT

How to Explain DRM to Your Dad. Several DRM-related scenarios help you explain the problem with digital rights management to people who don't see what's wrong with it. In Listening Post. [Wired News: Top Stories]

Upgrade to Vista, Get More DRM.

Fri, 16 Feb 2007 18:02:51 GMT

Upgrade to Vista, Get More DRM. Watching "premium content" in Windows Vista requires users to play nice with Microsoft's built-in digital rights controls. In Monkey Bites. [Wired News: Top Stories]

Hacker cracks HD copy protection.

Wed, 14 Feb 2007 23:51:01 GMT

Hacker cracks HD copy protection.

Years to develop; days to break

A lone hacker has unlocked the master key preventing the copying of high-definition DVDs in a development that is sure to get the entertainment industry's knickers wrapped tighter than a magnet's coil. What's more, the individual was able to defeat the technology with no cracking tools or reverse engineering, despite the millions of dollars and many years engineers put into developing the AACS (Advanced Access Content System) for locking down high-definition video.

[The Register - Music and Media]

New Hack Simplifies HD Video Copying.

Wed, 14 Feb 2007 23:26:52 GMT

New Hack Simplifies HD Video Copying. Hacker claims to have discovered cryptographic key that can circumvent copy restrictions on HD DVD and Blu-ray movies. [PC World: Latest Technology News]

Music Exec Rebuts Apple's Critique of DRM.

Wed, 14 Feb 2007 23:25:13 GMT

Music Exec Rebuts Apple's Critique of DRM. Warner Music CEO defends use of protection technology after criticism by Jobs. [PC World: Latest Technology News]

Schneier: Why Microsoft Sold Out Consumers in Vista.

Tue, 13 Feb 2007 23:19:17 GMT

Schneier: Why Microsoft Sold Out Consumers in Vista.

Today, the PC industry needs Hollywood more than Hollywood needs the PC. Most consumers rely on traditional consumer electronics devices to view DVDs and TV content, but companies like Microsoft are betting on the converged digital home and desperately want a bigger piece of the media device market. Because of the DMCA, Microsoft has to get permission to build devices compatible with Hollywood's DRMed content. So when Hollywood demanded that Microsoft lard Vista with restrictions to access high-def DVD and digital cable content, the software giant was in a weak bargaining position.

But as Bruce Schneier explains in a recent editorial (via BoingBoing), Vista's DRM may also be a play to turn the tables and turn Microsoft's platform into a distribution channel on which Hollywood relies:

"[W]hile it may have started as a partnership, in the end Microsoft is going to end up locking the movie companies into selling content in its proprietary formats.
"We saw this trick before; Apple pulled it on the recording industry. First iTunes worked in partnership with the major record labels to distribute content, but soon Warner Music's CEO Edgar Bronfman Jr. found that he wasn't able to dictate a pricing model to Steve Jobs. The same thing will happen here; after Vista is firmly entrenched in the marketplace, Sony's Howard Stringer won't be able to dictate pricing or terms to Bill Gates. This is a war for 21st-century movie distribution and, when the dust settles, Hollywood won't know what hit them....

"Microsoft is reaching for a much bigger prize than Apple: not just Hollywood, but also peripheral hardware vendors. Vista's DRM will require driver developers to comply with all kinds of rules and be certified; otherwise, they won't work. And Microsoft talks about expanding this to independent software vendors as well. It's another war for control of the computer market."

Schneier overstates his case a bit when he says Microsoft could have simply refused Hollywood's demands for DRM and Hollywood would have released today's high-def video content for Vista anyway. But he's right that Microsoft would very much like to lock content vendors into a distribution channel that it controls, including for channels like IPTV and digital downloads. And the more Hollywood depends on Microsoft, the more Microsoft may be able to limit competition from other tech companies' platforms and devices.

[EFF: Deep Links]

The Business of Threatening New Technologies.

Mon, 12 Feb 2007 01:56:11 GMT

The Business of Threatening New Technologies.

This week, Hollywood started to ramp up its lobbying efforts by holding a symposium in D.C. called "The Business of Show Business." During a luncheon speech, Warner Bros Chairman and CEO Barry Meyer took some shots at Consumer Electronics Association President and CEO Gary Shapiro and stated, "history shows that [the major movies studios] are often adapters and embracers of new technologies."

...except for all those times when they've tried to crush innovation instead. In response, CEA has published this open letter [DOC] from Shapiro that makes the real historical record plain: (links, mine)

"In the last few decades, the motion picture industry came late to digital television and actually used every means possible to block new useful technology. Consider:
- the lawsuit seeking to stop the VCR
- the efforts to pass legislation blocking video rentals
- the lawsuit against ReplayTV, a PVR start-up, (the company was bankrupted by the lawsuit)
- the lawsuit against ClearPlay, a company with technology that deleted obscene content
- the lawsuit against Sima, a company which sells editing technology to wedding videographers
- the lawsuit against Kaleidescape, a company that lets consumers send lawfully acquired DVDs around their home
- the lawsuit against Load 'N Go, a company which sold pre-loaded iPods with DVDs, as long as the consumer also bought the DVD.

"The recent legislative efforts to mandate technological changes to stop copying, block the so-called 'analog hole' and impose other 'fixes' on the technology industry certainly make your claim of embracing new technology a bit hollow.

"We both agree that those who profit from the unauthorized, mass redistribution of content do so illegally. And we both agree that the creative community deserves fair compensation for its works, which are enjoyed by so many around the world. Where we apparently disagree is in how to treat ordinary, law-abiding citizens. Consumers should not expect free, but they do expect freedom -- the freedom to enjoy their lawfully acquired content when, where and how they want. That freedom is enabled by today's digital world and should be embraced by the content community."

Read the whole letter here [DOC], as well as Shapiro's speech at CES [PDF].

[EFF: Deep Links]

EFF - Steve Jobs: DRM Is Bad for Consumers, Innovators, And Artists.

Thu, 08 Feb 2007 17:22:06 GMT

Steve Jobs: DRM Is Bad for Consumers, Innovators, *And* Artists.

Today, Apple's Steve Jobs publicly threw down this gauntlet: "If the big four music companies would license Apple their music without the requirement that it be protected with a DRM, we would switch to selling only DRM-free music on our iTunes store... Apple will embrace this wholeheartedly."

Why should the labels listen?

DRM is bad for consumers: "[A] world where every online store sells DRM-free music encoded in open licensable formats ... is clearly the best alternative for consumers."
DRM is bad for innovation: "If [DRM] requirements were removed, the music industry might experience an influx of new companies willing to invest in innovative new stores and players."
DRM is bad for artists: "So if the music companies are selling over 90 percent of their music DRM-free [as audio CDs], what benefits do they get from selling the remaining small percentage of their music encumbered with a DRM system? There appear to be none.... [More innovation in stores and players spurred by DRM-free downloads] can only be seen as a positive by the music companies."

Jobs isn't the only music service provider to invite an end to music download DRM -- Yahoo!'s Dave Goldberg has long urged the labels to remove the restrictions, and Real's Rob Glaser said last month that "DRM-free purchases is an idea in ascendance and whose time has come."

We agree wholeheartedly with Jobs, since EFF has been making exactly the same points for several years now. As a first step in putting his music store where his mouth is, we urge him to take immediate steps to remove the DRM on the independent label content in the iTunes Store. Why wait for the major record labels? Many independent labels and artists already recognize that DRM is a dumb idea for digital music, as demonstrated by the availability of their music on eMusic. Apple should let them make that music available without DRM in the iTunes Store now.

There are also bigger lessons here for policymakers. The harm done by DRM could be reduced by reforming the DMCA to allow the evasion of DRM for lawful purposes. Moreover, Jobs' remarks are another reason for policymakers to reject proposed government DRM mandates, which would only serve to further harm innovation, consumers, and artists. Clearly what's needed in the digital music world is less, not more, DRM.

Make your voice heard in Congress now by opposing mandatory digital and satellite radio restrictions.

[EFF: Deep Links]

RIAA urges Apple to spread DRM far and wide.

Thu, 08 Feb 2007 16:22:06 GMT

RIAA urges Apple to spread DRM far and wide.

Steve, you're so smart

The RIAA has seized on the weakest part of Steve Jobs' anti-DRM manifesto by banging on Apple to license its FairPlay technology to other companies.

[The Register - Music and Media]

Hollywood on the Hill: Time to Bury the Broadcast Flag?

Wed, 07 Feb 2007 17:43:44 GMT

Hollywood on the Hill: Time to Bury the Broadcast Flag?

Hollywood is in full force today on Capitol Hill,hosting "The Business of Show Business Industry Symposium"(pdf) with stars such as Sex, Lies & Videotape director Steven Soderbergh and An Officer and a Gentleman Director Taylor Hackford talking about how central copyright is to the business of movie making.

We don't disagree with that notion of course, but what we don't usually agree with Hollywood about is the means by, and the degree to which, government should protect those copyrights. Over the past 5 years, Hollywood and the recording industry have pushed numerous proposals in Congress, and they have tended to fall into several categories: 1) government technology mandates like the broadcast flag; 2) expanding secondary copyright liability (like the "Induce Act"); 3) expanding the permissions culture (e.g., licensing temporary or buffer copies); and 4) increasing punishment for copyright infringement that falls just short of death by hanging. The good news is that most of these efforts have failed. The bad news is that with a Democratic-controlled Congress and one year until a Presidential election, you can bet your mortgage that they will be pushing these, and other initiatives hard in 2007.

But as time goes on and the public's (and the content industry's) use of technology and digital media change, it makes it harder and harder to make the case for these proposals. Take, for example, our favorite technology mandate, the broadcast flag. For those newcomers to this blog, the FCC's 2003 broadcast flag rules would have given the government the power to dictate technological design, and as a result, limit lawful uses of digital technology. The rules would have required FCC pre-approval for every technology that could demodulate a digital TV signal, as well as for those technologies (like Digital Video Recorders or even cellphones) that are "downstream" from digital TV devices. Public Knowledge brought a court challenge on behalf of it and eight other public interest, library and cyberliberties organizations, and in May 2005 a federal appeals court struck down the rules. Hollywood has been trying to get Congress to reinstate it ever since.

Even assuming that there was ever a rationale for the broadcast flag, does it exist anymore? And would such a rule even be in the best interests of the content industries? Let's take a look:

[Public Knowledge - Policy Blog]

Apple Offers to Sell DRM-Free Music.

Wed, 07 Feb 2007 17:18:30 GMT

Apple Offers to Sell DRM-Free Music.

The Net is buzzing with talk about the open letter posted by Apple CEO Steve Jobs yesterday. In an apparent reversal, Jobs offers to sell MP3 files, free of anti-copying DRM technology, on the iTunes Music Store if the major record companies allow it.

Much as I would like to see Apple renounce DRM entirely, that[base ']s not quite what Jobs is saying. The letter describes three possible futures for Apple[base ']s music technology: (1) continue the current path with a closed Apple-only DRM system; (2) license Apple[base ']s DRM technology to other companies to build compatible systems; and (3) sell DRM-free music.

Apple[base ']s preferred outcome, Jobs says, is outcome (3), selling DRM-free music. This is notable, and somewhat surprising, as the consensus has been that Apple strategy has been to seek outcome (1), using its proprietary DRM to lock customers in to its iTunes-iPod world. If Apple really prefers to eliminate DRM, that is news.

But this part of the letter might just be cheap talk. As Jobs points out in the letter, Apple sells music at the pleasure of the record companies. And if the record companies announce tomorrow that they don[base ']t want Apple to use DRM, then Apple will have little choice but to smile and go along.

So there is little downside to Apple saying that they they willing to get rid of DRM. In this respect, Apple is like the kid who says he is willing to go to the dentist, because he knows that no matter what he says he[base ']s going to see the dentist whenever his parents want him to.

The least-discussed aspect of the letter is its praise for the status quo (outcome (1)). Jobs says that the current system is working well:

The first alternative is to continue on the current course, with each manufacturer competing freely with their own 'top to bottom' proprietary systems for selling, playing and protecting music. It is a very competitive market, with major global companies making large investments to develop new music players and online music stores. Apple, Microsoft and Sony all compete with proprietary systems. Music purchased from Microsoft' Zune store will only play on Zune players; music purchased from Sony's Connect store will only play on Sony's players; and music purchased from Apple's iTunes store will only play on iPods. This is the current state of affairs in the industry, and customers are being well served with a continuing stream of innovative products and a wide variety of choices.

His real scorn is for outcome (2), where Apple licenses its DRM technology to other companies. It[base ']s easy to see why this is the worst outcome for Apple [~] the company loses its ability to lock in customers, but everybody still has to put up with the cost and hassle of using DRM.

What the letter really does, in typical Jobsian fashion, is frame the debate. It does this in two respects. First, it sets up a choice between two alternatives: stay the course, or get rid of DRM entirely. Second, it points the finger at the major record companies as the ones making the choice.

This is both a clever PR move and a proactive defense against European antitrust scrutiny. Mandatory licensing is a typical antitrust remedy in situations like this, so Apple wants to take licensing off the table as an option. Most of all, Apple wants to deflect the blame for the current situation onto the record companies. Steve Jobs is a genius at this sort of thing, and it looks like he will succeed again.

Share This

[Freedom to Tinker]

BBC NEWS | Technology | How the net turns code into politics

Tue, 06 Feb 2007 15:01:20 GMT

The freedoms built in to the net are under attack like never before, argues regular columnist Bill Thompson.

The launch of Windows Vista last week was accompanied by widespread criticism from advocates of open systems, open networks and the free flow of information.

Particular attention was lavished on the digital rights management (DRM) features of the new operating system, the tools that determine whether you can play or copy video or audio on your computer.

[...]

The internet that we know today is changing, turning from an open, enabling and profoundly public space into a communications system which can be regulated, controlled, monitored and - where necessary - curtailed.

A regulated internet does not have to be a closed internet, but the trend is clearly towards increased control and the loss of the freedoms which the net has provided thus far. We must understand how this is happening before we can find ways to resist it.

Today's internet has a technical architecture which expresses certain liberal values, largely concerned with fair access to the net's resources, lack of centralised control, support for freedom of speech, openness to innovation, and resistance to monopoly - either cultural, economic or technological.

Vista a Threat to Internet Freedom?

Tue, 06 Feb 2007 14:57:00 GMT

Vista a Threat to Internet Freedom? BBC columnist Bill Thompson warns readers that new DRM technology, especially that found in Vista, is damaging the freedoms that the internet was based on. "The freedom of expression that was once available to users of the Internet Protocol is being stripped away. Our freedom to play, experiment, share and seek inspiration from the creative works of others is increasingly restricted so that large companies can lock our culture down for their own profit. [...] governments and corporations around the world are making a concerted effort to dismantle the open internet and replace it with a regulated and regulable one that will allow them to impose an 'architecture of control.'" [Slashdot: Your Rights Online]

Solving DRM in the BitTorrent Age.

Fri, 02 Feb 2007 02:14:44 GMT

Solving DRM in the BitTorrent Age. An anonymous reader writes "FiringSquad has a new article on DRM in the BitTorrent Age. They argue that the movie industry looking for "perfect DRM" should aim for the printed book model (people still buy books even though they can read them for free at Barnes & Noble). They argue that the missing element is that screenwriters are not marketed by Hollywood in the same way the book industry markets its authors." [Slashdot: Your Rights Online]

Groklaw - A Brave New Modular World - Another MS Patent Application

Fri, 02 Feb 2007 02:03:10 GMT

A reader sent me a link to a new patent application by Microsoft. Not the Bluej one, which has been in the news and which Microsoft, commendably, has withdrawn, but another one, for what seemed to me to be a modular operating system, "System and method for delivery of a modular operating system".

Microsoft and modular are two words I wouldn't normally associate with one another, so I thought maybe I'd misunderstood it. Heaven only knows, patent applications are generally written to confuse, not illuminate, and so I sent it to Dr. Stupid to ask if he'd please explain it to me. He did, and his explanation was so interesting, I asked if I could share it with you.

As best as I can understand it, it's not an attempted patent on a modular system per se. That obviously wouldn't fly. As he points out, it's not new. The patent relates to a method of delivery of an operating system where you start off with a very basic operating system, a kind of crippled starter edition, and then you pick and choose (and purchase) additional functionality, with DRM used to make sure you don't self-help. It's like modular copyleft, turning the advantages of GNU/Linux -- modularity there increases what you can do and what you can add and how well everything works -- and instead turns the concept on its head by using modularity plus DRM to restrict and contain and enforce.

Microsoft Applies To Patent DRM'ed OS Modules.

Fri, 02 Feb 2007 01:59:09 GMT

Microsoft Applies To Patent DRM'ed OS Modules. wellingj writes "Microsoft has applied for a patent that sounds on the face of it like it ought to improve OS stability and reliability: the patent proposes to modularize device drivers much like Linux does. But, going further, Microsoft would apply DRM to these modules -- as Groklaw puts it, 'using modularity plus DRM to restrict and contain and enforce.' The net result is that you might have to pay extra for OS hardware support. Things like USB keys, DVD-ROMS, Raid drives, and video cards might not be supported out of the box. LXer indulges in some dystopian speculation." [Slashdot: Your Rights Online]

EFF - miniLinks for 2007-01-30.

Thu, 01 Feb 2007 02:41:50 GMT

miniLinks for 2007-01-30.

DMCA for China?
A new copyright law would make it an offense in China to "break encryption set by copyright owners."

AACS to Pursue DRM Circumventors
Says it will use "both technical and legal measures." So, will they be suing their own members for leaving the title keys in the clear?

Vista's New DRM Crumbles
Alex Ionescu bypasses the driver-signing requirement for playing Vista premium content. This would mean that you could play HD movies using open source hardware, except that Alex is cagey about publishing with the DMCA hanging over his head.

Vista's Fine Print
Michael Geist on the legal agreements buried in Microsoft Vista's EULA.

We've Got a Warrant Now, Can You Leave Us Alone?
The government seeks to dismiss the ACLU's NSA spying program lawsuit after obtaining a secret order from a secret court.

Gonzalez Claims Constitution Has Fine Print
It doesn't grant habeas corpus, he says, in defiance of the text.

Hillary Clinton on Privacy
Wants to introduce an EU-style data protection bill and suggests that dragnet surveillance might be conducted in an "anonymized" way.

Pontiac Donates to EFF?
Detroit's local newspaper covers a strange twist to a Pontiac Second Life experiment.

Diebold Shows How to Make Your Own Voting Machine Key
Diebold's pictures of replacement e-voting keys are sufficient to construct them yourself.

Publishers Plan Dirty Tactics Against Open Science
PR's "pit bull" gives his ideas for fighting the free dissemination of scientific works.

[EFF: Deep Links]

Sony Settles FTC Suit Over Music CD Spyware.

Thu, 01 Feb 2007 02:36:18 GMT

Sony Settles FTC Suit Over Music CD Spyware.

Sony BMG Music Entertainment on Tuesday said that it had agreed to settle charges brought by the Federal Trade Commission for shipping dozens of music CDs -- that when played on a Microsoft Windows computer -- installed a hidden anti-piracy program that spied on users' listening habits and restricted the number of copies that could be made.

"Installations of secret software that create security risks are intrusive and unlawful," FTC Chairman Deborah Platt Majoras said in a written statement. "Consumers' computers belong to them, and companies must adequately disclose unexpected limitations on the customary use of their products so consumers can make informed decisions regarding whether to purchase and install that content."

Majoras' comments echoed those of Stewart Baker, an assistant secretary at the Department of Homeland Security. He indirectly slammed Sony shortly after the scandal broke in November 2005.

The terms of the FTC settlement closely track those outlined in two similar settlements from cases brought by attorneys general in Texas and California. The FTC settlement requires Sony BMG to "clearly disclose limitations on consumers' use of music CDs, bars it from using collected information for marketing, prohibits it from installing software without consumer consent, and requires it to provide a reasonable means of uninstalling that software. The settlement also mandates that Sony BMG allow consumers to exchange the CDs through June 31 and reimburse consumers for up to $150 to repair damage to their computers that they may have suffered in trying to remove the software."

Sony's secret software actually employed techniques similar to those found in "rootkits," a term used to described some of the file-hiding tactics used by some of the most advanced computer viruses in circulation today.

Security experts found that viruses or attackers also could use Sony's software to hide on a user's PC. Indeed, a virus later appeared that took advantage of that capability. The company that built the software for Sony later issued a patch to help people remove the software. However, the patch ultimately introduced its own set of security and stability problems after it was installed.

For a more in-depth look at the issue, refer back to two dozen or so of my blog posts: Piracy.

[Security Fix]

Sony Settles With FTC Over Rootkit Debacle.

Thu, 01 Feb 2007 02:31:50 GMT

Sony Settles With FTC Over Rootkit Debacle. Company agrees to settle charges over copy-protection software it included in music CDs. [PC World: Latest Technology News]

Vista DRM Cracked by Security Researcher.

Mon, 29 Jan 2007 19:17:58 GMT

Vista DRM Cracked by Security Researcher. An anonymous reader writes "Security researcher Alex Ionescu claims to have successfully bypassed the much discussed DRM protection in Windows Vista, called 'Protected Media Path' (PMP), which is designed to seriously degrade the playback quality of any video and audio running on systems with hardware components not explicitly approved by Microsoft. The bypass of the DRM protection was in turn performed by breaking the Driver Signing / PatchGuard protection in the new operating system. Alex is now quite nervous about what an army of lawyers backed by draconian copyright laws could do to him if he released the details, but he claims to be currently looking into the details of safely releasing his details about this at the moment though." [Slashdot]

Michael Geist - Vista's Fine Print Raises Red Flags

Mon, 29 Jan 2007 17:13:53 GMT

Vista's legal fine print includes extensive provisions granting Microsoft the right to regularly check the legitimacy of the software and holds the prospect of deleting certain programs without the user's knowledge. During the installation process, users "activate" Vista by associating it with a particular computer or device and transmitting certain hardware information directly to Microsoft.

Even after installation, the legal agreement grants Microsoft the right to revalidate the software or to require users to reactivate it should they make changes to their computer components. In addition, it sets significant limits on the ability to copy or transfer the software, prohibiting anything more than a single backup copy and setting strict limits on transferring the software to different devices or users.

Vista also incorporates Windows Defender, an anti-virus program that actively scans computers for "spyware, adware, and other potentially unwanted software." The agreement does not define any of these terms, leaving it to Microsoft to determine what constitutes unwanted software. Once operational, the agreement warns that Windows Defender will, by default, automatically remove software rated "high" or "severe,"even though that may result in other software ceasing to work or mistakenly result in the removal of software that is not unwanted.

For greater certainty, the terms and conditions remove any doubt about who is in control by providing that "this agreement only gives you some rights to use the software. Microsoft reserves all other rights." For those users frustrated by the software's limitations, Microsoft cautions that "you may not work around any technical limitations in the software."

Professor Michael Geist on Vista's Fine Print.

Mon, 29 Jan 2007 17:10:29 GMT

Professor Michael Geist on Vista's Fine Print. Russell McOrmond writes "With Microsoft's Vista set to hit stores tomorrow, Michael Geist's weekly Law Bytes column (Toronto Star version, homepage version) looks at the legal and technical fine print behind the operating system upgrade. The article notes that in the name of shielding consumers from computer viruses and protecting copyright owners from potential infringement, Vista seemingly wrestles control of the "user experience" from the user. If you are a Canadian and think that the owner of computers should be in control of what they own, rather than some third party (whether virus authors or the manufacturer/maker), then please sign our Petition to protect Information Technology property rights." [Slashdot]

Record Companies Boxed In By Their Own Rhetoric.

Mon, 29 Jan 2007 15:22:44 GMT

Record Companies Boxed In By Their Own Rhetoric.

Reports are popping up all over that the major record companies are cautiously gearing up to sell music in MP3 format, without any DRM (anti-copying) technology. This was the buzz at the recent Midem conference, according to a New York Times story.

The record industry has worked for years to frame the DRM issue, with considerable success. Mainstream thinking about DRM is now so mired in the industry[base ']s framing that the industry itself will have a hard time explaining and justifying its new course.

The Times story is a perfect example. The headline is [base "]Record Labels Contemplate Unrestricted Music[per thou], and the article begins like this:

As even digital music revenue growth falters because of rampant file-sharing by consumers, the major record labels are moving closer to releasing music on the Internet with no copying restrictions [base ']Äî a step they once vowed never to take.

Executives of several technology companies meeting here at Midem, the annual global trade fair for the music industry, said over the weekend that at least one of the four major record companies could move toward the sale of unrestricted digital files in the MP3 format within months.

But of course the industry won[base ']t sell music [base "]with no copying restrictions[per thou] or [base "]unrestricted[per thou]. The mother of all copying restrictions [~] copyright law [~] will still apply and will still restrict what people can do with the music files. I can understand leaving out a qualifier in the headline, where space is short. But in a 500-word article, surely a few words could have been spared for this basic point.

Why did the Times (and many commentators) mistake MP3 for [base "]unrestricted[per thou]? Because the industry has created a conventional wisdom that (1) MP3 = lawless copying, (2) copyright is a dead letter unless backed by DRM, and (3) DRM successfully reduces copying. If you believe these things, then the fact that copyright still applies to MP3s is not even worth mentioning.

The industry will find these views particularly inconvenient when it is ready to sell MP3s. Having long argued that customers can[base ']t be trusted with MP3s, the industry will have to ask the same customers to use MP3s responsibly. Having argued that DRM is necessary to its business [~] to the point of asking Congress for DRM mandates [~] it will now have to ask artists and investors to accept DRM-free sales.

All of this will make the industry[base ']s wrong turn toward DRM look even worse than it already does. Had the industry embraced the Internet early and added MP3 sales to its already DRM-free CDA (Compact Disc Audio format) sales, they would not have reached this sad point. Now, they have to overcome history, their own pride, and years of their own rhetoric.

Share This

[Freedom to Tinker]

DRM, Vista and your rights ( polishlinux.org )

Mon, 29 Jan 2007 01:33:14 GMT

In the US, France and a few other countries it is already forbidden to play legally purchased music or videos using GNU/Linux media players. Sounds like sci-fi? Unfortunately not. And it won't end up on multimedia only. Welcome to the the new era of DRM!

In this article I would like to explain the problem of Digital Rights (or restrictions) Management, especially in the version promoted by Microsoft with the new Windows Vista release. Not everyone is familiar with the dangers of the new "standard" for the whole computer industry. Yes, the whole industry -- because it goes way beyond the software produced by the giant from Redmond and its affiliates.

Fight DRM While There's Still Time.

Mon, 29 Jan 2007 01:29:34 GMT

Fight DRM While There's Still Time. ageor writes "It seems (not only) to me that DRM is about far more than intellectual property. It's also about monopoly and freedom of choice. It's one of those cases where we, the consumers, must decide against accepting the new industry's rules, which care only about control and making money. The whole matter is very well put in DRM, Vista and your rights, where you can follow the subject as deeply as you like through the numerous relevant links." [Slashdot: Your Rights Online]

Why One Angry Customer Broke AACS.

Sat, 27 Jan 2007 19:11:41 GMT

Why One Angry Customer Broke AACS.

Slyck News has posted an interview with muslix64, the coder responsible for the BackUpHDDVD tool that helps movie fans get around the next-gen DVDs' DRM restrictions. Muslix64 makes plain that he's no "pirate" -- he's just an "angry customer" who wanted to play his lawfully-acquired movie on his own PC.

"With the HD-DVD, I wasn't able to play my movie on my non-HDCP HD monitor. Not being able to play a movie that I have paid for, because some executive in Hollywood decided I cannot, made me mad..." (link, mine)

DRM isn't doing anything to stop "Internet piracy," but it is creating more and more frustrated customers like muslix64.

Read the whole interview here.

[EFF: Deep Links]

Blu-ray DRM defeated.

Fri, 26 Jan 2007 18:12:45 GMT

Blu-ray DRM defeated.

Copy-protection cracked again

The copy protection technology used by Blu-ray discs has been cracked by the same hacker who broke the DRM technology of rival HD DVD discs last month. The coder known as muslix64 used much the same plain text attack in both cases. By reading a key held in memory by a player playing a HD DVD disc he was able to decrypt the movie been played and render it as an MPEG 2 file.

[The Register - Music and Media]

Blu-Ray DRM Cracked.

Tue, 23 Jan 2007 00:56:30 GMT

Blu-Ray DRM Cracked. Muslix64, fresh from hammering down the walls of HD-DVD, applies the same technique to partially crack Blu-Ray disks. How long until the inner keep of high-def DRM comes tumbling down? In Gadget Lab. [Wired News: Top Stories]

Record labels rethink digital rights management at Midem - International Herald Tribune

Mon, 22 Jan 2007 22:52:22 GMT

CANNES: Now that even digital music revenue growth is faltering amid rampant file-sharing by consumers, the major record labels are closer than ever to releasing music on the Internet with no copying restrictions -- a step they once vowed never to take.

Executives of several technology companies meeting here at Midem, the annual global trade fair for the music industry, said this weekend that a move toward the sale of unrestricted digital files in the MP3 format from at least one of the four major record companies could come within months.

Music executives, while saying that timetable was self-serving on the part of technology companies that would benefit from the change, nevertheless acknowledged that the debate was front and center.

"Each of the majors is wrestling with the advantages and the disadvantages of going with MP3s without any restrictions at all," said John Kennedy, head of the International Federation of the Phonographic Industry, at a press briefing on Sunday. "But I think this is an experimental year."

Most independent record labels already sell tracks digitally compressed in MP3 format, which can be downloaded, e-mailed or copied to computers, cellphones, portable music players and compact discs without limit. Partially, the independents see providing songs in MP3 as a way of generating publicity that could lead to future sales.

Should one of the big four take that route, however, it would be a capitulation to the power of the Internet, which has destroyed their monopoly over the worldwide distribution of music in the past decade and allowed file-sharing to take its place.

Music Companies Mull Ditching DRM.

Mon, 22 Jan 2007 22:49:33 GMT

Music Companies Mull Ditching DRM. PoliTech writes to mention an International Herald Tribue article that is reporting the unthinkable: Record companies are considering ditching DRM for their mp3 albums. For the first time, flagging sales of online music tracks are beginning to make the big recording companies consider the wisdom of selling music without 'rights management' technologies attached. The article notes that this is a step the recording industry vowed 'never to take'. From the article: "Most independent record labels already sell tracks digitally compressed in MP3 format, which can be downloaded, e-mailed or copied to computers, cellphones, portable music players and compact discs without limit. Partially, the independents see providing songs in MP3 as a way of generating publicity that could lead to future sales. Should one of the big four take that route, however, it would be a capitulation to the power of the Internet, which has destroyed their monopoly over the worldwide distribution of music in the past decade and allowed file-sharing to take its place." [Slashdot: Your Rights Online]

More Signs of Music Download DRM Fading.

Mon, 22 Jan 2007 22:31:35 GMT

More Signs of Music Download DRM Fading.

Apparently, this year's MIDEM conference, the music industry's international trade show, took place in a parallel universe where the major record labels may be willing to ditch music download DRM. And this parallel universe may be coming to an online store near you in 2007.

According to the International Herald Tribune, "Executives of several technology companies meeting ... said ... that a move toward the sale of unrestricted digital files in the MP3 format from at least one of the four major record companies could come within months." That's not all -- while the RIAA's Mitch Bainwol pretended that fully interoperable DRM could exist, the article recounts many examples that demonstrate "a new appreciation in the [music] industry for unrestricted copies, which could be sold as singles or through subscription services or made freely available on advertising-supporting Internet sites."

Finally.

Nevertheless, it unfortunately remains clear that the record labels aren't ready to ditch DRM entirely. After all, they're already back in Congress pushing for a backdoor DRM mandate for satellite and digital radio as well as webcasting. The labels may finally be hearing your disdain for DRM at online music stores -- make your voice heard in Congress by opposing mandatory radio DRM now.

[EFF: Deep Links]

Critics Blast Music DRM Legislation.

Sun, 21 Jan 2007 03:40:15 GMT

Critics Blast Music DRM Legislation. Electronic freedom advocates oppose a US bill that would require Internet broadcasters to use DRM technology. [PC World: Latest Technology News]

Major Labels Block Zune Sharing of Certain Songs.

Sun, 21 Jan 2007 03:30:08 GMT

Major Labels Block Zune Sharing of Certain Songs.

Microsoft is trying to set its Zune media player apart from the iPod by showcasing its remarkably limited sharing feature. Many reviews have harped on how shared songs can only be played three times over three days. But the restrictions are actually even worse -- if you read the fine print, you'll find that "The Zune to Zune sharing feature may not be available for all audio files on your device."

In fact, Engadget reports that certain songs bought at Microsoft's own store cannot take advantage of Zune's sharing. All the songs come wrapped in DRM, and apparently Microsoft doesn't tell customers at the time of purchase whether songs can be shared or not.

The Zunerama blog tested the sharing feature on the top 50 songs sold at the Zune Marketplace and was met with this message: "Can't send some songs because of rights restrictions. 29 of 50 songs sent to Carrie's Zune."

As usual, when you buy DRMed media, you may be getting much less than the online music service has promised.

[EFF: Deep Links]

First HD-DVD film appears on BitTorrent.

Sun, 21 Jan 2007 03:27:50 GMT

First HD-DVD film appears on BitTorrent.

Serenity broken

A high-definition format movie has made its way onto BitTorrent. A pirated copy of the hit science fiction movie Serenity has been ripped from a HD DVD disc and made available to users of the popular P2P file sharing protocol.

[The Register - Music and Media]

NYU Colloquium on Information Technology & Society Spring 2007 Schedule.

Sun, 21 Jan 2007 03:17:14 GMT

NYU Colloquium on Information Technology & Society Spring 2007 Schedule.

The spring 2007 schedule for the Information Law Institute (NYU Law School) Colloquium on Information Technology & Society has been announced. I[base ']m excited about the opportunity to moderate the panel on [base "]A Discussion about Privacy in Web-Search[per thou] featuring Ramsey Homsany, Senior Counsel at Google.

Friday February 16, 12:30-2PM
[base "]Are Creative Commons Licenses Forever?[per thou]
Professor Tony Reese
University of Texas at Austin

Monday March 19, 8-9:30PM
** A public lecture co-sponsored with the ILI Student Association **
[base "]The Empire & the iPhone: [OE]Technology Platforms,[base '] the Commons, and the
Way We Live Now[per thou]
Professor Eben Moglen
Columbia Law and Software Freedom Law Center

Friday March 30, 12:30-2PM
[base "]A Discussion about Privacy in Web-Search[per thou]
Ramsey Homsany, Senior Counsel, Google
Daniel Howe, PhD Candidate, Computer Science, NYU
Helen Nissenbaum, Culture & Communication and ILI, NYU
Moderator: Michael Zimmer, Ph.D. Candidate, NYU

Friday April 13, 12:30-2PM
Title TBA
Professor Deirdre Mulligan,
UC Berkeley and Samuelson Law, Technology & Public Policy Clinic

Check the website for more details as the dates approach. If you want to subscribe to the mailing list, contact me.

[michaelzimmer.org]

WIPO Meeting on the Broadcast Treaty: Day 2.

Sun, 21 Jan 2007 03:14:05 GMT

WIPO Meeting on the Broadcast Treaty: Day 2.

One of the major issues that arose in yesterday[base ']s was how to come to an agreement on a treaty. The existing draft from last year runs over a hundred pages long, with each significant provision having several alternative versions suggested by different delegates and embodying different values. Since the WIPO General Assembly has instructed the Committee to come up with a document that can actually serve as the basis for a treaty, trimming this behemoth draft down to size is a priority.

The Chair yesterday attempted to accomplish this by condensing and abstracting some of the provisions of the treaty into several [base "]non-papers,[per thou] which he introduced in the hopes that the member nations could decide upon the general outlines of the treaty, instead of plowing into discussing the details of 15/2 directly. Many delegations had some problems with this approach, since they had been preparing positions and statements based on the draft treaty, and would have to conduct detailed analyses anew on the new non-papers.

[Public Knowledge - Policy Blog]

DRM threat to net radio returns.

Thu, 18 Jan 2007 20:08:04 GMT

DRM threat to net radio returns.

You cannot be Sirius...

A bill re-introduced last week to the US Senate compels digital radio broadcasters to use DRM.

[The Register - Music and Media]

AACS: Modeling the Battle.

Thu, 18 Jan 2007 20:06:18 GMT

AACS: Modeling the Battle.

By this point in our series on AACS (the encryption scheme used in HD-DVD and Blu-ray) it should be clear that AACS creates a nontrivial strategic game between the AACS central authority (representing the movie studios) and the attackers who want to defeat AACS. Today I want to sketch a model of this game and talk about who is likely to win. (Previous posts in the series: 1, 2, 3, 4, 5, 6.)

First, let[base ']s talk about what each party is trying to achieve. The central authority wants to maximize movie studio revenue. More precisely, they[base ']re concerned with the portion of revenue that is due to AACS protection. We[base ']ll call this the Marginal Value of Protection (MVP): the revenue they would get if AACS were impossible to defeat, minus the revenue they would get if AACS had no effect at all. The authority[base ']s goal is to maximize the fraction of MVP that the studios can capture.

In practice, MVP might be negative. AACS makes a disc less useful to honest consumers, thereby reducing consumer demand for discs, which hurts studio revenue. (For example: Alex and I can[base ']t play our own HD-DVD discs on our computers, because the AACS rules don[base ']t like our computers[base '] video cards. The only way for us to watch these discs on our equipment would be to defeat AACS. (Being researchers, we want to analyze the discs rather than watch them, but normal people would insist on watching.)) If this revenue reduction outweighs any revenue increase due to frustrating infringement, MVP will be negative. But of course if MVP is negative then a rational studio will release its discs without AACS encryption; so we will assume for analytic purposes that MVP is positive.

We[base ']ll assume there is a single attacker, or equivalently that multiple attackers coordinate their actions. The attacker[base ']s motive is tricky to model but we[base ']ll assume for now that the attacker is directly opposed to the authority, so the attacker wants to minimize the fraction of MVP that the studios can capture.

We[base ']ll assume the studios release discs at a constant rate, and that the MVP from a disc is highest when the disc is first released and then declines exponentially, with time constant L. (That is, MVP for a disc is proportional to exp(-(t-t0)/L), where t0 is the disc[base ']s release date.) Most of the MVP from a disc will be generated in the first L days after its release.

We[base ']ll assume that the attacker can compromise a new player device every C days on average. We[base ']ll model this as a Poisson process, so that the likelihood of compromising a new device is the same every day, or equivalently the time between compromises is exponentially distributed with mean C.

Whenever the attacker has a compromised device, he has the option of using that device to nullify the MVP from any set of existing discs. (He does this by ripping and redistributing the discs[base '] content or the keys needed to decrypt that content.) But once the attacker uses a compromised device this way, the authority gets the ability to blacklist that compromised device so that the attacker cannot use it to nullify MVP from any future discs.

Okay, we[base ']ve written down the rules of the game. The next step [~] I[base ']ll spare you the gory details [~] is to translate the rules into equations and solve the equations to find the optimal strategy for each side and the outcome of the game, that is, the fraction of MVP the studios will get, assuming both sides play optimally. The result will depend on two parameters: L, the commercial lifetime of a disc, and C, the time between player compromises.

It turns out that the attacker[base ']s best strategy is to withhold any newly discovered compromise until a [base "]release window[per thou] of size R has passed since the last time the authority blacklisted a player. (R depends in a complicated way on L and C.) Once the release window has passed, the attacker will use the compromise aggressively and the authority will then blacklist the compromised player, which essentially starts the game over. The studio collects revenue during the release window, and sometimes beyond the release window when the attacker gets unlucky and takes a long time to find another compromise.

The fraction of MVP collected by the studio turns out to be approximately C/(C+L). When C is much smaller than L, the studio loses most of the MVP, because the attacker compromises players frequently so the attacker will nullify a disc[base ']s MVP early in the disc[base ']s commercial lifetime. But when C is much bigger than L, a disc will be able to collect most of its MVP before the attacker can find a compromise.

To predict the game[base ']s outcome, then, we need to know the ratio of C (the time needed to compromise a player) to L (the commercial lifetime of a disc). Unfortunately we don[base ']t have good data to estimate C and L. My guess, though, is that C will be considerably less than L in the long run. I[base ']d expect C to be measured in weeks and L in months. If that[base ']s right, it[base ']s bad news for AACS.

Share This

[Freedom to Tinker]

AACS: Title Keys Start Leaking.

Wed, 17 Jan 2007 03:15:48 GMT

AACS: Title Keys Start Leaking.

(This is the fifth post in our series on AACS, the encryption scheme used for HD-DVD and Blu-Ray discs. Previous posts: 1, 2, 3, 4.)

Last week we predicted that people would start extracting the title key (the cryptographic key needed to decrypt the contents of a particular next-gen DVD disc) from HD-DVD discs. Indeed, it turns out that WinDVD, a popular software player that runs on PCs, leaves the title key laying around in memory when it finishes playing a disc. This may seem like an elementary mistake, but it is more common and harder to avoid than you might think. Fairly easy methods for capturing these keys are already well known.

There are even websites, such as aacskeys.com and hdkeys.com, that claim to contain title keys for about fifty HD-DVD discs. (That[base ']s about one-third of the discs available on Amazon.) At least some of these title keys are correct. Within days, expect to see a software program that downloads keys from such a site and uses the keys to play or copy discs.

So far the attackers have published most of what they know. We know which title keys they (claim to) have found, and we know they extracted those keys from WinDVD and possibly PowerDVD. As Alex explained on Thursday and Friday, a clever attacker will withhold some information strategically so as not to provoke a response from the AACS central authority.

The authority might respond by blacklisting the device keys assigned to WinDVD. To avoid angering honest WinDVD users, they might first push out a software update to WinDVD containing new keys along with new programming to better protect the keys.

But as Alex suggested last week the authority might not want to blacklist WinDVD, even if it can. As long as the attackers limit what they publish, the authority might be better off accepting the damage they see now rather than provoking more damage by cutting off the usefulness of WinDVD to the attackers. The result is a kind of uneasy equilibrium between the attackers and the central authority.

Even if the attackers want to cause maximum financial harm to Hollywood (which probably isn[base ']t their goal), their most effective strategy is to limit how many title keys they publish. One way to do this is to give Hollywood a [base "]release window[per thou] [~] a kind of grace period after each disc is released, in which the title key doesn[base ']t get published. A site could let people upload the headers of a disc; the site would then wait N days before decrypting and releasing the title key.

Interestingly, this release window strategy resembles the studios[base '] current approach to extracting revenue from films, in which a film is available first in the highest-revenue format [~] in theaters [~] then later in a succession of lower-revenue formats [~] DVD and television. The idea is to extract more revenue from the most enthusiastic fans in early stages and pick up whatever revenue is available from everyone else later.

What[base ']s the optimal length of the release window (for the attackers); and what is the financial effect on the studios? We can answer these questions with a simple economic model; but that[base ']s a topic for another day.

Share This

[Freedom to Tinker]

Fighting Porn Vs. Ruining Innocent Lives.

Tue, 16 Jan 2007 20:11:17 GMT

Fighting Porn Vs. Ruining Innocent Lives. After news of the conviction of a substitute teacher for endangering minors -- because porn popups, possibly initiated by adware, had appeared on her computer during class -- comes the even sadder story of 16-year-old Matt Bandy. His family's life was turned upside-down when he was charged in Arizona with possession of child pornography, even though the family computer was riddled with spyware and Trojans. After the intervention of ABC's 20/20, Matt finally was allowed to plead to a lesser charge (namely, sharing a Playboy magazine with friends) and just barely escaped being labeled a sex offender for the rest of his life. [Slashdot: Your Rights Online]

Privately, Hollywood admits DRM isn't about piracy

Tue, 16 Jan 2007 20:06:45 GMT

For almost ten years now I have argued that digital rights management has little to do with piracy, but that is instead a carefully plotted ruse to undercut fair use and then create new revenue streams where there were previously none. I will briefly repeat my argument here before relating a prime example of it in the wild.

DRM ó It's Not Really About Piracy.

Tue, 16 Jan 2007 20:02:00 GMT

DRM [~] It's Not Really About Piracy. shadowmage13 writes "Hollywood privately admits that DRM is not really about piracy. From the article: 'In a nutshell: DRM's sole purpose is to maximize revenues by minimizing your rights so that they can sell them back to you... Like all lies, there comes a point when the gig is up; the ruse is busted. For the movie studios, it's the moment they have to admit that it's not the piracy that worries them, but business models which don't squeeze every last cent out of customers.' You can take action on Digital Restrictions Management at DefectiveByDesign of the Free Software Foundation, Digital Freedom, and the Electronic Frontier Foundation." [Slashdot: Your Rights Online]

PERFORM Act = DRM Mandate.

Mon, 15 Jan 2007 04:28:45 GMT

PERFORM Act = DRM Mandate.

Hey, RIAA, satellite radio and webcasters already pay you licensing fees. Leave their engineers alone.

Much of the coverage of the PERFORM Act, S. 256, recently reintroduced by Senator Feinstein (D - Calif.), seems to treat the issue as a tussle between XM and the RIAA over royalties. More important, however, is the DRM mandate tucked in there.

Webcasters and satellite radio both rely on compulsory licenses that permit them to broadcast whatever music they like, so long as they pay a license fee and follow a variety of rules (like playing no more than 3 songs from any one album in any 3-hour time period, if you're a webcaster).

While the compulsory license imposes certain restrictions, it does not tell you what technology to use. Instead, it leaves webcasters free to use non-DRMd formats (like streaming MP3). In fact, all the streaming radio stations in iTunes use MP3 streams. And it's the use of non-DRMd formats that has permitted innovative technology like Streamripper and RadioLover to evolve to meet the home recording demands of music fans.

The PERFORM Act would change all that by requiring that anyone who wants the compulsory license must use a DRMd format. (For a full analysis of the statutory language, take a look at the analysis we posted last year.)

This is not only bad news for the world's MP3 webcasters (like Shoutcast, Live365, and public radio stations like KCRW and KEXP, as well as any 'caster who wants to be included in iTunes), but it's also a bad precedent for our copyright laws. Over the course of a century, our copyright laws have responded to changing technology not with government technology mandates, but rather by letting new business models evolve or, when absolutely necessary, by plugging revenue shortfalls with compulsory licenses.

And government technology mandates are particularly bad for copyright because they tend to stick around in the statute books long after they become obsolete, complicating the lives of future generations of innovators (hey, anyone remember SCMS? it's still in the Copyright Act!).

This is not about "piracy". The music flowing so freely today in darknet channels is not sourced from recordings off satellite radio and webcasts. This is just another example of the entertainment industries using DRM to put a chokehold on tomorrow's disruptive innovations.

Help us hold the line against government DRM mandates. Ask your members of Congress to oppose the PERFORM Act.

[EFF: Deep Links]

AACS: Game Theory of Blacklisting.

Sat, 13 Jan 2007 03:13:31 GMT

AACS: Game Theory of Blacklisting.

This is the fourth post in our series on AACS, the encryption scheme used for HD-DVD and Blu-Ray discs. (Part 1, part 2, part 3)

We've already discussed how it's possible to reverse engineer an AACS-compatible player to extract its secret set of device keys. With these device keys you can extract the title key from any disc the player can play, and the title key allows anyone else with the same disc to decrypt the movie. Yesterday we explained how the AACS central authority has the ability to blacklist compromised device keys so that they can't be used to decrypt any discs produced in the future. This defense is limited in two obvious ways: the central authority needs to know which keys have been compromised in order to put them on the blacklist, and this only protects future discs, not ones that have already been produced.

It turns out there's a third way in which blacklisting is limited. Counterintuitively, it is sometimes in the central authority's best interest not to blacklist a compromised device key even when they have the ability to do so.

We can model one such scenario as a simple game between the central authority and an attacker. Suppose there is only one attacker who has compromised a single player and extracted its device keys. Initially, he keeps the device keys secret (for fear they will be blacklisted), but he and his friends acquire some number of discs every week and post the title keys on the web. Let's also suppose that the central authority has enough resources to infiltrate this cabal and learn which player has been cracked, so that they can blacklist the device keys if they wish.

The authority faces a very interesting dilemma: if it does blacklist the keys, the attacker will have no reason to keep them secret any longer. He will publish them, irrevocably breaking the encryption on all previously released discs. If the authority doesn't blacklist the keys, the attacker will continue to trickle out title keys for certain movies, but the rest will remain secure.

In other words, the authority needs to weigh the value of continuing to protect all the old discs for which title keys have not been published against the value of protecting the new releases that will be cracked if it doesn't blacklist the keys. The result is that the central authority will need to exercise more restraint than we would naively expect when it comes to blacklisting. Once attackers realize this, they will adjust how quickly they release title keys until they are just below the threshold where the authority would resort to blacklisting.

Things get even more interesting if we consider a more realistic scenario where different players are gradually cracked over time. We'll write more about that next week.

Share This

[Freedom to Tinker]

Paul Hardwick: DRM

Administrivia: Possible unscheduled upgrade of Privacy Digest

EFF: Paper: Who Controls Your Television?

Who Controls Your Television?

ORG to enlighten music industry on DRM's limitations.

Readying a white paper

American Studios' Secret Plan to Lock Down European TV Devices.

Cuban gets stuck into YouTube, demands it squeals.

'Talk, morons'

WGA Reports Back To MS Even If You Choose Not To Install - Aviran's Place

Microsoft WGA Phones Home Even When Told No.

Techdirt: An Economic Explanation For Why DRM Cannot Open Up New Business Model Opportunities

Why DRM Cannot Open Up New Business Models.

RIAA's 'Expert' Witness Testimony Now Online.

BitTorrent Video Download Store Falls Flat.

Audio Watermark Web Spider Starts Crawling.

You Can Plead Guilty Here.

MPAA Fires Back at AACS Decryption Utility.

Berners-Lee Speaks Out Against DRM, Advocates Net Neutrality.

RIAA Opposes 'Fair Use' Bill.

Action Alert - Support the FAIR USE Act!

Administrivia: Now we have a overheated CPU ( 60 degrees centigrade )

Administrivia: Our data-center was hit by a DDOS attack today.

EMI to Apple, Microsoft: Ditching DRM is going to cost you

EMI ó Ditching DRM is Going To Cost You.

EMI: DRM stays.

Talks break up

DRM Causes Piracy.

RIAA to Parents: Pop-Ups + Viruses = Piracy!

EFF - miniLinks for 2007-02-21.

Studios, FBI Teach Swedish Cops to Hunt File Sharers.

Music moguls seek security blanket - Los Angeles Times

LA Times: Start Blanket Licensing, Stop Blanket Lawsuits.

AACS: Slow Start on Traitor Tracing.

Macrovision's DRM valentine: Consumers not only need it, they will love it

How to Explain DRM to Your Dad.

Upgrade to Vista, Get More DRM.

Hacker cracks HD copy protection.

Years to develop; days to break

New Hack Simplifies HD Video Copying.

Music Exec Rebuts Apple's Critique of DRM.

Schneier: Why Microsoft Sold Out Consumers in Vista.

The Business of Threatening New Technologies.

EFF - Steve Jobs: DRM Is Bad for Consumers, Innovators, *And* Artists.

RIAA urges Apple to spread DRM far and wide.

Steve, you're so smart

Hollywood on the Hill: Time to Bury the Broadcast Flag?

Apple Offers to Sell DRM-Free Music.

BBC NEWS | Technology | How the net turns code into politics

Vista a Threat to Internet Freedom?

Solving DRM in the BitTorrent Age.

Groklaw - A Brave New Modular World - Another MS Patent Application

Microsoft Applies To Patent DRM'ed OS Modules.

EFF - miniLinks for 2007-01-30.

Sony Settles FTC Suit Over Music CD Spyware.

Sony Settles With FTC Over Rootkit Debacle.

Vista DRM Cracked by Security Researcher.

Michael Geist - Vista's Fine Print Raises Red Flags

Professor Michael Geist on Vista's Fine Print.

Record Companies Boxed In By Their Own Rhetoric.

DRM, Vista and your rights ( polishlinux.org )

Fight DRM While There's Still Time.

Why One Angry Customer Broke AACS.

Blu-ray DRM defeated.

Copy-protection cracked again

Blu-Ray DRM Cracked.

Record labels rethink digital rights management at Midem - International Herald Tribune

Music Companies Mull Ditching DRM.

More Signs of Music Download DRM Fading.

Critics Blast Music DRM Legislation.

Major Labels Block Zune Sharing of Certain Songs.

First HD-DVD film appears on BitTorrent.

Serenity broken

NYU Colloquium on Information Technology & Society Spring 2007 Schedule.

WIPO Meeting on the Broadcast Treaty: Day 2.

DRM threat to net radio returns.

You cannot be Sirius...

AACS: Modeling the Battle.

AACS: Title Keys Start Leaking.

Fighting Porn Vs. Ruining Innocent Lives.

EFF - Steve Jobs: DRM Is Bad for Consumers, Innovators, And Artists.