May 29, 2017

Archives for April 2007

Is SafeMedia a Parody?

[UPDATE (Dec. 2011): I wrote the post below a few years ago. SafeMedia’s website and product offerings have changed since then. Please don’t interpret this post as a commentary on SafeMedia’s current products.]

Peter Eckersley at EFF wrote recently about a new network-filtering company called SafeMedia that claims it can block all copyrighted material in a network. We’ve seen companies like this before and they tend to have the warning signs of security snake oil.

But SafeMedia was new so I decided to look at their website. My reaction was: what a brilliant parody!

The biggest clue is that the company’s detection product is called Clouseau – named for a detective who is not only spectacularly incompetent but also fictional.

The next clue is the outlandish technical claims. Here’s an example:

Pirates are smart and innovative, and so is Clouseau. Our technology is dynamic, sees through all multi-layered encryptions, adaptively analyzes network patterns and constantly updates itself. Packet examinations are noninvasive and infallible. There are no false positives.

Sees through all encryption? Even our best intelligence agencies don’t make that claim. Perhaps that’s because the intelligence agencies know about provably unbreakable encryption.

Wait a minute, you may be saying. Perhaps SafeMedia was just making the usual exaggeration, implying that they can stop all bad traffic when what they really mean is that they can stop the most common, obvious kinds of bad traffic. Good guess – that’s the usual fallback position for companies like this – but SafeMedia doesn’t shrink from the most outlandish claims of infallibility:

What if illegal P2P no longer worked? What if, no matter how intelligent, devious, or well-funded an Internet pirate was, they absolutely could not transmit copyrighted material via P2P? SafeMedia’s goal was to create the technology that would achieve exactly this. And we succeeded.

Employing our new technology, Clouseau and Windows + Transport Control, makes illegal P2P transmission of copyrighted material impossible. IMPOSSIBLE. Not difficult and not improbable. IMPOSSIBLE!

The next clue that SafeMedia is a parody is the site’s blatant rent-seeking. There’s even a special page for lawmakers that starts with over-the-top rhetoric about P2P (“America is at war here at home within our own borders. And we are taking casualties. Women, men, and children.”) and ends by asking the U.S. government to act as SafeMedia’s marketing department:

We need the Congress to pass legislation appropriating funds for installing the technology on every Federally-supported computer network in the country, most importantly in educational institutions (schools, colleges, universities, libraries)…. We need the Department of Commerce to promote using the technology in all American businesses big and small, and to push for its international adoption. We need the Department of Education to insure that every educational institution in the USA, private and public, primary and secondary, college and university, is obeying the law.

You now have the right weapons. Let’s end the war!

Add up all this, plus the overdesigned home page that makes maddening fingers-on-a-blackboard noises when you mouse over its main menu area, and the verdict is clear: this is a parody.

Yet SafeMedia appears to be real. The CEO appears to be a real guy who has done a few e-commerce startups. The site has more detailed help-wanted ads than any parodist would bother with. According to the Internet Archive, the site has been around for a while. And most convincingly of all, an expensive DC law firm has registered as a lobbyist for SafeMedia.

So SafeMedia really exists and company management thought it a good idea to set up a parody-simulating website and name their product Clouseau. What an entertaining world we live in.

(Thanks to Peter Eckersley for sharing the results of his un-Clouseau-ish investigation of SafeMedia’s existence.)

Cablevision and Anti-Efficiency Policy

I wrote recently about the Cablevision decision, in which a judge appeared to draw a line between two kinds of Digital Video Recorder (DVR) technologies. (DVRs let home viewers record TV shows and play them later.) The judge found unlawful a Remote Storage DVR (RS-DVR) in which recorded shows are captured and stored in the cable TV company’s data center, but he apparently would have allowed a Set-Top Storage DVR (STS-DVR) in which shows are recorded on a device kept in the customer’s home.

Why should the law prefer that recorded shows be stored in the customer’s home? The judge’s reasoning was that the cable company is more involved in an activity if that activity happens in its data center. This appears to follow from the judge’s reasoning even if the alternative in-home STS-DVR is owned and controlled by the cable TV company. But I’m not asking what the law says; I’m asking instead what it should say. Why should the law prefer STS-DVRs over RS-DVRs?

If the goal of the law is to protect copyrighted material – and remember that this was a copyright case – then you might expect it to favor solutions that are more controllable or more resistant to content ripping. But the court got the opposite result: Cablevision was liable because it had more control. The result will be more customer control, which is a benefit for many law-abiding customers.

The court’s ruling also has implications for technical efficiency. Central storage is arguably more efficient than set-top storage in the customer’s home, because of economies of scale in managing a central facility. The court’s decision pushes companies toward set-top storage, even though it is probably less efficient and offers virtually the same functionality as central storage.

It might seem at first glance that public policy should never try to increase the cost of a lawful activity, but in fact there are exceptions. It can sometimes make sense for policy to raise the cost of an activity, if that activity has benefits but can harm nonparticipants. Raising costs rather than banning the activity outright can prevent marginal uses while allowing those uses that provide greater benefit. Of course, if you want to argue that raising the cost of DVRs is good policy, you’ll have to make several assumptions about the costs and benefits of DVRs – assumptions that are very likely untrue.

Even before the suit was brought, Cablevision was already reducing the efficiency of its system in the hope of improving its legal position. For example, their storage facility had a separate storage area for each customer, even though it would have been much more efficient to use a single shared pool of storage. If 5000 customers asked to record last week’s episode of Lost, Cablevision would store 5000 identical copies of that episode, one in each customer’s areas. It would have been easy, and much more efficient, to store a single copy. The only sensible reason to keep redundant copies is that a system with individual storage areas might look to a judge more like a set-top DVR system, thereby bolstering the argument that the system is just like a (presumably lawful) STS-DVR. In other words, even before the recent ruling, legal factors were pushing Cablevision toward a less efficient implementation.

For the companies who filed the suit, the goal was not to serve the public but to maximize their own economic advantage. What they cared about, most likely, was simply establishing that one had better come to them for approval before doing anything new. By that standard, they must see the suit as a big success.

Software HD-DVD/Blu-ray Players Updated

The central authority that runs AACS (the anticopying/DRM system used on commercial HD-DVD and Blu-ray discs) announced [April 6, 2007 item] last week the reissue of some software players that can play the discs, “[i]n response to attacks against certain PC-based applications”. The affected applications include WinDVD and probably others.

Recall that analysts had previously extracted from software players a set of decryption keys sufficient to decrypt any disc sold thus far. The authority could have responded to these attacks by blacklisting the affected applications or their decryption keys, which would have limited the effect of the past attacks but would have rendered the affected applications unable to play discs, even for law-abiding customers – that’s too much collateral damage.

To reduce the harm to law-abiding customers, the authority apparently required the affected programs to issue free online updates, where the updates contain new software along with new decryptions keys. This way, customers who download the update will be able to keep playing discs, even though the the software’s old keys won’t work any more.

The attackers’ response is obvious: they’ll try to analyze the new software and extract the new keys. If the software updates changed only the decryption keys, the attackers could just repeat their previous analysis exactly, to get the new keys. To prevent this, the updates will have to restructure the software significantly, in the hope that the attackers will have to start their analysis from scratch.

The need to restructure the software explains why several months expired between the attacks and this response. New keys can be issued quickly, but restructuring software takes time. The studios reportedly postponed some planned disc releases to wait for the software reissue.

It seems inevitable that the attackers will succeed, within a month or so, in extracting keys from the new software. Even if the guts of the new software are totally unlike the old, this time the attackers will be better organized and will know more about how AACS works and how implementations tend to store and manage keys. In short, the attackers’ advantage will be greater than it was last time.

When the attackers manage to extract the new keys, a new round of the game will start. The player software will have to be restructured again so that a new version with new keys can replace the old. Then it will be the attackers’ turn, and the game will continue.

It’s a game that inherently favors the attackers. In my experience, software analysts always beat the obfuscators, if the analysts are willing to work hard, as they are here. Every round of the game, the software authors will have to come up with new and unexpected tricks for restructuring their software – tricks that will have to resist the attackers’ ever-growing suite of analysis tools. And each time the attackers succeed, they’ll be able to decrypt all existing discs.

We can model the economic effect of this game. The key parameter is the attackers’ reaction time, that is, how long it takes the attackers to extract keys from each newly issued version of the player software. If this time is short – say, a few weeks – then the AACS authority won’t benefit much from playing this game, and the authority would be nearly as well off if it simply gave up and let the extracted keys remain valid and the exploited software stay in the field.

My guess is that the attackers will extract keys from the new software within about three weeks of its availability.