October 23, 2017

Archives for May 2007

What's the Biggest Impact of IT on Copyright?

On Saturday I gave a talk (“Rip, Mix, Burn, Sue: Technology, Politics, and the Fight to Control Digital Media”) for a Princeton alumni group in Seattle. The theme of the talk is that the rise of information technology is causing a “great earthquake” in media businesses.

Many people believe that the biggest impact of IT is that it allows easy copying and redistribution of all types of content. To some people, this is the only impact of IT.

But I argue in the talk that the copying issue is only one part of IT’s impact, and not necessarily the biggest part. The main impact of IT, I argue, is that computers are universal devices that can perform any operation on digital data (except those operations that are inherently undoable and therefore can’t be done by any device).

I stress universality over copying in the talk for two reasons. First, it’s a point that most people miss, especially non-techies. Second, it lets me hint at the most important tradeoff in copyright/tech policy, which is how copyright sometimes stands in the way of developing powerful technologies for creating and communicating. Most people are quick to see the advantages of strong copyright in the digital world, but slow to see the price we’re paying for it.

This debate – whether IT is primarily a copying machine, or a creative tool – seems to run deeply throughout the online copyright debate. Those who see copying as the main impact of IT don’t much mind restricting digital technologies to further their copyright aims. But those who see creativity as the main impact of IT aim to protect the vitality of the IT ecosystem.

I come down on the creative side. I think the biggest long-run effect of IT will be in changing how we communicate and express ourselves. This is not to say that copying doesn’t matter – it clearly does – but only that we need to take the creative effects of IT at least as seriously as we take copying.

As I say in the talk, if IT’s impact is like an earthquake, file sharing is not the Big One, it’s only the first tremor.

(Thanks to Ed Lazowska, whose email exchange with me after the talk triggered this post.)

AACS Updated, Broken Again

[Other posts in this series]

We predicted in past posts that AACS, the encryption system intended to protect HD-DVD and Blu-ray movies, would suffer a gradual meltdown from its inability to respond quickly enough to attacks. Like most DRM, AACS depends on the secrecy of encryption keys built into hardware and software players. An attacker who discovers a player’s keys can defeat the protection on any disc that works with that player. AACS was designed with a defense against such attacks: after a player has been compromised, producers can alter new discs so that they no longer work with the compromised player’s keys. Whether this defense (which we call “key blacklisting”) will do much to stop copying depends how much time elapses before each leaked key is blacklisted.

Next week marks three months after the first compromised player key appeared on the Internet (and more than five months after cracks for individual discs began to appear). Discs slated for release on Tuesday will be the first to contain an update to AACS that blacklists the leaked keys.

What took so long? One limitation comes from the licensing agreement signed with player manufacturers, which requires that they receive ninety days’ notice before their keys are blacklisted, so that they have enough time to update their products.

Customers who obtained the new discs a few days early confirmed that the previously leaked keys no longer worked. It seemed as if AACS had recovered from the attacks just as its designers intended.

However, a new twist came yesterday, when SlySoft, an Antigua-based company that sells software to defeat various forms of copy protection, updated its AnyDVD product to allow it to copy the new AACS discs. Apparently, SlySoft had extracted a key from a different player and had kept the attack a secret. They waited until all the other compromised keys were blacklisted before switching to the new one.

The AACS Licensing Authority will be able to figure out which player SlySoft cracked by examining the program, and they will eventually blacklist this new key as well. However, all discs on store shelves will remain copyable for months, since disc producers must wait another ninety days before making the change.

To be successful in the long run, AACS needs to outpace such attacks. Its backers might be able to accelerate the blacklisting cycle somewhat by revising their agreements with player manufacturers, but the logistics of mastering discs and shipping them to market mean the shortest practical turnaround time will be at least several weeks. Attackers don’t even have to wait this long before they start to crack another player. Like Slysoft, they can extract keys from several players and keep some of them secret until all publicly known keys are blacklisted. Then they can release the other keys one at a time to buy additional time.

All of this is yet more bad news for AACS.

If It's Not Snake Oil, It's Pretty Awesome (Part 2)

Four years ago I wrote about a company called Music Public Broadcasting:

In today’s Los Angeles Times, Jon Healey writes about a new DRM proposal from a company called Music Public Broadcasting. The company’s claims, which are not substantiated in the story, give off a distinct aroma of snake oil.

I went on to document the snake oil indicators: (1) the flamboyant, self-promoting entrepreneur, newly arrived from another field; (2) the vaguely articulated theoretical breakthrough, described in mystical terms unintelligible to experts in the field; (3) the evidence that the product hadn’t been demonstrated or explained to its customers; (4) the claims to invalidate an accepted, fundamental principle in the field — but without really explaining how it is done. As one potential customer said, “If it’s not snake oil, it’s pretty awesome.”

Now the same company, having adopted a new name, is floating an equally improbable legal theory: that Microsoft, Apple, Adobe, Real, and anybody else making music download tools is legally required to license the company’s technology. Their theory is that these target companies are “avoiding” the use of their anti-copying technology – avoiding it in the sense of not buying it – and the Digital Millennium Copyright Act prohibits avoidance of copy protection. In other words, the target companies have a legal obligation to buy the company’s technology and, on the same theory, any other technology that claims to stop infringement. Snake oil purchases are now mandatory.

If you believe this company’s legal claim is any more solid than its technical claim, I have a bridge to sell you – and let me assure you that you’re legally compelled to buy it.