November 25, 2020

Fancy DRM For Academy Screeners?

Movie studios are considering an elaborate DRM scheme to limit copying of promotional “screener” videos distributed to Academy Award voters, according to an AP story by Gary Gentile.

The article’s description of the scheme is a bit confusing, but I think I can reconstruct how it works. The studios would distribute a special new DVD player to each person receiving videos. Each copy of a video would be encrypted so that only a particular person’s DVD player could decrypt it. The videos would also contain some kind of watermark to identify each individual copy.

The technology vendor, Cinea, makes a carefully calibrated technical claim:

Cinea executives said that with enough time and money, a hacker could eventually circumvent the encryption technology hardwired in a single DVD player, but the watermarking will help authorities track down that player.

The discs, by themselves, cannot be hacked, [a Cinea executive] said.

Assuming that this claim is correct, the discs must not be using the lame CSS encryption scheme used by normal DVDs. (CSS is so weak that encryption keys can be recovered easily from a single encrypted disc.) If the designers are smart, they’re using a standard encryption method, in which case it’s probably true that a single disc is not enough to recover the encrypted plaintext. Of course, it’s easy to access the video given a disc and a player – that’s the whole point of having a player.

It’s not clear how sophisticated the watermark would be. Last year, a simple, weak watermark was sufficient to catch a guy who distributed copies of Academy screener videos on the net.

All of this expensive technology might be enough to keep screener videos from leaking onto the net. But this kind of technology won’t work for consumer DVDs. Tethering each disc to a single player would cause major headaches for consumers – imagine having to buy all new discs whenever you bought a new player.

Worse yet, anybody could capture and redistribute the analog output of one of these players. Even if the watermark scheme isn’t broken (and it probably would be, if it mattered), the best the watermark can do is to trace the redistributed copy back to a particular player device. If that device was stolen, or transported to an outlaw region, there is no plausible way to catch the actual perpetrator. This might not be a problem for a modest number of devices, used for a short period by known people, as in the case of screeners; but it would be a fatal flaw on devices that are distributed widely to ordinary people.

UPDATE (July 7): Ernest Miller has some interesting comments on this issue.

Comments

  1. It’s a Form of Social Media: Blogging AND Journalism

    Blogging vs. Journalism has been done on the web and in on a million panels over the past few years, and it’s pretty much been put to rest over the past two years, that it’s not an either/or situation, but…

  2. “All of this expensive technology might be enough to keep screener videos from leaking onto the net. But this kind of technology won’t work for consumer DVDs.”

    That’s the point, though, isn’t it? As far as I can tell, this DRM is for a very specific case and, for a change, might actually work as advertised. Yes, if they try to expand it, it will fail. But, I don’t think their intention is to expand it.

  3. Why I Support New DRM Standard for Oscar Screeners

    Over the holiday weekend, the AP reported that the Academy of Motion Picture Arts and Sciences (the people who bring you the Oscars) were considering a new anti-piracy technology that would include giving Academy voters special hardware to play DVDs…

  4. But this kind of technology won’t work for consumer DVDs. Tethering each disc to a single player would cause major headaches for consumers — imagine having to buy all new discs whenever you bought a new player.

    Somehow, I’m guessing that the folks in Hollywood don’t have the same reaction to that image that you have. They might call it fantasy.

  5. Sean Ellis says:

    If that device was stolen, or transported to an outlaw region

    May I suggest that the phrase “outlaw region” is replaced with something more accurate, such as “region outside the control of the MPAA”.

    I realise that the MPAA/RIAA tend to view everyone outside Hollywood (including their customers) as outlaw criminals intent on spoiling their business model – inconvenient facts such as this month’s record profits notwithstanding – but we should not let that color our own speech.

  6. Many years ago, there was a technology called DivX which did exactly this: tie one disc to one player. If the player broke, guess what, you were the lucky ducky who got to repurchase all the movies in your house. The player had to be connected to a telephone jack to download the digital restriction mismanagement codes to unlock the disc for that player. The mismanagement codes could allow for a few more days, or permanent unlocking of the disc.

    It was marketed as saving folks from having to return dvd rentals. Play the disc the first time, and you could watch it for 3 days before it would not ever play again in that player, unless you downloaded the unlock codes. So, rather than returning the disc, you just tossed it in the trash. Anyone with a vcr in the living room, and another vcr in their bedroom can immediately see the drawbacks of tieing a disc/tape to one playback unit.

    This DivX playback technology lasted less than one year before it was properly trounced out of the marketplace. I believe that only Circuit City (maybe it was Best Buys) tried selling them.

    As a widespread consumer technology, DivX players were useless. As a screener controlling technology, it makes a lot of sense.

  7. Given the technical nature of Prof Felten’s blog, it is probably worth clearing up a few mistake’s in Peter memory of DivX.

    DivX may of had some of the faults Peter mentioned when it first came out, but they actually improved in a number of ways just before their death. Towards the end, you could get the movie access assigned to groups of players, and even [in theory] move authorization from a broken player to a new player. The reason it could make those changes was because it was centrally controlled (I’ll leave aside arguments about whether it is a good thing to give Companies control over that, except to say I personally have not upgraded3 of my computers to Windows XP because I won’t spend that amount of money on something with a product activation feature).

    Even with the improvements, DivX had enough downsides that it failed in the market. That failure provides one of the biggest examples of why centralized DRM, despite some seeming advantages, is costly to society in the long run. Anybody who bought a “lifetime” access to a DivX disc found out it meant the lifetime of the “DivX corporation”, not the disc itself or the player. I’m sure there must be some players left that have cached access codes for the disks, but all of Peter’s disadvantages have returned in full. For the rest of the people, DRM has made their purchases worthless.

    The other reason centralized DRM is costly, is the fact terms can change for the worse (usually only with expensive lawsuits as a countermeasure). If Apple wants to change iTunes to only work on one computer, they have the technology to make that change right away. Given the nature of corporations what is the chance that you are going to be given more rights (like just before DivX failed), vs. having your rights taken away (as largely happened with the recent iTunes adjustment). As a consumer, you can’t really be sure what you are buying, because it could change at any time. The final reason why I distrust centralized DRM is the ability of governments and corporations to make data “disappear” (imperfectly granted, but this is not something that should be “cheap” for a society to attempt).

    Finally I would note one area that DivX was very successful in, I never heard of anyone cracking their security system. The only real risk is low amounts of cloning, and the centralized control made it far too easy to detect and defeat using non-cryptographic methods (account databases and usage pattern analysis). Although I have not seen the exact algorithms they used, a former company of mine bid on the project with a design that was pretty bullet proof (ignoring the analog hole after the movie has actually been played). Thus DivX provides one more useful example, to the people who think that DRM is always weak and easy to break (ala. satellite TV); DivX shows that DRM security can be more resilient than you think.

  8. Given the technical nature of Prof Felten’s blog, it is probably worth clearing up a few mistake’s in Peter memory of DivX.

    DivX may of had some of the faults Peter mentioned when it first came out, but they actually improved in a number of ways just before their death. Towards the end, you could get the movie access assigned to groups of players, and even [in theory] move authorization from a broken player to a new player. The reason it could make those changes was because it was centrally controlled (I’ll leave aside arguments about whether it is a good thing to give Companies control over that, except to say I personally have not upgraded3 of my computers to Windows XP because I won’t spend that amount of money on something with a product activation feature).

    Even with the improvements, DivX had enough downsides that it failed in the market. That failure provides one of the biggest examples of why centralized DRM, despite some seeming advantages, is costly to society in the long run. Anybody who bought a “lifetime” access to a DivX disc found out it meant the lifetime of the “DivX corporation”, not the disc itself or the player. I’m sure there must be some players left that have cached access codes for the disks, but all of Peter’s disadvantages have returned in full. For the rest of the people, DRM has made their purchases worthless.

    The other reason centralized DRM is costly, is the fact terms can change for the worse (usually only with expensive lawsuits as a countermeasure). If Apple wants to change iTunes to only work on one computer, they have the technology to make that change right away. Given the nature of corporations what is the chance that you are going to be given more rights (like just before DivX failed), vs. having your rights taken away (as largely happened with the recent iTunes adjustment). As a consumer, you can’t really be sure what you are buying, because it could change at any time. The final reason why I distrust centralized DRM is the ability of governments and corporations to make data “disappear” (imperfectly granted, but this is not something that should be “cheap” for a society to attempt).

    Finally I would note one area that DivX was very successful in, I never heard of anyone cracking their security system. The only real risk is low amounts of cloning, and the centralized control made it far too easy to detect and defeat using non-cryptographic methods (account databases and usage pattern analysis). Although I have not seen the exact algorithms they used, a former company of mine bid on the project with a design that was pretty bullet proof (ignoring the analog hole after the movie has actually been played). Thus DivX provides one more useful example, to the people who think that DRM is always weak and easy to break (ala. satellite TV); DivX shows that DRM security can be more resilient than you think.

  9. In reply to Sean Ellis:

    I actually chose the words “outlaw region” carefully. Given credible evidence that a single person was responsible for redistributing (say) tens of thousands of copies of some movie, I wouldn’t be surprised to see a criminal prosecution. (Look what happened to the guy who got caught last year redistributing screeners online.) To operate with impunity, that person would have to be somewhere outside the reach of the U.S. legal system, and of other countries that would be willing to arrest and/or extradite him. In practice, that means being in a region that does not enforce international copyright agreements.