September 23, 2020

DVD Replacement Still Insecure

There’s a budding format war in the movie industry, over which video medium will replace the DVD. The candidates are called HD-DVD and Blu-Ray. For some reason, HD-DVD advocates are claiming that their format can better resist unauthorized copying.

As far as I can tell, there is essentially zero evidence to support this claim. In fact, as James Grimmelmann neatly argues, there is really no reason to think that either of these technologies will be effective at stopping peer-to-peer sharing. Here’s James:

Already I’m confused. What will changing the physical format of non-interactive discs do to “stem rampant piracy?” The new format will have to be readable by some class of devices. It will have to be writable by some other class of devices. The level of “rampant piracy” of DVDs has never been a function of the weakness of CSS; the level of rampant piracy of HD-DVDs won’t be a function of the weakness or strength of the encryption algorithm.

Making HD-DVDs harder to copy than DVDs would take one of three things:

  • It’s not practical to get at the bits except to throw them immediately up on the screen. But this would mean no HD-DVD readers or writers for computers – and the equipment vendors have been saying that HD-DVD drives for computers are one of their major markets.
  • The discs (or disc substitutes) are in some way “smart” and do a two-way handshake with the computer so that you can’t, as with CSS, extract a key once and use it forever. But that would raise the manufacturing costs immensely, which defeats one of the major design goals.
  • The discs are individuated and the readers have to check in with home base to be authorized to read a particular disc and get its particular key. But this would require every HD-DVD device to have an Internet connection.

Actually, they would probably have to do all three of these things, and more, to make any dent in P2P copying. The system will be attacked at its weakest point. If they fix only one or two of their many problems, the remaining one(s) will still be fatal.

Reporters and industry analysts are still surprisingly gullible about DRM vendors’ claims. What we have here is essentially a replay of the early security claims about DVDs, which turned out to be spectacularly wrong.

Perhaps people are drawing the wrong lesson from the failure of DVDs to prevent copying. It’s true that the CSS encryption system used on DVDs turned out to be laughably weak. But, as James notes, that wasn’t even the biggest problem in the DVD anti-copying strategy. Indeed, if you replaced CSS with an utterly unbreakable encryption system, DVDs would still have been easy to copy, by capturing the data after it was decrypted, or by reverse-engineering a player to learn the secret decryption key.

Here’s a good rule of thumb for reporters and analysts: If somebody claims to have solved a security problem that nobody has ever solved in practice before, don’t believe them unless they present independently verified evidence to support their claim.

Comments

  1. As a reporter who has been covering this industry for more years than I care to admit, I’ve learned to be skeptical of anything an industry executive says, especially these days when the topic is technology and intellectual property rights. Among the few techno-savvy folks in the Hollywood food chain, though, I think there’s a general understanding that the studios will never stop P2P piracy.

    What they’re hoping, I think, is that the large data files involved in high-definition movies will continue to make downloading impractical for at least a few more years. The purpose in switching formats is to try to regain control of the global replication infrastructure through far-more restrictive licensing than was the case with DVD. The Blu-ray camp, in particular, has made it fairly clear that they intend to limit authorized Blu-ray replication to a very small handful of companies. That probably won’t stop outright pirates from figuring out a way to press Blu-ray discs. But it might make it a little easier to police the use of licensed facilities for unauthorized work.

    I have no idea whether the studios’ hopes will be fulfilled. But I wouldn’t assume that what they say in public about copy protection on HD reflects what they know to be true.

    Just an observation.

    Paul Sweeting
    Video Business

  2. So when does “limiting authorized blu-ray replication to a very small handful of companies” cross the line to become an illegal monopoly/cartel ?

    Personally, I think that the CSS licensing thing already sounds way too much like “tied selling”.

  3. I think it’s pretty close to the line now, which is one reason you don’t hear them talk about it much.

    I think in the next Congress you’ll see the MPAA push for “refinements” to anti-trust laws to permit precisely such limited selling for the purpose of “combating piracy.”

  4. Two quick comments:

    No home user will ever have the bandwidth to upload an HD-DVD movie. At 45-KBps on the upstream side, it’d take me a week to upload a HD-DVD movie.

    I’m guessing that HD-DVD players are only going to work on Palladium-enabled PC hardware.

  5. I think I need to disagree with James Grimmelmann on a couple of points.

    I do not think having a two way handshake mechanism on the HD-DVD “would raise the manufacturing costs immensely”. Look at the smart RFID tags that are being proposed. They add about US$0.50 to the cost of a product and there is hope that it will become even cheaper (by an order of magnitude). And retailers would love this since the RFIDs could also be used for inventory purposes.

    The idea of having a player “phone home” was tried and failed (Divx) but with the growing ubiquity of cellphones and 802.11* this might come back into favor. And if all HD-DVD players required it, people might be forced to accept it. The mobile phone carriers would certainly love it. It would also allow studios to better track their audiences.

  6. Any HD-DVD player worth bothering with must provide a digital signal that can be passed to a digital TV input. That TV won’t understand the encrypted format, so the digital stream must be unencrypted.

    At this point, circumventing HD-DVD is trivial – the player does the decryption for you.

    Requiring that the TV do the decryption would be commercial suicide – instead of just replacing their DVD player, people would have to replace their TV as well.

  7. I recently viewed the archived lecture that Ed gave at Princeton earlier this year, it is an excellent primer to DRM and the technology vs legal landscape. I am a TiVo addict and timeshifting is now a fundamental feature of my TV viewing (on Ed’s recorded recommendation, I checked out MythTV). So here is this new potential DRM issue: Spaceshifting ( http://www.spaceshift.net/ ). The TV2Me device was featured in today’s NYTimes. http://www.nytimes.com/2004/12/02/technology/circuits/02inve.html?adxnnl=1&8hpib=&oref=login&adxnnlx=1102002981-B/mjvwJdNBWcUqKHb0ehZw

  8. I recently viewed the archived lecture that Ed gave at Princeton earlier this year, it is an excellent primer to DRM and the technology vs legal landscape. I am a TiVo addict and timeshifting is now a fundamental feature of my TV viewing (on Ed’s recorded recommendation, I checked out MythTV). So here is this new potential DRM issue: Spaceshifting ( http://www.spaceshift.net/ ). The TV2Me device was featured in today’s NYTimes. http://www.nytimes.com/2004/12/02/technology/circuits/02inve.html?adxnnl=1&8hpib=&oref=login&adxnnlx=1102002981-B/mjvwJdNBWcUqKHb0ehZw

  9. Wes Felter says:

    Any HD-DVD player worth bothering with must provide a digital signal that can be passed to a digital TV input. That TV won’t understand the encrypted format, so the digital stream must be unencrypted.

    Wrong. DVI outputs will be encrypted with HDCP. HDTVs have supported HDCP for a while.

    At this point, circumventing HD-DVD is trivial – the player does the decryption for you.

    The DVI signal is around 1GB/s. How would you record it, even if it was in the clear?

    Requiring that the TV do the decryption would be commercial suicide – instead of just replacing their DVD player, people would have to replace their TV as well.

    Nope. If your TV doesn’t have DVI+HDCP you can always use an analog connection.

  10. And those analog outputs will probably be hobbled with macrovision. The design goal of AACS (the HD-DVD equivalent to CSS) appears to be total end-to-end encryption from media to display, with no opportunity for traditional fair use.

  11. HD-DVD is a plain optical disc just like today’s DVDs. Blu-ray discs are enclosed in a (non-removable) caddy. So Blu-ray might have a opportunity to insert some kind of “gatekeeper” hardware device, but not HD-DVD.

    I predict Blu-ray will fail in the market, on the grounds that consumers will prefer plain discs to caddy-enclosed discs.

    Also with limited “authorized” replication, I wonder what the prospects are for consumer-level burning of Blu-ray discs. (maybe it will be like DVDs where consumer burners work but can’t apply encryption)

  12. New protective layer for Blu-ray disks:
    http://www.cdfreaks.com/news/10929

    HP confirms plans for Blu-ray
    http://www.theregister.co.uk/2004/11/24/hp_blu-ray_pc_media_centre/

    “Blu-ray disks will arrive with three different media types at launch, BD-ROM a read only version, for software, games and movie distribution; BD-RE, a rewritable format for HDTV recording and data storage; and BD-R, a write-once format for HDTV recording and data storage.”