May 30, 2024

Archives for January 2007

AACS Decryption Code Released

[Posts in this series: 1, 2, 3, 4, 5, 6, 7.]

Decryption software for AACS, the scheme used to encrypt content on both next-gen DVD systems (HD-DVD and Blu-ray), was released recently by an anonymous programmer called Muslix. His software, called BackupHDDVD, is now available online. As shipped, it can decrypt HD-DVDs (according to its author), but it could easily be adapted to decrypt Blu-ray discs.

Commentary has been all over the map, with some calling this a non-event and others seeing the death of AACS. Alex Halderman and I have been thinking about this question, and we believe the right view is that the software isn’t a big deal by itself, but it is the first step in the meltdown of AACS. We’ll explain why in a series of blog posts over the next several days.

Today I’ll explain how the existing technology works: how AACS encrypts the content on a disc, and what the BackupHDDVD software does.

In AACS, each player device is assigned a DeviceID (which might not be unique to that device), and is given decryption keys that correspond to its DeviceID. When a disc is made, a random “title key” is generated and the video content on the disc is encrypted under the title key. The title key is encrypted in a special way that specifies exactly which devices’ decryption keys are able to extract the title key, and the result is then written into a header field on the disc.

When a player device wants to read a disc, the player first uses its own decryption keys (which, remember, are specific to the player’s DeviceID) to extract the title key from the disc’s header; then it uses the title key to unlock the content.

BackupHDDVD does only the second of the two decryption steps: you give it the title key and the encrypted content, and it uses the title key to decrypt the content. BackupHDDVD doesn’t do the first decryption step (extracting the title key from the disc’s header), so BackupHDDVD is useless unless you already have the disc’s title key. The BackupHDDVD download does not include title keys, so somebody who wanted to decrypt his own AACS-protected disc collection would have to get those discs’ title keys from elsewhere.

Typical users can’t extract title keys on their own, so BackupHDDVD won’t be useful to them as it currently stands – hence the claims that BackupHDDVD is a non-event.

But the story isn’t over. BackupHDDVD is the first step in a process that will eviscerate AACS. In the next post, we’ll talk about what will come next.

[Post updated (8 Jan 2007): Corrected the third-to-last paragraph, which originally said that BackupHDDVD came with a few sample title keys. The error was due to my misreading of the code distribution. Also added the second parenthetical in the first paragraph, as a clarification. Thanks to Jon Lech Johansen and Mark for pointing out these issues.]

2007 Predictions

This year, Alex Halderman, Scott Karlin and I put our heads together to come up with a single list of predictions. Each prediction is supported by at least two of us, except the predictions that turn out to be wrong, which must have slipped in by mistake.

Our predictions for 2007:

(1) DRM technology will still fail to prevent widespread infringement. In a related development, pigs will still fail to fly.

(2) An easy tool for cloning MySpace pages will show up, and young users will educate each other loudly about the evils of plagiarism.

(3) Despite the ascent of Howard Berman (D-Hollywood) to the chair of the House IP subcommittee, copyright issues will remain stalemated in Congress.

(4) Like the Republicans before them, the Democrats’ tech policy will disappoint. Only a few incumbent companies will be happy.

(5) Major record companies will sell a significant number of MP3s, promoting them as compatible with everything. Movie studios won’t be ready to follow suit, persisting in their unsuccessful DRM strategy.

(6) Somebody will figure out the right way to sell and place video ads online, and will get very rich in the process. (We don’t know how they’ll do it. If we did, we wouldn’t be spending our time writing this blog.)

(7) Some mainstream TV shows will be built to facilitate YouTubing, for example by structuring a show as a series of separable nine-minute segments.

(8) AACS, the encryption system for next-gen DVDs, will melt down and become as ineffectual as the CSS system used on ordinary DVDs.

(9) Congress will pass a national law regarding data leaks. It will be a watered-down version of the California law, and will preempt state laws.

(10) A worm infection will spread on game consoles.

(11) There will be less attention to e-voting as the 2008 election seems far away and the public assumes progress is being made. The Holt e-voting bill will pass, ratifying the now-solid public consensus in favor of paper trails.

(12) Bogus airport security procedures will peak and start to decrease.

(13) On cellphones, software products will increasingly compete independent of hardware.

2006 Predictions Scorecard

As usual, we’ll start the new year by reviewing the predictions we made for the previous year. After our surprisingly accurate 2005 predictions, we decided to take more risks having more 2006 predictions, and making them more specific. The results, as we’ll see, were … predictable.

Here now, our 2006 predictions, in italics, with hindsight in ordinary type.

(1) DRM technology will still fail to prevent widespread infringement. In a related development, pigs will still fail to fly.

We predict this every year, and it’s always right. This prediction is so obvious that it’s almost unfair to count it.

Verdict: Right.

(2) The RIAA will quietly reduce the number of lawsuits it files against end users.

Verdict: Right.

(3) Copyright owners, realizing that their legal victory over Grokster didn’t solve the P2P problem, will switch back to technical attacks on P2P systems.

They did realize the Grokster case didn’t solve their problem; but they didn’t really emphasize technical countermeasures. They didn’t seem to have a coherent anti-P2P strategy.

Verdict: mostly wrong.

(4) Watermarking-based DRM will make an abortive comeback, but will still be fundamentally infeasible.

The comeback was limited to the now-dead analog hole bill, which backed the dead-on-arrival CGMS-A + VEIL technology. Watermarking still looks infeasible for copy protection.

Verdict: mostly wrong.

(5) Frustrated with Apple’s market power, the music industry will try to cozy up to Microsoft. Afraid of Microsoft’s market power, the movie industry will try to cozy up to Washington.

The music industry was indeed frustrated by Apple’s market power. But they drove a hard bargain with Microsoft, shackling Zune’s most interesting features. The movie industry did cozy up to Washington, but no more than usual, and probably not due to Microsoft-fear.

Verdict: mostly wrong.

(6) The Google Book Search case will settle. Months later, everybody will wonder what all the fuss was about.

No settlement, but excitement about the Book Search case has definitely waned.

Verdict: mostly wrong.

(7) A major security and/or privacy vulnerability will be found in at least one more major DRM system.

Verdict: wrong.

(8) Copyright issues will still be stalemated in Congress.

Another easy one.

Verdict: right.

(9) Arguments based on national competitiveness in technology will have increasing power in Washington policy debates.

This didn’t happen. We thought the election would make economic health more salient; but the election focus was elsewhere.

Verdict: mostly wrong.

(10) Planned incompatibility will join planned obsolescence in the lexicon of industry critics.

Verdict: mostly wrong.

(11) There will be broad consensus on the the need for patent reform, but very little consensus on what reform means.

The main policy division, predictably, was between the infotech and biotech sectors.

Verdict: right.

(12) Attention will shift back to the desktop security problem, and to the role of botnets as a tool of cybercrime.

This should have happened, but commentators mostly missed the growing importance of this issue. Botnets were implicated in the spam renaissance.

Verdict: mostly wrong.

(13) It will become trendy to say that the Internet is broken and needs to be redesigned. This meme will be especially popular with those recommending bad public policies.

This trend mostly didn’t materialize, though there were wisps of this argument in the net neutrality debate.

Verdict: mostly wrong.

(14) The walls of wireless providers’ “walled gardens” will get increasingly leaky. Providers will eye each other, wondering who will be the first to open their network.

Verdict: mostly right.

(15) Push technology (remember PointCast and the Windows Active Desktop?) will return, this time with multimedia, and probably on portable devices. People won’t like it any better than they did before.

Push tried to bring the TV model to the Net, so it seemed logical that as TV moved onto the Net it would become more push-like. But this didn’t happen, at least not yet.

Verdict: wrong.

(16) Broadcasters will move toward Internet simulcasting of free TV channels. Other efforts to distribute authorized video over the net will disappoint.

Verdict: mostly right.

(17) HD-DVD and Blu-ray, touted as the second coming of the DVD, will look increasingly like the second coming of the Laserdisc.

The jury is still out, but this prediction is looking good so far.

Verdict: mostly right.

(18) “Digital home” products will founder because companies aren’t willing to give customers what they really want, or don’t know what customers really want.

Outside of promotional efforts in the trade press, we didn’t hear much about the digital home.

Verdict: mostly right.

(19) A name-brand database vendor will go bust, unable to compete against open source.

Verdict: wrong.

(20) Two more significant desktop apps will move to an Ajax/server-based design (as email did in moving toward Gmail). Office will not be one of them.

There seemed to be a trend in this direction, but I can’t point to two major apps that moved. But Google did introduce Office-like products in this category.

Verdict: mostly wrong.

(21) Technologies that frustrate discrimination between different types of network traffic will grow in popularity, backed partly by application service providers like Google and Yahoo.

These technologies didn’t develop, perhaps because of the policy stalemate over net neutrality.

Verdict: wrong.

(22) Social networking services will morph into something actually useful.

This one is hard to categorize. The meaning of “social networking” changed during 2006; it now refers to sites like MySpace and Facebook that are primarily webpage hosting services. That’s a useful and popular function; but it’s the term rather than the technology that morphed.

Verdict: mostly right (I guess).

(23) There will be a felony conviction in the U.S. for a crime committed entirely in a virtual world.

Commenters noted at the time that this prediction was poorly specified. Which didn’t matter, because it was wrong no matter how you interpret it.

Verdict: wrong.

Overall scorecard for 2006 predictions: four right, five mostly right, nine mostly wrong, five wrong. That’s more wrong than right, by a narrow margin, showing that our risk-taking strategy worked.

Stay tuned for our 2007 predictions.