August 24, 2016

Archives for July 2004


In Search of Cool Stuff

In mid-August I’m going to a small technical workshop that has a “cool stuff” session, where everybody is invited to demonstrate or explain to the group something cool. It doesn’t have to be useful or technological; the only requirement is that a group of uber-geeks will think it is cool.

Perhaps you can help me out with suggestions….


Inducing You to Read Ernest Miller

Ernest Miller is on a roll lately, especially on the topic of the INCUDE/IICA Act. I would be saying more about this dangerous bill, but Ernie is saying most of what needs to be said. James Grimmelmann at LawMeme made a nice index of Ernie’s INDUCE/IICA writings.

Ernie has instituted Hatch’s Hit List, a list of technologies that would appear to be banned by the IICA, as inducers of copyright infringement. (This is modeled on Fritz’s Hit List, a feature I introduced here in response to an earlier overreaching technology-regulation bill.)


Audible Magic, Revealed

Chris Palmer at the EFF published a piece this week debunking the Audible Magic technology. He focuses on the CopySense technology.

Audible Magic’s CopySense


Industries to Form Yet Another DRM Consortium

A group of large movie and technology companies is about to form yet another consortium to solve the digital copyright problem, according to a John Borland story at This looks like one more entry in the alphabet soup (SDMI, CPTWG, ARDG) of fruitless efforts to standardize on an effective anti-copying technology.

The new entity will fail just as badly as the old ones, and for the same reason: there is no effective anti-copying technology on which to standardize. You can get together as many company representatives as you like, and you can issue as many joint reports and declarations as you like, but you cannot change the fact that the group’s goal is infeasible. This just isn’t the sort of problem that can be solved by negotiation.

But perhaps the group’s real goal is to limit the use of digital media technology by law-abiding consumers. That’s certainly achievable. And, as Ernest Miller notes, they may also be able to erect barriers to entry in technology markets, by creating “security” requirements that lock out smaller companies.

In the end, my prediction is that the new group will fail to reach any meaningful agreement. They’ll hold some meetings and issue some vaguely optimistic press releases, but when it comes to the hard technical issues, they’ll fail to reach a consensus.

Despite this, the group will provide its members with a certain piece of mind. It will help the movie companies sustain their fantasy of the infringement-free, pay-per-view future. And it will help the tech giants sustain the fantasy that they, rather than their customers, will decide the future of media technology.


Velvet Revolver Album Not DRMed in Japan

I wrote recently about the Velvet Revolver album that is “protected” by SunnComm ‘s ineffectual CD anti-copying technology. The technology was doomed to fail – and has in fact failed – to keep the music off the popular P2P filesharing systems.

It turns out that things are even weirder than I had thought: the very same album was released in Japan without DRM (according to Alex Halderman, who has a copy of the Japanese release). So even if the DRM technology were perfect, the music still would have leaked, via Japanese buyers, onto the P2P darknet.

DRM costs the record company money to deploy, because the DRM technology must be licensed, and because of lost sales due to DRM-induced consumer inconvenience. So why in the world would a record company pay to DRM an album in some places and not in others?

One possible explanation is that the record company is not thinking clearly about the consequences of their DRM strategy. Based on the conversations I have had with record industry executives about their DRM strategy, this theory is quite plausible.

Another possibility is that they aren’t actually trying to prevent P2P copying of this album, but are instead trying to create evidence that US consumers will accept DRMed products. As I wrote previously (“Lame Copy Protection Doesn’t Depress CD Sales Much”), experience with the Velvet Revolver album seems to indicate that consumers see the DRM as a drawback, but many are buying it anyway because they think the music is good enough to outweigh the harmful DRM.

A third possibility is that they are worried about some other threat model, not involving P2P. Perhaps they think the DRM can prevent individual disc-to-disc copying. It’s not clear how much the technology will really do to prevent such copying, or how many sales would be saved by preventing such copies. (My guess is that most people who make disc-to-disc copies would not have bought a second copy.)

My best guess is that this is just one of those odd behaviors ones sees in large organizations that are in denial about an important issue. Shipping DRMed discs in the US shows that deployment of CD DRM is proceeding on schedule, thus allowing some in the industry to maintain their self-delusion that the CD DRM strategy is viable.


Computer Ate My Vote Day

Tomorrow, July 13, is “Computer Ate My Vote Day”. Rallies will be held in many states across the U.S, to ask state officials to use safe and reliable voting technologies. I’ll be speaking at the New Jersey rally, at noon on the steps of the State House in Trenton.


Security Theater

Lots of people are telling airport-security stories these days. Thus far I have refrained from doing so, even though I travel a lot, because I think the TSA security screeners generally do a good job. But last week I saw something so dumb that I just have to share it.

I’m in the security-checkpoint line at Boston’s Logan airport. In front of me is an All-American family of five, Mom, Dad, and three young children, obviously headed somewhere hot and sunny. They have the usual assortment of backpacks and carry-on bags.

When they get through the metal detector, they’re told that Mom and Dad had been pre-designated for the more intensive search, where they wand-scan you and go through your bags. This search is a classic example of what Bruce Schneier calls Security Theater, since it looks impressive but doesn’t do much good. The reason it doesn’t do much good is that it’s easy to tell in advance whether you’re going to be searched. At one major airport, for example, the check-in agent writes a large red “S” on your boarding pass if you’re designated for this search; you don’t have to be a rocket scientist to know what this means. So only clueless bad guys will be searched, and groups of bad guys will be able to transfer any contraband into the bags of group members who won’t be searched, with plenty of time after the security checkpoint to redistribute it as desired.

But back to my story. Mom and Dad have been designated for search, and the kids have not. So the security screener points to the family’s pile of bags and asks which of the bags belong to Mom and Dad, because those are the ones that he is going to search. That’s right: he asks the suspected bad guys (and they must be suspected, otherwise why search them) which of their bags they would like to have searched. Mom is stunned, wondering if the screener can possibly be asking what she thinks he’s asking. I can see her scheming, wondering whether to answer honestly and have some stranger paw through her purse, or to point instead to little Johnny’s bag of toys.

Eventually she answers, probably honestly, and the screener makes a great show of diligence in his search. Security theater, indeed.


WSJ Political Diary on INDUCE Act

Yesterday’s “Political Diary” at the Wall Street Journal’s online OpinionJournal had a nice little piece on Sen. Hatch’s IICA (a.k.a. INDUCE Act). (Access to subscribers only, unfortunately.)

The piece, written by David Robinson, notes that Sen. Hatch, who had previously urged vigorous action against music downloaders, even suggesting “destroying their machines,” has now changed his tune.

Now he’s returned to the issue, this time with a different message: Young downloaders are not crooks, but victims. They have been “tragically” manipulated, he explained on the floor of the Senate, by adults who “exploit the innocence of children.”

The IICA doesn’t seem to be the solution:

Mr. Hatch may have a point – software businesses like Grokster and others do seem to be engaged in trying to profit from their customers’ urge to commit piracy. But his solution seems likely to open a Pandora’s box of frivolous lawsuits, ranging far beyond music downloads. As much as we enjoy Mr. Hatch’s magic similes, “back to the drawing board” would be our advice.


Fancy DRM For Academy Screeners?

Movie studios are considering an elaborate DRM scheme to limit copying of promotional “screener” videos distributed to Academy Award voters, according to an AP story by Gary Gentile.

The article’s description of the scheme is a bit confusing, but I think I can reconstruct how it works. The studios would distribute a special new DVD player to each person receiving videos. Each copy of a video would be encrypted so that only a particular person’s DVD player could decrypt it. The videos would also contain some kind of watermark to identify each individual copy.

The technology vendor, Cinea, makes a carefully calibrated technical claim:

Cinea executives said that with enough time and money, a hacker could eventually circumvent the encryption technology hardwired in a single DVD player, but the watermarking will help authorities track down that player.

The discs, by themselves, cannot be hacked, [a Cinea executive] said.

Assuming that this claim is correct, the discs must not be using the lame CSS encryption scheme used by normal DVDs. (CSS is so weak that encryption keys can be recovered easily from a single encrypted disc.) If the designers are smart, they’re using a standard encryption method, in which case it’s probably true that a single disc is not enough to recover the encrypted plaintext. Of course, it’s easy to access the video given a disc and a player – that’s the whole point of having a player.

It’s not clear how sophisticated the watermark would be. Last year, a simple, weak watermark was sufficient to catch a guy who distributed copies of Academy screener videos on the net.

All of this expensive technology might be enough to keep screener videos from leaking onto the net. But this kind of technology won’t work for consumer DVDs. Tethering each disc to a single player would cause major headaches for consumers – imagine having to buy all new discs whenever you bought a new player.

Worse yet, anybody could capture and redistribute the analog output of one of these players. Even if the watermark scheme isn’t broken (and it probably would be, if it mattered), the best the watermark can do is to trace the redistributed copy back to a particular player device. If that device was stolen, or transported to an outlaw region, there is no plausible way to catch the actual perpetrator. This might not be a problem for a modest number of devices, used for a short period by known people, as in the case of screeners; but it would be a fatal flaw on devices that are distributed widely to ordinary people.

UPDATE (July 7): Ernest Miller has some interesting comments on this issue.


Monoculture Debate: Geer vs. Charney

Yesterday the USENIX Conference featured a debate between Dan Geer and Scott Charney about whether operating-system monoculture is a threat to computer security. (Dan Geer is a prominent security expert who co-wrote last year’s CCIA report on the monoculture program, and was famously fired by @Stake for doing so. Scott Charney was previously a cybercrime prosecutor, and is now Microsoft’s Chief Security Strategist.)

Geer went first, making his case for the dangers of monoculture. He relied heavily on an analogy to biology, arguing that just as genetic diversity helps a population resist predators and epidemics, diversity in operating systems would help the population of computers resist security attacks. The bio metaphor has some power, but I thought Geer relied on it too heavily, and that he would have been better off talking more about computers.

Charney went second, and he made two main arguments. First, he said that we already have more diversity than most people think, even within the world of Windows. Second, he said that the remedy that Geer suggests – adding a modest level of additional diversity, say adopting two major PC operating systems with a 50/50 market share split – would do little good. The bad guys would just learn how to carry out cross-platform attacks; or perhaps they wouldn’t even bother with that, since an attack can take the whole network offline without penetrating a large fraction of machines. (For example, the Slammer attack caused great dislocation despite affecting less than 0.2% of machines on the net.) The bottom line, Charney said, is that increasing diversity would be very expensive but would provide little benefit.

A Q&A session followed, in which the principals clarified their positions but no major points were scored. Closing statements recapped the main arguments.

The moderator, Avi Rubin, polled the audience both before and after the debate, asking how many people agreed with each party’s position. For this pupose, Avi asked both Geer and Charney to state their positions in a single sentence. Geer’s position was that monoculture is a danger to security. Charney’s position was that the remedy suggested by Geer and his allies would do little if anything to make us more secure.

Pre-debate, most people raised their hands to agree with Geer, and only a few hands went up for Charney. Post-debate, Geer got fewer hands than before and Charney got more; but Geer still had a very clear majority.

I would attribute the shift in views to two factors. First, though Geer is very eloquent for a computer scientist, Charney, as an ex-prosecutor, is more skilled at this kind of formalized debate. Second, the audience was more familiar with Geer’s arguments beforehand, while some may have been hearing Charney’s arguments for the first time; so Charney’s arguments had more impact.

Although I learned some things from the debate, my overall position didn’t change. I raised my hand for both propositions, both pre- and post-debate. Geer is right that monoculture raises security dangers. Charney is also right that the critics of monoculture don’t offer compelling remedies.

This is not to say that the current level of concentration in the OS market is optimal from a security standpoint. There is no doubt that we would be more secure if our systems were more diverse. The most important step toward diversity would be to ensure true competition in software markets. Consumers have an incentive to switch to less-prevalent technologies in order to avoid being attacked. (See, e.g., Paul Boutin’s endorsement in Slate of the Mozilla Firefox browser.) In a properly functioning market, I suspect that the diversity problem would take care of itself.

(See also my previous discussion of the monoculture issue.)