(MovieBeam is a $200 box you buy that lets you buy 24-hour access to recent movies. There is a rotating menu of movies. Currently video content is trickled out to MovieBeam boxes via unused broadcast bandwidth rented from PBS stations. Eventually they’ll use the Internet to distribute movies to the devices.)
This is a common tactic these days – transmitting the highest-res content only via HDMI. And it seems like a mistake for Hollywood to insist on this. The biggest problem is that some HDTVs have HDMI inputs and some don’t, and most consumers don’t know the difference. Do you know whether your TV has an HDMI input? If you do, you either (a) don’t have a high-def TV, or (b) are a serious video geek.
Consider a (hypothetical) consumer, Fred, who bought an early high-def set because he wanted to watch movies. Fred buys MovieBeam, or a next-gen DVD player, only to discover that his TV can’t display the movies he wants in full definition, because his TV doesn’t do HDMI.
Fred will be especially angry to learn that his MovieBeam box or high-def DVD player is perfectly capable of sending content at higher definition to the inputs that his TV does have, but because of a bunch of legal mumbo-jumbo that Hollywood insists upon, his set-top box deliberately down-rezzes the video before sending it to his TV. Just imagine what Fred will think when he sees news stories about how pirated content is available in portable, high-def formats that will work with his TV.
The official story is that HDMI is a security measure, designed to stop infringers. It’s been known for years that HDMI has serious security flaws; even Wikipedia discusses them. HDMI’s security woes make a pretty interesting story, which I’ll explore over several posts. First I’ll talk about what HDMI is trying to do. Then I’ll go under the hood and talk about how the critical part of HDMI works and its well-known security flaws. (This part is already in the academic literature; I’ll give a more accessible description.) Finally, I’ll get to what is probably the most interesting part: what the history of HDMI security tells us about the industry’s goals and practices.
Officially, the security portion of HDMI is known as High-bandwidth Digital Content Protection, or HDCP. The core of this security design is the HDCP handshake, which takes place whenever two devices communicate over an HDMI cable. The handshake has two goals. First, it lets each device confirm that the other device is an authorized HDCP device. Second, it lets the two devices agree on a secret encryption key which only those two devices know. Subsequent communication over the cable is encrypted using that key, so that eavesdroppers can’t get their hands on any content that is distributed.
In theory, this is supposed to stop would-be infringers. If an infringer tries to plug an authorized video source (like a MovieBeam box) into a device that can capture and redistribute video content, this won’t work, because the capture device won’t be able to do the handshake – the authorized video source will recognize that it is unauthorized and so will refuse to sent it content. Alternatively, if an infringer tries to capture content off the wire, between an authorized source and an authorized TV set, this will be foiled by encryption. That’s the theory at least. The practice is quite different, as I’ll describe next time.