April 19, 2014

avatar

Analog Hole Bill Requires "Open and Public" Discussion of Secret Technology

Today I want to return to the Sensenbrenner-Conyers analog hole bill, which would impose a secret law – a requirement that all devices that accept analog video inputs must implement a secret technical specification for something called a VEIL detector. If you want to see this specification, you have to pay a $10,000 fee to a private company and you have to promise not to tell anyone about the technology. It’s pretty disturbing that our representatives would propose this kind of secret law.

But what is really odd about the secret technology is that the bill itself seems to assume that it is not secret. Consider, for example, Section 105:

If, upon the petition of any interested party, the Director of the Patent and Trademark Office determines that [VEIL] has become materially ineffective in a way that cannot be adequately remedied by existing technical flexibility in the embedding functions of [VEIL], then the Director may by rule adopt commercially reasonable improvements to the detection function of [VEIL] in order to maintain the functionality of the rights signaling system under this Act. Any such improvements shall be limited to adjustments or upgrades solely to the same underlying VEIL technology …

In [the above-described rulemaking], the Director … shall encourage representatives of the film industry, the broadcast, cable, and satellite industry, the information technology industry, and the consumer electronics industry to negotiate in good faith in an effort to reach agreement on the … improvements to [VEIL] to be adopted in the rule. The Director shall ensure that such negotiation process is open and public and that all potentially affected parties are invited to participate in the process through public notice. The Director shall cause any agreement for which there is substantial consensus of the parties on all material points to be published and shall take such agreement into account in any final rule adopted.

This process cannot be “open and public”, and an agreement on how the VEIL technology should be changed cannot be published, if the VEIL technology is secret. You can’t have a negotiation about how VEIL might be fixed, if the parties to that negotiation have promised not to disclose how VEIL works. And you can’t meaningfully invite members of the public to participate in the negotiation if they aren’t allowed to know about the subject being negotiated.

But that’s not all. The rulemaking will happen if somebody files a petition that convinces the Patent Office that VEIL “has become materially ineffective in a way that cannot be adequately remedied by existing technical flexibility in the embedding function” of VEIL.

The embedding function of VEIL is the gizmo that puts VEIL watermarks into video that is going to be distributed. It is separate from the detection function, which detects the presence or absence of a VEIL watermark in video content. The bill mandates that all analog video devices must include the detection function, so it is the detection function that one could learn about by paying the fee and taking the secrecy pledge.

But the embedding function of VEIL is entirely secret, and is not being revealed even to people who pay the fee and take the pledge. As far as I know, there is no way at all for anyone other than the VEIL company to find out how the embedding function works, or what kind of “existing technical flexibility” it might have. How anyone could petition the Patent Office on that subject is a mystery.

In short, the rulemaking procedure in Section 105 is entirely inconsistent with the secrecy of VEIL. How it got into the bill is therefore a pretty interesting question. Reading the bill, one gets the impression that it was assembled from prefab parts, rather than reflecting a self-consistent vision of how a technology mandate might actually work.

avatar

What's in the Secret VEIL Test Results?

I wrote last week about how the analog hole bill would mandate use of the secret VEIL technology. Because the law would require compliance with the VEIL specification, that spec would effectively be part of the law. Call me old-fashioned, but I think there’s something wrong when Congress is considering a secret bill that would impose a secret law. We’re talking about television here, not national security.

Monday’s National Journal Tech Daily had a story (subscribers only; sorry) by Sarah Lai Stirland about the controversy, in which VEIL executive Scott Miller said “the company is willing to provide an executive summary of test results of the system to anyone who wants them.”

Let’s take a look at that test summary. The first thing you’ll notice is how scanty the document is. This is all the testing they did to validate the technology?

The second thing you’ll notice is that the results don’t look very good for VEIL. For example, when they tested to see whether VEIL caused a visible difference in the video image, they found that viewers did report a difference 29% of the time (page 4).

More interesting, perhaps, are the results on removability of the VEIL watermark (page 2). They performed ten unspecified transformations on the video signal and measured how often each transformation made the VEIL watermark undetectable. Results were mixed, ranging from 0% success in removing the watermark up to 58%. What they don’t tell us is what the transformations (which they call “impairments”) were. So all we can conclude is that at least one of the transformations they chose for their test can remove the VEIL watermark most of the time. And if you have any experience at all in the industry, you know that vendor-funded “independent” studies like this tend to pick easy test cases. You have to wonder what would have happened if they had chosen more aggressive transformations to try. And notice that they’re refusing to tell us what the transformations were – another hint that the tests weren’t very strenuous.

The VEIL people have more information about all of these tests, but they are withholding the full testing report from us, even while urging our representatives to subject us to the VEIL technology permanently.

Which suggests an obvious question: What is in the secret portion of the VEIL testing results? What are they hiding?

avatar

Analog Hole Bill Would Impose a Secret Law

If you’ve been reading here lately, you know that I’m no fan of the Sensenbrenner/Conyers analog hole bill. The bill would require almost all analog video devices to implement two technologies called CGMS-A and VEIL. CGMS-A is reasonably well known, but the VEIL content protection technology is relatively new. I wanted to learn more about it.

So I emailed the company that sells VEIL and asked for a copy of the specification. I figured I would be able to get it. After all, the bill would make compliance with the VEIL spec mandatory – the spec would in effect be part of the law. Surely, I thought, they’re not proposing passing a secret law. Surely they’re not going to say that the citizenry isn’t allowed to know what’s in the law that Congress is considering. We’re talking about television here, not national security.

After some discussion, the company helpfully explained that I could get the spec, if I first signed their license agreement. The agreement requires me (a) to pay them $10,000, and (b) to promise not to talk to anybody about what is in the spec. In other words, I can know the contents of the bill Congress is debating, but only if I pay $10k to a private party, and only if I promise not to tell anybody what is in the bill or engage in public debate about it.

Worse yet, this license covers only half of the technology: the VEIL decoder, which detects VEIL signals. There is no way you or I can find out about the encoder technology that puts VEIL signals into video.

The details of this technology are important for evaluating this bill. How much would the proposed law increase the cost of televisions? How much would it limit the future development of TV technology? How likely is the technology to mistakenly block authorized copying? How adaptable is the technology to the future? All of these questions are important in debating the bill. And none of them can be answered if the technology part of the bill is secret.

Which brings us to the most interesting question of all: Are the members of Congress themselves, and their staffers, allowed to see the spec and talk about it openly? Are they allowed to consult experts for advice? Or are the full contents of this bill secret even from the lawmakers who are considering it?

avatar

CGMS-A + VEIL = SDMI ?

I wrote last week about the Analog Hole Bill, which would require almost all devices that handle analog video signals to implement a particular anti-copying scheme called CGMS-A + VEIL. Today I want to talk about how that scheme works, and what we can learn from its design.

CGMS-A + VEIL is, not surprisingly, a combination of two discrete signaling technologies called CGMS-A and VEIL. Both allow information to be encoded in an analog video signal, but they work in different ways.

CGMS-A stores a few bits of information in a part of the analog video signal called the vertical blanking interval (VBI). Video is transmitted as a series of discrete frames that are displayed one by one. In analog video signals, there is an empty space between the frames. This is the VBI. Storing information there has the advantage that it doesn’t interfere with any of the frames of the video, but the disadvantage that the information, being stored in part of the signal that nobody much cares about, is easily lost. (Nowadays, closed captioning information is stored in the VBI; but still, VBI contents are easily lost.) For example, digital video doesn’t have a VBI, so straight analog-to-digital translation will lose anything stored in the VBI. The problem with CGMS-A, then, is that it is too fragile and will often be lost as the signal is stored, processed, and translated.

There’s one other odd thing about CGMS-A, at least as it is used in the Analog Hole Bill. It’s remarkably inefficient in storing information. The version of CGMS-A used there (with the so-called RCI bit) stores three bits of information (if it is present), so it can encode eight distinct states. But only four distinct states are used in the bill’s design. This means that it’s possible, without adding any bits to the encoding, to express four more states that convey different information about the copyright owner’s desires. For example, there could be a way for the copyright owner to signal that the customer was free to copy the video for personal use, or even that the customer was free to retransmit the video without alteration. But our representatives didn’t see fit to support those options, even though there are unused states in their design.

The second technology, VEIL, is a watermark that is inserted into the video itself. VEIL was originally developed as a way for TV shows to send signals to toys. If you pointed the toy at the TV screen, it would detect any VEIL information encoded into the TV program, and react accordingly.

Then somebody got the idea of using VEIL as a “rights signaling” technology. The idea is that whenever CGMS-A is signaling restrictions on copying, a VEIL watermark is put into the video. Then if a signal is found to have a VEIL watermark, but no CGMS-A information, this is taken as evidence that CGMS-A information must have been lost from that signal at some point. When this happens, the bill requires that the most restrictive DRM rules be applied, allowing viewing of the video and nothing else.

Tellingly, advocates of this scheme do their best to avoid calling VEIL a “watermark”, even though that’s exactly what it is. A watermark is an imperceptible (or barely perceptible) component, added to audio or video signal to convey information. That’s a perfect description of VEIL.

Why don’t they call it a watermark? Probably because watermarks have a bad reputation as DRM technologies, after the Secure Digital Music Initiative (SDMI). SDMI used two signals, one of which was a “robust” watermark, to encode copy control information in content. If the robust watermark was present but the other signal was absent, this was taken as evidence that something was wrong, and strict restrictions were to be enforced. Sound familiar?

SDMI melted down after its watermark candidates – all four of them – were shown to be removable by an adversary of modest skill. And an adversary who could remove the watermark could then create unprotected copies of the content.

Is the VEIL watermark any stronger than the SDMI watermarks? I would expect it to be weaker, since the VEIL technology was originally designed for an application where accidental loss of the watermark was a problem, but deliberate removal by an adversary was not an issue. So how does VEIL work? I’ll write about that soon.

UPDATE (23 Jan): An industry source tells me that one factor in the decision not to call VEIL a watermark is that some uses of watermarks for DRM are patented, and calling it a watermark might create uncertainty about whether it was necessary to license watermarking patents. Some people also assert (incorrectly, in my view) that a watermark must encode some kind of message, beyond just the presence of the watermark. My view is still that VEIL is accurately called a watermark.

avatar

The Professional Device Hole

Any American parent with kids of a certain age knows Louis Sachar’s novel Holes, and the movie made from it. It’s set somewhere in the Texas desert, at a boot camp for troublemaking kids. The kids are forced to work all day in the scorching sun, digging holes in the rock-hard ground then re-filling them. It seems utterly pointless but the grown-ups say it builds character. Eventually we learn that the holes aren’t pointless but in fact serve the interests of a few nasty grown-ups.

Speaking of holes, and pointless exercises, last month Reps. Sensenbrenner and Conyers introduced a bill, the Digital Transition Content Security Act, also known as the Analog Hole Bill.

“Analog hole” is an artfully chosen term, referring to the fact that audio and video can be readily converted back and forth between digital and analog formats. This is just a fact about the universe, but calling it a “hole” makes it sound like a problem that might possibly be solved. The last large-scale attack on the analog hole was the Secure Digital Music Initiative (SDMI) which went down in flames in 2002 after its technology was shown to be ineffective (and after SDMI famously threatened to sue researchers for analyzing the technology).

The Analog Hole Bill would mandate that any devices that can translate certain types of video signals from analog to digital form must comply with a Byzantine set of design restrictions that talk about things like “certified digital content rights protection output technologies”. Let’s put aside for now the details of the technology design being mandated; I’ll critique them in a later post. I want to write today about the bill’s exemption for “professional devices”:

PROFESSIONAL DEVICE.—(A) The term‘‘professional device” means a device that is designed, manufactured, marketed, and intended for use by a person who regularly employs such a device for lawful business or industrial purposes, such as making, performing, displaying, distributing, or transmitting copies of audiovisual works on a commercial scale at the request of, or with the explicit permission of, the copyright owner.

(B) If a device is marketed to or is commonly purchased by persons other than those described in subparagraph (A), then such device shall not be considered to be a ‘‘professional device”.

Tim Lee at Tech Liberation Front points out one problem with this exemption:

“Professional” devices, you see, are exempt from the restrictions that apply to all other audiovisual products. This raises some obvious questions: is it the responsibility of a “professional device” maker to ensure that too many “non-professionals” don’t purchase their product? If a company lowers its price too much, thereby allowing too many of the riffraff to buy it, does the company become guilty of distributing a piracy device? Perhaps the government needs to start issuing “video professional” licenses so we know who’s allowed to be part of this elite class?

I think this legislative strategy is extremely revealing. Clearly, Sensenbrenner’s Hollywood allies realized that all this copy-protection nonsense could cause problems for their own employees, who obviously need the unfettered ability to create, manipulate, and convert analog and digital content. This is quite a reasonable fear: if you require all devices to recognize and respect encoded copy-protection information, you might discover that content which you have a legitimate right to access has been locked out of reach by over-zealous hardware. But rather than taking that as a hint that there’s something wrong with the whole concept of legislatively-mandated copy-protection technology, Hollywood’s lobbyists took the easy way out: they got themselves exempted from the reach of the legislation.

In fact, the professional device hole is even better for Hollywood than Tim Lee realizes. Not only will it protect Hollywood from the downside of the bill, it will also create new barriers to entry, making it harder for amateurs to create and distribute video content – and just at the moment when technology seems to be enabling high-quality amateur video distribution.

The really interesting thing about the professional device hole is that it makes one provision of the bill utterly impossible to put into practice. For those reading along at home, I’m referring to the robustness rulemaking of section 202(1), which requires the Patent and Trademark Office (PTO) to establish technical requirements that (among other things) “can only with difficulty be defeated or circumvented by use of professional tools or equipment”. But there’s a small problem: professional tools are exempt from the technical requirements.

The robustness requirements, in other words, have to stop professional tools from copying content – and they have to do that, somehow, without regulating what professional tools can do. That, as they say, is a tall order.

That’s all for today, class. Here’s the homework, due next time:
(1) Table W, the most technical part of the bill, contains an error. (It’s a substantive error, not just a typo.) Explain what the error is.
(2) How would you fix the error?
(3) What can we learn from the fact that the error is still in the bill at this late date?