March 29, 2024

Search Results for: aacs

Blu-Ray Tries to Out-DRM HD-DVD

Blu-Ray, one of the two competing next-gen DVD standards, has decided to up the ante by adopting even more fruitless anti-copying mechanism than the rival HD-DVD system. Blu-Ray will join HD-DVD in using the AACS technology (with its competition-limiting digital imprimatur). Blu-Ray will add two more technologies, called ROM-Mark and BD+.

ROM-Mark claims to put a hidden mark on all licensed discs. The mark will be detected by Blu-Ray players, which will refuse to play discs that don’t have it. But, somehow, it is supposed to be impossible for unlicensed disc makers to put marks on their discs. It’s not at all clear how this is supposed to work, but systems of this sort have always failed in the past, because it has always proved possible to make an exact copy of a licensed disc (including the mark).

BD+ will apparently allow the central Blu-Ray entity to update the anti-copying software in Blu-Ray players. This kind of updatability will inevitably add to the cost, complexity, and fragility of Blu-Ray players. Trying to do this raises some nasty technical issues that may not be solvable. I would like to find out more about how they think they can make this happen, especially for (say) cheap, portable players. (This technology was reportedly Fox’s reason for joining the Blu-Ray camp.)

As always, content will be copied regardless of what they try to do, and the main effect of these technologies will be to make player devices more expensive and less reliable, and to limit entry to the market for the devices. My guess is that some movie studio people actually believe these technologies will stop copying; and some know the technology won’t stop copying but want the power to limit entry.

Both groups must be happy to see the Blu-Ray and HD-DVD camps competing to make the most extravagant copy-prevention promises. To law-abiding consumers, each step in this bidding war means more expensive, less capable technologies.

HD-DVD Requires Digital Imprimatur

Last week I wrote about the antitrust issues raised by the use of encryption to “protect” content. Here’s a concrete example.

HD-DVD, one of the two candidates for the next-gen DVD format, uses a “content protection” technology called AACS. And AACS, it turns out, requires a digital imprimatur on any content before it can be published.

(The imprimatur – the term is Latin for “let it be printed” – was an early technology of censorship. The original imprimatur was a stamp of approval granted by a Catholic bishop to certify that a work was free from doctrinal or moral error. In some times and places, it was illegal to print a work that didn’t have an imprimatur. Today, the term refers to any system in which a central entity must approve works before they can be published.)

The technical details are in the AACS Pre-recorded Video Book Specification. The digital imprimatur is called a “content certificate” (see p. 5 for overview), and is created “at a secure facility operated by [the AACS organization]” (p. 8 ). It is forbidden to publish any work without an imprimatur, and player devices are forbidden to play any work that lacks an imprimatur.

Like the original imprimatur, the AACS one can be revoked retroactively. AACS calls this “content revocation”. Every disc that is manufactured is required to carry an up-to-date list of revoked works. Player devices are required to keep track of which works have been revoked, and to refuse to play revoked works.

The AACS documents avoid giving a rationale for this feature. The closest they come to a rationale is a statement that the system was designed so that “[c]ompliant players can authenticate that content came from an authorized, licensed replicator” (p. 1). But the system as described does not seem designed for that goal – if it were, the disc would be signed (and the signature possibly revoked) by the replicator, not by the central AACS organization. Also, the actual design replaces “can authenticate” by “must authenticate, and must refuse to play if authentication fails”.

The goal of HD-DVD is to become the dominant format for release of movies. If this happens, the HD-DVD/AACS imprimatur will be ripe for anticompetitive abuses. Who will decide when the imprimatur will be used, and how? Apparently it will be the AACS organization. We don’t know how that organization is run, but we know that its founding members are Disney, IBM, Intel, Microsoft, Panasonic, Sony, Toshiba, and Warner Brothers. A briefing on the AACS site explains the “AACS Structure” by listing the founders.

I hope the antitrust authorities are watching this very closely. I hope, too, that consumers are watching and will vote with their dollars against this kind of system.

CDT Closes Eyes, Wishes for Good DRM

The Center for Democracy and Technology just released a new copyright policy paper. Derek Slater notes, astutely, that it tries at all costs to take the middle ground. It’s interesting to see what CDT sees as the middle ground.

Ernest Miller gives the paper a harsh review. I think Ernie is too harsh in some areas.

Rather than reviewing the whole paper, I’ll look here at the section on DRM. Here CDT’s strategy is essentially to wish that we lived on a planet where DRM could be consumer-friendly while preventing infringement. They’re smart enough not to claim that we live on such a planet now, only that people hope that we will soon:

While DRM systems can be very restrictive, much work is underway to create content protections that allow expansive consumer uses, while still protecting against widespread distribution.

(They footnote this by referring to FairPlay, TivoToGo, and AACS-LA, which all fall well short of their goal.) CDT asserts that if DRM systems that made everyone happy did exist, it would be good to use them. Fair enough. But what should we do in the actual world, where DRM that everyone loves is about as likely as teleportation or perpetual motion?

This means producers must be free to experiment with various models of digital distribution, using different content protection technologies and offering different sets of permissions and limitations. [Government DRM mandates are bad.]

Consumers, meanwhile, must have real options for purchasing different bundles of rights at different price points.

Producers should be free to experiment. Consumers should be free to buy. Gee, thanks.

Actually, this would be fine if CDT really meant that producers were free to experiment with DRM systems. Nowadays, everybody is a producer. If you take photographs, you’re a producer of copyrighted images. If you take home movies, you’re a producer of copyrighted video. If you write, you’re a producer of copyrighted text. We’re all producers. A world where we could all experiment would be good.

What they really mean, of course, is that some producers are more equal than others. Those who are expected to sell a few works to many people – or, given the way policy really gets made, those who have done so in the recent past – are called “producers”, while those who produce the vast majority of new copyrighted works are somehow called “consumers”. (And don’t say that big media produces the only works of value. Quick: Which still images do you value most in the world? I’ll bet they’re photos, and that they weren’t taken by a big media company.)

Here’s the bottom line: In the real world, DRM policy involves tradeoffs, and requires choices. Wishing for a magical DRM technology that will please everyone is not a strategy.

Next-Gen DVD Encryption: Better, but Won't Stop Filesharing

Last week, specifications were released for AACS, an encryption-based system that may be used on next-generation DVDs. You may recall that CSS, which is currently used on DVDs, is badly misdesigned, to the point that I sometimes use it in teaching as an example of how not to use crypto. It’s still a mystery how CSS was bungled so badly. But whatever went wrong last time wasn’t repeated this time – AACS seems to be very competently designed.

The design of AACS seems aimed at limiting entry to the market for next-gen DVD players. It will probably succeed at that goal. What it won’t do is prevent unauthorized filesharing of movies.

To understand why it meets one goal and not the other, let’s look more closely at how AACS manages cryptographic keys. The details are complicated, so I’ll simplify things a bit. (For full details see Chapter 3 of the AACS spec, or the description of the Subset Difference Method by Naor, Naor, and Lotspiech.) Each player device is assigned a DeviceID (which might not be unique to that device), and is given decryption keys that correspond to its DeviceID. When a disc is made, a random “disc key” is generated and the video content on the disc is encrypted under the disc key. The disc key is encrypted in a special way and is then written onto the disc.

When a player device wants to read a disc, the player first uses its own decryption keys (which, remember, are specific to the player’s DeviceID) to unlock the disc key; then it uses the disc key to unlock the content.

This scheme limits entry to the market for players, because you can’t build a player without getting a valid DeviceID and the corresponding secret keys. This allows the central licensing authority, which hands out DeviceIDs and keys, to control who can make players. But there’s another way to get that information – you could reverse-engineer another player device and extract its DeviceID and keys, and then you could make your own players, without permission from the licensing authority.

To stop this, the licensing authority will maintain a blacklist of “compromised” DeviceIDs. Newly manufactured discs will be made so that their disc keys can be unlocked only by DeviceIDs that aren’t on the blacklist. If a DeviceID is added to the blacklist today, then players with that DeviceID won’t be able to play discs that are manufactured in the future; but they will still be able to play discs manufactured in the past.

CSS used a scheme rather like this, but there were only a few distinct DeviceIDs. A large number of devices shared a DeviceID, and so blacklisting a DeviceID would have caused lots of player devices in the field to break. This made blacklisting essentially useless in CSS. AACS, by contrast, uses some fancy cryptography to increase the number of distinct DeviceIDs to about two billion (2 to the 31st power). Because of this, a DeviceID will belong to one device, or at most a few devices, making blacklisting practical.

This looks like a good plan for controlling entry to the market. Suppose I want to go into the player market, without signing a license with the licensing authority. I can reverse-engineer a few players to get their DeviceIDs and keys, and then build those into my product. The licensing authority will respond by figuring out which DeviceIDs I’m using, and revoking them. Then the players I have sold won’t be able to play new discs anymore, and customers will shun me.

This plan won’t stop filesharing, though. If somebody, somewhere makes his own player using a reverse-engineered DeviceID, and doesn’t release that player to the public, then he will be able to use it with impunity to play or rip discs. His DeviceID can only be blacklisted if the licensing authority learns what it is, and the authority can’t do that without getting a copy of the player. Even if a player is released to the public, it will still make all existing discs rippable. New discs may not be rippable, at least for a while, but we can expect new reverse-engineered DeviceIDs to pop up from time to time, with each one making all existing discs rippable. And, of course, none of this stops other means of ripping or capturing content, such as capturing the output of a player or infiltrating the production process.

Once again, DRM will limit competition without reducing infringement. Companies are welcome to try tactics like these. But why should our public policy support them?

UPDATE (11:30 AM): Eric Rescorla has two nice posts about AACS, making similar arguments.