September 29, 2022

White House Statement on Cell Phone Unlocking: A First Step Toward DMCA Reform?

Yesterday, the White House officially responded to the online petition to “Make Unlocking Cell Phones Legal,” which garnered more than 100,000 signatures in under 30 days. The Administration’s headline was emphatic: “It’s Time to Legalize Cell Phone Unlocking.” The tech press heralded this significant but symbolic first step in addressing some of the most egregious shortcomings of the Digital Millennium Copyright Act (DMCA). I hope the White House’s response signals a new chapter in the struggle to regain the freedom to innovate, research, create, and tinker. Last week, I discussed the petition and its context with Derek Khanna, who has been a champion of the cause. You can watch the video here:

As Derek pointed out, this battle is connected to a much larger policy problem: the DMCA bans many practices that are good for society–and without clear counterbalancing benefits. Reading the White House statement, it is hard to tell whether the Administration appreciates this fact.
[Read more…]

Is Spotify the Celestial Jukebox for Music?

In 1994, law professor Paul Goldstein popularized the term “celestial jukebox” to refer to his vision of a networked database of consumable on-demand media. In the face of copyright law that was ill-suited to the rapid rate of technological change, he described a system in which consumers would pay-per-play rather than purchasing and owning individual works. In his book Copyright’s Highway, he predicted that, “the pace of technological development is so fast and the forces of market demand so strong that the celestial jukebox, however configured, will be in place sometime early in the twenty-first century.”

The explosion of broadband and mobile internet access has made that viable, and countless startups have taken a stab at implementing the vision. One of the biggest challenges for these companies has been compiling a library of licensed works that is comprehensive enough to attract a critical mass of users. In the music market, the pay-per-play model has generally given way to monthly subscription or ad-based models. I’ve been a casual user of Last.fm and Pandora, but my listening habits haven’t been fundamentally altered. That changed last week when I finally decided to try Spotify. Spotify may be the first real contender for a mainstream “celestial jukebox” of music. But is that a good thing?

[Read more…]

Who Killed the Open Set-Top-Box?

A few years ago, I lived in Cambridge, Massachusetts. With my trusty Hauppauge WinTV-PVR-150 I enjoyed the ability to watch and record Comcast TV on my desktop computer — and even to occasionally edit and re-upload it to YouTube along with fair use critical commentary. When I moved across the river to Boston, Comcast required me to pay for a set-top box that would tune channels on my television. However, when I plugged my PVR-150 into the cable connection, it got almost no channels at all. As it turns out, the Comcast system in Boston had been migrated to use mostly digital signals, but my tuner card worked only with analog cable signals. Fair enough, I thought, I’ll buy a digital cable tuner. As it turned out, that wouldn’t help much. The cable companies had implemented encryption to fight “service theft” of most channels that subscribers had not paid for. As a result, I lost the ability to view channels I had paid for on a device of my choosing.
[Read more…]

Understanding the HDCP Master Key Leak

On Monday, somebody posted online an array of numbers which purports to be the secret master key used by HDCP, a video encryption standard used in consumer electronics devices such as DVD players and TVs. I don’t know if the key is genuine, but let’s assume for the sake of discussion that it is. What does the leak imply for HDCP’s security? And what does the leak mean for the industry, and for consumers?

HDCP is used to protect high-def digital video signals “on the wire,” for example on the cable connecting your DVD player to your TV. HDCP is supposed to do two things: it encrypts the content so that it can’t be captured off the wire, and it allows each endpoint to verify that the other endpoint is an HDCP-licensed device. From a security standpoint, the key step in HDCP is the initial handshake, which establishes a shared secret key that will be used to encrypt communications between the two devices, and at the same time allows each device to verify that the other one is licensed.

As usual when crypto is involved, the starting point for understanding the system’s design is to think about the secret keys: how many there are, who knows them, and how they are used. HDCP has a single master key, which is supposed to be known only by the central HDCP authority. Each device has a public key, which isn’t a secret, and a private key, which only that device is supposed to know. There is a special key generation algorithm (“keygen” for short) that is used to generate private keys. Keygen uses the secret master key and a public key, to generate the unique private key that corresponds to that public key. Because keygen uses the secret master key, only the central authority can do keygen.

Each HDCP device (e.g., a DVD player) has baked into it a public key and the corresponding private key. To get those keys, the device’s manufacturer needs the help of the central authority, because only the central authority can do keygen to determine the device’s private key.

Now suppose that two devices, which we’ll call A and B, want to do a handshake. A sends its public key to B, and vice versa. Then each party combines its own private key with the other party’s public key, to get a shared secret key. This shared key is supposed to be secret—i.e., known only to A and B—because making the shared key requires having either A’s private key or B’s private key.

Note that A and B actually did different computations to get the shared secret. A combined A’s private key with B’s public key, while B combined B’s private key with A’s public key. If A and B did different computations, how do we know they ended up with the same value? The short answer is: because of the special mathematical properties of keygen. And the security of the scheme depends on this: if you have a private key that was made using keygen, then the HDCP handshake will “work” for you, in the sense that you’ll end up getting the same shared key as the party on the other end. But if you tried to use a random “private key” that you cooked up on your own, then the handshake won’t work: you’ll end up with a different shared key than the other device, so you won’t be able to talk to that device.

Now we can understand the implications of the master key leaking. Anyone who knows the master key can do keygen, so the leak allows everyone to do keygen. And this destroys both of the security properties that HDCP is supposed to provide. HDCP encryption is no longer effective because an eavesdropper who sees the initial handshake can use keygen to determine the parties’ private keys, thereby allowing the eavesdropper to determine the encryption key that protects the communication. HDCP no longer guarantees that participating devices are licensed, because a maker of unlicensed devices can use keygen to create mathematically correct public/private key pairs. In short, HDCP is now a dead letter, as far as security is concerned.

(It has been a dead letter, from a theoretical standpoint, for nearly a decade. A 2001 paper by Crosby et al. explained how the master secret could be reconstructed given a modest number of public/private key pairs. What Crosby predicted—a total defeat of HDCP—has now apparently come to pass.)

The impact of HDCP’s failure on consumers will probably be minor. The main practical effect of HDCP has been to create one more way in which your electronics could fail to work properly with your TV. This is unlikely to change. Mainstream electronics makers will probably continue to take HDCP licenses and to use HDCP as they are now. There might be some differences at the margin, where manufacturers feel they can take a few more liberties to make things work for their customers. HDCP has been less a security system than a tool for shaping the consumer electronics market, and that is unlikely to change.

Will they ever learn? Hollywood still pursuing DRM

In today’s New York Times, we read that Hollywood is working on a grand unified video DRM scheme intended to allow for video portability, such as, for example, when you visit a hotel room, you’d like to have your videos with you.

What’s sad, of course, is that you can have all of this today with very little fuss. I use iTiVo to extract videos from my TiVo, transcoding them to an iPhone-compatible format. I similarly use Fairmount to rip DVDs to my hard drive, making them easy to play later without worrying about the physical media getting damaged or lost. But if I want to download video, I have no easy mechanism to download non-DRM content. BitTorrent gives access to many things, including my favorite Top Gear, which I cannot get through any other channel, but many things I’d like aren’t available, and of course, there’s the whole legality issue.

I recently bought a copy of Disney/Pixar’s Up (Blu-ray), which includes a “Digital Copy” of some sort that’s rippable, but the other ones are rippable as well (even the Bluray), so I haven’t bothered to sort out how the “Digital Copy” works.

(UPDATE: the disc contains Windows and Mac executables which will ask the user for an “activation code” which is then sent to a Disney server which responds with some sort of decryption key. The resulting file is then installed in iTunes or Windows Media Player with their native DRM restrictions. The Disney server, of course, wants you to set up an account, and they’re working up some sort of YouTube-ish streaming experiences for movies where you’ve entered an activation code.)

So what exactly are the Hollywood types cooking up? There are no technical details in the article, but the broad idea seems to be that you authenticate as yourself from any device, anywhere, and then the central server will let you at “your” content. It’s unclear the extent to which they have an offline viewing story, such as you might want to do on your computer on an airplane. One would imagine they would download an encrypted file, perhaps customized for you, along with a dedicated video player that keeps the key material hidden away through easily broken, poorly conceived mechanisms.

It’s not like we haven’t been here before. I just wonder if we’ll have a repeat of the ill-fated SDMI challenge.