December 22, 2024

SunnComm Responds

Hiawatha Bray’s story in today’s Boston Globe reports on SunnComm’s response to Alex Halderman’s dissection of SunnComm’s CD copy-protection technology.

”There’s nothing in his report that’s surprising,” said SunnComm president Bill Whitmore. ”There’s nothing in the report that I’m concerned about.” Whitmore said his company’s system is simply supposed to give honest music lovers a legal way to make copies for personal use, not to stop large-scale piracy.

This is hard to square with SunnComm’s previous assertion that the technology offers “an incredible level of security”, that it “met the toughest standards”, and that it passed tests in which the “security level offered by the MediaMax technology was pushed to the limit.”

It’s also worth noting that if your goal is indeed “to give honest music lovers a legal way to make copies for personal use, not to stop large-scale piracy”, you can achieve this goal perfectly by offering ordinary, unmodified CDs.

UPDATE (Oct. 10, 10:50 AM): Don’t miss this satirical “story” at Kuro5hin.

Fixing Trusted Computing

The EFF has posted a very nice piece (apparently written by Seth Schoen) on “trusted computing” systems. The piece makes two important contributions to the debate. First, it gives the best simple introduction to trusted computing technologies that I have seen. Second, it suggests “owner override,” a technological tweak that would largely eliminate the downside of trusted computing (i.e., our loss of control over our own computers), while preserving most of trusted computing’s security benefits.

Story Time

In a speech today, John Fictitious, president of the Hospital Association of America, expressed his industry’s disappointment at the continuing prevalence of cancer in America. “Our industry stands ready to deploy a cure, but the doctors and drug companies have been unwilling to sit down at the bargaining table to work out a mutually agreeable cure,” he said. Spokesmen for the doctors and drug companies said they were always open to discussion, and asked for more details about the proposed cures and their side effects. But Mr. Fictitious accused them of foot-dragging: “The time for research and discussion is past. Cancer is widespread today. The simple fact is that the doctors and drug companies profit from cancer and would rather not make a deal.”

Congressional leaders expressed sympathy for the Hospital Association’s position. “We are very disturbed by the continued failure of the affected industries to reach an agreement,” said one senator. “If the industries cannot negotiate a solution to the cancer problem, we may have to step in and impose one.”

This is ridiculous, of course. Everybody knows that cancer is a scientific problem – it is an aspect of reality that cannot be negotiated out of existence and cannot be cured by government decree.

But substitute “copyright infringement” for “cancer”, “solution” for “cure”, “motion picture” for “hospital”, “Jack Valenti” for “John Fictitious”, and “software consumer electronics companies” for “doctors and drug companies”, and you get this story, which might have come from a recent newspaper:

In a speech today, Jack Valenti, president of the Motion Picture Association of America, expressed his industry’s disappointment at the continuing prevalence of copyright infringement in America. “Our industry stands ready to deploy a solution, but the software and consumer electronics companies have been unwilling to sit down at the bargaining table to work out a mutually agreeable solution,” he said. Spokesmen for the software and consumer electronics companies said they were always open to discussion, and asked for more details about the proposed solutions and their side effects. But Mr. Valenti accused them of foot-dragging: “The time for research and discussion is past. Copyright infringement is widespread today. The simple fact is that the software and consumer electronics companies profit from copyright infringement and would rather not make a deal.”

Congressional leaders expressed sympathy for the Motion Picture Association’s position. “We are very disturbed by the continued failure of the affected industries to reach an agreement,” said one senator. “If the industries cannot negotiate a solution to the copyright infringement problem, we may have to step in and impose one.”

Somehow, people who would see the fallacy clearly in the cancer story, seem to miss the same fallacy when the topic is copyright infringement. Technical problems cannot be solved by negotiation or by government decree; and trying to do so will only hold back the progress that might one day lead to a solution.

Why do so many people miss this point? That’s a topic for a later posting.

DRM and Black Boxes

Lisa Rein has posted (with permission) a video of my short presentation at the Berkeley DRM conference. I talked about the push to turn technologies into “black boxes” that the public is not allowed to study, understand, or discuss, and how that paralyzes public debate on important issues such as electronic voting.

"If It's Not Snake Oil, It's Pretty Awesome"

In today’s Los Angeles Times, Jon Healey writes about a new DRM proposal from a company called Music Public Broadcasting. The company’s claims, which are not substantiated in the story, give off a distinct aroma of snake oil.

The warning signs are all there. First, there is the flamboyant, self-promoting entrepreneur, newly arrived from another field. In this case, it’s a guy named Hank Risan, who was previously a dealer in high-end musical instruments.

“He is a very flamboyant guy, and he does things with a level of style that I don’t think is duplicated in the fretted-instrument industry,” said Stanley Jay, president of Mandolin Bros. Ltd., another elite dealer of stringed instruments. “In this industry, to make yourself stand apart, you need to be self-promotional. And he does that extremely well.”

Second, there’s the vaguely articulated theoretical breakthrough, described in mystical terms unintelligible to experts in the field:

Risan drew on his mathematical skills to come up with a different approach to the problem of unauthorized recording. Drawing on a branch of topology known as network theory, Risan said he could look at the networks a computer uses to move data internally and “visualize how to protect the copyrighted material as it transfers through those networks.”

The firm claims that its technology controls those pathways, letting copyright owners dictate what can and can’t be copied. “We control pathways that don’t even exist yet,” Risan said.

Third, there is the evidence that the product hasn’t been demonstrated or explained to its customers. But if it actually turns out to work, they are of course eager to buy it.

Zach Zalon of Radio Free Virgin, the online radio arm of Virgin Group, said he would love to license technology that prevented his stations’ Webcasts from being recorded by “stream ripping” programs. Stream rippers break through every anti-piracy program on the market, Zalon said, “so if you could somehow defeat that, it’s fantastic.”

An executive at a major record company who’s seen the technology for protecting streams and CDs said he was impressed, although he’s not sure the demonstration can be duplicated in the real world. “If it’s not snake oil, it’s pretty awesome,” he said.

And finally, the new product claims to invalidate an accepted, fundamental principle in the field – but without really explaining how it does so.

But as piracy experts are fond of saying, anything that can be played on a computer can be recorded, regardless of how it’s protected. Encrypted streams and downloads must be unscrambled to be heard on a computer’s speakers or shown on its screen. And there are several programs that can intercept music or video on its way to the speakers or screen after it’s been unscrambled.

As always, the burden of proof should be on those who are making the extravagant technical claims. If Risan and his company ever substantiate their claims, by explaining at a detailed technical level why their products prevent capture of audio streams, then those claims will deserve respect. Until they do that, skepticism is, as always, the best course.