November 24, 2024

Posts Comments

HDMI and Output Control

April 13, 2006 by

Tim Lee at Tech Liberation Front points out an interesting aspect of the new MovieBeam device – it offers its highest-resolution output only to video displays that use the HDMI format.

(MovieBeam is a $200 box you buy that lets you buy 24-hour access to recent movies. There is a rotating menu of movies. Currently video content is trickled out to MovieBeam boxes via unused broadcast bandwidth rented from PBS stations. Eventually they’ll use the Internet to distribute movies to the devices.)

This is a common tactic these days – transmitting the highest-res content only via HDMI. And it seems like a mistake for Hollywood to insist on this. The biggest problem is that some HDTVs have HDMI inputs and some don’t, and most consumers don’t know the difference. Do you know whether your TV has an HDMI input? If you do, you either (a) don’t have a high-def TV, or (b) are a serious video geek.

Consider a (hypothetical) consumer, Fred, who bought an early high-def set because he wanted to watch movies. Fred buys MovieBeam, or a next-gen DVD player, only to discover that his TV can’t display the movies he wants in full definition, because his TV doesn’t do HDMI.

Fred will be especially angry to learn that his MovieBeam box or high-def DVD player is perfectly capable of sending content at higher definition to the inputs that his TV does have, but because of a bunch of legal mumbo-jumbo that Hollywood insists upon, his set-top box deliberately down-rezzes the video before sending it to his TV. Just imagine what Fred will think when he sees news stories about how pirated content is available in portable, high-def formats that will work with his TV.

The official story is that HDMI is a security measure, designed to stop infringers. It’s been known for years that HDMI has serious security flaws; even Wikipedia discusses them. HDMI’s security woes make a pretty interesting story, which I’ll explore over several posts. First I’ll talk about what HDMI is trying to do. Then I’ll go under the hood and talk about how the critical part of HDMI works and its well-known security flaws. (This part is already in the academic literature; I’ll give a more accessible description.) Finally, I’ll get to what is probably the most interesting part: what the history of HDMI security tells us about the industry’s goals and practices.

Officially, the security portion of HDMI is known as High-bandwidth Digital Content Protection, or HDCP. The core of this security design is the HDCP handshake, which takes place whenever two devices communicate over an HDMI cable. The handshake has two goals. First, it lets each device confirm that the other device is an authorized HDCP device. Second, it lets the two devices agree on a secret encryption key which only those two devices know. Subsequent communication over the cable is encrypted using that key, so that eavesdroppers can’t get their hands on any content that is distributed.

In theory, this is supposed to stop would-be infringers. If an infringer tries to plug an authorized video source (like a MovieBeam box) into a device that can capture and redistribute video content, this won’t work, because the capture device won’t be able to do the handshake – the authorized video source will recognize that it is unauthorized and so will refuse to sent it content. Alternatively, if an infringer tries to capture content off the wire, between an authorized source and an authorized TV set, this will be foiled by encryption. That’s the theory at least. The practice is quite different, as I’ll describe next time.

Filed Under: Uncategorized Tagged With: ,

Understanding the Newts

April 10, 2006 by

Recently I’ve been trying to figure out the politics of technology policy. There seem to be regularly drawn battle lines in Congress, but for the most part tech policy doesn’t play out as a Republican vs. Democratic or liberal vs. conservative conflict.

Henry Farrell, in a recent post at Crooked Timber, put his finger on one important factor. This was part of a larger online seminar on Chris Mooney’s book “The Republican War on Science” (which I won’t discuss here). Here’s the core of Henry Farrell’s observation:

There’s a strand of Republican thinking – represented most prominently by Newt Gingrich and by various Republican-affiliated techno-libertarians – that has a much more complicated attitude to science. Chris [Mooney] more or less admits in the book that he doesn’t get Newt, who on the one hand helped gut OTA [the Office of Technology Assessment] (or at the very least stood passively to one side as it was gutted) but on the other hand has been a proponent of more funding for many areas of the sciences. I want to argue that getting Newt is important.

What drives Newt and people like him? Why are they so vigorously in favour of some kinds of science, and so opposed to others? The answer lies, I think, in an almost blindly optimistic set of beliefs about technology and its likely consequences when combined with individual freedom. Technology doesn’t equal science of course; this viewpoint is sometimes pro-science, sometimes anti- and sometimes orthogonal to science as it’s usually practiced. Combining some half-baked sociology with some half arsed intellectual history, I want to argue that there is a pervasive strain of libertarian thought (strongly influenced by a certain kind of science fiction) that sees future technological development as likely to empower individuals, and thus as being highly attractive. When science suggests a future of limitless possibilities for individuals, people with this orientation tend to be vigorously in its favour. When, instead, science suggests that there are limits to how technology can be developed, or problems that aren’t readily solved by technological means, people with this orientation tend either to discount it or to be actively hostile to it.

This mindset is especially dicey when applied to technology policy. It’s one thing to believe, as Farrell implies here, that technology can always subdue nature. That view at least reflects a consistent faith in the power of technology. But in tech policy issues, we’re not thinking so much about technology vs. nature, as about technology vs. other technology. And in a technology vs. technology battle, an unshakable faith in technology isn’t much of a guide to action.

Consider Farrell’s example of the Strategic Defense Initiative, the original Reagan-era plan to develop strong defenses against ballistic missile attacks. At the time, belief that SDI would succeed was a pretty good litmus test for this kind of techno-utopianism. Most reputable scientists said at the time that SDI wasn’t feasible, and they turned out to be right. But the killer argument against SDI was that enemies would adapt to SDI technologies by deploying decoys, or countermeasures, or alternatives to ballistic missiles such as suitcase bombs. SDI was an attempt to defeat technology with technology.

The same is true in the copyright wars. Some techno-utopians see technology – especially DRM – as the solution. The MPAA’s rhetoric about DRM often hits this note – Jack Valenti is a master at professing faith in technology as solving the industry’s problems. But DRM tries to defeat technology with technology, so faith in technology doesn’t get you very far. To make good policy, what you really need is to understand the technologies on both sides of the battle, as well as the surrounding technical landscape that lets you predict the future of the technical battle.

The political challenge here is how to defuse the dangerous instincts of the less-informed techno-utopians. How can we preserve their general faith in technology while helping them see why it won’t solve all human problems?

Filed Under: Uncategorized Tagged With: ,

Guns vs. Random Bits

April 5, 2006 by

Last week Tim Wu gave an interesting lecture here at Princeton – the first in our infotech policy lecture series – entitled “Who Controls the Internet?”, based on his recent book of the same title, co-authored with Jack Goldsmith. In the talk, Tim argued that national governments will have a larger role than most people think, for good or ill, in the development and use of digital technologies.

Governments have always derived power from their ability to use force against their citizens. Despite claims that digital technologies would disempower government, Tim argued that it is now becoming clear that governments have the same sort of power they have always had. He argued that technology doesn’t open borders as widely as you might think.

An illustrative example is the Great Firewall of China. The Chinese government has put in place technologies to block their citizens’ access to certain information and to monitor their citizens’ communications. There are privacy-enhancing technologies that could give Chinese citizens access to the open Web and allow them to communicate privately. For example, they could encrypt all of their Internet traffic and pass it through a chain of intermediaries, so that all the government monitors saw was a stream of encrypted bits.

Such technologies work as a technical matter, but they don’t provide much comfort in practice, because people know that using such technologies – conspicuously trafficking in encrypted data – could lead to a visit from the police. Guns trump ciphers.

At the end of the lecture, Tim Lee (who happened to be in town) asked an important question: how much do civil liberties change this equation? If government can arbitrarily punish citizens, then it can deter the use of privacy-enhancing technologies. But are limits on government power, such as the presumption of innocence and limits on search and seizure, enough to turn the tables in practice?

From a technology standpoint, the key issue is whether citizens have the right to send and receive random (or random-looking) bits, without being compelled to explain what they are really doing. Any kind of private or anonymous communication can be packaged, via encryption, to look like random bits, so the right to communicate random bits (plus the right to use a programmable computer to pre- and post-process messages) gives people the ability to communicate out of the view of government.

My sense is that civil liberties, including the right to communicate random bits, go a long way in empowering citizens to communicate out of the view of government. It stands to reason that people who are more free offline will be tend to be more free online as well.

Which raises another question that Tim Wu didn’t have time to address at any length: can a repressive country walk the tightrope by retaining control over its citizens’ access to political information and debate, while giving them enough autonomy online to reap the economic benefits of the Net? Tim hinted that he thought the answer might be yes. I’m looking forward to reading “Who Controls the Internet?” to see more discussion of this point.

Filed Under: Uncategorized Tagged With: ,

Conscientious Objection in P2P

March 31, 2006 by

One argument made against using P2P systems like Grokster was that by using them you might participate in the distribution of bad content such as infringing files, hate speech, or child porn. If you use the Web to distribute or read content, you play no part in distributing anything you find objectionable – you only distribute a file if you choose to do so. P2P, the argument goes, is different.

Today I want to consider what you can do if you want to use P2P to access files, but you want to avoid participating in any way in the distribution of bad files. When I say a file is “bad” I mean only that you, personally, have a strong moral objection to it, so that you do not want to participate in its distribution. Different people will have different ideas about which files (if any) are bad. Saying that a file is bad is not the same as saying that it should be banned or that others should not be allowed to distribute it – choosing not to do something yourself is not the same as banning others from doing it. So this is not about censorship.

The original design of BitTorrent was friendly to those who wanted to avoid distributing bad files. You could distribute any files you liked, and by default you would automatically redistribute any file that you had downloaded. But you wouldn’t find yourself distributing any bad files (unless you downloaded bad files yourself), or even helping anybody find bad files. Others could read or publish what they wanted, but you wouldn’t help them unless you wanted to.

This is unlike Grokster or Gnutella, where your computer would (by default at least) help to construct an index that would help people find files of all types, including some bad files. You might think that’s fine and choose to participate in it, but then again you might be unhappy if the proportion of bad files that you were helping to index was too high for your taste, or their content too vile. Because BitTorrent didn’t have a built-in index, you could use it without running into this issue.

But then, about ten months ago, a new “trackerless” version of BitTorrent came along. This version had a big distributed index, provided cooperatively by the computers of everybody who was using BitTorrent. After this change, if you were using BitTorrent, you were helping to index files. (Strictly speaking, you would be providing “tracker information” for the files; I’m using “index” as shorthand.) Some of those files might be bad.

To be precise, you would be helping to index a small, and randomly chosen, subset of all the BitTorrent files in the world. And if it came to your attention that one of those files was bad, you could choose not to participate in indexing it, by simply refusing to respond to index queries about that file. Standard BitTorrent software doesn’t support this refusal tactic, but the tactic is possible given how the BitTorrent protocol is designed.

Your refusal to provide index information for a file would not, by itself, make the file unavailable. BitTorrent stores index information redundantly, so other people could answer the index queries that you refused to answer. Only if all (or too many) of the people assigned to index a file refused to do so would that file disappear.

If lots of people started refusing to index files they thought were bad, this would amount to a kind of jury system, in which each file was assigned to a random set of BitTorrent “citizens” who voted (by indexing, or refusing to do so) on whether the file should be available. If too many jurors voted to suppress a file, it would disappear.

By now, some of you are jumping up and down, shaking your fingers at me. This is an affront to free speech, you’re saying – every file should be available to everybody. To which I reply: don’t blame me. This is the way BitTorrent is designed. By switching to the trackerless protocol, BitTorrent’s designers created this possibility. And the problem – if you consider it one – can be fixed. How to fix it is a topic for another day.

Filed Under: Uncategorized Tagged With: ,

Bernard Lang Reports on the Proposed French DRM Law

March 28, 2006 by

[Bernard Lang, a prominent French computer scientist and infotech policy commentator, sent me an interesting message about the much-discussed legislative developments in France. It includes the first English translation I have seen of the proposed French law mandating open access to DRM technologies. He has graciously given me permission to post his message here, with some minor edits (mostly formatting) by me. Here is his report and commentary:]

The new French law on copyright (our own local version of DMCA), is called DADVSI for “Droit d’Auteur et Droits Voisins dans la Société de l’Information.”. “Droit voisins” stands for derived activities and works, mainly the work of performing artists – I translate it below as “adjacent rights”, not knowing a better or standard translation.

This copyright law is supposed to transpose into French Legislation the European Copyright directive of 22 May 2001.

The law was sent on a fast track procedure (meaning only one reading, rather than three, in each chamber), because it should have been passed a long time ago, and France may be fined by Brussels for being late. It has now passed the MP reading. This unique reading was supposed to take fifteen hours. It took sixty and got more publicity than the government wanted. It will be submitted to the senate in May. The current text and related documents are available online (just in case you read French and are interested).

I will not go into all details of that law, and keep to one aspect that is actually positive. The law also has many regressions that go beyond DMCA or anything accepted in other countries, such as the so-called “Vivendi-Universal” amendments, that have become articles 12-bis and 14-quater (this is temporary numbering) in the current text. These somewhat unprecise articles allow penal (12 bis) or civil (14 quater) suits against software authors whose software is “manifestly” used for illegal access to works.

The point I want to discuss is mostly in article 7, which essentially tries to turn any technical protection measure (TPM) into an open standard. We are lucky in that we have here a legal definition of what is an open standard, which specifies that the standard must be freely usable (including that it is not encumbered by IP).

One interesting fact is that this article 7 did not have most of these clauses when first voted during the debate. Then, on the last day (night ?) of the debate, after the last article, they reopened the debate on article 7 and voted the current version at 3h00 am. This was not a complete surprise, since it was known that several majority MPs were negotiating with the government.

Article 7 of the law (I am losing some technical legal subtleties in the translation, for lack of knowledge of legal vocabulary) actually creates a new article in the French Intellectual Property Code that states :

Article L. 331-5. –

Effective technical measures intended to prevent or limit uses unauthorised by the rightholder of a copyright or an adjacent right of any work, other than software, interpretation, phonogram, videogram or audiovisual program, are legally protected under the condition stipulated here.

Technical measures, in the sense of the previous paragraph, are understood as any technology, device, component, which, within the normal course of its operation, realizes the function intended in the previous paragraph. These technical measures are deemed effective when a use considered in the previous paragraph is controlled by means of an access code, a protection process, such as encryption, scrambling or any other transformation of the protected object, or a copy control mechanism, which achieves the protection objective.

A protocol, a format, a method for encryption, scrambling or transforming does not constitute as such a technical measure as understood in this article.

The technical measures should not result in preventing actual use of interoperability, not infringing copyright. Technical measures providers must give access to the information essential to interoperability.

By information essential to interoperability, we mean the technical documentation and the programming interfaces necessary to obtain, according to an open standard in the sense of article 4 of law n° 2004-575 of june 21st 2004 for trust in numerical economy, a copy of a reproduction protected by a technical measure, and a copy of the numerised information attached to this reproduction.

Anyone concerned may ask the president of the district court, in a fast track procedure, to compel a technical measures provider to provide information essential for interoperability. Only the logistic costs can be requested in return by the provider.

Any person desiring to use interoperability is allowed to proceed to decompiling steps that might be necessary to make essential information available. This disposition is applicable without prejudice to those of article L. 122-6-1. [note: this is the article regarding software interoperability that transposes into French law the part of the 1991 European directive regarding interoperability and some other provisions.]

Technical measures cannot be an obstacle to the free use of the work or the protected object within the limits of the rights set by this code [i.e. the French code of Intellectual Property] as well as those granted by the rights owners.

These stipulations are without prejudice to those of article 79-1 to 79-6 of law n° 86-1067 of September 30, 1986 regarding freedom of communication.

One cannot forbid the publication of the source code and technical documentation of independent software interoperating for legal purposes with a technical protection measure of a work.

No guaranties are offered for this translation, and I am not a lawyer 🙂

Some of the stipulations of this article are a little bit unclear, because of other articles (13 and 14) that may limit certains rights, especially in the 3rd paragraph from bottom. … It is not clear which prevails.

This text does not say that TPM must be open standards, but they they should be essentially like open standards, as long as they are not covered by patents … and we are not supposed to have software patents at this time, in Europe.

Now there have been strong international reactions to this text, some of which are reviewed on my web site, in English and/or French.

I was particularly interested in the comment by U.S. Commerce Secretary Carlos Gutierrez, in an article, “Commerce chief supports Apple’s protest over French law,” from America’s Network on March 24:

“But any time something like this happens, any time that we believe that intellectual property rights are being violated, we need to speak up and, in this case, the company is taking the initiative,” AFP quoted [Gutierrez] as saying [on MSNBC]. “I would compliment that company because we need companies to also stand up for their intellectual property rights.”

This is interesting, because I have been supporting for some time the view that DMCA-like legislation was actually attempting to create a new intellectual property right, a “DRM right”, that gives exclusive rights to the initial users of a DRM format to develop software interacting with it. Of course, no one, to my knowledge, would actually acknowledge the fact. [This is similar to what Peter Jaszi and others have called “paracopyright” in the U.S. – Ed]

Interestingly, one purpose of this new IP right is to prey on cultural creation and creators by controlling the distribution channels, while pretending to offer what seems to be mostly an illusion of protection.

The limitations of the French law just restrict technical measures to be what they are supposed to be: a protective device (for whatever it is worth), without giving any control to people other than the (rightful ?) rightowners of the work.

Without interoperability as required in the French law, DRMs (or TPMs if you prefer) behave pretty much like patents on formats and distribution models, without even requiring innovation, nor official application and examination, and without a time limit or compulsory licensing.

Now, I seem to recall that an obscure American legal document stating that:

The Congress shall have Power […] To promote Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries

is the basis for the existence of IP in the United-States.

If indeed, as asserted by Mr Carlos Gutierrez, the French law will infringe on Apple’s IP rights, these rights can only be in Europe (no software patents, recall) the new “DRM rights” I have been discussing above, and that are the consequence of the DMCA.

But if that is the case, this “DRM rights” require no novelty, nor are they limited in time, even in a formal way. Hence they can only be unconstitutional.

There are other interesting comments in the press. My preferred ones are :

French on to something with iTunes law, say analysts
Reuters, ZDNet, March 20, 2006.

Analysts say the French are on to something that the rest of the world has yet to figure out: It needs to set rules for this new market now or risk one or two U.S. companies taking control of online access to music, video and TV.

France debates new tunes for iPod
Thomas Crampton, International Herald Tribune, March 17, 2006 .

The French government’s approach is bold and the only one that makes sense,” said Michael Bartholomew, the director of the European Telecommunications Network Operators’ Association, a trade group based in Brussels.

And apparently, some professional organizations are finally coming to understand on which side their bread is buttered :

France May Force Apple to Open Up iTunes as Bill Moves Ahead
Rudy Ruitenberg, Bloomberg, March 20, 2006.

“The music industry is in favor of interoperability, it would make music accessible on more platforms. It’s quite a technical and complex provision, so it’s not quite clear how it’s going to work in practice,” [Olivia] Regnier [European regional counsel for the London-based International Federation of the Phonographic Industry] said.

The irony of this is that it is the free software organizations, presented by the “cultural community” (read “those who make pots of money in the name of culture”) as the utmost evil, who have been fighting for this interoperability clause.

I remember that, while some partners and I were being auditioned by government officials, their faces expressed surprise that we worried that artists should be able to publish their work, possibly protect their work, freely and without having to submit to the technology leveraged market control of a few large companies. My feeling was that no one else had expressed that concern before.

And, as usual, France Is Saving Civilization. But for the first time, Americans recognize the fact 🙂

How France Is Saving Civilization
Leander Kahney, Wired, March 22, 2006.

Well, that is all. I still have to read the week-end developments and prepare for the senate hearing of the law.

Filed Under: Uncategorized Tagged With: , ,