A way to attack DRM that isn't pointless

| Comments (4) | TrackBacks (14) |
I don't think all research into cracking DRM is pointless. In particular, work like John Haldeman's demonstration that the shift key could be used to bypass SunnComm's CD copy-protection mechanisms serves a useful purpose: deterring CD manufacturers who might otherwise have drunk the SunnComm kool-aid from inconveniencing customers without getting any real protection for themselves.

The difference is that there's basically no way for CD copy protection to actually be effective without inconveniencing far more users than the manufacturers would ever be willing to do. Pointing that out to them is a public service. Forcing Apple to tighten their DRM is not a public service because it's something that Apple is perfectly willing to do and so the only real effect is to make everyone more miserable.

And yes, I do recognize that this implies that there is a middle ground in which the manufacturers might be able to shift which region they're in by credibly committing to using DRM no matter what the cost.... Call this the "You're just making it harder on yourself" defense.

14 TrackBacks

Listed below are links to blogs that reference this entry: A way to attack DRM that isn't pointless.

TrackBack URL for this entry: http://www.educatedguesswork.org/cgi-bin/mt/mt-tb.cgi/182

reduce debt from reduce debt on July 28, 2005 6:35 AM

reduce debt Read More

real estate appraisal license from real estate appraisal license on September 7, 2005 8:53 PM

real estate appraisal license Read More

diamonds The banality of evil. Read More

Pregnantwomen fucking videos from Teensmovie sample gratis on October 20, 2005 8:49 AM

Lesbo bondage movies Brutal violent xxx sex free Gay ... Read More

Sigh. from foosh's blog on October 25, 2005 1:18 PM

Sometime I ask myself why I bother, but then I just take hits until it goes away. I think this topic is a 2 hitter. Ok I'm ready. Read More

Forced her sex pictures from Free sexy porns girls fucking with animals on November 3, 2005 1:02 PM

Photo of hentai Free teen porn video clips Photo video mother interracial Video gay dad Read More

poker casino251 from poker casino251 on February 11, 2006 7:23 AM

poker casino poker 69 Read More

party poker casino casino blackjack blackjack Read More

partypoker poker poker party poker party poker Read More

henderson nevada real estate from henderson nevada real estate on February 22, 2006 10:25 AM

henderson nevada real estate henderson nevada real estate las vegas real estate listings Read More

cheap flights paris from cheap flights paris on February 24, 2006 6:56 AM

cheap flights paris cheap airfares cheap airfares cheap discount airline cheap discount airline Read More

health insurance leads from health insurance leads on February 24, 2006 9:03 AM

groupings?Nanook repays parsings.Holman life insurance quote http://life-insurance-quote.insurance-renew.com/ Read More


One difference in the two cases is that the shift key copy protection wasn't widely deployed yet. Demonstrating its weakness prevented a problem system from being widely fielded. That would suggest that it is good to break DRM when it is still soon enough to change it cheaply; but once it is deployed, breaking it will be an expense for everybody.

OTOH, if it is weak it will be broken. Whose fault is it that a weak DRM system got deployed, such that now it will cost everyone to change it? Not necessarily the hacker who broke it.

A good upcoming example is the DVD-HD copy protection scheme, AACS, http://www.aacsla.com/. If that is going to have problems it would be best for everyone if they are discussed publicly now. Unfortunately the spec has not yet been published.

Another example is HDCP, the on-the-wire content protection system for HDTV. There are several published attacks and breaks. Niels Ferguson, http://www.macfergus.com/niels/dmca/cia.html, claims "My results show that an experienced IT person can recover the HDCP master key in about 2 weeks using four computers and 50 HDCP displays. Once you know the master key, you can decrypt any movie, impersonate any HDCP device, and even create new HDCP devices that will work with the 'official' ones. This is really, really bad news for a security system. If this master key is ever published, HDCP will provide no protection whatsoever." Other cryptographers have made similar observartions. Yet the companies are going forward anyway. HDCP is becoming widely deployed. How long will it be before this master key is published? And how expensive will it be then to change over to a new scheme?

It's going to be pretty bad, but I don't think we should blame the people who publish the key. Its the manufacturers who are at fault for knowingly going forward with a system which the experts say won't work.

I suspect that all innovative DRM-cracking research is useful, but I also think the empirical evidence that demonstrates DRM can work very effectively is undeniable.

And I'm not convinced that the availability of a "Master Key" voids the usefullness of the DRM implementation. DRM implementation is part law and part technology. The courts haven't yet voided legal protection for poorly implemented DRM technology.

After all, the master key to every DVD has been available for years and we haven't seen a collapse of the DVD market. Instead, we see a market where the vast majority of consumers still don't copy DVDs.

I'm not sure I would attribute this to DRM. After all, the wails of the RIAA aside, we haven't seen a collapse of the CD market either, even though CDs have been copyable since Day 1.

Available from Gartner, there is at least one market research report that suggests that if parents could, they would buy a DVD copying solution and they would significantly reduce their expenditures on DVDs. Gartner's analyst theorized that DRM was protecting a certain type of DVD producer.

I haven't really been looking for it, but I haven't seen any reasonable evidence that, in the CD market, this type of low/mid volume boutique producer hasn't already been affected.

Leave a comment