add a comment
I have released a new white paper on content security requirements for video services that distribute content to multiple devices. This white paper discusses copyright owners’ requirements for security in today’s world of proliferating devices and delivery channels.
So-called managed networks (cable, satellite, and telco TV) are under increasing pressure to compete with “over the top” (OTT) video services that can run on any IP-based (unmanaged) network to a variety of devices — services like Netflix and Hulu. In the US, in fact, total subscriberships of OTT services are fast approaching the total subscriberships of cable, satellite, and telco TV.
Therefore pay-TV operators have to respond by making their content available on a similar variety of devices and even through unmanaged networks. While some major pay-TV providers like Comcast and Time Warner Cable are launching “TV Everywhere” services, many more pay-TV operators are trying to keep up by building their own service extensions onto mobile phones, tablets, and home devices other than traditional set-top boxes (STBs).
Content security is one of the many requirements that operators have to meet in order to license content from studios, TV networks, sports leagues, and other major content sources. Life for pay-TV operators used to be relatively simple: adopt a conditional access (CA) technology that was equally effective in thwarting signal theft as it was in thwarting content piracy. Economic and security goals were aligned between operators and copyright owners. Now life is considerably more complicated, as operators have to support home networks and branch out into mobile services. Content security requirements are more complicated as well.
This white paper gathers security requirements from major content owners and describes them in a single document. The intent is to help pay-TV operators and other video service providers that are looking to launch multi-screen video services, so that they know what to expect and avoid any unpleasant surprises with regard to security requirements when licensing content to offer through their services.
I spoke to representatives from most of the major Hollywood studios to get their requirements. Although it is not possible to build a gigantic table that an operator can use to look up DRM or conditional access requirements for any given delivery modality and client device — among other things, such a table would become obsolete very quickly — I was able to create a set of guidelines that should be useful for operators.
Content security guidelines do depend on certain factors, including release windows (how long after a film’s theatrical release or a TV show’s first airing), display quality, and the usage rules granted to users and their devices. In the white paper, I map these factors to certain specific content security requirements, such as roots of trust, watermarks, software hardening, and DRM robustness rules. Security guidelines also depend on external market factors that the white paper also describes.
add a comment
The 28-page paper describes the current state of the art of techniques for protecting video content delivered over pay television networks such as cable and satellite. The two primary theses of the white paper are:
- Pay TV often leads in content protection innovation over other media types and delivery modalities. That is because, among other reasons, it is a fairly rare case where the economic interests of content owners and service providers are aligned: content owners don’t want their content used without authorization, and pay-TV operators don’t want their signals stolen. Therefore pay-TV operators have incentives to implement strong and innovative content security solutions.
- Before today, many content security schemes could be described as hack-it-and-it’s-broken (such as CSS for DVDs) or a cycle of hack-patch-hack-patch-etc. (such as AACS for Blu-ray or FairPlay for iTunes). Now technologies are available that break the hack-patch-hack-patch cycle, thereby decreasing long-term costs (TCO) and complexity.
The white paper starts with a brief history of content protection technologies for digital pay TV, starting with the adoption of the Digital Video Broadcasting (DVB) standard in 1994. Then it describes various newer technologies, including building blocks like ECC (elliptical curve cryptography), flash memory, and secure silicon; and it describes new techniques such as individualization, renewability, diversity, and whitebox cryptography. It ties these techniques together into the concept of security lifecycle services, which include breach response and monitoring.
The final section of the paper discusses fingerprinting and watermarking as two techniques that complement encryption as ways of finding unauthorized content “in the wild.”
My thanks to Irdeto for sponsoring this paper.
Irdeto Acquires BD+ Technology from Rovi July 7, 2011Posted by Bill Rosenblatt in DRM, Economics, Technologies, Video.
add a comment
Irdeto announced that it has acquired the BD+ content protection technology for Blu-ray discs from Rovi Corp. (formerly Macrovision). This includes the team and patents related to Cryptography Research Inc.’s Self Protecting Digital Content (SPDC), which Rovi acquired in 2007.
Given the string of recent acquisitions that Rovi has unwound (eMeta, InstallShield, FlexNet, TryMedia, and others), most of which have to do with content security or license management, this deal would seem to be yet another in the same vein; and in fact, BD+ was the last content security asset that Rovi owned, apart from its legacy serial copy management technology. Rovi is apparently paring assets to focus on its metadata (acquired from All Media Guide and Muze) and Electronic Program Guide (Gemstar) businesses; Rovi has dominant market shares or IP positions in both areas.
But a conversation I had with Irdeto revealed an entirely different purpose for this deal: one of the major Hollywood studios brokered it in an attempt to fix Blu-ray security, which has been seriously hacked. Irdeto did not name the studio, but those who follow the industry closely can probably guess which one it is.
BD+ is one of two sets of security technologies used in the Blu-ray disc format. The other, AACS, has been hacked — but the impact of the hack is not as severe as that of other hacks, such as the hack to CSS for DVDs. Nevertheless, the security of Blu-ray discs is apparently so poor that Hollywood is concerned enough to find a solution.
The idea in this deal is that Irdeto will bolster the security of Blu-ray by applying the Cloakware software-security technology that it acquired in 2007. According to Irdeto, this is a nontrivial engineering challenge but one that it believes it can solve in a few months’ time.
When Blu-ray first hit the market, with its multiple layers of content security, I had thought it was a real breakthrough for Hollywood. It looked as though Hollywood had not only learned its lesson about approving content security schemes that are too easy to hack (such as CSS for DVDs) but also had figured out a way to get downstream entities, such as consumer electronics makers, to pay for truly superior security.
Yet now we know that Hollywood has, once again, gotten what it paid for. Now that the latest intelligence about the Blu-ray format says that rumors of its demise are exaggerated, Hollywood wants to shore up the format’s security and protect its release windows. It wants to rely Irdeto’s Cloakware technology to plug the holes.
This is a great vote of confidence in Irdeto. But relative to the bigger picture, one must ask: does it really change Hollywood’s behavior so that this kind of thing doesn’t happen again? To put the question another way: what does Irdeto get out of this deal that would create incentives for it and other vendors to produce truly superior content protection — technology that is secure and affords a decent user experience?
Irdeto isn’t offering an answer. The terms of the acquisition from Rovi are undisclosed. It is unlikely that Blu-ray equipment and software makers will pay more for a license to Cloakware-enhanced BD+ technology than they pay now. Irdeto says that it will get “something” if it completes the Blu-ray fix successfully, but it won’t say what that something is.
I get the feeling that it will mostly be bragging rights. Irdeto will get the cachet of having “fixed Blu-ray,” which will (so the logic goes) lead to other opportunities with future formats; such is the power of Hollywood studio endorsement of content protection technology. And there is certainly some value in the elegant SPDC technology and the patents and engineering team that came with Irdeto’s acquisition.
But — putting aside the price of the acquisition vis-à-vis the value of the Blu-ray revenue stream that comes with it — the value of this deal strikes me as illusory. It’s the analog of user advocates who say that Hollywood studios should give away their content online so that consumers can “engage with the brands.” Both Hollywood studios and content protection vendors are in business to make money from their products. The major studios generally operate on the proposition that more money makes for a better product. Why can’t they apply the same principle to content protection?
The Next Battlefield: 3D Printing May 9, 2011Posted by Bill Rosenblatt in Technologies, Uncategorized.
A couple of months ago, the advocacy organization Public Knowledge started posting pieces on its website about 3D printing technology and how it could become the next venue for overreach by intellectual property owners. I initially dismissed this as scare-mongering by an organization that, like all others of its type, is constantly on the lookout for causes around which to rally fundraising efforts.
But then PK issued a white paper on 3D printing and its implications for IP law which was well-researched, thought-provoking, and surprisingly balanced — more reminiscent of the output of a Center for Democracy and Technology or a Future of Music Coalition than of the polemics of an Electronic Frontier Foundation or of a… Public Knowledge.
And last month Ars Technica dished up an equally stimulating article on the same subject; I don’t know whether one inspired the other or vice versa. Anyway, my eyes and ears started to perk up.
What really did it for me was hearing Jaron Lanier’s keynote address last Thursday at the Festival of Ideas for the New City conference here in New York. He mentioned 3D printing as becoming huge once the technology gets down to the consumer range of price and complexity. Being the fan of Lanier’s writings that I am, I became convinced: 3D printing is worth much attention in the world of intellectual property and technology.
So what is 3D printing? It’s a manufacturing technique whereby a machine makes a physical object by “printing” it in many very thin layers. It’s typically referred to as a disruptive technology, but like all such things, it grows out of existing technologies and only becomes “disruptive” once it reaches a certain threshold of price, size, scale, complexity, or more than one of these.
Plenty of steps have been taken towards the scalable and economical automation of manufacturing. I’ve had experience with two of them. About thirty years ago, I wrote user-interface software for a computer-controlled lathe, an example of what we now know as CAD/CAM. With this software (which ran on a mainframe), you could draw the outline of a part you wanted to make, insert the raw stock (wood or metal) into the lathe, press a button, and have it make the part. More recently, I worked with a leading maker of printers and copiers which had a device for printing images on garments, such as T-shirts.
I’ll leave it to other sources, such as the Public Knowledge white paper, Ars Technica article, and Wikipedia to give better background on the emergence and potential of 3D printing than I can. But what strikes me the most about this technology from our perspective here is that it has the capacity to profoundly affect all areas of intellectual property.
If an everyday person can spend, say, US $1000 for a device that lets her make any plastic or polymer object up to a cubic foot in size for the cost of raw materials, and if that device can accept AutoCAD, Sketchup, or similar CAD/CAM files specifying what is to be made, then IP owners have a problem on their hands. With such a device, you could make something that infringes copyrights, trademarks, patents, or all of the above at once.
These three branches of IP evolved separately; see Adrian Johns’ Piracy for a very good summary of how they were originally distinguished from one another and then went their separate ways. Occasionally some law is made that borrows a concept from one branch of IP law and applies it to another; the most prominent recent example of this is the Supreme Court’s 2007 Grokster decision, which borrowed the concept of “inducement” from patent law and applied it to copyrights.
Applying all of the different strands of IP law to a single technology is a recipe for a mess — particularly when it comes to the legal concept of secondary liability, i.e. “helping someone infringe.” The maker of a 3D printing device would be held to different standards regarding patent, copyright, and trademark infringement.
IP owners will naturally begin to think about technical measures they can take (or attempt to require) to guard against infringement. With predecessor technologies to 3D printing, life was relatively simple — relatively. For example: In the project I did with the printer maker, the company wanted to sell the garment printers to small retailers so that they could produce garments with licensed images on them, on demand. The printers had a price tag in the low five figures (USD).
Think about applications such as sports venues (second-string player shoots a sixty-footer at the last second; everyone wants a T-shirt to commemorate the occasion but the kiosk doesn’t have any), party stores (My Little Pony on the front, Happy 5th Birthday Juliette on the back), or museums (I want a T-shirt of that Vermeer painting on the second floor, on a light blue background, in Extra Large). My involvement with the printer maker was to help design a service that could provide licensed images to the devices over the Internet while ensuring that the local merchant wouldn’t abuse them.
But 3D printing takes such concerns to a much more complex level. It’s easy to recognize trademarks and trademarked imagery. We know something about how to recognize and thwart copyright infringement. But what does “DRM for patents” even look like, and is such a concept even worth pursuing?
I certainly don’t have the answers. But I promise you that I will follow this fascinating area with interest as it unfolds.
PlayReady on Android and iOS Shines at NAB April 14, 2011Posted by Bill Rosenblatt in DRM, Mobile, Technologies.
1 comment so far
Three vendors of DRM technology made announcements timed to this week’s huge NAB conference in Las Vegas: AuthenTec, BuyDRM, and Discretix. The common theme among these announcements was support for Microsoft’ PlayReady DRM on the Android and Apple iOS platforms.
AuthenTec, a company based in Florida whose main business is fingerprint readers (as in human fingerprints, not digital ones), acquired DRM assets from SafeNet a year ago. These assets included a multi-DRM framework called DRM Fusion and OMA DRM software — acquired respectively from DMDSecure of the Netherlands in 2005 and Beep Science of Norway in 2008.
Usually this many acquisitions in so short a time implies deals that are euphemistically called “asset sales” and an acquiring company that lets the technology wither and die. I had serious doubts that AuthenTec was going to do anything with the SafeNet DRM product lines other than support existing customers, but this announcement dispels that doubt. DRM Fusion enables service providers to distribute content packaged in several different DRM formats; it originally supported Windows Media DRM (Microsoft’s older technology), then added OMA DRM support. Now it has added support for PlayReady in a downloadable application for Android and Apple iOS clients called DRM Fusion Agent.
BuyDRM of Austin, TX, is a longtime Microsoft partner that has built its DRM service infrastructure, KeyOS, around Windows Media DRM. It announced KeyOS: Cloud Edition, a version of KeyOS that uses Microsoft’s Windows Azure cloud-based service platform. Along with the support for Windows Azure, BuyDRM will be offering PlayReady for Android and iOS. BuyDRM has HBO Eastern Europe as a launch customer, and general release is planned for June.
Discretix of Israel has also been known for multi-DRM support, focusing on mobile clients. It too had been supporting Windows Media DRM and OMA DRM implementations. But its new product, SecurePlayer, focuses exclusively on PlayReady for Android and iOS. SecurePlayer is a downloadable application that combines a port of PlayReady to the target device along with a video player that is tightly coupled to the DRM. This is more secure than a DRM implementation that merely relies on a device’s native video player, where content can be exposed in the clear.
All of these DRMs focus on delivery of video to “app phones” and tablets, whether through download or streaming. This ties in with the more general trend of providing a given set of video content on any device — via a service like Hulu, the cable industry’s TV Everywhere initiative, or other channels. Services like these need cross-platform DRM support in order to comply with studio and network licensing requirements. Meanwhile, Microsoft is doing little by itself — other than making an SDK available — to help enable porting of its DRM onto non-Microsoft platforms. Thus the opportunity for these third-party vendors.
Another trend that these announcements indicate is further indication of OMA DRM 2.x’s fade into irrelevance. The number of services using this DRM has been small enough as it is. In the music market, its demise was hastened last year with the news that Vodafone was phasing out its OMA DRM 2.1-based mobile music subscription service in favor of paid MP3 downloads. The number of vendors offering OMA DRM implementations has dwindled.
Of course, other cross-platform DRMs for portable video-capable devices are available, such as Marlin (Intertrust) and NDS VideoGuard. (The fate of Widevine’s DRM technology after its acquisition by Google late last year is uncertain.) But PlayReady is the hot technology of the moment.
Now, on a completely different subject:
Personal Appeal for Aid to Japan
I have heard people say that the crisis unfolding in Japan is horrible but they aren’t sure how to help. Many organizations are collecting money, but it’s hard to know how it will be used or where it will go. Now here’s a more targeted and personal way to help:
My brother-in-law has lived in Japan for several years. He lives in Tokyo now, but he started out teaching English in a village called Kawauchi, which is within the evacuation zone in Fukushima Prefecture near the stricken Daiichi nuclear plant. He has deep personal relationships with people in the village and is organizing aid for its few thousand residents, who are currently in a facility analogous to the New Orleans Superdome after Hurricane Katrina here in the U.S. He says:
Toys and activities for children, school supplies, paper products including tampons, diapers for children and adults, personal wipes, tissues, toothpaste and toothbrushes (including for dentures) make-up, shampoo, games, new clothes, music, books and magazines (in Japanese only).
Sending along special foods and snacks will definitely be appreciated. Rations at the evacuation center are not particularly pleasant!
Aside from the basics, please feel free to send anything you think might cheer the villagers up. It is unlikely that any of them will be able to see their homes for many years, if ever.
Please note that people of Kawauchi Village cannot read English past a first grade level. Many of the evacuees are elderly, too.
Pass this note on and feel free to contact me directly if you have any questions. Thank you! – Barry Lustig, email@example.com
Here is the address:
Yoshinobu Ishii from Kawauchi Village
South 2-52, Koriyama City
telephone: (+82) 09022773557
Irdeto Sets Next Level in Video Content Protection March 7, 2011Posted by Bill Rosenblatt in DRM, Technologies, Video.
Last week, Irdeto of the Netherlands announced its new ActiveCloak for Media content protection technology for video. This is a real, bona fide breakthrough technique. It’s also revolutionary, in that it starts with a a bold statement for the DRM industry: an admission that it has a problem.
A long, long time ago, there was a myth: that DRM was hack-proof. Most knowledgeable people stopped believing this myth years ago, especially since it came to light that many DRMs were designed to be cheap to implement rather than strongly protective of content. But somehow the myth persisted and was very hard to eradicate.
The media industry responded to weak DRM in a couple of ways. First, they got a law passed that made hacking DRMs illegal. This law — the DMCA — placed liability for hacking solely on the hacker. The idea was to deter hackers through criminal penalties rather than to give incentives to technology vendors to create stronger DRMs, or to make the vendors liable for hacks.
Next, the industry created licensing frameworks for DRM technologies that bolstered them by imposing additional technical obligations on implementers. If you wanted to implement a system using a certain DRM technology, you had to agree to so-called robustness rules, which were designed to prevent the software “around” the DRM from leaving doors open to hackers. Robustness rules cover things like how to hide keys in software and how to “harden” software so that it can’t be reverse engineered.
As we know, DRMs are still routinely hacked.
Yet in some quiet corners of the industry, hacking is treated as a given. One example: the CEO of a software antipiracy technology company recently boasted about his company’s success in the gaming market. He measures success by the length of time until a game is hacked. The game publisher is pleased, he says, because his technology works well enough that games aren’t hacked until after their “new and hot” period is over. By this point, the game company has made the bulk of its money; it’s happy for the hacked game to “go viral” and generate demand for the next version of the game.
Try telling this to a Hollywood studio.
Meanwhile, DRM technologies have advanced by limiting the impact of hacks, through techniques such as key revocation (preventing the offending device from doing any more damage) and field-upgradeable encryption (changing the encryption algorithm so that a specific hack no longer works). But these techniques are analogous to making air passengers take their shoes off at security because someone tried to hide a bomb in his shoe once: they don’t prevent the damage from happening in the first place.
With last week’s announcement of ActiveCloak, Irdeto has taken the next logical step. Instead of trying to design DRMs so that they are hack-proof, or even so that they take as long as possible until they are hacked, assume they are going to be hacked and act before they are.
ActiveCloak enables network operators and service providers to change the content protection software proactively as well as reactively. Instead of upgrading the encryption or revoking keys after a hack — or as we Americans say, locking the barn door after the horse has escaped — ActiveCloak lets operators change the client configuration on a regular basis at intervals shorter than the time to expected hack. (Service providers could do this on their own, but ActiveCloak makes the process automated and much more straightforward.)
Irdeto doesn’t just do this by changing encryption keys or even random seeds used in code obfuscation algorithms. ActiveCloak represents a synergy between Irdeto’s legacy content protection technology for digital TV and the software hardening and key hiding technologies of Cloakware, which Irdeto acquired in late 2007.
Cloakware’s main offering in the digital media industry is tools and techniques for hardening DRM implementations so that they meet robustness rules. Many implementers of several different DRMs use Cloakware to harden their code; its only real competition in the digital media market is the smaller Arxan Technologies.
In fact, when the acquisition was announced three years ago, I had assumed that Irdeto’s objective was to collect a “toll” from those who implement content protection solutions from its competitors.
Now we have a product that embodies true synergies between the legacy Irdeto and Cloakware technologies. The system renews itself with respect to the key hiding and code hardening as well as the content protection itself, and it does so on a proactive basis. ActiveCloak gives new meaning to the term “race against the hackers”: hackers must do their thing before the clock runs out and the system is renewed. The integration of Cloakware’s technology makes outwitting this system that much more difficult — assuming, of course, that no one figures out a way to disable the overall scheme.
As Irdeto admits, ActiveCloak will be more expensive than comparable video content protection technologies — in terms of both upfront cost and operational complexity. The company argues that the total cost of ownership is lower than that of a system that has to be patched or replaced due to hacks.
With pay TV operators (cable or satellite), this may well be a reasonable sales proposition. Pay TV operators are somewhat unique among content service providers in that their economic incentives are aligned with those of TV networks, movie studios, and other content owners: none of these entities want their signals to be stolen. The same is emphatically not true for, say, an Internet content retailer or consumer device maker.
ActiveCloak for Media is initially targeted toward OTT (over-the-top or IP-based) content delivery to tablet, Google TV, and other devices. Ports to Apple iOS, Android, and Intel’s “Sodaville” chipset for set-top boxes exist. The technology is running on three Google TV platforms, Boxee, and tablet and PC implementations with unnamed operators.
Although ActiveCloak is a real step forward in content protection technology, it still presupposes that Hollywood is dissatisfied enough with current technologies — and the various legal backstops — to make its content licensees pay a premium for the new technology. It’s doubtful that Hollywood studios will take other content protection technologies off their “approved lists,” but it may make robustness rules more stringent with respect to renewability.
At the same time, I’ll hazard a guess that if this approach catches on — if the rest of the industry is willing to admit that it has a problem — then Irdeto’s competitors will be looking to emulate ActiveCloak. If I were Arxan, I’d have investment bankers ready and waiting to field the incoming acquisition offers. And if I were Irdeto, I’d have my patent lawyers working overtime to protect the technology.
My Remarks at the National Academies October 17, 2010Posted by Bill Rosenblatt in Economics, Events, Law, Technologies, United States.
add a comment
Remarks made at the National Academies’ workshop on the Impact of Copyright Policy on Innovation in the Digital Era, October 15, 2010, Washington, DC.
Good morning. First I would like to thank the committee for the opportunity of being invited here today. It’s an honor to be here. The issues being discussed here are ones that I have studied and cared deeply about for years. I’m thrilled to see the potential for research to solve some of the pressing issues around copyright policy in the digital age.
My name is Bill Rosenblatt. I’m president of GiantSteps Media Technology Strategies, a consulting firm based in New York. I consult on rights technologies, among other things. I’m the author of a book on DRM, which is ancient history by now, I suppose. I’ve worked with clients from across the spectrum of these issues for many years.
As a consultant, I try not to take sides in this debate. My only personal bias is that I was raised by professional musicians, so I am in favor of content creators being able to make a living. I’m a computer scientist by training, but also an author and editor, and someone who has worked in the content as well as technology industries.
The prospectus for this Workshop notes that debates over digital copyright have been philosophical and emotional rather than economic or fact-based. I was happy to see this acknowledged, because it’s absolutely what I see too.
I would like to draw attention to two particular issues that I have focused on, and that I believe are particularly in need of objective research.
- The economic imbalance that I perceive between demands for rights technologies and the costs of implementing them.
- Something I call the trap door between laws and technologies.
For each of these, I’d like to describe the problems that I believe can be addressed by appropriate research.
Regarding the first one, the economic imbalance: copyright owners demand that downstream entities in the content value chain, such as distributors, retailers, and consumer electronics makers, implement digital rights technologies in order to get licenses to use content. But in general, the downstream entities pay for those technologies; the content owners don’t. This has led to two common outcomes, both of which are not optimal: first, downstream entities implement the cheapest and simplest rights technologies that they can get away with, or second, in many cases, they implement technologies that benefit them at least as much as they benefit content owners.
One example of the first outcome is the CSS protection for DVDs, which was, in my view, designed primarily to be cheap to implement rather than to actually protect content well. It was hacked in a matter of weeks after its release, the hack was applicable to all protected DVDs worldwide, and it was easy to use. An example of the second outcome is Apple’s FairPlay DRM technology for iTunes, which was designed to promote platform lock-in as well as content protection. I don’t mean to pick on these particular technologies; they are just examples, and there are others.
No one really knows how to fix this problem, because no one actually understands the value of these technologies – to content owners, to retailers, device makers, or to consumers. Various studies have been done on related subjects, such as losses to content industries from copyright infringement, the effect of DRM on content pricing to consumers, the effect of file-sharing on music piracy, contributions that Fair Use has made to the Gross Domestic Product, and so on.
How helpful are these studies? Well, the Government Accountability Office released a report this past April that not only cast doubt on their validity but expressed skepticism that the economic impact of IP infringement can be measured at all with any kind of accuracy. I had seen some of the studies mentioned in the GAO report and also felt that their methodologies and objectivities left much to be desired.
I’m not the only one who sees this imbalance. A couple of years ago, Professor Jonathan Zittrain of Harvard Law School said at a conference that the key issue in Viacom’s copyright litigation against YouTube was the cost and responsibility of implementing copyright filtering technology. Litigations such as that one and similar ones like Universal Music Group v. Veoh are really attempts to obtain or rebuff technological mandates, so that the government decides (or doesn’t decide) who has to pay for what technology. There may well be legal and philosophical principles that guide such decisions, but there are economic ones as well, and these go largely unexplored.
Despite the GAO report’s pessimism, I believe that if the questions are posed carefully and the research is done well and objectively, we can get some answers to questions like these:
- How much better is a content protection system that costs more to implement, in terms of both content security and the consumer experience?
- What are the differences in cost-effectiveness and user experience between proactive and reactive solutions to infringement? (DRM is an example of a proactive technology. Forensic watermarking is an example of a reactive one.)
- What is the appropriate economic consideration or incentive in requiring network operators to be accountable for their users’ copyright infringements through means such as filtering technologies and “progressive response” laws?
- And many others that I could think of.
The second issue that I’d like to mention today is what I call the trap door between laws and technologies.
It’s the digital age; everything about digital content is automated and instantaneous: copying, distribution, storage, searching, browsing, playback, etc. Everything, that is, except decisions about copyright infringement. You can do whatever you want with content, but in a large and growing number of cases, you have to call lawyers in to decide questions of legality. Or as Larry Lessig once said, “Fair Use is the right to hire a lawyer.”
I prefer to say that Fair Use is a trap door into the legal system. Whenever you get to a copyright gray area, you fall through the trap door, and you have to stop doing what you’re doing.
The problem is not just that people have to hire lawyers and embark on potentially long legal proceedings. It’s also that consumers and especially entrepreneurs tend to shy away from activity that may or may not be legal, because of the fear of going through a legal process to get the question decided.
My view is that the trap door is itself a chill on expression and innovation. It’s as if you’re driving; speed limits aren’t posted, and you have to guess how fast you can drive based on the width of the road, type of road surface, presence of pedestrians, and so on – and if you aren’t sure, you could pay a traffic lawyer to go spend a year figuring it out for you — all so that you can drive to the mall one afternoon or, as Google apparently just did, invent a new type of self-driving car.
Wouldn’t it be easier if we had a copyright legal system that enabled at least some degree of automation of decisions on fair use and other issues? Apparently not, according to most lawyers. When I raised this possibility on a panel at my last conference, the attorneys on the panel – who represented a broad range of copyright interests – reacted with a mixture of bemusement and annoyance.
But my view is that this step is unavoidable given the realities of the digital age. And in fact, like it or not, our legal system does introduce rule-based judgments about appropriate use. For example, the Copyright Office’s triennial rulemaking on DMCA 1201 produces a list of legally permitted uses. But of course these are severely constrained and don’t have much practical impact.
The problem, once again, is that arguments are being made on philosophical or emotional rather than fact-based grounds. People say that Fair Use shouldn’t be made more automatable because business models and technologies change too rapidly, and it’s the flexibility that gives the law its staying power. That may be true, but to me it’s a cop-out.
The issue has just not been explored properly. It may well be that our principle-based Fair Use system is better, in some sense, than, say, the European system or some other type of copyright regime. But we don’t really know one way or another. And by the way, what I’ve said applies not only to Fair Use but to Section 109 and other parts of the copyright law.
A nonprofit organization called the Digital Media Project tried to solve this problem several years ago. The DMP was created by Leonardo Chiariglione, the founder of the MPEG standards body. They tried to do something that could have been great, if only they had finished the job.
The DMP created an open standard DRM technology. One of its design goals was that this technology should support what they called Traditional Rights and Usages (TRUs), which vary from one country to another according to copyright laws. From what I can tell from reading their documents, the DMP made some progress on mapping TRUs to digitally expressible and automatable constructs, but it essentially abandoned the effort three years ago. They did create a long list of TRUs but only came up with a few examples of the mapping.
Someone ought to try to continue the work that the DMP started — though with a different goal: not to try to shoehorn existing copyright constructs into a DRM system, but just to see how far it could reasonably go. Right now — the Copyright Office’s DMCA rulemaking notwithstanding — rules about appropriate use arise primarily from a very ad hoc combination of settled case law precedents (such as parody or criticism being fair use) and industry convention (such as for music sampling). Research could be done to explore both the boundaries of how current copyright law can be made more amenable to technological implementation and the pros and cons of changing copyright law so as to make the trap door smaller.
Those are the two sets of issues in digital copyright that I believe would benefit from the research that the committee contemplating. Thanks for your attention, and thanks again to the committee for inviting me today.
Assessing the HDCP Hack September 19, 2010Posted by Bill Rosenblatt in DRM, Standards, Technologies, Video.
Intel confirmed last Thursday that a hack to its High Definition Content Protection (HDCP) link protection scheme for high-def video had been discovered and published online. HDCP is used in Blu-ray players, DVD players, set-top boxes, and other devices to protect high-definition content when it is transferred to other devices, such as TV monitors. After several days of conjecture and dubiously informed blog posts, some facts have become clear that enable us to assess both the nature and impact of this hack.
First, given that Intel designed HDCP in the first place, we can take its word as authoritative. Second, someone either leaked or discovered the master key* that is used within the “root of trust” for the HDCP system, which is the Intel subsidiary Digital Content Protection LLC (DCP). They also figured out a way to use that master key to generate the unique private keys that DCP normally generates per device, which enable HDCP-compliant devices to encrypt and decrypt content.
There are two big differences between the nature of this hack and that of the CSS encryption scheme for DVDs, to which DRM hacks are often compared. First, CSS was so weakly designed that all the hackers had to do was discover a single set of keys which are present on all DVD players; in contrast, HDCP does not actually store its master key on user devices. Hollywood has at least learned that lesson about key management. In contrast, the HDCP hack depends on computing device private keys on a per-device basis.
Second, not only is computing device keys harder to do, but it can’t be done in software; it has to be done in silicon. We’ll talk more about this shortly when we discuss the impact of the hack.
HDCP is designed to be able to revoke devices with compromised keys. The hack, once someone actually implements it, makes this task essentially useless. An HDCP ripper would keep generating new device private keys, which the overall HDCP scheme would have to revoke by constantly updating lists of revoked devices that are embedded into HDCP-encrypted content, such as Blu-ray discs. It would be both inordinately expensive and ultimately futile to do this.
Worse, it’s only possible to revoke HDCP device keys, not renew them, as is possible in DRM schemes that take advantage of device connectivity, such as Marlin. This design decision results from the fact that many current HDCP-compliant devices are unconnected devices such as Blu-ray players, and it’s only practical to renew keys over a network (just ask makers of SmartCard-based conditional access systems for cable TV, which have to physically ship new SmartCards if old ones are compromised).
The master key for HDCP, like that of other DRMs, was only supposed to be known to a “root of trust” (central security authority) — in this case DCP. Either the key was leaked or it was discovered.
Researchers in 2001 had found a hack for discovery of the HDCP master key that involves collecting 40 different HDCP-compliant devices and working backwards from their private keys to calculate the master key. The number 40 is a function of the configuration of the cryptographic algorithm that HDCP uses: Blom’s scheme, invented in the early 1980s. It determines a data matrix that would have to be kept in memory, the size of which increases geometrically with the size of the number. So, the choice of 40 was a compromise — inevitable in all DRMs — between security and implementation cost.
The eminent cryptographer Paul Kocher — one of the brains behind the BD+ protection scheme for Blu-ray discs — says that the hack resulted from poor design. But it’s also possible that a DCP insider leaked the key. Even if the latter was the case, the system was designed with the weakness that knowing the master key makes it possible to use it outside of the root of trust environment to create device private keys. This was another choice made in the interest of low implementation cost rather than security.
Now let’s talk about the practical impact of the hack. It is just as wrong to suggest, as some have, that the HDCP hack has the same impact on high-definition video as the CSS hack has had on DVDs. Part of the assessment of the strength of the security of a DRM system is that of the fallout when the system is inevitably cracked.
First of all, the impact of the HDCP hack is such that it would be necessary to create chips that implement it. As some have pointed out, a fabrication facility somewhere in China may well be working on just such a chip as I write this, and soon Blu-ray players and other devices with the chip, or standalone HDCP ripper devices, could appear on the black market or outside the United States.
This is a “hardware speed bump” in the sense that someone has to manufacture the devices and sell them, presumably at a profit. Such devices would be illegal in the US and various other countries under anticircumvention law. People would have to find, buy, and use the devices; and the devices would require real-time playback of the video to make the decrypted content available.
In contrast, the CSS hack led to software DVD rippers that anyone could download over the Internet, and the odds of detecting such (also illegal) activity are virtually nil. Furthermore, so-called DeCSS rippers work almost instantaneously and do not require real-time playback. With movies, this is a big difference.
Intel’s stance on the HDCP hack is that it won’t affect their business. You’d expect Intel to say that, but in this case it’s basically true. Unencrypted, uncompressed movies appear on BitTorrent sites now; this process will become somewhat easier for dedicated rippers to do once HDCP rippers become available, but the average BitTorrent user won’t experience much difference.
Let me say this one more time: just because there’s a hack to a DRM scheme does not necessarily mean that every piece of content encrypted with that DRM scheme is suddenly in the clear.
Here is the analogy I like to use to explain this; it is not terribly accurate but illustrative anyway. Let’s say I develop a technique for picking a certain popular brand of combination locks and publish it on a web page. That does not mean that every school locker using that lock is suddenly open and millions of backpacks, sweatshirts and textbooks are stolen. Even leaving aside the fact that a lock-picker has to physically go to each lock and operate on it, taking advantage of the hack may require special skills, special tools, and time to work.
I have not in recent years met anyone in the media industry who believes that any DRM is hackproof. Furthermore, studios treat HDCP and other DRMs as just a few of many tools for keeping consumers buying their content and not infringing their copyrights. Thus, this hack is unlikely to affect the attitudes that Hollywood studios have towards DRM.
*I made a comment on a popular tech blog that there wasn’t a single master key. My comment was incorrect. At the time, I did not properly understand the nature of the hack, and I did not make the distinction between master keys that are actually present on client devices by design (a la DVDs and CSS) versus those that are designed to exist only within the confines of the root-of-trust facility (DCP in the cast of HDCP). However, the author of this blog piece also failed to make that distinction and generally under-researched and mischaracterized the hack, in his usual fashion. For that reason, I won’t name the blog or author.
The IEEE Standards Association has approved the formation of a new working group, P1817, the Standard for Consumer-Ownable Digital Personal Property. Chairing the working group is Paul Sweazey, an engineer who has been working on this idea for some time. A draft spec of P1817 is available, and the first working group meeting of the initiative will be in Silicon Valley on July 14.
The basic idea of P1817 is as old as the first generation of DRM implementations: to approximate important characteristics of physical media products in the digital world, so that physical-world business models can migrate online. But P1817 follows a different approach to this goal than DRM systems have done so far. Briefly, it binds a “playkey” tightly to an encrypted content file, so that you have to possess the playkey in order to play the content (or more accurately, to decrypt a content key which unlocks the content). So far, so typical; but here’s the difference: a key identification and management scheme sits in the background and ensures that only one user can possess a given playkey at a time.
Contrast this with DRM schemes that incorporate licenses that are bound to devices, such as those used for mobile handsets, like OMA DRM v.1. In this type of scheme, it’s not normally possible for a user to pass the content and the license to another user. In other schemes, licenses cover a set number of devices, such as Apple FairPlay’s limit on the number of PCs, Macs, or iPods that can play an encypted iTunes file.
With P1817, it is supposed to be easy for users to pass playkeys to others. Owners of content (e.g., those who purchase it online) also get a second playkey, which sits in what amounts to an online rights locker and allows the user to access the content over the Internet from any connected device.
The purpose of this standard is to make it so that purchasers of digital products get rights that are more similar to those embodied in physical products than has been the case with previous DRMs. You can play the content (on a player that supports this scheme) without connecting to a server for license issuance or authentication. You can give your key out to others whom you trust to give it back to you, just as if you would lend or rent out content; the key is tied to the user’s identity so that rights resembling First Sale in copyright law (a/k/a Exhaustion in most countries outside the US) are ensured.
Sweazey positions P1817 as being different from DRM. He says that DRM is good for models like streaming and subscriptions, which preclude consumer ownership of content, while P1817 is explicitly about ownership.
But let’s face it: P1817 is a form of DRM. In effect, it’s a further extension of a theme pioneered around 2001-2 by Microsoft for its e-book DRM (Digital Asset Server): a publisher could select a level of protection whereby the e-book’s cover page contained some valuable personal information, such as the credit card number used to buy the e-book. The idea was that the user would only feel comfortable giving a copy of the e-book to someone whom she trusted with her credit card number. Later schemes, like Light Weight DRM (2003) and Bitmunk (2004), took this a step further by embedding watermarks into the content with personal information.
Yet in none of those cases was the content encrypted, meaning that users could still make copies and give them to people they trust. Paul Sweazy’s scheme encrypts content and thus does not allow this. His idea is to create an environment where content is protected from rampant unauthorized copying and yet consumers feel that they have bought something that they actually own, and are not “licensing” or “renting” or subjecting themselves to periodic “phone-homes” or license checks or renewals.
Nate Anderson of Ars Technica has raised thoughtful objections to the P1817 scheme. One of them was that because it seeks to emulate the physical world, it’s retrograde. But let’s remember that Apple succeeded with the iTunes Music Stores by emulating the “retrograde” model of a record store online. People understand record stores; they didn’t understand the other online music models of that era (around 2003), which were as confusing and opaque as early cell-phone usage plans. If “retrograde” means that consumers are more likely to accept it, then it may be a good thing.
Anderson also objected to P1817 because it’s a content encryption system and thus is inevitably going to be hacked — and then what happens? My view is that this isn’t all that important. Just as DRMs can be hacked, so can analog products be copied… potentially with some time, trouble, and cost on both sides. I have never agreed with the copyleft truism that DRMs become worthless (from a security standpoint) if they are hacked.
To me, there are more fundamental questions about this scheme that must be addressed. If you’ve followed my writings closely for a while, you can probably guess the first question I’d ask: who would pay for this? I.e., what type of entity would be motivated to pay for the technology necessary to implement P1817 - which relies on hardware and software in consumer devices as well as servers and authentication infrastructure?
Consumer device and software vendors might be interested in adopting such technology if they are confident that media companies will issue their most important content under this scheme. So let’s start answering the question by looking at different media markets.
The music industry? No. They’ve abandoned DRM for permanent Internet downloads and are distributing individual tracks in unprotected MP3 format; and there’s a trend toward file-sharing rules in music services that still use DRM which are already more liberal than those implied in P1817. Music companies would not see a need for this scheme.
Not Hollywood, either: many movie studios are eager not to enable First Sale (Section 109 of the US copyright law) for digital downloads because they believe it means lost revenue from potential incremental purchases. Fox, for example, is even careful to avoid using the otherwise common term “electronic sell through” (EST) to describe schemes like iTunes movie sales; instead they prefer the term “electronic license,” because it implies that the transfer of content to the user is not a sale of a copyrighted work — a question that is unsettled under current law.
If there is a market for P1817, it has got to be book publishing. With a few minor exceptions, book publishers have only implemented digital business models that emulate physical books. There are no analogs to “streaming” in book publishing, unless you count browser-based platforms such as Google Editions or Amazon Pages (which display page images in web browsers). There are only a couple of subscription e-book services in niche markets: only Safari Books Online (O’Reilly and Pearson) for IT professionals and Disney Digital Books for children come to mind.
A DRM system for e-books that emulates First Sale might actually satisfy publishers. After all, book publishers have lived with First Sale – i.e., with public libraries and used bookstores — for decades or centuries longer than record labels or film studios. They don’t like First Sale in certain market segments, such as textbooks, but otherwise most publishers understand that support of First Sale is key to consumer acceptance of e-books.
The objections people raise to e-book DRM generally fall into two categories: you can’t share e-books, and you can only read them on certain devices. P1817, if done right, solves the first of these problems. But it only solves the second if every device implements it. That isn’t going to happen without economic incentive, i.e., subsidy. And even then it’s a challenge.
Open standards in DRM only stand a chance of success if they have financial backing. The only truly successful open DRM standard is OMA DRM v1, which probably has an installed base of a billion units worldwide by now and has been backed by major handset makers. No DRM has ever been financially supported by content owners.
So, there’s the answer to the fundamental question that should determine the success of Consumer-Ownable Digital Personal Property. To grow and succeed, the e-book market has to navigate between the Scylla of platform monopoly (e.g., by Amazon or Apple) and the Charybdis of platform fragmentation (leading to lack of consumer interest). If book publishers are concerned enough about this — as they should be – then they might just be motivated to find a way of subsidizing implementations of P1817 that doesn’t run afoul of antitrust law.
If Paul Sweazey and his IEEE P1817 compatriots believe this line of reasoning, then their market development task is well-defined — albeit difficult to pull off. As with other standards initiatives, P1817TM’s success depends crucially on the types of companies that participate. (Hello, Adobe? Overdrive? Random House? And dare we say it: Amazon? Apple?) We’ll get a clue to this after the July 14 working group meeting. If they do succeed, it would truly be a meaningful new development in DRM technology.
Selectable Output Control: What’s the Big Deal? June 27, 2010Posted by Niels Thorwirth in Standards, Technologies, Video.
[Editor's note: I had been intending to write a piece on Selectable Output Control for some time, but I just haven't had the time to do the proper research. Niels Thorwirth of Verimatrix wrote this very informative piece about SOC for Verimatrix's corporate blog, which is reproduced here minus the Verimatrix commercial part.]
The FCC has recently granted a waiver filed by the MPAA to allow selectable output control for set-top box (STB) devices in the USA. The requirements for selectable output control are for a limited time and under certain conditions, but still a significant development in the evolving world of movie distribution windows.
It means that cable, satellite and IPTV operators are allowed to offer content that can only be displayed on screens with HDMI connections protected via high-bandwidth digital content protection (HDCP). Any analog or unprotected outputs from the STB device would be disabled during the viewing of that content.
The contention is that, by eliminating the “easy” piracy option of recording the signal from analog outputs of the STB, studios can now consider a new release window for their movie assets. As proposed by Time Warner Cable, it’s called “home theater on demand,” and enables operators to offer a movie for domestic consumption just 30 days after its theatrical release.
While most articles deal with the business dynamics of selling video-on-demand (VOD) movies closer to the theaters and before DVD or BluRay, let’s take a look at the security implications.
The mandatory digital watermark for digital cinema provides some forensic traceability of illegitimate recordings by identifying the theater location and screening time. This helps deter repeat offenders and inside jobs. Nonetheless, some movies are still pirated with a camcorder in cinemas. Apparently, the commercial benefits of selling that movie on illegal DVDs still outweigh the risks for professional pirates. The quality of these recordings is poor and the financial loss to studios is arguably limited in that many who accept that quality would not otherwise buy theater tickets.
It’s also unfortunate that, right after the release of any noteworthy movie on DVD or BluRay, high-quality digital movies can typically be downloaded from Internet file sharing sites in several versions and sizes. The source is of course untraceable in this situation.
This new concept of a home theater on demand window enables the delivery of movies to end user devices. Despite the restriction to HDCP protected outputs, there is no doubt that content released in this high value period will be subject to piracy of commercial and non-commercial flavor. While HDCP provides much better security then that unprotected analog output, it has vulnerabilities.
If these vulnerabilities are too difficult to exploit, pirates will be able to resort to copying content from their HD TV with an HD camcorder in the comfort of their own home – the quality of readily available equipment makes this a relatively easy option. This is where digital watermarking can be used to trace and identify piracy of either approach.
This new home theater on demand requirement takes watermarking into additional networks with specific infrastructure and legacy architecture, with new and interesting integration tasks. It also adds possibilities to make watermarking a standard solution to secure content revenues on this distribution channel.
The recent discussions we’ve had with content owners and distributors certainly indicate that the studios understand the potential of digital watermarking to plug the crucial security vulnerability that is opened by home theater on demand and is only closed in part by selectable output control.
The home theater on demand release window, after all, adds a consumer option, and I believe that the combination of selectable output control and traceability is a sufficient deterrent against piracy to keep this option valid and profitable for content owners.