[clug] A most interesting read, most interesting

[Michael Cohen]

On Wed, Dec 27, 2006 at 10:10:06PM +1100, Sam Couter wrote:
> No, it's a technological path. They're trying to restrict the ability to
> make perfect digital copies of media. The next step is watermarking and
> such, to close the analog hole.
> 
> Vista claims to provide secure media services of some kind, including
> encryption of video on the PCI Express bus on its way to the video card.
> 
> http://en.wikipedia.org/wiki/Features_new_to_Windows_Vista#Digital_Rights_Management
> 
> My quick Google search hasn't turned up anything further, but I've read in
> the past about standards that include encryption of the signal on the video
> cable between the video card and the monitor.

Sam, this sort of thing has been talked about for yonks. Its not going to work
any better than the current system, because somewhere, the data is present in
an unencrypted form in order to be presented to a human neural sensor of some
kind. Encrypting the signal between the DVD rom and the monitor will simply
move the clear text data to the monitor (i.e. you might need to patch signal
lines inside the monitor). 

Apart from this, This proposition is obviously ludicrous because you will be
unable to watch any video on monitors which do not support such encryption. The
dvd consortium would love to force monitor manufacturers to pay them a fee for
each monitor sold, but I dont think this will fly. Besides, and this has been
proved time and time again, the marketplace must obey the will of consumers.
And consumers want to gain access to the decrypted data, so any manufacturer
worth their while will build the DRM system so weak that it would be trivial to
circumvent it because that will sell more units.

For example look at the first DVD players released in the late 90s. Back then
in order to obtain a DVD licence the manufacturer had to enforce region coding.
The first units to hit the market did enforce it very strongly. But very
quickly products appeared which were "multi-region" or could be reflashed to
remove this restriction. These were then so popular that today almost every dvd
player sold is multi-region. In fact its a fact which most players advertise as
a feature!!!

This is primarily because the hardware manufacturers have a different agenda to
the DVD consortium. The hardware guys are all about shipping units, and the
more they ship over their competitors the more they get paid. The DVD
consortium is about restricting and controlling consumers. And lets face it,
consumers do not want to be restricted...

> > Even a closed source os such as windows has a well
> > documented driver interface, and it is always possible to do what you describe.
> 
> Except when the closed source operating system vendor makes it not
> possible.

Sam, the fact that an OS is closed source only makes it a little more difficult
to figure out where to tap the data. Recent advances in reverse engineering
show that not having the source code is not that big a hurdle - see for example
the book Rootkits by Greg Hoglund, James Butler which describes a technique
called Direct Kernel Object Manipulation, where they are able to manipulate
internal NT kernel data structures to an absolutely amazing degree using only
reverse engineered knowledge about the internals of the windows kernel. This
sort of information is pretty advanced even for similar linux kernel structurs
which you have the source code for. My point is that when there is a will,
there will be a way - the fact that the os is closed source doesnt matter too
much.

It is true, (and that is what MS is going for) that if the OS provides
facilities which make the implementation of DRM easier, then we will get more
applications with DRM in them. For example, suppose MS provides some API for
securely authenticating with a DRM provider for pay per view or registration
purposes. In that case, anyone can write DRM enabled applications using this
simple API easily, and we should see more DRM enabled applications.

At first this might appear as a bad thing, but in reality its a good thing.
Rather than having to reverse engineer every DRM application's way of doing
things, just reverse the windows API implementation, and in one swoop you can
circumvent _all_ DRM applications using this API. Whats more is that the MS api
will be well documented so you will have a great start.

At the end of the day we both agree that DRM is just a flawed concept because
there are always technical solutions to it. Its just a matter of implementing
those legally within linux that we need to address.

> I was not clear enough in my statement.
> 
> The GPL is all about putting control of software in the hands of the
> users, not the vendors.

This statement is obviously correct.

> Linux is released under the GPL, and as such it puts control in the hands
> of the users, not the vendors.

This statement is also correct.

> The GPL does not make a secure multimedia path impossible. Open source
> operating systems such as Linux make it impossible.

How does this statement follow from the previous two? I dont quite understand
what you are saying here. How does the truth of the previous two statements
imply that DRM on linux can not work? It can work just the same as on windows
(which we all agree is not very well), because on linux you are still able to
release software without source code and not under the GPL. Just because the
rest of the system is GPL doesnt mean every piece of software has to be.

> It would be impossible to ship effective DRM software with source code,
> I think. And certainly pointless, since the software is no use without
> the keys.

So we agree that potential DRM software will be released in binary form? And if
that is the case it is the same as the windows situation. My point is that
linux does not make DRM any worse or better than having DRM under windows. The
DRM software for both oses would be very similar anyway.

> > I absolutely agree with you about the moral reason and would definitely hope
> > this was a legal reason too - but unfortunately by the introduction of DMCA and
> > USTA legislation to Australia the law does not seem to be aligned with morals
> > :-(.
> 
> If this is true it would not surprise me at all. In fact, I'd be surprised
> if the law *were* aligned with morals on this point.

Morals are such a subjective topic. The law is simply an instrument by which
one party excercises control over another party. In this case the MPAA, ARIA
etc simply lobby legislators to shift the legal balance of power to their
favor. By doing this they effectively gain more power than consumers and
thereby create more revenues. Its purely a business move, and like most legal
matters has very little to do with morals.

Michael.