Tuesday, February 13, 2007

They Knew it Was Going to Be Easy

News from the hacker community... the digital rights management (DRM) technology that protects HD-DVD and Blu-Ray high definition video discs has been broken. That's really not news as it was an inevitability.

The Slashdot commentary on this was interesting and pointed out something I hadn't thought of before. I will refrain from quoting the whole comment and instead paraphrase: it is impossible to secure a message when the recipient and the attacker are the same person. And now you are asking, what does that mean?

Okay, quick cryptography lesson from someone who only understands the basic. Assume two people (Bob and Alice) who want to send communication between eachother privately. In order for this communication to occur they must use one of several encryption methodologies. In general, this is done by both Bob and Alice knowing a "secret" and using that secret to encrypt and decrypt the message. Now, a third person (Charles) wants to listen in, but can't because he doesn't know the secret. Works pretty well, for the most part.

Now with DRM, the paradigm is different. Alice (played by the record label or movie studio) wants to send a message to Bob (played by you and I) that he can only listen/watch in certain circumstances. But Bob also wants to watch his DVD in a non-authorized fashion (say, with a Linux box)... which means Bob has a dual identity. He is both Bob and Charles. Any secret Bob knows, Charles knows... and now the gig is up. It may be that Bob doesn't know what the secret is, exactly, that he knows, but it is only a matter of time before smart people figure it out. That's what happened with DVDs several years ago, and that's what happened with the next generation systems.

But this is not what I want to talk about. The title of this post is "They Knew it Was Going to Be Easy" because the makers of DRM knew everything I just said above. They are not, contrary to the opining of the Slashdot crowd, stupid. In fact, they knew this so well that they got a law passed to criminalize the activity... a little something known as the Digital Millennium Copyright Act. §1201(A) reads:
No person shall circumvent a technological measure that effectively controls access to a work protected under this title
Which makes the breaking of DRM a against the law... even if the DRM is really stupid.

So yes, it is easy... but so is bopping someone on the nose. Doesn't take anything more than one of my fists and decent aim. Which is why we pass laws in the first place, to create artificial incentives which conform behavior in a particular manner as established by the legislative process (I love this link!). The media companies said they wanted to keep pirates from breaking into their stuff, they recognized it couldn't be done with technology alone, so they appealed to the legislature and got the needed protection.

Which is to say... they knew it was going to be easy.

1 comment:

Anonymous said...

The analogy is close - it's more that Alice wants to give something to Bob, but doesn't want to let anyone else see and has "rules". So Alice encrypts the data with a lock, but doesn't give Bob the key. So you either:

1. Break the lock (Cracking of 3DES, DVDJon's efforts, etc.)
2. Break the key (DRM, iTunes, etc.)
3. Or take it without a lock and key (P2P, FTP, Newsgroups, nextdoor neighbor Charlie).

Admittedly, doing any of the above is technically violating the law, however - the issue is that people don't think it's fair to be sold a t-shirt and have them be told when and where they can use it, that they can't give it to their friend when they're done, etc.