From: DiSToAGe <distoage@sbbi.net> Sent: Jun 2, 2005 5:05 AM To: cypherpunks@jfet.org Subject: Re: /. [Intel Adds DRM to New Chips]
I have read infos that say that audio and video drivers will be in the trusted chain. If your hardware system is used by an os (i.e. win) on which you can't create drivers, and only industry signed drivers can be used you can't bypass this by hacking drivers ...
Right. This has to happen if you want the basic DRM model to work. The big thing to understand here is that the content protection people are okay with the model of the world where a relatively small number of pirates with a lot of capital and expertise can crack out content and make copies for sale. They already live in that world, and the analog hole makes it genuinely impossible for them to get out of it. The world that they want to avoid living in is the one where the only capital required to become a major pirate is a PC. The difference here is in two parts: When pirates have to have a lot of capital, they have to charge for their pirated works. So the difference isn't "pay $15 for a new CD or just do download it," it's "pay $15 for a new CD or pay $3 for a new CD." And then the pirate has to worry about getting paid, which means dealing with some kind of (in practice traceable) payment protocol if he wants to do business online. And shutting down pirates who have $500,000 invested in their business actually makes some financial sense--you can spend a few thousand dollars shutting them down without spending yourself into bankruptcy. By contrast, the world in which every PC owner can be a pirate is much nastier for the content owners. Being a pirate is so easy that the resulting ripped music files are made available for free, just as part of someone joining a P2P network or some such thing. That means the user gets a decision like "Buy a CD for $15, which I will then want to rip so I can put it on my laptop and MP3 player anyway, or just download it for free." The pirates aren't charging anything, so they don't have to worry about getting paid or being traced by their payment mechanism. And enforcement actions against pirates in this world are comically inefficient--you end up spending thousands of dollars to shut down one 14 year old with a PC, and all the money you can spend doesn't really have much impact on the problem. You're left trying to make examples of a few people, which makes you look like bullies, and which is unlikely to work all that well anyway.
My though is the hardware drm can be reverse engineered ? If you use cert on your DRM you must put cert and private keys on your DRM chip ... So you have somewhere memory (rom or else) where you have this private and cert datas. So with good tools you can read what are the bits in this DRM.
Right. The critical issue here is whether a random user can just download some software to defeat the DRM. If it costs lots of money to extract the DRM secrets, there's some question of whether the people who spent that money will release the keys into the wild for free. And many schemes have at least some notion of revoking keys that have been released into the wild, so that your new CDs don't play with the hacked DRM server. The point of all this isn't to stop determined pirates--that's impossible because of the analog hole. The point is to stop casual piracy. That seems at least possibly doable to me. (The big question is whether the existence of non-DRMed copies of lots of content will make it possible to just *ignore* the DRMed stuff.) --John