Copy protection of ordinary disk drives?
---------- Forwarded message ---------- Date: Thu, 21 Dec 2000 13:16:03 -0800 From: John Gilmore <gnu@toad.com> To: cryptography@c2.net, gnu@toad.com Subject: IBM&Intel push copy protection into ordinary disk drives The Register has broken a story of the latest tragedy of copyright mania in the computer industry. Intel and IBM have invented and are pushing a change to the standard spec for PC hard drives that would make each one enforce "copy protection" on the data stored on the hard drive. You wouldn't be able to copy data from your own hard drive to another drive, or back it up, without permission from some third party. Every drive would have a unique ID and unique keys, and would encrypt the data it stores -- not to protect YOU, the drive's owner, but to protect unnamed third parties AGAINST you. The same guy who leads the DVD Copy Control Association is heading the organization that licenses this new technology -- John Hoy. He's a front-man for the movie and record companies, and a leading figure in the California DVD lawsuit. These people are lunatics, who would destroy the future of free expression and technological development, so they could sit in easy chairs at the top of the smoking ruins and light their cigars off 'em. The folks at Intel and IBM who are letting themselves be led by the nose are even crazier. They've piled fortunes on fortunes by building machines that are better and better at copying and communicating WHATEVER collections of raw bits their customers desire to copy. Now for some completely unfathomable reason, they're actively destroying that working business model. Instead they're building in circuitry that gives third parties enforceable veto power over which bits their customers can send where. (This disk drive stuff is just the tip of the iceberg; they're doing the same thing with LCD monitors, flash memory, digital cable interfaces, BIOSes, and the OS. Next week we'll probably hear of some new industry-wide copy protection spec, perhaps for network interface cards or DRAMs.) I don't know whether the movie moguls are holding compromising photos of Intel and IBM executives over their heads, or whether they have simply lost their minds. The only way they can succeed in imposing this on the buyers in the computer market is if those buyers have no honest vendors to turn to. Or if those buyers honestly don't know what they are being sold. So spread the word. No copy protection should exist ANYWHERE in generic computer hardware! It's up to the BUYER to determine what to use their product for. It's not up to the vendors of generic hardware, and certainly not up to a record company that's shadily influencing those vendors in back-room meetings. Demand a policy declaration from your vendor that they will build only open hardware, not covertly controlled hardware. Use your purchasing dollars to enforce that policy. Our business should go to the honest vendors, who'll sell you a drive and an OS and a motherboard and a CPU and a monitor that YOU, the buyer, can determine what is a valid use of. Don't send your money to Intel or IBM or Sony. Give your money to the vendors who'll sell you a product that YOU control. John http://www.theregister.co.uk/content/2/15620.html Stealth plan puts copy protection into every hard drive Hastening a rapid demise for the free copying of digital media, the next generation of hard disks is likely to come with copyright protection countermeasures built in. Technical committees of NCTIS, the ANSI-blessed standards body, have been discussing the incorporation of content protection currently used for removable media into industry-standard ATA drives, using proprietary technology originating from the 4C Entity. They're the people who brought you CSS2: IBM, Toshiba Intel and Matsushita. The scheme envisaged brands each drive with a unique identifier at manufacturing time. The proposals are already at an advanced stage: three drafts have already been discussed for incorporating CPRM (Content Protection for Recordable Media) into the ATA specification by the NCTIS T.13 committee. The committee next meets in February. If, as expected, the CPRM extensions become part of the ATA specification, copyright protection will be in every industry-standard hard disk by next summer, according to IBM. However, what's likely to create a firestorm of industry protest is that the proposed mechanism introduces problems to moving data between compliant and non-compliant hard drives. Modifications to existing backup programs, imaging software, RAID arrays and logical volume managers will be required to cope with the new drives, <I>The Register</I> has discovered. The ramifications are enormous. Although the benefit to producers is great - - bringing the holy grail of secure content one step closer - the costs to consumers will be significant. For example, corporate IT departments will be unable to mix compliant and non-compliant ATA drives as they try to enforce uniform back up policies, we've discovered. Restoring personal backups to a different physical drive - a common enough occurrence when a disk has failed - will require authentication with a central server. Imaging software used by OEMs and large corporates to distribute one-to-many disk images will also need to be modified. And the move casts a shadow over some of the hottest emerging business models: the network attached storage industry, which relies on virtualising media pools, the digital video recorder market currently led by TiVo and Replay, and the nascent peer-to-peer model all face technical disruption. <B>How it works</B> Today, CPRM is implemented on DVD and removable SD disks. But the SCSI and ATA/ATAPI proposals incorporate an extension of the scheme to allow the encryption to be used on hard drives, in addition to removable drives and ATAPI devices such as CD-ROMs and DVD drives. The proposal makes use of around a megabyte of read-only storage on each hard drive that isn't usually accessed by the end user for a "Media Key Block". According to research scientist Jeffrey Lotspiech of IBM's Almaden Research Lab, this is a matrix of 16 columns and some 3000 rows. A static "Media Unique Key" in a separate, hidden area of the drive, identifies the individual drive. Making use of broadcast encryption and one way key algorithms, would-be hackers face a daunting number of keys to break. CPRM adds new commands into the ATA specification. But because the system makes use of the physical location on the device of the encrypted item, software designed for non-compliant drives will break in some circumstance when encrypted data files are moved. "It requires both drives to be compliant when data is to move from one disk to another," says Lotspiech. "And a compliant application to get all that data to the new drive". So a hard drive containing small individual containing non-copyable files of say, Gartner reports, will essentially be unrestorable using existing backup programs. Similar problems arise with RAID arrays using IDE disks, acknowledges IBM. "This may help IT managers when auditing for copyright compliance," suggests IBM spokesman Mike Ross. However the decision to make an organisation CPRM compliant. Free copying is no longer an option:- "It's not up to us to determine or guess what the content provider might permit," says Ross. "Nothing will handcuff proper backup and restoring provided the content provider permits it. Some may not permit it - but what will the customers reaction be then?" Well, quite. Clearly key management becomes an urgent priority when CPRM-aware drives are introduced next year, as CPRM-aware content will surely follow. The decision to go with CPRM in an organisation is also an all or nothing proposition - it can't be introduced gradually. But for home users, the party's over. CRPM paves the way for CPRM-compliant audio CDs, and the free exchange of digital recordings will be limited to non-CPRM media. <I>The Register</I> understands there is fierce opposition to the plan from Microsoft and its OEM customers. Generating hundreds of thousands of images each week, the PC industry relies on data going from one master to many reliably and smoothly. Imaging programs face the same problem as restore software: the target disk isn't the same as the originator disk. Microsoft Redmond already has put in a counter-proposal that eschews low-level hardware calls. <B>Where were you when they copy-protected the hardware, Daddy?</b> The intellectual property is owned by the 4C Entity, and administered by License Management International, LLC - a limited liability company based in Morgan Hill, California. Company founder John Hoy told <I>The Register</I> that "LMI,LC holds no intellectual property. Entities are granted a master license." Per-device royalties are payable to LLI,LC. License fees of between 2c and 17c have been mooted for each device, according to documents circulated to the T.13 group. 5c is the current rate for a DVD device. Three possible paths lie ahead. CPRM may be bounced out of the T.x committees. Or manufacturers may choose not to implement it, and opt for an incomplete ATA or SCSI specification. This is deemed unlikely. Or thirdly, manufacturers may choose to implement the new command set, but not activate it. Although it hardly has a prominent media profile - yet - CPRM in hardware is the most comprehensive mechanism for enforcing rights protection the industry has seen, and is likely to be viewed by content producers as a magic bullet. Its progress depends on whether its proponents can overcome industry and consumer opposition. Which might be brewing right about ... now. ----- End forwarded message -----
http://www.theregister.co.uk/content/2/15620.html
Stealth plan puts copy protection into every hard drive
[snip]
<B>How it works</B>
But because the system makes use of the physical location on the device of the encrypted item, software designed for non-compliant drives will break in some circumstance when encrypted data files are moved.
"It requires both drives to be compliant when data is to move from one disk to another," says Lotspiech. "And a compliant application to get all that data to the new drive".
So a hard drive containing small individual containing non-copyable files of say, Gartner reports, will essentially be unrestorable using existing backup programs.
Maybe I'm being dense today, but I don't see how this is going to work. So they have a key on your drive, they encrypt the data using this key, but at some point the data has to be decrypted and used, which means that it can be intercepted. The article isn't too clear, but it appears that a 'compliant application' is going to be needed to do the encrypt/decrypt? All software is subject to disassembly, so there is no real protection there. Not that it isn't a really dumb idea, they're trying to remove your control of the bits stored on your harddrive -- a Really Bad Thing obviously. Brian -- Brian C. Lane - Linux Programmer/Consultant/Writer www.brianlane.com Virtual Web Hosting www.nexuscomputing.com NRA Life Member www.libertynews.org ============================================================================ Good intentions will always be pleaded for every assumption of authority. It is hardly too strong to say that the Constitution was made to guard the people against the dangers of good intentions. There are men in all ages who mean to govern well, but they mean to govern. They promise to be good masters, but they mean to be masters. -- Daniel Webster
On Fri, 22 Dec 2000, Brian Lane wrote:
http://www.theregister.co.uk/content/2/15620.html
Stealth plan puts copy protection into every hard drive
But because the system makes use of the physical location on the device of the encrypted item, software designed for non-compliant drives will break in some circumstance when encrypted data files are moved.
"It requires both drives to be compliant when data is to move from one disk to another," says Lotspiech. "And a compliant application to get all that data to the new drive".
So a hard drive containing small individual containing non-copyable files of say, Gartner reports, will essentially be unrestorable using existing backup programs.
Maybe I'm being dense today, but I don't see how this is going to work. So they have a key on your drive, they encrypt the data using this key, but at some point the data has to be decrypted and used, which means that it can be intercepted.
The article isn't too clear, but it appears that a 'compliant application' is going to be needed to do the encrypt/decrypt? All software is subject to disassembly, so there is no real protection there.
Here's one other thing; how does the "compliant application" get the decryption keys?? If I can't copy files without being hooked up to the net, then half my computers at home will quit working! (I have two distinct networks: one for secure data and one with internet access...). If the compliant application needs to hook up to the internet in order to get a decryption key to read data, these drives will not work for a host of legitimate non-networked applications. On the other hand if the compliant application does NOT need to hook up to the internet to get keys, then someone with a debugger will have a utility to get your drive's whole list of keys (and a patched BIOS to make it behave like a regular drive) within a couple weeks of their introduction to the market. Unless it comes out at the same time as "encrypted instruction set" computing, where the executables are decrypted inside the CPU... Bear
Brian Lane wrote:
Maybe I'm being dense today, but I don't see how this is going to work. So they have a key on your drive, they encrypt the data using this key, but at some point the data has to be decrypted and used, which means that it can be intercepted.
The article isn't too clear, but it appears that a 'compliant application' is going to be needed to do the encrypt/decrypt? All software is subject to disassembly, so there is no real protection there.
I'd suspect that this is part of the "protect our(!) hardware from the consumer" process that's been going on for a few years. most likely, the whole event will happen inside the disk, which will be made more or less tamper-resistant. now remember that there've been planned for a fully encrypted bus system for quite some time. the basic idea is that the raw bits are never accessable in software. the software will just tell the hardware "hey, could you please push the encrypted bits of that song over the encrypted bus to the crypto-speakers?". interesting change in culture. not too long ago, knowing how your home electronics actually work was the sign of the geek. not too far in the past, knowing how your home electronics really works will be the sign of the criminal.
Isn't the idea that you don't get to see the surface of the disk? The copy protection is in the onboard circuitry. The drive refuses to return data from "unreadable" sectors/blocks, where readability depends on a function of the of the drive serial number, some sort of certificate in the system request, and the relevant field in the media key block. For most people it wouldn't even have to be encrypted. They aren't going to break the box open & put in their own chips, or take out the platters & read them with their own probes. This will presumably crash & burn in the market. As long as anyone sells user-controllable disks, we will carry on buying them. It's not as if IBM are the only manufacturers in the world. Ken Brian Lane wrote:
Maybe I'm being dense today, but I don't see how this is going to work. So they have a key on your drive, they encrypt the data using this key, but at some point the data has to be decrypted and used, which means that it can be intercepted.
The article isn't too clear, but it appears that a 'compliant application' is going to be needed to do the encrypt/decrypt? All software is subject to disassembly, so there is no real protection there.
Not that it isn't a really dumb idea, they're trying to remove your control of the bits stored on your harddrive -- a Really Bad Thing obviously.
Brian
--
On Fri, Dec 22, 2000 at 05:13:53PM +0100, Tom Vogt wrote:
Brian Lane wrote:
Maybe I'm being dense today, but I don't see how this is going to work. So they have a key on your drive, they encrypt the data using this key, but at some point the data has to be decrypted and used, which means that it can be intercepted.
interesting change in culture. not too long ago, knowing how your home electronics actually work was the sign of the geek. not too far in the past, knowing how your home electronics really works will be the sign of the criminal.
I can see it now -- "Mr. Lane, you are being convicted for reverse enginerring the embedded encryption system in the IBM-SuperSekret-HD." "But! But! I was just trying to recover my Quicken 2001 backup!" as they drag me off to prison. The only way they can make this even begin to work in the marketplace is to force manufacturers to stop producing uncontrollable drives. I wouldn't be suprised if there was an amendment to enact this waiting to attach itself to an obscure bill in Congress. Or maybe I'm just being paranoid? <G> Brian -- Brian C. Lane - Linux Programmer/Consultant/Writer www.brianlane.com Virtual Web Hosting www.nexuscomputing.com NRA Life Member www.libertynews.org ============================================================================ I had a friend who was a clown... when he died, all his friends went to the funeral in one car... -- Stephen Wright
Brian Lane wrote:
The only way they can make this even begin to work in the marketplace is to force manufacturers to stop producing uncontrollable drives. I wouldn't be suprised if there was an amendment to enact this waiting to attach itself to an obscure bill in Congress.
Or maybe I'm just being paranoid? <G>
you're not. we've seen it happen with CSS. all they need is an opportunity to push it. maybe some "enhanced" hard-drive that has higher storage capacity, or lower seek times, or whatever other marginal advantage that the whole scam can be attached to.
participants (5)
-
Brian Lane -
Ken Brown -
Ray Dillinger -
Tom Vogt -
tom@unicorn.lemuria.org