Plan Would Use Software, Not Devices, to Fight Piracy
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wherein Paul Kocher proves, once again, that secure messages on insecure public networks will always beat insecure messages on "secure" private networks. So much for book-entry to the screen buffer. Take *that* WAVE-oids. :-) Of course, the old crypto saw still prevails: The only thing DRM gets you is who the copy was stolen *from*, not who stole it. So, I still predict an eventual convergence to a cash-settled auction market for authenticated copies of any digital work, and, of course, I think Paul's work is a great step in this direction. Financial cryptography is the only cryptography that matters. Cheers, RAH - ------- <http://www.nytimes.com/2003/04/15/technology/15CRYP.html?pagewanted=p rint&position=top> The New York Times April 15, 2003 Plan Would Use Software, Not Devices, to Fight Piracy By JOHN MARKOFF A prominent computer security researcher has proposed a technical solution aimed at forging a middle ground in the increasingly bitter battle by Hollywood and Silicon Valley over the best way to protect digital content from consumer piracy. Cryptography Research has begun circulating its proposal, which it calls Self-Protecting Digital Content, among entertainment companies. It plans to make it available publicly this week, in an effort to break the impasse over the Digital Millennium Copyright Act, which Congress passed in 1998 with strong lobbying support from Hollywood and other creators of intellectual property. Cryptography Research's proposal would shift the location of copy-protection code from the consumer products that play music and movies and run software to the content files produced by entertainment companies and software developers. The plan aims to help avoid the immense costs of building piracy protection into personal computers, video game players, satellite receivers and other devices produced by technology manufacturers. While it would not eliminate the possibility of digital theft, its advocates said it would drastically curb piracy while easing the burden on the technology industry. They say the plan would also avoid invading the privacy of consumers who do not engage in piracy and make it easier and less costly for content owners to recover if a copy-protection system is broken. The authors of the report include Paul Kocher, a leading American cryptographer, who was involved in the development of an important Web standard for protecting the security of commercial transactions. Consumer electronics makers create coding to wrap what they hope will be unbreakable shells of software around digital content on CD's, DVD's and the like. Once the copy protection systems are undermined, however, it is simple for pirates to make unlimited copies of the music, video or software. Under pressure from Hollywood and the recording industry, the personal computing industry has now embarked on an ambitious project to build copy protection hardware into the circuitry of all PC's. The efforts, including the PC hardware industry's Trusted Computing Platform Alliance and Microsoft's Palladium system are being sold to users on the grounds that they will protect information privacy and computer security. But if the hard-wired approach proves to be fallible, allowing a determined enemy to bypass this digital Maginot line, the standards efforts could turn into a financial disaster for the computer industry and harm Hollywood as well. "We use the term brittle," said Mr. Kocher, who consults widely in the consumer electronics industry on cryptography issues. "You have a strong external shell, but the inside is software and completely vulnerable." Under the proposal from Cryptography Research, based in San Francisco, the hardware would be radically simplified and the complexity of protecting the information would be embedded within the music, video or software file itself. As part of the approach, each file would embed a digital mark, making it possible for a stolen copy to be traced. The advantage of the system is that the tracing technology would only come into play if a file is widely copied. "It's a clever idea," said Bruce Schneier, founder and chief technical officer of Counterpane Internet Security, a computer security company. "This makes the job of the attacker more annoying. Paul is approaching the problem more sensibly than others." Most security experts now believe that there will never be a perfect solution to digital piracy. But most earlier proposals would involve such extensive invasions of privacy that many experts worry that they could end up producing a consumer backlash against the entertainment and technology industries. Mr. Kocher said he decided to explore a new approach after years of watching the mounting tension among Hollywood, electronics manufacturers and consumer advocacy groups. "I find the problem of piracy absolutely fascinating," he said. "Most people view this as a war between Hollywood and technology companies. But I view it as the security industry has done a terrible job of attempting to solve Hollywood's piracy problem." -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 - not licensed for commercial use: www.pgp.com iQA/AwUBPpwuzsPxH8jf3ohaEQIlqwCglu3m7jIz/PH8EaZ8UndYUx0+QEoAoPyn gxCurY25EdNuI36vZRmvkZYz =DdZh -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
As always I dont think the answer we see to the problem we saw is the true vision. From the postings I see here I think most of us see through the decit anyway. At the end of the day there are to many greedy, fat fingers wanting to get into the consumer pie, to make guarranteed money and a guarranteed stream of it. I would like to wash my hands of it, however it effects me directly whether I want it to or not. What does knowing where the original copy came from matter? It just disappeared into "china" and out comes a million + copies. All I can see is that there will clearly be 2 streams of movies/music, a highly restricted and expensive official solution, and an extreamly open, cheap, pirated version. All that will happen is people will be forced into one camp or another, and Im willing to bet once ppl move into the pirated camp they wont be able to get back, and wont want too. The RIAA's business model is shot, its just a question of how long it takes to die. In 3rd world countries I suspect its already dead, they cant afford to buy official stuff. regards Thing R. A. Hettinga wrote:
Wherein Paul Kocher proves, once again, that secure messages on insecure public networks will always beat insecure messages on "secure" private networks.
So much for book-entry to the screen buffer. Take *that* WAVE-oids. :-)
Of course, the old crypto saw still prevails: The only thing DRM gets you is who the copy was stolen *from*, not who stole it.
So, I still predict an eventual convergence to a cash-settled auction market for authenticated copies of any digital work, and, of course, I think Paul's work is a great step in this direction.
Financial cryptography is the only cryptography that matters.
Cheers, RAH -------
<http://www.nytimes.com/2003/04/15/technology/15CRYP.html?pagewanted=p rint&position=top>
The New York Times
April 15, 2003
Plan Would Use Software, Not Devices, to Fight Piracy By JOHN MARKOFF
A prominent computer security researcher has proposed a technical solution aimed at forging a middle ground in the increasingly bitter battle by Hollywood and Silicon Valley over the best way to protect digital content from consumer piracy.
Cryptography Research has begun circulating its proposal, which it calls Self-Protecting Digital Content, among entertainment companies. It plans to make it available publicly this week, in an effort to break the impasse over the Digital Millennium Copyright Act, which Congress passed in 1998 with strong lobbying support from Hollywood and other creators of intellectual property.
Cryptography Research's proposal would shift the location of copy-protection code from the consumer products that play music and movies and run software to the content files produced by entertainment companies and software developers. The plan aims to help avoid the immense costs of building piracy protection into personal computers, video game players, satellite receivers and other devices produced by technology manufacturers. While it would not eliminate the possibility of digital theft, its advocates said it would drastically curb piracy while easing the burden on the technology industry.
They say the plan would also avoid invading the privacy of consumers who do not engage in piracy and make it easier and less costly for content owners to recover if a copy-protection system is broken.
The authors of the report include Paul Kocher, a leading American cryptographer, who was involved in the development of an important Web standard for protecting the security of commercial transactions.
Consumer electronics makers create coding to wrap what they hope will be unbreakable shells of software around digital content on CD's, DVD's and the like. Once the copy protection systems are undermined, however, it is simple for pirates to make unlimited copies of the music, video or software.
Under pressure from Hollywood and the recording industry, the personal computing industry has now embarked on an ambitious project to build copy protection hardware into the circuitry of all PC's. The efforts, including the PC hardware industry's Trusted Computing Platform Alliance and Microsoft's Palladium system are being sold to users on the grounds that they will protect information privacy and computer security.
But if the hard-wired approach proves to be fallible, allowing a determined enemy to bypass this digital Maginot line, the standards efforts could turn into a financial disaster for the computer industry and harm Hollywood as well.
"We use the term brittle," said Mr. Kocher, who consults widely in the consumer electronics industry on cryptography issues. "You have a strong external shell, but the inside is software and completely vulnerable."
Under the proposal from Cryptography Research, based in San Francisco, the hardware would be radically simplified and the complexity of protecting the information would be embedded within the music, video or software file itself.
As part of the approach, each file would embed a digital mark, making it possible for a stolen copy to be traced. The advantage of the system is that the tracing technology would only come into play if a file is widely copied.
"It's a clever idea," said Bruce Schneier, founder and chief technical officer of Counterpane Internet Security, a computer security company. "This makes the job of the attacker more annoying. Paul is approaching the problem more sensibly than others."
Most security experts now believe that there will never be a perfect solution to digital piracy. But most earlier proposals would involve such extensive invasions of privacy that many experts worry that they could end up producing a consumer backlash against the entertainment and technology industries.
Mr. Kocher said he decided to explore a new approach after years of watching the mounting tension among Hollywood, electronics manufacturers and consumer advocacy groups.
"I find the problem of piracy absolutely fascinating," he said. "Most people view this as a war between Hollywood and technology companies. But I view it as the security industry has done a terrible job of attempting to solve Hollywood's piracy problem."
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 6:16 PM +1200 4/16/03, thing wrote:
All that will happen is people will be forced into one camp or another, and Im willing to bet once ppl move into the pirated camp they wont be able to get back, and wont want too.
More to the point, "piracy", meaning the auctioning of *any* copy, for bearer form internet cash using protocols everyone on these lists know by heart, is *desirable*, and, I would claim, inevitable. Inevitable because it's cheaper, it already is, :-), but I mean risk-adjusted transaction cost compared to book-entry DRM markets, and, in addition, will put more revenue in the pockets of actual innovators of new content. Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 - not licensed for commercial use: www.pgp.com iQA/AwUBPp2YisPxH8jf3ohaEQL8oQCeOYrp2aMX4G9Zg6hlt+xiEz/D23sAoKga nnmcEWKBdsw0alwGy5oKgXaB =QgJH -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
R. A. Hettinga wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
At 6:16 PM +1200 4/16/03, thing wrote:
All that will happen is people will be forced into one camp or another, and Im willing to bet once ppl move into the pirated camp they wont be able to get back, and wont want too.
More to the point, "piracy", meaning the auctioning of *any* copy, for bearer form internet cash using protocols everyone on these lists know by heart, is *desirable*, and, I would claim, inevitable.
Inevitable because it's cheaper, it already is, :-), but I mean risk-adjusted transaction cost compared to book-entry DRM markets, and, in addition, will put more revenue in the pockets of actual innovators of new content.
Cheers, RAH
Totally agree, its just a question of time. I have a friend who is a musician/composer her intent is to publish on the Net, me I'll do the technical stuff for her. In the past the music houses distributed the music, now they are not needed, the marketing they do is less and less and worse and worse. I think the musicians pay for such stuff anyway, so why precisely do we need the likes of Sony? They are just churning out the same stuff, while new musicians struggle and are ignored. Cutting out the middle men who offer smoke and mirrors means we as consumers pay less and the creators get a fairer return, I cant wait for it. While all this DRM , Palladium is fine for the US, I dont see it being saleable anywhere else, and I suspect the "youngsters" will avoid such crippled kit like its the plague in the US. Some of the suits seem to forget we have choice or think they have removed that choice, I very much want to prove them wrong. regards Thing
participants (2)
-
R. A. Hettinga -
thing