From: DiSToAGe <distoage@sbbi.net> Sent: Jun 2, 2005 5:05 AM To: cypherpunks@jfet.org Subject: Re: /. [Intel Adds DRM to New Chips]
I have read infos that say that audio and video drivers will be in the trusted chain. If your hardware system is used by an os (i.e. win) on which you can't create drivers, and only industry signed drivers can be used you can't bypass this by hacking drivers ...
Right. This has to happen if you want the basic DRM model to work. The big thing to understand here is that the content protection people are okay with the model of the world where a relatively small number of pirates with a lot of capital and expertise can crack out content and make copies for sale. They already live in that world, and the analog hole makes it genuinely impossible for them to get out of it. The world that they want to avoid living in is the one where the only capital required to become a major pirate is a PC. The difference here is in two parts: When pirates have to have a lot of capital, they have to charge for their pirated works. So the difference isn't "pay $15 for a new CD or just do download it," it's "pay $15 for a new CD or pay $3 for a new CD." And then the pirate has to worry about getting paid, which means dealing with some kind of (in practice traceable) payment protocol if he wants to do business online. And shutting down pirates who have $500,000 invested in their business actually makes some financial sense--you can spend a few thousand dollars shutting them down without spending yourself into bankruptcy. By contrast, the world in which every PC owner can be a pirate is much nastier for the content owners. Being a pirate is so easy that the resulting ripped music files are made available for free, just as part of someone joining a P2P network or some such thing. That means the user gets a decision like "Buy a CD for $15, which I will then want to rip so I can put it on my laptop and MP3 player anyway, or just download it for free." The pirates aren't charging anything, so they don't have to worry about getting paid or being traced by their payment mechanism. And enforcement actions against pirates in this world are comically inefficient--you end up spending thousands of dollars to shut down one 14 year old with a PC, and all the money you can spend doesn't really have much impact on the problem. You're left trying to make examples of a few people, which makes you look like bullies, and which is unlikely to work all that well anyway.
My though is the hardware drm can be reverse engineered ? If you use cert on your DRM you must put cert and private keys on your DRM chip ... So you have somewhere memory (rom or else) where you have this private and cert datas. So with good tools you can read what are the bits in this DRM.
Right. The critical issue here is whether a random user can just download some software to defeat the DRM. If it costs lots of money to extract the DRM secrets, there's some question of whether the people who spent that money will release the keys into the wild for free. And many schemes have at least some notion of revoking keys that have been released into the wild, so that your new CDs don't play with the hacked DRM server. The point of all this isn't to stop determined pirates--that's impossible because of the analog hole. The point is to stop casual piracy. That seems at least possibly doable to me. (The big question is whether the existence of non-DRMed copies of lots of content will make it possible to just *ignore* the DRMed stuff.) --John
interesting talk about economic elements ... I believe that in every human new work (new creation, or new hack), the men who make the work do things to help others make the work faster and easier. So with time, if a few people can hack some drm machine, it will be more easier and more cheaper for others to make the same thing. And in economic with time the price of goods goes down. So in the beginning perhaps the drm system will be good because too expensive to hack for main people. But with price falling and methods easier to do, more poeple will do it. And begin to share hacked files to others. So the parallel "black market" of illegal files will rise again. So with times people macking the drm stuff must either change it, or make it more complexe to rise the price again ... But it seems that the time to dismount a system is quicker than the time to change or make a new one ... except if you make a big structural change ... Le jeudi 02 juin 2005 ` 11:34 -0400, John Kelsey a icrit :
Right. This has to happen if you want the basic DRM model to work. The big thing to understand here is that the content protection people are okay with the model of the world where a relatively small number of pirates with a lot of capital and expertise can crack out content and make copies for sale. They already live in that world, and the analog hole makes it genuinely impossible for them to get out of it. The world that they want to avoid living in is the one where the only capital required to become a major pirate is a PC.
The difference here is in two parts: When pirates have to have a lot of capital, they have to charge for their pirated works. So the difference isn't "pay $15 for a new CD or just do download it," it's "pay $15 for a new CD or pay $3 for a new CD." And then the pirate has to worry about getting paid, which means dealing with some kind of (in practice traceable) payment protocol if he wants to do business online. And shutting down pirates who have $500,000 invested in their business actually makes some financial sense--you can spend a few thousand dollars shutting them down without spending yourself into bankruptcy.
By contrast, the world in which every PC owner can be a pirate is much nastier for the content owners. Being a pirate is so easy that the resulting ripped music files are made available for free, just as part of someone joining a P2P network or some such thing. That means the user gets a decision like "Buy a CD for $15, which I will then want to rip so I can put it on my laptop and MP3 player anyway, or just download it for free." The pirates aren't charging anything, so they don't have to worry about getting paid or being traced by their payment mechanism. And enforcement actions against pirates in this world are comically inefficient--you end up spending thousands of dollars to shut down one 14 year old with a PC, and all the money you can spend doesn't really have much impact on the problem. You're left trying to make examples of a few people, which makes you look like bullies, and which is unlikely to work all that well anyway.
Right. The critical issue here is whether a random user can just download some software to defeat the DRM. If it costs lots of money to extract the DRM secrets, there's some question of whether the people who spent that money will release the keys into the wild for free. And many schemes have at least some notion of revoking keys that have been released into the wild, so that your new CDs don't play with the hacked DRM server.
The point of all this isn't to stop determined pirates--that's impossible because of the analog hole. The point is to stop casual piracy. That seems at least possibly doable to me. (The big question is whether the existence of non-DRMed copies of lots of content will make it possible to just *ignore* the DRMed stuff.)
-- "Perhaps one day "computer science" will, like Yugoslavia, get broken up into its component parts. That might be a good thing. Especially if it meant independence for my native land, hacking." (hackers and Painters) [ Paul Graham ]
it seems now intel say there is no DRM in there chips. Earlier FUD ? marketing tactic ? desire to hide truth to public as discussed before ? http://yro.slashdot.org/article.pl?sid=05/06/05/1833241
DiSToAGe <distoage@sbbi.net> writes:
it seems now intel say there is no DRM in there chips.
No, it's very careful to say that there is no *unannounced* DRM in their chips, in the same way that we have had no undetected penetrations of our security. Peter.
participants (3)
-
DiSToAGe
-
John Kelsey
-
pgut001@cs.auckland.ac.nz