Copy protection of ordinary disk drives?

Tom Vogt tom at unicorn.lemuria.org
Thu Dec 21 14:46:50 PST 2000


---------- Forwarded message ----------
Date: Thu, 21 Dec 2000 13:16:03 -0800
From: John Gilmore <gnu at toad.com>
To: cryptography at c2.net, gnu at toad.com
Subject: IBM&Intel push copy protection into ordinary disk drives

The Register has broken a story of the latest tragedy of copyright
mania in the computer industry.  Intel and IBM have invented and are
pushing a change to the standard spec for PC hard drives that would
make each one enforce "copy protection" on the data stored on the hard
drive.  You wouldn't be able to copy data from your own hard drive to
another drive, or back it up, without permission from some third
party.  Every drive would have a unique ID and unique keys, and would
encrypt the data it stores -- not to protect YOU, the drive's owner,
but to protect unnamed third parties AGAINST you.

The same guy who leads the DVD Copy Control Association is heading the
organization that licenses this new technology -- John Hoy.  He's a
front-man for the movie and record companies, and a leading figure in
the California DVD lawsuit.  These people are lunatics, who would
destroy the future of free expression and technological development,
so they could sit in easy chairs at the top of the smoking ruins and
light their cigars off 'em.

The folks at Intel and IBM who are letting themselves be led by the
nose are even crazier.  They've piled fortunes on fortunes by building
machines that are better and better at copying and communicating
WHATEVER collections of raw bits their customers desire to copy.  Now
for some completely unfathomable reason, they're actively destroying
that working business model.  Instead they're building in circuitry
that gives third parties enforceable veto power over which bits their
customers can send where.  (This disk drive stuff is just the tip of
the iceberg; they're doing the same thing with LCD monitors, flash
memory, digital cable interfaces, BIOSes, and the OS.  Next week we'll
probably hear of some new industry-wide copy protection spec, perhaps
for network interface cards or DRAMs.)  I don't know whether the movie
moguls are holding compromising photos of Intel and IBM executives
over their heads, or whether they have simply lost their minds.  The
only way they can succeed in imposing this on the buyers in the
computer market is if those buyers have no honest vendors to turn to.
Or if those buyers honestly don't know what they are being sold.

So spread the word.  No copy protection should exist ANYWHERE in
generic computer hardware!  It's up to the BUYER to determine what to
use their product for.  It's not up to the vendors of generic
hardware, and certainly not up to a record company that's shadily
influencing those vendors in back-room meetings.  Demand a policy
declaration from your vendor that they will build only open hardware,
not covertly controlled hardware.  Use your purchasing dollars to
enforce that policy.

Our business should go to the honest vendors, who'll sell you a drive
and an OS and a motherboard and a CPU and a monitor that YOU, the
buyer, can determine what is a valid use of.  Don't send your money
to Intel or IBM or Sony.  Give your money to the vendors who'll sell
you a product that YOU control.

        John

   http://www.theregister.co.uk/content/2/15620.html

   Stealth plan puts copy protection into every hard drive

Hastening a rapid demise for the free copying of digital media, the next
generation of hard disks is likely to come with copyright protection
countermeasures built in.

Technical committees of NCTIS, the ANSI-blessed standards body, have been
discussing the incorporation of content protection currently used for
removable media into industry-standard ATA drives, using proprietary
technology originating from the 4C Entity. They're the people who brought
you CSS2: IBM, Toshiba Intel and Matsushita.

The scheme envisaged brands each drive with a unique identifier at
manufacturing time.

The proposals are already at an advanced stage: three drafts have already
been discussed for incorporating CPRM (Content Protection for Recordable
Media) into the ATA specification by the NCTIS T.13 committee. The
committee next meets in February. If, as expected, the CPRM extensions
become part of the ATA specification, copyright protection will be in every
industry-standard hard disk by next summer, according to IBM.

However, what's likely to create a firestorm of industry protest is that
the proposed mechanism introduces problems to moving data between compliant
and non-compliant hard drives. Modifications to existing backup programs,
imaging software, RAID arrays and logical volume managers will be required
to cope with the new drives, <I>The Register</I> has discovered.

The ramifications are enormous. Although the benefit to producers is great
- - bringing the holy grail of secure content one step closer - the costs to
consumers will be significant. For example, corporate IT departments will
be unable to mix compliant and non-compliant ATA drives as they try to
enforce uniform back up policies, we've discovered. Restoring personal
backups to a different physical drive - a common enough occurrence when a
disk has failed - will require authentication with a central server.
Imaging software used by OEMs and large corporates to distribute
one-to-many disk images will also need to be modified.

And the move casts a shadow over some of the hottest emerging business
models: the network attached storage industry, which relies on virtualising
media pools, the digital video recorder market currently led by TiVo and
Replay, and the nascent peer-to-peer model all face technical disruption.

<B>How it works</B>
Today, CPRM is implemented on DVD and removable SD disks. But the SCSI and
ATA/ATAPI proposals incorporate an extension of the scheme to allow the
encryption to be used on hard drives, in addition to removable drives and
ATAPI devices such as CD-ROMs and DVD drives.

The proposal makes use of around a megabyte of read-only storage on each
hard drive that isn't usually accessed by the end user for a "Media Key
Block". According to research scientist Jeffrey Lotspiech of IBM's Almaden
Research Lab, this is a matrix of 16 columns and some 3000 rows. A static
"Media Unique Key" in a separate, hidden area of the drive, identifies the
individual drive. Making use of broadcast encryption and one way key
algorithms, would-be hackers face a daunting number of keys to break. CPRM
adds new commands into the ATA specification.

But because the system makes use of the physical location on the device of
the encrypted item, software designed for non-compliant drives will break
in some circumstance when encrypted data files are moved.

"It requires both drives to be compliant when data is to move from one disk
to another," says Lotspiech. "And a compliant application to get all that
data to the new drive".

So a hard drive containing small individual containing non-copyable files
of say, Gartner reports, will essentially be unrestorable using existing
backup programs.

Similar problems arise with RAID arrays using IDE disks, acknowledges IBM.
"This may help IT managers when auditing for copyright compliance,"
suggests IBM spokesman Mike Ross.

However the decision to make an organisation CPRM compliant. Free copying
is no longer an option:-

"It's not up to us to determine or guess what the content provider might
permit," says Ross. "Nothing will handcuff proper backup and restoring
provided the content provider permits it. Some may not permit it - but what
will the customers reaction be then?"

Well, quite. Clearly key management becomes an urgent priority when
CPRM-aware drives are introduced next year, as CPRM-aware content will
surely follow. The decision to go with CPRM in an organisation is also an
all or nothing proposition - it can't be introduced gradually.

But for home users, the party's over. CRPM paves the way for CPRM-compliant
audio CDs, and the free exchange of digital recordings will be limited to
non-CPRM media.

<I>The Register</I> understands there is fierce opposition to the plan from
Microsoft and its OEM customers. Generating hundreds of thousands of images
each week, the PC industry relies on data going from one master to many
reliably and smoothly.  Imaging programs face the same problem as restore
software: the target disk isn't the same as the originator disk. Microsoft
Redmond already has put in a counter-proposal that eschews low-level
hardware calls.

<B>Where were you when they copy-protected the hardware, Daddy?</b>

The intellectual property is owned by the 4C Entity, and administered by
License Management International, LLC - a limited liability company based
in Morgan Hill, California. Company founder John Hoy told <I>The
Register</I> that "LMI,LC holds no intellectual property. Entities are
granted a master license."

Per-device royalties are payable to LLI,LC. License fees of between 2c and
17c have been mooted for each device, according to documents circulated to
the T.13 group. 5c is the current rate for a DVD device.

Three possible paths lie ahead. CPRM may be bounced out of the T.x
committees. Or manufacturers may choose not to implement it, and opt for an
incomplete ATA or SCSI specification. This is deemed unlikely. Or thirdly,
manufacturers may choose to implement the new command set, but not activate
it.

Although it hardly has a prominent media profile - yet - CPRM in hardware
is the most comprehensive mechanism for enforcing rights protection the
industry has seen, and is likely to be viewed by content producers as a
magic bullet. Its progress depends on whether its proponents can overcome
industry and consumer opposition. Which might be brewing right about ...
now.


----- End forwarded message -----





More information about the cypherpunks-legacy mailing list