Plan Would Use Software, Not Devices, to Fight Piracy

R. A. Hettinga rah at shipwright.com
Tue Apr 15 09:09:56 PDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wherein Paul Kocher proves, once again, that secure messages on
insecure public networks will always beat insecure messages on
"secure" private networks. 

So much for book-entry to the screen buffer. Take *that* WAVE-oids.
:-)


Of course, the old crypto saw still prevails: The only thing DRM gets
you is who the copy was stolen *from*, not who stole it.

So, I still predict an eventual convergence to a cash-settled auction
market for authenticated copies of any digital work, and, of course,
I think Paul's work is a great step in this direction.

Financial cryptography is the only cryptography that matters.

Cheers,
RAH
- -------

<http://www.nytimes.com/2003/04/15/technology/15CRYP.html?pagewanted=p
rint&position=top>

The New York Times


April 15, 2003 

Plan Would Use Software, Not Devices, to Fight Piracy 
By JOHN MARKOFF 


A prominent computer security researcher has proposed a technical
solution aimed at forging a middle ground in the increasingly bitter
battle by Hollywood and Silicon Valley over the best way to protect
digital content from consumer piracy. 

Cryptography Research has begun circulating its proposal, which it
calls Self-Protecting Digital Content, among entertainment companies.
It plans to make it available publicly this week, in an effort to
break the impasse over the Digital Millennium Copyright Act, which
Congress passed in 1998 with strong lobbying support from Hollywood
and other creators of intellectual property. 

Cryptography Research's proposal would shift the location of
copy-protection code from the consumer products that play music and
movies and run software to the content files produced by
entertainment companies and software developers. The plan aims to
help avoid the immense costs of building piracy protection into
personal computers, video game players, satellite receivers and other
devices produced by technology manufacturers. While it would not
eliminate the possibility of digital theft, its advocates said it
would drastically curb piracy while easing the burden on the
technology industry. 

They say the plan would also avoid invading the privacy of consumers
who do not engage in piracy and make it easier and less costly for
content owners to recover if a copy-protection system is broken. 

The authors of the report include Paul Kocher, a leading American
cryptographer, who was involved in the development of an important
Web standard for protecting the security of commercial transactions. 

Consumer electronics makers create coding to wrap what they hope will
be unbreakable shells of software around digital content on CD's,
DVD's and the like. Once the copy protection systems are undermined,
however, it is simple for pirates to make unlimited copies of the
music, video or software. 

Under pressure from Hollywood and the recording industry, the
personal computing industry has now embarked on an ambitious project
to build copy protection hardware into the circuitry of all PC's. The
efforts, including the PC hardware industry's Trusted Computing
Platform Alliance and Microsoft's Palladium system are being sold to
users on the grounds that they will protect information privacy and
computer security. 

But if the hard-wired approach proves to be fallible, allowing a
determined enemy to bypass this digital Maginot line, the standards
efforts could turn into a financial disaster for the computer
industry and harm Hollywood as well. 

"We use the term brittle," said Mr. Kocher, who consults widely in
the consumer electronics industry on cryptography issues. "You have a
strong external shell, but the inside is software and completely
vulnerable." 

Under the proposal from Cryptography Research, based in San
Francisco, the hardware would be radically simplified and the
complexity of protecting the information would be embedded within the
music, video or software file itself. 

As part of the approach, each file would embed a digital mark, making
it possible for a stolen copy to be traced. The advantage of the
system is that the tracing technology would only come into play if a
file is widely copied. 

"It's a clever idea," said Bruce Schneier, founder and chief
technical officer of Counterpane Internet Security, a computer
security company. "This makes the job of the attacker more annoying.
Paul is approaching the problem more sensibly than others." 

Most security experts now believe that there will never be a perfect
solution to digital piracy. But most earlier proposals would involve
such extensive invasions of privacy that many experts worry that they
could end up producing a consumer backlash against the entertainment
and technology industries. 

Mr. Kocher said he decided to explore a new approach after years of
watching the mounting tension among Hollywood, electronics
manufacturers and consumer advocacy groups. 

"I find the problem of piracy absolutely fascinating," he said. "Most
people view this as a war between Hollywood and technology companies.
But I view it as the security industry has done a terrible job of
attempting to solve Hollywood's piracy problem." 


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 - not licensed for commercial use: www.pgp.com

iQA/AwUBPpwuzsPxH8jf3ohaEQIlqwCglu3m7jIz/PH8EaZ8UndYUx0+QEoAoPyn
gxCurY25EdNuI36vZRmvkZYz
=DdZh
-----END PGP SIGNATURE-----

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'





More information about the cypherpunks-legacy mailing list