/. [Intel Adds DRM to New Chips]

Thu Jun 2 08:34:08 PDT 2005

>From: DiSToAGe <distoage at sbbi.net>
>Sent: Jun 2, 2005 5:05 AM
>To: cypherpunks at jfet.org
>Subject: Re: /. [Intel Adds DRM to New Chips]

>I have read infos that say that audio and video drivers will be in the
>trusted chain. If your hardware system is used by an os (i.e. win) on
>which you can't create drivers, and only industry signed drivers can be
>used you can't bypass this by hacking drivers ...

Right.  This has to happen if you want the basic DRM model to work.
The big thing to understand here is that the content protection people
are okay with the model of the world where a relatively small number
of pirates with a lot of capital and expertise can crack out content
and make copies for sale.  They already live in that world, and the
analog hole makes it genuinely impossible for them to get out of it.
The world that they want to avoid living in is the one where the only
capital required to become a major pirate is a PC.  

The difference here is in two parts:  When pirates have to have a lot
of capital, they have to charge for their pirated works.  So the
difference isn't "pay $15 for a new CD or just do download it," it's
"pay $15 for a new CD or pay $3 for a new CD."  And then the pirate
has to worry about getting paid, which means dealing with some kind of
(in practice traceable) payment protocol if he wants to do business
online.  And shutting down pirates who have $500,000 invested in their
business actually makes some financial sense--you can spend a few
thousand dollars shutting them down without spending yourself into
bankruptcy.  

By contrast, the world in which every PC owner can be a pirate is much
nastier for the content owners.  Being a pirate is so easy that the
resulting ripped music files are made available for free, just as part
of someone joining a P2P network or some such thing.  That means the
user gets a decision like "Buy a CD for $15, which I will then want to
rip so I can put it on my laptop and MP3 player anyway, or just
download it for free."  The pirates aren't charging anything, so they
don't have to worry about getting paid or being traced by their
payment mechanism.  And enforcement actions against pirates in this
world are comically inefficient--you end up spending thousands of
dollars to shut down one 14 year old with a PC, and all the money you
can spend doesn't really have much impact on the problem.  You're left
trying to make examples of a few people, which makes you look like
bullies, and which is unlikely to work all that well anyway.  

>My though is the hardware drm can be reverse engineered ? If you use
>cert on your DRM you must put cert and private keys on your DRM chip ...
>So you have somewhere memory (rom or else) where you have this private
>and cert datas. So with good tools you can read what are the bits in
>this DRM. 

Right.  The critical issue here is whether a random user can just
download some software to defeat the DRM.  If it costs lots of money
to extract the DRM secrets, there's some question of whether the
people who spent that money will release the keys into the wild for
free.  And many schemes have at least some notion of revoking keys
that have been released into the wild, so that your new CDs don't play
with the hacked DRM server.  

The point of all this isn't to stop determined pirates--that's
impossible because of the analog hole.  The point is to stop casual
piracy.  That seems at least possibly doable to me.  (The big question
is whether the existence of non-DRMed copies of lots of content will
make it possible to just *ignore* the DRMed stuff.)

--John