The State of Digital Rights Management
by Roto
lifted in large part from Lucky Green's talk on the TCPA from DefCon X
http://www.cypherpunks.to
The Trusted Computing Platform Alliance is a consortium of technology industry companies founded by Microsoft, Intel, IBM, Hewlett Packard, and Compaq in 1999. It's aims are simple: to create and deploy an industry standard for secure Digital Rights Management applications in hardware.
They are succeeding, for the most part.
What the consortium proposes is that every digital device, from cell phones to computers to televisions, be built with an embedded "Fritz chip" which monitors the operation of the system, and can allow or disallow certain operations based on whether or not the software it's running is "trusted", ie, digitally signed by the TCPA's own authority.
The chip would contain a unique cryptographic key pair which would uniquely identify each device. the private key would be stored on the tamper-resistant chip upon manufacture, and would be released to the user under no circumstances whatsoever. This use of modern cryptography allows a number of applications:
1) Privacy Invasion
Intel once proposed a unique serial number for the Pentium III chip, the furor over which forced them to recant. Using public key crypto in this way not only makes the same tracking possible - it also makes it unforgeable.
2) Digital Rights Management
Want to prevent your music from being played on any but one device? Encrypt it with that device's public key. Only the private key (which is held on the chip) would be able to decode it.
Ah, you say, that's nice, but all I have to do is get an application that picks up the decoded content, and send it to disk in a free format, right?
Read on...
The Jackbootstrap
The Fritz Chip also has it's fingers heavily in the boot process. As your machine boots up, it monitors every part of boot process, from the BIOS to the OS kernel to the applications themselves. Each piece of code must be digitally signed by the TCPA authority, and the chip compares a code against the signature using the TCPA public key to insure that the code being run is certified. As a result, only unmodified, signed code binaries are allowed to run on the system.
Let me guess: your audio grabbing application isn't going to be certified, now is it?
This is not to say that they just plain won't let you write your own software; they will (how generous). If you decide to run uncertified software, a "system compromised" signal will be sent to each trusted application, allowing it to (presumably) shut down. The chip itself will also no longer perform the cryptographic operations necessary to decrypt content in such a state.
So, instead of telling you what kids you can play with, they simply take their marbles and go home should you decide to invite your friends.
This is just the beginning. Wait until you hear about the censorship possibilities inherent in Document Revocation Lists...
Fritz's chip, Fritz's law: the CBDTPA
The Consumer Broadband and Digital Television Promotion Act was introduced into the US Senate last spring by Ernest "Fritz" Hollings, a democrat from South Carolina who is well known for accepting large campaign contributions from the entertainment industry. The CBDTPA, currently before Congress, would mandate a federal "security standard" for all digital devices, making it illegal to manufacture or sell devices in the US which do not implement the standard. The name comes from the clever yet weak argument that the slow uptake of HDTV and broadband interenet service is because content providers are loathe to move into a medium that are convinced will bankrupt them.
Similar legislation was proposed last year as the Security Systems Standards Certification Act, which was largely lost due it's unfortunate timing around the September eleventh hullaballoo. The thing about the SSSCA was that it was largely opposed by technology companies, while Hollywood was all in favor of it.
The reason Silicon Valley, include the big five behind the TCPA, opposed such legislation was that they don't want or need the time pressure. The SSSCA would mandate that some standard be certified in 12-18 months. DRM technology must be developed and implemented very carefully, as it's extremely fragile. Federal pressure to certify a technology would likely end up as a rush job that would be easier to botch.
Make no mistake, hi tech DOES have an interest in a federal mandate of DRM. Software is is pirated, too. Now that the TCPA is more confident of it's cornering of the market, and the effectiveness of the technology aspect, techology heavyweights have been complaining a lot less. They hollered a bit to buy time, and they got it. Now, there's much less stopping Silicon Valley and Hollywood from moving forward together.
And this law is coming up for a vote just as the TCPA is beginning to solidify. How convenient.
The Law on the Books: the DMCA
The Digital Millenium Copyright Act makes it a federal felony to circumvent any technology that effectively controls access to a copyrighted work. Such offenses are punishable by up to $500,000 in fines or five years in prison per offense.
The trouble with the DMCA is that it does not account for whether or not acts of circumvention are undertaken for a lawful purpose. There are many well precedented cases in which copying works may be unauthorized by the copyright holder, yet is legal. Excerpting works for purposes of criticism or review, parodying, data backup, and time or format shifting of works are all perfectly legal rights guraranteed to owners of media by law. Regardless, the DMCA would make circumvention of the technologies used to prevent copying illegal for any purpose whatsoever.
Currently, few works are actually implemented with DRM technology, as most attempts to date have been embarrassingly ineffective. The TCPA makes such technology not only availabe, but reasonably effective. Add on top of that the fact that the CBDTPA would make such technology MANDATORY, and you have the makings of a true intellectual property tyranny.
Weaknesses: The analog hole and the swiss cheese dike
Of course, no copy prevention scheme to date has been unhackable. From the reverse engineering of dongles to running a felt-tip marker around the edge of a CD, technology history is full of well-meaning copy protection schemes that were embarrasingly trivial to circumvent.
Sometime I wonder if there's an argument to be made against the DMCA surrounding it's use of the word "effectively" in "technology which effectively controls access to a protected work". If the technology is actually INeffective at controlling access, does that still count?
The TCPA is no different. While making perfect digital copies of a work would be effectively ruled out, there is still nothing to stop analog loop-backs from re-recording music at reasonably high quality. Yes, analog media does suffer from deterioration after repeated copying, but once you re-record over analog, you then reencode into a free digital format, and no further analog deterioration need occur. With the right equipment, no significant loss of quality takes place.
The only hope of preventing analog copying lies in the dismal science of watermarking. You have to distribute and legally mandate all analog-to-digital converters to listen for watermarks in their input, and cease operation once they're found - no matter how faint. While you need to insure the machine can hear it, you must also insure that humans cannot. Now throw in the requirement that the signal must be difficult to remove, and you hell of an engineering chin-scratcher. Watermarking in digital formats is nigh impossible; watermarking in analog formats would be downright miraculous.
The technology is both virtually impossible and absolutely necessary. The legislation is also highly unlikely, considering how many other technologies and their bakcing interests use Analog to Digital Converters.
The reason that DRM technology needs to be mandated is that if there is any non-DRM hardware on the market, it will be bought & used. The nature of information distribution on the Internet is that it doesn't matter how many sources there are (or aren't). Plug one hole in the dike, and the water will come out of another at a greater rate to compensate. So long as there is one faucet, the bathtub will still fill up at the same rate. Turn off as many lights as you like - so long as there's one there, everyone can see. File sharers won't really see the difference between one search result and a hundred - they'll still get the file, and, in short order, just as many people will be sharing it as before.
Some possible redeeming factors
While the way it's being used isn't very reassuring, the TCPA as a technology is actually quite useful. What's good for the goose is good for the gander.
For example, the TCP becomes the ultimate anti-virus application; since all software on the system need have it's code signature verified before it gets run, malicious code could be largely stopped.
Another feature of the TCP allows one to insure, cryptographically, that a remote system is running in a fully licensed, trusted environment of known code that has been reviewed and certified by a certificate authority. In this case, the authority is the TCPA, but there's no reason that the technology could not be implemented with an entirely different trust network. For example, the Free Software Foundation and/or the GNU project could implement certification of software licensed under the GPL as easily as Microsoft could for commercial software. One could insure that a system wasn't running a tainted Linux kernel.
Just yesterday, I was reading an article on Salon about how the Gnutella Developers Forum is considering certifying and authenticating clients allowed on the gnutella network, in order to control the growing number of nodes that are behaving badly, slowing down the network's performance. This includes recent actions taken by various recording industry players to launch denial of service attacks againt the network, flooding it with bogus query hits and falsified content, and filling up transfer queues to prevent access by legitimate users, among other things. Coincidentally, there is also another bill before Congress introduced by Rep Howard Berman, which would legalize such DoS attacks against Peer to peer networks. Ironically, The TCPA's technology implements exactly what Gnutella developers could use to certify clients and prevent such attacks.
Choosing an alternative certification authority would not compormise the security of the TCPA's intended applications - applications would still have a choice of whether or not to shut down or continue to play alongside applciations that were signed by authorities which the makers of those applications don't trust. The difference would be that it would be the USER - not the TCPA itself - that would decide whose authority their devices should trust. Cartels and monopolies should be just as bad in cryptographic trust networks as they are anywhere else.
That said, I find it higly unlikely that the TCPA consortium will be opening
up it's technology to competitive uses. It's a shame.
By Roto