Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
All HDDs May Have Content Protection Built-In by Summer 2001

By rusty in News
Wed Dec 20, 2000 at 05:22:50 PM EST
Tags: Hardware (all tags)
Hardware

The Register reports today that IBM, Toshiba, Intel and Matsushita (The "4C Entity") are a good way toward embedding Content Protection for Recordable Media (CPRM) into the next ATA spec.

The article, Stealth plan puts copy protection into every hard drive, notes that while copyright owners may gain a way to protect their content from copying,

the costs to consumers will be significant... and the move casts a shadow over some of the hottest emerging business models: the network attached storage industry, which relies on virtualising media pools, the digital video recorder market currently led by TiVo and Replay, and the nascent peer-to-peer model all face technical disruption.
Update [2000-12-21 18:4:0 by rusty]: Alan Cox has commented briefly on this, on the linux-kernel mailing list. His take? "Its probably very hard to defeat. It also in its current form means you can throw disk defragmenting tools out. Dead, gone. Welcome to the United Police State Of America." Indeed.


CPRM is already used in DVDs and removable SD disks. It basically allows content to be encrypted on the disk, and requires that the disk itself contain a "Media Key" in order to access the content. The trouble is that the encryption system uses the location of the data on the drive, which means that existing backup software will be unable to backup data on the new drives. It is, after all "copy protection", and that apparently means any and all copying.

So, not only will you potentially have to get special permission to backup your own media, virtually all existing backup software will need to be rewritten to properly retain all the information needed to backup data on the new drives.

According to the Reg, the ANSI-approved NCTIS T.13 committee has already evaluated three draft proposals for incorporating CPRM in the next ATA spec, and IBM says that "copyright protection will be in every industry-standard hard disk by next summer."

You can bet that if this does happen, you won't be able to buy any media that isn't copy-protected, at least from the major content companies. Where does that leave Napster, Gnutella, Freenet, et al? Is this the death knell of the nascent P2P craze? Is it simply business as usual in the ongoing battle to maintain IP rights in a world increasingly hostile to that goal?

And perhaps the most important question of all, how long until someone cracks it?

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
Copy protection is:
o Good. Maybe I can buy some digital media now! 0%
o Whatever. I don't pay any attention to corporate media. 8%
o Horrible. What right do they have to lock my data? 82%
o Other. I will complain about the lack of choices in my comment. 7%

Votes: 145
Results | Other Polls

Related Links
o The Register
o 4C Entity
o Stealth plan puts copy protection into every hard drive
o commented briefly
o linux-kern el
o Also by rusty


Display: Sort:
All HDDs May Have Content Protection Built-In by Summer 2001 | 139 comments (134 topical, 5 editorial, 0 hidden)
crack away (3.42 / 14) (#1)
by tacitus on Wed Dec 20, 2000 at 04:19:49 PM EST

It will be cracked before it is released.

You know with all this strangle hold on copyright protection and the slowing economy, I seriously wonder what is going to be the immediate future of the internet.

Consumers will stop consuming if it gets too complicated or expensive.


The ILLenium

complicated and expensive (3.60 / 5) (#2)
by rusty on Wed Dec 20, 2000 at 04:24:01 PM EST

The thing about CPRM, if I understand it right (which I may not-- please correct me!), is that it will only be complicated and expensive for the people who have to deal with it in software or hardware. From the producer's point of view, it isn't that expensive, compared to easy, perfect piracy. And from the consumer's point of ciew, it's likely to be invisible (until you try to protect your data from loss or corruption).

As for cracking, does anyone have any info on whether the existing implementations of CPRM have been cracked or reverse-engineered?

____
Not the real rusty
[ Parent ]

Cracked in DVD? (3.00 / 1) (#116)
by enterfornone on Fri Dec 22, 2000 at 06:51:37 AM EST

As for cracking, does anyone have any info on whether the existing implementations of CPRM have been cracked or reverse-engineered?

Isn't this what DeCSS does, or is that completly different?

Surely if you can decode it to play it you have to be able to decode it to rip it too.

--
efn 26/m/syd
Will sponsor new accounts for porn.
[ Parent ]

Not quite (4.00 / 1) (#128)
by Spinoza on Fri Dec 22, 2000 at 05:39:30 PM EST

Yes, the same encryption algorithm appears to be in use. (This is weird, because one of the documents at intel about their tamper proof software recommends blowfish.) What you have to remember is that while C2 is a fairly weak encryption algorithm, it wasn't cracked, in that DeCSS doesn't destroy the usefulness of the algorithm completely. What DeCSS did was find a way to read the keys stored on the DVD. After this, decryption is achieved simply by using the C2 algorithm normally.

This CPRM isn't vulnerable to the same attack, because the keys are stored differently. To put it another way, C2 is part of CSS. CSS was cracked, but C2 was not.

[ Parent ]

I'm lost... (3.71 / 7) (#4)
by FyreFiend on Wed Dec 20, 2000 at 04:30:41 PM EST

Okay, I'm proving my self an idiot but I don't understand. I understand that this is at the hardware level but doesn't it require a an understanding of the partition format (and format of the partition table) by the hardware? If so then wouldn't this be useless if someone uses one of these drives in a Mac or only has Linux installed.

Someone please explain.

--
Only kings, presidents, editors, and people with tapeworms have the right to use the editorial "we".
-- Mark Twain


No, I don't think so (3.50 / 4) (#9)
by rusty on Wed Dec 20, 2000 at 04:44:15 PM EST

This is hardware-level encoding. It apparently sets aside an area of the disk to store keys in, and keys need to know the physical disk location of the data (or something like that) to read that data. Like, the unlocking and decryption will be done before software gets a bit off the drive. It's entirely below the software level.

Beyond that, I don't know anything either. Perhaps someone here has a better understanding of how this thing works.

____
Not the real rusty
[ Parent ]

Encryption (4.83 / 6) (#28)
by ucblockhead on Wed Dec 20, 2000 at 06:12:34 PM EST

The way I understand it (which is mostly just guesswork), the way it works is this: When you install a piece of "protected" data to one of these hard drives, it is automatically encrypted. Then, when the user tries to access the data, part of the load process is to decrypt the program using the secret key that is off limits to the user. If the user tries to copy the data to another drive the normal way, it will fail to load from the new drive because the new drive's key is different.

But given this, software has to be involved at some level, because at the software driver level, the OS does not know the difference between "read a block to load into memory" and "read a block to copy to another drive".

This really is doomed to failure because if the data is to be loaded into memory at some point, the data can be copied. They can make it a royal pain in the ass, but I remember back in the old Apple ][ days, one method of copy protection cracking was a piece of hardware that dumped RAM to disk.
-----------------------
This is k5. We're all tools - duxup
[ Parent ]
Yep, it's doomed (4.00 / 4) (#31)
by sigwinch on Wed Dec 20, 2000 at 08:05:10 PM EST

This scheme is possibly the stupidest thing I have ever heard of: stupider than a perpetual motion machine. Either the data comes across the ATA interface plaintext, or the host CPU decrypts it using a trivally discoverable algorithm. Either way, "protected" information will be trivially recoverable.

About the only thing this is useful for is to prevent somebody from recovering the information by disassembling the drive and reading the magnetic domains directly off the platters using a magnetic force microscope. Maybe I'm living under a rock here, but I'm not aware of a single incident involving an MP3 pirate stealing the very platters out of someone's hard drive.

OTOH, criminals might like this. Buy a "protected" hard drive, turn off the computer when the FBI shows up, and the feds can't read the information unless they manage to come up with key. Perhaps the mob has taken over IBM and this is a "protection racket". (+5, pun)

C'mon, people! You have to put the embedded crypto processor in the monitor and speakers, not the friggin hard drive. What next, an encrypted power cord? An encrypted ethernet cable? A Gartner Group secret decoder ring? Self-destructing ferromagnetic oxide formulations for floppy disks? Suicidial magnetoresistive (SMR) technology for the read heads? Ye gods, the horror!

--
I don't want the world, I just want your half.
[ Parent ]

I can see it now..... (3.50 / 4) (#60)
by MeMyselfAndI on Wed Dec 20, 2000 at 11:43:44 PM EST

"Illegal activity detected........this computer will self-destruct in five seconds."

As many have said already, HDDs with "content protection" have far too many things going against them. See below:

  • Certain manufacturers not jumping on board.
  • Large amounts of software would need to be re-written.
  • Judging by current trend, there would be workarounds out fairly shortly after the release.
  • The heart of the issue, however, is that consumers(I've always hated that word) will not benefit.

    Ten years from now(if the technology takes hold):


    Customer: "So can I do that "MP3" thing with this here computer? What about storing home movies?"
    Salesman: (starts laughing, mutters something about license fees, and walks away)


    I don't know where things are going, but sometimes I really wonder.


    DIVX made me think, the DeCSS fiasco made me worry, and this takes it all up another notch.



    [ Parent ]
    Another way to crack... (3.50 / 2) (#49)
    by meldroc on Wed Dec 20, 2000 at 10:45:19 PM EST

    Most peripherals, including hard drives these days have some sort of feature to update the firmware. How hard would it be to disasssemble a firmware update (or desolder the EEPROM chip and put it in a reader, and disassemble that), find the copy protection code and NOP it out?

    [ Parent ]
    I have a Software Version... (3.00 / 1) (#77)
    by Tim C on Thu Dec 21, 2000 at 09:03:18 AM EST

    ...it's called kswapd.

    What's to stop me from loading up some of this "protected" data, then filling my RAM with other crap, and reading the swap partition? Or do I misunderstand the way that swapping works, and can an application refuse to allow itself or its data to be swapped?

    Cheers,

    Tim

    [ Parent ]
    Little bits of data, little ones and zeros... (3.95 / 20) (#8)
    by Signal 11 on Wed Dec 20, 2000 at 04:43:22 PM EST

    Here's the thing I really wonder about - what kind of person would assist these people in deploying such an atrocity? Most engineers who know enough about the technology to impliment something like this are political enough to know this is a Bad Thing. So this begs the question - where is this cache of evil and mean engineers?

    Secondly, Let's assume for a moment that they create their handy-dandy encrypt-o-matic harddrive. I could redesign the IDE controller (or place a proxy in between it and the rest of the bus) to strip those voodoo rays out of my drive. Afterall, this "key" needs to be transmitted in plaintext in *some* fashion to get to the drive. If it is a standard, by definition it is documented somewhere, and hence a device can be engineered to remove it from your system.

    So let's say they hack up the IDE controller specs too. There goes some performance. And I'll just plug my card into the PCI bus and reconfigure the BIOS to not use the standard IRQs and memory locations to peek/poke into IDE, and instead use my handy dandy bypass-o-matic anyway.

    So let's say they encrypt the PCI bus then too. There goes another chunk of system performance. Well, now I have to cut a few traces on the motherboard and solder in my handy dandy bypass-o-matic, revision 3. Oh, and this just obsoleted every previous PCI device, because otherwise those /old/ cards could be trojan horses!

    Alrighty, now they've re-engineered the entire goddamn motherboard, every bus and interface is encrypted. I'll just plug my handy-dandy bypass-o-matic into a memory slot, and hang my memory off that. Chances are, they have to write to memory.

    Whups, they hacked the memory to be encrypted too!

    You see how this is going? So long as information about electronics and programming is available to the public, these schemes will fail by design.

    That which is created by man can be destroyed by man


    --
    Society needs therapy. It's having
    trouble accepting itself.

    Bets anyone? (3.00 / 6) (#19)
    by _cbj on Wed Dec 20, 2000 at 05:39:12 PM EST

    So long as information about electronics and programming is available to the public, these schemes will fail by design.

    Sure they will, but penny to a pound piracy-enabling hardware, as the pamphlets will have us calling it, will be illegal within five years. Way of the Western world, my friend.

    [ Parent ]

    Most engineers (3.25 / 4) (#34)
    by leviathan on Wed Dec 20, 2000 at 08:23:43 PM EST

    Most engineers who know enough about the technology to impliment(sic) something like this are political enough to know this is a Bad Thing.

    Interesting hypothesis. It's not my experience. Most engineers, even the good ones, couldn't give two hoots about the latest corporate encroachment. Provided they aren't writing the code to fire a nuke for some loonie head of state (feel free to include as many as you like in that), they don't care as long as the pay-check's fat enough.

    This viewpoint fixated on maintaining all possible logical extenstions to the constitutional rights tend to be (dare I say it?) US-based and/or OSS-centric. And maybe, just maybe, the engineers working on this know how easy it will be to circumvent it (cat encrypted > plaintext, anyone? ;) - even if they do fulfil all the specs - that that's all they're doing.

    --
    I wish everyone was peaceful. Then I could take over the planet with a butter knife.
    - Dogbert
    [ Parent ]

    Hope you're right (2.33 / 3) (#38)
    by Signal 11 on Wed Dec 20, 2000 at 08:57:28 PM EST

    I'm hoping the engineers are just going strictly by the spec, and know there are ways to get around the protection. I'm counting on them to keep backdoors and bypasses around.

    My cynical side says they'll only do it if the money is good and the risk is low.


    --
    Society needs therapy. It's having
    trouble accepting itself.
    [ Parent ]

    Public key crypto (3.80 / 5) (#48)
    by delmoi on Wed Dec 20, 2000 at 10:32:43 PM EST

    Secondly, Let's assume for a moment that they create their handy-dandy encrypt-o-matic harddrive. I could redesign the IDE controller (or place a proxy in between it and the rest of the bus) to strip those voodoo rays out of my drive. Afterall, this "key" needs to be transmitted in plaintext in *some* fashion to get to the drive.

    Geez, why do people always forget about public key crypto?

    Each drive could have a key pair, when you go to buy you're MP3's or whatever, you'll transmit a copy of you're HD's public key. EvilCorp encrypts its content with the public key, and gives it to you. The data will never be in plaintext untill it hits the platters.

    When you want to play, or listen to the content, the HD opens up an encrypted channel using the public key of the Sound or video card (this would also require secured sound and video harware, but if this goes through, that stuff can't be far off).

    Now, if they do it this way, it dosn't matter how many doodads you shove in your box, you'll never get plantext data unless you break open the hard drive and alter the ASICs on the sound/video/whatever. And that isn't going to happen.

    Right now, any CP would have to be done in software, witch will always be vulnerable. In the future, it won't always be the case.
    --
    "'argumentation' is not a word, idiot." -- thelizman
    [ Parent ]
    Client-side security (3.50 / 4) (#53)
    by Signal 11 on Wed Dec 20, 2000 at 11:15:09 PM EST

    You've made the mistake of trusting the client. My computer can't be trusted, I have physical access to it. You're also forgetting a fundamental component of how computers work.

    By their nature, computers deal with data - binary data. It isn't comprehensible to people who are not trained to understand it. However, that data has to eventually leave the computer and be interpretable by people. Whether it is audio, visual, tactile, smell, taste, or some other sense yet undetermined, it will have a physical quality about it.

    If it comes out of your monitor, it can be recorded by technology created in the 1800's - film. If it is audio, technology existed again, in the 1800's, to reproduce it. If it is touch, the necessary tools have existed since the industrial revolution. If it is smell, advances in chemistry in the 1950's can make it happen.

    The point is that we can capture the signals coming out of a computer with sufficient quality that it can be interpreted by a human being. Often times, high quality reproduction is possible by directly capturing the electrical signals coming out of the computer.

    The point is, the copynazis cannot overcome the air gap between your computer and you. Even if they could somehow make a black box computer that nobody could get into (which is impossible, but for the sake of discussion we will accept) there will always be methods to take advantage of that airgap.

    Maybe they'll invent Arthur C. Clarke's "braincap", but, quite frankly, I don't see it happening anytime soon. It's an age old race - locksmiths v. burglars, cops v. robbers, religion v. science, these are battles that have raged on for centuries, and will not be halted on account of a few suits deciding they want to destroy a fundamental human compulsion.

    They can put my body in jail, but they cannot lock up my ideas, for ideas are viscious and slip easily around the most sturdy safe.


    --
    Society needs therapy. It's having
    trouble accepting itself.
    [ Parent ]

    uhhh (3.20 / 5) (#56)
    by vsync on Wed Dec 20, 2000 at 11:21:16 PM EST

    They can put my body in jail, but they cannot lock up my ideas, for ideas are viscious and slip easily around the most sturdy safe.

    Um, "vicious"? Or "viscous"?

    --
    "The problem I had with the story, before I even finished reading, was the copious attribution of thoughts and ideas to vsync. What made it worse was the ones attributed to him were the only ones that made any sense whatsoever."
    [ Parent ]

    Hmmm.... (1.50 / 2) (#83)
    by Signal 11 on Thu Dec 21, 2000 at 12:49:23 PM EST

    Well, they're that too. A freudian slip, perhaps? :)


    --
    Society needs therapy. It's having
    trouble accepting itself.
    [ Parent ]
    Re: Public key crypto (3.00 / 1) (#125)
    by Yeroc on Fri Dec 22, 2000 at 01:01:49 PM EST

    Each drive could have a key pair, when you go to buy you're MP3's or whatever, you'll transmit a copy of you're HD's public key. EvilCorp encrypts its content with the public key, and gives it to you. The data will never be in plaintext untill it hits the platters.

    The data won't even be in plaintext when it hits the platters. The whole point is the data will be stored encrypted. You will need a special player to read & decrypt this data.

    [ Parent ]
    most engineers are apolitical (4.25 / 4) (#50)
    by steev on Wed Dec 20, 2000 at 10:45:48 PM EST

    It's not that they are evil and mean. They just want to do cool projects. Probably from the point of view of a hardware engineer this was a really cool, challenging project, so they want to do it. They don't care about the politics.

    That's how napalm got invented. and the list of other possible examples is long...

    Anyone here read "Close to the Machine", by Ellen Ullman? Great book about the ethical complications of working in the computer industry....

    [ Parent ]

    "That's not my department," says Wehrner (3.50 / 2) (#67)
    by ewhac on Thu Dec 21, 2000 at 02:49:50 AM EST

    It may be we as engineers can no longer afford that luxury.

    Schwab
    ---
    Editor, A1-AAA AmeriCaptions. Priest, Internet Oracle.
    [ Parent ]

    I think we all know who is behind it (3.33 / 3) (#73)
    by tetsuo on Thu Dec 21, 2000 at 06:11:54 AM EST

    ... So this begs the question - where is this cache of evil and mean engineers?

    Hey, Dr. Forrester and Frank had to do *something* after they left.

    Seriously, how much is my pride worth? If a suit comes to me, says "implement this scheme. here's a suitcase full of large, unmarked bills" ... Do I turn them down? I think there's a lot more people willing to comprimise their ethics for money than we'd like to admit.


    [ Parent ]
    What does this actually Mean? (3.00 / 4) (#10)
    by reshippie on Wed Dec 20, 2000 at 04:44:18 PM EST

    I'm not sure that I totally understand this. You've got a key on your hard drive, and that unique key makes it impossible to move files to another hard drive? Wouldn't that make backing up your data impossible? Or would the backups have to copy the key as well? (My best guess)

    What about simply burning files to a CD, will that still work? Or just copying them to a floppy or Zip disk?

    If everyone's data is forcibly encrypted, and part of your hard drive gets corrupted, it would then violate the DMCA to get at it, because you would have to make or obtain a decoding device.

    This really makes me nervous, especially since I don't really know what its effects really are. Then again, I may become even more nervous when I find out what the effects are.

    Those who don't know me, probably shouldn't trust me. Those who do DEFINITELY shouldn't trust me. :-)

    While this is a *bad thing*.... (3.00 / 5) (#11)
    by 11223 on Wed Dec 20, 2000 at 04:49:12 PM EST

    ... It's by no means universal. Those who know enough and want to spend enough to get the alternatives, can and will. There are SCSI hard drives. There is no copy protection (as far as I know, and I know a bit) proposals for the SCSI specs. There are Firewire drives, and new firewire drives that are native (not just ATA-Firewire bridge chipsets+ATA drives) are just coming out. While it's a bad thing that the majority of new drives will have this feature (which in my opinion is doomed), just remember that there's a way out.

    --
    The dead hand of Asimov's mass psychology wins every time.

    More from the article... (3.83 / 6) (#14)
    by rusty on Wed Dec 20, 2000 at 05:03:46 PM EST

    Today, CPRM is implemented on DVD and removable SD disks. But the SCSI and ATA/ATAPI proposals incorporate an extension of the scheme to allow the encryption to be used on hard drives, in addition to removable drives and ATAPI devices such as CD-ROMs and DVD drives
    So, basically, SCSI is no exception. I don't know about firewire.

    The thing about it is, it'll be a closed loop. You apparently must have either all-compliant drives or none, and any content that you want will require a compliant drive if it is CPRM encoded. The manufacturers make all their drives compliant, and the content producers make all their digital media encoded, and the loop is closed. How many people do you think will go out of their way to hunt down free, bootleg media like MP3's, if the "official" version is cheap and easy to get? We care, but does the average person?

    What concerns me about this is that, potentially, it would make "fair use" a thing of the past. See Lessig on this, but basically, copyright law has always included provisions for copyright to be subservient to the "greater good". Included in this are things like "fair use", so that reviewers and critics can quote from a work without fear of lawsuits. Lessig argues pursuasively that this is better than having media perfectly controlled through technology (I won't rewrite his book here, but you should all read it).

    ____
    Not the real rusty
    [ Parent ]

    Added value? (3.77 / 9) (#12)
    by daystar on Wed Dec 20, 2000 at 04:54:21 PM EST

    Since this can't possibly cost LESS than current media, AND it will require cooperation of the OS, I can't see anyone buying this unless it provides something that we WANT. Does it?

    --
    There is no God, and I am his prophet.
    And instead you'll buy ? (3.66 / 6) (#20)
    by ZanThrax on Wed Dec 20, 2000 at 05:39:34 PM EST

    If all the major manufacturers (read: those whose harddrives can be expected to function reliably) implement this system in all their new products, then what are people supposed to buy instead to "vote with their wallets" as so many pro-capitalists love to spout?

    Before flying off the handle over the suggestion that your a cocksucker, be sure that you do not, in fact, have a cock in your mouth.
    [ Parent ]

    What's more likely (4.00 / 4) (#33)
    by finkployd on Wed Dec 20, 2000 at 08:20:28 PM EST

    What's more likely is a DMCA style copyright protection law that makes this mandatory. Sure it sounds far-fetched and it seems like something like that could never happen in this country, but so did the DMCA.

    You think Aol/Time-Warner doesn't already own enough Democrats and Republicans in Congress to force this through?

    Finkployd

    Sig: (This will get posted after your comments)
    [ Parent ]
    How many do aol own.. (none / 0) (#115)
    by enterfornone on Fri Dec 22, 2000 at 06:42:29 AM EST

    in taiwan or whereever hard disks are made these days? Remember the US is not the world, it will only take one country to allow uncrippled hardware and it will be available to everyone.

    --
    efn 26/m/syd
    Will sponsor new accounts for porn.
    [ Parent ]
    cheap labor != management decision (none / 0) (#139)
    by finkployd on Wed Dec 27, 2000 at 02:54:52 PM EST

    You think the design decisions are being made in Tiawan?

    Finkployd
    Sig: (This will get posted after your comments)
    [ Parent ]
    Vendors seek to provide what the market believes (4.00 / 1) (#106)
    by turtleshadow on Fri Dec 22, 2000 at 01:47:30 AM EST

    I can figure on the big 4 to do this very dasterdly act with the following ammendments:
    • First iteration will be jumpered or soldered
    • "Microcode" will become commonplace in ATA drives just like SCSI and as such can be patched.
    • This technology will be used in the "cheap" mass market drives. High end server stuff will become like Hi-Fi components --usable by the elite for their thechno purposes. This is to avoid "taxation" for facilitating piracy by the Media Giants & Law Enforcement.
    The last thing I would want the public to deal with uniquely encoded info on disks as today I have stumped my most knowledgeable contact on VGDA problems & SSA loops
    The ATA standard is trivial to real computing & proprietary devices.
    Regards,
    Turtleshadow
    -- New and improved Happy Fun Ball. Now with ATA featuring CPRM. 2/3rd less death and mayhem for 12 easy low payments or one amazing inflated hidden shipping price!

    [ Parent ]
    Lets see... (3.00 / 3) (#26)
    by kagaku_ninja on Wed Dec 20, 2000 at 05:57:39 PM EST

    So all the HD manufacturers are going to cave into the demands of IP owners and produce slower, more expensive disks, in order to implement features that no consumer or IT professional wants.

    Assuming they can somehow make this bizzare scheme work without support from the OS, there will still be a huge market of Linux/BSD users and libertarians that do not want their disks compromised. All the HD manuracturers will simply ignore this market, and toe the line...

    There will always be unencrypted hard drives available for sale. I am still finding the original article hard to believe.

    [ Parent ]
    The Choice Is There (3.66 / 3) (#35)
    by Brandybuck on Wed Dec 20, 2000 at 08:31:53 PM EST

    If all major manufacturers implement this system, there will still be the minor manufacturers. And even if the minor manufacturers implement it, there is no law preventing new manufacturers from entering the market. And if all else fails, just remember that cheap consumer hardware isn't the only hardware.

    FIrst of all, I doubt all the major manufacturers will go along with this. But even if they do, why not just use one of the minor manufacturers? I mean, if you consider Western Digital "evil" for implementing this scheme, why the heck do you even want to use their equipment? And new entries into the field happen all the time. Where do you think Seagate came from?

    But most important, hard drive manufacturers make more revenue off of corporate servers than they do on those cheap drives at Fry's. Companies *don't* want their servers slowed down through some copy protection scheme that only makes sense on consumer PCs. They will demand quality drives and they will get them.

    You will always have a choice as to hardware. I always have. Since day one. I haven't seen anything to change this. Save the paranoia for when it's appropriate.

    [ Parent ]

    The Register = Technical Tabloid (3.33 / 15) (#15)
    by theboz on Wed Dec 20, 2000 at 05:15:15 PM EST

    I've read quite a bit of stuff like this...it's not feasable. Well, the technology is there and it might work, but it would be required to have all hardware vendors agree to it, and I seriously doubt most will. If any of the major ones (Western Digital or Maxtor for example) don't adopt this technology guess what?

    IBM, Toshiba, Intel and Matsushita all lose business because they crippled their hardware and other vendors left it open. I would hope these are rumors, as I like some of the stuff IBM and Toshiba in particular put out...but if they do stab themselves on this scam, so be it.

    As far as The Register is concerned, I've seen a lot of overdramatic B.S. posted on there before, and I tend to not trust it very much anymore. At least not without other, more reliable sources, to back them up. In any case, I voted +1 for this just so I could have something to bitch about. I'm bored. :o)

    Stuff.

    Orlowski (4.42 / 7) (#27)
    by rusty on Wed Dec 20, 2000 at 06:12:18 PM EST

    I know the author of this article. He's reliable, and very thorough in his research. It's not BS. Now, as he says, there's no guarantee this will pass the committee, but as far as the article goes, everything in there is true.

    ____
    Not the real rusty
    [ Parent ]
    Hmmm.... (3.75 / 4) (#41)
    by theboz on Wed Dec 20, 2000 at 09:23:24 PM EST

    I guess the way I see it, is that the things mentioned are an idea these companies are wanting to do, and they've been trying to figure out how to get away with it for a few years at least. The way I interpreted the article is that he meant it to be in a scary way to make us fear that this will actually happen.

    If you look at the DVD situation, you will see that the region free players are more sought after than the regular ones. Also, the MPAA has a much tighter grip on the dvd hardware than IBM and the rest have on the computer storage market. So, while I think that the things stated in the article is factual, I think it was presented to the readers in a manner that I interpret as sensationalism. Then again, I have been wrong before...once.

    Stuff.
    [ Parent ]

    And just who are you? (4.00 / 4) (#45)
    by delmoi on Wed Dec 20, 2000 at 10:18:57 PM EST

    I know the author of this article. He's reliable, and very thorough in his research. It's not BS....but as far as the article goes, everything in there is true.

    Oh, and just who are you exactly? what kind of crediblity do you have mr...

    Oh, wait...
    --
    "'argumentation' is not a word, idiot." -- thelizman
    [ Parent ]
    Okay... (3.50 / 4) (#62)
    by Jim on Wed Dec 20, 2000 at 11:50:08 PM EST

    So what do we do now? Is there any way we can tell the hdd makers not to do this? The only ways I can think of are:

    • Stop buying their stuff - fat chance this will work. More computers are being bought pre-built than ever before. I fear our small dent will not be enough :-/
    • Petition them - they can just laugh at it and throw it out
    • Revolt ;-)
    Although my last one is kinda silly, is there really anything we can do?

    [ Parent ]
    Get the word out (4.66 / 3) (#64)
    by rusty on Thu Dec 21, 2000 at 02:22:41 AM EST

    If this passes the standards committee as a fait accompli, forget it. Look forward to a glittering future of trusted systems. OTOH, if there really is consumer demand for hardware that doesn't put the rights of the media conglomerate over the rights of the customer, then let people know. Basically, spread the news, call for answers. If no one cares, then I guess that's the market's answer to it. If people will buy disks without this technology, then someone will make them. We need to make it clear that the market exists.

    ____
    Not the real rusty
    [ Parent ]
    you also have to consider... (3.66 / 3) (#46)
    by use strict on Wed Dec 20, 2000 at 10:20:50 PM EST

    The fact that ATA chipset makers (ie, intel, via) will make this as well. Now, I must interject here that a lot of people (at home) with the faster machines have: 1) Bad gaming habits 2) Generally like media, beit pornography or mp3 or vcd, etc. 3) Have pirated software on their boxes in one way or another. Not that this is bad/good, but the fact is, no one wants to pay $50 for winzip. (the point here is that the stuff that is pirated most generally fits in the 'very high computation power' category) Now, the more that people have to start purchasing games, and media, etc, the less they will spend on their faster computers that support this. Regardless, you'll see a workaround for stuff like this in the works as soon as the spec gets defined.

    [ Parent ]
    Microsoft (3.00 / 3) (#52)
    by J'raxis on Wed Dec 20, 2000 at 11:11:15 PM EST

    Microsoft was opposed to it. Therefore, I can't possible seeing it go through...

    (Good God I didn't think I'd ever be rooting for Microsoft...)

    -- The Raxis

    [ J’raxis·Com | Liberty in your lifetime ]
    [ Parent ]

    Microsoft... our friend? (3.66 / 3) (#78)
    by Sheetrock on Thu Dec 21, 2000 at 09:36:03 AM EST

    From the article: The Register understands there is fierce opposition to the plan from Microsoft and its OEM customers. Generating hundreds of thousands of images each week, the PC industry relies on data going from one master to many reliably and smoothly. Imaging programs face the same problem as restore software: the target disk isn't the same as the originator disk. Microsoft Redmond already has put in a counter-proposal that eschews low-level hardware calls.
    ---

    My (cynical and biased) translation: "Your proposal sucks. We recommend making the drive slower and incompatible with Linux." I don't think they're trying to get the whole idea scrapped; they just want to have a bit more control over this standard if it's going to share most home users and many office users with Windows. As bad as the idea is already, it looks like the Microsoft plan would toss in a driver as well, and implement a good deal of this in software. So it would be slower, and if the driver is closed source, these features couldn't be implemented under Linux. It'd probably just be like a regular hard drive...

    Wait... that's not so bad. But Windows users would have to deal with a slower software implementation. And software is, unfortunately, easier to reverse-engineer than hardware. So this wouldn't be a good... wait a minute... hmm...

    Go Microsoft!

    [ Parent ]

    The more I think, the less I know (2.85 / 7) (#16)
    by reshippie on Wed Dec 20, 2000 at 05:16:34 PM EST

    Ok, so I've got too much time on my hands at work, but anyway...

    This kind of copyright protection makes sense (in a feasibility way) for removable media (DVDs CD-ROMS) but how does it apply to hard disks? If your simply moving data back and forth through the interface how does this affect anything?

    Still confuzzled, but willing to listen to explainations.
    ResHippie

    Those who don't know me, probably shouldn't trust me. Those who do DEFINITELY shouldn't trust me. :-)

    Fundraiser (3.30 / 10) (#17)
    by sugarman on Wed Dec 20, 2000 at 05:18:29 PM EST

    Looks like this is a "fundraiser". (Remember the movie "Long Kiss Goodnight"?)

    Faced with dwindling sales during the Christams season and market saturation, it looks like the big manufacturers are taking steps to cause a forced upgrade. They are going to break compatability with the old drives in order to drum up new sales, and they are going to do it by targeting the mechanical part of a PC that are is likely to fail: the HD.

    The OEM's and software makers are against this becuase it forces comapatibilty problems with their current products, and will force them to adopt a new way of imaging new units. I'm sure that their protests are only token and temporary: look like they're putting up a fight, but eventually giving in. With new sales of upgraded products (hardware or software), and I'm sure they'll jump at the chance to get repeat business who would otherwise be more than happy with their current 45GB HDD.

    so, the only real hope is for it to be rejected by the ANSI approval committee. Given that this is already the third revision, I imagine it likely that they'll keep trying until it gets passed. It is also likely that they will not roll out the faster ATA spec without it.

    "Sorry, consumer, but until the nasty NASI committee rolls out the spec, we can't give you that bigger bandwidth that you need. Yes, we know it's the biggest bottleneck in the PC, that's why we're working for you, the consumer, and why you should pressure this committeee to let us release it."

    Apologies for the cynicism. But I think it is pretty clear what is happening here. And I'm afraid that it is only a matter of time before it does.

    --sugarman--

    good. (3.00 / 1) (#44)
    by use strict on Wed Dec 20, 2000 at 10:14:37 PM EST

    Maybe then we can see SCSI fit into it's rightful place... SCSI has always been a better I/O standard anyways.

    [ Parent ]
    Huh? (3.50 / 6) (#18)
    by fvw on Wed Dec 20, 2000 at 05:36:50 PM EST

    I don't get it. How does this prevent me from downing an mp3? Unless the harddrive can recognise it as copyrighted content, or it prohibits the creation of any personal files without a key from the hd maker, they can't stop this.

    It doesn't (3.50 / 2) (#70)
    by Spinoza on Thu Dec 21, 2000 at 04:34:21 AM EST

    It prevents you from ripping a CD that uses CPRM. MP3s aren't copyrighted in the sense that they aren't manufactured by the owner of the copyright, hence they contain no protection. These people are primarily concerned with preventing the initial rip.

    [ Parent ]
    Ripping CDs (4.25 / 4) (#81)
    by Kaa on Thu Dec 21, 2000 at 10:55:54 AM EST

    It prevents you from ripping a CD that uses CPRM

    It does? You need a CPRM-enabled sound card to prevent it, not a hard drive. And it has been pointed out multiple times that it's all utterly pointless unless the decryption takes place in the speakers, and just pointless even in that case.

    I would guess the point is to be able to sell some bits to be used on a single hard drive, and that's it. Like you pay $9.95 for the download of Britney Spears' latest and the only place it can live is your hard drive. If it crashes, or you replace it, or want to back it up to non-compliant media -- you are SOL.

    Of course, a non-compliant sound card makes the ripping process trivial (btw, a compliant sound card MUST have no analog outputs -- think about it).



    Kaa
    Kaa's Law: In any sufficiently large group of people most are idiots.


    [ Parent ]

    Yeah, SDMI seems to have played a big role here... (4.00 / 1) (#87)
    by Spinoza on Thu Dec 21, 2000 at 04:19:04 PM EST

    It looks like downloadable music was looming large in the minds of the people who came up with this.

    You don't need a CPRM sound card. Here's why: They aren't trying to prevent you from playing the CD and recording the sound from it. They are trying to prevent bit-for-bit copying of the digital data. Obviously they can't prevent re-recording of the sound, without preventing the playing of the disc completely.

    The CPRM CD drive itself would be able to decrypt the CDs, and send the analog signals to the sound card. It would probably be designed to refuse to send the digital data to any device, unless the device authenticates itself as a CPRM compliant device. (This may not even be an option for CD drives. It does seem to be available for SDMI music though.)

    [ Parent ]

    Analog does matter (3.00 / 1) (#103)
    by adamsc on Fri Dec 22, 2000 at 12:53:49 AM EST

    It's a common mistake to assume that they just need to prevent digital-digital copies. If you connect the audio-out from your CD straight to the audio-in on your soundcard, you'll get something which will be indistinguisable from the original without special equipment unless you're using bent paperclips for cable and the world's cruddiest soundcard.

    Ripping CDs wasn't a big deal until MP3. The MP3 compression process will change the signal far more than a high-quality A-D conversion.

    [ Parent ]

    True, but... (none / 0) (#105)
    by Spinoza on Fri Dec 22, 2000 at 01:38:00 AM EST

    This isn't aimed at analog copies. Partially because there is no reaonable way of stopping analog copying. What could they do? Ban line-in sockets on sound cards?

    Actually, I once had a godawful CDROM drive that wouldn't do digital copies. It could do analog, without any rewiring. Sound recorder programs take analog input when recording from the CD as well. It's part of every sound card, as far as I know.

    The thing is, analog copies will not be as good as digital ones, because they pass through the D-A converter and back through the A-D converter, which is going to lose some fidelity, plus they'll be more susceptible to line noise. Also, analog copying will be far susceptible to skips. (It certainly was with my drive, but that was about six years ago.)

    [ Parent ]

    huh? (3.00 / 1) (#131)
    by naasking on Sat Dec 23, 2000 at 02:49:17 AM EST

    The CPRM CD drive itself would ... send the analog signals to the sound card.

    If it did this, why would you even need the sound card? The express purpose of the sound card is for A/D and D/A conversion.

    Perhaps you meant the way Audio CD's can be played through the audio connectors btw it and the CDROM?


    [ Parent ]
    This was how it worked. (none / 0) (#132)
    by Spinoza on Sat Dec 23, 2000 at 03:15:58 AM EST

    "Perhaps you meant the way Audio CD's can be played through the audio connectors btw it and the CDROM?"

    This is precisely what I mean. When you record from CD to WAV, it doesn't rip the CDDA data and convert it...it just records the analog signal.

    [ Parent ]

    Digital Watermarking (none / 0) (#138)
    by tuxedo-steve on Wed Dec 27, 2000 at 12:03:09 AM EST

    A HDD could recognise copyrighted content, perhaps, if the content creator used some form of digital watermarking (for audio/visual files, anyway). I recognise that there would be a number of problems to overcome in the implementation of such a protection system (i.e. Each watermark is different - how to recognise them all? How to differentiate between a watermarked file that's authorised to be used, and one that isn't?), but it is a potential implementation method that would allow a HDD to recognise an MP3 as copyrighted content.

    - Tuxedo-Steve

    - SMJ - (It's not just a name - it's a bad aftertaste.)
    [ Parent ]
    I don't get it (3.57 / 7) (#21)
    by kagaku_ninja on Wed Dec 20, 2000 at 05:42:04 PM EST

    OK, so I rip some audio out of a copy-protected CD. The data is just data. No form of built-in encryption in the disk can tell the difference between copy-protected audio and any other form of data (unless it is scanning the data stream for some type of pattern; this seems unlikely to work, and would require OS support). Where is the protection?

    I am assuming that the copy protection on the original data source can be broken; the situation with DVDs supports this view...

    If some content is installed via vendor supplied software, then it could be protected.

    Programs (3.33 / 3) (#23)
    by ucblockhead on Wed Dec 20, 2000 at 05:50:13 PM EST

    This isn't aimed at data files so much as programs. Programs can be written to check for the existence of a key, and the like. I'm sure companies will also try to push "improvements" to mp3s that also use such keys.

    Though it is mostly pointless in the long run. The programs can be hacked not to check.


    -----------------------
    This is k5. We're all tools - duxup
    [ Parent ]

    Re: Programs (3.00 / 1) (#58)
    by bemann on Wed Dec 20, 2000 at 11:29:58 PM EST

    There are several reasons why this would never work. First, this would require changing network protocols, banning all noncompliant software, forcing OSes (yeah, is this ever going to appear in Unix/Linux) to allow low level drive access to nonprivileged software, etc. This whole copy protection scheme is not going to work one bit.



    [ Parent ]
    no, definitely data (none / 0) (#96)
    by Arkady on Thu Dec 21, 2000 at 10:46:13 PM EST

    Look at who's funding this (not IBM &co. who are building it). If Andrew is interpreting the situation correctly (and the fact that DVD-CCA is involved strongly argues that he is ...), then this is being funded not by the technology companies but by the entertainment conglomerates.

    These people are out to restrict use of data, not programs. They restrict program use through laws like the DMCA. ;-)

    Cheers,
    -robin

    Turning and turning in the widening gyre
    The falcon cannot hear the falconer;
    Things fall apart; the centre cannot hold;
    Mere Anarchy is loosed upon the world.


    [ Parent ]
    Copy protection has never worked. (4.41 / 17) (#22)
    by gblues on Wed Dec 20, 2000 at 05:47:47 PM EST

    Not once in the history of the PC has copy protection succeeded in preventing malicious users from making and distributing illegal copies of copyrighted material. What it has succeeded in doing is put undue restraints or requirements on the users, thereby breeding the very offenders they are trying to stop.

    Anyone remember the old Sierra floppy games? The way those games were protected was that the floppy was created with a bad sector, and the loader for the game actually slowed down the motor on the floppy drive to sync it with the bad sector. Since diskcopy programs wouldn't correctly copy the malformed sector, the game required the original disk to run.

    The workaround for the Sierra games was to simply disable the disk check entirely. Likewise, the workaround for the copy-protected hard drive is really very simple: modify the drivers to automatically strip the "copy protected" bit from files being written to the disk. Not only will this prevent the hassle of cracking the encryption, but it will probably drastically increase performance (since there isn't an encryption-induced latency in file access).

    This wouldn't even violate the DMCA, because you aren't circumventing a protection process, you're preventing the protection in the first place. ;)

    Nathan
    ... although in retrospect, having sex to the news was probably doomed to fail from the get-go. --squinky
    the scary part (4.60 / 10) (#30)
    by SEAL on Wed Dec 20, 2000 at 06:45:17 PM EST

    There's a big difference between this scheme and the copy protected games we saw years ago. The hitch with hardware b.s. is that it is a group of major manufacturers banding together (hmm sounds like the DVD Consortium). Well, that's if you believe everything The Register reports. Anyhow, when major suppliers group together for something like this, it can only mean bad news for the consumer. Why?

    Well, this is a feature that consumers don't want. The only ones who want this feature are the content providers. Therefore, the only way to gain widespread usage and acceptance is to make it as transparent as possible, and to make it nearly impossible to find alternatives.

    This means they have to get everyone on board: as many hardware manufacturers and content providers as they can. When the consumers have no choice left, they'll buy this system. It worked for DVD.

    If that wasn't bad enough, consider that implementing this whole scheme is going to be expensive. Guess who will be paying for it, though. Certainly not the companies who, according to their arguments, should be saving BILLIONS each year due to reduced piracy. No, folks, you can rest assured that the consumers will be picking up the tab on this great technology that they didn't ask for.

    Free market is great until it stops being free.

    Best regards,

    SEAL

    It's only after we've lost everything that we're free to do anything.
    [ Parent ]

    Strongarming (4.83 / 6) (#32)
    by interiot on Wed Dec 20, 2000 at 08:13:51 PM EST

    (assumption made: the hard drive industry is strong-armed by a specific group to mostly make only the protected drives. If you don't assume that, then getting around this should be trivial.)

    So if the consumers don't want it, but it's forced on them, couldn't it be considered to be a violation of the Sherman Antitrust act? eg. restraint of trade?

    Because things like DVD consortiums controlling the market can be rationalized with intellectual property babble, but to make agreements with all the hard drive manufacturers to stop making the ATA drives they were previously free to make... that seems like intentional tampering to me.

    Then again, my assumption is probably wrong because the Register article doesn't mention any strongarming. In which case, who cares? I -suppose- the strongarming would come when a bunch of content providers won't even give you the content in the first place unless you have the protected drive. For instance, you can only access live streaming television over the 'net if you've got it (and no unencrypted drives in your computer, and the stream between the station and your computer will be encrypted so your firewall can't record it).

    [ Parent ]

    it doesn't matter.. (4.00 / 4) (#43)
    by use strict on Wed Dec 20, 2000 at 10:12:39 PM EST

    doesn't matter anyways, as antitrust trials take so long this feature will be well mainstream before we ever see anything in reaction to it, and besides, by that time we'll be seeing new, incompatible versions of it popping up so that they can scream 'competition' and shove the customer out the door.

    Gubment could have won a similar trial against DVD if it wasn't for laserdisc, divx, etc.



    [ Parent ]
    Reality check, people. (none / 0) (#121)
    by ksandstr on Fri Dec 22, 2000 at 09:44:42 AM EST

    and the stream between the station and your computer will be encrypted so your firewall can't record it).

    And how, pray tell, are they going to implement THAT? Strongarm everyone (including network interface card manufacturers, etc) to remove promiscuous mode from all network gear (so that you couldn't simply plug your computer into a hub that is connected to both the cable modem and the snooping computer that otherwise stays absolutely silent)? Tell everyone that "sorry, in order to access our Very Very Elite Content, you have to get rid of your old Ethernet kit and buy our crippled hardware to replace it"? Yeah, that'll work.



    Fin.
    [ Parent ]
    Small correction (none / 0) (#122)
    by ksandstr on Fri Dec 22, 2000 at 09:47:09 AM EST

    The "content providers" wouldn't be "saving BILLIONS". They'd be actively receiving "BILLIONS" more. There's a subtle difference between money that isn't received at all and money that's first received, then stolen.

    The "remember, kiddies, it's not theft if nothing's missing" principle, as I've heard it called.



    Fin.
    [ Parent ]
    DMCA - explicitly allowed (3.25 / 8) (#39)
    by Signal 11 on Wed Dec 20, 2000 at 09:01:14 PM EST

    The DMCA allows a specific provision for bypassing security measures: If it is to promote interoperability. So long as there is some device or piece of software that is incompatible with their scheme, you can disable it to allow that device or application to use the device.

    So... who wants to code up an application that is incompatible with this copy protection - such as.. oh, I don't know... backup software? :)


    --
    Society needs therapy. It's having
    trouble accepting itself.
    [ Parent ]

    Acutally.. (4.11 / 9) (#42)
    by Ig0r on Wed Dec 20, 2000 at 09:23:40 PM EST

    While there is a clause that says that you can USE such a device, it's illegal to MAKE one... so that presents a bit of a problem.

    [ Parent ]
    Proving it. (3.00 / 6) (#55)
    by Signal 11 on Wed Dec 20, 2000 at 11:20:36 PM EST

    Unless they catch you in the act, it's somewhat difficult to prove that you built it. Even then, it's likely you could break the device into discrete components to get around that. Without a signal generator, for example, a device to remove macrovision would be somewhat useless. So you build a perfectly functional electronic circuit that simply requires a signal generator. Then you build the signal generator.

    Problem solved - they can't claim you "built" a copyright-infringing device, you only plugged it in.


    --
    Society needs therapy. It's having
    trouble accepting itself.
    [ Parent ]

    still too trusting (5.00 / 1) (#97)
    by Arkady on Thu Dec 21, 2000 at 10:54:25 PM EST

    Involved in the EFF, we have two major groups of people: the techies and the lawyers. We have serious disagreements over questions like this because techies usually think, as you do here, that the law means what it says.

    As the other Robin (Gross) there explained to me, the law (to lawyers) means: what it says it means + what it has been said to mean + what the specific judge is likely to think + whatever the best public speaker claims it means. As far as I can tell, what the law actually says doesn't make it into the top three in this list. ;-)

    The problem is that American law is a huge, self-contradictory mass. Lawyers accept this and the necessary corrollary that (as the law contradicts itself constantly) what gets enforced cannot be the actual text of the law. It has to be the meaning which has been negotiated by the lawyers in the courts.

    I find this revolting, though most lawyers seem to think it's the most fascinating aspect of their profession. *blech*

    -robin

    Turning and turning in the widening gyre
    The falcon cannot hear the falconer;
    Things fall apart; the centre cannot hold;
    Mere Anarchy is loosed upon the world.


    [ Parent ]
    So innoncent, so trusting (4.14 / 7) (#68)
    by 0xdeadbeef on Thu Dec 21, 2000 at 03:25:56 AM EST

    As Judge Kaplan has already demonstrated, it is easy to dismiss claims of interoperability and just call these devices tools for piracy. Do you think they'd invest this kind of money in these schemes if they didn't think they had the legal end sown up tight?

    [ Parent ]
    A side note on the bad sector trick (3.60 / 5) (#40)
    by bored on Wed Dec 20, 2000 at 09:04:28 PM EST

    I think you have that trick a little wrong,or maybe I'm thinking of something slightly different. What I remember was there were bad sectors created on certain areas of the disk. When the program started up it simply tried to write to those sectors and then read back the data it had written. If it was the original floppy then the data came back different from what was written. If the floppy had been copied then the data would come back as it had been written.

    [ Parent ]
    Piracy - Is it really that bad? (4.38 / 21) (#25)
    by Zane_NBK on Wed Dec 20, 2000 at 05:52:33 PM EST

    Perhaps we should have another article on just this topic. Maybe we already have in the past, I don't know. :)

    You always hear quotes in the media about how much piracy is costing a company. Like "Piracy in Malasia costs Microsoft $400 million yearly!", etc... But how many people would've bought that product at all if they hadn't pirated? I would guess that number to be less than 30%. Who knows how many gigs of MP3's I've downloaded over the years, but I still own several hundred dollars worth of CD's because I buy what I like.

    It's easier to buy things than it is to pirate. Even if you're on cable or have some other type of high bandwidth connection piracy takes time. First you have to find what you want, then you have to spend time downloading, testing, redownloading, burning, etc...

    If people have money they will most likely pay for the products they like. If they don't have money, they wouldn't have bought the product in the first place.

    The problem with piracy is not consumers. The problem people are those with CD stampers, DVD stampers and other manufacturing equipment that can pirate products and sell them as if they were the original product. Even DVD's protection *cough* is useless when you've got a DVD stamper.

    Some of us think, "Oh well, it'll fail because consumers won't like it and they won't pay for it." In a true market economy that would be correct. The problem here is that there are no laws to prevent "technology fixing" or "spec fixing" (think price fixing). For some reason it's perfectly legal for every company in an industry to come together and say "This is the only way we will produce any products of this type, there will be no options for the consumer on this issue." while it's 100% illegal to get together and say "All 10GB hd's will now be sold for $500 and the consumer will have no options!" IMHO these two statements both deprive the consumer of choice.

    Industry groups have grown waaaay too powerfull.


    Unsanctioned Copying: How Accurate Are the Numbers (4.50 / 6) (#47)
    by ewhac on Wed Dec 20, 2000 at 10:21:29 PM EST

    I got a copy of the "piracy" reports from the BSA and SIAA (nee SPA), and found them completely impossible to understand. I don't claim to be a math/statistics wizard, but I do have a few brain cells to rub together. The methodology used by the organizations defies my ability to understand it.

    As near as I can tell, they receive actual unit sales figures (in confidence) from member companies. They then calculate "demand" for the software, i.e. how many copies are expected to be out in the field. They subtract actual sales from "demand", multiply by something less than the wholesale unit price, and proclaim that as the "loss" to "piracy".

    The trouble is that their calculation of "demand" is completely inscrutable. It looks to my untrained eye like nothing more than a wild guess at sales projections.

    It gets weirder when you observe that, while unit sales fail to meet "demand" -- resulting in "piracy" -- Microsoft's earnings almost always exceeds expectations. Now, help me out here: How is "earnings expectations" different from "demand", and how can one be better than anticipated, while the other gets "worse" every year?

    If there's anyone out there with the requisite math/economics skills who can pick apart their "piracy studies", I'd love to see it done. I lack the skill to do it myself. The BSA's "piracy" report is located here (PDF file).

    Schwab
    ---
    Editor, A1-AAA AmeriCaptions. Priest, Internet Oracle.
    [ Parent ]

    Funny you should ask (4.92 / 13) (#61)
    by kmself on Wed Dec 20, 2000 at 11:45:34 PM EST

    No, I didn't just whip this up, it's something I first wrote in 1997 and pull out for appropriate occasions. I've noticed that the SPA/BSA/ICCS reports are now much thinner on methodology, though their grossly inflated loss claims persist.

    After publishing this, I checked with Hal Varian (refernce below), now Dean of the School of Information Management Systems at UC Berkeley and a highly respected economist to see if I wasn't completely out to lunch. "Looks about right" was his response. The Register has also run a number of pieces on software piracy and enforcement actions, most of which are strongly critical of the BSA and Microsoft's tactics in this arena. I'll try to post some recent links in this discussion. Many of the predictions in this piece have been borne out.

    The piece....


    Much of this material was originally posted by me to misc.legal.computing following Rachel Guerin's posting of a summary of the SPA's release of 1997 Global Software Piracy Report.

    In this post, I challenge both the methodology used in estimating business losses due to piracy, particularly the dollar revenue losses, and several implications of piracy, based on economic analysis.



    Rachel Guerin wrote:

    Questioning the study and the numbers may be intellectually stimulating, but the fact remains, theft is theft. As a society we have deemed stealing wrong. As such, we need to enforce that standard for all property, intellectual and otherwise, a responsibility which falls to governments.

    We should also be concerned that theft is reported accurately. I wouldn't want to see $0.50 of plastic beads claimed as a $10,000 pearl necklace.

    Finally, stealing a car from the dealer, not owner, is more analagous to s/w piracy. As such, thay have lost a sale and someone has gained from that loss. Just because copying s/w is easy, doesn't make it right. How many people would walk into CompUSA, pick up a s/w package and walk out the door without paying? Now, how many people would copy their friend's titles? It's the same thing.

    It's not the same thing. In the first case (walking out the door without paying), I've removed property for which the store has paid, without paying in turn. In the second, I've entered into competition with the store, with a much less expensive product. Illegally, we'll both agree. But not the same thing.



    Economic Supply and Demand

    As has been pointed out with distressing regularity when discussing software piracy, pirated software does not represent a redistribution of already manufactured goods (I'm not stealing your car), it represents production of additional, unauthorized goods (I copied it). What I haven't seen stated often is the correct economic description of what piracy is and how it operates.

    The following discussion assumes a basic understanding of microeconomics.

    Economic "demand" is the units of a product which will be purchased at a given price. Plotting price on the vertical and unit on the horizontal axis, this is usually a downward sloping curve, and tends to become flatter to the right. Economic "supply" is the units of a product which will be produced at a given price. This is an upward sloping curve, and tends to steepen to the right. These curves are a simple, but effective way of describing complex underlying production and consumption functions and preferences. See any econ or microecon text, e.g.: Samuelson, "Economics", Hal Varian, "Intermediate Microeconomics".

    Software piracy is economically equivalent to introducing an almost identical, substitutable product on the market. By substitutable, I mean that a single consumer is unlikely to buy both the pirate and legitimate version of a program. By almost identical, I mean that pirate software is (usually) functionally identical to the legitimate product, but may have some differences in perceived benefits (manuals, support), and risks (criminal liability, viruses).

    The two products have independent supply and demand curves (S-D curves). The relationship of these curves determines the real effects of piracy.

    Pirate supply is right-shifted from legitimate supply (more units produced at a given price). Pirate demand is usually left-shifted from legitimate demand (fewer units demanded at a given price. Why the last? Think: at a given price, you can purchase either a legitimate, supported, and (presumably) virus-free copy of software. How much less would you be willing to pay to lose these assurances?

    The result is that pirated software is always less expensive than legitimate software. How many units of each are sold depends on the relative shapes of the S-D curves -- pirate sales may be higher or lower than legitimate sales.

    The effect of pirated software is to reduce the demand for legitimate software. The result of reduced demand is to move back along the legitimate software supply curve. The result is nonintuitive: software piracy reduces the price of legitimate software. Again, the amount varies with the particular S-D curves. (We'll get to revenue impacts later).



    Empirical Behavior

    The empirical evidence is strong. In markets with high piracy rates, legitimate software is significantly discounted. This is the case in Hong Kong and other eastern markets, where legal copies of MS Office sell at 50% or greater discounts to prices in the US or western Europe. Pirated software sells for pennies over the media cost. A colleague was telling me of his experience at the Golden Market (?) in Hong Kong -- separate pricing applies if you supply your own media. Piracy is a highly competitive market, driving profit margins down.

    Incidentally, if you read carefully, the SPA's report never touches this topic at all. Some derived news reports talk about "increased costs to consumers", but these are largely fluff pieces written by reporters with, presumably, less knowledge of economics than the SPA.



    Impacts on ISVs

    Piracy does have a negative impact on legitimate software revenues. The amount cited by the SPA as "losses due to piracy" is mislabeled, it is really the wholesale value of pirated software (units of pirated software times wholesale price).

    The actual loss is the difference between what revenues would have been without piracy and actual revenues with piracy. Determining the price and unit sales in the absence of piracy requires a more rigorous economic analysis than is used in the SPA case. The amount is far, far less than the numbers reported by SPA. I've been looking for, but have been unable to find any rigorous economic analysis suggesting the what the actual amounts might be in different markets.

    It's possible to get some idea of how far off these are simply by backing out SPA's numbers, taking the piracy rate to represent a fraction of total wholesale unit sales. Taking a few of the markets described, 1998 SPA report:

    (billions of US dollars -- and curse Scoop's lack of table support....)

    Market : Whsl Value Pirate Sw : Piracy Rate : Legitimate Sales (my estimate)
    • US     : $2.8 : 27% : $7.6
    • China  : $1.4 : 96% : $0.06
    • Japan  : $0.8 : 32% : $1.7
    • Korea  : $0.6 : 67% : $0.3
    • Brazil : $0.4 : 62% : $0.3
    • UK     : $0.3 : 31% : $0.7

    China is of particular interest. Though piracy "losses" of $1.4 billion are claimed, ACTUAL software sales were only $60 million. I find it impossible to believe that any significant fraction of the claimed billion plus dollars in "losses" would have been realized in actual sales, in the absence of piracy.

    Put another way, the US per capita legitimate software purchase for 1997 was $27. For China, it was $0.05.



    Critique of SPA Analysis

    SPA is very misleading in its labeling of the components of its analysis:

    • "Demand" by SPA is the number of computers (HW units) present in a country or region based on sales reports, multiplied by a derived software utilization factor whose derivation is unspecified.

    • "Supply" by SPA is the number of actual software unit sales of software, from vendor reports.

    In economic terminology, SPA's "demand" is a measure of maximum potential capacity or consumption. SPA's "Supply" is just the number of SW units sold at prevailing prices. They have very little to do with the actual economic concepts of supply and demand, which describe a relationship between price and units.



    "Curing" Piracy

    As SW piracy is largely an economic crime (the contribution of "spree" or "joyriding" or "a copy for a friend" SW piracy is negligible, though exceeding licensed use within a firm is not), the best defenses are likewise economically based. The SPA report and its derivative press coverage are an attempt to influence the demand side of the equation -- raise doubts, concerns, and scruples to the point that demand for pirate software is reduced.

    The alternative attack would be on the supply component. If pirate markets are largely concentrated among a few marketplaces such as Hong Kong, it might be possible to undercut the market by entering the pirate market and selling software below media costs. This "pirate" pirate shop would draw customers from "legitimate" pirate shops, drying up their market by pushing prices to unprofitable levels. This wouldn't take much of a price cut, as the market is already highly competitive.

    The effectiveness of this strategy would be strongly affected by such factors as the presence of the mob (requires additional security, may mean pirates have financial backing to wait out dry periods), the need for continued ongoing sales, and the efficiency of the markets. If a high proportion of sales occur in a small number of markets, with poorly backed, unorganized pirates, and market reemergence takes time, this could be highly effective. The less applicable these assumptions, the less effective this strategy.



    Social Good?

    Finally, there's the question of whether or not piracy is good or bad, for both the software companies and society.

    In the case of China, there is more than 20 times the availability of software with piracy then without. What we need is a cost-benefit analysis of this situation. Curiously, the benefits are easier to quantify than the losses. Presumably, each pirate copy represents some productivity gain for the person using it. I don't know how to quantify the market efficiency loss, and I don't know that it goes beyond the real (not SPA stated) lost revenues of the software company.

    Microsoft, in particular, has always had a relatively cavalier attitude toward capturing all potential revenues. Their business model has been based on the size of the market, rather than on the portion or efficiency with which revenues are collected, and has indicated a preference to capturing a small percentage of a large market. The telling comparision is with Apple, which long had a tremendous profit margin on its systems. With market share at 3% and falling, Apple's strategy loses.

    I've seen discussions suggesting that in a poor but growing economy, even pirate sales are a benefit to the vendor. Software, like heroin, is addictive. Once a user is hooked on a specific brand, costs of switching, even if non-economic, are high. Legitimate software, while an income stream, is also a liability for support, warrantee returns, and related servicing costs. Pirated software is unsupported, and does not bear this liability.

    Even in western countries, many people adopt a "try before buy" attitude to software, and may sample a product illegally before actually purchasing it. Additionally, I strongly question whether any significant portion of US pirated software would have been sold at current market conditions.

    A Rock and a....

    Finally, with the growing popularity and proven performance of free and open software alternatives, commercial software vendors may not have a competitive choice but to allow rampant pirating of their products, simply to gain a market position, however non-profitable it may be. In Redmond's eyes, a million pirated installs of Windows NT may still be preferable to a million installs of Linux.

    I'd say they're stuck between a rock and hard penguin.

    --
    Karsten M. Self
    SCO -- backgrounder on Caldera/SCO vs IBM
    Support the EFF!!
    There is no K5 cabal.
    [ Parent ]

    Ooo! Good Stuff! (3.42 / 7) (#65)
    by ewhac on Thu Dec 21, 2000 at 02:26:41 AM EST

    Thank you! I always suspected the anti-copying propoganda was bullsh*t.

    The problem is this same propoganda is being used as a justification to form public policy. The DMCA is but one example.

    Chaning the mind of policymakers seems to be an uphill battle, particularly since we generally don't have the necessary qualifications to gain their audience (i.e. money). It's beginning to look like getting into public service may be one of the easiest ways to slow the bastards down.

    Schwab
    ---
    Editor, A1-AAA AmeriCaptions. Priest, Internet Oracle.
    [ Parent ]

    Damn good comment (3.75 / 4) (#89)
    by erotus on Thu Dec 21, 2000 at 05:52:26 PM EST

    My favorite is this: "In Redmond's eyes, a million pirated installs of Windows NT may still be preferable to a million installs of Linux."

    How true this is. I'm sure that this also applies to many other free software packages. Netscape bitched and moaned when IE was freely given away. Now Microsoft is bitching because Linux is freely given away.

    I also agree completely that the numbers the SPA has been spewing out have been a complete and total misrepresentation of the true losses experienced by software vendors. Thank you for taking the time to post your comment.


    [ Parent ]
    The idiots in marketing have taken over. (3.16 / 12) (#29)
    by htom on Wed Dec 20, 2000 at 06:40:51 PM EST

    They've bought the idea that "copy protection works", and we're going to die with it.

    Goodbye to running a reorg on your harddrive; all of those files have to stay where they were put.

    Goodbye to changing filesystems; files are put where the hardware declares.

    Goodbye to having filesystems. Filesystem is a hardware feature.

    Goodbye to backups.

    Goodbye to images for restores.

    I suppose it's possible that there is some a really bright genius out there who has designed this to allow these things ... but somehow I just don't think so.



    Col. Jeff Cooper's First Rule of firearm safety: Always treat every firearm as if it's loaded. Always.
    Too complicated to work.... (3.22 / 9) (#36)
    by 11oh8 on Wed Dec 20, 2000 at 08:44:02 PM EST

    All consumer technologies like this must work on Windows and must be ridiculously easy for it to take off; such products have to be usable by the least common denominator, which in this case are the windows users who have the "Windows Start Button for Dummies" book lying on their desks.

    I just don't see how a proposal like this encrypted harddrive stuff can be made easy and transparent enough for these windows users to accept them...

    "What, I have to install a new backup program?"
    "What, I can't copy my file to this floppy???"

    And if you say that these Windows (and other) users won't have a choice, that the hardware manufacturers will force it upon us all, I highly doubt it.. These companies don't always act smart but they are not dumb enough to completely alienate so many users, especially because they know that as soon as they do something like this, a company in taiwan will start making harddrives without this "feature"...

    Of cousr, if these copy-protected harddrives do become a reality, how long will it take for a nice GUI program to come along that even my mother could use to disable the copy protection...

    11oh8


    CPRM a write protection? (3.66 / 6) (#37)
    by recursive on Wed Dec 20, 2000 at 08:48:09 PM EST

    Like many others I have trouble to understand CPRM, even in the context of read/only media like DVD. Unfortunately is the spec not available online but only upon request and as a printed document. Any player must ultimately deliver the decrypted content and thus it can be copied. However, the CPRM scheme may aim at something different: given the new standard it may be impossible to create a new DVD using the content. Creating a DVD would require the knowledge of a cryptographic key, which is only known to very few producers of DVDs. Copy protection thus would work by restricting access to DVD production. This still makes no sense to me for read/write media like hard disks.

    -- My other car is a cdr.


    Some more information (4.25 / 4) (#54)
    by recursive on Wed Dec 20, 2000 at 11:17:23 PM EST

    It seems that my speculation was more or less correct. The DVD FAQ explains it this way:
    CPRM is a mechanism that ties a recording to the media on which it is recorded. It is supported by all DVD recorders released after 1999. Each blank recordable DVD has a unique 64-bit disc ID etched in the BCA (see 3.11). When protected content is recorded onto the disc, it can be encrypted with a 56-bit C2 (Cryptomeria) cipher derived from the disc ID. During playback, the disc ID is read from the BCA and used to generate a key to decrypt the contents of the disc. If the contents of the disc are copied to other media, the ID will be absent or wrong and the data will not be decryptable.

    -- My other car is a cdr.


    [ Parent ]
    another problem (software vs. hardware) (3.66 / 6) (#51)
    by steev on Wed Dec 20, 2000 at 11:03:27 PM EST

    I don't think anyone has mentioned this yet - I'm assuming that the way this would work is that files you download or otherwise obtain will have to be flagged as copyprotected somehow. Somehow that flag has to get turned into an instruction to the hard drive to encrypt that file. This is a software thing....

    If this is true, it totally depends on the file format. In other words, when I download an mp3, there's no information contained in the header that says "don't copy this". So how do you get the encrypting hard drive to treat it as non-copyable?

    Maybe I don't understand the scheme, which is understandable since the register article was a little vague. I wish there were a few more details.

    If I'm wrong, and instead the idea is that everything is encrypted, well, this is just unworkable. besides the issue of backups, how would you even optimize a drive? It just doesn't make sense...

    MP3s and copy protection (3.50 / 4) (#57)
    by zztzed on Wed Dec 20, 2000 at 11:27:37 PM EST

    In other words, when I download an mp3, there's no information contained in the header that says "don't copy this".
    That's not entirely true. MP3s do have a "copyright" bit, but it's rarely used, and I doubt there's any software that takes special measures to prevent copying of MP3s with that bit set, so it's effectively useless.

    [ Parent ]
    Re: another problem (software vs. hardware) (none / 0) (#124)
    by Yeroc on Fri Dec 22, 2000 at 12:50:58 PM EST

    No...flags aren't used. How it works is the content you download is encrypted by the content provider using keys from your hard drive. The hard drive itself is not doing any encryption or decryption whatsoever. All it is providing is encryption keys to content providers to allow them to encrypt data for you.

    When you want to see this protected data special software will be used (similar to DVD player software) which will use the hard drive's private encryption key to decrypt the data. So, just like DVDs you could make a binary copy of the encrypted data but it would be useless on another hard drive...

    Incidentally, this also opens the whole privacy can of worms as well since every hard drive will now be uniquely identifiable.

    [ Parent ]
    This *can't* work (4.18 / 11) (#59)
    by bemann on Wed Dec 20, 2000 at 11:39:10 PM EST

    First, even Microsoft doesn't want this (any sane company producing system-level software would be against this - this would break their current software and force them to make unnecesary changes which don't benefit themselves at all).

    Second, this would require OSes to allow low-level drive access to any program (which would be insane from a security perspective).

    Third, this would break current filesystems (more unnecessary work for both Microsoft and Linus Torvalds).

    Fourth, this assumes that all software is compliant - and of course, free software/OSS programs won't comply with this.

    Fifth, public keys and such can be just packaged along with files and these files can be played with noncompliant software.

    So overall, this whole scheme is just hype and nothing else. The software industry and the free/open source software communities are both against this. The fact that Micro$oft is against this is what ironically really kills this idea.



    A prediction: (2.80 / 5) (#63)
    by Mr.Surly on Thu Dec 21, 2000 at 12:57:09 AM EST

    Does anyone really believe that this will not die a swift and quiet death in the near future? I'm sure it will have the same widespread acceptance and adoption that DivX did (DVD DivX, not DivX ;-) encoding).

    <raising hand> (4.57 / 7) (#66)
    by ewhac on Thu Dec 21, 2000 at 02:43:05 AM EST

    If end-users were the only purchasers, then yes, it would die instantly.

    But the end-user rarely makes that decision.

    The money isn't in selling at Fry's; the money is in getting a contract with Gateway to supply parts for their machines. All that has to be done is convince the executive staff at Gateway, Dell, and Compaq (who are BSA/SIAA members) to convert their systems to use these new drives, and poof! Your shiny new Dell Latitude won't let you play your store of unauthorized MP3s.

    Check out their Web sites some time and try building a system for yourself. All they tell you is what size drive you're getting, not who makes it (let alone which model). Expect this trend to continue when protection-enabled drives show up.

    As for Micros~1 opposing this due to engineering difficulty: Don't kid yourselves. Micros~1, being one of the principal spreaders of anti-copying propoganda, is almost certainly a behind-the-scenes promoter of this technology. Indeed, it's possible Micros~1 will require its licensees to use these drives. Once it happens, Windows and Office will become drive-locked, thus cutting down on "piracy".

    As for us do-it-yourselfers, since the non-protected drives will be in decresed demand (thus smaller manufacturing runs), expect the prices to go way up.

    Schwab
    ---
    Editor, A1-AAA AmeriCaptions. Priest, Internet Oracle.
    [ Parent ]

    Re: A prediction (none / 0) (#123)
    by Yeroc on Fri Dec 22, 2000 at 12:42:49 PM EST

    Well...this technology is virtually identical to the technology used for DVD copy protection and it hasn't died a swift or quiet death...

    [ Parent ]
    All information (2.75 / 4) (#69)
    by lonesmurf on Thu Dec 21, 2000 at 04:16:25 AM EST

    Forgive me if this vision seems a bit naive, but it is what is represented in the theatre, on TV, in books, and to some extent on the Internet. I was always under the impression that the ultimate goal was to move all information into a freely distributable form. You jack in, do a quick search for anything, it pops up and I can use it, view it, save it for later.

    E.g. I want to read a book, I look it up, I read it online. The same for movies, programs, information, etc. I know for sure that for this I would be willing to pay upwards of $150 a month (!? this is not that high if you think about the possibilites of unlimited access to information). Wouldn't you?

    Why is this such a terrible thing to want? What are some factors that make this economically not viable? Is the price set too low? Thoughts?

    Rami


    Rami

    I am not a jolly man. Remove the mirth from my email to send.


    Yes, its Terrible (3.50 / 2) (#80)
    by Matrix on Thu Dec 21, 2000 at 10:06:23 AM EST

    Or at least, the big publishing companies think so. Over the last century or so, they've made a fortune off publishing copyrighted works in "old" formats, like records, paper, CDs, videos.... Now that there's a new medium available that lets authors and artists distribute their work even more widely for far less cost, and without the intervention of a publisher as a middle-man, they stand to loose that revenue stream. Thus, the sudden scramble of encrypted formats and access-control-protection laws. Right now, you own the beer (copy of a movie), but you can't open the fridge (DVD CSS) its in. As for paying for open access, think about how much they're making from you right now - total up all your book purchases, movie tickets, CDs, cable charges.... I'm betting it comes out to more than $150. Way more. My family easily spends $150 on books alone.


    Matrix
    "...Pulling together is the aim of despotism and tyranny. Free men pull in all kinds of directions. It's the only way to make progress."
    - Lord Vetinari, pg 312 of the Truth, a Discworld novel by Terry Pratchett
    [ Parent ]

    You're already paying for exactly that. (4.00 / 2) (#82)
    by ewhac on Thu Dec 21, 2000 at 12:42:54 PM EST

    Ever heard of a public library? There's no reason digital works shouldn't also be available in the same way.

    Schwab
    ---
    Editor, A1-AAA AmeriCaptions. Priest, Internet Oracle.
    [ Parent ]

    Bits and Bobs - a scenario (4.83 / 12) (#71)
    by BadIvory on Thu Dec 21, 2000 at 05:36:15 AM EST

    Lots of email to the author and comments here suggest that this proposal is not possible [and¦or] not likely, because we've become accustomed to a couple of things: file system abstraction and assigning ownership of our data ourselves.

    Ah, but those are the two things that CPRM-in-ATA breaks. So imagine this...

    It's 2002, and your compliant, secure browser (IE7, say) receives a piece of secure data. It might be a signed MP3, or an article from AOL-TimeWarner-Vulture, the global IT tabloid. But suppose you're a subscriber, so you don't worry.

    When that "compliant" application receives the file it writes, not just to the file system, but to the device, using a physical start sector and the unique media key that's in your "compliant" hard drive. This proposal relies on unique identifiers for ATA drives. FibreChannel drives already have a unique identifier...

    So when you want to move, copy or delete that file, file system semantics are no longer applicable. You'll need to go the owner of that content, and all of a sudden, that isn't you.

    It's Xmas 2002, CPRM is in most of the PCs and TiVos sold, and has been for 18 months, and the industry introduces "secure" CD disks and "secure" DVDs with very little resistance from the market. A few diehards continue trading MP3s, culled from "insecure" legacy-CDs, or vinyl, on older and slower non-compliant PCs, but they're the minority. Game over?

    Many rights management schemes have been proposed before, but they all failed because the infrastructure wasn't in place, and was too expensive or too troublesome to implement. This trumps such arguments, for the infrastructure very much will be in place for a seamless transition to the Brave New World.

    So really, it's that hoary old chestnut again: whether art and information belong in the "commons", or whether we're happy to see them owned and administered by a few private entities, who once happened to own the means of distribution at some particular point way back when. (Of course it really isn't that black and white, as I'll happily pay for a given amount of information and kultur, but dammit, I'll be the judge of what that is, and I reserve my entitlement to personal use too).

    So I'll hazard a guess that if CPRM-on-ATA succeeds, consumers will have alot less ammunition with which to fight this argument next time round. If any.

    Missing file system abstraction already? :)

    ao

    "The only good endian is a dead endian"

    You seem to be under a misapprehension (3.50 / 6) (#76)
    by Spinoza on Thu Dec 21, 2000 at 06:28:30 AM EST

    See the links I gave in the second post above. I don't think anybody is going to lose filesystem abstraction for this. As far as I can see, the problems with back-up relate only to the back-up of copyrighted+encrypted data. Since the system is designed to prevent any copying of this data, this would seem to be unavoidable. Likewise, this will be a pity for people with RAID arrays, as the register article mentions. (Perhaps multiple drives with identical IDs will be sold expressly for use in RAID arrays, or maybe this is too much to hope for.)

    [ Parent ]

    Contradicting your self... (4.33 / 3) (#84)
    by BadIvory on Thu Dec 21, 2000 at 01:20:09 PM EST

    You say file system abstraction is safe... then admit that it's broken for RAID and backups. Isn't this a contradiction? :)

    "The only good endian is a dead endian"
    [ Parent ]

    You need to think for this to work. (4.00 / 1) (#85)
    by Spinoza on Thu Dec 21, 2000 at 04:02:49 PM EST

    No. It isn't the filesystem that is at risk. I never said that. The problem is that you can't copy the encrypted data between drives and have it work in it's new location, because the new location has a different set of keys. (Unless you use an authorised utility. Which would probably decrypt, then re-encrypt with the new location's keys.) It is a question of not being able to decrypt the encrypted data on the different drive. The data is just a file, like any other. This does not break the filesystem. You can still read the file, you just can't decrypt it. Obviously the problem is greater in RAID arrays, since they will attempt to maintain multiple copies of the data on seperate hard drives.

    [ Parent ]
    Raid array (5.00 / 2) (#104)
    by markus on Fri Dec 22, 2000 at 12:53:58 AM EST

    I believe, there is no problem with using this system for RAID arrays. I tried to read up on how this type of protection is supposed to work, and I will try to explain, what I understood so far.

    • Compliance is fully optional and vendors are still allowed to ship non-compliant systems (but see below, as to why consumers will request compliant drives!)
    • The drives will by default behave exactly the same way as a regular ATA device.
    • Whenever you buy protected content from the web, you must now use specialized software. This software queries the hard drive for an encryption key that is associated with a set of sectors on the hard drive. It then sends the key to the web server (presumably after some handshaking or using some digital signature that guarantees that the key was generated by a compliant device). The server encrypts the data with your key and returns it to you. The downloading software writes the data to disk.
    • You can still use standard file tools and operating systems to manipulate the data, but since it is encrypted, this won't allow you access to the protected content.
    • Any tools that change the physical location on the disk, render the data useless. That is why standard backup tools and defrag software will not work. Also, upgrading your hardware (e.g. buying a new harddrive) means that you must also buy all the content again ;-(
    • If you want to access the protected content, you need a specialized piece of playback software. This software tell the compliant harddrive, that it needs the decoding key for the file that is located at this particular sector. The drive returns a key, the software reads the encrypted data, decrypts it, and plays it back to the user.
    • The use of RAID arrays should not cause any problems (or if there are problems with the current draft of the protocol, then they can be easily fixed). As long as all of the drives in the array can return key information, the protection scheme still works. Of course, once you start swapping out drives as they die, you will lose access to the encrypted content.
    • Since you cannot ever write the key information (it is stored in read only memory on the drive), copying the encrypted data to a different drive is pointless. The software would not know how to decrypt it correctly.
    • Now, most of you can probably already conceive of various ways to defeat this scheme (e.g. reverse engineering the decoding software, intercepting the decoded data, ...), but this is where the really ingenious part comes in. The encryption/decryption algorithm is patented. You cannot use it without breaking the law -- unless you license it. In order to seed the market, licenses are free as long as you sign a contract that your software does not allow access without permission of the content provider.
    • In a future version, data will probably be encrypted both on the hard drive and while in main memory. The output device (e.g. your sound or video card) will then include another decryption key that is also used at the time when the content is downloaded.
    • As should be apparent by now, all encrypted data is rather fragile and becomes useless whenever hardware changes and/or regular system administration occurs. This is intentional. There is a strong push for pay-per-use systems. Ideally, content is intended to become useless immediately after you downloaded and consumed it.

    So, the technical part of the problem is only one facet of the story. The more important protection comes through the legal restrictions. As recent laws (mostly in the US, but partly in other countries) have strengthened legal protection for all forms of intellectual properties, expect content providers to quickly jump on the bandwagon and to exclusively sell content that is encrypted with the above scheme. At that time, it won't matter whether you own a compliant or a legacy hard drive. You'll just find yourself in a situation where you cannot legally make use of content, unless you buy into the new technology.

    We already have a similar situation with DVDs, and that's why I currently do not have any incentive to buy a DVD system or content on DVD.

    [ Parent ]

    defeating this, and pantented encryption (3.40 / 5) (#111)
    by Anonymous 6522 on Fri Dec 22, 2000 at 03:08:16 AM EST

    The way I was thinking of defeating this is to set up a computer between you and whoever you are receiving content from, and recording the entire connection, start to finish. From this data, I would assume you can recover 1) your harddrive's key and 2) the encrypted file. Now, I belive when you patent something, the pantent is open to public review. You can then get the the algorithm and use it in a program to decrypt the data. This is probably illegal, but that doesn't stop anyone from pirating MP3s and software.

    [ Parent ]
    CPRM-cracking - where to start (4.00 / 1) (#120)
    by ksandstr on Fri Dec 22, 2000 at 09:33:54 AM EST

    Whenever you buy protected content from the web, you must now use specialized software. This software queries the hard drive for an encryption key that is associated with a set of sectors on the hard drive. It then sends the key to the web server (presumably after some handshaking or using some digital signature that guarantees that the key was generated by a compliant device). The server encrypts the data with your key and returns it to you. The downloading software writes the data to disk.
    If you want to access the protected content, you need a specialized piece of playback software. This software tell the compliant harddrive, that it needs the decoding key for the file that is located at this particular sector. The drive returns a key, the software reads the encrypted data, decrypts it, and plays it back to the user.

    Well, it looks like that "copy protection magic bullet" will rely on a software component. And I think we all know what happens to binary-only software components when left alone with a skilled software cracker, a case of Jolt and SoftICE.

    There Ain't No Such Thing As Copy Protection. Get over it, already. (and no, implementing it in hardware won't do you any good either - some equally skilled hard-core crackers will just cut the die open and scan what's inside. It'll take more time, but after it's done there will be enough "secure content services" available for it to be seriously useful.)



    Fin.
    [ Parent ]
    We won't be buying encrypted CDs anytime soon. (3.80 / 5) (#109)
    by Anonymous 6522 on Fri Dec 22, 2000 at 02:54:58 AM EST

    There's no way consumers are going to accept encrypted Audio CDs, they would just be a burden only benefits the record companies. These CDs would require new players and they wouldn't offer any improvements in sound quality.

    The only way the record companies will be able to shove encrypted content to consumers is by introducing something like an Audio DVD. Even if audio DVDs are introduced and pushed hard, it will be a long time before normal unencrypted CDs disappear. You can still buy new music on cassette tapes even though CDs replaced them more than 10 years ago.

    This means that even if encrypted music becomes the norm, there will be a long transition time where normal CDs of the same music will be available. This may give smart people enough time to reverse engineer this so that we will be able to keep control of whats on our HD.

    [ Parent ]
    A little more light on the subject: (4.75 / 8) (#72)
    by Spinoza on Thu Dec 21, 2000 at 05:51:46 AM EST

    This article on CPRM mentions that it uses intel's Software Integrity System. This seems to be what provides the basic architecture of the CPRM system, with CPRM looking mostly like a tightening of the conditions the system will permit you to access it's content under. If I understand the idea correctly, from intel's rather top-level, for-the-masses outline, the system requires a compliant software player/reader to display the information. Unencrypted information is stored the same way as always. I suspect this is designed to interact with the filesystems on the different platforms it is targetted at. There's no reason I can think of that this would be impossible.

    Intel make a number of claims about their system being tamper-proof. Obviously they are at least aware that people are going to try to reverse engineer this. One assumes they have done more than merely passing a dead rat over the system to prevent it. Apparently the system is designed to test it's own integrity before doing anything else. It also maintains regular integrity checks while it is active. This might stand some chance of complicating reverse engineering efforts.

    I don't doubt that the software component of this system can and will be circumvented. I just don't think it's going to be quite as easy as some people seem to be suggesting.

    Does this strike anyone else as a very profitable venture for CD-player manufacturers? Now that the CD has achieved almost 100% market saturation, I can see why certain companies might be interested in encrypted media, and the new devices needed to read that media.

    Here's even more: (4.40 / 5) (#74)
    by Spinoza on Thu Dec 21, 2000 at 06:22:46 AM EST

    A presentation on CPRM itself from t13, a technical commitee for NCITS. Includes some information on the extent of the changes to ATA.

    More extensive information here.

    The site www.t13.org may contain more information that I didn't see. There are some articles there on the mandatory IDENTIFY_DEVICE command that might be relevant. There are also two other drafts of the second link I gave, right near it in the list.

    The second link deals in some depth with the changes to ATA. These seem to centre around four new commands used to retrieve the hidden key data, and authenticate certain elements of the environment (ie. the device's CPRM id, and that the program accessing it is authentic, etc). I'm staring and staring at it, but I can't find anything to suggest a new filesystem being implemented. Maybe I'm too tired right now.

    [ Parent ]

    Bingo ... read the post above (none / 0) (#110)
    by BadIvory on Fri Dec 22, 2000 at 03:04:42 AM EST

    Great detective work, Dr Spinola :)

    These documents are public. Get clicking, folks...

    ao

    "The only good endian is a dead endian"
    [ Parent ]

    Why exactly does this work? (2.75 / 4) (#75)
    by jynx on Thu Dec 21, 2000 at 06:24:41 AM EST

    I'm not saying that it doesn't work, just that I don't understand how.

    You must be able to read the data off of the disc to play the film/use the program. If the data can be read off of the disc what is to stop the computer reading the data off of the disc and writing in to another media unencrypted? (Or writing it back to the disc with the same media key, or reencrypting and writing with a new media key?)

    --

    Its as dead as the pIII serialnumber (3.00 / 5) (#79)
    by Dion on Thu Dec 21, 2000 at 10:01:34 AM EST

    Remember when the PII came out? when everybody was screaming that the serial number would allow eeeevil websites to track users and eliminate all anonymity?

    Well, I do, look how much that ended up meaining in real life: Nothing

    The reason that the PIII serial number failed to subvert privacy and why this sceme will never have any impact is the same: Nobody is ever going to allow programs access to those "features" and there will always be plenty of non-compliant programs that will happily ignore the protection bit and dump the raw data.

    Whatever happens the compliant platform (combination of compliant HW+SW) will not be able to provide anything that a non-compliant platform can't, it will be more expensive, up front (complex and slow encryption) and users will know that they will be fucked if they buy into it.

    In any even none of this is of any consequence to me, as I'm not likely to switch back to using an OS that would allow that sort of features.



    Not exactly (1.00 / 1) (#117)
    by Killio on Fri Dec 22, 2000 at 06:51:52 AM EST

    This situation is different - we're talking about a monopoly on hard drives here, making unencrypted ones unavailable or at least really hard to find.

    ---
    Moo!

    [ Parent ]
    Let's think on this... (3.00 / 1) (#86)
    by Cyberdeck on Thu Dec 21, 2000 at 04:08:19 PM EST

    H'm. How would this be implemented? I can think of at least two ways that would be basically undefeatable without redesigning the controller ASIC.

    "How?" you ask. Have the controller scan the data area of the sector-to-write for a specific bit-pattern. If the pattern exists, write zeros to that sector on the drive. Linux drivers *Might* defeat this by encrypting all sectors before they hit the drive, but given U.S. litigation policy, that will be difficult to implement.

    If the companies are careful enough, then the bit-pattern will be an integral part of the media stream such that altering the pattern will destroy the integrity of the stream. And even if your device driver removed the pattern before writing, how would you know where to restore it for playback?

    Who would do it? There are a fair number of technically qualified people who are looking out for themselves and cannot see the bigger social picture. To them, this kind of thing would just be another assignment. I would have to think long and hard about it... Is my job and possible career worth it if I tell my boss what he can do with this assignment? H'm.

    I don't know if I would want to be part of this idiocity in any way, but if the main HDD manufacturers all jump on the bandwagon there wouldn't be much that could be done. If it does come to pass though, then I'll seriously consider changing careers... CPA anyone?


    -C
    You can never have a bad day when you start it with "FORMAT C:".
    Double Encryption? (3.66 / 3) (#88)
    by Cheerio Boy on Thu Dec 21, 2000 at 04:54:03 PM EST

    Disclaimer: INAHH - I Am Not A Hardware Hacker.

    Just a quick question - couldn't the encryption of the hard drive be nullified by a software-level application that encrypts the data first using your key?

    I'm sure it would be horribly slow but wouldn't that work? The hard drive would only see "normal" non-copyrighted data.

    Or have I been inhaling too many Pan Galactic Gargle Blasters? ;-)



    Interesting thought. (4.00 / 1) (#90)
    by Spinoza on Thu Dec 21, 2000 at 06:07:16 PM EST

    You're not off the planet there at all. As far as the encryption goes, something like this is probably quite possible. I know nothing about the C2 encryption they are using, except that it appears to be a symmetric cipher, which makes what you're proposing pretty reasonable.

    I think part of the package is designed to prevent this sort of attack by testing the integrity of the system. Agents involved in the transfer and storage of information have to authenticate tbemselves to each other. There also appears to be some sort of work done to ensure that there are no circumvention devices masquerading as authentic agents. This would make introducing extra steps to the copying process a little more complicated. I would say, however, that the weakest link in the chain will be the software agents.

    [ Parent ]

    Actually... (3.33 / 3) (#92)
    by Spinoza on Thu Dec 21, 2000 at 07:55:56 PM EST

    If this would work, then you could also decrypt the data that is stored on your hard drive without using a authentic CPRM program.

    Part of the point of this thing is that it is difficult for unauthorised programs to obtain the keys needed to decrypt the data. The theory is that you never have the key. How this is achieved is going to be interesting to see. I suppose that at some stage the key must be stored in memory during the decryption process. If so, there's bound to be a way to retrieve it. Intel's tamper-proof software system will no doubt attempt to counter this attack. How successfully remains to be seen.

    [ Parent ]

    No. Decryption is handled by hardware in the drive (5.00 / 1) (#99)
    by maynard on Thu Dec 21, 2000 at 11:39:32 PM EST

    At no time is decrypted data ever send into main memory or across the IO bus. Data is double encrypted, once with the drive's public key and second with the next peripheral. If it were an audio file that means first it's encrypted for the sound card, and then that encrypted file is re-encrypted for the disk drive. The drive then decrypts the first cyptographic wrapper in the sound file when transferring the data to the sound card, the sound card then decrypts one last time for the actual audio data. Each of these decryptions is handled in hardware locally on the peripheral. They even have plans for tamper proof hardware.

    Again, never is decrypted data passed into main memory or across the bus. That's what is meant by a "Trusted System", because they certainly don't mean Trusted User.

    --Maynard

    Read The Proxies, a short crime thriller.
    [ Parent ]

    PS: Video will be the same (4.00 / 1) (#101)
    by maynard on Thu Dec 21, 2000 at 11:47:00 PM EST

    I should have pointed out that they plan the same for video. There's talk about sending video out from nextgen video cards encrypted (instead of RGB analogue). The monitor will decrypt on the fly and thus control video content such as film. Great, huh?

    --Maynard

    Read The Proxies, a short crime thriller.
    [ Parent ]

    Where is your information coming from? (4.00 / 1) (#102)
    by Spinoza on Thu Dec 21, 2000 at 11:59:11 PM EST

    I found the commands added to ATA, referenced, but not linked in the reg article. The doc is at www.t13.org. It mentions only storing the keys hidden on the drive, and the commands related to retrieval of those keys, authentication challenge command for the drive, and a command related to check-in/out of copies for SDMI. There is no mention anywhere of encryption implemented in hardware. There is a short mention of using sector/cylinder numbers as part of encryption, but it doesn't state how, or if this is used in CPRM.

    As far as I have have seen, the cipher being used is C2 (cryptomeria). This isn't a public key cipher as far as I can tell. In fact, one of the documents related to CPRM mentions that public key is no good for their purposes. They mention a broadcast cipher to be used instead.

    If you have access to additional information on this that reveals more on the nature of the system than I have found so far, and that you are able to reveal, please let me know, as this is piquing my interest considerably.

    [ Parent ]

    Oh great.... (3.00 / 4) (#113)
    by Anonymous 6522 on Fri Dec 22, 2000 at 03:28:12 AM EST

    So now monitors are going to cost, say, and extra $100 because they'll have to have a board that can handle encrypted video. Great, all this seem like a scam to make hardware more expensive and make it difficult *not* to buy a song multiple times.

    [ Parent ]
    Yes in principle, no in practice. (4.33 / 3) (#94)
    by maynard on Thu Dec 21, 2000 at 09:28:08 PM EST

    OK, so you could copy an encrypted data file from one drive to the next without much trouble -- probably. So, if you encrypted a file on a computer without crypto trusted systems chips embedded therein, you could move the data untagged to your new system. However, once you tried to USE the data you'd be back at square one. For example, suppose you wanted to play an encrypted music file. You could copy it encrypted to the new computer (or drive), at which point you could copy it again. But that doesn't mean that the data would decrypt properly, or that the data could be streamed to your sound card. Here's how it will work:

    • You buy a digital song.
    • Distributor takes the public key embedded in your drive, and another for your sound card.
    • They encrypt the song using your public key for the soundcard and then the public key for your drive, both against their private key.
    • They then sign using their public key.
    • Your drive then verifies the signature of the song against the content producer's public key.
    • When you access the song it then it decrypts the data using the disk drive's private key and the content producer's public key and streams it to the sound card encrypted with the soundcard's public key and the distributor's private key
    • The soundcard then decrypts it with the sound card's private key and the distributor's public key.
    At NO TIME does the kernel or your userspace programs have access to the unencrypted data. This is how Linux drivers can be writer without "damaging" the integrity of the intellectual property anti-circumvention measure.

    Welcome to the United Police States of America. Damn, I've got to move the fuck out of this country.

    --Maynard

    Read The Proxies, a short crime thriller.
    [ Parent ]

    One thing at a time...;-) (3.00 / 1) (#107)
    by Cheerio Boy on Fri Dec 22, 2000 at 02:32:46 AM EST

    One thing at a time here: The hard drive where the data is stored first because that's what will be implemented. Then worry about the encrypted sound cards/motherboards.

    All it takes is one person to "leak" or crack a song/piece of software and release it to the public. Then that's a piece that is unable to be stopped for the simple reason that if we can encrypt the hard drive with our own key then we can also encrypt the sound card, the motherboard, etc.

    This might be just the reason to work on completely modular virtual hardware. *grin*

    Regardless, if the hard drive encryption can be bypassed then that's a good first step.

    [ Parent ]
    A very very easy way to get around this... (3.20 / 5) (#112)
    by Anonymous 6522 on Fri Dec 22, 2000 at 03:16:24 AM EST

    All you have to do to get around this is to run a short audio cable from your soundcard's audio output to its audio input and record the input. You'll lose a very small amount of quality, but you'll gain a very large amount convenience and free youself of the encryption.

    [ Parent ]
    I think there's a minor factual error in there (5.00 / 1) (#119)
    by maynard on Fri Dec 22, 2000 at 09:26:26 AM EST

    I believe that I may have made a mistake in the previous post. I seem to remember a proposal which would have the peripherals negotiate a cypher on the fly when communicating, rather than the content producer being responsible for double encrypting. A pointer would be a big help here, though that does make better sense. In this scenereo, the publisher would encrypt for your drive (or system, or personal ID), and then the system would negotiate a symetrical cipher using a public key exchange; exactly how ssh works.

    Of course, the end result is the same. Content transmitted between devices across an IO bus or memory is always encrypted and never clear text.

    --Maynard

    Read The Proxies, a short crime thriller.
    [ Parent ]

    still doable (none / 0) (#133)
    by Colonol_Panic on Sat Dec 23, 2000 at 03:32:57 AM EST

    Despite the use of encryption, this is still possible to circumvent. Since it uses public-key cryptography, it is just as susceptible to the classic man-in-the-middle attack as any other public-key system. And gee, wasn't the latest version of dsniff just released that does exactly this? Now, that's not saying it wouldn't be a pain in the ass... but still doable.

    What you suggest depends on the MPAA hijacking the entire computer hardware industry, because there are too many points of weakness in this plan. I don't believe that even they are this powerful. Are there any plans in the works to put encryption in anything else besides hard drives? Because using encryption would be so inconvenient, so expensive, and with no benefit at all to anyone but the MPAA/RIAA... they would find themselves shitlisted by everyone in the computer industry (yes, Microsoft too) and all their customers. I'd pay to see that fight :)
    Here's my DeCSS mirror. Where's Yours?
    [ Parent ]

    PGP Disk ... (3.50 / 2) (#98)
    by Arkady on Thu Dec 21, 2000 at 11:32:42 PM EST

    You could, for example, use PGP Disk as your storage area.

    PGP's virtual disk is (as far as the filesystem and disk are concerned) merely one very large file containing a random slew of data. If you modified PGP disk to support this new "spec" in its virtual disk, you could just back up the disk file, give it to other folks or whatever.

    Good thinking there; that might well bypass the whole thingy ... ;-)

    Cheers,
    -robin

    Turning and turning in the widening gyre
    The falcon cannot hear the falconer;
    Things fall apart; the centre cannot hold;
    Mere Anarchy is loosed upon the world.


    [ Parent ]
    hd encryption (4.00 / 2) (#91)
    by kpeerless on Thu Dec 21, 2000 at 06:46:55 PM EST

    Simple. Don't buy one of these hard drives. They may be the 'industry standard' for IBM and the other wonks but there wiill for sure be companies that ignore them. It'll open up a whole new market for unencrypted HDs, MBs etc. It won't be long before the heat is on. Further... don't by ANYTHING from companies that support this bull shit. Just as you shouldn't be buying cds from RIAA members. There are a lot of garage bands out there that are every bit as good... better... than the ones that have done deals with the RIAA. We should be prepared to suffer a little pain now, rather than major pain later. Toughen up folks. If we're not compliant then our hardwear won't wind up being cotrolled by these fascists. A term, I might add, that seems to have gone out of fashion but not out of practice.

    Where the FUCK is Slashdot and Rob Malda here? (4.33 / 9) (#93)
    by maynard on Thu Dec 21, 2000 at 08:29:05 PM EST

    OK. Rusty, no offense to you -- this posting here on K5 is wonderful. But, frankly, K5 gets nothing like the readership of Slashdot. Where the FUCK is Slashdot on this issue? They've posted a story this morning on the new Serial ATA standard, without nary a peep about the new trusted ATA spec issue. At least someone posted a comment in the forum regarding the issue, but others posting in that forum, who had also submitted this story to Slashdot, have had it rejected for whatever reason. And not a peep from the Slashdot editors.

    This is one of the most important stories of the year. With the large readership of Slashdot it might be possible to get enough citizens voicing disapproval of the new standard to convince IBM and the other drive manufacturers against taking this step. K5 has a good S/N ratio among it's community, but little political pull from much smaller readership.

    Rob Malda, as a founder of Slashdot, one of the premier news sites of the technology community, you have a responsibility to publish this story! Where the fuck are you Taco? Publish this critical news!

    --Maynard

    Read The Proxies, a short crime thriller.

    Three possibilities... (3.50 / 2) (#108)
    by Cheerio Boy on Fri Dec 22, 2000 at 02:47:17 AM EST

    1) They missed that small part of the story and will probably either revise or Update the story later.

    2) They know about the issue and are planning on doing a "special" piece on it ala Jon Katz.

    3) Secret Corporate Cloning Pods (SCCPs) have been activated in their computer room replacing them with mindless news regurgitating "Happy Workers".

    My vote is:
    4) Inoshiro. ;-)

    [ Parent ]
    For the record (5.00 / 2) (#126)
    by Eloquence on Fri Dec 22, 2000 at 01:44:25 PM EST

    I've sent Rob the following mail:

    Subject: CPRM & Copyright

    Hi Rob,

    have you seen the coverage of CPRM on Kuro5hin? I encourage you to take a look:

    http://www.kuro5hin.org/?op=displaystory;sid=2000/12/20/161311/22

    CPRM=Content Protection for Recordable Media. Supposed to be in all new ATA harddisks by 2001. Also see coverage on The Reg.:

    http://www.theregister.co.uk/content/1/15620.html

    The subject is very important for the very future of copyright & digital content, and several summaries were submitted to Slashdot. It would be important to get the attention of the tech community at large to this before it's too late. However, to my knowledge, all submissions have been rejected. I don't want to be an annoyance, but would you care to explain why if you find the time?

    (If you're already running a longer story on this in the background feel free to ignore this mail. I don't care if you copy & paste your reply either.)

    All best, & merry christmas,
    Erik Moeller
    Editor, www.infoanarchy.org

    I'll post to this thread if I get a reply.
    --
    Copyright law is bad: infoAnarchy · Pleasure is good: Origins of Violence
    spread the word!
    [ Parent ]

    Reply from Rob (3.00 / 1) (#127)
    by Eloquence on Fri Dec 22, 2000 at 02:39:48 PM EST

    Rob just wrote: "We've been working on story." (OK, so you know it's really Rob ;-)
    --
    Copyright law is bad: infoAnarchy · Pleasure is good: Origins of Violence
    spread the word!
    [ Parent ]
    It's up now. Slashdot finally got the story up. (5.00 / 1) (#130)
    by maynard on Fri Dec 22, 2000 at 05:55:56 PM EST

    Timothy just posted an article on copy protection which issues which includes the story of Trused Hard Disks. So at least /. has finally recognized this story. --M

    Read The Proxies, a short crime thriller.
    [ Parent ]
    Were they bribed or threatened? (3.50 / 2) (#95)
    by weathervane on Thu Dec 21, 2000 at 10:14:38 PM EST

    Obviously there are still going to be non-compliant hard drives available for the near future, if only because of the corporate angle. The backup and RAID issues will mean that the new drives can't be introduced gradually. For a Fortune 500 company with tens of thousand of computers, this is going to take some time to digest. Longer than next summer.

    Like any cartel, there is going to be profit in being the guy who breaks the agreement. I don't think Tivo, etc. are in any danger of being put out of business anytime soon. There will continue to be a big market for non-enabled drives. Although it may not be an issue for them, since most TV is non-digital and won't have the encryption marks anyways.

    And where do they think the demand for bigger and better drives comes from anyways? I work on 2-3Gb drives most of the time and they're just fine. It's Napster and the like that are really driving the demand for big hard drives.

    It makes me wonder where the money is. What made these companies who so obviously are the main beneficiaries from the PTP fad decide to shoot themselves in the foot? Were they bribed or threatened?

    Or is there some slick salesman in the background selling these guys the next RDRAM? We can only hope it goes the way of brilliant IBM initatives like MCA and Warp.

    Never happen (3.75 / 4) (#100)
    by ennui on Thu Dec 21, 2000 at 11:44:19 PM EST

    First, there's such a huge glut of old hd's out there that if a 'copy protected' drive ever came out nobody would ever buy it (especially if it costs more) I don't care if it's 5000 times faster than ata-2. Second, if life did turn into a twilight zone episode and they were the only hard drives available, you can be sure that bios changes or physical modification to the drive would render whatever this scheme is null and void. Third, 99% of the time when a tech-oriented publication has "exclusive" information it's generally a polite way of saying they have interesting or scary bullshit.

    "You can get a lot more done with a kind word and a gun, than with a kind word alone." -- Al Capone
    Never say never... (4.00 / 1) (#118)
    by LocalH on Fri Dec 22, 2000 at 07:46:50 AM EST

    What about the new computers that all come with the new copy-protected HD's - you know the major manufacturers (where most non-technical ppl get their computers) will all be using them. And what if there is 'anti-hacking' hardware that disables the drive if everything isn't exactly right? And what if the drives are $5 more than existing, unrestricted hard drives.

    [ Parent ]
    Hope your PC doesn't crash and burn (5.00 / 2) (#114)
    by ScottW on Fri Dec 22, 2000 at 04:56:58 AM EST

    It also in its current form means you can throw disk defragmenting tools out. Dead, gone.
    This is going to be a big problem for support/repair techs, in more ways than one.

    You think being unable to defrag your drives is bad, try not being able to backup or recover your data.

    I work at my college's CS dept, and we sometimes get a mechine in thats so badly fuxered that we're lucky it will even boot. If we get a comp that is in that bad of shape, the only thing that can be done is what we not so affectionly call a "salvage run" (that is, we copy all the data we can off of it, either to our server, or, if we can't get the damaged PC to go on the network, to a spare hard drive).

    If its a HD failure, (common with many of the older PCs) we replace the HD and any other failed herdware. If its a software screw up, we nuke the drive (completely erase the drive, including removing the partition(s)). We then repartition and reformat the drive, reinstall the OS and other software, and restore the data, or, at least, the data that we were able to salvage.

    Content control devices are designed to control access to the content they're protecting. They make copying and other unauthorized access extermely difficult, if not impossable. Which means that since making a backup is a form of copying, don't be surprised if you can't back up your data, or at least the data that's protected by the copy protection on your hard drive.

    This means that even if the only thing wrong with your system is the software got so badly messed up that it won't boot (and it needs to be regened), you data is gone, there's no way to recover it, not even with a bootdisk with a mass file copy utility and a spare HD. Even if you religiously make backups, don't be suprised to find that the copy protected files can't be backed up.

    Wost part is its going to take people losing data left and right before nontechnical people start to realize why copy protection and content control scames are bad news, and by that time, we may be stuck with this crap unless we really start getting involved and educating people. The hardest part of that battle is getting people to listen, but its still inportaint to fight it, nonetheless.

    No one has said exactly what this means... (5.00 / 1) (#129)
    by joesolbrig on Fri Dec 22, 2000 at 05:45:33 PM EST

    This is obviously something that need more light shed on it -- coming right before Christmas, that is a challenge. But this is important enough that I suspect people will remain curious enough to keep interest high. (I wonder if /. is waiting till after Christmas to post on the topic).

    Anyway, my guess about how this system works is as follows:
    1) these CPRM Hard drives will remove "low level" interfaces such those used by defragmenters, imaging software and RAID controllers - quite a hit on the functionality of the harddrive (no more seek-to-sector reads or the seek-to-sector reads will limited in weird ways).

    2) these Hard drives will retain ordinary "high level" functionality such as is used by the OS - though even here, different drivers or something may be needed.

    3) A new facility (CPRM's api) will be created, for use by "trusted" applications and drives. This facility will allow protected material to be copied from one drive to another but without making the material available to the ordinary "high level" interface of the disk - or make it available in a limited way or something.
    - CPRM would be a format which could only be accessed, copied and so-forth using this seperate secure channel.

    The new facility would need new applications to access it. A user wouldn't have to run any new facility applications at all. But then the user wouldn't able to use all the "exciting new media" which would be published in this format.

    Things that would be screwed up immediately are:
    - as was mentioned; defragmentation software, RAID software, diskimaging software. I suspect that here, manufacturers don't realize how dependent corporations are on these programs (I couldn't do my job without diskimaging and I am a developer, not a systems configurer).

    Things that could be messed up if people were so foolish as to use or install the CPRM software.
    - backup software, any backup software - since CPRM would grant you a limited number of copies or pay-per-copy or something (who knows exactly how they would work it).
    - CPRM naturally would be used as copy-protection for various programs. But this would be as lousy as previous

    Things this wouldn't do
    - Protect any and all actual media. If someone broke the copy-format, then you could write the same data into a non-CPRM file and get full access to it.
    - prevent the copying of intellectual property. It would certainly increase efforts to get around schemes of this sort since these schemes will result in considerable inconveniance to end-users. Indeed, the most inconvenienced users would be corporate configuration specialists and not would-be pirates.
    - Shut down napster since napster distributes data that isn't in CPRM. Altogether this wouldn't be effective copy protection in itself. You wouldn't need to break the CPRM/encrypted facility to get at the content - the content would have to be unencrypted by any program that actually used the content. You can load such a program in a debugger and page - just as you don't need DCSS to copy DVDs.

    The point isn't ways to make the system unbreakable. It is more to make possession of the tools needed to break the system criminal using DMCA provisions. Indeed, this system is most likely designed specifically to "leverage" the DMCA. And, yes, this does imply a reign of repression comparable to Russia under Stalin and similar states. And naturally, considering this kind of baloney would actually make the day-to-day operations of corporations difficult, it remains to be seen whether such a regime could happen.

    ---So that's my general guess as to how this works. But it might be even dicer. Hopefully, a more complete explanation will be coming soon.









    ONLY ATA. (none / 0) (#134)
    by erotus on Sat Dec 23, 2000 at 06:24:31 PM EST

    From my understanding this is an ATA spec only therefore leaving SCSI as an unencumbered alternative. Most end-user's PCs have ATA drives. Since most businesses who are serious about their data use SCSI or RAID in their servers they'll be unaffected this new spec. Mostly home users are the ones downloading from napster and the like. Also, in most environments I've been in, client-server was the model and this means that data storage was done on the back end where SCSI hard drives were used. Maybe time to upgrade my box.

    On the other hand, how long will it be before this type of protection makes it into SCSI specs. Could it be possible that the new ATA spec is the testbed? Will they migrate this idea to all storage mediums? What about Jazz drives, Orb discs, or other removable discs of large capacity?

    What about filesystems in a file such as those used by VM's like VMware. Will these drives notice that you're storing mp3s in a virtual filesystem? If I'm running Linux and then in turn running FreeBSD in VMware how will the drive know I'm saving mp3s? I don't think it will. In otherwords, there is a level of abstraction that the drive can understand and see and anything beyond that is under your control.

    Furthermore, it will only be a matter of time before there is a workaround of some kind. Whether that workaround is software or hardware yet remains to be seen. A poster on slashdot named "The Monster" suggested that "Since the whole thing is based on the INT 13H interface, it seems to me that a kernel module (or a .DLL for the OS-challenged) can mediate between the application requesting "secure" storage and the drive allocating it." To read Monster's entire post go here.

    Finally, will all HD manufacturers jump on the bandwagon? All would have to or what would be the point? There will be a rebel among them who will see an opportunity to make money and sell "unencumbered drives." Also, there is no hard drive coalition like MPAA/RIAA. Nobody is forcing HD manufacturers to do this. To my knowledge, it will not be illegal to manufacture a hard drive without this fascist technology and since hard drives are not covered under the DMCA, nobody can stop a manufacturer from producing plain jane hard drives. However, if anyone knows otherwise, please post your comments. We need as much information about this as humanly possible if we intend to keep our fair use rights.

    I doubt if this will really happen, but if it does (4.00 / 1) (#135)
    by oobeist on Sat Dec 23, 2000 at 10:08:41 PM EST

    I doubt if this will really happen, but if it does, expect for it to cause one hell of a mess. And that will probably have the unintended side effect of radicalizing a huge number of currently law-abiding computer users, and cutting seriously into sales of new hardware and software.. Honestly, I believe that a move like this, innocuous as it seems, could trigger a recession in the technology sector, a substantial one. And a considerable political backlash. Its obviously bad technology and it won't fly.. (and of course, it probably wouldnt even deter the hard core crackers from doing whatever they want to do...)

    One *positive* side effect of this.. obviously, would be that it would be a boon to Linux and other open-source OS's. But I think the side effects on the (global?) economy as a whole would outweigh that benefit..

    If they do go through with it...ten years from now..I bet it will be looked back upon as the biggest mistake the American computer industry ever made.. Kind of like the fatal flaw.. The unmasking of the greed.. Not unlike Clinton's little tete-a-tete with Monica and I really mean the way he handled it afterward.. If only the idiots realized that there is a universal truth about computers and the Internet that is not going to go back into the box.. Its a cliche.. yes.. but..it's bigger than all of us, even these mega-corporations.

    "Information wants to be free"

    There's a global competition going on between those who would have all of us work under the yoke of artificially contrived scarcity, and those who would share and let the wealth multiply for all. They also (unfortunately) don't realize how *fragile* the nets of interrelationships that have propelled them to their positions of global dominance could easily prove to be.

    It really scares me, because the survival of what has been a trend towards things getting better for everybody through the use of technology, could be reversed by throwbacks like this..

    So again.. my *hunch* is that influential people.. even corporations will realize the stupidity of making a technology as flawed as this mandatory and back off.. If they don't, they will only have themselves to blame for the probable consequences..

    Of course.. it wont be only corporations that will suffer, though.. I think a lot of real people will. And not just because their stock will decline..

    Is more of this what we have to expect for the next four years? I hope not.

    Journalistic Integrity (5.00 / 1) (#136)
    by mad-ness on Sun Dec 24, 2000 at 07:19:11 PM EST

    Did you stop to consider the fact that /. might be waiting for a second source to report on this subject before reporting on it? This is an important and highly flammable (pun intended) issue. I know that if I had the readership and influence that /. did I would be very hesitant to post something on this subject with no one but the Register to site as a source. I like the Register, I do. They have an amazing ability to dig up dirt on tech companies long before anyone else. They also have quite a few stories that are eventually shown to be inaccurate. Has anyone here seen a site posting about this subject that has their OWN sources/evidence/etc and not just that linked to or from the Register? I would like to get a second opinion before I get worked up over this (though I must admit I can't really stop myself from getting riled up already). ;)

    Insert witty signature here.
    Second Source. . . (5.00 / 1) (#137)
    by abdera on Tue Dec 26, 2000 at 12:15:52 PM EST

    How's this? A proposal authored by IBM submitted to the T13 technical committee, referenced from the T13 homepage. It certainly does appear that the wheels are moving on this one, whether it is headed for reality or not.

    I personally don't see this being a BFD in the near future. Now, if it becomes so intrenched that it migrates to CDs and DVDs, then it may have a significant impact on consumers. Until then, folks will simply encode unencrypted CDs into non-SDMI-compliant format and redistribute along the usual means. The only fear I have is that CPRM might actually fly on ATA (with the support of the fine US government,) and work its way onto other media types. How many sysadmins are willing to bet that SCSI is not targetted as the next standard to be extended with CPRM?

    ftp://fission.dt.wdc.com/pub/standards/x3t13/technical/e00148r2.pdf

    #224 [deft-:deft@98A9C369.ipt.aol.com] at least i don't go on aol
    [ Parent ]

    All HDDs May Have Content Protection Built-In by Summer 2001 | 139 comments (134 topical, 5 editorial, 0 hidden)
    Display: Sort:

    kuro5hin.org

    [XML]
    All trademarks and copyrights on this page are owned by their respective companies. The Rest © 2000 - Present Kuro5hin.org Inc.
    See our legalese page for copyright policies. Please also read our Privacy Policy.
    Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
    Need some help? Email help@kuro5hin.org.
    My heart's the long stairs.

    Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!