Embed Doc
Copy Link
Readcast
Collections

CommentGo Back

Download

DRM Talk for Hewlett-Packard ResearchCorvalis, OregonCory DoctorowEuropean Affairs Coordinator, Electronic Frontier Foundationwww.eff.orgdoctorow@craphound.com9/28/5--This text is dedicated to the public domain, using a CreativeCommons public domain dedication:> Copyright-Only Dedication (based on United States law)>> The person or persons who have associated their work with this> document (the "Dedicator") hereby dedicate the entire copyright> in the work of authorship identified below (the "Work") to the> public domain.>> Dedicator makes this dedication for the benefit of the public at> large and to the detriment of Dedicator's heirs and successors.> Dedicator intends this dedication to be an overt act of> relinquishment in perpetuity of all present and future rights> under copyright law, whether vested or contingent, in the Work.> Dedicator understands that such relinquishment of all rights> includes the relinquishment of all rights to enforce (by lawsuit> or otherwise) those copyrights in the Work.>> Dedicator recognizes that, once placed in the public domain, the> Work may be freely reproduced, distributed, transmitted, used,> modified, built upon, or otherwise exploited by anyone for any> purpose, commercial or non-commercial, and in any way, including> by methods that have not yet been invented or conceived.--Note: this essay is derived from notes for an invited talk to HPResearch on DRM. The talk was not delivered verbatim, nevertheless,this is a good feel for what I said that day. For the text of anearlier talk on this subject delivered to Microsoft Research, seehttp://craphound.com/msftdrm.txt .The canonical version of this talk live athttp://craphound.com/hpdrm.txt .Alternate html version here (thanks, Branko Collin!):http://www.xs4all.nl/~collin/test/hpdrm.html--

I work for the Electronic Frontier Foundation, a member-supportedcharitable organization that works to uphold the public interest intechnology law, policy and standards. For nearly four years, I'vespent my time attending DRM standards meetings, consortia, and treatymeetings at the United Nations. In that time, again and again, I'veseen tech giants like HP take suicidal measures to voluntarily crippletheir products to make them more palatable to a few entertainmentcompanies, even though this measure makes them less palatable tovirtually all of your paying customers.Nothing epitomized this more than Carly Florina's inaugural CESaddress in which she promised to put DRM in every HP product. Readingthat in my office in San Francisco (I live in London now), I thought,well, hell, I guess I'm not buying any more HP products. I'm prettysure I'm not the only one.I've had innumerable conversations with engineers, lawyers and execsabout DRM, but it's rare that I get the chance to systematicallyexplain how DRM fails as a technology, as a moral proposition, and asa commercial initiative. I'm grateful that HP has given me that chancetoday. I'm looking forward to your questions after my talk.Now, onto the talk, in which I will try to address the security, moraland commercial aspects of DRM.THREAT MODELSThere is no such thing as "security" in the abstract. You can't bemade "secure." You can only be made "secure" *against a specificattack*. All security discussions must begin with an analysis of athreat and a proceed to address that threat with countermeasures.In discussions of DRM, radically different threat-models are usuallyconflated to sow confusion and to disguise the implausibility of DRM.In the paper at hand (as in many other cases), privacy-protection isconflated with use-restriction. But these have totally differentthreat-models:* PrivacyIn privacy scenarios, there is a sender, a receiver and an attacker.For example, you want to send your credit-card to an online store. Anattacker wants to capture the number. Your security here concernsitself with protecting the integrity and secrecy of a message intransit. It makes no attempt to restrict the disposition of yourcredit-card number after it is received by the store.* Use-restrictionIn DRM use-restriction scenarios, there is only a sender and anattacker, *who is also the intended recipient of the message*. Itransmit a song to you so that you can listen to it, but try to stopyou from copying it. This requires that your terminal obey mycommands, even when you want it to obey *your* commands.Understood this way, use-restriction and privacy are antithetical. Asis often the case in security, increasing the security on one axisweakens the security on another. A terminal that is capable of being

remotely controlled by a third party who is adversarial to its owneris a terminal that is capable of betraying its owner's privacy innumerous ways without the owner's consent or knowledge. A terminalthat can *never* be used to override its owner's wishes is bydefinition a terminal that is better at protecting its owner'sprivacy.THE DRM THREAT MODELThe threat model for DRM is that an unscrupulous user will be able todownload an asset for free from the Internet instead of going througha conditional access billing gateway. Additionally, DRM seeks to giverightsholders the ability to restrict the use of assets after receiptto enforce restrictions that are not related to copyright (e.g. remoteviewing, region-control).A service operator can ensure that 100 percent of the assets behindher conditional access system are wrapped with DRM, which means thateveryone who uses the system will receive media that is locked withDRM. The system fails not when the DRM is cracked, but when a usergains access to a non-DRM file, or when a user does not pay foraccess.Every file that is locked with DRM inside a conditional access systemis also available on the public Internet without DRM. In order for DRMto be effective, a user must first freely choose to acquire the DRMversion over the non-DRM version.The presence of DRM *cannot* entice a user to make use of theconditional access system to acquire his media. Indeed, DRM acts as adisincentive (there is no user who woke up this morning crying out fora way to do less with her music). Where users buy DRM-locked files, itis *in spite of* the DRM, or in ignorance of the DRM, but never*because* of the DRM.A familiar refrain from rightsholders is that "you can't compete withfree." It is certainly true that when your costly product is inferior(because of use-restrictions) to the free alternative, it will be hardto compete with free.In the DRM world, security is breached so long as there is any personwith the wherewithal to make a cleartext copy of an asset and put iton the Internet. In practice, this happens with amazing swiftness. BigChampagne, a company that monitors P2P networks, says that iTunes-onlytracks (e.g. assets that are only released within DRM wrappers)typically appear on P2P networks less than three minutes after theyare released to the iTunes Music Store.To succeed in an attack against a DRM system, a user need not know howto break DRM, she only needs to know how to search Google or anothergeneral-purpose search tool for a copy that someone else has alreadyrendered in the clear.THE DRM FOR PRIVACY THREAT MODELThe privacy threat model generally revolves around accidentaldisclosure and subsequent publicity. A common example of privacybreach is an unscrupulous hospital worker who discloses the identities

of 00

EFF: hpdrm

Download or Print

907 Reads

Info and Rating

Category:	Uncategorized.
Rating:
Upload Date:	01/28/2008
Copyright:	Attribution Non-commercial
Tags:	copyright culture legal law eff electronicfrontierfoundation advocacy eff.org copyright culture legal law eff electronicfrontierfoundation advocacy eff.org (fewer)