Complete Control?

by on March 9, 2006 · 22 comments

I think Jim DeLong underestimates the magnitude of the DRM challenge. He links to this article, about a new service called MovieBeam:

[I]s selling a $200 digital gadget prestocked with 100 movies–some in high definition–that you can rent at the click of a remote-control button for as little as $1.99. There’s no drive to the video store, no chance of a movie being out of stock, no monthly fee, no waiting for the mail. . . . The MovieBeam service doesn’t require a computer or Internet connection, and it operates independently of your cable or satellite provider. The MovieBeam box, which looks like a slim DVD player without a slot for DVDs, is basically a smart hard disk drive that connects to your TV and receives new films every week via a small, inconspicuous indoor antenna.

Why is this significant? DeLong tells us:

it gives content significant leverage on piracy issues, vis-a-vis both ISPs and consumer electronics manufacturers. If piracy continues untrammeled, and the ISPs and the CE companies do not help, then the creators have the option of pulling back and distributing products solely through tightly tethered devices, which will certainly have DRM considerably harder than that that now protects DVDs.

Would this be done lightly? Of course not. The content industry does not want to obsolete millions of DVD players. But if movie piracy gets totally out of hand as broadband expands, and if other efforts to address it are stalled, what choice would there be? There would be no incentive to protect a DVD industry in which each movie sold one copy which was then replicated infinitely.

Let’s assume for the sake of argument that the MovieBeam device itself is hackproof. (It would be the first maintream consumer device in history to be unhackable) They still need a way to play the content. The MovieBeam device doesn’t have a screen. How will it do that? Adam Thierer gives us the answer:

Disney was the lead developer of this technology and has made sure it is a secure end-to-end connection. In particular, you find this in the fineprint of the website: “To watch High Definition (HD) movies, you need a high-definition television (HDTV) with an HDMI [High Definition Multimedia Interface] connection.”

That is crucial. Once you move people over to systems like this–and next generation high-def DVDs as well–you can PERFECTLY control the flow and use of content over the end-pipe. HDMI allows the content distributors to confirm a “digital handshake” with other devices in the user’s home and confirm that each device in the chain is HDCP-compliant (High-Definition Content Protection).

That’s true if we assume that no one reverse-engineers an HDCP device and figures out how to fake the handshake. But that’s not a reasonable assumption. Indeed, people have already discovered flaws in the HDCP protocol:

HDCP is fatally flawed. My results show that an experienced IT person can recover the HDCP master key in about 2 weeks using four computers and 50 HDCP displays. Once you know the master key, you can decrypt any movie, impersonate any HDCP device, and even create new HDCP devices that will work with the ‘official’ ones. This is really, really bad news for a security system. If this master key is ever published, HDCP will provide no protection whatsoever. The flaws in HDCP are not hard to find. As I like to say: ‘I was just reading it and it broke.’

The more fundamental problem is that even if Hollywood found a solution to this problem (say they started selling their own lines of proprietary TVs with MovieBeam built right in) it won’t do any good unless they stop selling movies in any format that interfaces with legacy hardware–and in this context, “legacy hardware” means every TV currently in existence. Because if they release a movie simultaneously via MovieBeam and (say) Blu-Ray, and Blu-Ray interfaces with HDCP, then the HDCP hack will be used to decode the Blu-Ray content and upload it to peer-to-peer sites.

For that matter, there are other leaks they’re unlikely to plug: often content shows up on peer-to-peer sites before it’s released to the public, placed there by Hollywood insiders who have access to the unencrypted content. That’s a social problem, not a technological one, and it’s not one they’re likely to solve.

And, as DeLong points out, it only takes one hacked device for the content to get released to peer-to-peer networks and replicated indefinitely.

So Hollywood is doomed, right? I don’t think so. I wonder if the movie industry has considered the possibility that most of their customers are not crooks. Maybe most customers will voluntarily pay for the legitimate content even if the same content is available online–either because it’s the right thing to do, or because it’s more convenient. And given that DRM has repeatedly failed, and looks no more likely to succeed in the future, perhaps it’s time to throw in the towel. All DRM accomplishes is to inconvenience paying customers.

  • George F.

    The problem of competing with ‘stolen’ is only a problem if your customers view you as a crook. If they do feel like they are getting ripped off everytime they enter into a transaction with you, its easy for them to justify reciprocating.

    I.e., if I think the recording industry has a habit of ripping me off by charging $20 for a 15-song CD with only 2 good songs on it, then I might not feel so bad about sticking it right back to them by finding free copies online. The answer here is to set a price which is irresistible. There are lots of studies showing optimal pricing for music results in increased sales, even in the face of free, illegal alternatives.

    Similarly, if I think the recording industry is sticking it to me by selling me DRM’d songs that I can only play on 3 devices over my entire lifetime, I might be inclined to break the DRM myself or simply go back to the p2p systems for alternate copies of songs that I’ve legally purchased.

    The solution in both cases is to treat your customers with respect and fairness. As the last decade has shown, copyright is a voluntary system. If the masses view it as oppressive, they’ll simply toss it and go about their business.

  • George F.

    The problem of competing with ‘stolen’ is only a problem if your customers view you as a crook. If they do feel like they are getting ripped off everytime they enter into a transaction with you, its easy for them to justify reciprocating.

    I.e., if I think the recording industry has a habit of ripping me off by charging $20 for a 15-song CD with only 2 good songs on it, then I might not feel so bad about sticking it right back to them by finding free copies online. The answer here is to set a price which is irresistible. There are lots of studies showing optimal pricing for music results in increased sales, even in the face of free, illegal alternatives.

    Similarly, if I think the recording industry is sticking it to me by selling me DRM’d songs that I can only play on 3 devices over my entire lifetime, I might be inclined to break the DRM myself or simply go back to the p2p systems for alternate copies of songs that I’ve legally purchased.

    The solution in both cases is to treat your customers with respect and fairness. As the last decade has shown, copyright is a voluntary system. If the masses view it as oppressive, they’ll simply toss it and go about their business.

  • http://www.blindmindseye.com MikeT

    George,

    You can tell iTunes to deactivate all of your previous activations so you can start over. I’ve done that before quite successfully. It’s actually a standard feature in the software.

    Tim,

    What do you expect from DeLong? He’s extremely opinionated about a technical subject that he has not yet shown any credentials for having an opinion on. If Linus Torvalds and Don Knuth both told him that DRM was impractical, he’d still think that he was right. In fact he’d probably find some excuse to sneer at them as being nothing more than cynical computer nerds.

  • http://www.blindmindseye.com MikeT

    George,

    You can tell iTunes to deactivate all of your previous activations so you can start over. I’ve done that before quite successfully. It’s actually a standard feature in the software.

    Tim,

    What do you expect from DeLong? He’s extremely opinionated about a technical subject that he has not yet shown any credentials for having an opinion on. If Linus Torvalds and Don Knuth both told him that DRM was impractical, he’d still think that he was right. In fact he’d probably find some excuse to sneer at them as being nothing more than cynical computer nerds.

  • http://www.blindmindseye.com MikeT

    DeLong also can’t admit that P2P piracy has three big hurdles:

    1) The movies distributed on it are almost never synced as well as DVDs (majorly annoying to anyone except a highschool or college student) and are often not even close to DVD quality

    2) Broadband providers do not like providing meaningful upload capabilities.

    3) Even if Blueray disks are cut down by 70%, that’s still several GB of data that must be uploaded over a very weak upstream connection. Each generation of movies gets significantly bigger, and compression can only do so much to cut that back without making the movie not worth watching at all.

    Even at 1-2mpbs of upstream bandwidth, the movies would take forever to upload. Hello James, downstream bandwidth only means anything when there is enough upstream bandwidth to feed it, and the average broadband service doesn’t even come close. Once movies reach the threshold where they can only be compressed down to about 10GB without losing all of their quality, the P2P problem will resolve itself. Broadband providers are never going to provide large amounts of upstream bandwidth because that’s incredibly expensive and for the telecoms, it also cuts into their other products like dedicated T1 and T3 lines.

  • http://www.blindmindseye.com MikeT

    DeLong also can’t admit that P2P piracy has three big hurdles:

    1) The movies distributed on it are almost never synced as well as DVDs (majorly annoying to anyone except a highschool or college student) and are often not even close to DVD quality

    2) Broadband providers do not like providing meaningful upload capabilities.

    3) Even if Blueray disks are cut down by 70%, that’s still several GB of data that must be uploaded over a very weak upstream connection. Each generation of movies gets significantly bigger, and compression can only do so much to cut that back without making the movie not worth watching at all.

    Even at 1-2mpbs of upstream bandwidth, the movies would take forever to upload. Hello James, downstream bandwidth only means anything when there is enough upstream bandwidth to feed it, and the average broadband service doesn’t even come close. Once movies reach the threshold where they can only be compressed down to about 10GB without losing all of their quality, the P2P problem will resolve itself. Broadband providers are never going to provide large amounts of upstream bandwidth because that’s incredibly expensive and for the telecoms, it also cuts into their other products like dedicated T1 and T3 lines.

  • http://www.techliberation.com/ Tim

    Well, I certainly hope that current broadband speeds aren’t the end of the road. I fully expect to get a gigabit pipe into my home within a generation. So far, bandwidth constraints have prevented widespread use of P2P for movies, but I think that’s a temporary hiccup.

  • http://www.techliberation.com/ Tim

    Well, I certainly hope that current broadband speeds aren’t the end of the road. I fully expect to get a gigabit pipe into my home within a generation. So far, bandwidth constraints have prevented widespread use of P2P for movies, but I think that’s a temporary hiccup.

  • http://www.blindmindseye.com MikeT

    For the foreseeable future, and I mean for quite some time, it’s unlike that they’re going to offer such great broadband. They have to have a good reason to lease the dedicated lines, and for most small businesses, a gigabit of bandwidth on a cable connection would leave no reason to lease a T3 for the reliability since the cost savings would be dramatic. As for me, I’d much rather pay $60-$70 a month for real 5mbps/1mbps broadband than pay $15-$20 a month for glorified dialup with reliability problems.

  • http://www.blindmindseye.com MikeT

    For the foreseeable future, and I mean for quite some time, it’s unlike that they’re going to offer such great broadband. They have to have a good reason to lease the dedicated lines, and for most small businesses, a gigabit of bandwidth on a cable connection would leave no reason to lease a T3 for the reliability since the cost savings would be dramatic. As for me, I’d much rather pay $60-$70 a month for real 5mbps/1mbps broadband than pay $15-$20 a month for glorified dialup with reliability problems.

  • V

    1. We still have no sympathy. Stolen copies of data don’t amount to “loss,” they amount to less profit that could be earned IF the stolen copies were paid for instead. This is a social/marketing issue, and will not be solved by a technical solution.

    2. All technical solutions can be broken. The DMCA is a hollow, unenforceable shell that serves no purpose without excessive (and illegal) monitoring. No revise is impossible to reverse engineer. No program comes without bugs. I’m not a programmer, I’m the first to admit I have a limited understanding of computer security, but I do know how many update patches most software needs.

    3. The MPAA/RIAA/others have a choice. They can waste money on DRM, which will never work, or they can try to adjust pricing (as George said) which might up their profits, which is their real goal.

  • V

    1. We still have no sympathy. Stolen copies of data don’t amount to “loss,” they amount to less profit that could be earned IF the stolen copies were paid for instead. This is a social/marketing issue, and will not be solved by a technical solution.

    2. All technical solutions can be broken. The DMCA is a hollow, unenforceable shell that serves no purpose without excessive (and illegal) monitoring. No revise is impossible to reverse engineer. No program comes without bugs. I’m not a programmer, I’m the first to admit I have a limited understanding of computer security, but I do know how many update patches most software needs.

    3. The MPAA/RIAA/others have a choice. They can waste money on DRM, which will never work, or they can try to adjust pricing (as George said) which might up their profits, which is their real goal.

  • http://www.freedom-to-tinker.com Ed Felten

    I guess DeLong didn’t read the rest of the Wikipedia entry he quotes. It gives a pretty clear picture of HDCP’s security woes: “researchers demonstrated fatal flaws in HDCP for the first time in 2001 …” It even points to commercial devices that strip HDCP protection off of video signals.

  • http://www.freedom-to-tinker.com Ed Felten

    I guess DeLong didn’t read the rest of the Wikipedia entry he quotes. It gives a pretty clear picture of HDCP’s security woes: “researchers demonstrated fatal flaws in HDCP for the first time in 2001 …” It even points to commercial devices that strip HDCP protection off of video signals.

  • http://www.commonsmusic.com/blog Commons Music

    Tim:

    “So far, bandwidth constraints have prevented widespread use of P2P for movies…”

    They have?

  • http://www.commonsmusic.com/blog Commons Music

    Tim:

    “So far, bandwidth constraints have prevented widespread use of P2P for movies…”

    They have?

  • http://www.techliberation.com/ Tim

    “Widespread” is a matter of perspective, I guess. I think that for the most part, movie downloading is still restricted to college kids with too much bandwidth and too much free time. But I could be wrong, as I don’t exactly have my finger on the pulse of the latest P2P trends.

  • http://www.techliberation.com/ Tim

    “Widespread” is a matter of perspective, I guess. I think that for the most part, movie downloading is still restricted to college kids with too much bandwidth and too much free time. But I could be wrong, as I don’t exactly have my finger on the pulse of the latest P2P trends.

  • http://http:/0zu.tw/ short url

    e09905dcf7d2 Good work short url short url

  • short url

    e09905dcf7d2 Good work short url short url

  • http://www.abc-acupuncture.com/baxqorav tramadol

    81e31de21f46 Hi tramadol tramadol

  • http://www.abc-acupuncture.com/baxqorav tramadol

    81e31de21f46 Hi tramadol tramadol

Previous post:

Next post: