Regulation begets Regulation

by on August 6, 2008 · 17 comments

Ryan does a great job of laying out the issues with the MPAA’s SOC waiver request. He makes two key points—that the FCC shouldn’t be telling cable companies what to do with their networks, and copyright law shouldn’t give the MPAA veto power over the design of technological devices. Ryan spends most of his time arguing the first point, but I think the second point is the really important one.

The thing to understand about DRM is that it’s less a encryption technology than (as Ed Felten puts it) a hook on which to hang lawsuits. Every DRM standard of any significance has been broken within months of its release. Without the DMCA on the books, many consumer electronics manufacturers would simply ignore DRM, reverse-engineering the relevant standards and producing devices that accept DRMed content and convert it to open formats. Knowing that this would happen, Hollywood would long since have given up trying to produce the kind of end-to-end DRM that’s at issue in these proceedings.

Which means that the existence of the cable industry’s Selectable Output Control powers is almost entirely a consequence of bad government policy. In a free market, I’d be able to go down to my local Best Buy and purchase $50 box that would take an HDCP input and output the content in a variety of non-encrypted formats. Such a box is unavailable only because Congress—at the behest of the MPAA—made producing it a felony. That, not anything the FCC has done, is the fundamental issue in this controversy.

Now, it makes me uncomfortable to have the FCC dictate how the cable industry runs its network. But I think the fundamental point that needs to be emphasized is that regulation begets regulation. That is, given that the DMCA has screwed up the consumer electronics industry, it’s not surprising that a lot of people want the FCC to step in to minimize the damage. The solution is to repeal the DMCA and let the free market work. But until that happens, I’m not going to get too outraged at Public Knowledge for asking the FCC to prevent the MPAA from abusing its government-granted veto power over the design of consumer electronics devices. I don’t agree with their solution, but I think their heart is in the right place.

  • Ryan Radia

    You make an excellent point and I certainly sympathize with Public Knowledge’s case against SOC. But while the DMCA has indeed screwed up the consumer electronics industry, it’s unclear how things would change were Section 1201 of the Copyright Act repealed.

    CSS, FairPlay, AACS, and many other DRM standards have been cracked wide open, but perhaps content owners would come up with more robust DRM in a world without government protection against reverse engineers. Hackers will always be a step ahead, and thus so will the determined user with some technical competence. However, considering DRM technologies like HDCP key revocation and “Phone-Home DRM”, I think it might be possible for content owners to conceivably design DRM that cannot be circumvented in a manner that would make it easy for third parties to come up with a $50 box capable of circumventing it. And I am not so sure that Hollywood would simply “give up” end-to-end DRM.

  • Ryan Radia

    You make an excellent point and I certainly sympathize with Public Knowledge’s case against SOC. But while the DMCA has indeed screwed up the consumer electronics industry, it’s unclear how things would change were Section 1201 of the Copyright Act repealed.

    CSS, FairPlay, AACS, and many other DRM standards have been cracked wide open, but perhaps content owners would come up with more robust DRM in a world without government protection against reverse engineers. Hackers will always be a step ahead, and thus so will the determined user with some technical competence. However, considering DRM technologies like HDCP key revocation and “Phone-Home DRM”, I think it might be possible for content owners to conceivably design DRM that cannot be circumvented in a manner that would make it easy for third parties to come up with a $50 box capable of circumventing it. And I am not so sure that Hollywood would simply “give up” end-to-end DRM.

  • http://www.codemonkeyramblings.com MikeT

    There is a rule of law issue at play here. As you observed earlier, people have become less inclined to obey the law at all anymore. It is no surprise that this should happen when you have a law that is blatantly for the benefit of one group at the expense of another, and a collapsing industry that refuses to change because it would rather spend its last gasps of breath on bloviating about “its rights.”

    The MPAA was lucky this summer because some damn good movies came out, but in this weakening economy, movies are a rip off. Money spent on video games provides a much higher bang for the buck; Gears of War II and Too Human will be as stunning and theatrical as any movie, but will provide 10-20 of hours of entertainment in story mode each for $60 new. A new DVD at most retailers will set you back $20-$30 and give you 1.5-2 hours of entertainment.

    The fat lady is warming up for her concert…

  • http://www.codemonkeyramblings.com MikeT

    There is a rule of law issue at play here. As you observed earlier, people have become less inclined to obey the law at all anymore. It is no surprise that this should happen when you have a law that is blatantly for the benefit of one group at the expense of another, and a collapsing industry that refuses to change because it would rather spend its last gasps of breath on bloviating about “its rights.”

    The MPAA was lucky this summer because some damn good movies came out, but in this weakening economy, movies are a rip off. Money spent on video games provides a much higher bang for the buck; Gears of War II and Too Human will be as stunning and theatrical as any movie, but will provide 10-20 of hours of entertainment in story mode each for $60 new. A new DVD at most retailers will set you back $20-$30 and give you 1.5-2 hours of entertainment.

    The fat lady is warming up for her concert…

  • Tim Lee

    However, considering DRM technologies like HDCP key revocation and “Phone-Home DRM”, I think it might be possible for content owners to conceivably design DRM that cannot be circumvented in a manner that would make it easy for third parties to come up with a $50 box capable of circumventing it.

    Ryan, what DRM is trying to do is fundamentally impossible from a technological point of view. Bruce Schneier’s classic exposition of the point is as good as anything I can write. The basic problem is that an uncopyable bit is a logical impossibility. In order to let you play a given piece of content, Hollywood has to transmit to you the content and the encryption keys necessary to unscramble the content. And on a general-purpose computer, at least, it will always be possible to intercept the encryption keys while they’re sitting in memory.

    All DRM vendors can do, then, is obfuscate things so that it requires a lot of work to untangle how the crypto works and where the keys are stored. But this just slows hackers down, it doesn’t stop them. And once one hacker figures out how it works, it becomes extremely easy to publish those details and allow everyone else to circumvent as well.

    To repeat Felten’s point, HDCP (and by extension, DRM in general) is not an encryption technology so much as a hook on which to hang lawsuits. DRM is about controlling the consumer electronics industry, not about stopping piracy. The DMCA gives Hollywood the power to stop disruptive innovation. This isn’t an unfortunate side-effect of the DMCA, it’s the primary purpose. I highly recommend Fred Von Lohmann’s talk, “What is DRM Good For?” on this subject.

    On the specific question of HDCP, the link encryption approach mandated by HDCP is extremely burdensome for CE manufacturers, both because it makes the hardware more expensive to produce, and because it makes testing and support a lot more difficult. So even CE vendors that didn’t care a bit about fair use or time-shifting might decide to crack HDCP simply as a cost-saving and complexity-reduction measure. And knowing they couldn’t stop this, Hollywood would simply have a lot less leverage.

    Moreover, because it’s so widely used, it would be extraordinarily difficult to patch up once broken. When dozens of vendors are implementing a DRM standard over a period of years, there’s going to be a ton of collateral damage from any kind of key revocation effort, with thousands of totally innocent devices getting needlessly busted. I’m pretty sure that Hollywood hasn’t pulled the trigger on AACS key revocation. The outcry as a bunch of consumers’ DVD players stopped working (or had to be plugged into ethernet networks to start working again) would be too great.

  • Tim Lee

    However, considering DRM technologies like HDCP key revocation and “Phone-Home DRM”, I think it might be possible for content owners to conceivably design DRM that cannot be circumvented in a manner that would make it easy for third parties to come up with a $50 box capable of circumventing it.

    Ryan, what DRM is trying to do is fundamentally impossible from a technological point of view. Bruce Schneier’s classic exposition of the point is as good as anything I can write. The basic problem is that an uncopyable bit is a logical impossibility. In order to let you play a given piece of content, Hollywood has to transmit to you the content and the encryption keys necessary to unscramble the content. And on a general-purpose computer, at least, it will always be possible to intercept the encryption keys while they’re sitting in memory.

    All DRM vendors can do, then, is obfuscate things so that it requires a lot of work to untangle how the crypto works and where the keys are stored. But this just slows hackers down, it doesn’t stop them. And once one hacker figures out how it works, it becomes extremely easy to publish those details and allow everyone else to circumvent as well.

    To repeat Felten’s point, HDCP (and by extension, DRM in general) is not an encryption technology so much as a hook on which to hang lawsuits. DRM is about controlling the consumer electronics industry, not about stopping piracy. The DMCA gives Hollywood the power to stop disruptive innovation. This isn’t an unfortunate side-effect of the DMCA, it’s the primary purpose. I highly recommend Fred Von Lohmann’s talk, “What is DRM Good For?” on this subject.

    On the specific question of HDCP, the link encryption approach mandated by HDCP is extremely burdensome for CE manufacturers, both because it makes the hardware more expensive to produce, and because it makes testing and support a lot more difficult. So even CE vendors that didn’t care a bit about fair use or time-shifting might decide to crack HDCP simply as a cost-saving and complexity-reduction measure. And knowing they couldn’t stop this, Hollywood would simply have a lot less leverage.

    Moreover, because it’s so widely used, it would be extraordinarily difficult to patch up once broken. When dozens of vendors are implementing a DRM standard over a period of years, there’s going to be a ton of collateral damage from any kind of key revocation effort, with thousands of totally innocent devices getting needlessly busted. I’m pretty sure that Hollywood hasn’t pulled the trigger on AACS key revocation. The outcry as a bunch of consumers’ DVD players stopped working (or had to be plugged into ethernet networks to start working again) would be too great.

  • http://felter.org/ Wes Felter

    I think AACS LA is revoking keys every 90 days (they get cracked much faster than that, but IIRC the contracts don’t allow anything more rapid). However, they are only revoking software players and the player vendors just issue updates containing new keys.

    http://www.aacsla.com/news/

    Even if they decided to revoke standalone players it wouldn’t affect non-pirates because each individual player has different keys.

  • Tim Lee

    Wes: Thanks, that’s very interesting. I hadn’t realized they’d started doing this.

  • http://felter.org/ Wes Felter

    I think AACS LA is revoking keys every 90 days (they get cracked much faster than that, but IIRC the contracts don’t allow anything more rapid). However, they are only revoking software players and the player vendors just issue updates containing new keys.

    http://www.aacsla.com/news/

    Even if they decided to revoke standalone players it wouldn’t affect non-pirates because each individual player has different keys.

  • Tim Lee

    Wes: Thanks, that’s very interesting. I hadn’t realized they’d started doing this.

  • Self Appointed Genius

    Add in: all DRM schemes to date were cracked by independent programmers. Let’s suppose we lost the DMCA, and Creative realized they could legally reverse engineer FairPlay, and port all iTunes Store content to their Zen devices.

    They would have a very strong incentive to do this.

    But that doesn’t mean they would. We’ve seen plenty of instances in which tech companies cave to content industry demands.

  • Tim Lee

    SAG: They cave partly because they know they can get frozen out of the market if they hold out. Without the DMCA, the content industry has a lot less leverage.

  • Self Appointed Genius

    Add in: all DRM schemes to date were cracked by independent programmers. Let’s suppose we lost the DMCA, and Creative realized they could legally reverse engineer FairPlay, and port all iTunes Store content to their Zen devices.

    They would have a very strong incentive to do this.

    But that doesn’t mean they would. We’ve seen plenty of instances in which tech companies cave to content industry demands.

  • Tim Lee

    SAG: They cave partly because they know they can get frozen out of the market if they hold out. Without the DMCA, the content industry has a lot less leverage.

  • Pingback: nono hair removal amazon.ca

  • Pingback: nono hair removal bikini

  • Pingback: Visit Website

Previous post:

Next post: