Complete Control?

by on March 9, 2006

I think Jim DeLong underestimates the magnitude of the DRM challenge. He links to this article, about a new service called MovieBeam:

[I]s selling a $200 digital gadget prestocked with 100 movies–some in high definition–that you can rent at the click of a remote-control button for as little as $1.99. There’s no drive to the video store, no chance of a movie being out of stock, no monthly fee, no waiting for the mail. . . . The MovieBeam service doesn’t require a computer or Internet connection, and it operates independently of your cable or satellite provider. The MovieBeam box, which looks like a slim DVD player without a slot for DVDs, is basically a smart hard disk drive that connects to your TV and receives new films every week via a small, inconspicuous indoor antenna.

Why is this significant? DeLong tells us:

it gives content significant leverage on piracy issues, vis-a-vis both ISPs and consumer electronics manufacturers. If piracy continues untrammeled, and the ISPs and the CE companies do not help, then the creators have the option of pulling back and distributing products solely through tightly tethered devices, which will certainly have DRM considerably harder than that that now protects DVDs.

Would this be done lightly? Of course not. The content industry does not want to obsolete millions of DVD players. But if movie piracy gets totally out of hand as broadband expands, and if other efforts to address it are stalled, what choice would there be? There would be no incentive to protect a DVD industry in which each movie sold one copy which was then replicated infinitely.

Let’s assume for the sake of argument that the MovieBeam device itself is hackproof. (It would be the first maintream consumer device in history to be unhackable) They still need a way to play the content. The MovieBeam device doesn’t have a screen. How will it do that? Adam Thierer gives us the answer:

Disney was the lead developer of this technology and has made sure it is a secure end-to-end connection. In particular, you find this in the fineprint of the website: “To watch High Definition (HD) movies, you need a high-definition television (HDTV) with an HDMI [High Definition Multimedia Interface] connection.”

That is crucial. Once you move people over to systems like this–and next generation high-def DVDs as well–you can PERFECTLY control the flow and use of content over the end-pipe. HDMI allows the content distributors to confirm a “digital handshake” with other devices in the user’s home and confirm that each device in the chain is HDCP-compliant (High-Definition Content Protection).

That’s true if we assume that no one reverse-engineers an HDCP device and figures out how to fake the handshake. But that’s not a reasonable assumption. Indeed, people have already discovered flaws in the HDCP protocol:

HDCP is fatally flawed. My results show that an experienced IT person can recover the HDCP master key in about 2 weeks using four computers and 50 HDCP displays. Once you know the master key, you can decrypt any movie, impersonate any HDCP device, and even create new HDCP devices that will work with the ‘official’ ones. This is really, really bad news for a security system. If this master key is ever published, HDCP will provide no protection whatsoever. The flaws in HDCP are not hard to find. As I like to say: ‘I was just reading it and it broke.’

The more fundamental problem is that even if Hollywood found a solution to this problem (say they started selling their own lines of proprietary TVs with MovieBeam built right in) it won’t do any good unless they stop selling movies in any format that interfaces with legacy hardware–and in this context, “legacy hardware” means every TV currently in existence. Because if they release a movie simultaneously via MovieBeam and (say) Blu-Ray, and Blu-Ray interfaces with HDCP, then the HDCP hack will be used to decode the Blu-Ray content and upload it to peer-to-peer sites.

For that matter, there are other leaks they’re unlikely to plug: often content shows up on peer-to-peer sites before it’s released to the public, placed there by Hollywood insiders who have access to the unencrypted content. That’s a social problem, not a technological one, and it’s not one they’re likely to solve.

And, as DeLong points out, it only takes one hacked device for the content to get released to peer-to-peer networks and replicated indefinitely.

So Hollywood is doomed, right? I don’t think so. I wonder if the movie industry has considered the possibility that most of their customers are not crooks. Maybe most customers will voluntarily pay for the legitimate content even if the same content is available online–either because it’s the right thing to do, or because it’s more convenient. And given that DRM has repeatedly failed, and looks no more likely to succeed in the future, perhaps it’s time to throw in the towel. All DRM accomplishes is to inconvenience paying customers.

SHARE:

Tim Lee / Timothy B. Lee (Contributor, 2004-2009) is an adjunct scholar at the Cato Institute. He is currently a PhD student and a member of the Center for Information Technology Policy at Princeton University. He contributes regularly to a variety of online publications, including Ars Technica, Techdirt, Cato @ Liberty, and The Angry Blog. He has been a Mac bigot since 1984, a Unix, vi, and Perl bigot since 1998, and a sworn enemy of HTML-formatted email for as long as certain companies have thought that was a good idea. You can reach him by email at leex1008@umn.edu.

Comments on this entry are closed.

Previous post:

Next post: