the futility of DRM (Re: DMCA Crypto Software)

[Nomen Nescio]

Adam Back writes:

> So the problem I think higher level: the traitor tracing model is not
> practically usable.  ie. To have traitor tracing, you have to
> personalize the content by embeding identity in the watermark.  (The
> idea is that the watermark should be hard to remove, even if the
> content is readily obtainable in digital form.)
>
> But the security of identity capture for such a low value service (a
> few $ for a movie rental) limit what can economically be spent on
> assuring identity.  Therefor to break the system, you don't even
> bother renting enough different copies to overcome the traitor tracing
> system; you simply obtain a movie in a fake identity, or pluasibly
> deniably have someone "steal" your copy, or remotely compromise your
> machine that is playing it.  

Their intention is apparently not to watermark the user's identity
into the output in the sense of his name or credit card info; but
rather, to watermark an identifier of the unique key corresponding to
the player device (and possibly the keys of other devices in the data
processing chain).  The idea is that if high-quality digitized content
starts appearing on the net with its protection broken, you can use the
forensic watermark to go back and figure out which machine got hacked
in order to extract this data.  Then, future releases can exclude that
machine from being able to play them, in much the same way that satellite
broadcasts today exclude crypto cards which are no longer valid.

> And on a slightly different aspect of the picture, if you did consider
> that the digital copy would be hard to obtain (tamper resistant
> player, such as the DVD player model (without the software player
> option)), then you don't need watermarks, all you need is a signed
> identity of the movie renter's identity, and to make players have a
> policy of not playing unsigned content.

Their system allows things like DVDs to be pressed, distributed,
sit on shelves, and finally sold, all identical, and to create the
player-specific watermarks on the fly.

> But overall I think DRM is economically stupid, and that we are stuck
> in a bad local optima for content distribution industry, which is both
> bad for them, and bad for freedoms, and bad for the computer hardware
> industry.  DRM generically _can not_ stop copying, because
> watermarking doesn't work technically (traitor tracing past some low
> threshold), and doesn't work economically (because you can't afford
> good enough identity assurances to avoid plausibly deniable still
> watermarked copies, or copies obtained with forged identity).  

I suspect you are right that DRM ultimately cannot work for content
like movies and music.  Anything the human eye can see can be recorded
and transmitted.  The only way to prevent this would be extremely strict
technological regulation like hypothetical A-to-D converter restrictions.
Even then people will bootleg unauthorized hardware.

However DRM could be more successful in principle with active content like
video games.  You could have some kind of encrypted program which only
executes on a "black box" processor.  This does not seem to contradict
the laws of physics, as DRM of music and movies does.  Perhaps in the
future, all content will be active like games are today.  Imagine a song
or movie which was different every time you played it.  Static recordings
like we are familiar with might seem cheap, 1-dimensional shadows of
the real thing.

> Also digital content encrypted out to the monitor, video card,
> speakers encrypted to that output device with keys negotiated with the
> content provider is also stupid.  It places a silly burden on
> hardware, and won't stop copying.  High quality output devices,
> together with high quality personal capture devices, plus the
> existance of digital content inside the output devices mean that
> content will be captured digitally and re-encoded, or simply undergo a
> high quality D->A->D path.

The idea is that any such D->A->D conversion will introduce at least some
loss of quality.  Just as we see people being convinced today that super
audio CDs produce better sounding music than regular CDs (despite the
bandwidth limits of CDs being far higher than almost anyone can hear),
in the future people will be sold the idea that "pure" content is higher
quality than the free bootlegs on the net.  And technically the content
companies will be right, the original quality will be higher.  I agree
with you that with good enough technology, the difference can be made
arbitrarily small, but that may take some time.  Today it would probably
be difficult to reconstruct an HDTV quality picture by sticking a video
camera in front of a monitor, even with professional equipment.

I think the bottom line is that while the DRM strategy cannot work to
protect movies and music in the long run, it may have short term success
(the next few years, or even a decade or more).  And we should expect
to see a shift to active content over the next few decades, along with
more technology for black-box processors that execute encrypted code.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com