HDCP master key is valid, encryption is now "only token protection"
September 17, 2010 12:41 PM   Subscribe

High-bandwidth Digital Content Protection (HDCP) is currently the most common form of digital transmission protection for high definition digital multimedia, requiring an unbroken chain of licensed products for content to play back for TV systems and computers. A possible "master key" was posted online earlier this week, and created quite a stir around the potential of this leak or reverse engineering. Intel, who developed the initial specification, has confirmed the validity of the "master key", but instead of coming up with a new protection scheme, will use "legal remedies, particularly under the DMCA (Digital Millennium Copyright Act)." In essence, the threat of legal action, rather than cryptography, is [Intel and the media companies] real tool against unapproved uses of digital content.

Media copy protection has been around, and circumvented, for quite a while. Content Scrambling System (CSS) is a relatively weak form of protection found on most DVDs, introduced in 1996 and the first tool to descramble the content was released in late 1999 by the Russian warez group DoD, though it couldn't copy all discs. A different group, including then 15-year-old "DVD Jon" (Jon Johansen), were also working towards the same goal at the same time. A few weeks after the first DVD ripper was released, Johansen's group shared their code with the Linux community, as there was no software to play DVDs on Linux. When the DeCSS code was released to the public, numerous lawsuits were filed including the first test of the controversial Digital Millennium Copyright Act (DMCA), cease and desist letters were sent to users who posted the code, and a lot of DeCSS artwork (covered bunches previously).

Round 2: Advanced Access Content System (AACS), a more complex encryption specification, was publicly released in April 2005. In December 2006, a HD-DVD backup tool was posted in an online forum. The program author's stated intent was to be able to play movies he bought on his non-HDCP HD monitor. Processing keys are the new DeCSS code, complete with Digg user revolt. The cat-and-mouse game of AACS revocations and media key blocks being discovered continues.

Round 3: BD+, which has a virtual machine as an intermediary between the disc and the player. The closed-source software company SlySoft were the first to crack BD+, resulting in a tug-of-war between BD+ revisions and SlySoft updates.

Unlike the previously covered specifications, HDCP is a transmission encryption, not a storage encryption. Instead of protecting the content of a disc, it ensures that all steps from the disc, digital TV, or streaming movie make it to the display through authorized components, preventing the content from being captured in the process. Though weaknesses in HDCP have been known for a while, there has not been a (publicly discussed) attempt to break HDCP. First mentioned on Twitter by "Intel Global PR," the new Twitter account sent out a single link to an anonymous post on Pastebin. In an online discussion, one of the HDCP flaw researchers commented that he thought it was probably the work of reverse engineering, as the master key is only known by a few individuals at the licensing authority, not manufacturers who would receive individual keys for products. Before the validity of the key was confirmed, Ed Felten posted a good write-up on Freedom To Tinker, where he summarized the potential impact by saying:
The impact of HDCP's failure on consumers will probably be minor. The main practical effect of HDCP has been to create one more way in which your electronics could fail to work properly with your TV. This is unlikely to change. Mainstream electronics makers will probably continue to take HDCP licenses and to use HDCP as they are now. There might be some differences at the margin, where manufacturers feel they can take a few more liberties to make things work for their customers.
There are already manufacturers "at the margin" who make HDCP filters that allow incomplete HDCP chains. Some obtain HDMI receiver chips that should have been reserved for other products, while others might find other ways to copy single HDCP keys. With the master key in the wild, the doors are wide open for new products from the margins.
posted by filthy light thief (82 comments total) 47 users marked this as a favorite
 
Engineers are the last anarchists.
posted by ZenMasterThis at 12:51 PM on September 17, 2010 [7 favorites]


Nice write up (and eponymous, too!)
posted by MikeKD at 12:52 PM on September 17, 2010 [1 favorite]


(nah, we want shit that should work together to, in facet, work together.)
posted by MikeKD at 12:53 PM on September 17, 2010 [1 favorite]


I just want to be able to play my BluRays in Ubuntu without having to rip and decrypt first. *sigh*
posted by kmz at 12:53 PM on September 17, 2010 [3 favorites]


great post as always mr thief
posted by kakarott999 at 1:05 PM on September 17, 2010


Excellent write-up. Thanks.
posted by mmrtnt at 1:12 PM on September 17, 2010


What kakarott999 said
posted by hypersloth at 1:13 PM on September 17, 2010


the threat of legal action, rather than cryptography, is [Intel and the media companies] real tool against unapproved uses of digital content.

All power flows out of the barrel of a gun.

Or more seriously, when has a static technology ever stayed resistant to attacks over the long term?
posted by tyllwin at 1:16 PM on September 17, 2010 [1 favorite]


The main practical effect of HDCP has been to create one more way in which your electronics could fail to work properly with your TV.

[Drooling, installs blu-ray drive in computer]

[Rents blu-ray copy of "Clash of The Titans"]

"Boo-yah! Time to Release the Krakken!... huh... Windows Media Player doesn't work..."

"Awww, File Explorer doesn't even recognize the disk.."

[Searches for free player online - installs Media Player Classic]

"Ok, can we Release the Krakken now?....awww, fuck!....."

[Studies long list of hacks required to play blu-ray with MPC]

"awwww, all i wanna do release the krakken..." (sigh)

[Installs stupid player software that came with blu-ray drive]

"yeah - now we're gonna Release the Krakk - wait, what? HDCP error?"

[runs HDCP compliance utility]

"Video card - check, drive - check, monitor - no HDCP support? Wha.. uhhh, no, that's not what..."

[looks up model number at manufacturers website]

"Yes, it does you bitch! YES IT DOES!"

[Runs utility again]

"Video card - check, drive - check, monitor - check. Huuuh.....

Alright, here comes the Krakken!"

[Starts movie]

"Uh-uh-uh, Releasing the Krakken, uh-uh-uh!"

[Player software crashes]

"AIEEEEEEEEE!"
posted by CynicalKnight at 1:23 PM on September 17, 2010 [70 favorites]


I was interested in the actual connections (if any) between HDCP and copying content. In short, there are easier ways to get content off of discs than through some complex act of tricking or faking HDCP compliance. With so many products having the potential for firmware upgrades, there could be growth in the modding of components (especially if you try using a forbidden product or key and have limited functions from a component, though I'm not sure if this feature has ever been used). But this might put a crimp in the (ridiculously expensive) Premium Video On Demand deal in the works, where home viewers could pay around $24.99 for a movie 60 days after its theatrical release, and up to $50 for a 30-day window. Why anyone would be so desperate to re-watch a movie at home as to pay $50, I do not know.

CynicalKnight - exactly. Less of that, more of watching movies when you want to again.
posted by filthy light thief at 1:26 PM on September 17, 2010 [2 favorites]


Why anyone would be so desperate to re-watch a movie at home as to pay $50, I do not know.

Because the movie theater tickets, food, and drink tab for a family or group of 4 or 5 often comes to well over $50? Admittedly you lose the big screen and sound system, but you gain comfort, wider food and beverage options, the absence of noisy strangers, the ability to pause or even rewatch the movie, etc.

It would be nice if you could only pay, say, $10 and then swear up and down that only one person would be watching the movie, but since the studios have no way of enforcing that the pricing targets the average movie-watching group.
posted by jedicus at 1:30 PM on September 17, 2010 [1 favorite]


Good. Let's do away with the electronic and digital tomfoolery that is DRM and fall back on legal remedies when true economic harm is done by piracy. Phantom "sales" don't count. Only if someone takes your intellectual property and tries to make money from it does it really have any demonstrable economic impact. Back to the good old days, when we could tape our records and share the tapes or make copies of pages of a book to share. Come after us if we try to sell those copies, though. But shorten that copyright to a reasonable duration. It's not supposed to be a permanent monopoly. I'm looking at you, Disney.
posted by Mental Wimp at 1:30 PM on September 17, 2010 [5 favorites]


p.s. And can I please be spared the 5-10 seconds of dead time while I stare at the FBI warning that has absolutely no relevance to me and is only an assertion of the company's right to make me stare at it if they want?
posted by Mental Wimp at 1:32 PM on September 17, 2010 [9 favorites]


p.p.s. And why do I have to sometimes stare at the French version after the English version fades? WTF?
posted by Mental Wimp at 1:33 PM on September 17, 2010 [1 favorite]


p.p.p.s And then they blast you with the anti-piracy video of would be downloaders stealing purses, kicking puppies, popping balloons, knocking ice cream off cones, and voting Republican.
posted by msbutah at 1:42 PM on September 17, 2010 [3 favorites]


[Rents blu-ray copy of "Clash of The Titans"]

...

[Player software crashes]



In this particular instance, I can only assume the player software was trying to spare you the miserable experience. Replaying the "Release the Kraken!" bit from the trailer on loop for 2 hours would be more fun, I suspect.
posted by kmz at 1:51 PM on September 17, 2010


Treating your customers like criminals is just plain good business; everyone knows that.
posted by ZenMasterThis at 1:51 PM on September 17, 2010 [3 favorites]


Just remember kids, this is hardware, not software. Until someone makes a hardware dongle to put in the middle (between your HDCP compliant player and your non-compliant monitor/tv/whatever), it will have little or no effect on the home user.
posted by blue_beetle at 1:57 PM on September 17, 2010


MPAA: Treating your customers like criminals is just plain good business.
Pirates: Treating criminals like your customers is just plain good business.
Home User: I just want to watch my stories!!!
posted by blue_beetle at 1:58 PM on September 17, 2010 [2 favorites]


Cynical Knight's story reminded me of this flowchart.
posted by fings at 2:01 PM on September 17, 2010 [16 favorites]


In practical terms, this doesn't have that much short-term meaning. HDCP, as filthy light thief says, is a method of encrypting transmission from a 'source' to a 'sink'. In computer terms, this would be the same as SSL being broken -- that is, that transmissions made over that medium can now be intercepted. But it doesn't change the encryption on the storage media, which was cracked long ago. You can already download Blu-Ray rips.

Further, while this would indeed allow movie piracy, it's a bad way to do it. The original source, assuming a Blu-Ray disc, is typically no more than 25 gigs. But that's heavily compressed. As it's decrypted to DVI, it expands enormously. If you invented an HDCP ripper, and copied all the bits that are coming out of a Blu-Ray player, it would take something like a terabyte to store a typical movie. Then you'd have to recompress it again to get any kind of a reasonable filesize, which would create generational losses -- twice-compressed videos look much worse, because the artifacts accumulate.

It would, in other words, work as a copying device, but would be inefficient, and would produce impaired quality. Since a better method already exists (cracking the Blu-Ray directly), there wouldn't be much point to doing so.

The biggest thing it may offer, at least in theory, is the ability to buy 'HDCP strippers' more easily. These are 'sink' devices that can correctly decrypt an HDCP stream, and then re-emit it as unencrypted DVI. There are lots of perfectly good HD televisions that don't have HDCP, for instance, and this kind of stripper would let you keep using them, even with high-def content. It should also allow devices to be built that would emit 1080p over analog component cables, which is perfectly possible, but disallowed by content producers. This will let you go back a few years more to TVs that don't have digital inputs.

These devices, however, will not be legal. Once you have one, the HDCP master key being compromised means that it should be possible to keep it working forever, since it should be easily possible to replace keys in the device. But getting one in the first place could be tricky.

There's no real reason to even HAVE HDCP, not really. With Blu-Ray already being cracked, all HDCP does it give you hassles for no good reason. These strippers will only be useful for interoperability, but you can bet your bottom dollar the content producers will go after them as hard as they can.

I suspect they'll try again on encryption, as well -- HDCP is permanently compromised, but they've shown absolutely no compunction against making perfectly good devices instantly obsolete before. They've seemed happy to do so, in fact. Forcing you to throw out perfectly good hardware and buy a replacement appears to be a net win from their perspective.
posted by Malor at 2:07 PM on September 17, 2010 [17 favorites]


s/it give/is give/
posted by Malor at 2:08 PM on September 17, 2010


That story about AACS being broken is hilarious. Here's what the guy who did it writes on the doom9 forum:
I just bought a HD-DVD drive to plug on my PC, and a HD movie, cool! But when I realized the 2 software
players on windows don't allowed me to play the movie at all, because my video card is not HDCP compliant and because I
have a HD monitor plugged with DVI interface, I started to get mad... This is not what we can call "fair use"! So I
decide to decrypt that movie.
This should be in business school textbooks under Consequences of Alienating Your Customers.
posted by crapmatic at 2:20 PM on September 17, 2010 [11 favorites]


The thing to understand about the DMCA is that this is how it is designed to work. One of the earliest arguments in Universal v. Corley (the 2600 DeCSS case) was that CSS is very bad at its job. DeCSS actually uses a master key that got out into the wild, but there was a strong argument, made in the trial court, that CSS is so bad at its job, and the availability of keys is so universal, that circumventing it is trivial. The DMCA makes it unlawful (among other things) to "circumvent[] a technological measure that effectively controls access to a work protected under this title". The argument was that CSS was so weak, as implemented, that it no longer "effectively" controlled access.

That argument was summarily rejected and has been ever since. The finding of the Court was, and has been in all similar cases, that the DMCA is designed to prohibit people from getting access if the rights-holder doesn't want them to have access--regardless of what technology is employed. People writing about this at the time in the legal press (including me) noted that there was absolutely no legal reason to continue developing new encryption methods for content distribution--rot13 would henceforth be enough. The only reason to keep encrypting things is that encryption is, on average, cheaper than litigation.

The point is that the DMCA is designed to be a shield for content distributors in the ongoing war of hackers against technology. It is designed to be a way for rights-holders to say: "we don't care if you can break our technology, we know you can break our technology, but you may not do anything once you have broken our technology". Corporations understand that they will always lose to hackers in the long run on technology and always win in the long run on legislation. Only (some) hackers fail to understand this equation.
posted by The Bellman at 2:25 PM on September 17, 2010 [12 favorites]


[Player software crashes]

"AIEEEEEEEEE!"


[Plugs computer into TV, Downloads blu-ray DVD rip]

Watches Krakken!

[Flips off HDCP]
posted by quin at 2:34 PM on September 17, 2010 [2 favorites]


Hint to content producers: Encryption is not effective if you give your enemy both the plain-text and the decryption device.

Hint to content producers: the end-viewer is not the enemy. Nor are they invading hordes. Stop putting walls between the product and the audience.

Things will get interesting when there is some viable bonus from online content associated with discs. Once that happens, I'm looking forward to a happy Steam-like system. Perhaps it'll be streaming content, like exclusive HD and online-only extras, only available if you have your disc in the player. Make the DRM something people don't notice, and give them a reason to jump some small hurdles (installing software, keeping the discs handy), and media will make money. Look to Valve for ideas, they made Russia a thriving game market.
posted by filthy light thief at 2:50 PM on September 17, 2010 [1 favorite]


The crack of HDCP is not a huge impact at this time, due to the fact that AACS is hacked.

If AACS (Blu-ray discs) wasn't hacked, this would be HUGE.

AACS has a procedure to deal with hacked keys, that involves sending out new keys. This is the reason that Blu-ray players, software and hardware, have to be updated all the time.

I don't think there's a way to solve the HDCP breach. HDCP theoretical vulnerability was known long ago, but when AACS fell, it really didn't matter any more.

Good write-up by filthy light thief!

I work on the inside of a major media behemoth, and I know that the Blu-ray team is working hard on making the process of simply watching a Blu-ray easy and quick. They know it's a huge issue.
posted by Argyle at 2:55 PM on September 17, 2010


So, I have a PS3 and it plays Blu-Rays just fine over HDMI to my 4-year-old Samsung HDTV. In other words, I've already got the hardware to watch these things, at a quite reasonable expense.

I wonder why everyone gets so crazy about all this, when the appropriate and legal gear is for the most part readily available and within an average consumer's means?

I mean, I get that the DRM is stupid, and don't even mention the vileness that is region coding.

But, is it really SO HORRIBLE to not be able to watch every bit of video you buy at the same resolution on every device you own that has a screen attached to it? Why would you want to go thru the time and effort needed to send 1080p over analog component to a TV that is old enough to not have been designed for it? Or to an older computer monitor when you can get a new one that will work for around $200? (I realize my position of Western privilege in this - my question is aimed at those with similar privilege.)

And yes, excellent post!
posted by zoogleplex at 3:41 PM on September 17, 2010


I was sure all this stuff would eventually fall, but I've been very surprised at how rapidly it happened. I'm a happy customer of SlySoft and I feel not the slightest bit of guilt for it.

Is there any industry that has ever survived while treating its customers as enemies?
posted by Chocolate Pickle at 3:49 PM on September 17, 2010


But, is it really SO HORRIBLE to not be able to watch every bit of video you buy at the same resolution on every device you own that has a screen attached to it?

Yes.

I don't know about you but I like being able to format shift my content to my iPhone.
posted by Talez at 4:06 PM on September 17, 2010


Why would you want to go thru the time and effort needed to send 1080p over analog component to a TV that is old enough to not have been designed for it?

Well, my mother, for instance, has an extremely expensive TV that, geeze, must be ten years old now. It does 1080i just fine, but it only has analog inputs. And it's HUGE. It would be fairly expensive to replace even now, and she doesn't have the money easily available to do it.

The old set works fine. There's no reason NOT to send it 1080i. Why should she waste a thousand dollars or more to do something that her TV is already perfectly capable of doing?
posted by Malor at 4:37 PM on September 17, 2010 [8 favorites]


Is there any industry that has ever survived while treating its customers as enemies?

Both Standard Oil and IBM were doing just fine until directly regulated by the government. And one could argue that the old Bell System was amazingly consumer-hostile, with their absolutely draconian rules about what could be plugged into a phone line, and their very high rates. They certainly weren't hurting for money, either.

I'd argue that they got away with it more thoroughly than the media companies do -- they had REAL monopolies, where content producers have one that's government-granted. Technical workarounds keep Big Media at least partially honest.
posted by Malor at 4:42 PM on September 17, 2010 [3 favorites]


DMCA is the law. Don't like it? Change the law.

I sell digital, creative works. If I make an effort to protect my copyrighted works, I should have the force of law behind me to enforce my rights. You know, like having a lock on the front door.
posted by andreaazure at 4:48 PM on September 17, 2010


DMCA is the law. Don't like it? Change the law.

brb going to raise a hundred million dollars and lobby the senate.
posted by hamida2242 at 5:05 PM on September 17, 2010 [21 favorites]


kmz: "I just want to be able to play my BluRays in Ubuntu without having to rip and decrypt first. *sigh*"

I wouldn't mind being able to watch Netflix streaming on my Ubuntu laptop but that's probably not going to happen anytime soon either.
posted by octothorpe at 5:06 PM on September 17, 2010 [1 favorite]


If I make an effort to protect my copyrighted works, I should have the force of law behind me to enforce my rights.

So before DMCA you had nothing? And now you're totally covered? Which part of the DMCA is protecting your work, specifically?
posted by RustyBrooks at 5:07 PM on September 17, 2010 [3 favorites]


Is there any industry that has ever survived while treating its customers as enemies?

cable companies, cell phone companies, private prison companies, tobacco, natural gas fracking, most types of insurance,
posted by hamida2242 at 5:08 PM on September 17, 2010 [3 favorites]


I wouldn't mind being able to watch Netflix streaming on my Ubuntu laptop

Is there a way to emulate whatever part of Windows that Netflix needs, or would that count as "circumvention?"
posted by hamida2242 at 5:10 PM on September 17, 2010


So before DMCA you had nothing? And now you're totally covered? Which part of the DMCA is protecting your work, specifically?
posted by RustyBrooks at 6:07 PM


I should have the right, as a content creator, to determine how my content is used. NOTE: Not resold -- I think the whole "we license and don't sell" thing is crap. But if I made a game for the Super NES, the DMCA says that you don't have the right to go and play it on your PC. Play it on your Super NES forever -- have fun! But as the owner of the rights to a work, I should say if, when and how my works should exist. And if I don't want you playing my game on the PC, then that should be the end of it. The free market should punish me if I'm being dumb... but I should have the right to make that mistake.

Same argument about movies and music and the like. The RIAA and the MPAA aren't wrong in going after the pirates -- ultimately, I think they are hurting themselves but it is their right to do so.
posted by andreaazure at 5:13 PM on September 17, 2010


I should have the right, as a content creator, to determine how my content is used.

Could I write a book and then have the right to say that it can't be read wile riding in an airplane?

How about a book on the 4th amendment, but it can't be read by anyone who wants to avoid drug possession charges (drug dealers are bad and scary and in some cases black and they might come near my children!)
posted by hamida2242 at 5:17 PM on September 17, 2010 [7 favorites]


Treating your customers like criminals is just plain good business; everyone knows that.

Time for me to set up my damn Blu-Ray drive on my computer to actually read a Blu-Ray disc and play it on my HDCP-compliant 40" LCD via my HDCP-compliant video card: 2.5 hours.

Time for me to purchase a .22 rifle, scope, 25 round banana clip and 1000 rounds of ammo, including the time for me to pass my background check: 30 minutes.

Yay America!
posted by Mister Fabulous at 5:21 PM on September 17, 2010


I should have the right, as a content creator, to determine how my content is used

*giggles uncontrollably*
posted by obiwanwasabi at 5:54 PM on September 17, 2010 [12 favorites]


I should have the right, as a content creator, to determine how my content is used.

This has never historically been true. If you write a book, when you sell that book, you have no control over how it's used. You have 'copyright' -- people who buy your goods can't make new copies. But if they want to scissor your magnum opus and use it for kindling, they're entitled. If they want to read every other word, they're entitled. If they want to read the last chapter first, they're entitled.

Artists have never had control over how their works are used.

NOTE: Not resold -- I think the whole "we license and don't sell" thing is crap.

But everything else you're saying here is in diametric opposition to that idea. If you sell it, you sold it, it's not yours anymore. That copy is gone, out of your control. Your other ideas simply don't work if you're really selling it -- everything else you're claiming indicates you believe you retain ownership, and can dictate terms of use.

This has never before been possible, and most of us out here on the other end of that imposed bargain don't like it. As long as I pay for a copy, I should be able to use that copy in any way, and on any device I want, whether you like it or not. I don't have the right to make copies and give them to others, but I have the right to use my good in any way that's convenient for me.

But if I made a game for the Super NES, the DMCA says that you don't have the right to go and play it on your PC.

No it doesn't. Interoperability is one of the exceptions that the Library of Congress has made. You explicitly don't have the right to dictate what hardware I use to play your game.

Play it on your Super NES forever -- have fun! But as the owner of the rights to a work, I should say if, when and how my works should exist.

Again, this is a new assertion, and it's direct opposition to what you said just a couple sentences before, that you believe you're selling a good. Here you're saying you're NOT selling a good, and you have the right to control its use forever.

If you try to impose those rules, the market will collectively flip you a bird and do it anyway -- and in the process, will buy it less than they would otherwise. Be a jerk if you like, but you'll make less money.

And if I don't want you playing my game on the PC, then that should be the end of it.

Not if you're actually selling your good.

The free market should punish me if I'm being dumb... but I should have the right to make that mistake.

You're perfectly free to do so. And we are imperfectly free to tell you to get stuffed.
posted by Malor at 5:55 PM on September 17, 2010 [21 favorites]


You're perfectly free to do so. And we are imperfectly free to tell you to get stuffed.
posted by Malor at 6:55 PM on September 17


Sure! Just don't break the law doing so. Make your own game - give money to another creator - post on the Internets and bring the lolz. Whatever makes you happy -- but follow the law in the meantime, 'k?

New media brings new abilities. And rights. And restrictions. This has always been true -- there was no law requiring seatbelts on horse buggys, but the car comes along and the rules need to change. Pre-internet rules about IP shouldn't be applied to post-internet life, the the two don't line up at all.
posted by andreaazure at 6:30 PM on September 17, 2010


Further, while this would indeed allow movie piracy, it's a bad way to do it. The original source, assuming a Blu-Ray disc, is typically no more than 25 gigs. But that's heavily compressed. As it's decrypted to DVI, it expands enormously. If you invented an HDCP ripper, and copied all the bits that are coming out of a Blu-Ray player, it would take something like a terabyte to store a typical movie. Then you'd have to recompress it again to get any kind of a reasonable filesize, which would create generational losses -- twice-compressed videos look much worse, because the artifacts accumulate.

This is contrary to the way I understand this whole process works.

What comes out of the end of an HDCP protected pipe is the uncompressed "original" source.
Re-compressing that would, in theory, create a better copy than re-compressing the .mts file (which is the compressed format stored on the blu-ray disk).
That is to say, you would not have a "twice-compressed" video if you used the HDCP method, but you do have a "twice-compressed" video if you are using the current method.

Also, a terabyte of space to use as tmp storage while you rip and re-encode is not much these days. Less than $100.
posted by madajb at 6:39 PM on September 17, 2010


The crack of HDCP is not a huge impact at this time, due to the fact that AACS is hacked.

If AACS (Blu-ray discs) wasn't hacked, this would be HUGE.


I use Linux full-time, so I'm in the blu-ray ghetto anyway, but my understanding is that AACS hasn't been "hacked" so much as been turned into a cat and mouse game involving leaked keys and endless rounds of fiddling.

So, the scene gets a hold of a new key, release it, everyone downloads it and is happy.
Then the manufacturers revoke it, new disks stop working, and everyone is sad.
The scene then gets a hold of a newer key, release it, everyone downloads it and is happy.
Rinse, repeat.

So, this HDCP leak, while still not very useful to me as a Linux user, more or less puts the nail in the coffin in the blu-ray copy protection scheme.
So long as you can make a perfect digital copy somewhere along the line, the manufacturers can play all the games they want with AACS, BD+, etc.
posted by madajb at 6:50 PM on September 17, 2010 [1 favorite]


This has always been true -- there was no law requiring seatbelts on horse buggys, but the car comes along and the rules need to change. Pre-internet rules about IP shouldn't be applied to post-internet life, the the two don't line up at all.
Yes, cars move much more quickly and travel much more densely--to keep people from dying, seat belt laws were passed. Kindly continue your analogy and explain why the Internet similarly necessitates restrictions on playing NES games on PCs... to keep people from dying, I guess.
posted by planet at 7:08 PM on September 17, 2010


How about... to keep the digital game industry from dying? Or, are we even allowed to attempt to sell games without fear of rampant piracy?

Piracy will always happen. And not everyone can get their games onto Steam (or another connected-DRM platform). But there is a difference between "there will always be some people that do this because there is always a bottom 10% in anything" and "we don't have the right to protect our work."

DMCA allows us to protect our work. If you believe that digital works don't deserve protection, we can have that debate. I believe they should, and DMCA gives us the tools to enforce those protections.
posted by andreaazure at 7:25 PM on September 17, 2010


What comes out of the end of an HDCP protected pipe is the uncompressed "original" source.

No, it's the output of whatever playback process happens on the HDCP source. Which for a Blu-Ray player is going to be "take the encrypted, compressed transport stream from the disc; decrypt and decompress it; re-encrypt it and squirt it out of the HDCP output".

You've already had one generational loss when the original data was compressed to fit onto the disc. Decompressing then recompressing introduces a second generational loss -- and the effect is the same if that happens in one place ("re-compressing the .mts") or in two places with an HDMI cable between them (the attack that the HDCP breach enables).
posted by We had a deal, Kyle at 7:30 PM on September 17, 2010


andreaazure wrote: "How about... to keep the digital game industry from dying? Or, are we even allowed to attempt to sell games without fear of rampant piracy?

Piracy will always happen. And not everyone can get their games onto Steam (or another connected-DRM platform). But there is a difference between "there will always be some people that do this because there is always a bottom 10% in anything" and "we don't have the right to protect our work."

DMCA allows us to protect our work. If you believe that digital works don't deserve protection, we can have that debate. I believe they should, and DMCA gives us the tools to enforce those protections.
"

So is it about piracy or is about locking those who own copies of your work into one particular platform?

Your work is protected by copyright law with or without DMCA. DMCA does nothing for you except make it more illegal to copy your work in certain situations. The copying was already against the law, irrespective of any circumvention of access controls that may or may not have to happen for a person to illicitly copy your work.
posted by wierdo at 7:43 PM on September 17, 2010


Again: locks on the front door.

Without encryption, it might not be obvious that copying isn't ok. With encryption, there is a lock on the front door that makes it clear -- and removes the "I didn't know" / "everyone can easily copy" defense.
posted by andreaazure at 7:47 PM on September 17, 2010 [1 favorite]


blue_beetle : Just remember kids, this is hardware, not software.

Three words:

Virtual.
Video.
Driver.

Intel tried to spin this as a hardware-only hack, but that just doesn't hold true - This key gives us the ability to have any arbitrary program "prove" itself as HDCP-compliant, even if it does nothing but write raw data to disk.
posted by pla at 8:52 PM on September 17, 2010 [1 favorite]


andreaazure you don't need the DMCA to use encryption. Using your locks on the front door analogy. It is already illegal for me to trespass or enter your property without your permission. Locks are a good way to help me keep that in mind. The DMCA is a law that says I am not allowed to pick locks. Mind you, without the DMCA it would still be illegal for me to pick your lock and enter your property without your permission.
Of course if you were renting the property to me it would be legal for me to enter the property, but the DMCA says it is illegal to pick locks, so even tho I'm allowed to pass thru that door, if I lost my key, picking the lock isn't an option.
posted by MrBobaFett at 9:19 PM on September 17, 2010 [1 favorite]


andreaazure wrote: "Without encryption, it might not be obvious that copying isn't ok."

You're perfectly free to encrypt your works or use other forms of copy protection even in the absence of the DMCA. Back when I started playing PC games, that took the form of the "enter the third word on the fifth line of page two of the owners manual" sort of stuff.

I reiterate, DMCA does nothing for content creators. It does a lot of good for ISPs, and does a lot of bad for legitimate consumers.

Let me tell you a story: I own a 60GB PlayStation 3. The reason I bought it back in 2007 was so that I could run Linux on it and learn to program the Cell processor. After a while, I happened to see that there were some interesting looking games I might enjoy, so I bought a few, and suddenly it became both a Linux box and a game console for me. A few months back, Sony decided unilaterally that I have to either give up Linux on my PS3 or forgo future firmware updates and Playstation Network access. That means (mostly) no new games and no online gaming. That part doesn't even bother me so much.

What does bother me is that I spent about a thousand bucks on downloadable content for various games I like to play. If the hard drive in my PS3 craps out, it's all gone forever. I can't get it back without giving up Linux on my PS3. It's illegal for me to circumvent their copy protection to ensure that doesn't happen, thanks to the DMCA. It's also illegal for me to break the system so that I can continue to run Linux on it and still have access to content I paid for. Much of it can't be backed up with a system backup (some can, but the vast majority that I have doesn't allow it)

I'm sorry, but that is patently ridiculous. Even more so since the DMCA doesn't actually get you anything. If they copy your work, it's against the law regardless of the DMCA. The DMCA does not grant you any special ability that you didn't have before it existed. It does nothing to help you, the ostensible recipient of its benefit and works to my significant detriment. So why exactly should I be injured in order for you to have nothing more than you had before?

It's a terrible law, about on par with the failed Communications Decency Act as far as the ratio of unintended consequences to helpful provisions.
posted by wierdo at 9:25 PM on September 17, 2010 [9 favorites]


Why anyone would be so desperate to re-watch a movie at home as to pay $50, I do not know.

1/ I have yet to see a movie that would cost me $50 outside of the likes of the Critereon Collection, in which case I'm typically getting huge amounts of documentary and whatnot.

2/ If you've never seen a movie you want to watch more than a couple of times, I can only pity the filthy, impoverished existence you lead.
posted by rodgerd at 9:40 PM on September 17, 2010 [1 favorite]


No, it's the output of whatever playback process happens on the HDCP source
True enough I suppose, I was thinking mainly of blu-ray since that seemed to be the main point of contention in this thread.

Are there HDCP sources that have compressed output? Seems to kind of defeat the purpose.
I guess if you are sending a transport stream to be decoded elsewhere it'd be sent compressed but I don't pay close enough attention to all these new-fangled formats. heh.
posted by madajb at 9:42 PM on September 17, 2010


How about... to keep the digital game industry from dying?

Heh.
I had Copy II PC way back in 1982. Even had the hardware controller board.
Copywright as well for those games that those two couldn't handle.*

Back then, people used the exact same arguments as they do today for stupid, inconvenient, consumer unfriendly copy-protection systems and yet, here we are with a video game industry that makes more sales than Hollywood.

The thing I find interesting about all this is that copy-protection virtually went away for a while. It seemed like the producers had finally learned that inconveniencing your customers to chase phantom sales was a losing strategy.
Then low and behold, they invented "DRM" which is just a fancy moniker for the same old crap and now we have to have the same silly arms-race all over again.

* For the record, I don't play video games anymore, so this is just a misspent youth talking.
posted by madajb at 9:54 PM on September 17, 2010


How about... to keep the digital game industry from dying?

Wait, wait, I can do this too:

So kinda like...how Henry Ford kept the blacksmith industry from dying...by, um...retraining them to forge seatbelt buckles from horse shoes...no, wait...

Wow. It's harder to be this obtuse than it looks.
posted by obiwanwasabi at 2:53 AM on September 18, 2010 [1 favorite]


True enough I suppose, I was thinking mainly of blu-ray since that seemed to be the main point of contention in this thread.

Any practical video format (including the VC-1, MPEG2, and AVC formats used on Blu-ray) is going to use lossy compression. This is not a lossless zip file, where the original data is sent over the HDCP-protected wire. The video data is just an imperfect copy of the data that the movie studios have. Since the source we have is a lossy copy, it is always going to objectively have the best quality, compared to any possible format downstream.

If we want to make a copy of the video, this leak gives us another choice of how to copy it. Making a copy of the video via cracked HDCP or cracked AACS will yield the same result (a lossy copy of an already lossy source). Yet copying via cracked HDCP is a dumb idea if your goal is to release a copied movie on the web. It's only useful if the source's DRM is unbroken. But that's not the case for DVD, HD-DVD, Blu-ray, DVD-Audio, iTunes, ... most music and movie sources.
posted by Monochrome at 4:48 AM on September 18, 2010


I'm a former employee of Sony. What SCEA did with removing Linux was _horrible business_, in my personal opinion. It isn't difficult to find abuse cases like that, and those cases should be stopped. Or, petition the Library of Congress and get an exception.

The comments about "DMCA gives you nothing" aren't true. They give additional negative consequences for breaking the law. Clearly, the existing consequences weren't enough. DMCA was a reaction to Napster et. al., just as other laws many people don't like are reactions to other things they don't like. (9/11 -> Patriot Act is one of my prime examples -- and no, Napster isn't the same as 9/11. Yey preemptive strawman avoidance!)

I don't like many of the unintended consequences -- I don't like many of the INTENDED consequences of DMCA. And yet, in the opinion of this game industry professional, it is worth it. That's going to be unpopular among the piracy crowd (which I don't care about). That's not going to be popular among the "my stuff my rights" crowd (which I do).

Again, it is what it is. Don't like it? Change the law.

/obtuse
posted by andreaazure at 7:48 AM on September 18, 2010


Did you just compare the DMCA to the Patriot Act as a way of defending it? Because oddly I would also compare the two as examples of bad laws.
Also I can't change the law. Those laws are bought and paid for by large corporations like Sony, et al. They have a much larger war chest than I and everyone I know.
posted by MrBobaFett at 8:33 AM on September 18, 2010


Did you just compare the DMCA to the Patriot Act as a way of defending it?

No.

DMCA was a reaction to Napster et. al., just as other laws many people don't like are reactions to other things they don't like

The way I read that, andreaazure wasn't defending the Patriot Act, but pointing out parallels in reactionary legislature.
posted by filthy light thief at 9:00 AM on September 18, 2010


How about... to keep the digital game industry from dying?

I always love this argument - especially since it usually comes from people who just hate government interference in the marketplace, otherwise. It's really a case of whose ox is getting gored, innit?

It's not the public's duty to save the industry. It's the industry's duty to make itself relevant. DRM is the strongarm way to do it; it's the easy way out, avoiding competition and creativity. There are many, many other ways to keep the industry from dying. How about competing on price? How about competing on value-added extras? Etc., etc.
posted by Benny Andajetz at 9:53 AM on September 18, 2010 [3 favorites]


andreaazure wrote: "Clearly, the existing consequences weren't enough. "

Uh, the added consequences have quite obviously done nothing to stem the tide of illicit copying. I continue to stand by my assertion that the DMCA has done nothing for you (or me). The only beneficiaries are attorneys and ISPs.
posted by wierdo at 10:13 AM on September 18, 2010


andreaazure: That's going to be unpopular among the piracy crowd (which I don't care about). That's not going to be popular among the "my stuff my rights" crowd (which I do).

Just so you know, there is a non-zero population which is the former as a result of being the latter. That is to say there are plenty of people who are happy to pay for media but unwilling to pay for media that they don't own and cannot consume in a way which is useful to them. Spending 40$ on a BlueRay might be acceptable, but buying a physical disk that cannot be played on hardware capable of reading it is a lot less acceptable. Especially if you already bought the movie on VHS and DVD in the past dozen years. Maybe if you could make the useless plastic disk into something more useful to you it would be more acceptable, but then that would be directly contra the DMCA.
posted by paisley henosis at 10:43 AM on September 18, 2010 [1 favorite]


It's not the public's duty to save the industry. It's the industry's duty to make itself relevant.

Exactly this. andreaazure's attitude makes about as much sense as banning by-owner sales of real property in order to save the real estate brokerage industry, because now you can do by-owner sales on the Internet. New method of linking buyers and sellers, new rules, right?
posted by one more dead town's last parade at 10:44 AM on September 18, 2010


Exactly this. andreaazure's attitude makes about as much sense as banning by-owner sales of real property in order to save the real estate brokerage industry, because now you can do by-owner sales on the Internet. New method of linking buyers and sellers, new rules, right?

Ecept you're not competiong by funding and producing movies that preset an alternative. You're competing by ripping off someone else's work and giving it away.

Wake me up when the piracy lobby actually start making games and movies anyone gives a shit about, instead of palming off other people's work. You aren't Henry Ford, no matter how much mental masturbation is applied.
posted by rodgerd at 11:49 AM on September 18, 2010


The comments about "DMCA gives you nothing" aren't true. They give additional negative consequences for breaking the law.

So less than nothing, then? Glad we're all in agreement.
posted by mek at 12:25 PM on September 18, 2010


Uh, rodgerd, is there anyone here claiming that the illicit copiers are somehow "competing"? Those of us who are going on about the DMCA don't seem to be. We're saying that the DMCA makes it easier for companies to screw legitimate purchasers of content while doing absolutely nothing to stop illicit copying.

That's got fuck all to do with producing more content or illicit copying, for that matter.
posted by wierdo at 1:44 PM on September 18, 2010


Some people commenting here appear to be convinced that the DMCA offers a deterrence effect, which encourages would-be pirates to buy when they would otherwise steal (if the DMCA did not exist). That's pure speculation on their part, though. I don't think many people seriously consider the possibility of being sued when they download an album. (I certainly don't give a shit.)
posted by mek at 2:43 PM on September 18, 2010


The DMCA's anti-circumvision provisions are not what allows them to sue alleged copyright infringers.
posted by wierdo at 2:59 PM on September 18, 2010 [1 favorite]


me: "But, is it really SO HORRIBLE to not be able to watch every bit of video you buy at the same resolution on every device you own that has a screen attached to it?

Talez: "Yes. I don't know about you but I like being able to format shift my content to my iPhone."

See now, this is what I like about the Star Trek (2009) Blu-Ray set that I bought: it includes a disk with a "digital copy" of the film that's specifically designed to work via iTunes (and I think a few other media apps), a legal copy that's a value add from the publisher. If you use iTunes or some other apps, you don't need to rip the Blu-Ray.

I do use iTunes, so I have this copy on my MBP and my iPad, which are the only other screens I use. It looks great on both, even though it must be 720p.

So Paramount did something smart with this film, that lets me legally watch it on other devices if I don't want to (horror of horrors) actually get up out of my office chair, go into the living room, and stick the disc into my PS3.

IMO, a far better way to combat piracy. More releases should be done this way.

For the record, I use Handbrake to rip DVDs that I want to make "portable" - but not many of them. I personally don't need instant access to my entire video library on every screen I own. I don't entirely understand people who do (unless they're in the actual film biz I suppose), but each to their own.

Malor: "Well, my mother, for instance, has an extremely expensive TV that, geeze, must be ten years old now. It does 1080i just fine, but it only has analog inputs. And it's HUGE. It would be fairly expensive to replace even now, and she doesn't have the money easily available to do it.

The old set works fine. There's no reason NOT to send it 1080i. Why should she waste a thousand dollars or more to do something that her TV is already perfectly capable of doing?


(very minor hair split:) I said 1080p. Analog component can already carry 1080i, can it not? Would you not be able to plug a compliant device in with analog component and get 1080i to this screen? (I have the older XBox360 without HDMI, so I use component for it; I personally can't see any difference in how it looks on the same games compared to my friend's newer one with HDMI and 1080p native)(/vmhs)

I'm sure the DMCA/HDCP supporters would argue (I would not, but I'm just advancing this) that since the TV doesn't have digital inputs, it is by definition not "perfectly capable" and should be replaced with something that is, something with HDMI that can take 1080p.

Finally: I understand your mom's situation and personally I agree with you wanting to be able to keep the device and add newer gear to it. However, will you allow that this situation may be a statistical outlier among media consumers?

I guess I'm what I'm getting at is that I feel like within the set "media consumers," the subset "ravenous continuous media consumers who are also power-nerd enough to have all sorts of tech gear that isn't a living-room-type entertainment system" is probably a small (but clearly vocal) minority. Most of the larger set either updates their hardware often enough that this wouldn't be an issue (like myself) or just don't care that much - there are people still running DVD players into ancient TVs (often with tubes that are worn to the point of atrocious color shift) thru an antenna converter box... or worse, still watching VHS tapes.

All the foofawraw from power-nerds - which which, again, I don't disagree - may not really make that much of a difference to the relationship of content publishers to media consumers as a whole - except specifically in terms of "distributed piracy " (i.e. rip and fileshare) as opposed to "home piracy" (i.e. rip and only use yourself).

Nothing anyone does with encryption or forced hardware compliance is going to stop the distributed piracy, ever. As we see here via the FPP.
posted by zoogleplex at 4:17 PM on September 18, 2010


The DMCA's anti-circumvision provisions are not what allows them to sue alleged copyright infringers.

Indeed, and all the more reason the DMCA-as-piracy-deterrence argument is absurd.
posted by mek at 5:14 PM on September 18, 2010


zoogleplex wrote: ""home piracy" (i.e. rip and only use yourself)."

Format shifting, presuming you can do so without breaking the encryption is perfectly legal. It's OK to copy the bits to a different device to use the content you bought. That's simply not copyright infringement.

Calling violating the anti-circumvention provision of the DMCA "piracy" when there's no copyright infringement occurring is a pretty big stretch.
posted by wierdo at 8:06 PM on September 18, 2010


You're competing by ripping off someone else's work and giving it away.

Where are you getting that idea? I said nothing of the sort.

Twenty years ago, you could not stop me from purchasing a book or CD and enjoying it on a train, or on my porch, or in Canada. Now, you've got people like andreaazure saying that, because we have new technology (digital media and the Internet), they have new "rights" to restrict time- and format-shifting that have absolutely no parallels in history, and which outweigh existing and established fair-use rights.

Saying that creators or distributors should be granted new artificial privileges after a sale of a work because it's made of bits and not vinyl or paper makes as little sense as saying that a "for sale" notice involving a house should be different because it's made of bits and not newsprint.
posted by one more dead town's last parade at 8:31 PM on September 18, 2010 [1 favorite]


DMCA was a reaction to Napster et. al.

A lurker sent me an email about this. DMCA was 1998, napster was launched in 1999. A nitpick maybe, but DMCA was not a response to napster.
posted by RustyBrooks at 9:21 PM on September 18, 2010 [1 favorite]


"Calling violating the anti-circumvention provision of the DMCA "piracy" when there's no copyright infringement occurring is a pretty big stretch."

Quite right. It seems like the whole HDCP thing is silly in that light, doesn't it?

Why would you need HDCP on the hardware if it's legal to make your own copy using the gear you have, especially if the only legal way involves making some kind of "generation down" copy, i.e. not bit-for-bit? Isn't that acting as if making any copy, even for a format shift for yourself, is piracy?

But how do you do it without breaking the encryption? When I make a Handbrake or RipIt bit-for-bit rip from a commercial DVD, aren't I circumventing CSS and thus violating DMCA? It may not be a copyright infringement, so okay, not actually "piracy," but it's still against the law, yes?

So we've got one law saying "it's okay to make copies for yourself and format-shift" and another law saying "you can't make any kind of copy at all if the original data is encrypted." Am I understanding that correctly?
posted by zoogleplex at 9:53 PM on September 18, 2010


The comments about "DMCA gives you nothing" aren't true. They give additional negative consequences for breaking the law.
Actually that's not what the (relevant part of) the DMCA does. It outlaws a wide swath of activities which are not copyright infringement, which are not otherwise illegal, and which people generally viewed as perfectly legitimate and moral. (For example, playing a new disc on an old TV.) The claim is that it's necessary to criminalize these things in order to prevent copyright infringement, but I think that claim is pretty much unsupported.

Thing is, even you claim that the goal is not just to maintain existing copyright, but to acquire additional power for content-owners over content-users. It's not about protecting copyrights.
posted by hattifattener at 10:21 PM on September 18, 2010 [1 favorite]


zoogleplex : So we've got one law saying "it's okay to make copies for yourself and format-shift" and another law saying "you can't make any kind of copy at all if the original data is encrypted." Am I understanding that correctly?

Spot-on. We have the right to do X as long as we don't do a required prerequisite to X.
posted by pla at 6:14 AM on September 19, 2010 [1 favorite]


DMCA was a reaction to Napster et. al.

A lurker sent me an email about this. DMCA was 1998, napster was launched in 1999. A nitpick maybe, but DMCA was not a response to napster.


Moreover, DMCA is a law that implements two 1996 treaties of the World Intellectual Property Organization (WIPO). Bonus fact: when Napster was sued by A&M Records via RIAA, and Napster tried to use the the Digital Millennium Copyright Act's safe harbor clause in their defense.
posted by filthy light thief at 9:21 AM on September 19, 2010 [2 favorites]


zoogleplex wrote: "But how do you do it without breaking the encryption? When I make a Handbrake or RipIt bit-for-bit rip from a commercial DVD, aren't I circumventing CSS and thus violating DMCA? It may not be a copyright infringement, so okay, not actually "piracy," but it's still against the law, yes?

So we've got one law saying "it's okay to make copies for yourself and format-shift" and another law saying "you can't make any kind of copy at all if the original data is encrypted." Am I understanding that correctly?
"

Yeah, that's pretty much it. There is at least one company making a "DVD jukebox" that rips the DVD to a hard drive, but leaves the encryption intact. The company has a proper CSS license so can decrypt on playback and not fall under the anti-circumvention provision.
posted by wierdo at 9:30 AM on September 19, 2010


Okay, I'm glad I'm grokking this. Given that set of circumstances, all the encryption and HDCP is ridiculous, IMO. Clearly it isn't stopping or even slowing rip-and-fileshare, and in the case of personal format shifting it's obviously unenforceable.

Utter waste of time, money and R&D effort.

Still, I stand by my thought that unfair as this is, among the majority of media consumers, it's probably a non-issue because of average hardware turnover rates.

now watch this one bites me in the ass within 6 months
posted by zoogleplex at 12:20 PM on September 19, 2010 [1 favorite]


« Older Hallo Löwenmensch   |   It's a shoop. Newer »


This thread has been archived and is closed to new comments