Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:00 AM

Hurray for Hollywood!?

Why only total control will satisfy content providers (and Microsoft and Apple)

One day soon you will be able to watch Blue-Ray and HD-DVD movies on your Wintel PC (well, as soon as the audio-video device manufacturers line up and play by the Draconian rules being imposed by Microsoft if they want to support Vista), but this capability comes at a serious price.

When Microsoft bows to the will of Hollywood in the name of "premium content protection," design decisions in Vista get hairy, and the Vista user experience gets crippled as an unintended side effect. Maybe Microsoft is going too far to implement hard core data security. But why would they do that? Three letters: DRM.

Felten Forecasts the Future
Princeton Professor Ed Felten is a sane voice in the often arcane world that has grown up at the intersection of public policy and technology. Made famous by his early work in Java security (which we collaborated on) and his work with the Department of Justice in the Microsoft antitrust trial, Professor Felten took a sabbatical at Stanford Law School some years ago with Larry Lessig and came out a technological freedom fighter of the first order.

His well-read, excellent Freedom to Tinker blog explains complex technology policy issues in clear and certain terms.

Felten has an interesting view of the brave new world we may be creating for ourselves if we continue to traipse happily along the current DRM path. He paints a picture of a future in which interoperability is hampered in the name of content protection -- where Pilot pens only work on Pilot paper, where Schick razors only work with Schick razor cartridges, where Garanimals shirts only stay tucked into Garanimals pants, where HP print cartridges only work in HP printers (hey wait...), and where Hollywood HD content only runs on Microsoft Vista computers. All of this gets enforced by secret cryptographic handshakes between things.

His argument is subtle and rests on the idea that DRM is less about protecting content (something that copyright law is supposed to do) and more about price discrimination and product lock-in. You can already see evidence of this today. Millions of iPod users are blithely unaware that they could store their music collections as mobile and "free" MP3 files instead of as Apple's crippled ACC files (which you can't even share easily with your spouse). Those of us in the know may use MP3, but we are a distinct minority.

Felten coined the term Property Rights Management as a way to co-opt the momentum behind the more standard DRM term and to properly invoke the ominous nature of the trend.

Goodbye Cruel Vista?
Right. Surely computer manufacturers would never follow some insidious Hollywood lead as a reaction to possible piracy of their valuable content, would they? According to my kiwi friend Peter Gutmann, the answer is yes.

Peter recently posted a technical working paper that raged into the mainstream in a fit of YouTube-like viral emailing. The "Executive Executive Summary" of his paper states, "The Vista Content Protection specification could very well constitute the longest suicide note in history," an allusion to '80s British politics. All humor aside, Peter paints a technically deep and profoundly disturbing picture of the ways in which Microsoft has adjusted Vista (even Vista's requirements) in order to support Hollywood's demand for "premium content protection."

He argues that protection of the HD content comes at a price payable in terms of system performance, stability, and cost. He further states that the design decisions that Microsoft has made ripple far beyond Vista to deeply impact "all hardware and software that will ever come into contact with Vista." Gutmann's document is really about collateral damage from radical DRM technology.

One example plucked from the many in Peter's paper describes how Vista is set up to covertly degrade HD signal "if premium content is present." The idea is to downgrade the signal using a "constrictor" so that the process directly impacts audio and video quality. (I assume that Peter means unlicensed HD content... not licensed content, but the constrictor seems to have been applied to his argument and I can't tell.)

The spec even calls for "slightly fuzzy" pictures and sound that are "fuzzy with less detail." The purpose may be to prevent the utterly simple ripping of perfectly pirated copies of copyrighted Disney content (and an opening run in the Chinese black market that nets $30,000 for a million copies).

But think about the implications for medical imaging. I sincerely hope that next time I have an MRI that they aren't playing some pirated "premium content" Tim McGraw CD to drown out the whirring of the spiraling emitter. (I wouldn't put it past the gum chewing, paid-by-the-hour technician though.)

This one example only begins to scratch the surface of Peter's paper which is well worth a read. He also describes (among other topics):

  • An interface for disabling premium hardware that does not support the crypto pipe
  • A system for overtly disabling some PC functionality dynamically
  • A plan to eliminate open source hardware support
  • The re-Balkanization of hardware drivers
  • A remote driver revocation capability (this one should be fun)
  • Serious economic impact in terms of hardware cost, CPU, and reliability

    If Peter were some raving lunatic, I would not point you to his stuff. Instead, Peter is the lionized creator of one of the world's best free crypto libraries. Plus he is an objective independent thinker who has proven over and over to be worth listening to. His perspective is worth considering.

    No matter whether Peter is right or wrong, it is worth gaining some understanding of the kinds of technical constraints we may be signing up for when we subscribe to iTunes or run Vista. The future of PRM is upon us, and it is quickly gaining ground inside the very computers we think of as our own. Time to invoke the brain...

    Gary McGraw is CTO of Cigital Inc. Special to Dark Reading

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
    Cybersecurity: What Is Truly Essential?
    Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
    3 Cybersecurity Myths to Bust
    Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
    Register for Dark Reading Newsletters
    White Papers
    Cartoon Contest
    Write a Caption, Win an Amazon Gift Card! Click Here
    Latest Comment: Google Maps is taking "interactive" to a whole new level!
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2021-05-18
    An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to allows a regular user to learn the scanning exclusion paths. This issue was discovered during external security research.
    PUBLISHED: 2021-05-18
    Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender GravityZone Business S...
    PUBLISHED: 2021-05-17
    Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post.
    PUBLISHED: 2021-05-17
    Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."
    PUBLISHED: 2021-05-17
    Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images."