Thursday, May 03, 2007

Vindication - (The HD-DVD DRM Blowup)

At last count, the score was 550,000 (A round number coincidentally - but irrelevant). What is relevant is that this number represents the number of pages with the hexadecimal code that, along with some publicly available tools allows you unlock the DRM encryption on HD DVDs. Thousands of users decided to post the number on the Internet as defiance against the MPAA. Here is the rate at which this phenomenon grew:

Google hits
May 2nd 2pm 52,000
May 2nd 6pm 323,000
May 3rd, 5am 550,000


I don’t want to publish the hexadecimal string on my blog, because I don’t want a takedown. But because I also believe that it is immoral if not illegal. But then you have 550,000 other places you can get it. Slashdot for example: http://yro.slashdot.org/yro/07/05/01/1935250.shtml. You can even buy a T-Shirt with the code on it http://www.cafepress.com/umbers.129066329

So what does this prove? Why do I feel vindicated? I’ll tell you. I have always said – any encryption scheme can be broken, if all you need is the correct key and or algorithm. We know that in order to protect content – Audio, Video or for that matter any kind of content, you have to encrypt it. We all have used and some of us know about DVD-CSS – the CSS stands for Content Scrambling System and is used on all DVDs. Listen to this:

In the video world, CSS means an annoying, relatively weak encryption scheme found on most DVD-Video discs.

The program, called qrpff, can simultaneously decode and play DVDs. Qrpff is seven lines of Perl code that, … removes CSS, … [which is] used to provide digital protection to DVDs ... The code was released as the appeals phase of the DeCSS trial is beginning to gather steam. DeCSS is another program that removes CSS and allows for copying or viewing of DVDs.

What is important about DeCSS is that it was created by three people of which two remain anonymous and the third was then a teenager. One can safely presume that these three were teenage collaborators who broke this encryption scheme in their spare time. Apparently in about three months.

This is the scheme that the multi-billion dollar movie industry chose to protect their content worldwide. There are many such examples of encryption keys being compromised either by a hacker or by leaks (usually ex-employees with a grudge/vendetta).

A very simple explanation:

1. Copy protection typically consists of algorithms and keys, which can be discovered and/or broken.

2. So change the algorithm and/or the key as often as possible.

In other words, the answer to protecting content is not a really complicated or powerful algorithm. The answer is a comprehensive copy-protection scheme whose parameters change all the time. So, if one algorithm or key is compromised, you will at most lose a few items of content. Of course our L3 solution has some other features that are important too – such as “fingerprinting”, which allows you to trace the source of a pirated copy of the content.

It is time for content owners to go to the next level to protect their content. Use L3.

No comments: