Ask Andre Hedrick About Hard Drive Copy Protection 166
You've read about it here on Slashdot and elsewhere: How the 4C Entity is developing copy protection mechanisms for removeable drives (floppies, DVDs, etc.) that can also be used on hard drives. But Linux kernel hacker Andre Hedrick, member of both linux-ide.org and the industry-wide Technical Committee T.13 that sets ATA hard drive interface standards, has been raising a ruckus about copy protection on your hard drive, and he, along with EFF and EPIC, is trying to get this idea killed (or at least muted). So post any questions you have for Andre about this whole thing below, and tomorrow we'll shoot 10 of the highest-moderated ones to him by email. We'll post Andre's answers as soon as he has time to get them back to us, which may be a bit because, he warns,"everyone else is hounding me ..."
Re: (Score:2)
Comment removed (Score:5)
Choices... (Score:5)
If this copy protection were to become mandatory, I can definately imagine the effects that it would cause. But what effects - both long and short term - do you feel this would cause?
--
Microsoft's stance. (Score:1)
--
I thought that ATA CPRM was already dead. (Score:3)
Either way, go get 'em Andre! I hope that you'll keep the Win2K users in mind as well, because no anti-DMCA techie leaves another anti-DMCA techie behind.
Hardware/Software (Score:2)
My question however, is that even if this standard is "beaten down" in ATA, how likely is it that a software-only solution could be devised? Don't hard drives already have unique ID numbers encoded on them?
Are we directing our attention to the wrong problem, where instead we should be clamouring for fair-use protections in general?
Perhaps this is too political a question, but I'd love to hear the thoughts of someone so close to the issue.
-Jason
Wasn't this already approved for SCSI? (Score:1)
My second question, does the 4C have even the slightest concern for the consumer in all of this?
What can we do to help you? (Score:5)
This proposal is a tragedy to personal liberties and freedoms (and rates pretty high on the Suck-o-Meter), and your efforts thus far are admirable.
So, I want to know, what can we do to help? Letter writing, calls, faxes? Stand around and go "Brrbbrrbb" with our lips?
How can we aid your efforts in the most effective way?
Re:Microsoft's stance. (Score:1)
"My hard disk was stolen, i have a backup, but the disk wont boot"
"Did it have CPRM enabled?"
"Yes, is that a problem"
"Yes, you have just lost all your data, permanently. Theres nothing we can do for you. Have a nice day (tm)"
Can we REALLY win? (Score:4)
Nodding to civil disobediance? (Score:2)
How to defeat it? (Score:5)
Better solution? (Score:4)
My question, though, stems from the fact that (like it or not) software companies are within their rights to get paid for software they write, and to set up their own price structure, and to prosecute those who steal their software.
So the question is: If this misguided idea of hardware-based copy protection gets successfully scuttled (and I hope it does), what better solution might there be for proprietary-model software companies that has the benefit of providing them superior protection from pirates without screwing the rest of the world out of the benefits of the currently open hardware model, such as "fair use" under copyright law?
My US$.02: Coming up with such a "third way" solution could go a long way toward killing media-based copy protection - give them an out, and they might take it.
OK,
- B
--
What manufacturers DO NOT support this? (Score:1)
I want to know where my money will go: Is VIA supporting this? And how about other hard-drive manufacturers: Seagate, Maxtor?
Would you advise buying Samsung and Fujitsu for IDE drives?
And finally: what IDE harddrive do you see yourself buying in a year?
Why just IDE and not SCSI ? (Score:1)
Re:Microsoft's stance. (Score:2)
I don't listen to MP3s or play DVDs (Score:5)
Where's the power (Score:2)
It is assumed that certain media conglomerates are responsible for this bug. Where does there power to move the hardware manufacturers come from?
Finally, do the manufacturers even care what Open Source advocates have to say, and if so what is the most effective way for Open Source advocates to provide input?
Firewire? (Score:1)
--
How does 4C justify their position? (Score:5)
John
Questions Answered (Score:1)
Let's see if Andre even comes close to the revelations and understanding that Jeeves provides.
Answer: (Score:1)
--
What Can I Do? (Score:2)
--Bill 'EvilBill' Adams
Re:How voluntary is voluntary? (Score:2)
Re:Firewire? (Score:1)
Re:Microsoft's stance. (Score:1)
You, sir, are fucken brilliant.
--
protections on fair use rights (Score:4)
---
Put your feet out and stop
I'm still confused (Score:5)
I gain the impression that compliant (presumably closed source) software encrypts data as it flows on and off the drive using keys which are specific to each drive. So, if the file is moved to a different drive it won't decrypt any longer? Have I got the right idea? If so, its only applicable to those prepared to run closed source software, right?
Re:Nodding to civil disobediance? (Score:3)
Lame (Score:1)
What in the mood of the T13 on this issue? (Score:5)
What is the mood of the T13 on the issue? Are you part of a minority, or part of the majority on this issue? Do you think you will win on this issue?
The Sounds (Score:1)
some questions:
1) Mutual hardware support in boxes. OSes, Other hardware, etc?
2) What will be allowed?
3) Owner should have the option of disabling. Like old satelite dish signal scrambling tecnology. (A person could buy a descrambler.) In this case, an interface that most users never see. Kind of like the preferences areas of most OSes that no one ever knows are there unless you go looking for them. Make it a Hard Drive BIOS with the ability to set it's parameters from the boot origin.
4) Will there be *tripwire* type logs that will be sent to some where indicating that copy material was attempted to be accessed or cracked?
5) Why this and not an attempt to control the art of Cr/Hacking? Not that I'm opposed to either, it's what feeds the industry...
.
Moving from hardware to IRL implementation (Score:2)
How would the drive know that something is 'legal'? Would it really have to contact a server somewhere to validate the software or file? What happens if you need to get the system operating to the point that you get a network connection to validate the OS, but can't get the system up to that point without validating that the OS is legal? I have no doubt that if CPRM is on a drive, that entities such as MS will require it be used.
Say that the 'go key' for the OS is stored on the drive in such a manner that it can access it without validating it with an external source. Would the same hold true for other files? What would prevent someone from developing an application that could generate a valid key, and either 'trick' the drive into accepting it, or in fact giving an 'a okay' signal itself without checking the drive in the first place?
It just seems to me that this is a no-win situation for everyone, as the less technically inclined will suffer greviously for the actions of a few, and the technically astitute will find ways around CPRM in short order, thus invalidating it's reason for existing.
Beneficial uses for this (Score:3)
Re:Choices... (Score:3)
I wonder though if those same users realize what we (meaning all those opposing these types of issues) are trying to save for them. If these censorship technologies get too strong of a foothold in the everyday lives of people, if it becomes impossible to buy a TV without some sort monitoring devce, or a HD with a chip that checks to see if you are "allowed" to copy that file, and these same technologies are protected so that we cannot remove them legally...Think of the future, it makes 1984 look simple.
So to Andre I ask:
Why do I supposedly need these tech in my HD, and how am I to be assured that it will never prevent me from using my PC in a matter that I wish whether that is legal or not?
Re:Lame (Score:1)
A bit more understanding next time please...
Isn't CPRM actually a Good Thing? (Score:2)
From what I understand, CPRM relies on not just a CPRM compliant drive, but also CPRM compliant software & CPRM compliant data. All CPRM does is allow CPRM data to be stored on a CPRM area of a CPRM protected hard drive with CPRM software.
Now, this doesn't actually stop anyone using the non-CPRM portion of the drive. In fact, the non-CPRM section of the drive operates as a normal harddrive. It doesn't stop me storing my MP3's that I downloaded from Napster, or that DivX;-) I leeched from Usenet. In short, it doesn't stop me doing anything I do now.
It seems that CPRM is the only way that these companies are ever going to accept the Internet as a viable distribution channel for their movies, music etc. Thats not to say that when CPRM becomes a standard, that people will stop trading non-CPRM media the same way they did before by ripping the CD, DVD etc.
So surely, if CPRM means that we can finally download those films & MP3's legitimatly, thats got to be a good thing? Those who still want to pirate their stuff can do so, CPRM doesn't stop them using the old piracy methods. The only possible downside to this is that 4C may exclude Open Source from implementing CPRM, but then surely they want CPRM to be accepted industry wide, so why would they do that?
Really, my question is, why are you so against CPRM? What does it stop us from doing that we don't do already, & why6 can't we just ignore it?
Killing the pirates? (Score:1)
-Foxxz
Re:Firewire? (Score:1)
They're going to put a state machine in all the flash chips so if I try to write an unapproved pattern to, say address 0x01FFF in Block 3, it refuses to accept it?
I think you must mean 'Modules which are made out of flash chips' or something. Flash chips have data busses, address busses, and control lines.
Why? (Score:1)
I mean, did anybody ask guys from IBM (face to face), for example:
Why do you want to implement this?
If so - what happened? What was the answer? I mean, do they start talking about 'copyright protection', 'request from MPAA/RIAA/whoever', or they even mention word 'consumer' somewhere in the sentence?
I found that "PR people" (I'm sure engineers don't give a damn about these things) can spend hours making press releases, but when you ask them direct question face-to-face, they get completely lost (meaning: you can easily see that they're lying, and have no idea what they're talking about). More the question is 'simple', more "I'm lost" faces we get.
Any experiences?
Re:How does 4C justify their position? (Score:5)
Isn't this just encryption support? (Score:1)
Perhaps companies could use it to make sure hard drives are unreadable outside their corporate networks or without a key stored on the employee's smart-card ID badge.
Hmmm... (Score:1)
What about educational fair use? (Score:2)
Re:Isn't this just encryption support? (Score:5)
"Sorry Mr. Judge, I cannot supply the data that was on the drive, as it is CPRM compliant and I do not have the keys to decrypt it any more."
Enforcement on Open Source platforms (Score:5)
"Titanic was 3hr and 17min long. They could have lost 3hr and 17min from that."
Please name names (Score:1)
I feel it would be proper for each one of us to personally share our deep felt feelings with the fine upstanding members of the committee.
Bounce-back hardware and filesystems (Score:1)
Also, wouldn't CPRM have to be built into exitsting filesystems? into existing OSes in order to sign individual files?
Re:What can we do to help you? (Score:1)
What can we do?
Letters to ignorant and ineffectual representatives?
Calls to faceless and uncaring corporations?
Protests on the campuses of universities already co-opted and servants or The Corporate Good(TM)?
I'll slap you all if you brand me a marxist, kids, but this collectivization of power into The Hand of the FedAOLWarnerMSFTSonyishibaBMG MCP is giving me the creeps. The monolithization of supposedly capitalist free society is acquiring a remarkable resemblance to the Central Committee for the Economic Plan of the Supreme Soviet. Or whatever.
Are we (the geek (sp. homo sapiens technii)) to be reduced to dissidents? This crap about re-wiring drives sounds like samizdat tape and document exchanging students behind The Wall in the 70's. This is nuts. Wake up, folks. The revolution IS being televised: and its like a bath of hot sweet honey that flows over you then suddenly turns to molten steel and then shifts into concrete.
This is crazy. And there is no "public figure" advocate to fight this garbage. No "media celebrity", no true statesman, no leader, no Joan of Arc.
Seriously, who's got an idea?
Pork Barrel Politics? (Score:2)
How does it relate to USB Copy Controls? (Score:2)
The USB Implementor's forum has defined some Content Security [usb.org] standards, evidently using a slightly different technical approach (different group of companies pushing it).
I'd be interested in comments from Andre about (a) whether this indicates fragmentation among advocates of copy controls, confusion, or perhaps something sinister; (b) how creators of USB-to-ATAPI style bridge products (usb storage devices) would decide which style copy control scheme to implement, assuming they really wanted to do so, (c) the degree having different copy control systems may be defensive efforts to make hardware products stop being commodities.
On issue (c), I just want to point out that consumers benefit from commodity products as much as they benefit from commodity data formats for the information they've acquired ... while vendors
of both hardware and digitized data can see both of those as
significant threats to business strategies that
rely on vendor control rather than
providing customer value.
virtual copy protected hard drives ? (Score:1)
That is, suppose someone takes a windows installation disk from their workplace, brings it home, and attempts to install it onto a plex86 running inside linux or FreeBSD or whatever. Can't they modify plex86 to make it virtualize the machine that the software was licensed to, down to any harddrive copyprotection and ethernet mac addresses or processor serial numbers or what have you ? Once one person figured out the details, couldn't they come up with simple, easy to use tools that would probe a computer and produce a configuration file to give the virtual computer software ?
I'm thinking that the PC, or any architecture which is open enough to be virtualized or emulated, is hard to use to control the delivery or use of content. In addition to lobbying to stop the copy-protection scheme, should we be focusing on making sure that the mechanisms to virtualize or emulate it are available in software ? If the proponents of the scheme where well informed of the efforts, then maybe they would see the futility of it and stop, devoting their resources to making their devices more useful (faster and bigger harddrives), not less useful.
criminalization of current practices? (Score:1)
Re:Hardware/Software (Score:2)
But what precisely are the large bank of keys also on the disk for? Do they come with protected items you buy? How are they involved in decoding?
The question of "optional" implementation of CPRM is a silly one. The whole SDMI plan is they wish to release music that can only be played by SDMI compliant devices. THe major record labels plan to use their oligopoly power to assure that almost all popular music can only be played by an SDMI compliant device.
So if you don't have a compliant hard drive in your computer, your computer won't be a compliant device, and it won't be able to play such music. You can download the music to your hard drive then copy it into your compliant portable player,
but it will only play in the player which knows how to decrypt it, not on your computer.
So you can "opt out" of having your hard drive have this function, but that doesn't matter to them.
What matters to them is that compatible players become wisespread, so that they feel a critical mass has been reached which will allow them to release content that can only be playd on compliant devices and not be hurting their market.
Or rather that the lost sales from people who don't have a compatible device, or have "turned it off" are, in their opinion, fewer than the lost sales from copyright infringement.
What happened to our right to archival copies? (Score:4)
This right never seems to be mentioned in the debates that I've seen, and yet it is something that is extremely important to the individual, especially when you are looking at software packages beomcing more and more expensive every year. If we've paid several thousand dollars for an Enterprise package like, say, Visual InterDev, having an archival copy of it is extremely important.
It doesn't appear as though the schemes for hard drive copy protection have any such concerns, much like all of the current pushes to reform copyright law.
We're living in an age when individual rights are being thrown over left and right in the name of profit margins, and it's projects like this that are eroding them.
"copy protection" propaganda (Score:2)
This isn't a question but it will help if /. and other sources of news use a term like "copy control" or "access control", depending on how it works, instead of the meaningless "copy protection". RMS has written on the subject and I tend to agree that the word "protection" lends a false air of credibility and necessity to these technological control schemes.
Imagine hearing a debate against "protection". Who in their right mind except a bunch of evil hackers would want to take away protection? Now imagine a debate against "control". Well that's good! Americans don't like to be controlled!
If they can use spin and propaganda to further their needs, I think we should too. Like when talking about "censorware", that word is really spin we use to make our message clearer.
Re:Isn't CPRM actually a Good Thing? (Score:1)
But we'll not be able to download them with an open-source app. CPRM + DMCA = no legal open source for popular media formats.
Re:How does 4C justify their position? (Score:2)
Which is bullshit, of course, because the media industry as tried repeatedly to turn the "set-top box" into the digital distribution point and failed everytime. The *only* thing that's worked is Internet-connected PCs and what comes with that is any damn applicaiton someone can dream up, copy prohibition or no. So, now the goal is to turn the PC back into that closed set-top.
Re:How does 4C justify their position? (Score:1)
I think thats the point, its not. The only person to benifit from hd copy protection is big corporations. Why don't they just come out and say that they think all consumers are thieving bastards and that they want to control what we can and cannot do on our computers.
What is really scarry is the fact that all it takes is the right ammount of money and you can have control over someone elses computer also (under hd copy protection).
What's does 4C get from copy protection? (Score:4)
I don't think that there are many customers who would prefer a copy protected drive. Why would a rational company ignore the desires of its customers in order to satisfy the desires of the companies who will benefit from these crippled drives?
Are they afraid of lawsuits? Legistlation? Are they being paid? Are they simply standing in solidarity with other multi-national corporations?
I don't understand why drive manufacturers are on board, and it seems to me that knowing why they're doing what they're doing would help us to think of effective strategies to comabat this noxiouis proposal.
Re:Isn't this just encryption support? (Score:1)
You can do this today if you really want to.
Why more things more complicated than they have to be. I want drives to be just a generic place to store crap. I don't want my drive "knowing" anything about my data except how to find a given cylinder/sector/head and how to cache the data in and out.
Re:What can we do to help you? (Score:1)
4C's legal defenses - how many attorneys? (Score:2)
Yet another useless organ: the appendix (Score:1)
How would this be enforced? (Score:2)
--Brogdon
New opening for viruses (Score:1)
If this is based off of DVD protection scheme then we know that was broken, but a DVD is read only, with a HD that seems to open a new form of abuse by virus creators.
Re:Lame (Score:1)
Don't I have to first be previously aware of Satirewire before I can be accused of ripping it off?
That depends on wheather or not they have filed a patent!
SFPCC (Score:1)
In an effort to help the Open Source trolling community, the Slashdot First Post Compensation Commission is prepared to offer you one US dollar.
All you have to do to claim your payment is e-mail us at sfpcc@hotmail.com [mailto] with the address to which you would like your compensation sent.
This offer only valid for US mailing addresses. Please allow 2 - 3 weeks for delivery. Please include in your e-mail a link to your first post.
Re:Why just IDE and not SCSI ? (Score:1)
SCSI is superior to IDE in all other ways (speed, access time, capacity, latency etc )
You forgot the one that decides most consumers - Price.
Also many of those factors have nothing to do with the interface used, SCSI is usally just the first to benefit from technological improvements in manufacturing that eventually get applied to IDE as well.
Sounds like a new use for VMWare to me! (Score:1)
Granted, I haven't looked at the specs themselves closely(are they available now?), but this seems like it will be more an enormous waste of time and money for anyone involved in it, followed by a short time of 'chaos' before the solution(s) come out- ways around this useless waste of an idea..
How will linux deal with the copy protect feature? (Score:3)
Aaron
That huge bank of keys (Score:3)
How can it work, anyway? Data goes to the disk, Data comes out of the disk, and can be grabbed. Encrypted data goes to the disk, comes out decrypted, and can be grabbed. If nothing else, someone can simulate a display/sound card on a virtual machine, and grab the data at that point. Once *one* person has extracted the data, it can be shared like any other data. They can not seriously hope to stop all email and file transfers, can they?
Is there a central authority? (Score:4)
Do you know if there are any patents or other legal tricks involved, so that ultimately, a manufacturer who decides to create CPRM-compliant drives will be forced to sign a contract with some single controlling monopolistic entity?
---
Is this already approved for SCSI and Firewire? (Score:5)
First off, is it true? Secondly, why hadn't we heard about this before? Can we expect this technology to be built into all new SCSI and Firwire hardware, or is "optional" there too?
W
-------------------
Re:Moving from hardware to IRL implementation (Score:1)
Microsoft has never used any copy protection on their os. Try copying any of the win 9x/NTx cds onto your hard drive and you will quickly learn that the only protection is the serial number. I seriously doubt that microsoft will make your computer dial up some number to check that you own the OS just becuase a new copy control has been built into the ata specs.
Re:Hmmm... (Score:4)
If things go badly, the only workable "crack" might need to be installed with a soldering iron and some expensive components. And once it's done, you might still need to crack all your legitimate software just to get it to think it's running on a compliant device rather than some evil pirate's machine.
It may be less than a year before we hear "If you've got nothing to hide, why do you have a problem with CPRM?"
Re:What about educational fair use? (Score:3)
Going by what Kaplin's ruling suggests, merely having the right to fair use does not give one the right to have the means to achieve that right.
If they can rig the market to preclude fair-use-compliant devices being sold, that's their prerogative.
Hopefully Kaplin's idiocy will be overturned, but I fear it might be the idiocy of the legal system at large.
Re:I'm still confused (Score:2)
Yes, yes, yes. I was about to ask the exact same thing.
In particular, I'd like to see when the data is encrypted/decrypted, and on what key.
For instance, if I buy a song on the internet via a proprietary browser, on a proprietary OS, and later play it with a proprietary music application, I fail to see why I can't fool the disk by writing a 'music' application that write the music back to the disk as a raw unencrypted mp3 file instead of playing it (by reverse engineering the player application, if necessary)
Please, please, enlighten me.
Btw, I am french, and I will now have to pay a 3.70 francs (about 70 cents) tax on the CD-Rs I use to do my weekly backup (a lot of thanks to the socialist government). I never 'pirated' music, but now feel entitled to.
Cheers,
--fred
DMCA (Score:2)
Re:Microsoft's stance. (Score:3)
Copy protection is only tangentially related to piracy. It is very easy (logical, IMHO) to be anti-piracy and anti-copyprotection.
This will just create additional expense for Microsoft, without having a significant effect on piracy. Copy protection normally only hurts legitimate users, not pirates.
---
Re:Isn't CPRM actually a Good Thing? (Score:3)
The Right to Read [fsf.org] is a small story written by RMS which I read some time ago.
When I first read it, I thought that (a) RMS is not a very good writer and (b) what he sketches is vastly exaggerated.
After seeing this copy protection scheme I still think RMS doesn't write very good stories, but I'm beginning to suspect that his dystopia isn't that far-fetched at all.
You see, hard drive encryption is not where it ends! Soon, everyone will be using it and you won't be able to get anything done for your school or company without it. Until now we have managed to avoid things like this but when cryptographic hard drives are involved, things will get a lot tougher. What will they come up with next?
Ironically, in this capitalist world it may not be the state muffling free speech and human rights but large corporations and cartels. We need a cushion between consumers and companies, being able to copy materials at will is one such cushion.
We're not the problem, so why target us? (Score:2)
Since a DVD pirate, with $20,000 worth of mastering equipment avaialable, can make perfect copies without decoding or altering the content, how will copy protection on my hard drive help thwart Chinese DVD piracy?
Who falls where when it comes to motive? (Score:2)
Is this the primary motivation?
If so, can we expect Apple (which prides itself on playing media) to fall in line with IBM etc (or at least quietly look in the other direction, happy to use to proceeds of CPRM but not dirty its hands creating it) ?
Should we expect companies that sell HDDs rather than computers (eg Maxtor, Seagate) to be fairly neutral in this (eg either way, they still sell their product), or support it (eg greater sales for IBM means greater HDD volumes which means higher profits) or against it (extra headaches)?
We know MS and some others are pretty loudly against it, but are there other relevant sectors of the industry that might play key roles that are currently being overlooked?
Are the legal precedents that will be set from the DeCSS trials likely to play a key role?
Lastly, would I be correct in my assumption that it is not actually within 4C's power to claim that CPRM is "optional" - it is completely up to the manufacturer of CPRM-compliant-software, as they can choose to write software that will not operate when CPRM features are turned off or absent?
Sensitivity of Corporations to Non-Business Issues (Score:2)
- Corporation implements (or proposes to implement) a technology designed to protect their business model that happens to trample on the rights of their customers
- Educated customer realizes implications, makes a big stink about it.
How sensitive are the corporations you've been dealing with to non-busines-related "huma rights" issues?
In other words, how big does the stink have to get before the profit provided by the implementation being disputed is no longer worth the effort?
Which I suppose is another way of asking "how much effort do we have to make before they'll back down?"
Re:criminalization of current practices? (Score:3)
My guess would be no need - an encrypted filesystem just makes the HDD look like a non CPRM compliant device. Once CPRM is established in the market, there will be a little label on the software box you buy:
Requires Pentium4 1Ghz, 256Mb RAM, 300Mb CPRM HDD.
If you're running an encyrpted filesystem, tough luck. Ditch your system or ditch the software. You can't have both. A non-CPRM disk will probably be like DVD player without CSS descrambling.
Re:Enforcement on Open Source platforms (Score:2)
At the cost of having the OS DMCA'd as an illegal circumvention device.
--
Is IBM aware that they harm their Linux investment (Score:2)
Is IBM aware of this?--or is it that IBM is so big, the part dealing with CPRM is unaware of the implications for Linux? If the latter, then maybe just making IBM aware of things will help to kill of CPRM, or at least IBM's support for it.
data recovery (Score:2)
What about CPRM's sister technologies? (Score:4)
CPRM is obviously just ONE of several technologies designed to build the CPSA (Content Protection System Architecture) framework, as described in the CPSA whitepaper [4centity.com] published by the 4C Entity.
Reportedly you're trying to convince the T.13 committee of introducing a possibility to opt-out of CPRM support for Linux.
What are your views on CPRM's sister technologies like CPPM (Content Protection for Prerecorded Media), DTCP (Digital Transmission Copy Protection), HDCP (High-bandwidth Digital Content Protection) etc. and their possible inclusion in upcoming devices such as DVD-RW recorders, Firewire and USB devices, DVI displays, etc.? Will Linux just not support these devices?
Re:Choices... (Score:2)
-----------------------
What Are The Hard Drive Manufacturers Thinking? (Score:3)
Hi Andre.
What the content providers really want is to impose their controls on the data they provide. E.g., they want to be able to impose policies like "single use", "pay-per-use", "time-limited", "give up to 4 copies to your friends", and so forth. They want to impose these policies using technology. That's fine by me: if customers find value in it, the content providers will get rich; if customers find insufficient value, content provider CEOs and VPs will find their bonuses shrinking when the stockholders hear they flushed millions of $$$ down the toilet.
To control content, the PC needs a tamper-resistant crypto module under the content provider's control. It could be a PCI card, a smart card, a parallel port dongle, a FireWire box, integrated with the motherboard chipset, yadda yadda yadda. The are only three requirements: 1) high bandwidth, and 2) tamper-resistance, and 3) easy access to a power supply. As long as these criteria are met, it really doesn't matter what location or form the cryptographic module takes.
It looks to me like the content control people listed every PC subsystem, and wrote off the ones that couldn't work. "RS-232 is too slow." "Smartcard reader is too expensive." "Video card OEMs would laugh at us." "Sound card OEMs would laugh at us." What they were left with was IDE/ATA: it has plenty of volume, power, and bandwidth, and hard drive OEMs might buy their stories.
This begs a question: why will the hard drive OEMs design, manufacture, and distribute their crypto module for free? What is in it for them? Designing custom, tamper-resistant silicon and firmware is expensive, and superfluous for data storage. Manufacturing the custom chips is expensive. (If a hard drive engineer told his boss he'd just added $2 to the manufacturing cost, he'd be picking his teeth up off the floor.) Supporting it will be tremendously expensive, requiring cooperation with OS vendors. Data loss and guilt-by-association could besmirch the OEM's reputation.
So here's my question(s): Have the hard drive pointy-haired bosses been sold swampland by the content providers? Will the crypto survive the merciless budget slashing manufacturing engineers at Seagate, IBM, Maxtor, and friends? Do the content providers really believe hard drives need crypto, or are they just looking for a free ride from the OEMs?
RAID, Defragging, Backups (Score:3)
Specifically, with RAID5, for example, which could very likely want to spread CPRM data across a number of disks, will CPRM muck up this process? Will the new spec allow me to swap disks if one is defective and retain my data? What are realistic problems with various RAID implementations?
Regarding backups, will restoring CPRM data to replacement disks abort a restore, either in part or in total? Will it limit itself to blocking just the CPRM data restoration or could it block the whole process?
Can I defrag a CPRM file?
Opting out (Score:2)
Also, since most CPRM compliant software would be windows based, would this not make Linux even more attractive as an alternative?
Re: (Score:2)
Re: (Score:2)
Technical weaknesses -- CSS round 2? (Score:2)
After digging through the specs I noticed that the encryption components appear to be based on 56-bit keyed C2 ciphers. The cipher appears to be a modified version of C2, the specs for which they had to send by regular mail.
The authentication phase (where the host software authenticates the drive) uses a 39-bit nonce (random number), which they claim doesn't have to be unpredictable. There is also, as you have noticed, an unused bit, always set to zero -- this makes me think that there's a back-door in the authentication system, perhaps to allow changing keys when they are inevitably cracked.
Security through obscurity, short key lengths, guessable random nonces for authentication, likely back-doors, an overly complex chain of security -- this sounds to me like another poorly designed protection scheme like CSS.
Do you feel that the 4C bunch hasn't learned much from the DeCSS debacle? How strong do you feel the actual security component of this system is (regardless of how notoriously bad an idea it is)? If the DMCA gets thrown out as unConstitutional as some think might happen, how high and dry will 4C be left when CPRM is open to reverse-engineering?
Can we twist IBM's arm? (Score:2)
I don't listen to MP3s; I rarely watch movies and don't expect to do so on my computer. All the closed source software I have (very little) is properly licensed and paid for. I am not a criminal. Having hardware copy protection on my computer does not benefit me at all, and it doesn't benefit the media industry at all (because I'm not stealing from them and I don't intend to).
If I have hardware copy protection in my computer, and it works perfectly always, I'm still paying for extra complexity that I don't want and don't need. If it fails, then I lose my valuable work. I don't like:
The Question
As I understand it, IBM is a big player in this game. IBM is genuinely putting a lot of effort into making relationships with the Open Source community. This move is (in my opinion) going to badly hurt the Open Source community. Can we put effective pressure on IBM to publicly renounce it?
Encrypted filesystem (Score:2)
Right... (Score:2)
Very true. We should not be negotiating on this issue. We should be telling them where they can stick their copy-protected devices.
Re:What can we do to help you? (Score:2)
What about the journalists that do hardware and computer reviews? Are they all in somebody's pocket already, or could they help spread the word in mainstream computing mags like PC Magazine and such? Would they do it, or are they beholden to the advertisers?