DRM in hardware

Story: Eben Moglen on GPL 3, Embedded Systems and Circumventable DRMTotal Replies: 3
Author Content
Skapare

Mar 31, 2006
9:25 AM EDT
DRM in software often means things won't even play in Linux. Whether you agree or disagree with the DRM tactics the content industries are using to squeeze more water out of stones, the fact is that DRM in software has been strictly a commercially licensed thing, and it has left Linux users out in the cold. When this started to happen, my own feelings were divided between hating the restrictions being applied, and hating the fact that for me, as a Linux and BSD user, I had nothing at all. They could make (and were starting to do so) music CDs (and presumably video DVDs) that I could pay for but could not play. But I did come up with an idea that would at least be consistent with their goals, and some of my goals. It would at least let me play what I paid for under their terms.

Content would be decrypted in the hardware instead of in the software. The host OS and the player applications would be little more than "bit jockeys", sending encrypted content into the hardware that did the decryption. Then at least Linux could do the same as Windows because there would be no need for software licensing.

This could actually work. And if they ever get smart enough, they might even do it. Of course, we might not like it as it could also make DRM harder to deal with; their restrictive terms could become even worse.

Your first thought might be that all you need to do is duplicate the encrypted bits and you still have a playable copy. You'd imagine massive file sharing of the encrypted files, and everyone playing them. But no, it would really be no different than if the decryption were in software. It would be harder to crack.

The hardware (a sound card, a video card, or a video monitor) wouldn't just blindly decrypt the content. In fact, it couldn't because it won't have the key. What it would have is its own private key of a public/private key pair. The public key part would be retrievable by software. Anyone can encode content with that public key which that device could then decrypt and play.

How the content industry would deploy DRM with this is by requiring the hardware makers to implement the DRM facility in exchange for acceptance of the public keys. No DRM, and the content industry wouldn't accept the device's public key.

But the content won't have to be specially encrypted for each device. Instead, all the content would be encrypted with the same key (and indeed, even sharable). It just won't play until the hardware device determines that the appropriate authorization exists. You'd get that by buying "playback rights" from the content industry (or its approved resellers). It would basically be a little certificate that includes a few things: an encrypted copy of the content's decryption key that requires the device's private key to make use of (e.g. decrypting the encrypted content decryption key ... have I lost you already?) ... and a set of hash verified DRM rules that spell out the terms under which you purchased the certificate for playback rights.

The certificate would only work on that one exact hardware device. Change hardware and you have to buy a new certificate, or hope the seller will let you get one more certificate for a lesser cost in exchange for your testimony that you no longer have that device. Actually, it would be good business for them to let you have a small finite number of playable devices (maybe 2 to 4) for each purchase. But it will be up to them, and they could choose to restrict your right instead of play fair.

There are some interesting aspects to this scheme. Of course one is that it can work through Linux because everything can be made totally open, up to the DRM implementations in hardware; no software licensing required.

Another interesting aspect is that the actual content, which is the bulky part that takes lots of storage and costs money to deliver, is all identical, making file trading and sharing actually work in the favor of the content industry. Instead of having to provide the download bandwidth, or physical media, for the content, you can instead get the content from your friends, or from any online source, paid for or free. It just won't play until you buy the certificate of playback rights.

The certificate of playback rights could also be handled in a number of ways. The playback rights could be time limited based on a clock built into the playback device. You might buy rights to play one song during only the month of April 2006. Or instead, you could buy rights to play every song that particular content publisher produces ... for only the month of April. Or you could buy the rights to play one particular song for all time. It would be a matter of what they are willing to sell, and what you (and the public) are willing to buy.

Playback rights for all songs (or movies) for a month would essentially be a monthly subscription. And I suspect the content industry might well be trying to move in that direction. Whether your collection is 100 songs or 100,000 songs, there's only so many hours in a month (around 720) which you could listen to music or watch videos. And the practical number (because you have to sleep and maybe do a few other things in life like go make some money to pay the content industry) will be less than that.

If they do move to this kind of hardware based strategy, GPL 3 won't really matter other than for what software might be running inside the hardware to implement the DRM. These devices might not even necessarily be PC plug in cards; they could be standalone devices connected by USB, Firewire, Ethernet, or Wireless. It might not even be necessary to have special software on your computer at all; just share your files that include the certificate and the encrypted content, and it plays (if you paid the piper).
r_a_trip

Apr 01, 2006
1:33 AM EDT
"The worst enemy of Freedom is a happy slave."

I'd rather starve the content industry to death by refusing to buy and watch their content than to be subjugated to their digital dictatures.

A business can expect me to be their customer if they know their place and treat me like a human being instead of a criminal without rights. Customer is King!

Just because the content industry wants to subjugate us doesn't mean we have to roll over and play dead.

Fight for your rights instead of whining that media playback on GNU/Linux is often shady. Don't sell your Freedom for the pleasure of watching mediocre artwork in captivity from "Hollywood".
Herschel_Cohen

Apr 01, 2006
9:19 AM EDT
r_a_trip - I suggest you post a few of your thoughts (no threats) on why you will not purchase their goods directly to the heads of the media giants.
jimf

Apr 01, 2006
9:46 AM EDT
r_a_trip wrote:
Quoting:Customer is King!


Wow, are you behind the times ;-)... MS, and a lot of their friends, threw that out a long time ago. Read the EULA.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!