Cory Doctorow talk at Microsoft on DRM
I've read this interesting talk about copyright, technology and DRM that Cory Doctorow gave to people at Microsoft. I agree with him in general, although, in my opinion, the following paragraphs could take readers to wrong conclusions about DRM as related to FAIRCOPY (disclosure: I'm the founder/developer/... of FAIRCOPY) :
I would like to comment on this because some people erroneously think that FAIRCOPY uses DRM. What Cory describes is not necessarily DRM. In my opinion, to qualify as DRM the technology should try to control the use of the DRM-protected work after you have bought it. This is certainly the case for digital downloads of songs provided by some services that try to stop you, by means of DRM technology, from burning them into CDs or sharing them with other people (songs can only be played on your hardware or on a limited number of devices).
FAIRCOPY's use of ciphering matches Cory's description of the application of ciphering to DRM, but FAIRCOPY's use of ciphering is clearly not DRM because it's only used to prevent people from accessing the content of a sharable EFC file without paying, but once you have paid, you get the content without any protection, there's no technology trying to control the use of the work that you bought (although there's an economical incentive for sharing the EFC files that hopefully will be more effective at stopping people from sharing the decrypted work than any technology).
Cryptography -- secret writing -- is the practice of keeping secrets. It involves three parties: a sender, a receiver and an attacker (actually, there can be more attackers, senders and recipients, but let's keep this simple). We usually call these people Alice, Bob and Carol.
(...)
In DRM, the attacker is *also the recipient*. It's not Alice and Bob and Carol, it's just Alice and Bob. Alice sells Bob a DVD. She sells Bob a DVD player. The DVD has a movie on it -- say, Pirates of the Caribbean -- and it's enciphered with an algorithm called CSS -- Content Scrambling System. The DVD player has a CSS un-scrambler.
Now, let's take stock of what's a secret here: the cipher is well-known. The ciphertext is most assuredly in enemy hands, arrr. So what? As long as the key is secret from the attacker, we're golden.
But there's the rub. Alice wants Bob to buy Pirates of the Caribbean from her. Bob will only buy Pirates of the Caribbean if he can descramble the CSS-encrypted VOB -- video object -- on his DVD player. Otherwise, the disc is only useful to Bob as a drinks-coaster. So Alice has to provide Bob -- the attacker -- with the key, the cipher and the ciphertext.
Hilarity ensues.
DRM systems are broken in minutes, sometimes days. Rarely, months. It's not because the people who think them up are stupid. It's not because the people who break them are smart. It's not because there's a flaw in the algorithms. At the end of the day, all DRM systems share a common vulnerability: they provide their attackers with ciphertext, the cipher and the key. At this point, the secret isn't a secret anymore.
I would like to comment on this because some people erroneously think that FAIRCOPY uses DRM. What Cory describes is not necessarily DRM. In my opinion, to qualify as DRM the technology should try to control the use of the DRM-protected work after you have bought it. This is certainly the case for digital downloads of songs provided by some services that try to stop you, by means of DRM technology, from burning them into CDs or sharing them with other people (songs can only be played on your hardware or on a limited number of devices).
FAIRCOPY's use of ciphering matches Cory's description of the application of ciphering to DRM, but FAIRCOPY's use of ciphering is clearly not DRM because it's only used to prevent people from accessing the content of a sharable EFC file without paying, but once you have paid, you get the content without any protection, there's no technology trying to control the use of the work that you bought (although there's an economical incentive for sharing the EFC files that hopefully will be more effective at stopping people from sharing the decrypted work than any technology).
0 Comments:
Post a Comment
<< Home