Managing Rights Management

Back in February I wondered about public tests of watermarking survivability besides the well-known SDMI related tests. Joe Winograd, CTO of watermarking company Verance, emailed the following information:

There have been 5 competitive, independent audio watermark technology evaluations held to date -- a list is provided at the bottom of the "Technology" page on Verance's web site here.

 

Of these, only one (JASRAC/CISAC/BIEM's STEP 2001) has distributed the results publicly.  An archived announcement of the results is here. The three part report is available here, here, and here.

Of the others, IFPI's MUSE results were distributed only to the member companies, 4C's results were provided only to SDMI, and SDMI's reports were distributed to the 200 member companies.  

 

There have been 2 competitive, independent, commercial, video watermark evaluations held that I am aware of (both under the auspices of the DVD CCA) but we did not participate and I don't think any results were publicly released.

Best, - Joe

Nate Lawson is a co-creator of the BD+ security layer on Blu-ray. He gave a talk at the recent RSA conference.that covers techniques for attacking DRM. His slides are posted here and are worth reviewing. Lawson writes:

Of course, people in glass houses should not throw rocks. As someone who had a part in developing BD+, I am biased toward thinking a different approach than mere broadcast encryption [e.g. AACS] is the only thing that has a chance of success in this rough world. The first BD+ discs were cracked in mid-March, and it remains to be seen how effective future updates will be. Unfortunately, I can’t comment on any details here. We’ll just have to watch and see how things work out the rest of this year.

2008 will prove whether a widely deployed scheme based on software protection is ultimately better or equivalent to the AACS approach. I have a high degree of confidence it will survive in the long run....

Sam Gustin reports on Conde Naste's Portfolio.com site that Warner Music's head honcho Edgar Bronfman, Jr. has hired noted music industry exec Jim Griffin, formerly Geffen Music's digital chief, to lead Warner's drive to fix the music industry's business model. Griffin will reportedly focus on getting the ISPs to add an amount to their subscriber fees that would underwrite access to all music tracks. An organization would be created to return fees to labels and artists. Gustin says that Griffin has a three year contract.

Maybe.

It will be interesting to see whether all the interested parties are willing to participate and on what terms. The major and lessor known artists, major and independent labels, royalty collecting societies (such as ASCAP, BMI, and CISAC), concert promoters, venue operators, fan zines and web sites, etc. may  have divergent economic interests. Griffin has a major cat herding effort in front of him.

According to this NYTimes article and other sources, Comcast has said that it will move to application neutral network management and disclose publicly its bandwidth management techniques. Tests by the Associated Press and the Electronic Frontier Foundation (among others) showed that Comcast was disrupting P2P traffic with forged packets.

The company initially veiled its traffic-management system in secrecy, saying openness would allow users to circumvent it. But on Thursday, Werner said the company would ''publish'' the new technique and take into account feedback from the Internet community.

Comcast has been hampering the BitTorrent file-sharing protocol, which together with the eDonkey protocol, accounts for about a third of all Internet traffic, according to figures from Arbor Networks. The vast majority of that is illegal sharing of copyright-protected files, but file-sharing is also emerging as a low-cost way of distributing legal content -- in particular, video.

On Tuesdays the USPTO issues new patents. Both of today's Spotlight patents address various ways of protecting media content. Assigned to Cinea, the first patent addresses techniques for optical content modulation for visual copyright protection. Assigned to Boeing, the second patent addresses watermarks for secure distribution of digital data.

As noted here yesterday, Slysoft claims that it's AnyDVD (HD) 6.4.0.0 software will remove the BD+ security component of Blu-ray HiDef optical discs. When asked for a comment, Eric Rodli, Macrovision's Executive Vice President & General Manager of Entertainment, had this to say via email:

“Macrovision does not comment on specific techniques or procedures that may directly impact the BD+ security technology.  BD+ is a security response system designed to react to security attacks, not prevent them entirely.  As part of this system, updated BD+ security code is continuously developed so that BD+ customers obtain ongoing value from the use of this technology.”

One of the major benefits of BD+ is that it is programmable security. Thus the cat and mouse game between those who apparently encourage piracy and the major studios and their technology partners remains intact.

SlySoft is again claiming that it's AnyDVD (HD) 6.4.0.0 software will remove the BD+ security component of Blu-ray. So far no comment from Sony, Macrovision who acquired the BD+ technology late last year from CRI, or the bdplusllc licensing authority. I've asked Macrovision to comment,  but so far no response.

As I noted back in November, it's entirely possible that the strongest versions of BD+ have not yet been deployed in order to gather information regarding the kinds of attacks that can be successful. This "honey pot" strategy might be a useful defensive tactic against hackers / crackers / pirates.

On Thursdays the USPTO publishes new patent applications. Both of today's Spotlight applications address copy protection / rights management for recording devices. Assigned to Sony, the first application discloses a security module in a recording device. The second application discloses copy protection techniques for devices, no assignee given.

According to the AP and NYtimes, Verizon is set to announce later today support for legal P2P filesharing companies and applications. Working with companies that use P2P and researchers at Yale University, Verizon will reportedly help P2P applications make more efficient use of the Net.

Verizon shared details about the structure of its network with the researchers and Pando in the ''P4P Working Group,'' created last summer, and they together created a system that connected users not randomly, but to other users close by.

In a traditional P2P network, if a Verizon customer downloads a file, only 6.3 percent of the data will come from another Verizon customer in the same city, said Doug Pasko, senior technologist at the company. In the ''P4P'' trial, 58 percent of the data came from nearby Verizon users, vastly reducing the company's cost of carrying the traffic.

Ya just have to love Variety-speak: "MPAA topper blasts Net neutrality."

"This effort is being called by its proponents 'Net neutrality,'" Glickman [MPAA's 'topper"] continued. "It's a clever name. But at the end of the day, there's nothing neutral about this for our customers or for our ability to make great movies in the future. Government regulation of the Internet would impede our ability to respond to consumers in innovative ways, and it would impair the ability of broadband providers to address the serious and rampant piracy problems occurring over their networks today ... Government regulation of the Internet would be a terrible reversal of American innovation policy."

Unnecessary alarmist misdirection aimed mainly at P2P file sharing, in my view.

Writing in CNet, Declan McCullagh exposes the kinds of consumer behavior that can bring the unwanted attention of RIAA's sleuths and law suits. This useful article covers shared folders, large collections of tunes, open wireless networks, and choice of P2P applications:

The RIAA has focused on copyright infringement on the more visible, centralized services such as Kazaa, Morpheus, and Grokster. It hasn't focused on file sharing through instant messaging or closed P2P networks. The more obscure the P2P network, the less likely it is to be monitored.

Writing in Content Agenda, Paul Sweeting notes in his Media Wonk blogicle attempts by British company New Medium Enterprises (NME) to market HD-VMD, a lower-cost, HiDef optical format and players.

Despite Blu-ray's triumph over HD DVD, it's far from clear that Blu-ray will become the sole--or even dominant--HD format around the world. Its high costs will remain a deterrent to consumers in many markets, some of whom will be open to lower-cost alternatives....

Is the movie download business like the record  business and should the lessons learned there be applied to movie and TV program downloads? Yes, says Frank Rose in Wired in an argument that seems a bit illogical:

The lessons from the music fiasco are clear: Trying to limit the inherent advantages of digital files is a losing strategy. The way to stop piracy is to make everything available — easily, legally, and at a fair price. But it's a lot of work to secure Internet rights to old films and TV series from writers, directors, composers, and the like, and the studios show little inclination to monkey around with their lucrative sales to premium channels like HBO — deals that don't affect DVD sales but are written in a way that can keep electronic distribution rights locked up for years. "There would be a lot fewer Mercedes pulling up to the Palm every day without those pay-TV deals," one exec quips. Right — but how many music moguls have you seen pulling up to the Palm lately?

If the music industry failed to monetize because of rampant piracy of a product that was provided on CDs without protection, and if the movie industry more successfully monetized by locking up content for a period of time on many channels, what's wrong with copy protection and DRM?

Wired has a good story on the contribution of BD+ to Blu-ray's besting HD-DVD in the HiDef optical disc format wars.

Sony's victory in the DVD format wars was largely due to its embrace and Toshiba's rejection of a sophisticated anti-copying scheme that promises to be relockable should it be cracked at some point in the future....

Paul Kocher, Cryptography Research's president and chief scientist, thinks HD DVD's decision not to adopt his technology eventually tipped the battle to Blu-ray.

"I don't want to pretend that security was the only thing that drove the content war," Kocher said. "But from a content perspective, I think security is the biggest overhang over the future of the studios and I think they realize that and they are doing what they can to deal with that."

HD-DVD: RIP.

One of the high level themes underlying today's FCC hearing on net neutrality is what's motivating Comcast to interfere with P2P traffic? Their answer is that they manage the use of a small number of users whose traffic my otherwise degrade the experience of the many more users who are not doing P2P.

Increasingly, P2P is being used to share or deliver video via the Internet. These video providers are increasingly competing with the Cable TV operators for audience, or in the vernacular, for eyeballs. This morning saw a demo and heard a presentation by Gilles BianRosa, CEO of  Vuze which uses P2P to distribute video programming across the net.

Factoid mentioned this morning: more content is downloaded from YouTube than was distributed across the Internet in 2000.

Verizon offers, for example, 20 megabits per second in each direction on its FiOS network and doesn't discriminate against P2P applications largely because of important architectual differences between FiOS and cable-based broadband networks.

So, why does Comcast interfere with P2P traffic? One possible answer is that they are trying to delay competition with its base Cable TV business.

This morning's session boiled down to whether Comcast and cable operators can manage their network by discriminating against specific applications such as Bit Torrent. Some argued that such discrimination is OK as long as the application discrimination is disclosed to consumers. Others argued that in a duopoly, disclosure isn't sufficient.  Therefore, Comcast and other, mostly cable ISPs, should be prevented from discrimination against specific apps.

It was also noted that the deep packet inspection technologies apparently being used to interfer with P2P traffic can also be used for content filtering and abridgment of speech not that anyone is doing that in the US.

We're off to the engineering session.

The Standard (and other sources) reports that Apple has been able to shut down a site that strips FairPlay DRM from iTunes files. The open source Hymm project received a "cease and desist" order from Apple attorney's.

iTunes customers can legitimately lose FairPlay DRM in order to play their music on other devices by burning a CD of their songs, and ripping that CD into a different format.

Hymn has complied with Apple's legal letter, removing download links to its software from its website and warning forum users not to post links to alternate download sources within its forums, or risk a ban.

Congressman Ed Markey's comments include an emphasis on free markets as the foundation for solving bandwidth and pricing issues. This should be No Country For Old Broadband. And Bit Torrent should not be Bit Trickle.

Also, check out the SaveTheInternet.com site and their FAQ on Net Neutrality.

I'm at the Havard Law School today. Thanks to the Berkman Center for Internet & Society, the FCC is conducting a public en banc hearing at the Harvard Law School on Net Neutrality (NN) and broadband management. There will be a live audo feed for those interested. I'll be blogging comments from time to time.

The Beeb reports that the government has indicated that ISPs must take steps to curb piracy or face legal sanctions.

The culture secretary said consultation would begin in spring and legislation could be implemented "by April 2009".

Representatives of the recording industry, who blame piracy for a slump in sales, welcomed the proposals.

"ISPs are in a unique position to make a difference and in doing so to reverse a culture of creation-without-reward that has proved so damaging to the whole music community over the last few years," said John Kennedy, head of the International Federation of the Phonographic Industry (IFPI).

I used to think the Brits were a bit smarter. Since the record business is global, the business model is just as broken abroad as it is here in the US.

CNet reports that the RIAA is shooting new threatening letters across the bows of numerous colleges and universities coast to coast in what must be a failed attempt to deter piracy.

Critics charge that the letters are just a scare tactic, and the RIAA has admitting to goofing on identifying copyright infringers in the past. But the music industry still views its prelawsuit campaign as an important deterrent. Without such action, "an emerging legal marketplace...would have struggled to gain traction," spokeswoman Cara Duckworth said in a press release.

To quote a Pete Seeger song, "when will they ever learn, when will they ever learn."

The record industry business model is broken. The music industry is alive and well. The labels and their trade association had better figure out something different than alienating the very people who sometimes buy their products.

Now that Blu-ray has won the HiDef optical disc format war, what is Blu-ray anyway?  Over on CoolGadgets there is a longish posting that provides a good overview, including a quick review of Blu-ray security technologies AACS, BD+, and ROM mark. ROM mark is an antipriracy feature that is a watermark on the physical disc so that players can check on the authenticity of the disc inserted in the drive and then refuse to play titles that lack the proper mark.

EFF staff technologist Seth Schoen writes that Adobe is adding DRM to the latest version of Flash. Why they are doing this is, of course, an interesting question. Schoen suggests that the major motivation seems to be Adobe's business model:

Users may also have to upgrade their Flash Player software (and open source alternatives like Gnash, which has been making rapid progress, may be unable to play the encrypted streams at all). Third-party software that can download Flash Video, like the most recent RealPlayer, will also break. But Adobe now has an incentive to push the use of DRM: it's only available to sites that use Flash Media Server 3 software, which starts at over $4,000 (with extra fees depending on the number of simultaneous streams).

So now that Toshiba has given up on HD-DVD, what's next for Blu-ray, the winning HiDef optical format? This is the question posed by Kelly Rush and posted on HiDefDigest. Rush's prognostications include the suggestion that "BD+ starts getting aggressive:"

Until now, studios haven't been overly-aggressive with pushing this; they haven't even really needed to yet, since BD+ has not been properly cracked. Expect the studios and the Blu-Ray alliance to monitor what happens in the piracy community extremely closely now, and start making aggressive changes, should the need arise. Also, don't be surprised if new updates are added to the specs if it looks like crackers are getting too close to a proper solution for the BD+ protection, that allow the studios to have even tighter control over the DRM (Sony and Blu-Ray have made it clear that they don't mind breaking certain capabilities on older-standard Blu-Ray players as they move forward).

Agreed.

Variety and Reuters are reporting that Toshiba has officially given up on HD-DVD, now leaving the market open to Sony-backed Blu-ray. Quoting from a Toshiba release, Variety says:

“As a result of recent market developments, the company has decided to discontinue sales and marketing of HD DVD players. Accordingly, Toshiba will begin to cease shipments of its HD DVD products to retail channels,” it said in the statement.

Reuters, the NYTimes, and other sources report that Toshiba is about to give up on HD-DVD. The combination of Wal-Mart, Netfix, and Warner moving exclusively to Blu-ray seems to have done the trick. As a consequence, the studios will be able to rely on superior anti-piracy technologies incorporated in Blu-ray, include the BD+ programmable security layer.

Reasons given by some for the end of the HiDef optical disc format war now include a concern that net distribution of HiDef video may supplant optical discs of whatever format in several years and the studios , consumer electronics companies, and others need a decent period before that happens to recover their respective investments. Matt Richtel and Eric Taub's NYT article noted:

Wal-Mart has announced on its blog that it will exclusively support Blu-ray HiDef optical disc format. This follows a similar announcement by Best Buy and Netflix.

[Tip o' the Hat to CS]. The BBC reports on efforts to extend the EU copyright period for music from 50 to 95 years.

The European Union's internal market commissioner Charlie McCreevy said that "copyright protection for Europe's performers represents a moral right to control the use of their work and earn a living from their performances".

"It is the performer who gives life to the composition and while most of us have no idea who wrote our favourite song, we can usually name the performer," he said.

Every Thursday the USPTO publishes new patent applications. Both of today's Spotlight applications address optical disc content security. Assigned to Vobile, the first application discloses techniques for fingerprinting and identifying digital versatile disc (DVDs). Assigned to CRI, the second application discloses a content security layer providing long-term renewable security that includes content watermarking.

Having trouble pirating Flash video streams? Want to know how Adobe is doing DRM in Flash? I recently came across Christopher Levy's worthwhile article in Streaming Media from last December. Levy tells all, so to speak. Among his points are:

...Adobe rolled out several upgrades to its Flash Media Server 2 that are DRM-like and provide greater security for Flash Video objects. If you are providing Flash content as a progressive download, users can record the content from the cache in their web browser using a “ripper.” However, streaming the content using the proprietary Adobe Real Time Messaging Protocol (RTMP) results in increased protection from rippers. From Adobe’s website: “By default, content delivered by Flash Media Server is wrapped inside an Adobe protocol called RTMP. Because this is an unpublished, proprietary format, none of the RTSP stream ripping programs have the capability to rip media delivered over Flash Media Server.” Adobe also supports simple domain and IP authentication schemas as well as SSL to further enhance the security of Flash content.

Netflix is going exclusively Blu-ray. Momentum seems to be building for Blu-ray and against HD-DVD. Perhaps the end of this optical disc format war is in sight. According to the AP:

Netflix has stocked both formats since they became available in 2006, but said the decision of four of the six major studios to issue films only in Blu-ray format made it likely that the Sony format will prevail.

"From the Netflix perspective, focusing on one format will enable us to create the best experience for subscribers," the company said, adding that not many customers order high-def DVDs.

The survivability of watermarks has been a hot topic for some time. Some independent work focuses on various sophisticated attacks to remove watermarks, for example, the Craver et al., paper relating to the SDMI challenge.

While there are numerous vendor claims of robustness that may well be true, does anyone know of a published study by independent consultants or academics that demonstrates that at least one commercially available watermarking technology survives digital / analog / digital (D/A/D/ transcoding in either the audio or video domains and/or that survives D/D transcoding (from MP3 to AAC or MPEG2 to MPEG4)?

While I believe that technical means can be useful in reducing piracy (e.g., Blu-ray's BD+ technology acquired late last year by Macrovision), I believe that the RIAA has been using litigation as a way of postponing the day when the major record labels are going to be forced significantly change their fundamental business models.

As reported here earlier, the RIAA has argued that ripping CDs is illegal. Not content to sue individuals for large sums of money, Ars Tecnica reports that the RIAA is now seeking through legislation to create a statutory penalty for ripping a CD that would add up to  $1.5M for a CD with a typical number of tracks.

The change to statutory damages is contained in the PRO-IP Act that is currently up for consideration in Congress. We've reported on the bill before, noting that Google's top copyright lawyer (and the man who wrote a seven-volume treatise on the subject of copyright law), William Patry, called the bill the most "outrageously gluttonous IP bill ever introduced in the US."

I'm reminded of the scene in Aliens when Riply and Newt have the following exchange:

Ripley: These people are here to protect you. They're soldiers.
Newt: It won't make any difference.

InfoWorld reports that the Swiss government has warned Logistep, a company that tracks file sharers, that its tactics may be illegal under Swiss law. Identifying file sharers is part of global antipriracy efforts that in the view of some compromises the privacy of individuals.

Logistep, which supplies information on suspected file sharers to law firms around the world for use in copyright violation cases, has until Feb. 9 to respond to the Federal Data Protection and Information Commissioner (FDPIC), said Marc Schaefer, the agency's legal advisor.

Under Swiss law, the identity of a subscriber to an ISP can only be revealed during the course of a criminal case, not a civil one, Schaefer said. The IP address of a computer controlled by the subscriber is considered "personal" information.

The Register (UK), among others, reports that users who upgrade to QT 7.4 are then unable to edit protected video files using Adobe's Premier and After Effects editing tools.

The error is the result of periodic checks QuickTime carries out on video files for piracy violations. Videos created using Adobe products don't supply the needed headers until the movies are rendered, prompting the overly protective QuickTime to conclude they are contraband that should be barred.

Another example of how not to do DRM. Sigh....