Managing Rights Management

Nate Lawson is a co-creator of the BD+ security layer on Blu-ray. He gave a talk at the recent RSA conference.that covers techniques for attacking DRM. His slides are posted here and are worth reviewing. Lawson writes:

Of course, people in glass houses should not throw rocks. As someone who had a part in developing BD+, I am biased toward thinking a different approach than mere broadcast encryption [e.g. AACS] is the only thing that has a chance of success in this rough world. The first BD+ discs were cracked in mid-March, and it remains to be seen how effective future updates will be. Unfortunately, I can’t comment on any details here. We’ll just have to watch and see how things work out the rest of this year.

2008 will prove whether a widely deployed scheme based on software protection is ultimately better or equivalent to the AACS approach. I have a high degree of confidence it will survive in the long run....

EFF staff technologist Seth Schoen writes that Adobe is adding DRM to the latest version of Flash. Why they are doing this is, of course, an interesting question. Schoen suggests that the major motivation seems to be Adobe's business model:

Users may also have to upgrade their Flash Player software (and open source alternatives like Gnash, which has been making rapid progress, may be unable to play the encrypted streams at all). Third-party software that can download Flash Video, like the most recent RealPlayer, will also break. But Adobe now has an incentive to push the use of DRM: it's only available to sites that use Flash Media Server 3 software, which starts at over $4,000 (with extra fees depending on the number of simultaneous streams).

The issue of ad blocking has generated a few comments to a previously blogical on the topic. I've posted a quick poll on the subject which should appear at the top of the right column. In a few days I'll let Symantec know of the poll and the results.

Macrovision has announced the pending sale of its Business Software Unit to private equity firm Thoma Cressey Bravo. Included in the transaction are Flexnet copy protection solutions and InstallShield.

The transaction will result in a stand-alone company focused on providing solutions that help simplify the business relationship between software producers and enterprises. All products and associated support and services from within the Software Business Unit are part of the transaction. Mark Bishof, currently Macrovision’s Executive Vice President and General Manager of the Software Business Unit, will assume the role of CEO for the stand-alone software company following the close of the transaction.

It would appear that Macrovision is spinning this out to focus on higher margin and/or higher growth opportunities, such as the SPDC/BD+ technologies it acquired from Cryptography Research, Inc. at the end of last year. Macrovision will also be "digesting" the acquisition of Gemstar / TV Guide.

On Thursdays the USPTO publishes a new batch of patent applications. Both of today's Spotlight Applications address the use of watermarking. Assigned to Intertrust, the first applications discloses techniques for watermarking software and other media. Assigned to NEC (China) the second application discloses techniques for media program identification based on audio watermarking.

The Software Freedom Law Center (SFLC) has filed a copyright infringement lawsuit against Verizon  on behalf of the two principal developers of BusyBox, alleging violation of the GPL V2. BusyBox is a lightweight set of standard Unix utilities commonly used in embedded systems and is open source software licensed under GPL version 2.

An Information Week article says that:

The case against Verizon, however, marks the first time SFLC has sought to defend the GPL in court against a multibillion dollar industry giant. As such, it could provide a key test of the legal validity of the GPL -- a license that's used by thousands of open source developers. Some companies, includingMicrosoft (NSDQ: MSFT), have said they believe parts of the GPL are not legally enforceable.

The Associated Press' Brian Bergstein reports that anti-copying technologies may be reducing software piracy.

The technology has provoked some hostility, because it enables Microsoft to remotely examine user computers. After analyzing such information as the computer's manufacturer, hard drive serial number and Windows product identification, Microsoft can block access to certain software functions if it suspects the product was illegally copied.

Does possibly antagonizing consumers actually benefit software publishers? At least in MSFT's case, it apparently does:

Microsoft does not offer piracy statistics specific for its software. But the company says it appears its plan is working. As evidence, the company notes that in the last quarter, Windows sales were up 20 percent while worldwide PC sales were up only 14 to 16 percent. Microsoft said the difference reflected the fact that people with counterfeit copies of Windows were having to put the real thing on their existing computers.

The Register (UK) reports that the Software Freedom Law Center announced that it has  reached an agreement with Monsoon Multimedia to end the SFLC's copyright infringement suit against the company.

With the actual settlement announced yesterday, the SFLC got what it was holding out for: money. The agreement includes an "undisclosed amount of financial consideration" for the plaintiffs, and also requires Monsoon to publish the source code, appoint an Open Source Compliance Officer and notify previous recipients of the software about their rights under the GPL.

The Software Freedom Law Center has filed a law suit against Monsoon Multimedia seeking to enforce the terms of the General Public License V2 (not the more recent GPLv3).

Stephen Shankland writing on ZDNet says:

Dan Ravicher, SFLC's attorney on the case, said the suit isn't part of a broader effort to give GPL enforcement a stronger legal foundation. But the action has repercussions for a much larger audience than just the single defendant.

"There still appear to be flaming examples of either indifference to or outright disregard for the GPL," said James Harvey, an attorney with Hunton & Williams who is not involved with the suit. "I think those flaming examples will increasingly be called to order by somebody, whether SFLC, a copyright holder or someone else in the open-source ecosystem."

 

I spoke recently with Jan Samzelius, Chairman and CEO of ByteShield, which provides anti-piracy technologies and services to business and game software markets. An earlier blogicle described how the ByteShield solution works.

Here's the Podcast file (7:11 Minutes, MP3):

Download jan_samzelius_ceo_byteshield_podcast_91907.mp3

Index:

0:00 Introductions
0:11 Overview of ByteShield, brief history
0:40 The work factor or effort required to break copy protection
1:19 What's different about the ByteShield technology
2:38 Business model
3:11 Broad range of consumer licensing models supported
3:43 Advantages
4:40 Current customers, partners
5:34 Technology and services provider
6:05 Solving the piracy problem
6:55 Close

San Franciso startup ByteShield has developed software anti-piracy technologies that may be of interest to software and game publishers. Protected software is distributed to consumers minus a small portion that is required to enable execution. A connection with a server is required to pay for use in accordance with the business model established by the publisher. The small missing piece is then downloaded to the computer and effectively integrated with the much larger portion, thereby enabling execution of the game or other software.

Peter Gutmann is a researcher in the Computer Science Department, Auckland, NZ. He has published a very long and technically detailed report, A Cost Analysis of Windows Vista Content Protection, that probably will be accessible to only the most technically literate. Nonetheless, the paper is an exemplar of the kind of analysis that many aspire to, but that only few actually produce. It should be required reading for anyone who intends to build a HD video capable system based on a Vista machine and/or who is interested in system security issues.

At the risk of sounding like an apologist for Microsoft, there are real costs to the bleeding edge. I kept Windows XP SP2 rather than upgrading to Vista precisely because MSFT never gets the first release of anything right.

Some nits:

I've been playing a little bit (so far) with the RealPlayer 11 beta. Some observations:

Writing in Linux-Watch / eWeek, Steven J. Vaughan-Nichols wonders if anyone cares about GPLV3:

Fortune Magazine has an article in which  Microsoft General Counsel Brad Smith, and licensing chief Horacio Gutierrez assert that free and open source software ("FOSS") such as Linux infringe 235 Microsoft patents. More specifically,

[Gutierrez] says that the Linux kernel - the deepest layer of the free operating system, which interacts most directly with the computer hardware - violates 42 Microsoft patents. The Linux graphical user interfaces - essentially, the way design elements like menus and toolbars are set up - run afoul of another 65, he claims. The Open Office suite of programs, which is analogous to Microsoft Office, infringes 45 more. E-mail programs infringe 15, while other assorted FOSS programs allegedly transgress 68.

Another controversy worth watching.

The Register (UK) reports that virus writers are now using rootkit techniques. Snippet:

Virus writers have begun adding rootkit functionality as a component of commonplace malware such as MyDoom and Bagle. Rootkit technology is designed to hide the presence of malware on infected systems. Originally the technology featured only as a component of more sophisticated and exotic forms of malware. Now the technology has moved into the mainstream, anti-virus firm F-secure reports.

George Smith's article in the Village Voice describes virus writing in the '90s and the relationship of viruses to Sony's use of rootkit technologies for DRM. Snippets:

Check out Rob Enderle's overview of the Rootkit Rumpus. In addition to a good summary and useful pointers, he calls for a boycott of Sony products this season.  Avoiding those that rely on rootkits certainly makes lots of sense.

Lots has happened in the past few days:

Sony announced that it is halting  further use of rootkit-based copy protection. Numerous outlets reported that Sony has thrown in the towel on its current first4internet-based CD copy protection. This article from the Boston Globe is typical of the news coverage.

A number of lawsuits in Europe and the US have been filed. Information Week has an article describing the US class action suit.

The rootkit reportedly is spyware; it reports user's listening habits. So says Computer Associates.

And virus writers are exploiting the Sony DRM for Windows technology, this according to multiple articles including this one from the BBC.

Microsoft offers to remove the Sony rootkit spyware.

Several media outlets, including this CNET article, are reporting that Sony-BMG is responding to complaints about how their DRM adds hidden files by offering a patch for their CD-based DRM that was the subject of vociferous complaints and negative comments. The patch is being issued to antivirus companies so that the software can't hide. Sony-BMG and their copy protection partner First 4 Internet are taking this approach because many observed that the techniques being used by First 4 Internet could encourage virus writers to do the same.  Snippets from the CNET article:

[top o' the to a post on Dave Farber's IP list.]

With much more technical information than most readers will want, Mark Russinovich's blogicle on the SystemInternals blog describes how he discovered that the DRM included on Get Right with the Man  CD by the Van Zant brothers made major and undocumented changes to Windows XP operating system.

It is vital, I believe, for consumers to receive as much notice as possible about DRM technologies being installed on their system(s). Notice should include an obvious way to remove the DRM software with the understanding that if removed, the content may no longer be accessed under the licensed rights.

Especially in a world without widely adopted DRM standards and interoperability among DRM systems, installing multiple DRM systems, each of which modifies key system components and hides files, almost certainly will lead to conflicts among these DRM systems. The likely outcome will be that consumers will be faced with resolving difficult technical problems that they are ill equipped in most cases to fix themselves.

Snippets from Mark's blogicle:

John Borland's CNet article provides a very useful discussion of the DRM in MSFT's Vista operating system. Snippet:

Those interested in more information including technical details  regarding Sun's Open Media Commons DRM initiative should check out the Open Media Commons web site. The site is oriented mostly to developers.

Writing on HardwareAnalysis.com, Sander Sassen asserts that Microsoft and Intel are acting out of greed in their efforts to secure high definition video and other media content. Greed or smart business? I think the latter.

There is, by the way, nothing inherent in well-implemented rights management that prevents the rules associated with protected content to take into account many if not most "fair use" situations. The question is whether DRM technologies included in and/or layered on top of WinTel's DRM are sufficiently feature rich to enable those with rights in media content to define apparent fair uses, such as backup copies.

Snippets:

Stephen Shankland's CNET article on Sun's Open Media Commons is also worth reading. Among the points made is that Sun intends to creat a standard that is royalty-free because it gets around the variou s DRM patents belonging to InterTrust, ContentGuard, and MPEG LA. Designing around patents is not impossible, but given the numerous patent claims granted to a variety of companies--including Microsoft--it may prove difficult to accomplish without introducing serious inefficiencies and/or without omitting important capabilities. Snippets:

Mike Weston's semi-rant on blue laser DVDs and related issues is worth a read. Snippets:

According to this article in CRN, the Intel version of Apple's Mac OS X has been hacked and can be run on virtually any  Intel-architecture machine. Snippets:

Various outlets including CNET have reported on the inclusion of a special security chip in a special X86-based PowerMac for Apple software developers that has to be present in order to load the Mac OS on an Intel-based machine. Snippets:

This TechWeb / Yahoo article summarizes recent responses to various DRM components of Microsoft's Vista (nee Longhorn) OS.  Snippets:

If piracy were to disappear tomorrow, would the price of software (and other digital goods) decline? This is the question noted by Gripe Line blogger Ed Foster.  Snippets: