I recently sat down recently with Media Rights Technologies’ Ted Fitzgerald, CTO, Bianca Soros, COO, and Liz Crowell, Director of Business Development, to learn more about the company, its technologies, and people.
Here I want to focus on what MRT has accomplished to significantly increase the protection of audio—music, but any audio stream really—in WinTel PCs and Apple Macs.
Before getting to MRT’s accomplishments, let me set some context. Digital Rights Management is, in my view, the association of use rules with digital information of all kinds and the enforcement of those rules at a distance in time and space. Notice that this definition does not mention encryption or security. Encryption usually goes hand in hand with rights management because it helps ensure that the digital information can only be used in accordance with the associated rules.
Implementations of DRM also pay attention to the security of client-side software so that those with nefarious intent cannot compromise or circumvent the rules associated with content. A variety of techniques are used to enhance DRM security. For example, Intel, InterTrust, and others have disclosed various techniques for software obfuscation, which are applied to make it more difficult for hackers to accomplish two related goals. The first is to design and implement tools for breaking the security of the DRM components. The second is then to write an application that can be distributed through which the expertise of the hacker(s) is effectively transferred to the average or, with respect to security, the naïve or uninformed user.
Perfect security cannot and probably should not exist. There are a couple of reasons for this. First, as I suggested in my Goldilocks Consumer DRM blogicle, effective DRM and effective security must strike a balance between the interests of rightsholders and the ability of consumers to actually enjoy the music. Too much security and enjoyment is compromised. Too little security and the interests of media companies and musicians are compromised.
Second, PCs—hardware and software—are complex devices. There are many opportunities to attack the machine and the software running on it. For example, some DRM applications check to see if a software debugger is running in the background, and if so, may take steps to shut down the rendering (playing) of the music or other content.
But all such countermeasures have their limitations. One can create a hardware-based debugger that the DRM software will not detect and that, at least in principle, can be used to reverse engineer the DRM application and its security components.
So let’s agree that perfect security is not the goal. Good enough security will do just fine, especially if the DRM company has in place some sort of critical response team that will take action to patch or otherwise fix the security holes.
What’s all this got to do with MRT? According to Ted Fitzgerald, MRT’s SeCure X1 Recording Control technologies address a critical hole in the security story of most DRM-enabled music rendering applications. The hole is this: typically after verifying that the consumer requesting use of the music (or other audio) is authorized to do so, most DRM-enabled players decrypt the music and send it on its merry way to the output device(s): headsets, speakers, etc. The audio follows a somewhat complex “data path” through the computer. It may be stored unencrypted in main memory and in the output buffers on its way to being converted from digital to analog format, the latter being the format used by speakers, headphones, etc.
There are any number of applications around that will snarf the digital audio out of memory or out of buffers and then store the digital audio stream on disk. I happen to use Skado, but a quick visit to download.com will reveal any number of similar applications.
The rabbit that MRT has pulled out of the audio security hat is that by using a variety of techniques, they defeat audio snarfing. I tried it on my 1999 vintage Dell tower running Windows 2000 Pro, Windows MediaPlayer 9, Skado, and high quality streaming audio from MRT’s BlueBeat.com, their showcase for high quality music audio and their SeCure X1 Recording Control technologies. X1 worked as advertised. While Skadoo did record a portion of the audio stream, it was sooo bad—low quality, noise, stutter—that I could not listen for more than a few seconds. Painful, really.
Why is this important? Careful examination of net-based music distribution by media companies would suggest that there is a lot of residual nervousness that keeps them from authorizing distribution of the very highest quality music tracks. It’s a business decision. (Yes, I agree that AAC used by iTunes is better than MP3, but as near as I can tell, it isn’t CD quality and beyond.)
How is this different? Microsoft’s Secure Audio Path apparently accomplishes much the same thing for systems running Windows Millennium and Windows XP.
According to Ted Fitzgerald, one critical difference is that the MRT SeCure X1 Recording Control technologies have been implemented on both the WinTel PC architecture (Microsoft Windows 98 Second Edition, Millennium Edition, 2000, and XP) and on Apple MAC OSX. In addition, Microsoft’s SAP architecture requires that certain system components be authenticated and is not backwards compatible. SeCure X1 recording suppression technology does support the legacy Windows platforms listed on their web site and is in principle extensible to other platforms as well.
In addition to Microsoft’s SAP architecture, at least two other companies appear to have similar value propositions: DRMNetworks, which appears to rely totally on Microsoft’s SAP, and Xsides, which has a secure driver solution that apparently alters the data path.
NetNet: the MRT multiplatform countermeasures to prevent audio snarfing should be considered and evaluated by any company offering a DRM-enabled audio application or solution.
Nits: MRT has pulled a neat rabbit out of the proverbial security hat. However, the messaging on their web site does not call attention to major accomplishments regarding protecting streaming audio or to their DVD content protection technologies, about which I’ll have more to say in another installment.