6 Comments

Summary:

This week, we learned that the HDCP copy protection scheme is now essentially broken. HDCP’s failure is just one of many examples of copy protection technology not living up to its promises of security. Read on for five of the most glorious examples of DRM FAIL.

500995147_5f56493a1e_z

A copy protection scheme used in virtually all consumer HD video devices, from Blu-ray players to game consoles, was broken this week when someone leaked an essential secret key online. The High-Bandwidth Digital Content Protection (HDCP) protocol key found its way onto the Internet on Monday, and HDCP vendor Intel has since confirmed its authenticity.

It’s unlikely that this breach will have any immediate impact on either digital media sales or online piracy. However, the defeat of HDCP is yet another instance of supposedly unbreakable content protection schemes failing badly.

Still, people in the industry are holding onto the illusion that there will one day be a secure architecture for digital content, despite of plenty of evidence to the contrary.  We’ve compiled a list of five of the most glorious DRM failures over the years:

1. Macrovision. The original copy protection scheme was first deployed in 1984 on VHS tapes. Macrovision worked by adding invisible signals to the video recordings on commercially released VHS tapes, which would make it impossible to make copies of these tapes with a second DVD VHS recorder. Macrovision was later also added to DVD players, disabling the ability to record DVDs on VHS. Macrovision Was however easily defeated when tinkerers figured out ways to filter out those extra signals, leading to a brief boom of Macrovision filtering devices. Some DVD player manufacturers also allowed users to disable Macrovision through special codes.

Macrovision’s corporate entity is now called Rovi, and it’s increasingly focusing on delivering programming guides for CE devices. Its long-defeated technology, however, is still in use on virtually any DVD player.

2. CSS. The Content Scramble System was Hollywood’s attempt to lock down the DVD format and prevent end users from ripping and copying DVDs. It was cracked in 1999, when a number of unknown hackers disassembled a software DVD player to extract its encryption key. This crack eventually led to a tool called DeCSS. One of the people involved in the creation of DeCSS was Jon Lech Johansen, who found himself targeted by Norwegian law enforcement and Hollywood studios as a result. The case against Johansen was eventually dropped in 2004, and he went on to bring media playback tools to the Android world with his San Francisco-based company doubleTwist. CSS decryption tools now have found their ways into many DVD copying tools, but their sale is still illegal in the U.S.

3. SDMI. The Secure Digital Music Initiative tried to prevent music piracy through watermarking of audio tracks. The initiative was founded in 1998 and backed by some 200 music, technology and CE companies. However,it faced difficulties coming to market, partially because even within the industry, some doubted its effectiveness. These critics were supposed to be convinced with a contest launched in 2000 that asked security experts to “hack SDMI.”

Princeton professor Ed Felten took the initiative by its word, and cracked all but one proposed watermarking schemes. The Recording Industry Association of America (RIAA) went on to threaten Felten with a lawsuit when he tried to document his findings, but subequently backed down when Felten teamed up with the EFF. SDMI eventually dissolved in 2001.

4. BD+. The early defeat of DVD copy protection hasn’t stopped the industry from trying to lock down Blu-ray disks. In fact, the BD+ copy protection scheme is far more sophisticated than CSS, because it’s based on updateable keys. However, that hasn’t stopped skillful minds from cracking BD+, and rips of a number of Blu-ray movies have since appeared online. The industry has reacted to this by in turn updating BD+, but the cure turned out to be more like a poison: Dozens of Blu-ray titles have been rendered unplayable for owners of Samsung’s Blu-ray players, thanks to copy protection gone wrong.

5. HDCP. The High-Bandwidth Digital Content Protection protocol aims to protect video signals traveling from one device to another. For example, if you connect your Blu-ray player via HDMI with your TV, then all the video will be encrypted with HDCP. The idea behind this is to prevent people from recording the HD signal, just like the original Macrovision copy protection system tried to prevent recordings on VHS.

And just like with Macrovision, this has led to the emergence of HDCP filtering devices. Dongles that make it possible to play HDCP-protected streams on non-compliant devices have been available for a number of years, but the fact that HDCP is now completely broken could potentially enable rogue manufacturers to build more sophisticated DVRs or Blu-ray copying devices. Also possible: Interfaces like an HDMI USB adapter or an HDMI Firewire converter, allowing you to write encrypted video streams onto your hard drive and then decrypt them with the help of a future DeHDCP application.

However, all of this likely won’t change much for the average consumer. Copy protection, even if broken, tends to be around for decades, as Macrovision and CSS have proven. And we can be sure that the next fail-safe protection scheme is just around the corner…

Image courtesy of Flickr user subcircle.

Related content on GigaOm Pro: The Return of DRM (subscription required)

You’re subscribed! If you like, you can update your settings

  1. HDCP antipiracy leak opens doors for black boxes – CNET | MyGeist Friday, September 17, 2010

    [...] Key Crack Confirmed by IntelDailyTechHDCP cracked; opens door for DRM-free HD boxesDigitaltrends.comNewTeeVee -UberGizmo -FOXNewsall 63 news [...]

  2. Macrovision for VHS was considered a great success, as it virtually eliminated “casual” copying of VHS tapes. True, you could spend a hundred dollars or so to buy a hardware box to defeat it… But few did so.

  3. Excellent, informative and well-researched article Janko! Thank you.

  4. Good post. I’d agree with Michael, an approach that prevents 80-90% of pirating would probably be considered a big success.

    How does DECE factor into this history of failure? Was kind of expecting you to mention. Maybe fodder for a followup?

  5. what’s really annoying is when you go and buy the legit copy and it doesn’t work, so you have to go pirate it to get a working copy. though this usually only happens with software… especially games.

    i remember the old copy protected vhs tapes. the copies would go a little dark every now and then. though i couldn’t really tell the difference between that and the general poor quality of vhs recordings. so it didn’t stop me.

    they need to focus on copyright protection measures that will stop the casual pirates without breaking their product. they should also look at it as, rentals bring in more income than torrents. and if they’re product is gonna break because they’re trying to stop hackers than they’re gonna encourage more people to learn how to pirate.

    build your products for the people who are gonna buy them. not for the people who are gonna pirate it. the pirates aren’t gonna go buy it because you locked them out. they’re gonna put more effort into breaking in, or go find something else.

  6. Scientists Release HDCP Decryption Tool: Video « Thursday, September 30, 2010

    [...] Tweet Two Stony Brook University computer scientists have released the source code for an application that can be used to encrypt and decrypt HDCP-protected video signals in real time, delivering another blow to a content protection scheme that is used in virtually any new TV set, Blu-ray player and similar home entertainment equipment. The publication of the tool comes just two weeks after someone published HDCP’s master key online. [...]

Comments have been disabled for this post