Pushing the Impossible

Movie studios believe they can create the perfect copy protection system. But it
would be easier to go faster than the speed of light, says Cory Doctorow

”Go strap yourself in, I’m going to make the jump to light speed”

Ask a certain kind of security-minded geek about “copy protection”
technology and chances are they’ll tell you that it’s flat out impossible. They
might even avow it with the same certainty that physicists employ when they say
you can’t travel faster than the speed of light.

That level of certainty can be a little daunting, especially since our intuition
tells us something different. We can imagine accelerating and accelerating and
accelerating until our speed exceeds 299,792,458 m/s – hey, just rev the old
spaceship up to 299,792,457 m/s, open up the throttle a little and voila we’ve
just proven generations of physicists wrong.

The thing is that when they say that you can””t travel faster than the speed of
light, they””re talking about the fundamental principles of physics: it””s
impossible to get beyond lightspeed, even if science fiction movies help us
conceptualise it.

In the same way, we can imagine building progressively better software locks for
movies, music, ebooks, and software until we hit on one that even the wiliest
hacker can””t defeat. But, just like the physicists, the geeks who say that DRM
can never reach this point are speaking about fundamental principles of
information science. It””s impossible to get that far.
To understand this, you need to understand a little bit about cryptography – the
mathematics of scrambling and descrambling information.

Modern industrial cryptography consists of three crucial components: first, a
“cipher” – a system for scrambling messages. These are always public and never
secret or proprietary. Banks, spies, retailers, child pornographers and your web
browser all use the same basic set of ciphers. That””s because the only way to
prove that a cipher works is to expose it to public scrutiny and see if any
clever bastard can spot a flaw in it.

It””s a little counterintuitive to think of full disclosure as a prerequisite for
security, but it is a basic tenet of cryptography – and it has been so ever
since Alan Turing and the lads at Bletchley Park broke the Nazi ciphers and
spent the rest of the war reading Hitler””s secret dispatches and snickering to
themselves.
Second, there is a “ciphertext” – a blob of data that has been encrypted with
the cipher.

Finally, and crucially, there””s the “key”. This is a very small piece of
information – usually less than 1000 characters – that is kept secret from all
but the legitimate senders and receivers of the information. The key is the
secret bit of information that the cipher uses to unscramble the ciphertext.
As a system, it works brilliantly. You can download an email privacy program
that uses standard, public encryption algorithms to scramble your email so that
only its intended recipients can read them. You know that messages can only be
read by the authorised sender and the authorised receiver because you are the
only ones who know have the key.

It””s great for email, but it can never work for movies, TV shows or music,
because in the case of “copy protection” the receiver is also the person that
the system is meant to guard itself against.
Say I sell you an encrypted DVD: the encryption on the DVD is supposed to stop
you (the DVD””s owner) from copying it. In order to do that, it tries to stop you
from decrypting the DVD.

Except it has to let you decrypt the DVD some of the time. If you can””t decrypt
the DVD, you can””t watch it. If you can””t watch it, you won””t buy it. So your
DVD player is entrusted with the keys necessary to decrypt the DVD, and the
film””s creator must trust that your DVD player is so well-designed that no one
will ever be able to work out the key.

This is a fool””s errand. Because the DVD player has the key, it””s always
possible that it can be extracted by academics, hardened hackers – or just kids
who are in it for the glory.

One hacker known as Muslix64 got the keys to the HD-DVD system he owned. Then he
did the same trick again with a Blu-Ray player – this time without ever being in
the same room as it. He just had a mate email him the contents of the computer””s
memory, captured while it was playing a Blu-ray disc. Muslix64 reasoned that if
the computer was unscrambling the Blu-ray disc, it must have the key in its
memory somewhere. He did a quick search of the file and hey presto, Blu-ray was
broken.

And the thing is that if a DRM is broken once, it””s useless. The breaker can put
his copy of the movie, music, ebook, or software online on a peer to peer
network or fileserver, and from there anybody can “break” the copy protection
simply by downloading a copy. It””s a one-shot deal.
DRM is supposed to force those unwilling to pay into buying, rather than
nicking, their media – but once the cheapskates can search for a cracked copy on
Google, it is meaningless.
This means that ultimately, DRM only affects people who buy media honestly,
rather those who nick, borrow or cheat their way to it. In turn that means that
the people who ultimately bear the inconvenience, cost and insult of DRM are the
paying customers, not the pirates.
There are some fundamental truths in the universe. We cannot travel faster than
light, and we cannot make a copy protection system that is uncrackable.
The only question is: how long will paying customers stay when the companies
they””re buying from treat them as attackers?

Cory Doctorow is an activist, science fiction author and co-editor of the blog
Boing Boing.

Cory Doctorow
Guardian Unlimited Tuesday September 4 2007

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: