I had the pleasure of attending a fascinating tutorial on "hardware hacking" at yesterday's O'Reilly Emerging Technology Conference. The presentation calls into question the premises behind the "compliance and robustness" rules that form the ubiquitous backdrop for all of the content protection schemes under consideration at ARDG (as well as the broadcast flag and DVDs).
In both the broadcast flag and ARDG contexts, there has been wrangling about just how "robust" a compliant product must be against "tampering" (i.e., modification by users). The standard proposed by the MPAA in Section X.17 of their proposed broadcast flag mandate is that content protection systems should be implemented so that they cannot be defeated by using general purpose tools widely available at a reasonable price.
According to presenter Andrew "Bunnie" Huang, achieving this level of security in mass-market hardware devices is very difficult, if not impossible. Hobbyist hardware hackers have an impressive array of general purpose, low-cost tools at their disposal. Consequently, staying "robust" against low-cost tools requires, at a minimum, that all cryptographic secrets (and all code or data from which they could be derived) must be kept inside custom-designed chips, or any bus across which such data could travel must be encrypted. If a secret is available in the clear on any pin or trace on a circuit board, it can be extracted using general purpose tools for, in Bunnie's words, "much, much less than $1000, often less than $100, and frequently for free."
So just how much unnecessary cost is "robustness" going to add to consumer products? Quite a bit, if "robust" means immune from hobbyist hardware hacking.
EFF has proposed the addition of a new CPTWG co-chair to represent the views of public interest and consumer groups.
CPTWG (the parent organization for the ARDG) is administered by three co-chairmen, one each to represent the consumer electronics (CE), information technology(IT), and motion picture industries. Decisions regarding the organization and procedures of CPTWG are made by these co-chairs, as most recently illustrated at the April 10, 2003 meeting of CPTWG, when the three co-chairs unanimously rejected a proposal by public interest and consumer groups to permit members of the press at meetings of the ARDG.
The events of the April 10 meeting make it clear that public interest and consumer groups are not adequately represented in CPTWG or its subgroups. Public interest and consumer groups have been participating in the CPTWG process on a regular basis for over a year, and anticipate being actively engaged in the future.
The issues discussed at CPTWG meetings are of critical importance to consumers and the public at large. It is literally the future of consumer media devices that is being negotiated at these events. Unfortunately, the ability of the public to engage in the debate is hampered by the expense of attending these meetings, their technical nature, and the exclusion of the press.
In light of these limitations, it is particularly important that groups representing consumers and the public interest be afforded the ability fully to participate and contribute to the CPTWG process. Having equal representation in CPTWG decision making is one aspect of fulfilling that goal.
The co-chairs indicated that the EFF proposal will be addressed at a future meeting of CPTWG.
The work of the ARDG is to develop a fix for the "analog hole" -- the fact that anything that emerges from an analog output can easily be redigitized. Technologists would see this as an opportunity for innovation, not a "problem": that which was once analog becomes digital, and infinitely more useful in the process.
The MPAA sees things differently. In their view, since all digital outputs will be hobbled by "content protection" technology, we must plug the "analog hole" to somehow make sure that the analog output stays at least as hobbled as the digital. The MPAA newspeak term for this is "Equivalence".
The MPAA recognizes that the original digital file's DRM may be capable of expressing complex rights and permissions -- things like, "allow copying within the home," or "allow retransmission for 30 days" -- that will be impossible to express in the crude "Me Tarzan/You Jane" pidgin of analog watermarks.
In an effort to address this inevitable "equivalence gap," Hunt's presentation set out the minimum set of "states" that the MPAA demands in any analog signaling (read: watermarking) system. They are:
Furthermore, if a device "re-digitized" analog content that showed any of the above states (except the last), it would be required to encrypt the content. [It went without saying that all devices would have to be "tamper-resistant," as well.]
These "states" are familiar to old DRM hands, as they mirror states currently supported by the "5C" family of content protection systems, which include DTCP (1.3MB PDF). The question of redistribution control also came up, with Brad initially suggesting that redistribution is implicitly forbidden for all states, except the last. Under fire, he backed down, suggesting that the issue of redistribution control was open to further negotiation.
Two things stood out about Brad's presentation.
First, I was struck by the MPAA's view, bluntly expressed by Brad, that the role for analog outputs was to support "legacy" equipment. Apparently, all future innovation will have to rely on the DRM-hobbled digital outputs. This is a major change from the status quo that has given us innovations like the VCR, where analog outputs not only supported legacy devices, but were generally available to support innovative products not yet imagined.
If you think analog is only good for supporting legacy devices, then your view of the "analog hole problem" is likely to be very different from someone who thinks of analog outputs as an innovation opportunity.
Second, it is clear that a huge fight is brewing on the "rounding" problem. On the one hand, Brad has repeatedly emphasized the importance of "equivalence" (i.e., that analog be hobbled so that it's no more capable than DRM-protected digital outputs). On the other hand, Brad admits that analog watermarks will not be able to express the "full richness" of DRM states expressed in digital content.
Hence, the "rounding" problem: where analog signaling systems can't adequately express a digital DRM state, do you "round down" to a more permissive analog state, or do you "round up" to a more restrictive analog state? So, for example, if a new digital DRM-system supports "copy once, but keep for only 14 days," how does that get expressed at the analog output? Does it become "Copy Never" (rounded up) or "Copy Once" (rounded down)?
If you round up, then you've made analog artificially unattractive, by making it more restrictive than the digital outputs. If you round down, you have the same problem in reverse. You have to choose, there is no "neutral" alternative.
I know where I come down. Stay tuned to find out where the CE and IT industries come out.
At the April 10 meeting of CPTWG, after a brief debate, the three co-chairs of the group (one each representing the motion picture, consumer electronics and information technology industries) unanimously rejected a request by EFF, Public Knowledge, Consumers Union and DigitalConsumer.org that members of the press be permitted to attend the otherwise public meetings of the ARDG.
EFF then proposed that the three co-chairs be supplemented by the addition of a fourth co-chair, representing the views of public interest and consumer groups. The co-chairs indicated that they would consider the request at a future meeting.
The ARDG is a sub-group of the CPTWG and is governed by its press policies. CPTWG has long had a policy of excluding members of the press, while simultaneously representing their meetings as open to the public. The official press policy was recently codified and posted to the CPTWG website after The National Journal wrote a letter to the co-chairs protesting the CPTWG policy.
EFF, Public Knowledge, Consumers Union, and DigitalConsumer.org had asked the co-chairs to reconsider their policy, at least as applied to the ARDG, in light of the importance to consumers and the public of the technical issues being discussed by the group. The Center for Democracy and Technology also spoke in favor of allowing press to attend.