Mar 12 Podcast #416: Cryptography, DRM and You
We talk about DRM quite often. Technically it stands for Digital Rights Management, but we did have a listener recommend we try to change that to Digitally Restricted Media. The point of DRM is to protect digital media files from piracy. The actual result of DRM is a lot of frustration for those who just want to watch movies and listen to music.
Listen to the show
Today's Show:
News:
- Panasonic To Reportedly Launch 3D TV In The U.S. Next Week Partnering Best Buy
- Sony to start selling 3-D TVs in June
- Panasonic sued over plasma TV picture quality
- SONY Signs all Major US Studios for HD Movies on PlayStation Network
- Monoprice Not Taking New Orders During Fraud Investigation
Other:
- www.nerdfitness.com: a personal trainer and a genuine nerd
- studiotamer.com: Photography studio equipment at affordable prices.
- Universal remote accessories for the iPhone and iPod Touch:
- Rē Remote: http://www.newkinetix.com/
- L5 Remote: http://l5remote.com/
- RedEye Remote: https://thinkflood.com/products/redeye/what-is-redeye/
- Skip DVD Intros with simple remote trick
Its our five year anniversary and you get the prizes!
To enter simply follow us on Twitter. Follow Ara at hdtvpodcast and follow Braden at BradenRussell We'll select winners at random and announce them on our April 2nd show. Here is what you can win:
- Audioengine 5 (A5) Premium Powered Bookshelf Speakers.
- INSTEON Home Theater Lighting Control Kit
- The RedEye Remote Control System
- Aperion Home Audio Link™ System
- Calibrated Measurement Microphone from Cross-Spectrum
Open to residents of continental US only
Cryptography, DRM and You
We talk about DRM quite often. Technically it stands for Digital Rights Management, but we did have a listener recommend we try to change that to Digitally Restricted Media. The point of DRM is to protect digital media files from piracy. The actual result of DRM is a lot of frustration for those who just want to watch movies and listen to music.
We recently read about a vulnerability discovered in OpenSSL that could have an impact on DRM in consumer electronics. OpenSSL is a freely available software package used in countless different products to protect sensitive information, which could include movies and songs that the content owners don't want to have freely available on the Internet.
Before we get into the actual vulnerability, the flaw in the OpenSSL software, we need to provide a little background on Cryptography and how it applies to DRM. We've talked about how plasma TVs and LCD TVs work in the past. So along those lines, we're going to get a little geeky on how DRM works.
What is Cryptography?
So in a nutshell, cryptography is a big umbrella that describes many different ways to protect information or keep a secret. Remember Ralphie's decoder ring in A Christmas Story? Yep, that was cryptography. The secret there was the phrase "Be sure to drink your Ovaltine." The secret in DRM is the actual audio or video file that is useless unless you know how to decode it so you can play it back.
Keys
Imagine cryptography as a box. You have to have a key to lock something inside the box so you can keep it secret. You also need a key to open the box to reveal the secret. There are two ways to do this. With symmetric key cryptography, you use the same key to lock and unlock the box. With asymmetric cryptography, one key can lock the box, but a different one must be used to unlock it.
Asymmetric key algorithms are more secure. Everyone keeps their 'private' key safe, and provides only their 'public' key to the world. If I want to send you a message, I can lock it with your public key because I know that you're the only one who can open it, because you're the only one with your private key. These algorithms are more secure, but they also require a lot more processing power, making them less than ideal for audio and video playback.
When you're playing an audio or video file, you have to decode it quickly so that you don't get any stuttering or delays in the content. Symmetric key algorithms require less processing horsepower. That's why the DRM scheme chosen for Blu-ray, called Advanced Access Content System (AACS), chose a symmetric encryption algorithm (they use AES, Advanced Encryption Standard).
You can pretty quickly realize that it's not the encryption or the algorithm or any of that stuff that really matters. What really matters is protecting your keys. If a key gets published on the Internet, anyone can use it to decrypt any Blu-ray movie and essentially post DRM-free copies of full quality content. Without getting into too much detail, AACS has a way to create unique keys for devices that can be turned off if they're compromised, but that still doesn't solve the problem.
The Vulnerability
So what exactly was this vulnerability in OpenSSL? When you hear it, you may get a little chuckle. Evidently scientists from the University of Michigan found a way to read tiny pieces of a private key by injecting slight fluctuations in a device's power supply as it was processing encrypted messages. It took a little over 100 hours, but eventually they were able to get the entire 1024-bit key.
This may not really impact you all that much, if you see a bunch of people around your Blu-ray player with lasers and a rack of servers, ask them politely to leave. And, to be honest, it isn't even the easiest way to crack Blu-ray. The tried an true method is to use a software based Blu-ray player on any computer and simply examine what's in memory while the player is running. At some point the software player will need to put the key in memory to use it, and you can grab it.
But what it shows is that no matter what you do to protect your digital content, someone with enough determination can find a way to break it. In this case an $80 Blu-ray player and a little over 4 days of Jolt cola and power fluctuations cracks every Blu-ray disc on the market. So even if you push Blu-ray decryption to hardware on a PC, it can still be cracked.
Why does it matter?
So the real question is, why does any of this matter to any of us? Bottom line, those of us who follow the rules don't spend 4 days shining a laser on our Blu-ray player so we can crack it and distribute pirated movies. Those who don't care about the legalities of content protection are going to do it no matter what the rules say.
So piracy still happens, DRM or not, there will always be pirated copies of movies and music available on the Internet. But for those of us who don't pirate content, we get the shaft trying to figure out why the movie we just bought won't play on our laptop or the TV show we just bought won't stream to our media center extender.
The only people who get punished are the ones who follow the rules. We think DRM should simply be a thing of the past. If content owners want to charge for content, provide a service worth charging for. Make it super easy to find what we want. Make the downloads or streams incredibly reliable. Make the service something worth coming back to. It worked for iTunes. Despite every song available there being available for free elsewhere on the Internet, people still buy songs from iTunes.
Abolish DRM, free the content, stop punishing everybody for the transgressions of a few. Besides, you aren't even stopping those few, so what's the point?
Reader Comments (8)
Thanks for the pointer to the Monoprice debacle. Sadly, i used them a couple weeks ago for the first time and my card was one of those compromised. My credit card company called to ask me if i had spent $700 at CompUSA and $600 at Lenovo (which i hadn't). They have closed my account and issued a new card.
I am very happy with the cables but not happy with having a compromised credit card.
-Justin
Hey Guys!
I appreciate the discussion on DRM. I actually just ran into a major hassle with DRM. I'm somewhat of an anti-Apple person, so decided to check out the new Microsoft Zune HD. However, the DRM used on Digital Copies for all of my blu-ray movies is not compatible with the player. I bought the movie, I bought an HD portable media device, and yet the DRM is causing complications... I understand the need for studios to protect their investment, but the entire system needs to either be removed or given a major facelift!
James
Simpsonville, SC
No Zino HD review? Is it still going to happen? Or did I just not find it?
Hi Peter,
We have a few other things in the queue before the Zino. Next up is a review of the ZVOX 575. The Zino will be coming shortly after that. We also have the SONOS S5s in house as well. And some TVs too. Maybe we should go to a daily show?
Ara
I guess this answers my question of how my card was compromised. The thief (thieves) purchased something off steam (online gaming) and I'm guessing they're not aware of steam's policy of disabling accounts that uses stolen cards. This probably won't drive me away from buying from monoprice as this sort of thing can happen anywhere (think of restaurants where you give your card to the server who disappears to the back with it). Unauthorized charges are protected. It's just a minor inconvenience to cancel the card and get another one sent out.
I can't believe you left Chuck off of the shows you are watching. I found out about that show from this podcast and now listen to the Chuck podcast as well. I was able to catch up and see all of the previous episodes of Chuck.
I left 24 a couple of seasons ago.
If you need stuff to watch, you might want to look at some of these:
Bones
Mentalist
Big Bang Theory
NCIS
The Forgotten
Supernatural
They are some of the season passes I have on my TiVo.
I had fraud on one of my Credit Card accounts two weeks ago. Someone attempted two transactions in the $1K range at Target.com and one smaller one at U-Haul that initially went through. The Target.com were rejected and I think the u-haul was reversed. I ordered from MonoPrice twice in October. I am not sure if they are related. My card company replaced the cards. Fortunately there wasn't any fraud for them to pay
Bit torrent isn't that hard and it is sometimes easier to get a torrent of a movie or music that you have than it is to rip it. I am not sure of the legality. From what I understand, if you have a DVD in your library, it is illegal to defeat the DRM, even for fair use. By downloading the content, you are not taking something that you haven't already paid for; nor are you defeating the DRM. I think it may be more legal to get a torrent of a dvd than to use AnyDVD to rip it and put it on your server.
Ara,
Thanks for the update on the Zino HD test plans. I am thinking of getting one. CNET said it had some problems playing back HD TV show recordings but other reviewers said it works great. I feel you will know what to look for so I am looking forward to your review. I want to use it to record over the air HD TV shows.
I agree the DRM is more of a pain than it is helpful. When you just want to use your existing media with emerging technologies.
One bit I guess I don't understand is why you would pay $1.99 per episode on iTunes for a tv show?
Not long ago we'd just record shows we wanted to watch when we weren't home with a vcr from the over-the-air broadcast. So why couldn't you do the same with a DVR. Or is recording a season of say The Office onto a DVR or vcr from cable or over-the-air broadcast now considered wrong?