HDCP Master Key Leaked

If you’ve been reading or listening to me for any length of time, you will have some sense of how thrilled I am by this news. HDCP is the DRM scheme embedded into HDMI, the sole choice we have for most consume audio-video gear like Blu-ray players, surround sound receivers, and high definition televisions. I held out against buying an HD capable set because of HDCP and felt very badly when I finally caved.

As Cory at BoingBoing notes, now with this master key, device hackers and mere enthusiasts can cobble together their own media devices for format shifting, capturing and streaming. As always, I have to clarify that I do not condone or endorse commercial piracy but I do object strenuously to overbearing tools, like HDCP, that do not help ensure that artists get rewarded for their works and ultimately only frustrate and punish regular people who would like to make personal use copies within their own homes or households.

This news also continues the validation of the idea that new DRM system will ever be unbreakable. As Cory notes, for DRM to work, keys have to be shared. Each time a cryptographic key, usually a comparably small bit of data, is shared its security is diluted. In all cases so far, breaking of DRM has only been a matter of patience.

If you are curious to know more, Ars Technica has some more details on how HDCP works, came into existence, and may have been cracked.

HDCP master-key leaks, possible to make unrestricted Blu-Ray recorders, BoingBoing

feeds | grep links > Another Zombie Cookie Lawsuit, Airport Scanners Outside the Terminal,

feeds | grep links > RIAA Says DMCA Not Working (Hard Enough for Them), Jury Invalidates EFF’s Top Patent, Proposed Apple Spyware Goes Too Far, and More

  • Apple seeking to patent spyware and traitorware
    I have to agree with the incredulous tone in EFF’s analysis of Apple’s patent application. This goes well beyond anti-theft measures, none of the included techniques are worth it for a phone no matter how expensive or the risk of a breach of personal info. Simple encryption would be a more suitable solution for the latter and insuring the device if it is that important the former. I am really far more concerned about the potential privacy implications than Apple using this as some sort of spite based DRM to increase the pain of jail breaking a device despite it now being authorized under the DMCA section 2101 rulemaking.
  • Jury invalidates one of EFF’s “Most Wanted” patents
  • Google Marketplace DRM cracked
    As the Register explains, the break was relatively simple predicated on the ease of de-compiling Java bytecode. To be more specific, as they clarify if you read the article, the DRM itself actually has not be broken but the application code that uses the simple affirmative or negative response from the platform can be re-engineered to essentially ignore the secure check. Each app would then have to be broken in turn but the break would hold for all copies of the cracked version.
  • The RIAA may have hurt its own arguments against innocent infringement
  • RIAA pushing to eliminate DMCA safe harbors
    Mike Masnick at Techdirt does an excellent job digging out what might otherwise be a confusing claim made in the course of this story, that the RIAA doesn’t think the DMCA is working. Clearly, what they think is a failure is the small and flawed free speech safety valve of safe harbors from liability for ISPs. Their reasoning tends to the absurd, that because the trade association cannot monitor enough traffic to reach whatever its current goals are in curbing infringement through DMCA takedown requests, they think the law should be re-written to directly deputize ISPs to do their enforcement work for them.

feeds | grep links > Linux Foundation’s Compliance Program, Leaked Google Privacy Document, KDE 4.5, and More

Day two of my trip and the main event, the Cassandra Summit, was excellent. Jet lag and tromping around San Francisco on foot this evening have wiped me out. The hotel WiFi has also decided not to cooperate, slowing down and acting generally very flakey.

Tomorrow I’ll be in training all day and then catching the red eye home. Not sure if or when I’ll be able to blog, so if you don’t even seen a list of links, you’ll know why and I’ll be back Thursday.

feeds | grep links > Internet Kill Switch, Fair Use before DRM in Brazil, and More

Following Up for the Week Ending 6/20/2010

Nintendo Drawing Scrutiny for Its DRM

I saw this story yesterday and initially wasn’t going to comment. However, the more I considered it, the more I think this is worth calling out. At play here are not technical decisions and limitations, but rather business policies.

As John Mix Meyer at Wired explains, new models of Nintendo’s console are drawing to light limits surrounding the downloadable content of which many users have partaken. The inability to transfer downloaded games is an issue that owners of failed consoles had already encountered. It arises from tying of the downloads to a specific machine rather to a user account that would be de-coupled from any particular machine.

I seem to remember having to set up an account to buy credits which are necessary to expend on most downloads. As the article points out, the other two consoles do not suffer from this problem, allowing re-downloads to different consoles from the same account. The article does go on to explain that some owners have gotten titles transferred but with varying degrees of difficulty.

Regardless of the overall rate of success, there does appear to be an override and the issues described sound like they arise from policy, procedure or both.

While Nintendo says it is “looking into” allowing users to transfer games, Electronic Entertainment Design and Research analyst Jesse Divnich told Wired.com the company is working out the kinks in its digital distribution system. He expects the problem to be solved once Nintendo’s next-gen home console comes out.

As the owner of both a Wii and a DSi, I’ll add that lately Nintendo has been pushing hard in its newsletters on downloadable content. It seems a bit late in the game to work out these issues but hopefully they will avoid a disaster of Sony proportions when more folks opt to buy one of the newer model consoles or when the game maker eventually debuts their next generation console. I would go further and say a more proactive and consumer friendly response here would be a huge opportunity to earn a lot of customer goodwill when other consoles are repeatedly in the news, inspiring owner ire.

feeds | grep links > Flash DRM Version 2.0 and Mozilla Chief Departs

Slow news day for me. Partly I think it is because Diaspora is just now making the rounds and I already wrote about it a few days ago. Much of the rest of the items I found made their way into my bucket for follow up stories.

  • Adobe adds selective output control to Flash DRM
    I have no idea how widely used the previous version Flash Access was to try to gauge how likely typical users are to see this new version in action. In essence, as Chris Foreman at Ars Technica explains, it picks up all the worst ideas from HDTV and cable, allowing content providers to disable output through untrusted devices and selectively disable classes of output devicesaltogether.
  • Mozilla CEO is leaving
    The Register has a link to John Lilly’s own words on his departure. It really doesn’t look like there is anything to worry about here (though I wouldn’t mind hearing the same, confidentially if necessary) from a Mozilla insider. Sounds like his first love is startups and Mozilla no longer fits the bill. Good luck to John in his future endeavors and to Mozilla in finding a new chief lizard wrangler.

Following Up for the Week Ending 5/2/2010

feeds | grep links > Massive Gopher Torrent, Streaming DRM’s Ills, More Fennec on Android, and Suit Over Linux on PS3

  • All of gopher space as a single download
    Cory at Boing Boing has this bit of digital archiving. I was a bit surprised at the size of the data, given that gopher, a predecessor of the web, is only text. Still, making it available as a torrent makes a great deal of sense to help ensure this snapshot is preserved.
  • What’s wrong with streaming DRM
    Nina Paley follows up on her decision not to pursue Netflix streaming of “Sita” because of the non-optional DRM. Mostly she takes apart the received wisdom that streaming content cannot be saved on a receiving system, anyway, so DRM doesn’t change the analysis. She explains how this is dangerous and leads to a sort of technical illiteracy that allows DRM to burrow deeper into the systems we use.
  • More details on Fennec pre-alpha for Android
    Ryan Paul at Ars Technica has some more detail on the new build of Fennec now available for Android. In addition to his first hand observations in terms of its speed and usability, he digs a bit into the under the cover details. The build is a thin Java wrapper that uses JNI to thunk to native code. The Gecko rendering engine is used for much of the chrome as well as the web pages themselves. That may mean that the Android specific code is fairly small, easing my initial concerns about cost of maintaining the port.
  • Class action suit file against Sony for removing Linux from PS3
    According to the Thinq article to which Slashdot links, the claim is deceptive and unfair trade practices. There may also be another lawsuit coming on this same issue. Sony is trying to use its EULA as a defense so the suit could test the validity of clickwrap licenses, at least in the California district where it is being pursued.