Requirements for DRM in HTML5 are a secret


#21

Thanks for the explanation, which makes more sense than was I was imagining.

I still feel that they are fighting a fruitless battle here. At some point there have to be bits that tell a display device which pixels to put where and bits that tell an audio device which sound to make when (i.e., they need to give me the data unencrypted at some point). With the processing power we have today we could do all kinds of things with that information. I believe that my firewall does pretty much everything that needs to be done to record the data that is coming in, and if it doesn’t then a similar program could.

I feel confident that a dedicated pirate could simply run the OS that is running the browser in another shell OS and trick the browser into thinking it is outputting to a video card when it is really outputting to program that saves the output. For all I know this might be really easy or really hard, but the idea that it can’t be done seems implausible to me.

Alternatively:

In the end, they cannot defeat the fact that they need to communicate the content to us in a form we can actually understand.

All of which brings me back to my rant about murder. The more technical the knowledge required to pirate things, the more likely it becomes that the skill of pirating can be co-opted by dangerous people. In this case I don’t think organized crime has much chance of actually taking over video pirating since there seem to be plenty of people who are happy to do it for free, but seriously … seriously.


#22

Passively hook into your web cam (virtually everyone has one these days), do some simple image processing & make sure that there is NO camera pointing at the monitor. If true don’t play video


#23

Well, so much for HTML5. There’s no value in supporting “secret” specifications. If this crap doesn’t get sorted out properly, it’s time to boycott anyone who continues to use HTML5.


#24

I see what you did there :slight_smile:


#25

Really you should be boycotting those that are pushing to corrupt the standard, not the standard itself.


#26

Read my brainwaves directly from the part of my brain that processes video and audio and record the outputs of that!

Wait, here’s an even better one: While watching the movie I will describe it to my friends who will make a shot-by-shot reproduction of it in the movie studio in the next room!

I think the movie industry would make it illegal for me to think or talk about movies if they could.


#27

In the future you will be legally required to be accompanied by a lawyer when playing a game, watching a movie, chilling out to some tunes!

He will be cleared to use lethal force should you break the rules.


#28

It isn’t widely deployed (and so is not yet a practical threat); but the endgame on that one is ‘secure remote attestation’, another fine product of the Trusted Computing people…


#29

The whole “pirated DVDs finance terrorist groups” thing is a red herring. Terrorist groups get most of their funding from the big governments; they just don’t want to admit it. (Hey, big governments: don’t bother denying this; you have lost all credibility.)

With regard to decoding the video stream after it comes out of the HDCP decoder, sure, you could wire up an FPGA chip to the decoder chip in a generic LCD monitor and collect the video stream sent to the LCD driver chips, then reconstitute it as a raw RGB stream (HDMI minus the HDCP encryption). But that would be unethical, because it would deprive the shareholders of Disney et. al. of their rightfully-earned money for 100 year old movies.


#30

I have always assumed it was nonsense, but it strikes me as plausible nonsense. The only thing keeping it from being a reality is that there are people who are happy to break copy protections just for the challenge of breaking them. Even if “terrorists” wouldn’t really do this, organized crime surely would, and I don’t buy the big distinction.


#31

I agree that they are fighting a largely fruitless battle; but their dedication to doing so appears to be considerable. In the case of the situation you describe, meet the ‘Protected Media Path’. On Win Vista and later, playback of ‘premium content’ is contingent on all drivers with access to the goods being trusted and signed (with transmission between system elements, even on things like internal PCIe busses, encrypted), and so-called ‘Hardware Functionality Scan’, where the system probes edge cases of the behavior of devices in order to distinguish real ones from emulated or cloned ones. It’s a bit nuts, really. Microsoft’s early overview (from when Vista was still called ‘Longhorn’) lays the system out as well.


#32

Can I call them a mentat? And will they do math and store upcoming events for me? Because that might not be all bad.


#33

Like a passive aggressive PA.


#34

Right, which goes back to non-OSS. If the hardware was OSS, that wouldn’t work well. You need something in the hardware chain that isn’t user controllable.


#35

:slight_smile: if we lived in that world and I agree with you that would be ideal, then we really wouldn’t even be talking about DRM in the first place. That is a fair world.

However in any world there is always an attack surface.


#36

Lol I can see it now hardened terrorists, ripping and burning: Top Gun, Over the Top, Rambo, Red Dawn, Flash dance… If only it were true.


#37

I have not been involved in W3C recently but this is not a W3C standards effort:

http://www.w3.org/community/restrictedmedia/

The Restricted Media CG will discuss and analyze methods of restricting access to or use of Web media, and their implementation on the open Web.

This group will not publish specifications.

The conversation is really not very unusual. The Netflix guy was asked what the requirements were that would need to be met and he answered that he can’t say because it is confidential. That is perfectly normal. The information is not being shared in an inner circle. It is information that they might want that is not available.

What would be an abuse is if the WG made a decision based on confidential information.

As I pointed out in another forum recently. Telling people that something is technically impossible is terrible strategy. It invites people to think up ways to do the thing that you are trying to tell people not to do.

What I can’t figure out is why this would be a feature of HTML5 at all. It is the wrong place in the stack. It is logically a HTTP mechanism because it is essentially an access control restriction plus an undertaking not to perform redistribution.

Even with a TPM chip to lock the crypto keys to the platform, the undertaking not to redistribute cannot be cryptographically enforced unless the whole display engine is inside the trustworthy, attested partition. and that is simply not viable on a general purpose platform. The only way that is possible at the moment is on a platform like an iPad or iPhone where the whole device is locked.

This comes under the heading of ‘legalizing the whorehouse’. It is often better to have people do things in the open where the efforts can at least be observed to avoid unintended collateral damage than to force the effort underground where it becomes a public health hazard.

If people hadn’t taken a scorched earth policy to the TPM chips we could be putting them to good use preventing real world attacks on Internet security. They would certainly help us close down a lot of the NSA attacks. But they would not do very much for the requirement unique to Copyright restriction enforcement (CRE) which is to enforce restrictions on an authorized user.

Copyright restriction enforcement is actually an even stronger requirement than is necessary for Content Rights Management (CRM) schemes to provide data level security in an enterprise. to be effective for CRE a system has to resist attack by someone with physical access to the device and tools such as $1 million electron microscopes. And the content is distributed to millions of devices and it is crack once, crack anywhere. I don’t care about that level of attacker for CRM, or rather don’t care very much. Machines can be examined physically.

I’ll try to get round to a podcast explaining this stuff after I have finished the series on how to secure email end to end.

When these arguments were last raised only a few of us had an understanding of the scale of the NSA/PLA/GRU/IRG apparatus and the threats they pose. Now thanks to Snowden there is better understanding of the NSA threat at least (but most are ignorant of the threat from China, Russia, Iran, etc. etc.). Defeating the MPAA is not the only concern that should shape discussion of Internet security.


#39

I’m torn on this. DRM is generally evil, but without it the studios are just going to take their ball and go home (crying the whole time about evil pirates stealing their content online and spending gobs of money on attack lawyers instead of offering the content online in a reasonable fashion).

A perfectly open system is obviously a problem because DRM is inherently broken from a cryptographic standpoint. You have a situation where the authorized user is also the attacker.

Of course the other problem is that DRM is a defensive war that you must win every time. If even one guy is willing to go to extremes to hack it, the DRM is rendered useless. It’s also consumer hostile (see: secret web standards), and adds many unnecessary points of failure for regular users. The proper solution is DRM free online media, but try to convince the various media cartels of this.


#40

So the analogy is just that of the NSA. we must spy on you to protect you & save you even though in reality no such thing is true.

I don’t see why an open system is broken to be honest. Cryptography is still effective in an open system. It’s the work that a system does that is important, keeping your salts & private keys safe is paramount. Crypto can just be seen as an engine that achieves the desired result.

You are right however in that there are no water tight systems. Any system that is Turing complete can never be guaranteed to be sound or even bug free and therefore likely to be broken. This keeps on getting proved time again.


#41

I don’t know what ball they are taking or where their home is, but I have a hunch I would be happy with this outcome.

I also have a hunch that it won’t happen because they want their money, and their ball doesn’t make them any money when they are keeping it to themselves.