IP: IBM&Intel push copy protection into ordinary disk drives

[Dave Farber <farber@cis.upenn.edu>]

>To: cryptography@c2.net, gnu@toad.com
>Subject: IBM&Intel push copy protection into ordinary disk drives
>Date: Thu, 21 Dec 2000 13:16:03 -0800
>From: John Gilmore <gnu@toad.com>
>
>The Register has broken a story of the latest tragedy of copyright
>mania in the computer industry.  Intel and IBM have invented and are
>pushing a change to the standard spec for PC hard drives that would
>make each one enforce "copy protection" on the data stored on the hard
>drive.  You wouldn't be able to copy data from your own hard drive to
>another drive, or back it up, without permission from some third
>party.  Every drive would have a unique ID and unique keys, and would
>encrypt the data it stores -- not to protect YOU, the drive's owner,
>but to protect unnamed third parties AGAINST you.
>
>The same guy who leads the DVD Copy Control Association is heading the
>organization that licenses this new technology -- John Hoy.  He's a
>front-man for the movie and record companies, and a leading figure in
>the California DVD lawsuit.  These people are lunatics, who would
>destroy the future of free expression and technological development,
>so they could sit in easy chairs at the top of the smoking ruins and
>light their cigars off 'em.
>
>The folks at Intel and IBM who are letting themselves be led by the
>nose are even crazier.  They've piled fortunes on fortunes by building
>machines that are better and better at copying and communicating
>WHATEVER collections of raw bits their customers desire to copy.  Now
>for some completely unfathomable reason, they're actively destroying
>that working business model.  Instead they're building in circuitry
>that gives third parties enforceable veto power over which bits their
>customers can send where.  (This disk drive stuff is just the tip of
>the iceberg; they're doing the same thing with LCD monitors, flash
>memory, digital cable interfaces, BIOSes, and the OS.  Next week we'll
>probably hear of some new industry-wide copy protection spec, perhaps
>for network interface cards or DRAMs.)  I don't know whether the movie
>moguls are holding compromising photos of Intel and IBM executives
>over their heads, or whether they have simply lost their minds.  The
>only way they can succeed in imposing this on the buyers in the
>computer market is if those buyers have no honest vendors to turn to.
>Or if those buyers honestly don't know what they are being sold.
>
>So spread the word.  No copy protection should exist ANYWHERE in
>generic computer hardware!  It's up to the BUYER to determine what to
>use their product for.  It's not up to the vendors of generic
>hardware, and certainly not up to a record company that's shadily
>influencing those vendors in back-room meetings.  Demand a policy
>declaration from your vendor that they will build only open hardware,
>not covertly controlled hardware.  Use your purchasing dollars to
>enforce that policy.
>
>Our business should go to the honest vendors, who'll sell you a drive
>and an OS and a motherboard and a CPU and a monitor that YOU, the
>buyer, can determine what is a valid use of.  Don't send your money
>to Intel or IBM or Sony.  Give your money to the vendors who'll sell
>you a product that YOU control.
>
>         John
>
>   http://www.theregister.co.uk/content/2/15620.html
>
>   Stealth plan puts copy protection into every hard drive
>
>Hastening a rapid demise for the free copying of digital media, the next
>generation of hard disks is likely to come with copyright protection
>countermeasures built in.
>
>Technical committees of NCTIS, the ANSI-blessed standards body, have been
>discussing the incorporation of content protection currently used for
>removable media into industry-standard ATA drives, using proprietary
>technology originating from the 4C Entity. They're the people who brought
>you CSS2: IBM, Toshiba Intel and Matsushita.
>
>The scheme envisaged brands each drive with a unique identifier at
>manufacturing time.
>
>The proposals are already at an advanced stage: three drafts have already
>been discussed for incorporating CPRM (Content Protection for Recordable
>Media) into the ATA specification by the NCTIS T.13 committee. The
>committee next meets in February. If, as expected, the CPRM extensions
>become part of the ATA specification, copyright protection will be in every
>industry-standard hard disk by next summer, according to IBM.
>
>However, what's likely to create a firestorm of industry protest is that
>the proposed mechanism introduces problems to moving data between compliant
>and non-compliant hard drives. Modifications to existing backup programs,
>imaging software, RAID arrays and logical volume managers will be required
>to cope with the new drives, The Register has discovered.
>
>The ramifications are enormous. Although the benefit to producers is great
>- - bringing the holy grail of secure content one step closer - the costs to
>consumers will be significant. For example, corporate IT departments will
>be unable to mix compliant and non-compliant ATA drives as they try to
>enforce uniform back up policies, we've discovered. Restoring personal
>backups to a different physical drive - a common enough occurrence when a
>disk has failed - will require authentication with a central server.
>Imaging software used by OEMs and large corporates to distribute
>one-to-many disk images will also need to be modified.
>
>And the move casts a shadow over some of the hottest emerging business
>models: the network attached storage industry, which relies on virtualising
>media pools, the digital video recorder market currently led by TiVo and
>Replay, and the nascent peer-to-peer model all face technical disruption.
>
><B>How it works</B>
>Today, CPRM is implemented on DVD and removable SD disks. But the SCSI and
>ATA/ATAPI proposals incorporate an extension of the scheme to allow the
>encryption to be used on hard drives, in addition to removable drives and
>ATAPI devices such as CD-ROMs and DVD drives.
>
>The proposal makes use of around a megabyte of read-only storage on each
>hard drive that isn't usually accessed by the end user for a "Media Key
>Block". According to research scientist Jeffrey Lotspiech of IBM's Almaden
>Research Lab, this is a matrix of 16 columns and some 3000 rows. A static
>"Media Unique Key" in a separate, hidden area of the drive, identifies the
>individual drive. Making use of broadcast encryption and one way key
>algorithms, would-be hackers face a daunting number of keys to break. CPRM
>adds new commands into the ATA specification.
>
>But because the system makes use of the physical location on the device of
>the encrypted item, software designed for non-compliant drives will break
>in some circumstance when encrypted data files are moved.
>
>"It requires both drives to be compliant when data is to move from one disk
>to another," says Lotspiech. "And a compliant application to get all that
>data to the new drive".
>
>So a hard drive containing small individual containing non-copyable files
>of say, Gartner reports, will essentially be unrestorable using existing
>backup programs.
>
>Similar problems arise with RAID arrays using IDE disks, acknowledges IBM.
>"This may help IT managers when auditing for copyright compliance,"
>suggests IBM spokesman Mike Ross.
>
>However the decision to make an organisation CPRM compliant. Free copying
>is no longer an option:-
>
>"It's not up to us to determine or guess what the content provider might
>permit," says Ross. "Nothing will handcuff proper backup and restoring
>provided the content provider permits it. Some may not permit it - but what
>will the customers reaction be then?"
>
>Well, quite. Clearly key management becomes an urgent priority when
>CPRM-aware drives are introduced next year, as CPRM-aware content will
>surely follow. The decision to go with CPRM in an organisation is also an
>all or nothing proposition - it can't be introduced gradually.
>
>But for home users, the party's over. CRPM paves the way for CPRM-compliant
>audio CDs, and the free exchange of digital recordings will be limited to
>non-CPRM media.
>
>The Register understands there is fierce opposition to the plan from
>Microsoft and its OEM customers. Generating hundreds of thousands of images
>each week, the PC industry relies on data going from one master to many
>reliably and smoothly.  Imaging programs face the same problem as restore
>software: the target disk isn't the same as the originator disk. Microsoft
>Redmond already has put in a counter-proposal that eschews low-level
>hardware calls.
>
><B>Where were you when they copy-protected the hardware, Daddy?</b>
>
>The intellectual property is owned by the 4C Entity, and administered by
>License Management International, LLC - a limited liability company based
>in Morgan Hill, California. Company founder John Hoy told The
>Register that "LMI,LC holds no intellectual property. Entities are
>granted a master license."
>
>Per-device royalties are payable to LLI,LC. License fees of between 2c and
>17c have been mooted for each device, according to documents circulated to
>the T.13 group. 5c is the current rate for a DVD device.
>
>Three possible paths lie ahead. CPRM may be bounced out of the T.x
>committees. Or manufacturers may choose not to implement it, and opt for an
>incomplete ATA or SCSI specification. This is deemed unlikely. Or thirdly,
>manufacturers may choose to implement the new command set, but not activate
>it.
>
>Although it hardly has a prominent media profile - yet - CPRM in hardware
>is the most comprehensive mechanism for enforcing rights protection the
>industry has seen, and is likely to be viewed by content producers as a
>magic bullet. Its progress depends on whether its proponents can overcome
>industry and consumer opposition. Which might be brewing right about ...
>now.
>
>--- end forwarded text



For archives see: http://www.interesting-people.org/