Subject: Re: Thought crimes
From: "Jonathan S. Shapiro" <shap@eros-os.org>
Date: Wed, 27 Dec 2000 10:26:58 -0500

> Coming back to the original topic, I do not understand well the new
> scheme.  The article in the Register did not help me much.  I do not
> see either why a company like IBM should put its finger in such a
> touchy business.

I am also unclear about the details. I suspect that in the limit it is
unenforceable. Here are the things that concern me:

1. A user who has legitemate access to encrypted content will be unable to
copy that content to another device unless the second device also supports
the encryption standard. This means, for example, that you will have
difficulty upgrading.

2. The cryptographic keys must be held by either the player software or some
piece of hardware. If they are in software they can be easily stolen, so I
suspect hardware. If so, then attacks on the technology are restricted to
in-memory techniques, and a sufficiently secure OS could make them
impractical. There is evidence that several consumer device vendors have
awakened to a desire for secure OS's.

There is some relief in knowing that existing mechanisms of this kind are
incredibly weak. The major impediment appears to be strong anti-export
legislation in Japan for cryptography. The current export restrictions are
preventing the implementation of credible hardware embedded cryptography en
masse. Because many many players originate in Japan and all players must be
compatible, this is restricting the entire set top box business to 56 bit
crypto.

> What prevents me from grabing files as they
> come in my computer, and reencoding them so that the disk does not see
> they are protected files

I do not understand the mechanisms involved well enough to answer this
question, and I do not have time at the moment to track it down. I am not
convinced that normal files are stored in the clear at the disk level, but I
simply do not know one way or the other.


Jonathan