EU Encouraging Standardized DRM, Licensing

I Don't Believe in Imaginary Property writes "The European Commission is trying to encourage a standard licensing and DRM scheme for all of Europe, as well as 'cooperation procedures' and 'codes of conduct' for ISPs, copyright holders, and customers. No legislation has been proposed yet, but the 'cooperation procedures' sound like a push for an EU version of the DMCA Takedown Notices, which are already routinely sent to people outside the US. While simplified licensing might be nice, it's interesting that they don't appear to understand the inherent tension between standardization, interoperability and DRM — break once, copy everywhere."

Hm...

[rxmd (205533)]

they don't appear to understand the inherent tension between standardization, interoperability and DRM break once, copy everywhere.

Well to be honest that sounds like a good thing. If the industry is forced to do their DRM in an interoperable way it will be better than the present situation where DRMed content is practically not interoperable at all. And if the industry is forced to get their act together and actually do it right, because if they implement some kind of half-assed scheme that gets broken everywhere at once and forever, it doesn't sound too bad either. So maybe they do understand it.

I'm not a friend of DRM, but it's likely to stay around for a while, and in that case I'd rather have it implemented well than what we see at present.

Re:Hm...

[QuantumG (50515)]

And if the industry is forced to get their act together and actually do it right,

Do DRM right. Do something that is information theory impossible, but do it right. Yes. I'll just get my magic pixie dust now. This time we'll sprinkle it *right*.

Re:

[19061969 (939279)]

Remember to sprinkle it on the night of a full moon on a spot where a murderer was hanged.

You will also need a hair from the head of a virgin. Maybe that is why it's taking so long to get right? They should try /. - there are lots here.

Re:

[Drinking Bleach (975757)]

Doing DRM right would be cutting off the viewer/listeners eyes, ears, fingers, and anything else that could potentially copy the information, no matter how tedious.

Re:Hm...

[somersault (912633)]

You are a moron. If someone can listen to it, then they can also place a microphone next to it and record it. Sure the quality will be slightly degraded, but if it's done in a soundproof room in the middle of the countryside then it will be pretty decent quality. It's called the analog hole. I'm not a cracker so I'm not sure about the hardware side of things, but it's funny how modchip makers and crackers keep being able to crack supposedly uncrackable hardware too, huh? You don't know what you're talking about with your 'tamper-proof' hardware, unless you're talking about rigging every unit with C4. I can just see it now "WARRANTY VOID IF SEAL BROKEN (oh and your living room may end up rather void too)"

Re:Hm...

[bzipitidoo (647217)]

That's what baffles me too. Why can't these people understand that DRM cannot work? When 16 year old kids can break their schemes, you'd think that would be a strong hint that their schemes are hopelessly weak. But they don't take it that way, they only see that that one scheme wasn't strong enough, and delude themselves that it's still possible, and waste lots of effort trying again. They sort of half-assed understand that none of their schemes can hope to work, that's why they try to pass laws that make it illegal for DRM to be bypassed. If DRM actually worked, those laws wouldn't be necessary. Too bad they don't really understand, or they wouldn't waste money trying to create DRM systems, and bribing lawmakers to pass these stupid laws.

It's one thing for the ignorant to push these DRM schemes. But MS ought to know better. Their refusal to understand is criminally stupid. Vista is exhibit A there. Now the DRM proponents are engaged in the grandest attempt yet. They're going to try to control the users' devices from end to end. Vista was just the first shot. Unfortunately for Vista, it has to run on a PC, and that provides but one of many ways to bypass it. Next try might well be a "Trusted Computing" PC, which I expect no one will buy. TC was supposed to protect users from malicious software. TC wasn't supposed to be perverted to serve malicious DRM software at the expense of its users. And it doesn't stop with enforcing their "rights", the controllers start to want to use DRM to just plain gouge their customers, because they can. Double bonus when there's a technical problem that strips users of their privileges. They make money in 2 ways, by not spending money to fix the problem and by forcing their hapless users to work around the problem by paying for everything again! Region encoding is another example. Treacherous Computing indeed! No one will buy such a system by choice, at least not without severe brainwashing. Even if everyone could be forced to buy such systems, it still could not work. Just takes one user somewhere to introduce an unapproved device. It's impossible to stop such an "attack". Every large high school will have a few 16 year olds who will be quite capable of doing that.

They called it "copy protection" in the 1980's. That's all DRM is, is copy protection by another name. And they pressed every undocumented feature they could find into the service of copy protection, because at its heart, copy protection is security through obscurity. And none of it worked. What's that quote? "Those who do not learn from history are doomed to repeat it". So you have examples from recent history, you have many scientists who understand that it doesn't work and didn't need to try it even once to know better, but none of that stops these DRM fools.

Re:Hm...

[rlauzon (770025)]

The only problem is that standardized DRM is a pipe dream.

DRM relies on a secret in order to work. If the DRM is standardized, that secret it out and the DRM is broken.

This, of course, presumes that the purpose of DRM is to "protect" content. We all know that the only purpose of DRM is to lock consumers into a product and restrict consumer choice. So standardizing DRM is something that companies want to avoid at all costs.

Re:

[by Anonymous Coward]

"Standardized" DRM will be based on a TPM in every machine. Ever machine that wants to access "premium" content will require a licensed, signed and certified operating system with certified drivers. In other words: Microsoft and/or Apple, running on Intel and/or AMD, with NVIDIA and/or ATI video cards... and all the software certified to "protect the precious digital bits owned by the copyright holder". And all of this will be enforced by treacherous computing PC hardware.

Re:Hm...

[Richard W.M. Jones (591125)]

And all of this will be enforced by treacherous computing PC hardware.

Sure, but the treacherous hardware is here, in my hands. (Literally in fact - my desktop machine is an Intel development box which contains a TPM chip). Since it's in my hands, I can use whatever resources are available, and all the time and ingenuity in the world to break the DRM.

Once one person anywhere breaks the DRM on a piece of content and releases that content DRM-free, then everyone has the DRM-free content

Still don't believe me? If you want a parallel case, think about games consoles & "ROMs" (ie. game images) which are distributed on the net because a tiny fraction of a percent of console owners broke apart their consoles, found out how they worked, and removed the DRM from the games.

Rich.

Re:

[by Anonymous Coward]

Sure, but the treacherous hardware is here, in my hands. (Literally in fact - my desktop machine is an Intel development box which contains a TPM chip). Since it's in my hands, I can use whatever resources are available, and all the time and ingenuity in the world to break the DRM.

True, but you are missing the point. DRM (at least for the tech companies) is not about piracy. It's about control over legal uses of technology. "Standardized DRM", is a codeword for Trusted Computing -- it's something that tec

Re:

[Yetihehe (971185)]

If this one drm is standarized and other drm schemes are made illegal and companies will not use this standarized drm, only criminalists will have drm. If they use this standarized drm, it would be like they didn't use it (drm relies on secrets to work, so if it is standarized, there are no secrets). Don't you see? It makes perfect sense!

Re:

[badfish99 (826052)]

Not necessarily: forcing everyone to use the same DRM scheme would not, in itself, make that scheme less secure. If the DRM is well-designed, the "secret" need only ever be known by a handful of people.
On the other hand, it would give the owner of the chosen DRM scheme a government-enforced monopoly, and we all know what a good idea that is.

DRM design not the issue

[Isao (153092)]

If the DRM is well-designed, the "secret" need only ever be known by a handful of people.

This is often the point of confusion. DRM cannot be completely effective, ever. DRM-protected content fundamentally requires three things be given to the end-user: A method of keeping the content controlled, a key to allow that content to be made available to the end-user, and the secured content itself. No matter how well-designed the lock, the publisher has to give the end-user the key for it to be used. Any fu

Re:Hm...

[mlts (1038732)]

When I think of standardized DRM, I am reminded of the Clipper Chip, of the mid 90s. Said chip was being pushed to be a part of pretty much any electronic appliance (computers, cars, modems) for cryptography. To protect the algorithm (which was classified at the time), the chips were highly tamper resistant (for the time), and were programmed with the Skipjack algorithm in a secure location after being made. Of course, we all know how well taken key escrow was at the time, and the Clipper chip died a slow death.

I can see someone coming out with a "TPM v2" chip that, instead of acting like a passive smart card like the 1.2 chip today, it being more of an active function, perhaps doing all the audio and video decoding on it, and only allowing decrypted input to be passed to another, similarly armored and tamper resistant, chip on the monitor. Of course, said "TPM v2" chip would be updatable and images pushed out within hours or days of someone breaching it. It could even be an integral part in the booting/running process of a machine, allowing and denying programs to run. Like the Clipper chip, its manufacture and algorithms can be made classified or top secret.

Then, laws and treaties (similar to WIPO) being put into force that make disassembly or modification of the "offical" chip meaning large amounts of time in a prison, and if one country doesn't enforce the law in their own nation, extradition treaties with another country could force citizens to be tried by judges in other countries.

Of course, somewhere down the line the chip becomes mandatory, similar to the V-Chip is in US TVs, and of course, sooner or later, it will require to phone home to be updated periodically.

Eventually, said chip could be made into something that can scan people's systems for anything that whatever nation thinks is bad, and silently phone home with the info, similar to how Punkbuster and WoW's Warden report people running cheat programs. Then, when someone goes to rip their latest DVD for their iPod, the chip notices the ripping/decoding software, phone homes immediately, and in less than 24 hours, the police arrive with a DMCA-based arrest warrent. (No search warrant would be necessary -- the chip would have done a formal scan of the machine and have sent up in a cryptographically signed/timestamped manner "proof" of the infraction with a list of software present.)

I can see standardized DRM taking place... and its a quite fearful thing, not just combining all the old school cypherpunk's fears with regard to key escrow in hardware, but taking modern issues such as rootkits, spyware, and "super-root" access, and mixing all this into one very noxious hodgepodge.

Re:

[SharpFang (651121)]

It relies on a secret, not on obscurity. The algorithm doesn't have (and shouldn't) be secret to be secure. Just like GPG being secure despite being open source.

DRM can be standarized, open specs, maybe even open source implementation. But each participant has a set of secret keys, and they don't have to be shared. As long as there's no inherent weakness to the keys, algorithm and implementation, the result is secure. Leak of one key doesn't break protection on all the rest of them.

Of course the no inherent

Re:

[CastrTroy (595695)]

GPG relies on the fact that only you have your private key. Once your private key is compromised, it completely breaks down. DRM doesn't work, and will never work, because the attacker and the receiver are the same person. You'll always be able to grab the key out of memory, or hook up some mod chip to the computer/console/whatever to bypass the DRM, or dump the memory contents.

Re:

[SharpFang (651121)]

Actually, it's more like the signing system.
Enable the playback only if the stream is signed by originating party. The consumer appliance has only the public key, the data must be signed by the private key that never leaves the factory.

As long as the DRM and the playback chips are separate, you can intercept the data between them, spoof the DRM 'okay' signal, and so on. If the devices are integrated, good luck getting a microscope and trying to extract the data from the chip's memory cells when it never goe

Re:

[petermgreen (876956)]

But each participant has a set of secret keys, and they don't have to be shared.
The bottom line is that to view the content your player has to decrypt it, to decrypt it your player needs a key that will decrypt all content your player is supposed to be able to play.

So every manufacture of player hardware has to have a key that will decrypt all the content someone may want to use on that player. It only takes one vendor to leak said key or produce a player from which the decypted bitstream can be recovered (

Re:

[Urkki (668283)]

DRM relies on a secret in order to work. If the DRM is standardized, that secret it out and the DRM is broken.

The secret of working (as much as it theoretically can be) DRM is to have the algorithms and formats public and open, but to have asymmetric encryption and possibility of changing keys. So in the actual scheme itself, there's nothing to "break", except of course the asymmetric encryption, and that's practically impossible with any reasonable key size (choose algorithm that can't be quantum-cracked for future-proofing). When a private key is leaked or cracked, you "just" start to use a new one. And then

Re:

[hughk (248126)]

Thats where this trusted platform stuff comes in. You never get the data, only an audio or visual feed. The platform hardware validates the OS and only divulges the key to the AV DRM decoder which is running in protected mode. If you change the OS, or heaven forbid, compile your own then you do not validate to the trusted platform firmware. Note that it would be quite hard to completely protect a piece of code as large as a typical desktop OS, and certainly we have seen how easy it has been to subvert conso

Re:

[Paradigm_Complex (968558)]

If I understand this correctly, there'll be an uproar of sorts if it doesn't support Linux (a la BBC iPlayer). Even if they don't half-ass it, but put a huge amount of effort into getting a DRM scheme to work on an FOSS OS it'll still get broken pretty damn quickly, even if the DRM stuff itself is in binary.

Re:

[TheVelvetFlamebait (986083)]

OTOH, letting DRM fail naturally from poor interoperability would be a potent lesson for the labels and studios.

Give them the benefit of the doubt, let them distribute any way they want, then turn 'round and say "I told you so".

Re:

[pla (258480)]

If the industry is forced to do their DRM in an interoperable way it will be better than the present situation where DRMed content is practically not interoperable at all.

And how do you propose we grant iPods the ability to "know" the intent of their users?

Because truly "interoperable", transparent DRM would require exactly that. A Zune would need to know whether you mean for that particular copy to go to a machine you own as a backup, or to a random stranger's machine as a time-limited "sample". And

Re:Hm...

[MartinG (52587)]

I think you are looking too much at the short term.

Having more interoperable DRM will be better than having non-interoperable DRM right now, but it will only delay the real goal of no DRM at all.

I'd prefer to put up with a short term spate of incompatability, shortly followed by no DRM at all (which is actually already starting to happen, at least in with music) than a half-assed sort-of-better solution that in reality will never fully work as intended.

Re:

[Bert64 (520050)]

Well, interoperable DRM may be easier to crack, but it would also remove one of the biggest and most legitimate reasons for cracking it.

Of course DRM is not intended to prevent copying, it's intended to inhibit fair use and cause legitimate buyers to buy multiple copies of the same media for playing on different devices. Pirates will always find a way to make copies, even if they have to make lower quality analog copies.

Re:

[badfish99 (826052)]

Actually, if you read TFA, it sounds as though they want Europe-wide licencing for media downloads. Having one standard DRM schema might or might not be part of this, but they also want to stop the practice whereby paid-for downloads are charged at different prices in different countries: for example, Apple notoriously charge more for itunes downloads in the UK than they do in euro-zone countries. The original purpose of the EU was to create a "common market" where this sort of abuse could not happen.

Re:

[stsp (979375)]

I'm not a friend of DRM, but it's likely to stay around for a while

Have you seen Steal this Film II [stealthisfilm.com]? While DRM is not its main focus there are some interesting ideas in there that have heavy repercussions on DRM. If you follow that film's arguments, the public simply won't accept DRM any more than people did accept censoring of content back when the printing press first came around. You had to get a state-approved license if you wanted to print a book. These kinds of laws didn't really manage to stay aroun

Do it "right"?

[tkrotchko (124118)]

"And if the industry is forced to get their act together and actually do it right,"

Presumably, the BluRay/HD-DVD people had their act together and did it right. How did that work out?

this cloud has a silver lining though

[jacquesm (154384)]

The EU is pretty fragmentary and local law trumps EU law when it comes to the citizens of your own country. This creates all kinds of loopholes.

Also, and I know that's a weird line of reasoning but I think that it is valid, the sooner we get through this shit the better, and if it takes getting these idiotic laws and then breaking them en masse then so be it.

The population is slowly starting to wake up to the idiocy of some of these laws. Right now chinese law (see the recent RIAA vs Baidu suit) is more reasonable when it comes to some of this stuff than the so called bastion of democracy and privacy that the EU is supposed to be.

We're being sold out here and that has never before been more apparent, maybe this is what it takes to get people to wake up, I sure hope so.

It's going to take more than a few torrent sites to get taken down for people to realize that their rights are being eroded left right and center.

Re:this cloud has a silver lining though

[bigtomrodney (993427)]

Actually EU law supersedes national law when it conflicts. This has been upheld on many occasions
European Law Supremacy [wikipedia.org]

Re:this cloud has a silver lining though

[jacquesm (154384)]

Yes, for the foreign parties it does, but for the local parties it doesn't !

I'll give you an example:

A dutch guy wants to marry a woman from Africa. In the netherlands he'd have to fulfill all kinds of BS requirements so he moves to Belgium, then marries the woman while in Africa and then moves with her to Belgium. In Belgium the dutch person can claim EU resident status, so EU law will trump belgium law.

(this is known as the 'belgium route' in the netherlands)

But in the Netherlands because he's Dutch he would not be able to do that, for a Dutch national in the Netherlands Dutch law trumps EU law.

(which is why the belgium route exists)

I know this sounds crazy but it really is true, an eu-resident but non-dutch person in the Netherlands has more rights in the Netherlands than a Dutch person does and conversely a Dutch person has more rights in other European countries than those countries nationals.

Re:

[by Anonymous Coward]

This has nothing to do with Dutch national law trumping EU law in this case, which it doesn't, but with the fact that family law (the law governing marriage, custody of children, etc.), is not harmonized EU-wide. Every EU member state has its own marriage laws, but every member state also is obliged to respect marriages that have taken place under the laws of other member states.

Therefore, by moving to Belgium, you can profit from the (in this case) more liberal family law in Belgium, and when you move back

Re:

[jacquesm (154384)]

that's not how it is explained here:

http://nl.wikipedia.org/wiki/Belgi%C3%AB-route [wikipedia.org]

I hope you can read dutch, just in case here is a translation of one section of the article:

"Discrimination of own subjects.

European law trumps national law. And yet, every member state is free to apply more strict rules to its own subjects.
This so-called 'reverse discrimination' can not be remedied by Communitylaw, because it is a direct consequence of
the limited powers of the Community. The obligations with respect to libera

Re:

[PJ1216 (1063738)]

sounds like its not that national law trumps eu laws in respect to its subjects, but that they're allowed to apply *stricter* rules to its subjects. so, if the eu forbade something, national law can't trump it and allow it. at least thats what it looks like to me. i could be completely wrong though. i'm basing it solely on that excerpt you copied.

Re:

[jacquesm (154384)]

In one sentence: the EU giveth, the memberstates can take away *from their own members*, but not from the members of other states.

So every memberstate has to respect EU law for all EU citizens in so far as rights are granted *except* for their own citizens who they may discriminate against.

I'm not sure what the situation is when it comes rights granted by your own government being trumped by a more strict EU law, but in practice local laws are usually far more strict than local laws, and off the top of my h

Re:

[jacquesm (154384)]

The tricky bit here is that it depends on the law.

If a local law is 'restrictive', in other words it takes away a right that the EU explicitly grants then it can only apply to nationals of the country that made the law, for everybody else EU law is prevalent.

I can't make it make much more sense than that, it makes no sense (that a foreigner would have more rights abroad than in their own country is of course crazy) but that's the way the EU is structured.

This gives rise to all kinds of EU-based legal loopho

Re:

[hughk (248126)]

This isn't family law, it comes down to the law regarding freedom of movement of EU nationals and right to live and work in other countries. An EU person is entitled to bring their non-EU spouse plus any non-EU dependent children to any EU country except their own. If they bring their spouse to their own country then local immigration law trumps freedom of movement. In practical terms it means that if an EU citizen marries a non-EU person outside the EU citizen's country of residence and then brings them th

Re:

[AliasMarlowe (1042386)]

...and local law trumps EU law...

Wrong.
The primacy of EU law over national law is explicit in the EU treaties to which all member countries are signatories. National laws must be amended and regulations recodified to comply with EU law (causing a certain amount of obscene posturing and squealing by local politicians).

Re:

[SharpFang (651121)]

This isn't entirely true.

Local law trumps EU law whenever it conflicts with it. The conflict is a ShouldntHappen(tm) situation but is surprisingly common.

That is, if you violate any particular local law, which conflicts with EU law, you're fucked. You can apply for the law to be changed to comply with EU laws, and by all means it should be changed then (though the process may face a lot of obstacles - be delayed for a long time, crippled by lobbyists, generally suffer all kind of hurdles that can be thrown

Re:

[Blimundus (909351)]

"The EU is pretty fragmentary and local law trumps EU law when it comes to the citizens of your own country. This creates all kinds of loopholes." That's completely false. EU law (if correctly adopted, and with sufficient legal basis in the treaties) prevails over local law. Also, some EU laws (the regulations, as opposed to the directives), don't even have to be implemented into local law to have direct effect.

Re:

[SharpFang (651121)]

"if correctly adopted"

That's the tricky part, you know.

EU laws define what local laws should be.
Local laws are used to judge people.
Local laws that are in violation of EU laws (and shouldn't be) are still used to judge people, effectively trumping EU laws.

Re:

[datachild (1190381)]

This isn't a troll but I will point out a few things that I find odd with your post.


Firstly, I'm sure there is a good reason as to why DRM exists at all, and why these laws that we all find dumb are being passed.
A few that come to mind are...

Big corporations corrupting politicians even further
This is a no-brainer really. What a better way to ensure your survival than to simply pay off a politician to try to pass a law?
Big corporations like Sony, Microsoft, and so on have lots of money that they

a better idea

[theheadlessrabbit (1022587)]

I have a proposal for an alternative to DRM.

Imagine what would happen if instead of locking content, media companies just made content that no one in their right mind would possibly want.

imagine if all new movies were either endless strings of sequels, or remakes of other movies you've already seen.
imagine if all music was watered-down over-produced generic crap.
imagine if the most popular video game system were to offer downloads of all their classic titles at great prices.
imagine if the dominant operating system was so buggy, incompatible, and slow, that no one wanted to use it.

if, in some parallel universe, those four things were to somehow able to happen, all at the same time, no one would pirate anything!

sadly, we may never see such a world...

Re:

[Jugalator (259273)]

sadly, we may never see such a world...

Sure, you may say that you are a dreamer, but you are not the only one.

Re:

[goldspider (445116)]

Yeah, I see what ya did there. Now if only that actually stopped people from pirating!

The moral of the story is that no matter how bad a product is, people will take it if they can get it for free.

The Fallacy of DRM: a summary

[Morgaine (4316)]

DRM relies on encryption.

Encryption is designed to secure communication between Alice and Bob while denying it to the evil Eve.

In DRM, Bob and Eve are one and the same person.

In other words, DRM seeks to give a person access to an item while denying him/her access to that item. This is not a recipe for success.

The proponents of DRM seem to have a fundamental misunderstanding of the strengths and weaknesses of encryption, and so are attempting to use it in a manner that is inherently weak. The fact that DRM schemes are so frequently and so rapidly broken by people with minimal cracking resources is a clear pointer to this.

For further information, Google on Schneier.

Re:

[hughk (248126)]

In DRM, Bob and Eve are one and the same person.

Not quite. Bob does not need bits, they only want a picture and sound. Eve needs the bitstream, if they want a good copy. One way is to limit digital access to the device so it becomes just a playback machine. If it happens to be a general purpose computer, then expect someone to use some kind of hardware/software combination to lock Eve out, hence trusted platform concept and the trusted playback channels being introduced by Vista.

If done correctly, the ke

Standardized restrictions?

[WoollyMittens (1065278)]

If you standardize DRM, the materials which the content providers are trying to control will have to work anywhere and all the time. This by the very definition is NOT what DRM is about. It is about managed access, not universal access. A standardized DRM scheme would be just as useful to the content providers as MP3.

But is it then as interesting to their supporters?

[Jugalator (259273)]

I wonder if DRM isn't used a lot just because it locks out the competition. It certainly seems like a strategy beyond encryption and copy(right) protection at least, where Apple has strongly opposed opening up their DRM method, and even more visibly with Microsoft suddenly switching to a new form of DRM in the Zune Marketplace and in the process making Zune players incompatible with their old PlaysForSure encryption. I doubt it was because they thought PlaysForSure used a too weak encryption. :-p

Re:It's over...

[somersault (912633)]

Yeah, because the only useful thing the internet did was help spread illegal music? Have we so quickly forgotten our roots? Won't someone please think of the porn stars? :(