Andre Hedrick On Hard Drive Copy Protection

Andre Hedrick, Linux ATA dude and member of the committee that sets ATA hard drive interface standards, got your questions by email yesterday, and we got his answers back this morning. He gives us the inside dope about latest attempt by various copyright-worried industry heavies to stop you from using files in ways they dislike, spiced with a fair amount of humor, because... well, because Andre's just that kind of guy (and we like him that way!)

How voluntary is voluntary?
by squiggleslash

Is making the CPRM spec a feature that can be turned off truly making it voluntary, given that presumably some content will not be supplied to users who fail to leave CPRM enabled? Would it not end up being as "optional" as DVD CSS encyption and non-zero region encoding?

Andre:

SHALL != MAY :: REQUIRED == OPTIONAL

Because no one in the industry wants to be caught out of sync, it has been a running joke that "OPTIONAL" is the same as "REQUIRED"....

HOWEVER, the case of CPRM got a laugh that it could be the first "OPTIONAL" feature that would remain truly "OPTIONAL"! We all laughed around the room.

DVD CSS is in the world of MMC/SCSI, I can not comment.

Choices...
by cnladd

I apologize for the open-endedness of this question, but I have to ask it anyways. :)

If this copy protection were to become mandatory, I can definately imagine the effects that it would cause. But what effects - both long and short term - do you feel this would cause?

Andre:

Sorry, I do not feel anything! If you wish to know what I THINK, then I will answer the question. The very nature of asking people how they feel about an issue allows one to wrap it in fuzzy language, and this is how we got into this mess. So THINK DAMN-IT do not FEEL, this is silicon and not flesh!

Think about all the software you own for backup -- WORTHLESS in a CPRM environment. OPEN wallets!!!!

Ever had a morning where you were not kissed and told "I love you," when the night before you SCREWED so wildly that you could not remember?

GOOD MORNING!!!!

How to defeat it?
by sulli

If this is forced through the industry, how would one write a DeCSS-like tool to defeat it? Is it in some way bypassable in software?

Andre:

Unlike DeCSS that has media with seed keys that can not be updated, ATA devices (not ATAPI) can be updated as old keys are hacked.

After creating my proposal, it was deemed too complex to use, thus the only way I would withdraw it was to use the simple rules of Word0 Bits 6/7 to define FIXED/REMOVABLE as the boundary.

Thus it appears that I have agreed to drop the no longer needed enable/disable CPRM feature set, because ATA-Devices supporting Word0 Bit6 set to ONE are not going to be allowed to have CPRM support!

Thus we may have finally won the removal of CPRM from your HARD DRIVE!!

WOOHOO WOOHOO WOOHOO WOOHOO WOOHOO WOOHOO!!!!!!!

Now your REMOVABLE ATA - that looks like it is going to be still bound to CPRM rules. Compact FLASH, IBM MicroDrives, Sony Mem-Stick.... Things that are defined as "MEDIA" and not FIXED!

Better solution?
by RareHeintz

The hard-drive copy protection scheme seems to me to be yet another attempt (in the vein of DVD/CSS, DPMI, etc.) to maintain a legal structure (that of multinational corporations with scarcity-based proprietary information models) with a technical fix. On /., it may be taken as an article of faith that such efforts are doomed - smart people solve legal problems with lawyers, and technical problems with technology, and know the difference.

My question, though, stems from the fact that (like it or not) software companies are within their rights to get paid for software they write, and to set up their own price structure, and to prosecute those who steal their software.

So the question is: If this misguided idea of hardware-based copy protection gets successfully scuttled (and I hope it does), what better solution might there be for proprietary-model software companies that has the benefit of providing them superior protection from pirates without screwing the rest of the world out of the benefits of the currently open hardware model, such as "fair use" under copyright law?

My US$.02: Coming up with such a "third way" solution could go a long way toward killing media-based copy protection - give them an out, and they might take it.

Andre:

Media serial number command proposal (e00163r0) by Microsoft, and for the record they are the good guys this time! Ths proposal has more uses than what it is listed. It also used this stuff that is already in the market that you do not know about but use, SURPRISE!!!! (I was also surprised).

This new command could be used a seed for encrypting content, but before you go NUTS - This command is only reporting sections of the IDENTIFY page command. NOT TO WORRY, 30 (thirty) minutes and the HACK to disable it is complete......

It has uses more valuable to Linux than what it is presented as... Imagine that you want automatic hotswap to de/re-register the device, this command is passive and thus will not hang a system....THINK before you COMPLAIN, because I agree technically with the command, and see no harm from it that cannot be undone.

How does 4C justify their position?
by plover

What is 4C's reponse to "why don't you push for enforcement of the current copyright laws instead of an unpopular techno "fix" that will be thwarted upon release?" How do they justify their position?

Andre:

Most likely the law passed 2 years ago that provides and supports copyright encryption. Ask John Gilmore of the EFF. I think they are doing that with this model.

(Politics) If people will get off their butts and follow what their government is dumping on the country, you would be able to prevent this from ever coming to life.

Re:How does 4C justify their position?
by Snowfox

How does the 4C justify their position to the consumer? How is this in the consumer's best interest?

Andre:

Don't you what to download the movies you would not pay 7-10 bucks to see at the theater, in exchange for screwing up your computer? Boycott Hollywood and all movies, and see them crumble, is a counter-attack.

I'm still confused
by HuskyDog

I gain the impression that compliant (presumably closed source) software encrypts data as it flows on and off the drive using keys which are specific to each drive. So, if the file is moved to a different drive it won't decrypt any longer? Have I got the right idea? If so, its only applicable to those prepared to run closed source software, right?

Andre:

BINGO! Give that DOG a DOOLY from the FAIR! (GOOD MORNING!!!!, again)

Enforcement on Open Source platforms
by TWX_

How can copy protection of data be maintained on hard disks and other media if the operating system has the ability to use partition types that encrypt? Wouldn't a layer in an OS kernel be able to circumvent a good portion of the measures if the data does not reach the drive in its original form?

Andre:

No, the DIRTY work is done in USER-SPACE and the file is written down with standard commands now. The XOR calculations originally proposed for the drive would have made the DRIVE do the DIRTY work.

Is this already approved for SCSI and Firewire?
by VValdo

Last week we read that a copy-control scheme similar or identical to CPRM has been already approved for SCSI and Firewire (without objection...probably because no one knew about it.)

First off, is it true? Secondly, why hadn't we heard about this before? Can we expect this technology to be built into all new SCSI and Firwire hardware, or is "optional" there too?

Andre:

It is my impression that the game is over there, but join T10 and raise HELL!

What can we do to help you?
by rho

This proposal is a tragedy to personal liberties and freedoms (and rates pretty high on the Suck-o-Meter), and your efforts thus far are admirable.

So, I want to know, what can we do to help? Letter writing, calls, faxes? Stand around and go "Brrbbrrbb" with our lips?

How can we aid your efforts in the most effective way?

Andre:

Well it appears that everyone has ruined the Christmas vacation of the current officers, (I am glad that I did not accept the potential offer to consider vice-chairman at ths time, but I may reconsider), and all the nasty-grams have been forwarded to the members. We have been asked to review the content by the acting chair, with a notice to re-think the actions to be considered in February.

Also you may vent on , but you will get no answer. I will forward this to the members of the committee.

Cheers,

Andre Hedrick
Linux ATA Development