Why HDCP is still used despite being utterly broken is simply the fact that it gives media corporations 'control'. You know those anti-circumvention laws for DRM? Yeah. Even DVDs still ship with CSS for this reason - when RealNetworks released RealDVD, their DVD ripping program (which wasn't even particularly good or useful, as it produced Real Media files with Real's own DRM included), they were sued by DVD Copy Control Association and lost.[1] So even if the DRM itself is utterly broken, when combined with anti-circumvention laws it allows the media industry to shut down any "rogue players" - in other words, it gives them control. And the gatekeepers, oh, they just love control.
I think you're correct about 'control', but that begs a question:
Why is control that important? It's not control for the sake of generating money, they'd probably make more money, in a bigger industry, if they didn't exert such fine-grained control. Is it that much fun to dictate popular culture, or is something else going on behind the scenes, other than hookers and blow?
It's what they're used to - back before the internet existed, these middlemen pretty much had total control over what media people were exposed to. They were the gatekeepers of media. Then the internet came along, which has changed the way people get exposed to media dramatically. The gatekeepers hate it, because it takes away control from them, and they try their hardest to undo the effects of the internet with DRM, laws, etc. Of course, middlemen are still necessary even in the digital age, but a good middleman in this day and age is not a gatekeeper, but rather an enabler (for music, think Soundcloud, Bandcamp, Tunecore and so on for example).
That's not the main reason. If it were, then Hollywood would have stuck with CSS for Bluray and HD-DVD instead of making AACS. They tried hard with AACS: unlike CSS, it uses a real, peer-reviewed encryption algorithm (AES) and has a very complex key management system. Hollywood was really hoping to get a technical solution to DRM and not a purely legal one. (Of course it failed in the end.)
The real reason why these broken DRM systems like HDCP and AACS are still around is because there are millions of players/TVs/discs in the field and you can't break all of them by introducing a new DRM system. I strongly suspect that Hollywood will attempt a new DRM system at the earliest opportunity (perhaps when there's a successor to HD?).
The problem with software-based DRM is that you can always, in the worst case, run the whole thing in a virtual machine and capture the output the software thinks is going to a display but is really going to a video encoder.
The problem with hardware-based DRM is that you have a hundred million devices in service when a vulnerability is discovered. Then you can't even securely issue a firmware update as a result of the exact same vulnerability you're trying to patch, and if the vulnerability is in the hardware itself then you're totally screwed.
Normal cryptography is Alice sending a message to Bob without Eve being able to read it. We know how to do that pretty well at this point -- and even then, look at the regularity we see security patches to e.g. OpenSSL. DRM is not even that. DRM is Alice sending a message to Bob that self-destructs after Bob looks at it, even if Bob doesn't want it to. It isn't clear that this is even theoretically possible against a determined attacker, and in practice it hasn't even held up to amateurs and hobbyists.
All they're doing is just pissing money away and inconveniencing their paying customers. I'm pretty sure the only reason we still have new DRM systems at all (as opposed to faux DRM whose sole purpose is to invoke the DMCA) is that there are still companies who make money peddling it and the people paying them haven't yet been able to see through the lies.
DRM is popular not because it makes the possible impossible (not even the least technical people at the studios think this), but because it makes copying more expensive. As such, it's one leg of the "anti-piracy" stool, along with spurious lawsuits, punitive licensing deals, &c.
You (and I) might think the whole think is a donkey circus that just ends up making things worse, but it's important to keep in mind that there is a reason for it, and it's not false consciousness on the part of the content owners, or magical pixie dust from DRM vendors.
>DRM is popular not because it makes the possible impossible (not even the least technical people at the studios think this), but because it makes copying more expensive.
Except that it doesn't. The user who downloads pick-your-favorite-DVD-ripper doesn't even have to know that it contains code to remove CSS, they just download it and it works.
At the same time, DRM is costing them money. If I go to the store and buy a shiny plastic disc for $30 and take it home and it doesn't play because my $2000 TV from two years ago doesn't have HDCP version whatever, I am not going to go straight out and buy another $2000 TV. I am just going to spend my money on something other than plastic discs that won't play on my TV until the time comes when I would have replaced it anyway. And two months after that happens, someone breaks the new DRM and they come out with new content that won't play on my new TV.
The net result of DRM is to make piracy more convenient relative to purchasing. As far as I can tell its continued existence has only two causes: The first is the DRM snake oil salesmen bamboozling people into thinking it isn't a net negative, and the second (which I imagine is the real reason) is that it allows major content producers to better control content distribution channels and thereby exclude, tax or penalize smaller competitors. But that doesn't require the DRM to be effective in any way, it only requires the DMCA and lawsuits against anyone who attempts to challenge them in the market for content distribution.
> DRM is popular not because it makes the possible impossible (not even the least technical people at the studios think this), but because it makes copying more expensive
No, it exists because it's usually a contractual obligation for licensing the content for distribution to at least make a token effort to protect content. That's really the biggest reason.
The viewpoint from your corner of the world is wrong. The viewpoint from my corner is right. Of course both can't possibly be part of the whole story at the same time, that's ridiculous.
I have an insider's view of the industry, as well as an understanding of the interplay that happens between different target platforms, content providers, and the engineers implementing the actual streaming platform.
I have no need to lie nor any investment in being verifiably correct. My viewpoint is simply my own and carries its own validity according to however much people wish to believe me.
Except beyond a certain point it doesn't make it more expensive. Crack ROT13 or BD+ or AACS or whatever and what you have at the end is the plaintext, that then gets distributed around.
It makes it harder for a few people that crack it for fun, profit, kudos, whatever it is, but then it's exactly the same.
There is a reason for it, but mostly the reason is pretty misguided, and it absolutely does make the experience of the paying customer worse than that of the pirate.
If decryptors are criminal then only criminals will have decryptors. The legal side of things isn't going to bother the commercial rippers one single bit; they'll just stream from somewhere that hasn't signed up to the Berne convention. Burma is close to both Thailand and Bangladesh no? You want to buy a cheap copy of movie mister? Top quality! Work in US and EU.
If infringement goes to court, the content owner needs to prove that they took adequate measures to protect their property and that they tried their best to alert the consumers of what constitutes the violation.
This is why there are technical updates to DRM systems (they need to be reasonable, but in the interest of consumers backwards compatibility can waive that requirement) and also why there are the non-skippable FBI warnings on discs.
HDCP (the copyright protection mechanism in HDMI) is broken. I don't mean just a little bit broken, I mean
thoroughly, comprehensively, irredeemably and very
publicly broken. Broken in such a way that any possible
recovery would mean layering it with so much additional
new infrastructure as to render it entirely pointless.
Broken. B-R-O-K-E-N.
.... So why, then, is it still being shoved down my throat?
Easy. The licensing and "intellectual property" laws combine to allow some set of corporate entities to create at least a price-fixing cartel around HD Tee Vee. They probably got the idea from the success of the DVDCCA (http://www.dvdcca.org/). If you don't/can't pay the licensing fees for HDMI, you can't make products. HDMI probably keeps the riff-raff (rampant competition) out.
Clearly true, as stripping HDCP, while useful for interoperability with noncompliant devices, is an obviously fussy and inefficient way to store or distribute video supplied in a compressed format with cracked DRM (e.g., Blu-ray, iTunes).
Well, that and inertia, HDMI being the digital evolution of the old "analog hole".
"Freedom USA, which also operates under the names AVADirect and AntaresPro, makes several devices which allow consumers to convert HDCP-encrypted digital signals to analog signals. This means that users could potentially record pay-per-view broadcasts, including Hollywood movies."
"Aside from the 'piracy' element brought up in the complaint the devices sold by Freedom USA also have legitimate uses, such as connecting a new set-top box to an older TV or monitor."
This garbage is definitely costing them sales. I bought a blu-ray player/receiver thingus and it wouldn't work with my Roku player because they could not negotiate mutually-acceptable encryption most of the time, resulting in solid green fields instead of movies. So instead of being happy and buying blu-ray discs, I just returned it and continue to not buy any of those.
Even more curious (but equally broken) are the myriad DRM protocols that operate between consumer devices across the network. The main reason DRM is used in these scenarios is that a lot of the leading content owners (mostly Hollywood) make it a requirement before releasing their content digitally. Having seen the reference source code for some of them, I can tell you that we have nothing to fear, and that the claims each new system makes regarding innovation are farcical.
Some of these protocols currently in use include Coral, OMA, OMA2, Windows Media 9, Playready, Marlin, Widevine, etc.
Also, HDCP is spiritually the successor to Macrovision Analog Protection System (APS) on videotapes. For more information on where this is headed at present (dead as the whole DRM area is), see also DTCP+, HDCP's latest content protection specification.
PS. Adam, if you read this, nice meeting you in Bangkok a few years back. I am sort of based there now, just back in China for a spell.
Cinavia has been in my sights for a while. Every once in a while, I end up rereading the main patent and doing research, and it looks like a formidable challenger. I'd really like to take it on, if I ever had free time; it's been a while since I've done DRM reversing, and it's ridiculously well designed, thus fun.
That doesn't prevent ripping, does it? Just playing back burned discs. I don't know anyone who burns the movies they download onto DVDs (or whatever) before watching them.
Adam said that an HDCP-stripper can generate a key on-the-fly, thereby making it impossible to revoke. Does such a device exist? It was my understanding that all HDCP-stripper available were using static keys (which have to be reprogrammed by the end-user with a new key in the event the key is revoked).
I didn't infer it exists from the article. HD Fury is the only stripper I know of, it's "Now supplied with mini USB connector for firmware updates." It's also pricey. I found it when looking for a way to use my DVI Cinema Display with my Apple TV (1g).
Yes it's completely broken but its rarely the best point of attack anyway. Dealing with uncompressed video input is hassle and needs significant hardware compared to a way to capture the compressed data from a Blu-ray. Plus there is a generational compression loss of quality.
You've gat to love the comment on TFA saying something like: "It doesn't matter that it can be broken by experienced crackers, it's just to keep the honest man honest".
That is so wrong: all it takes is that each one of the warez group builds one like this and then they can rip anything "big media" produces and then put it on torrent or underground movie-sharing networks.
(oh the memories taking my bycicle when I was 12 to meet people in parking lots to trade 5 1/4" and 3 1/2" floppy disks ; )
The snicker net will still work when the Internet police will come. It will be lower bandwidth (or higher depending on the size of the exchanged HDDs :), high latency but will work.
[1] http://en.wikipedia.org/wiki/RealNetworks,_Inc._v._DVD_Copy_....