[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Bremse des Fortschritts...



On 14 Nov 99, at 11:59, Stefan Bechtold wrote:

 
> Wenn ein (in einem rechtsstaatlichen Verfahren erlassenes!) Gesetz ein
> bestimmtes Verhalten verbietet (z.B. "Knacken von
> Kopierschutzmechanismen"), und man dies kritisiert, dann muß man doch
> begründen, warum ein solches Gesetz entweder rechtswidrig oder aus
> rechtspolitischen Gründen unerwünscht ist. Die Aussage von Axel Horns
> "[...]sperrt damit die Oeffentlichkeit auch aus Arealen aus, die sie
> eigentlich legitimerweise bertreten duerfen sollten[...]" sagt nicht,
> warum man solche Areale "legitimerweise" betreten duerfen sollte
> (gutes Deutsch).

Dazu z.B.:

http://www.counterpane.com/crypto-gram-9911.html

------------------------------- CUT ----------------------------------

[...]

It might be a bitter pill for the entertainment industry to swallow, 
but software content protection does not work. It cannot work. You 
can distribute encrypted content, but in order for it to be read, 
viewed, or listened to, it must be turned into plaintext. If it must 
be turned into plaintext, the computer must have a copy of the key 
and the algorithm to turn it into plaintext. A clever enough hacker 
with good enough debugging tools will always be able to reverse-
engineer the algorithm, get the key, or just capture the plaintext 
after decryption. And he can write a software program that allows 
others to do it automatically. This cannot be stopped.  

If you assume secure hardware, the scheme works. (In fact, the 
industry wants to extend the system all the way to the monitor, and 
eventually do the decryption there.) The attack works because the 
hacker can run a debugger and other programming tools. If the 
decryption device and the viewing device (it must be both) is inside 
a tamperproof piece of hardware, the hacker is stuck. He can't 
reverse-engineer anything. But tamperproof hardware is largely a 
myth, so in reality this would just be another barrier that someone 
will eventually overcome. Digital content protection just doesn't 
work; ask anyone who tried software copy protection.  

One more lesson and an observation. 

The lesson: This is yet another example of an industry meeting in 
secret and designing a proprietary encryption algorithm and protocol 
that ends up being embarrassingly weak. I never understand why people 
don't use open, published, trusted encryption algorithms and 
protocols. They're always better.  

The observation: The "solution" that the entertainment industry has 
been pushing for is to make reverse-engineering illegal. They managed 
in the United States: the Digital Millennium Copyright Act includes 
provisions to this effect, despite the protests of the scientific and 
civil rights communities. (Yes, you can go to jail for possessing a 
debugger.) They got a similar law passed in the UK. They're working 
on the EU. This "solution" does not work and makes no sense.  

First, unless reverse-engineering is illegal everywhere on the 
planet, someone will be able to do it somewhere. And one person is 
all you need; he can write software that everyone else uses. Second, 
the reverse-engineer can -- as in this case -- work anonymously. Laws 
wouldn't have helped in this case. And third, laws can't put the cat 
back into the bag. Even if you could catch and prosecute the hackers 
who did this, it wouldn't affect the hacker tools that have already 
been, and continue to be, written.  

What the entertainment industry can do, and what they have done in 
this case, is use legal threats to slow the spread of these tools. So 
far the industry has threatened legal actions against people who have 
put these software tools on their Web sites. The result will be that 
these tools will exist on hacker Web sites, but will never be in 
public-domain software -- Linux, for example.  

The fatal flaw is that the entertainment industry is lazy, and is 
attempting to find a technological solution to what is a legal 
problem. It is illegal to steal copyrights and trademarks, whether it 
is a DVD movie, a magazine image, a Ralph Lauren shirt, or a Louis 
Vitton handbag. This legal protection still exists, and is still 
strong. For some reason the entertainment industry has decided that 
it has a legal right to the protection of its technology, and that 
makes no sense.  

Moreover, they are badgering legislatures into passing laws that prop 
up this flawed technological protection. In the US and UK (and 
possibly soon in the EU), it is illegal to circumvent their 
technology, even when you never use it to violate a copyright. It is 
illegal to engage in scientific research about the encryption used in 
these systems. It is illegal to peek under the hood of this thing you 
have legally bought. So not only does this system not work, it 
creates a black market where there was none before, while doing no 
social good in the process.  

This DVD break is a good thing. It served no one's interests for the 
entertainment industry to put their faith in a bad security system. 
It is good research, illustrating how bad the encryption algorithm is 
and how poorly thought out the security model is. What is learned 
here can be applied to making future systems stronger.  

[...]

------------------------------- CUT ----------------------------------