Zeroday 01100100011010010

Over the years friends have asked what I have against music services like iTunes. A week or two ago the term Pax Musicana crept into my subconscious and it captures the issue perfectly. My general disdain for digital services like iTunes, Amazon Kindle, and the like is that I am locked into a service and should I decide to wander to the next big thing I would have to rebuild my collection from scratch. I would have to abandon all the value I stored in that service because they refuse to let me take my purchases with me.
The term Pax Musicana came to me as a concept of what these services should be. If I buy a song from one vendor my “license” to listen/download/stream that song should extend to all legitimate online services. Billboard.biz even has an article advising ISPs to start music/media stores to lock customers in and reduce their churn rate. The dying copyright bastions like Sony, EMI, Warner, Vivendi, et al are laughing their collective asses off because consumers who wish to stay legal have to repurchase the same album from iTunes, Walmart, or wherever they go next instead of repurchasing when media formats change (cassette -> cd, etc). The article implies that disgruntled customers will stick around just so they don’t lose the value they invested into those songs.
Sure they could export those mp3s to their computers but what exactly is the point? As we all move into the cloud it would make more sense for users to have the ability to log in and stream their music from wherever they are in the world. And should they decide that the next big thing in music store surpasses their current one all their licenses should move with them.
The music industry has made a big deal about the sale of music being more a licensing agreement than a transfer of property. You don’t own the album you just paid for so much as have a right to listen to the music (privately). As we extend this metaphor to movies and books this concept becomes far more powerful.
When a friend of mine got a Barnes and Noble Nook for his birthday I had to hold my tongue as he showed it off. None of the titles he purchased on his Kindle would transfer over. I suppose pax mediacana would be more apt for this post’s title but it doesn’t have quite the same ring.
Interestingly the Wikipedia article on the original term “pax romana” says that the “Romans regarded peace not as an absence of war, but the rare situation that existed when all opponents had been beaten down beyond the ability to resist.” So perhaps we are there already. It seems that consumers today are so beaten that they will accept whatever terms are dictated to them. They buy media online without thought to the limitations of how far that media can travel with them. They sign (click) away all their rights to resell the media when it is no longer interesting to them (see First Sales Doctrine). I hope this changes soon. Until it does don’t expect a penny from me in terms of this disposable media. It simply isn’t worth it.

The backlash over DRM has finally started to gather serious momentum. Everyday consumers started a campaign to give the highly anticipated game Spore one-star ratings on Amazon. Thousands of Amazon users labeled Spore a poor choice because of the SecuROM DRM system that is forced onto PC users machines that purchase the game. EA has backpedaled a bit and eased the restrictions on the number of installs per machine. They have even made a verbal (but unenforceable) promise to disable the DRM system by patch should they ever end of life the product. But so far EA refuses to give in to consumer demand that they simply get rid of the DRM system. They hold on to the claim that DRM helps reduce piracy. Yet 30 seconds of searching on a popular torrent site shows not only Spore but a cracked copy that totally removes all DRM from the game.

This is possibly the most insulting bit for consumers. People who are pirating the game actually enjoy more freedom in the sense that their system does not have SecuROM permanently installed onto the hard drive. In the recent class action suit the defendants publicly document how the DRM used in Spore remains installed even after the game has been removed from the users computer. SecuROM also operates at “Ring 0” which is to say the core of the kernel layer which is clever in that it is hard to bypass the program yet dangerous because anything that goes wrong will completely destroy the users session. All of these facts are not made plain to consumers before purchasing the game. Only after they have purchased the game and start installation will they have the chance to read about the DRM system in the EULA. [warning: pdf] Retailers almost never allow returns on software once opened which leaves consumers who don’t agree with the surprise DRM in a very bad position.

So how can EA help end DRM? They can look at what is happening around them and try to understand how miserable their own customers are with the DRM choices they are making. If recent events are any indication they will either start pirating the games or simply stop supporting EA with their purchases. EA can also look at recent history and see the reactions of consumers to retailers who renounce DRM. When online music retailers started renouncing DRM (Amazon and Apple) consumers responded very positively. Not only that but the entire industry started to follow their lead. It is wonderful when smaller producers like Stardock announce intentions on these matters but it will take someone the size of EA to make it an industry trend.

Another casualty is being reported on the DRM front. Yahoo Music is shutting down it’s authentication servers which means those who purchased music will not be able to transfer the music to another computer. This will not affect all of Yahoo Music’s former customers initially but once they need to reinstall their OS or purchase a new computer the inability to move the music will become more clear. Yahoo’s reputation will likely suffer from this as the complaints start finding homes in various blogs and news stories. A better move on Yahoo’s part would have been to simply un-DRM the music for their customers before going dark. I would think that the possibility of a class action lawsuit would be enough economic incentive to invest in the relatively cheap process of providing uncrippled versions of the products they sold to their customers.

Unlike the recent Sony Rootkit fiasco the latest flaw in Macrovision’s SafeDisc technology was not an intentional backdoor. Despite this the fact remains that the latest Microsoft Security update includes a patch which, if not applied, could allow an attacker to leverage Macrovision DRM to exploit your system. The driver at issue here “validates the authenticity of games that are protected with SafeDisc and prohibits unauthorized copies of such games to play on Windows.” This is a fact often overlooked by the DRM industry. While the technology creates a slight barrier to copying of games it increases the attack surface area of every consumer who possesses the driver. In this case the driver comes with every copy of Microsoft Windows.
Exploiting the driver “allows unprivileged users to gain SYSTEM privileges”. This could be exploited very easily in a DriveByDownload situation and the exploit has already been spotted in the wild. It is a very heavy price for consumers to pay and they receive almost nothing in return. DRM is another layer of complexity which will always be under attack and a possible vector for vulnerability.

For more information:
WinXP and 2003 k-plugin demonstration
Report of exploit in the wild
technical details of exploit
Macromedia SafeDisc Site

Disclosure Timeline:
Reported @ reversemode (Wednesday, 17 October 2007) Written by Rubén
Security Advisory Published: November 5, 2007
Patch Published: December 11, 2007

credit: Jason Arends

According to an article posted by EFF’s von Lohmann posting “The Key” will certainly violate aspects of the oft hated DMCA. A growing number of citizens in the US are starting to recognize just how badly the law conflicts with other guarantees of rights possessed by US citizens.

No person shall … offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof that –

(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;

(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or

(C) is marketed by that person or another acting in concert with that person with that person’s knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.

Companies like Cafe Press could find themselves facing criminal charges if certain passages of the DMCA are interpreted unfavorably.

If the offense is “willful and for purposes of commercial gain,” federal prosecuters can bring criminal charges

. The EFF article notes that this provision has only been used against commercial piracy till now but that doesn’t rule out the possibility. Technically selling a T-Shirt or trucker hat on Cafe Press with the 16 digit hex code is commercial trafficking in a decryption device if the AACS LA lawyers are to be believed.

The take down notice from AACS has caused one blogger to alter the contents of his blog which is located at this url:
 http://linuxnotes.blogspot.com/2007/02/0…
The AACS has taken issue with the magic key which is a 16 digit hexadecimal code that can unlock HD DVD and allow for lawful backups or unlawful copying.

Here is a screenshot of the altered blog

According to Chilling Effects the take down notices have started flowing in the latest round of battle over the HD format. More information about AACS can be found on Ed Felten’s Blog series:
1, 2, 3, 4, 5, 6, 7, 8, 9

Alex wrote on Thursday about the next step in the breakdown of AACS, the encryption scheme used on next-gen DVD discs (HD-DVD and Blu-ray): last week a person named Arnezami discovered and published a processing key that apparently can be used to decrypt all existing discs.

The notice will be posted here in its entirety

Sender Information:
Advanced Access Content System Licensing Administrator, LLC (AACS LA)
Sent by: [Private]
Proskauer Rose LLP
New York, NY, 10038, USA

Recipient Information:
[Private]
Google Inc.
1600 Amphitheatre Pkwy.
Mountain View, CA, 94043, USA

Sent via: express mail
Re: Illegal Offering of Processing Key to Circumvent AACS Copyright Protection

 http://uscpwned.blogspot.com/2007/02/hol…
 http://linuxnotes.blogspot.com/2007/02/0…
 http://simonsta.blogspot.com/2007/02/los…
 http://cronicasredux.blogspot.com/2007/0…]

Dear Google Inc.

We represent Advanced Access Content System Licensing Administrator, LLC (AACS LA), developer, proprietor and licensor of the Advanced Access Content System (AACS). AACS is an integrated set of technological protection measures that controls access to and prevents unauthorized copying of copyrighted motion pictures embodied on high definition DVDs.

It is our understanding that you are providing to the public the above-identified tools and services at the above referenced URL, and are thereby providing and offering to the public a technology, product, service, device, component, or part thereof that is primarily designed, produced, or marketed for the purpose of circumventing the technological protection measures afforded by AACS (hereafter, the “circumvention offering”). Doing so constitutes a violation of the anti-circumvention provisions of the Digital Millennium Copyright Act (the “DMCA”), 17 U.S.C. §§ 1201(a)(2) and 1201(b)(1). Providing or offering the circumvention offering identified above, and any other such offering that is primarily designed or produced to circumvent protection measures, or which has only limited commercial significant purpose other than to circumvent, or which are offered to the public with knowledge that it is for use in circumventing, violates the rights of AACS and any others harmed as well. See §§ 1201(a)(2), 1201(b)(1), and 1203.

In view of the foregoing apparent anti-circumvention violations, we demand that you immediately:

1) remove or cause to be removed the above-specified AACS circumvention offering and any other circumvention offering which is designed, produced or provided to circumvent AACS or to assist others in doing so, and/or any links directly thereto, from the URL identified above and from any other forum or website on which you have provided any circumvention offering; and

2) refrain from posting or causing to be provided any AACS circumvention offering or from assisting others in doing so, including by direct links thereto, on any website now or at any time in the future.

Failure to do so will subject you to legal liability.

Please confirm to the undersigned in writing no later than noon a week from the above-indicated date that you have complied with these demands. You may reach the undersigned by telephone at [private] or by email at [private]@proskauer.com. AACS LA reserves all further rights and remedies with respect to this matter.

Very truly yours,

[private]
Counsel for AACS LA

Sony has released another DRM scheme on at least two known DVDs which will cause certain DVD hardware players to crash. The irony is that one of the models is a recent Sony DVP-CX995V and no updated firmware is available as of yet. No word on whether the DRM from Sony will crash other brands or models. More importantly no word on whether the DRM has made any significant dent in the ability to make copies of the movies in question. If you see “Stranger than Fiction” or “The Holiday” on a bit torrent site or usenet then Sony has failed.