Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Music Media

Felten Follower Examines Crippled Music Disks 160

Posted by michael
from the keeping-busy dept.
D4C5CE writes "Following in the footsteps of his famous professor, in his paper "Evaluating New Copy-Prevention Techniques for Audio CDs" (yes, that's pure PS), which is one of many interesting contributions to the 2002 ACM Workshop on Digital Rights Management, Princeton student Alex Halderman takes apart (bit by bit, literally) the "tricks on tracks" employed by the music industry to frustrate fair use."
This discussion has been archived. No new comments can be posted.

Felten Follower Examines Crippled Music Disks

Comments Filter:
  • Role of OS! (Score:5, Interesting)

    by krazyninja (447747) on Monday October 21, 2002 @05:32AM (#4494073)
    I think examining the strength/weaknesses of algorithms without regard to the surroundings is not a good idea. With Windows providing most of the drivers in signed form, and refusing to accept unsigned drivers, it could be difficult to apply the "breaking" methods defined, in the mainstream operating systems. Ofcourse, in other OS's this shouldnot be a problem.
    • Re:Role of OS! (Score:3, Informative)

      by fishnuts (414425)
      Windows' "driver signing" is only a way to guarantee that a particular driver is verified and certified by microsoft to be fit for its particular purpose in whatever versions of the OS the author wants to get it signed for. You can still install unsigned drivers, with only a benign warning from the OS that it's "not signed by microsoft".
      • Re:Role of OS! (Score:5, Insightful)

        by krazyninja (447747) on Monday October 21, 2002 @05:49AM (#4494102)
        Windows' "driver signing" is only a way to guarantee that a particular driver is verified

        Yah..But how long before that "option" is removed from the screen, and instead an "error" is indicated? From the way the DMCA has been brought upon, I dont see far.

        • Re:Role of OS! (Score:5, Insightful)

          by Zocalo (252965) on Monday October 21, 2002 @07:23AM (#4494424) Homepage
          Yah..But how long before that "option" is removed from the screen, and instead an "error" is indicated? From the way the DMCA has been brought upon, I dont see far.

          I'd tend to disagree. Microsoft does at least appear to have gained a clue about security recently, and if they refuse to allow unsigned drivers outright they are opening an ugly can of worms. It takes time to get that WHQL certification that marks a driver as signed, so consider what would happen in the scenario of an exploit being found in a WHQL driver and made public immediately.

          The driver vendor might be able to issue a patch almost immediately, but would then have to submit it for WHQL approval before it can be installed. Even with somekind of "fasttrack emergency approval" mechanism for this situation, that's not going to happen overnight. Now imagine the outcry from those who do have a security clue if they are left vulnerable because Microsoft decided it was in their best interests not to allow them to install the patch because it was unsigned.

          The security services have the definition right; a "trusted box" is one that has the capability to break your security policy. Think about it - your firewall is "trusted" right? Yet if it breaks and starts allowing all packets through, what just happened to security. Now, tell me again Microsoft, "Palladium" is "trusted computing" and this is a good thing? ;)

          • Re:Role of OS! (Score:5, Insightful)

            by BeBoxer (14448) on Monday October 21, 2002 @10:13AM (#4495576)
            I'd tend to disagree. Microsoft does at least appear to have gained a clue about security recently, and if they refuse to allow unsigned drivers outright they are opening an ugly can of worms. It takes time to get that WHQL certification that marks a driver as signed, so consider what would happen in the scenario of an exploit being found in a WHQL driver and made public immediately.

            Microsoft(tm)'s Palladium scheme will require signed drivers. There is simply no way to try to enforce that level of security while still allowing end users to insert arbitrary code into the kernel. Not with any standard definition of "driver" and "kernel".

            Most likely they will "compromise". You'll be able to load unsigned drivers, but when you reboot to load the drivers Palladium will detect that the OS is no longer in a "secure" state and any software that relies on the "trust" Palladium gives will be disabled. So no running WMP. And even though Microsoft(tm) has claimed that they won't use Palladium for software licensing somebody will. It's just too juicy for software publishers to resist. So you can expect that software to break. And since guarding against virii and such is one of the trumpeted reasons for Palladium, you can expect your AV software to have a fit. Who knows what it's failure mode will be. Should it not allow anything, since it can't really trust it's own binary, or it's AV database? Or should it allow everything for the same reason? Either failure mode is quite unpleasant. Or should it continue as if nothing had changed?

            Now imagine the outcry from those who do have a security clue if they are left vulnerable because Microsoft decided it was in their best interests not to allow them to install the patch because it was unsigned.

            Anybody with a security clue should realize that Palladium is about creating a new level of security user which is higher than "Administrator" and which only Microsoft(tm) has access to. No more. No less. It's about taking root access away from the user and giving it to Microsoft(tm). Any security administrator who willfully gives up final control of their box to the OS vendor gets exactly what they deserve. What's remarkable is how many "administrators" are going to be dumb enough to do exactly that.

            Palladium is designed to make the PC an attractive platform to media conglomerates for online content. A platform which will allow Microsoft(tm) to collect a toll on that delivery. It has nothing to do with increasing security for end users. Media companies don't trust their cusomters, nor do they trust their PCs. Microsoft(tm), by assuming control of the users computer, will be able to assure the media companies that their customers PC's can be trusted, even though the customers themselves can't be.
            • Microsoft(tm)'s Palladium scheme will require signed drivers. There is simply no way to try to enforce that level of security while still allowing end users to insert arbitrary code into the kernel. Not with any standard definition of "driver" and "kernel".

              That's not true. According to what Microsoft has said, Palladium runs "beside" Windows. It uses a new hardware mode (some people refer to it as ring -1) to get access to special "curtained" memory. Only a small Palladium kernel called the "nub" runs in this hardware mode.

              The ordinary Windows kernel is hopelessly insecure and the Palladium guys knew they'd never get anywhere if they relied on MS kernel security. The Windows kernel does not have sufficient privileges to touch Palladium secure code. Therefore Windows device drivers are not a security issue for Palladium.

              Microsoft has also said that Palladium does not involve having Microsoft certify code or verify signatures. Instead they provide a general mechanism by which application developers can create programs which authenticate themselves to servers, and store encrypted data that other programs can't decrypt. It's an open system and Microsoft doesn't want to be in the business of checking every application out there to see if it satisfies some kind of Palladium security requirements. Instead, it will be up to each application developer to decide which programs it will trust.
              • Well if what you claim is true, then no matter how much DRM Microsoft build into WMP, it will be useless. All somebody has to do to get round it is to make a new soundcard driver that writes sound to disk instead of to the soundcard.

                The only alternative would be to force *all* soundcard manufacturers to incorporate hardware decryption straight onto their boards.

          • Re:Role of OS! (Score:3, Interesting)

            by Jerf (17166)
            Now imagine the outcry from those who do have a security clue if they are left vulnerable because Microsoft decided it was in their best interests not to allow them to install the patch because it was unsigned.

            With all due respect, because everything you say is literally true, you are not thinking like a lawyer-driven beauracracy.

            In fact, the exact same evidence that you present for why unsigned drivers must be allowed will be interpreted as evidence that only signed drivers must be allowed by the buearacracy. The more things might go wrong in the system, the more evidence that centralized control is necessary, and should not be possible to bypass.

            Because remember, once a beauracracy has signed off on something, it IS perfect, even after it has been proven it is not. Whereas things not signed off on are worthless. The problem is always the stuff not under its control. Beauracracies are apparently incapable of realizing that mistakes are possible, and by assuming their impossibility, make the ones they make that much worse.

            Note I'm not speaking of Microsoft, specifically; this applies equally to lot of other things, most notably many large Government agencies.
          • Palladium programs won't run unless they trust the operating system (nub), and you only access palladium content that trusts the palladium program.

            If a security hole is found in the OS (nub) or in a program you cannot patch it to close the hole untill you get the patch certified as Palladium-trusted. This will signifigantly delay they release of critical security fixes, leaving machines vulnerable.

            Oh yeah, and one of Palladium's big selling points is how it's supposed to protect security.

            -
        • Both MS and whoever's writing the driver need to be able to test the driver somehow. This means loading it, BEFORE it has been signed. They cannot entirely remove the ability to install unsigned drivers.
      • Re:Role of OS! (Score:3, Insightful)

        by Anonymous Coward
        Yeah, but for how long?

        Seriously, Microsoft is getting all the pieces in place, look at their "Secure Audio Path" approved drivers; they're pretty clearly planning to pull the "benign warning" lynch pin at some point.
      • Re:Role of OS! (Score:3, Interesting)

        by Dr Caleb (121505)
        I've always wondered why drivers from Microsoft aren't signed when performing a Windows Update.

        Perhaps this is to trick users to "always trust content from Microsoft" and thereby have all this stuff rammed down their throat, unaware?

        • Re:Role of OS! (Score:3, Insightful)

          by Yankovic (97540)
          They are signed. The activeX which downloads the file is signed and goes through intensive checking when communicating with the server at MS.
  • by mseeger (40923) on Monday October 21, 2002 @05:32AM (#4494075)
    Hi,

    I hope he knows such trips to conferences may last longer than expected. Instead of bodyguards he should be guarded by lawyers.

    Yours, Martin

  • Postscript Viewer (Score:5, Informative)

    by enneff (135842) on Monday October 21, 2002 @05:38AM (#4494082) Homepage
    For those that don't have a Postscript viewer and run Windows, check out RoPS [rops.org] - small, fast and effective.
  • Do they have wheelchairs or crutches?
    • by TheSHAD0W (258774)
      Now it's not just the DMCA we're up against; we also have to worry about the ADA. If you don't buy one of these copy-protected CDs you may be sued for discriminating against the handicapped.
  • by Anonymous Coward on Monday October 21, 2002 @05:58AM (#4494122)
    Is it just me, or does he have a picture of Natalie Portman in his photo collection?

    Her name is Julie? [princeton.edu]

    Copy-protection bashing and Natalie Portman... A hero to us all. I salute you!
  • Actually, (Score:5, Funny)

    by Anonymous Coward on Monday October 21, 2002 @05:59AM (#4494123)
    they prefer the term "Music Discs with Disabilities"
  • by Anonymous Coward on Monday October 21, 2002 @06:03AM (#4494131)
    Exactly. There is no way that an audio cd can be made copy-protected, and remain reasonably compatible with redbook CD players. It was never built in to the spec, and there is no way to shoe-horn it in to the spec now.
    • by Anonymous Coward
      I wonder what the world would be like if all these efforts were directed at actually getting information into the hands and minds of people, as opposed to hiding it from them? Simplistic, yes. Information is just information to me. There is plenty of it for free or very low cost, and the for pay can be quickly reverse engineered in the human mind in a pinch. Timely delivery or well crafted information is of value and has a limited term business model.. i.e. books, research, art, .. but for the most part, in an economic sense, people should probably focus on tangible goods and services (not to be confused with Greenspeak's new economy folly).

      I hope for an age of reason and innovation, a fairly major paradigm shift. But it's a possibility as these MNCs continue to p*ss away their working capital trying to abate evolution.. it's good that some of these cathedrals will fall, because there are some great raw materials there that can be recycled and used to create things of better value.
  • by eddy (18759) on Monday October 21, 2002 @06:08AM (#4494146) Homepage Journal

    As the paper points out, these schemes rely on "bugs" and "mis-features" in reader firmware, and it suggests that CDDA copy prevention won't last since "[...]Hardware and Software adaption is an inevitable and natural extension of improved design and bug fixing".

    The question is if the hardware manufacturers will begin competing for customers by providing the very best fireware in their drives, or if they will join hands with the RIAA and the snake-oil salesmen. So far I see no decisive move in either direction.

    Some drives can 'clone' protections just fine or need only better software on the computer side, but on the other hand there's a whole class of typical hardware -- like the Toshiba in this case -- which has been b0rken for so long that I really think the manufacturer is playing nice with the copy-protection industry.

    Maybe what we really need is drives with a more capable RAW reading interface, then all errors could be emulated and/or corrected as necessary on the side we control, the computer.

    • by Anonymous Coward
      The question is if the hardware manufacturers will begin competing for customers by providing the very best fireware in their drives, or if they will join hands with the RIAA and the snake-oil salesmen.

      Maybe they will. If you cast your mind back a few years, it was touch and go as to wether a drive supported CDDA properly. Consumers educated themselves and bought drives which were known to work. This caused a demand for CDDA capable drives, and the other manufacturers caught up (Most of them, anyway!). These days its hard to find a drive that doesn't do CDDA.

      The system works! (O.K, it sort of works...). I don't see why it couldn't work again.
    • by StrawberryFrog (67065) on Monday October 21, 2002 @06:57AM (#4494298) Homepage Journal
      The question is if the hardware manufacturers will begin competing for customers by providing the very best fireware in their drives, or if they will join hands with the RIAA and the snake-oil salesmen. So far I see no decisive move in either direction.

      Well, here's a good sign: DVD players here in the UK are mostly region-agile, and are often advertised as such, even in national newspapers. Retailers tend to listen to consumers more then media monopolies do, as they compete more fiercely for customers.
      • Future directions (Score:3, Interesting)

        by eddy (18759)

        The difference, I feel, is that the region system is something which average joes can understand and question; "So you're saying that for some artifical reason this player will reject DVDs I've bought over-seas?", while the reliance by CDDA copy-protection schemes on reader firmware (as opposed to being fully contained within the CDs themselves) isn't as apparent or easy to convey. Basically, people are mostly unaware that their choice of drive will and can change the degree to which they can use copy-protected discs on their computer.

        I wish they'd used a Lite-On drive in the tests too. Plextor is mostly bought by people in-the-know, while Lite-on provides quality firmware (my experience) on a much wider level and could be used as a good recommendation based on quality, high availability and low price.

        I'd also like to see future research which goes beyond the black-box approach and actually use a custom firmware to dump the disc.

        I just hope that some manufacturer recognize the opportunity and either provides a good quality firmware with good failovers which just rips through these protections, or provides a firmware which can be switched into "dummy cd-player mode" in which it would behave exactly like a dumb cd-player would. This shouldn't take up too many bytes, and the interface could be anything from a simple "tripple-click eject button to change mode" to a nice looking GUI-app (which Plextor is very good with already, via their "PlexTools".

        (I don't work for Plextor or Lite-On. I do own drives from both manufacturers though)

    • Another good sign is that even Sony has mp3 playing devices, one of which even has the selling line "record from the net..." on their own homepage... http://www.sonystyle.com/home/dept.jsp?hierc=9687& deptid=9687

      "record from the net..."??? On the one hand they wanna cripple the fair use but on the other hand they release mp3 players that "record from the net..."? If you have the cd yourself why record from the net? for all those REALLY FREE mp3's made by people who cant get a record deal? yeah sure... that's just the same lame excuse that people who want kazaa to stay up use...

      It happened with mp3 players... first there were only weird hong kong made mp3 players... but when sony and all the big boys saw how much money those hong kong guys made they all wanted a piece of the pie... the only thing that can break those corporations from doing anything they can to make more profit is their greed... I mean, they stick together quite nicely when fighting for their profits.. but as soon as they find out a way to make even more money by not sticking together they suddenly forget their partners in their lil axis of evil...

  • by goldspider (445116) <ardrake79 @ g m ail.com> on Monday October 21, 2002 @06:20AM (#4494170) Homepage
    Princeton student Alex Halderman takes apart (bit by bit, literally) the "tricks on tracks" employed by the music industry to frustrate fair use."

    ...as if the music industry's actions has nothing whatsoever to do with frustrating music pirates.

    Let's be fair here. We all know that recent copy protection schemes do in fact (at the very least) interfere with fair use, but we can't forget/deliberately ignore the underlying goal of the music industry for the sake of sensationalism, however faulty their methods are.

    • by fmaxwell (249001) on Monday October 21, 2002 @07:10AM (#4494351) Homepage Journal
      There is no scheme yet devised that will significantly hamper true music pirates. And by that term, I mean people who create and redistribute bootleg CDs for profit. Any of those folks will just take an audio CD player and capture the music via the SPDIF output.

      The music industry wants to convince the world that anyone who records a CD to their hard disc is a "pirate." They want consumers to believe that making a backup copy in case of damage is piracy. They want people to believe that creating a "mix CD" of your favorite songs is piracy. They want the public to believe that the guy who copies a CD so he can have one in his car and one at home is a pirate. In short, they are waging a campaign to equate simple copying with piracy.

      In their ideal world, if you wanted a copy of a CD for the car and one for the home, you would have to purchase two of them. If you wanted a "mix CD" with numerous hits, you would choose from their canned compilations. If you damaged the CD while moving it from player to player, you would have to purchase a new one (since you would not have a backup). This is not about piracy. It's about making you pay multiple times for the same music.
      • by goldspider (445116) <ardrake79 @ g m ail.com> on Monday October 21, 2002 @07:50AM (#4494529) Homepage
        All very good points, but let me ask you this:

        Would this nearly as much of an issue without the likes of Napster and P2P contributing to the proliferation of illegal music distribution (whatever you want to call it, I'm talking about the illegal stuff)?

        Outdated business models, infringements on fair use, and past claims about bootlegging aside (we've heard all of that already) there's a definite cause-and-effect relationship between the ease of file sharing/distribution and the xxAA's actions.

        Ignoring the fact that people who have illegally acquired/distributed software have largely contributed to the problem we are now facing from the music/movie industries won't make that fact go away.

        • by fmaxwell (249001) on Monday October 21, 2002 @08:54AM (#4494892) Homepage Journal
          Would this nearly as much of an issue without the likes of Napster and P2P contributing to the proliferation of illegal music distribution (whatever you want to call it, I'm talking about the illegal stuff)?

          I think so. I believe that Napster and other P2P networks were simply an excuse. There is little evidence to suggest that Napster et al. were costing the record companies a lot in sales. In fact, there were some pretty reputable studies and polls done that showed that exposure to new music on Napster caused people to buy more CDs. It's one thing to download a song or two by an artist to see if you like their stuff, but it is quite another to risk $15 or more on a CD that you've never heard.

          Want to know what the largest network is that distributes copyrighted music? FM radio. Back in high school when I wanted one song by a band and could not afford and/or justify buying their whole album, I'd just record it off the air on cassette. My friends did the same thing. We also made cassettes of LPs (yeah, I know that I'm old).

          I think that the RIAA just saw this as an opportunity to push crippled CDs on to the public.
          • "There is little evidence to suggest that Napster et al. were costing the record companies a lot in sales."

            That wasn't the point I was making. My point is that these technologies simply have made it easier to aquire their product without paying for it.

            "Want to know what the largest network is that distributes copyrighted music?"

            That's true, but neither Napster nor any of the P2P software makers are paying royalties for the distribution of their product.

            And I may be too young to remember, but I don't recall any music company suing a radio station over listeners who were recording songs from the airwaves.

            • That wasn't the point I was making. My point is that these technologies simply have made it easier to aquire their product without paying for it.

              And his point was that they did, on average, pay for it more then they did when Napster wasn't present.

              That's true, but neither Napster nor any of the P2P software makers are paying royalties for the distribution of their product.

              The point is motivation. From a strict profit motivation, Napster made the record companies money, according to several independent studies. It is transparently obvious that the record companies did not shut down Napster because of money. Royalties are one instituted system of payment; there is nothing holy about them in copyright law or morality. On average, Napster users did pay for their music, in terms of money in the music distributors coffers, which is what really counts from a moral point of view.

              Please do me the courtesy of carefully reading that paragraph before replying with a knee-jerk reaction. Make sure you read what I said and not what you think I said. (This is not directed at goldspider personally, I'm just sick in general of people reading their pre-conceived notions of "what people like that say" into debates like this. How can you think you understand the opposition when you never actually read what they have to say?)

              And I may be too young to remember, but I don't recall any music company suing a radio station over listeners who were recording songs from the airwaves.

              Rest assured that had the MPAA won their VCR suit where they wanted to prevent people from taping off of the television (as exact a match as you can hope for), this would have followed. With such a clear precedent, it wasn't worth bothering with, they know they would have lost.
              • "From a strict profit motivation, Napster made the record companies money, according to several independent studies. It is transparently obvious that the record companies did not shut down Napster because of money."

                Considering that money is generally accepted as the primary motivation of an industry, I am interested in hearing what, then, WAS the motivation for shutting down Napster. If I were a good businessman, I certainly wouldn't shut down a proven source of profit, especially in an era of (supposed) ever-dwindling profit margins.

                So either Hilary Rosen is a piss-poor busuiness leader (as some of the RIAA's other decisions could certainly suggest) or the independent studies you referred to aren't as accurate as they would like us to believe.

            • My point is that these technologies simply have made it easier to aquire their product without paying for it.

              You think computerized digital copying is easier than cassette tapes? Everyone I know can record things on cassette, but not everyone can operate--let alone install--copying/ripping/p2p and player software. I was making tapes when I was 4 and younger.

              And I may be too young to remember, but I don't recall any music company suing a radio station over listeners who were recording songs from the airwaves.

              But you do know that a portion of blank cassette sales goes to the music industry because they assume they are used for "piracy", right? They didn't go after radio, but they did go after the hardware to record from it.
            • That wasn't the point I was making. My point is that these technologies simply have made it easier to aquire their product without paying for it.

              That's true, but neither Napster nor any of the P2P software makers are paying royalties for the distribution of their product.


              The RIAA though is using P2P as a "scapegoat" to push New Laws "SSSCA/CBDTPA" to get rid of competition, and to prevent "Fair Use".

              BTW, I don't use P2P much, I get most of My Music today from "Analog" Sources "Cassette, LP, & 8-Track" and copy it to CD, which is why the xxAA wants to plug the Analog Hole [eff.org]


              And I may be too young to remember, but I don't recall any music company suing a radio station over listeners who were recording songs from the airwaves.

              That is because there is a tax^h^h^h Surcharge on Blank Cassettes [msnbc.com] that goes to the RIAA, And cassettes don't last as long as CDs.

        • goldspider writes:

          > there's a definite cause-and-effect relationship
          > between the ease of file sharing/distribution and
          > the xxAA's actions.

          Yes, let us take a moment to weep for the pirates that enslave the artists in work-for-hire contracts, and take their copyrights so they can profit from their ill gotten booty again and again. The poor old things have gotten shanghai'ed by their customers who break their copyrights by sharing the music with others for no profit. Boo-hoo.

          Please! P2P is a convenient scapegoat, and the greedy media sharks know it. It is a competitor that they want to destroy. P2P competes with the big labels in two ways:

          1) Promotion. Some of the indies have spoken out to confirm it. They actually profit from P2P because it promotes their work.

          2) Distribution. P2P is an efficient distribution network. Used legally, it can get demos out to a wide audience. Used in combination with existing internet shareware sales structures and things like Amazon ZShops, even a small indie (student with basement studio) could easily distribute demo mp3s and sell CDs.

          > Ignoring the fact that people who have illegally
          > acquired/distributed software have largely
          > contributed to the problem we are now facing
          > from the music/movie industries won't make that
          > fact go away.

          Nope, the real problem is a bunch of greedy pirate media sharks. Mothra dealt with that problem 41 years ago by trouncing evacuated areas of Newkirk City (Hollywood) until they freed and returned her little artists to her ("Mothra" 1961). These days she has gotten a lot sneakier and made friends with Apple ("Mothra" 1996, "Mothra 2" 1997), who has pledged to democratize the tools of the music and movie industries.

          The way to make that problem go away for good is to replace the greedy sharks with indie artists and small business studios. Then the rights of the artists will be preserved, and the public will have a wide and plentiful variety of inexpensive music. (Until then, grab a pair of rocks, and beat out: "Strangers, strangers, let them go!" ;)

          Fame might still be possible, but it will be a rare and deserved crown granted by the real public, and not a tinsel crown bestowed by some music exec with a tin ear.

          "They bind our hearts: 'Let's sell them again and again!'
          Our plan understands the sea; we can wait for her coming."
          From the song "Infanto no Musume" in the Japanese version of "Mothra" (1961).
          • "The way to make that problem go away for good is to replace the greedy sharks with indie artists and small business studios."

            And while we're at it, let's solve world hunger, cure cancer, and make people of all cultures and religions get along.

            As long as we continue to demand the RIAA's product, they will always be around to provide the supply. And yes, copying a song from a P2P network still counts as demand.

    • by Chriscypher (409959) <slashdotNO@SPAMmetamedia.us> on Monday October 21, 2002 @08:22AM (#4494683) Homepage
      It amazing me that the same battles seem to be fought as computers infiltrate each new market. In the early 80's, personal computer software publishers did everything in their power to copy protect floppy disks, writing on half tracks, out-of-range tracks, and using other floppy format tricks.

      This created a new industry of commercial disk copy utilities, such as Copy2Mac, etc etc which enabled any floppy disk to be duplicated. For years it was an arms race of new protection schemes vs. copy utilities.

      If I remember correctly (I was pretty young then), lawsuits were filed against copy utility publishers, which lost, the courts holding that making a personal copy for backup purposes fell under fair use doctrine.

      I am sure there are plenty of prior cases which would overthrow the DMCA if a test case would only come to court.

      This software copy protection war resulted in:
      A) Common use of copy utilities by end users
      B) Eventual resignation by the industry against protecting media: not worth the cost or user inconvience.
      C) Introduction of hardware dongles for high-ticket software.
      D) The serial number 'protection' method in common use today for software.

      So here we are with music publishers revisiting the same war, and I believe they too will ultimately lose. I believe their actions are the result of old school inertia within the industry, and that ultimately, their business model will necessarily change.
    • The music industry considers fair use to be theft. See, for instance, the dialogue between Hilary Rosen and Orrin Hatch, where she told him that it should be illegal to copy a CD he bought for his car or for his wife.
    • ...as if the music industry's actions has nothing whatsoever to do with frustrating music pirates.
      Thing is, there is an actual industry based around counterfeiting this stuff, and these things don't involve fair use at all, and the DRM attempts to date aren't going to do a damn thing to stop that business. I've run across "discounted" CDs that were really obvious recordsings of vinyl, complete with skips and pops. not being able to get that perfect digital copy isn't going to stop the stuff the RIAA and MPAA should legitimately be worried about. Sell these things in transient markets -- tourist/vacation spots, fairs, etc., for cash, and there isn't much the buyer can (or will bother to) do.
  • by Anonymous Coward on Monday October 21, 2002 @06:23AM (#4494176)
    it doesn't have an icon on my windows xp system. Do I use notepad :(
  • by Anonymous Coward on Monday October 21, 2002 @06:27AM (#4494192)
    I just had contact with an copy protected audio cd.
    It was a present at a birthday party on which musik was played with a pc. We just wanted to insert the CD to the cdrom an listen to the music. The music wasn't playing and the cdplayer just hung. So we booted into Winblows to try it over there. Same result. The guy was only listening to the music with his computer. So i took the cd with me and ripped it in my CD-Burner. So now i have a spare copy of the disk just because it was copy protected. Doh.
    Music industrie annoys me - haven't bought any CD's lately. This boycott is not very constructive
    but i just don't have any idea how to "fair use" the music of the artist.
  • by Kjella (173770) on Monday October 21, 2002 @06:37AM (#4494230) Homepage
    ...because this only pisses off their existing customers. I've yet to see one CD protection that hasn't been bit-exact ripped by someone (which is all it takes).

    If they can't play it in the devices they have will they
    a) Call it a defective cd? Most likely.

    b) When they find out it's defective by design, will they

    1) Continue to buy defective CDs?
    2) Get a normal CD(-R) from friends or mp3 from internet?

    We get more and more DVD/CD/MP3/kitchen sink consumer players. Break compatibility with those, and the MPAA will have only themselves to thank when the customers abandon them (Who the hell pays $20-25/CD anyway, that's the usual full price here in Norway...)

    Kjella
    • If they can't play it in the devices they have will they
      a) Call it a defective cd? Most likely.
      b) When they find out it's defective by design, will they
      1) Continue to buy defective CDs?
      2) Get a normal CD(-R) from friends or mp3 from internet?


      No, right about the time the users start to rally and enough of an outcry is made, the RIAA will present their solution: A new medium, be it DVDA or SACD or some other format, that has DRM built in.

      They're hoping if they frustrate you enough, you'll eventually have to choose another medium, which they'll be happy to provide!

      ljfrench

      • If there's public outcry about CDs that don't work in normal CD players, there sure as hell will be public outcry against the RIAA's proposed solution of "buy your entire library of music again, on this new format that looks exactly the same as the existing format and won't work in normal CD players either" also...
    • by BeBoxer (14448) on Monday October 21, 2002 @10:28AM (#4495735)
      We get more and more DVD/CD/MP3/kitchen sink consumer players. Break compatibility with those, and the MPAA will have only themselves to thank when the customers abandon them

      That's what I find amazing. These CD's work only in plain audio CD players. But as the incremental cost of adding MP3 playback drops to almost nothing, more and more players are including that functionality. Quite a few portables play MP3s. At least a dozen car CD decks play them. All DVD players. All computers of course. I've even seen boom boxes that play them.

      And these new discs, by trashing the TOC with stupid multisession tricks, are going to have problems in a growing class of players. It's like the media conglomerates want me to go pirate their music. With their endless campaign to reduce both the quality of the music as well as the compatability and usefulness of the disc itself, combined with what seems to be endless price hikes and settlements with the FCC for price fixing. Ugh. The music industry survives despite the executives running it, not because of them.
    • MPAA (or members thereof) will be happy that you bought the DVD player, because many of them are also members of DVD Forum and holders of patents, and therefore collectors of royalties.

      RIAA (or members thereof) will be unhappy that you didn't buy their crippled CDs.

      Of course some companies (e.g. AOL Time Warner) are members of both - and one distributes leading mp3 software (Nullsoft Winamp/Shoutcast).

      HTH, HAND.

    • ... I've yet to see one CD protection that hasn't been bit-exact ripped by someone (which is all it takes) ...

      You are mistaken. Many high schools kids wouldn't have a clue as to how to get around the protection, nor would they know anyone who could, directly or indirectly. They barely know how to dupe a CD with their CD-RW. After a few coasters they give up.

      It's been like this for a long time, proection in general not coasters. Copy protection doesn't have to be perfect, it just has to stop enough to be cost effective.
  • This paper appears to have a lot of good pointers to software writers, including a "recipie" to make cdr-dao read the faulty discs on all hardware readers that support it.

    Will this lead to a new release of cdr-dao "soon" that incorporates theese suggestsions? will the apperantly "dead" cdparanoia also be updated? (yes, it did work good on plextor, but for other cd-roms, can it be made to work?)

    I also wonder, how can theese suggestions be incorporated in the average cd player? things like xmms would probably need updating to the cd player module to handle some of theese. I know it's ugly hacking to go around broken hardware, but thats what we do in all other places....

  • I have to wonder whether publishing the results of such endeavours violates the DMCA -- it sure seems like everything that involves data security does these days. I'm still happy he's published but I wonder whether the lawyer-boys in the RIAA are salivating right now... (insert hungry animal growling noise here).
    • IANAL but... (Score:3, Insightful)

      by Greyfox (87712)
      Any attempt to bar publication of a dicussion of various techniques should fail as long as the author doesn't post source code or executables. The DMCA does not override the First Ammendment and, IIRC, only deals with devices that defeat copy protection.

      The industry likes to threaten lawsuits over technical discussions of their various techniques, but they will never actually let one of those lawsuits be taken to court because they know they'll be bitchslapped into the middle of next week by a pissed off judge. They'd far rather stick an academian with the cost of initially retaining a lawyer rather than risk having to pay his legal fees for blatantly abusing the legal system.

      So they may file a lawsuit but it'll be retracted as soon as Halderman's lawer files his first brief.

      • Since Princeton has agreed to protect him (in the legal sense), this isn't really a huge issue. I'm sure they can afford a decent lawyer. See also Princeton Law.
    • Re:DMCA? (Score:2, Funny)

      by klaasvakie (608359)
      >> I'm still happy he's published but I wonder whether the lawyer-boys in the RIAA are salivating right now... (insert hungry animal growling noise here).

      they aren't, he published it in .ps format, the RIAA can't read it.
    • Given that Philleps (the designers of CD format and owners of the trademarks), have publicly claimed the techniques to be "defects" not "copy protection schemes" I suspect it would be hard to prosecute. Of course that wouldn't stop harassment lawsuits.
  • PDF version (Score:3, Informative)

    by almaw (444279) on Monday October 21, 2002 @07:36AM (#4494469) Homepage
    Call me a karma-whoring idiot if you like, but I thought I'd stick up a copy of this in a format that's not quite so bitmapped. ph33r my l33t OCRing skillz, etc. :)

    Click here for an HTML version [almaw.com].
    • Oh, and when I said "PDF version" in the header, I didn't mean that - I was going to do a PDF, but Acrobat's being rather uncooperative. :(

      There's a Word (spit) version too:
      Click here for a Word (doc) version [almaw.com]
      • But, but, but... don't you realize you've just violated his copyright?

        Yes, I know. Copyright isn't very respected here. Unless it's the copyright that is the only protection of GPL'd software, of course.
        • Copyright isn't very respected here. Unless it's the copyright that is the only protection of GPL'd software, of course.

          Copyright is dead! Long live the GPL!
  • by seanellis (302682) on Monday October 21, 2002 @07:52AM (#4494542) Homepage Journal
    Looks like we can get ahead of the game here, by ensuring that we have our "Free Alex" flyers and placards printed out in advance.

    Seriously, the amount of information in this paper is similar to that which got Dmitry Sklyarov detained under the Downloaded Music Criminalization Act (DMCA). It even gives information as to which programs and hardware are most effective at bypassing these copy-restriction technologies.

    It's well worth a read to see how these technolgies only work due to buggy or fragile implementations of the standard.
  • imagine, buying a SONY minidisc player, that's advertised being easy to use and fast to transfer songs to from your cd's via your pc(and able to play mp3's), and that come's with software to do that.

    you buy it at an all purpose entertainment electronics supermarket that sells cd's too, you pick up a record you like that's published by SONY thinking that at least that one should work easily (because you are not very tech savvy and would like the first transfer to go smooth as possible).

    you get home after that, excited about your new purchase, software installs easily but the cd copy to player just won't work, completely clueless you call your geek friend who then comes over, and explains he could tell you how to do it but would have to kill you afterwards.

    would the average consumer be a LITTLE confused and afterwards disappointed at this?

    could the companies PLEASE at least make up their mind about the issues?(sure they might be different depts. of same corp. but still.. and sure this same issue might have been brought up before too.)
  • by dpbsmith (263124) on Monday October 21, 2002 @09:35AM (#4495214) Homepage
    I continue to feel that attention should be paid to how these things interact with home audio CD recorders, and not just because I happen to own one.

    Under the Audio Home Recording Act of 1992, blank media for home audio CD recorders includes a fee which is distributed to publishers and artists in exchange for the right to copy the CD. Home audio recorders are restricted from writing to ordinary blank CD-R media; the media must have the encoding that identifies them as a "Music CD-R" thus verifying that the fee has been paid, and they also incorporate a "serial copy control system" which makes it difficult for people to create huge numbers of copies by making copies for three friends who each make copies for three friends, etc.

    Copy-protection schemes have to corrupt the data enough to prevent access by standard computer software. HOWEVER, they must not corrupt it so much that home audio CD recorders fail, or they are (probably) violating the AHRA.

    In practice, Universal Music evaded answering any questions I asked them about this issue; however, when I sent them a copy of "The Fast and the Furious" which my home audio CD recorder refused to copy, they sent me a replacement which did! I believe their strategy is "avoid public discussion by taking care of any individuals who complain, on a case-by-case basis."

  • Isn't any discussion of any type of security measure realted to ANYTHING cause for an instant 10-year prison sentence without trial under the DMCA? ...Oh yeah, it's trollin' time...
  • Some people have misread the Slashdot headline as implying that I had some involvement in writing the CD copy protection paper, or doing the research, or thinking up the idea. I did not play any of those roles.

    It's a great paper, and Alex Halderman deserves all of the credit for it.

    Ed Felten

  • That PS file isn't nice, so pick one of these:

    HTH. HAND.

"The way of the world is to praise dead saints and prosecute live ones." -- Nathaniel Howe

Working...