Felten Follower Examines Crippled Music Disks

D4C5CE writes "Following in the footsteps of his famous professor, in his paper "Evaluating New Copy-Prevention Techniques for Audio CDs" (yes, that's pure PS), which is one of many interesting contributions to the 2002 ACM Workshop on Digital Rights Management, Princeton student Alex Halderman takes apart (bit by bit, literally) the "tricks on tracks" employed by the music industry to frustrate fair use."

Role of OS!

[krazyninja]

I think examining the strength/weaknesses of algorithms without regard to the surroundings is not a good idea. With Windows providing most of the drivers in signed form, and refusing to accept unsigned drivers, it could be difficult to apply the "breaking" methods defined, in the mainstream operating systems. Ofcourse, in other OS's this shouldnot be a problem.

Which way will hardware producers go?

[eddy]

As the paper points out, these schemes rely on "bugs" and "mis-features" in reader firmware, and it suggests that CDDA copy prevention won't last since "[...]Hardware and Software adaption is an inevitable and natural extension of improved design and bug fixing".

The question is if the hardware manufacturers will begin competing for customers by providing the very best fireware in their drives, or if they will join hands with the RIAA and the snake-oil salesmen. So far I see no decisive move in either direction.

Some drives can 'clone' protections just fine or need only better software on the computer side, but on the other hand there's a whole class of typical hardware -- like the Toshiba in this case -- which has been b0rken for so long that I really think the manufacturer is playing nice with the copy-protection industry.

Maybe what we really need is drives with a more capable RAW reading interface, then all errors could be emulated and/or corrected as necessary on the side we control, the computer.

Just semantics?

[Sheetrock]

True, it is not probable that the industry can find a way to effectively protect a compact-disc from illegal copying without violating the specification, but how many average Britney Spears fans pay careful attention to how 'in spec' their CD collections are? What's the effective difference between a compact-disc and music on a plastic wafer that will play back pretty much anywhere but won't let people record from it, other than the preventing copying part?

On a related note (since I try to stomp out FUD where I find it), I'd have a hard time saying that the industry's intent is to destroy fair use. Where's the profit in that? I have little doubt that the problems that are occurring are because they're trying to -comply- with spec, not obliterate it -- namely, the problems some have noted with copy-protected compact discs are because the industry is trying to protect its content while remaining compatible with an obsolete standard. I have little doubt that when the next generation of media arrives, with effective digital rights management built in, that it will have the capability to deliver content and permit fair use while preventing the sort of rampant piracy that is driving small record chains out of business. I think that the free market will probably be the best way to determine how importantly fair use should factor in to these new designs.

Just use an CD-Burner

[Anonymous Coward]

I just had contact with an copy protected audio cd.
It was a present at a birthday party on which musik was played with a pc. We just wanted to insert the CD to the cdrom an listen to the music. The music wasn't playing and the cdplayer just hung. So we booted into Winblows to try it over there. Same result. The guy was only listening to the music with his computer. So i took the cd with me and ripped it in my CD-Burner. So now i have a spare copy of the disk just because it was copy protected. Doh.
Music industrie annoys me - haven't bought any CD's lately. This boycott is not very constructive
but i just don't have any idea how to "fair use" the music of the artist.

Re:Which way will hardware producers go?

[StrawberryFrog]

The question is if the hardware manufacturers will begin competing for customers by providing the very best fireware in their drives, or if they will join hands with the RIAA and the snake-oil salesmen. So far I see no decisive move in either direction.

Well, here's a good sign: DVD players here in the UK are mostly region-agile, and are often advertised as such, even in national newspapers. Retailers tend to listen to consumers more then media monopolies do, as they compete more fiercely for customers.

It also costs $, while GhostScript is free

[Slashamatic]

Perhaps it is a sledgehammer to crack a nut but I would rather use GhostScript [ghostscript.com]. Both variants (AFPL and GPL) are esentially and totally free, respectively which I prefer. For such an article, is a commercial (and overpriced)viewer really appropriate?

Re:Damn PS

[Pathwalker]

Nope - that was Acrobat Distiller.
You don't want to see how badly the copy I made using ps2pdf turned out.

If you look inside the .ps file, the fonts are labeled %DVIPSBitmapFont: Fa cmsy10 10 2 - showing that they are the 600 DPI bitmap version of 10 point Computer Modern.

Acrobat distiller did what it could - it left all of the detail in the fonts. If you view the PDF file at 600 DPI or print it you can verify this for yourself.

The problem is, the bitmap fonts are designed to display at one resolution - 600 dpi. While they print well, they scale down very poorly.

I've been trying to replace the bitmap font with a vector version and reconvert, but I haven't had much luck so far.

Future directions

[eddy]

The difference, I feel, is that the region system is something which average joes can understand and question; "So you're saying that for some artifical reason this player will reject DVDs I've bought over-seas?", while the reliance by CDDA copy-protection schemes on reader firmware (as opposed to being fully contained within the CDs themselves) isn't as apparent or easy to convey. Basically, people are mostly unaware that their choice of drive will and can change the degree to which they can use copy-protected discs on their computer.

I wish they'd used a Lite-On drive in the tests too. Plextor is mostly bought by people in-the-know, while Lite-on provides quality firmware (my experience) on a much wider level and could be used as a good recommendation based on quality, high availability and low price.

I'd also like to see future research which goes beyond the black-box approach and actually use a custom firmware to dump the disc.

I just hope that some manufacturer recognize the opportunity and either provides a good quality firmware with good failovers which just rips through these protections, or provides a firmware which can be switched into "dummy cd-player mode" in which it would behave exactly like a dumb cd-player would. This shouldn't take up too many bytes, and the interface could be anything from a simple "tripple-click eject button to change mode" to a nice looking GUI-app (which Plextor is very good with already, via their "PlexTools".

(I don't work for Plextor or Lite-On. I do own drives from both manufacturers though)

Re:So what is a "pirate"?

[goldspider]

All very good points, but let me ask you this:

Would this nearly as much of an issue without the likes of Napster and P2P contributing to the proliferation of illegal music distribution (whatever you want to call it, I'm talking about the illegal stuff)?

Outdated business models, infringements on fair use, and past claims about bootlegging aside (we've heard all of that already) there's a definite cause-and-effect relationship between the ease of file sharing/distribution and the xxAA's actions.

Ignoring the fact that people who have illegally acquired/distributed software have largely contributed to the problem we are now facing from the music/movie industries won't make that fact go away.

A chance to get ahead of the curve

[seanellis]

Looks like we can get ahead of the game here, by ensuring that we have our "Free Alex" flyers and placards printed out in advance.

Seriously, the amount of information in this paper is similar to that which got Dmitry Sklyarov detained under the Downloaded Music Criminalization Act (DMCA). It even gives information as to which programs and hardware are most effective at bypassing these copy-restriction technologies.

It's well worth a read to see how these technolgies only work due to buggy or fragile implementations of the standard.

Re:Let's be fair here...

[Chriscypher]

It amazing me that the same battles seem to be fought as computers infiltrate each new market. In the early 80's, personal computer software publishers did everything in their power to copy protect floppy disks, writing on half tracks, out-of-range tracks, and using other floppy format tricks.

This created a new industry of commercial disk copy utilities, such as Copy2Mac, etc etc which enabled any floppy disk to be duplicated. For years it was an arms race of new protection schemes vs. copy utilities.

If I remember correctly (I was pretty young then), lawsuits were filed against copy utility publishers, which lost, the courts holding that making a personal copy for backup purposes fell under fair use doctrine.

I am sure there are plenty of prior cases which would overthrow the DMCA if a test case would only come to court.

This software copy protection war resulted in:
A) Common use of copy utilities by end users
B) Eventual resignation by the industry against protecting media: not worth the cost or user inconvience.
C) Introduction of hardware dongles for high-ticket software.
D) The serial number 'protection' method in common use today for software.

So here we are with music publishers revisiting the same war, and I believe they too will ultimately lose. I believe their actions are the result of old school inertia within the industry, and that ultimately, their business model will necessarily change.

Pissing away precious resources

[Anonymous Coward]

I wonder what the world would be like if all these efforts were directed at actually getting information into the hands and minds of people, as opposed to hiding it from them? Simplistic, yes. Information is just information to me. There is plenty of it for free or very low cost, and the for pay can be quickly reverse engineered in the human mind in a pinch. Timely delivery or well crafted information is of value and has a limited term business model.. i.e. books, research, art, .. but for the most part, in an economic sense, people should probably focus on tangible goods and services (not to be confused with Greenspeak's new economy folly).

I hope for an age of reason and innovation, a fairly major paradigm shift. But it's a possibility as these MNCs continue to p*ss away their working capital trying to abate evolution.. it's good that some of these cathedrals will fall, because there are some great raw materials there that can be recycled and used to create things of better value.

What about home audio CD recorders?

[dpbsmith]

I continue to feel that attention should be paid to how these things interact with home audio CD recorders, and not just because I happen to own one.

Under the Audio Home Recording Act of 1992, blank media for home audio CD recorders includes a fee which is distributed to publishers and artists in exchange for the right to copy the CD. Home audio recorders are restricted from writing to ordinary blank CD-R media; the media must have the encoding that identifies them as a "Music CD-R" thus verifying that the fee has been paid, and they also incorporate a "serial copy control system" which makes it difficult for people to create huge numbers of copies by making copies for three friends who each make copies for three friends, etc.

Copy-protection schemes have to corrupt the data enough to prevent access by standard computer software. HOWEVER, they must not corrupt it so much that home audio CD recorders fail, or they are (probably) violating the AHRA.

In practice, Universal Music evaded answering any questions I asked them about this issue; however, when I sent them a copy of "The Fast and the Furious" which my home audio CD recorder refused to copy, they sent me a replacement which did! I believe their strategy is "avoid public discussion by taking care of any individuals who complain, on a case-by-case basis."

Re:Role of OS!

[Dr Caleb]

I've always wondered why drivers from Microsoft aren't signed when performing a Windows Update.

Perhaps this is to trick users to "always trust content from Microsoft" and thereby have all this stuff rammed down their throat, unaware?

Re:Role of OS!

[Jerf]

Now imagine the outcry from those who do have a security clue if they are left vulnerable because Microsoft decided it was in their best interests not to allow them to install the patch because it was unsigned.

With all due respect, because everything you say is literally true, you are not thinking like a lawyer-driven beauracracy.

In fact, the exact same evidence that you present for why unsigned drivers must be allowed will be interpreted as evidence that only signed drivers must be allowed by the buearacracy. The more things might go wrong in the system, the more evidence that centralized control is necessary, and should not be possible to bypass.

Because remember, once a beauracracy has signed off on something, it IS perfect, even after it has been proven it is not. Whereas things not signed off on are worthless. The problem is always the stuff not under its control. Beauracracies are apparently incapable of realizing that mistakes are possible, and by assuming their impossibility, make the ones they make that much worse.

Note I'm not speaking of Microsoft, specifically; this applies equally to lot of other things, most notably many large Government agencies.