Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Television Media

Vivendi Universal vs. News Corporation 149

timbo_red writes: "According to a BBC story, NDS, a company 80% owned by Rupert Murdoch's News Corp is being sued by Canal+ for allegedly cracking their smart cards, which could have had a serious effect on ITV digital, the major UK competitor to Murdochs Sky digital in the UK pay TV market."
This discussion has been archived. No new comments can be posted.

Vivendi Universal vs. News Corporation

Comments Filter:
  • by bfree ( 113420 ) on Tuesday March 12, 2002 @01:28PM (#3150710)
    So it seems that Canal+ are alledging that NDS (which News Corp alledges operates independantly despite being 80$ owned by NC) cracked their smart cards and published the result online! Either something very sinister happened (but I can't see how this would benefit NC as it would simply provide digital TV service of the wrong kind to their potential customers also) or this is the act of one person (or a very small group) within NDS who were stupid enough to post the crack from a trackable IP. It would be nice to know more, anyone have any substantial links?
    • Well, News Corp. would have a huge incentive in these codes being broken, as it is putting a serious strain on ITV Digital who uses these cards, through people getting the TV for free. The main rival of ITV Digital? Why, if it isn't Sky Digital, part owned by...News Corporation.
      I'm certainly not suggesting that Murdoch would go so far as to instruct one of his companies to undermine a competitor of another of his companies by cracking their code...but you never know.
    • The way it benefits News Corp is supposedly by putting ITV out of business, ie it's plain old anti-competitive behavior. Once ITV stops broadcasting, their cracked smartcards become irrelevant.

      I'm used to the megacorps (especially News Corp!) acting evilly and immorally, but usually they do so under cover of bought-and-paid-for politicians and laws. If true, these actions are pretty shocking.
  • A French subsidiary of a French multinational is suing a British subsidiary of an (Australian?) (British?) multinational in a U.S. court, over a conspiracy centered in London?

    Is this some sort of Pythonic joke?
  • Wierd ... (Score:1, Redundant)

    by BoyPlankton ( 93817 )
    A French Company sues a British Company in a California courtroom. I guess I don't understand why they took them to court in California. Seems kind of far for both companies. To the best of my knowledge, neither service is offered in California, are they?
  • "Huge sums" (Score:2, Interesting)

    by Urthpaw ( 234210 )
    So, according to the article, NDS spent "huge sums" cracking the codes. It seems to me, that if the codes were sound, it should have been mathematically impossible for them to crack it for any amount of money (short of an optical, or quantum computer, of course). And if they weren't, why did they need to spend so much money on it?

    DeCSS didn't have any huge backing...

    • AFAIK is not "mathematically impossible" to break even the strongest crypto available. It is "computationally infeasable." I.e., it's mathematically possible (by factoring all the large primes that could have been used for the key, for instance), but you can't afford the time/money (mostly time) required.
      • One time pads are mathematically impossible to break. Public key and block encryption algorithms can be computationaly infeasable.
        • You're that guy from IT that keeps telling me that because my password is "guessable" that it's "weak", aren't you?

          Think about it again - it's the same difference. Everything is guessable, given sufficient hardware.

        • There is a difference between saying a problem is computationally infeasible and that it is believed to be hard. When we say something like 'a sufficiently sized one-time-pad is mathematically impossible to break', it is something of a hyperbole. Of course it's /mathematically/ possible, a simple guessing algorithm will terminate and output the plaintext and the pad. However, as has been observed, to do this with, say a 512-bit pad would require much more energy then is available to us on this planet assuming the theoretical bounds for energy consumption can be reached!

          What is interesting to note however, is that the 'hard' problems we use in most string crypto are not /known/ to be infeasible, as is the one-time pad. We simply haven't found feasible solutions, nor have we found complexity analyses for these problems that demonstrate feaasible solutions to be possible. The effective difference is that it would be quite possible (although unlikey, since generations of the best mathematicians have been working on these problems) for someone to come along and demonstrate a solution to a particular problem, rendering a particular class of cryptographic methods useless...
          • Of course it's /mathematically/ possible, a simple guessing algorithm will terminate and output the plaintext and the pad.

            Uhh..I don't know where you learned your crypto, but a truly random one time pad is truly, mathematically, provably, unambiguously, categorically, information theoretically totally secure, given only the cyphertext.
            This is because every possible plaintext is an equally valid possibility for being the correct plaintext, and there is no way to tell that you have the correct plaintext.
          • A small one-time pad isn't guessable as long as the numbers are truly random. Here's my encrypted text: OEXC. You can randomly shuffle letters around and there will be a wide variety of potential solutions. Beef, beer, beds, rock, twit and so on. They all look equally valid as far as them being words in the english language. You don't even know that the plain text is english, or even language however. A sequence of characters could have been encrypted (maybe its the first four answers to a multiple choice test).

            Longer encrypted messages only increase the number of possible solutions. Properly used one time pads are perfectly secure.
      • by factoring all the large primes that could have been used for the key

        Hmmm... P1 factors: 1 and P1; P2 factors 1 and P2.

        Yes, I know what you meant (by determining all large prime factors that could have been used...), but it was too good to pass up. :-)

    • Re:"Huge sums" (Score:4, Insightful)

      by Zeinfeld ( 263942 ) on Tuesday March 12, 2002 @01:57PM (#3150971) Homepage
      So, according to the article, NDS spent "huge sums" cracking the codes. It seems to me, that if the codes were sound, it should have been mathematically impossible for them to crack it for any amount of money (short of an optical, or quantum computer, of course). And if they weren't, why did they need to spend so much money on it?

      Actually this is not true when it comes to DRM measures. The problem here is that you are trying to keep information secret while sharing it with a few tens of millions of subscribers.

      Ultimately any crypto scheme depends on the secrecy of a small number of keys. If a person reveals their key deliberately then anyone can read the information sent to them.

      That said the Canal+ scheme does not have a great reputation for security. There are plenty of schemes that at least require the attackers to extract secret keys from smart cards. The satelite TV DRM problem is much easier than the DVD type problem. With a DVD player you can't issue a different key to each user and withdraw use rights on a per player basis. With satelite TV you can.

    • DeCSS didn't have any huge backing...

      decss also wasnt "cracked". the source was accidentally distributed. by xing i think.
    • the guardian article on the subject implied they used a scanning electron microscope to reverse engineer the IC, and that only a few people worldwide could do it. All good universities have a STEM and smart enough people with time on their hands.

      What this does show that smartcards are hackable, given enough financial incentive...
  • Vivendi Universal seems to be on a rampage protecting its rights. I am against piracy, either individually or corporate-based, but is Vivendi getting picked on, or are they over-belligerent?

    Vivendi could simply be protecting its encryption as they say, but after their actions regarding bnetd (and email responses received from them after voicing my complaint), I am definitely leaning toward the side of *anyone Vivendi takes action against.*

    Anyone else feel this way?


  • Todays top tip:

    If you're a bit drunk and squint at the screen, you can see almost everything going on in the Friday night porn show on Canal+. Hours of after pub fun, and no expensive decoder card necessary.

  • Canal+ Piracy (Score:2, Interesting)

    by fruey ( 563914 )
    Canal Plus has, in a lawsuit, claimed that it has lost $1bn to a "conspiracy" centring around London-based rival NDS.

    Here in Morocco, Canal+ Horizons (the digital service for Morocco) shut down because of local piracy of FRENCH Canal+. (in French) [press.ma]

    I think it has a lot to do with clever hackers and the Internet propagating stuff, and very little to do with some big corporation.

    It may be, however, that someone working there just happened to be a pirate at the same time, since he'd have had access to hardware to help him to crack Canal+.

    • There's a couple of points to consider.

      - apparently these compaines crack each other's cards routinely as a part of evaluating each other's security.
      - the piracy has been rampant for 3 years but no action was taken until now
      - the actions of NDS can be viewed as legit sevailence. The website that NDS was funding was feeding them inteligence on who was using the web site
      - the website in question went down some time ago admid accusations that it was spying on it's users and feeding info to NDS.
      - if NDS really did want to do something like what they are accused of, why would they have the guy distributing the stuff openly on the payroll?

      I think it's all bullshit and Vivendi is trying to push up its share price and generally bully its competitor, News Corp, parent of NDS.
  • Hong Kong Gets Smart ID Cards [slashdot.org]

    As [slashdot.org] several [slashdot.org] posts [slashdot.org] pointed [slashdot.org] out [slashdot.org] in [slashdot.org] that thread, it is only a matter of time and equipment to crack smart cards. We should also be conserned with how this technology all seems to be heading in the direction of the mark of the beast [gospelcom.net]. Can it really be that long until we have to have an implant of a smart chip like this to buy and sell anything?
  • The move may have allowed thousands of viewers to watch for free programmes broadcast by paid-for digital television operators, including struggling UK service ITV Digital.

    "ITV Digital may be more popular than had been thought," a source close to the case told BBC News Online.

    Hmm. ITV's premuim channels clearly make their money from subscription fees, so who cares if your service is popular with people who aren't willing to buy it? ITV's regular stations appear to have commercials, so maybe it wouldn't hurt them to drop their prices and encourage folks to watch them legally.

    • ITV's premium channels also show ads, though. In addition, ITV digital shows non ITV pay content, such as Sky One, Sky Moviemax, Sky Premier. Since Sky is ITV Digital's number one competitor, some people have theorised that ITVD might not be terribly upset at Sky losing revenue due to pirate cards.

      The other argument, of course, is that ITVD might be allowing people to get away with pirate viewing to build marketshare, at which point they'll start beefing up the encryption techniques to shut down pirates. Sadly moving to a wholly secure model would probably require changing the encryption method, which would obsolete all current decoders (iirc). This is unlikely to happen.
    • I'm having a hard time getting $1B in damages. Start with the number of people sitting under the bird with digital TV sats, multiply by the percentage that had access to the pirated cards (before the broadcasters found out and took countermeasures) and then by the SMALL pct that actually bought and used a card, what do you get? A few thousand, maybe. How many shows did they watch? Let's be generous and say 10 each, so the loss would be about $1-5M or so, and that assumes that people would have paid for the programs they saw for free, and was 0 variable cost to distribute.

      But then, in the big swinging arena of world media giants a looming threat of a $5M judgement draws the same reaction it did on Austin Powers.

  • Interesting... (Score:2, Insightful)

    by petis ( 139263 )

    From the story:

    News Corp has said that NDS chiefs operate independent of the media giant.

    Interesting way of putting it. They could have said something more along the lines of "We didn't know what they were up to". Now they merely say that they didn't interfere. So, does this mean that News Corp knew what NDS was doing? :-)

  • by Contact ( 109819 ) on Tuesday March 12, 2002 @01:42PM (#3150853)
    Quick summary for US readers - Canal+ (the french cable TV channel) uses SECA encryption, which is also used by ITV Digital (formerly OnDigital), the UK's terrestrial digital provider. Terrestrial digital is basically digital TV transmitted over the airwaves.

    The choice of SECA was considered unwise when OnDigital selected it, as SECA was already at that point known to be broken. Naturally, pirate cards started circulating shortly afterwards. The smart cards now sell for as little as 10 pounds (about 15 dollars) and card programmers can be obtained for about three times that allowing people to keep up to date.

    At the moment, the UK has an arms race between ITV Digital and the pirates. ITV Digital will start broadcasting "ECMs" which exploit weaknesses in the pirate cards to cause them to crash (so they can't display TV). The pirates promptly fix their cards and release the new version, at which point it starts over again. There are several competing pirate codes around, and new versions are being released almost weekly.

    There is a rumour that ITV Digital are less diligent than they need to be in tracking down and killing pirate cards, as these cards increase their marketshare against that of Sky (Murdoch's satellite TV company, the dominant "extra" TV company in the UK). This would be a tactic reminiscent of the way that pirate installations of Windows / DOS made those operating systems the standard in the past - whether there's any truth in the rumours is obviously uncertain, however.

    Anyone interested in more information should consider the newsgroups uk.tech.digital-tv and uk.tech.digital-tv.crypt, although be warned that those groups are infested with pirates, script kiddies and the usual crop of 14 year old flamers! :)
  • Whatever technology Canal+ placed on their smart cards, it would have been picked apart, prodded, poked, and eventually cracked and placed on the web regardless of funding from the big company.
    In this situation, Canal+ actually has the advantage of being able to point the finger at the Big guy with the huge corporate pockets and get some payback for loss of revenue.
    Good or bad? Who knows? Inevitable... definately.
    Canal should count themselves lucky that they might get damages awarded by a court as opposed to what they'd get if it was joe schmoe locked in his basement who cracked the smart cards, as happened with most other smart card technologies.
    I can see the motivations behind NDS wanting to know how the competition's smart cards work.. it's a simple matter of knowing what the other guy is up to. But placing it on the web was just dumb. I highly doubt this was a corporate decision. Most likely just some geek in the cube maze wanting to share the goods with friends. From what I can see in the article, they've refused to comment on the issue. Anyone have any info on where the decision to post it publicly came from?
  • The end is near :) (Score:4, Interesting)

    by CDWert ( 450988 ) on Tuesday March 12, 2002 @01:49PM (#3150910) Homepage
    When big boys like this start duking it out over greed based issues, and lets be honest thats what this is, the end is near, It woulda been more fun to see say sony vs disney or maybe someone else they dont already own :)

    Remerber when Ibm started trying to sue all the clone makers ? Or apple. Remeber when Sony sued over the betamax, or so on so forth.

    I think what happens is greed reaches an apex, it cannot make money off going after the little guys distributing css, (it can try to limi it) but at some point it all falls like a house of cards when companies like this focus all their energies out of squeezing every last cent out of anyone for any reason , and in the process become a company for which litigation is their core business. V/Unv core business is supposed to be entertainment. I wouldnt know I have boycotted any materials, my small part in the struggle. But it seems no longer like a company interested in entertainment but more so litigation.

    When companies like these start running around suing each other its often too late and they are only trying to salvage what they can, or make a stnd where they are, anyone know their current financials ? (the real ones please :)
  • by b.foster ( 543648 ) on Tuesday March 12, 2002 @01:55PM (#3150957)
    I used to have a roommate who hacked DirecTV smart cards to get free pr0n channels back in the day, and we had many interesting discussions on the merits of smartcard security. He taught me that the dirty little secret of the industry is that every smartcard in history has been cracked. Now why might that be the case? Simply put, there are more avenues of attack on a smartcard device than you can shake a stick at. Let us examine a few of the most important ones:
    • Bugs in the code on the card. This is somewhat analogous to buffer overflows and format string bugs in poorly written daemons like IIS, UPNP, and BIND. Often the first thing that hackers will do with a new smartcard is to explore its known instructions to try to find "read holes" (which let you read the ROM or EEPROM) or "write holes" (which allow you to modify the code on the card).
    • Glitching. In order to circumvent the security on smart cards, some hackers will buy a special device called a "glitcher" that momentarily lowers the power supply voltage going to the card at just the right time in order to get the CPU on the card to skip the desired instruction. The result is that the security on the card can be bypassed. In the case of DTV access cards, glitching is also used to "unloop" cards that have been illegally modified and subsequently disabled by DTV's electronic countermeasures.
    • Replay attacks. Often a card may be convinced to accept ROM updates by crafting an instruction packet that appears to be an authorized update, but in fact has a forged signature on it. This is caused by the use of weak mathematics such as IDEA and CBC, which have been almost fully compromised.
    • Communication logging. Often, critical data that passes between a card and its peer can be observed and logged. This data can leak important decryption keys, passwords, and data.
    • Power use analysis. Hackers with access to expensive equipment can observe how much power a smartcard uses while performing a given operation, and can sometimes deduce decryption keys from this power trace as a result of poor implementation of cryptographic algorithms.
    • Insecure operating environments. Some smartcard designers choose to implement things like Java or Lunix on their smartcards, which have proven security vulnerabilities and cannot withstand a dedicated attack.
    The one thing that surprises me about this article is that NDS spent a million dollars on this research. Satellite hackers who want to steal DirecTV's signal do the same thing for free every day, and usually do a more thorough job of cracking the card. However, the one lesson to take from this is simple: smartcard security Just Doesn't Work(tm).

    Bill

  • US = DMCA, Non? (Score:3, Interesting)

    by Slashdolt ( 166321 ) on Tuesday March 12, 2002 @01:58PM (#3150985)
    "NDS spent huge sums cracking the code on Canal Plus smart cards, and handed the code to a website used by fraudsters, documents filed in a California court allege."

    IF... they cracked any sort of code, that should be enough to subject them to the DMCA, unless there is some sort of jurisdictional issue at play. Nevertheless, if they do business in the U.S., then the DMCA would apply to them (ask Elcomsoft).
  • UK Pay TV Market? (Score:3, Interesting)

    by booch ( 4157 ) <slashdot2010NO@SPAMcraigbuchek.com> on Tuesday March 12, 2002 @02:02PM (#3151007) Homepage
    I thought all TV in the UK was pay. I.e. the governement collected money for each TV you own so it could run the BBC.
    • Re:UK Pay TV Market? (Score:5, Informative)

      by Jon Chatow ( 25684 ) <slashdot@jdforrester.org> on Tuesday March 12, 2002 @02:29PM (#3151218) Homepage

      Ah, yes, but there's a whole world of difference psychologically between paying the television licence fee (approx 120UKP/170USD p.a., IIRC) and a 'top up' fee to recieve extra channels (i.e., the 5 free-to-air analogue, and about 15 extra free-to-air digital terrestrial broadcasts). About 40% (according to The Economist [economist.com]) of the UK's population gets pay-for (digital) TV, through satellite (Sky), cable (NTL [ntl.com] and Telewest [telewest.co.uk]) or terrestrial (ITV/OnDigital); the government is going to auction the analogue TV bandwidth in 2006, so is hoping everyone will move off analogue reception quickly, or it will have to pay for everyone to get a digital set-top-box or television.

      Oh, and the licence fee money isn't collected by the government, but by people contracted out by the BBC (currently Consignia/the Post Office/what-ever-name-change-they've-had-this-week ).

  • by mcrbids ( 148650 ) on Tuesday March 12, 2002 @02:06PM (#3151033) Journal
    This case underscores the global nature of society now, an issue further underscored by the Internet itself.

    Really and truly, the idea of "jurisdiction" when it comes to "e-anything" is almost incomprehensible. I publish a web page here in California about barbecues and possibly break Indian law. I publish a (perfectly legal in the US) pro-nazi page with swastikas and break German law if Germans ever (god forbid) look at it.

    In this kind of environment, "legal" falls to the least common denominator, whatever's left when everything illegal everywhere is removed. Not much of an argument for "free speech" since anything on the 'net is merely communication, after all.

    Remember Dimitri?

    At issue is that there is no international law (that the US will respect, anyway) and as a result of this deficiency, we see all kinds of craziness.

    It's going to get worse before it gets better.(sigh)
  • Aren't both of these companies based out of the UK? Weren't all the alleged crimes commited in the UK? So why are they filing in California? My only guess is that Vivendi has a loyal judge there, and so is trying to make the case winable by using that judge for the case.

  • Now that people have had the time to read the article and find that it claims California copyright violations, yes, the DMCA might very well be involved.

    Spank you very much, crack smoking moderators [slashdot.org].

    • What "California copyright violations"? Both companies are european and the aledged violation was in the UK, not the USofA.

      Yes, this is a redundant post, but WTF?

  • News Corp. (Score:1, Funny)

    by Anonymous Coward
    But dad, that's FOX!
    Ahh, UNDO, UNDO!!!!
  • Assumption: That ITV company has done something in an attempt to remove that Canal+ competitor from it's market.

    This site seems to have a lot of commentators who are/were for leniency in the prosecution of Jon Johansen for the DeCSS crack. It was a case of a clever coder revealing the weakness in a big business content protection scheme for narrowband media. The resulting broohaha looked like using a nuclear device to swat a fly.

    Now we have a potential situation with many similarities. One entity may have revealed weaknesses in another's content protection system. It's a system used to sell content to a wide audience. The Owning entity can and has lost control of their content as a result of the exposure.

    Is one of these cases Morally OK while the other Morally wrong? Is Goliath cracking Goliath so bad if fly cracking Goliath isn't so bad?

    Comments?

    J:)
  • I wonder how many people realise just how big this story is? It was broken in the Wall Street Journal today, which said this:

    "Canal officials said in the suit they were stunned when they discovered that the software code that is imbedded in its smart card was posted on the Web site DR7.com in 1999. Representatives of the site -- which appears to cater to people with interest in digital TV, computer code and other things -- couldn't be reached for comment.
    "Having identified the public security breach, Canal Plus Technologies engineers set about tracing it. According to people familiar with the matter, they began developing contacts in the hacker community who could help unravel the mystery. Canal's investigation took nearly three years."

    What it means is that one of Europe's biggest media companies will be suing one of the world's biggest media companies, in California, over piracy. Can you *imagine* what the damages would be?

  • There's a very good report currently live (and will be available for the next 24 hours) running on BBC's Newsnight UK. Realvideo stream at http://news.bbc.co.uk/olmedia/video/newsnight/nnli ve.ram [bbc.co.uk]
  • There is a website that has been set up by Canal+ here: http://www.actiononecanalplus.com/

    Among other things it has a copy of the papers which show that C+ have filed under:

    Complaint for Unfair Competition, Copyright Infringement, Violation of the Digital Millenium Copyright Act, Tortious Interference, Conspiracy and Violation of the Racketeer Influenced and Corrupt Organizations Act.

    They are demanding a jury trial.
  • As other posts on this article have mentioned, no matter how sophisticated a smart card's encryption scheme might be, it will be cracked.

    If the encryption scheme is sufficiently sophisticated, the only real, feasible way to break it will be for a legitimate user to deliberately put their key(s) on the Web or something, so that others can reprogram their smart cards with that key and watch whatever the legitimate user has access to.

    To curtail this piracy, I propose that there be some motivation for the legitimate user to not reveal their key. For instance, one could use the model that many multiplayer computer games have been adopting lately -- Internet CD key validation. In this scheme, each CD key is unique, and if you try to log on with a CD key that someone else is already using, you can't log on.

    Perhaps the set-top should establish some kind of two-way connection to the TV company, sends its customer key, and requests the decryption key for a given channel's audio/video stream (the "channel key"). The TV company's server will only provide the caller with the requested channel key if nobody else is using that customer key.

    To prevent the customer from disseminating the channel key, the channel key gets changed every few seconds, and the new key is transmitted from the TV company's server just before the channel changes keys. This way, if the customer does disseminate the channel key, it's only useful for a few seconds.

    Unfortunately, nothing prevents the customer from disseminating the updated channel keys every time a new such key is issued. However, the latency incurred in disseminating the channel keys would mean a temporary loss of the audio/video stream until the new channel key is received. This inconvenience would probably annoy pirates enough to give in and buy the damned thing. Also, this would require some (most likely expensive) equipment to reprogram the smart card while it's in the set-top (certainly not an easy feat!), or provide the signal to the set-top, which is presumably more expensive than buying the service.

Whatever is not nailed down is mine. Whatever I can pry up is not nailed down. -- Collis P. Huntingdon, railroad tycoon

Working...