[iDC] Digital Rights Management and Internet2
Andreas Schiffler
aschiffler at ferzkopp.net
Wed Mar 1 14:57:27 EST 2006
Hi all,
Part 2 of my "chime in".
Trebor Scholz wrote:
> Some reports say that the routers will execute a new generation of
> Digital Rights Management (DRM). Others claim that Internet2¹s routing
> protocol IPv6 can easier identify and locate p2p file sharers (they call
> it "identity and access management").
Glossary: digital rights management (DRM) ...
"Any technology used to protect the interests of owners of content and
services (such as copyright owners). Typically, authorized recipients or
users must acquire a license in order to consume the protected
material—files, music, movies—according to the rights or business rules
set by the content owner."
... from http://www.microsoft.com/security/glossary.mspx - they should
know :-)
There are the two named components for DRM in this definition:
1- the material must be protected
2- the recipient must be authorized
The first part is easy. An encryption algorithm is used to scramble the
bits. One needs to know/have the key to unscramble the data. Once
scrambled however, nobody - not even an I2 router - can know what the
content is unless it is at least partially decrypted. Actually the last
statement isn't entirely correct ... an I2 router cannot unscramble the
data IF the sender and the receiver have the choice of algorithm.
The second part is the core of DRM. It usually means that the recipient
must have a sufficiently hard to break physical permanent key or a
temporary key that is usually acquired via a network. There are
variations on these schemes (key hierarchies, public keys, etc.) but it
always boils down to a permanent-physical or temporary-dynamic key.
A good example for type1 key distribution would be the current DVD
encryption model (CSS) which is part of a software or inside a chip in a
DVD player. Another good example of this will be the upcoming
High-Bandwidth Digital Content Protection (HDCP) use which
encrypts/decrypts digital video content flowing between players and PCs
into screens. Again the core is a physical device with a key and
algorithm inside.
A good example for the type2 dynamic keys, would be the iTunes login. It
generates a per-user key which is used to unlock the received content.
This method is currently a favored approach by many - including
Microsoft - as it allows the right to be remotely managed (i.e. revoked
if necessary) and monitored. This feature is for example used to allow a
user to "burn" an iTunes song onto a CD N-times. It also allows for
extensive tracking of content use and requires a permanent network
connection for content to be consumed.
The "permanent connectivity" is where we are headed in my view.
Currently, we are dependent on power to consume digital content. Many
devices require already a "back-haul" to enable digital content to be
accessed. Satellite PPV in Canada and the US uses a phone call to
retrieve the key. The cable companies already have a digital network to
provide Internet services which can be used to unlock OnDemand PVR
programming. So basically, we are heading into a world where we are
dependent on connectivity to consume digital content.
Of course Microsoft likes this very much as they are the provider for
networked devices (Windows on the Desktop) and key-managers (Windows on
the Server). That's why they were so avidly engaged in the battle for
the new HD standard and formats like WMV. Remember the first stipulation
on decryption of the data - only if the protocol (or algorithm) is
controlled and standard, does I2 have a chance to snoop on data.
So what implications does this have for the I2 control over content?
While an I2 routers primary job is to send data around, it could be used
to filter data packets more efficiently. IPv6 has provisions to
facilitate this more than the current IPv4 does through a larger address
space and some special bits. Also the infrastructure is currently being
designed. While the old ARPA Internet was build to "just work" and
filtering was added more an afterthought, the new I2 hardware can be
designed with particular filtering features right from the start. This
is where the "encryption" of part 1 comes in ... there are several
algorithms that provide more than one key to decrypt data. Such a
secondary key could then be used to snoop in data that is considered
safe. Again however this highly specific to the content being
transported - so if I pull out my PGP program and encrypt a movie that I
want to send to my friend using a 2048 AES scheme, no I2 router in the
world will know that is transmitted. Of course my friend will have to
get the key using good old sneaker-net ...
The more likely approach will be to hook into the second part of DRM ...
the key exchanges. This is technically easier since keys are small and
will also be required for many content accesses. While key management is
typically the domain of the key-server, the I2 infrastructure could be
used to track and filter key exchanges independent of the key-servers.
Again, similar to the encryption snooping above, this requires that the
key exchanges are standardized in some form so the I2 hardware knows
what is being exchanged is a key. Again I could pull out my PGP program
and encrypt my the key for my friend plus embed it into an image
(steganography) and send it via email entitled "Fun Stuff". By the time
the I2 router has find the key in the data, I am done watching the movie.
Now as for P2P control - this is an easy one. I2 will simply make is
easier to control via better blocking capabilities down to the port level.
But there is a problem - the Internet providers. Currently most P2P and
VoIP activity of home users is legally in the gray-zone. Most providers
stipulate in their usage agreement document that running a server at
home is forbidden (go check your contract). Sure enough, when I had more
uploads one month than downloads, by provider Cogeco send me an email
asking me to disable my "server" (I had just received some uploads from
a friend). So why do they bother with metering and not just turn off my
uploads. Fortunately for us, most data exchange programs including any
P2P client and VoIP stuff like Skype are really little servers. Skype
for example uses P2P technology and possibly YOUR PC (if it directly
connected to the Internet) to connect two users behind NAT firewalls
which would otherwise not be able to talk or send files. This is the
staple of all providers - the way they make money and upsell you to the
latest High-Speed service. In fact they are the group who are currently
between the MPAA and - for example - Canadian P2P downloaders.
Again we hit I2 here ... because an Internet Provider is itself being
provided by - you guessed it - the I2 network (in the future at least).
So if the local provider isn't filtering, his upstream provider will. So
if a local provider does not want to risk being shut down, filtering
becomes possibly a necessity at the provider level. But there is one
more factor: providers can lower their cost dramatically with I2 - their
main cost right now is the per Gigabyte bandwidth charges to their
upstream provider. I2 will not just make everything faster, but foremost
lower the per Gig cost for local providers. This is a goldmine for the
providers which will keep the prices high for the consumer (the carrot
will be a doubling of speeds or bigger bandwidth allowance) - I foresee
that they will embrace I2 and at the same time implement a more strict
P2P filtering in the future. They can do that with I2, because they can
afford to loose 10-20% of customers (the downloaders) and offset the
losses through the lowering of bandwidth costs through I2. Makes perfect
business sense ...
Where does this leave free information flow? I2 will certainly aid in
the implementation of filtering mechanisms at all levels. Future DRM
will prevent "ripping" of content into non-DRM formats. The Internet
community at large will always work around it (i.e. envision my PGP
example above fully automated) - so consider all current DVD material
available and all future HD stuff locked. The I2 powers at work will
always try to shut down "illegal activity" and play catch up with the
current protocol of the day. The P2P downloaders will have to live with
some fear of being tracked and lower efficiencies of their protocols
(i.e. onion routing). Non-mainstream data will have to go more into
hiding ... and never underestimate the bandwidth of a jumbo-jet full of
floppy disks!
> The recording industry (RIAA) and hollywood (MPAA) are keen on figuring
> out I2. They quickly sued students over i2hub.
>
Please note that there is nothing I2 specific in this, other than I2 was
used . Since the perceived damage goes up with download speeds which are
very high on I2, it was targeted by the watchdogs right away.
So what can we do? I think there are a few things that actually might
help future scenarios. One is to promote open standards and limit use of
closed schemes. The idea of an "digital ecosystem" that is rich in open
protocols is appealing. Maybe don't use Microsoft's WMV stuff if you
don't have to. And don't get too used to the conveniences of
DRM-embracing services like iTunes. Another activist thing might be to
get the providers used to more personal Internet traffic. If they give
you 50G allowance, use it. Keep that shoutcast.com Internet radio
station running all the time. Run a P2P program and share your personal
digital images. Try out encryption (files, email), because soon you
might feel like it needs to be used. And maybe get used to the
lower-quality stuff, because the good stuff will be so locked down you
really don't want to touch it. :-)
Cheers
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aschiffler.vcf
Type: text/x-vcard
Size: 135 bytes
Desc: not available
Url : http://mailman.thing.net/pipermail/idc/attachments/20060301/86d878c1/aschiffler-0002.vcf
More information about the iDC
mailing list