[iDC] Digital Rights Management and Internet2

[Andreas Schiffler]

Hi all,

Part 2 of my "chime in".

Trebor Scholz wrote:
> Some reports say that the routers will execute a new generation of
> Digital Rights Management (DRM). Others claim that Internet2¹s routing
> protocol IPv6 can easier identify and locate p2p file sharers (they call
> it "identity and access management"). 
Glossary: digital rights management (DRM) ...
"Any technology used to protect the interests of owners of content and 
services (such as copyright owners). Typically, authorized recipients or 
users must acquire a license in order to consume the protected 
material—files, music, movies—according to the rights or business rules 
set by the content owner."
... from http://www.microsoft.com/security/glossary.mspx - they should 
know :-)

There are the two named components for DRM in this definition:
1- the material must be protected
2- the recipient must be authorized

The first part is easy. An encryption algorithm is used to scramble the 
bits. One needs to know/have the key to unscramble the data. Once 
scrambled however, nobody - not even an I2 router - can know what the 
content is unless it is at least partially decrypted. Actually the last 
statement isn't entirely correct ... an I2 router cannot unscramble the 
data IF the sender and the receiver have the choice of algorithm.

The second part is the core of DRM. It usually means that the recipient 
must have a sufficiently hard to break physical permanent key or a 
temporary key that is usually acquired via a network. There are 
variations on these schemes (key hierarchies, public keys, etc.) but it 
always boils down to a permanent-physical or temporary-dynamic key.

A good example for type1 key distribution would be the current DVD 
encryption model (CSS) which is part of a software or inside a chip in a 
DVD player. Another good example of this will be the upcoming 
High-Bandwidth Digital Content Protection (HDCP) use which 
encrypts/decrypts digital video content flowing between players and PCs 
into screens. Again the core is a physical device with a key and 
algorithm inside.

A good example for the type2 dynamic keys, would be the iTunes login. It 
generates a per-user key which is used to unlock the received content. 
This method is currently a favored approach by many - including 
Microsoft - as it allows the right to be remotely managed (i.e. revoked 
if necessary) and monitored. This feature is for example used to allow a 
user to "burn" an iTunes song onto a CD N-times. It also allows for 
extensive tracking of content use and requires a permanent network 
connection for content to be consumed.

The "permanent connectivity" is where we are headed in my view. 
Currently, we are dependent on power to consume digital content. Many 
devices require already a "back-haul" to enable digital content to be 
accessed. Satellite PPV in Canada and the US uses a phone call to 
retrieve the key. The cable companies already have a digital network to 
provide Internet services which can be used to unlock OnDemand PVR 
programming. So basically, we are heading into a world where we are 
dependent on connectivity to consume digital content.

Of course Microsoft likes this very much as they are the provider for 
networked devices (Windows on the Desktop) and key-managers (Windows on 
the Server). That's why they were so avidly engaged in the battle for 
the new HD standard and formats like WMV. Remember the first stipulation 
on decryption of the data - only if the protocol (or algorithm) is 
controlled and standard, does I2 have a chance to snoop on data.

So what implications does this have for the I2 control over content?

While an I2 routers primary job is to send data around, it could be used 
to filter data packets more efficiently. IPv6 has provisions to 
facilitate this more than the current IPv4 does through a larger address 
space and some special bits. Also the infrastructure is currently being 
designed. While the old ARPA Internet was build to "just work" and 
filtering was added more an afterthought, the new I2 hardware can be 
designed with particular filtering features right from the start. This 
is where the "encryption" of part 1 comes in ... there are several 
algorithms that provide more than one key to decrypt data. Such a 
secondary key could then be used to snoop in data that is considered 
safe. Again however this highly specific to the content being 
transported - so if I pull out my PGP program and encrypt a movie that I 
want to send to my friend using a 2048 AES scheme, no I2 router in the 
world will know that is transmitted. Of course my friend will have to 
get the key using good old sneaker-net ...

The more likely approach will be to hook into the second part of DRM ... 
the key exchanges. This is technically easier since keys are small and 
will also be required for many content accesses. While key management is 
typically the domain of the key-server, the I2 infrastructure could be 
used to track and filter key exchanges independent of the key-servers. 
Again, similar to the encryption snooping above, this requires that the 
key exchanges are standardized in some form so the I2 hardware knows 
what is being exchanged is a key. Again I could pull out my PGP program 
and encrypt my the key for my friend plus embed it into an image 
(steganography) and send it via email entitled "Fun Stuff". By the time 
the I2 router has find the key in the data, I am done watching the movie.

Now as for P2P control - this is an easy one. I2 will simply make is 
easier to control via better blocking capabilities down to the port level.

But there is a problem - the Internet providers. Currently most P2P and 
VoIP activity of home users is legally in the gray-zone. Most providers 
stipulate in their usage agreement document that running a server at 
home is forbidden (go check your contract). Sure enough, when I had more 
uploads one month than downloads, by provider Cogeco send me an email 
asking me to disable my "server" (I had just received some uploads from 
a friend). So why do they bother with metering and not just turn off my 
uploads. Fortunately for us, most data exchange programs including any 
P2P client and VoIP stuff like Skype are really little servers. Skype 
for example uses P2P technology and possibly YOUR PC (if it directly 
connected to the Internet) to connect two users behind NAT firewalls 
which would otherwise not be able to talk or send files. This is the 
staple of all providers - the way they make money and upsell you to the 
latest High-Speed service. In fact they are the group who are currently 
between the MPAA and - for example - Canadian P2P downloaders.

Again we hit I2 here ... because an Internet Provider is itself being 
provided by - you guessed it - the I2 network (in the future at least). 
So if the local provider isn't filtering, his upstream provider will. So 
if a local provider does not want to risk being shut down, filtering 
becomes possibly a necessity at the provider level. But there is one 
more factor: providers can lower their cost dramatically with I2 - their 
main cost right now is the per Gigabyte bandwidth charges to their 
upstream provider. I2 will not just make everything faster, but foremost 
lower the per Gig cost for local providers. This is a goldmine for the 
providers which will keep the prices high for the consumer (the carrot 
will be a doubling of speeds or bigger bandwidth allowance) - I foresee 
that they will embrace I2 and at the same time implement a more strict 
P2P filtering in the future. They can do that with I2, because they can 
afford to loose 10-20% of customers (the downloaders) and offset the 
losses through the lowering of bandwidth costs through I2. Makes perfect 
business sense ...

Where does this leave free information flow? I2 will certainly aid in 
the implementation of filtering mechanisms at all levels. Future DRM 
will prevent "ripping" of content into non-DRM formats. The Internet 
community at large will always work around it (i.e. envision my PGP 
example above fully automated) - so consider all current DVD material 
available and all future HD stuff locked. The I2 powers at work will 
always try to shut down "illegal activity" and play catch up with the 
current protocol of the day. The P2P downloaders will have to live with 
some fear of being tracked and lower efficiencies of their protocols 
(i.e. onion routing). Non-mainstream data will have to go more into 
hiding ... and never underestimate the bandwidth of a jumbo-jet full of 
floppy disks!
> The recording industry (RIAA) and hollywood (MPAA) are keen on figuring
> out I2. They quickly sued students over i2hub. 
>   
Please note that there is nothing I2 specific in this, other than I2 was 
used . Since the perceived damage goes up with download speeds which are 
very high on I2, it was targeted by the watchdogs right away.

So what can we do? I think there are a few things that actually might 
help future scenarios. One is to promote open standards and limit use of 
closed schemes. The idea of an "digital ecosystem" that is rich in open 
protocols is appealing. Maybe don't use Microsoft's WMV stuff if you 
don't have to. And don't get too used to the conveniences of 
DRM-embracing services like iTunes. Another activist thing might be to 
get the providers used to more personal Internet traffic. If they give 
you 50G allowance, use it. Keep that shoutcast.com Internet radio 
station running all the time. Run a P2P program and share your personal 
digital images. Try out encryption (files, email), because soon you 
might feel like it needs to be used. And maybe get used to the 
lower-quality stuff, because the good stuff will be so locked down you 
really don't want to touch it. :-)

Cheers
Andreas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: aschiffler.vcf
Type: text/x-vcard
Size: 135 bytes
Desc: not available
Url : http://mailman.thing.net/pipermail/idc/attachments/20060301/86d878c1/aschiffler-0002.vcf