15 April 2003
See similar patent application by Paul Kocher, et al:
http://cryptome.org/kocher-etal.htm
http://www.nytimes.com/2003/04/15/technology/15CRYP.html
The New York Times, April 15, 2003
By JOHN MARKOFF
A prominent computer security researcher has proposed a technical solution aimed at forging a middle ground in the increasingly bitter battle by Hollywood and Silicon Valley over the best way to protect digital content from consumer piracy.
Cryptography Research has begun circulating its proposal, which it calls Self-Protecting Digital Content, among entertainment companies. It plans to make it available publicly this week, in an effort to break the impasse over the Digital Millennium Copyright Act, which Congress passed in 1998 with strong lobbying support from Hollywood and other creators of intellectual property.
Cryptography Research's proposal would shift the location of copy-protection code from the consumer products that play music and movies and run software to the content files produced by entertainment companies and software developers. The plan aims to help avoid the immense costs of building piracy protection into personal computers, video game players, satellite receivers and other devices produced by technology manufacturers. While it would not eliminate the possibility of digital theft, its advocates said it would drastically curb piracy while easing the burden on the technology industry.
They say the plan would also avoid invading the privacy of consumers who do not engage in piracy and make it easier and less costly for content owners to recover if a copy-protection system is broken.
The authors of the report include Paul Kocher, a leading American cryptographer, who was involved in the development of an important Web standard for protecting the security of commercial transactions.
Consumer electronics makers create coding to wrap what they hope will be unbreakable shells of software around digital content on CD's, DVD's and the like. Once the copy protection systems are undermined, however, it is simple for pirates to make unlimited copies of the music, video or software.
Under pressure from Hollywood and the recording industry, the personal computing industry has now embarked on an ambitious project to build copy protection hardware into the circuitry of all PC's. The efforts, including the PC hardware industry's Trusted Computing Platform Alliance and Microsoft's Palladium system are being sold to users on the grounds that they will protect information privacy and computer security.
But if the hard-wired approach proves to be fallible, allowing a determined enemy to bypass this digital Maginot line, the standards efforts could turn into a financial disaster for the computer industry and harm Hollywood as well.
"We use the term brittle," said Mr. Kocher, who consults widely in the consumer electronics industry on cryptography issues. "You have a strong external shell, but the inside is software and completely vulnerable."
Under the proposal from Cryptography Research, based in San Francisco, the hardware would be radically simplified and the complexity of protecting the information would be embedded within the music, video or software file itself.
As part of the approach, each file would embed a digital mark, making it possible for a stolen copy to be traced. The advantage of the system is that the tracing technology would only come into play if a file is widely copied.
"It's a clever idea," said Bruce Schneier, founder and chief technical officer of Counterpane Internet Security, a computer security company. "This makes the job of the attacker more annoying. Paul is approaching the problem more sensibly than others."
Most security experts now believe that there will never be a perfect solution to digital piracy. But most earlier proposals would involve such extensive invasions of privacy that many experts worry that they could end up producing a consumer backlash against the entertainment and technology industries.
Mr. Kocher said he decided to explore a new approach after years of watching the mounting tension among Hollywood, electronics manufacturers and consumer advocacy groups.
"I find the problem of piracy absolutely fascinating," he said. "Most people view this as a war between Hollywood and technology companies. But I view it as the security industry has done a terrible job of attempting to solve Hollywood's piracy problem."