15 May 2001
Source: CRYPTO-GRAM, May 15, 2001
Bruce Schneier
Music, videos, books on the Internet! Freely available to anyone without paying! The entertainment industry sees services like Napster as the death of its business, and it's using every technical and legal means possible to prevail against them. They want to implement widespread copy prevention of digital files, so that people can view or listen to content on their computer but can't copy or distribute it.
Abstractly, it is an impossible task. All entertainment media on the Internet (like everything else on the Internet) is just bits: ones and zeros. Bits are inherently copyable, easily and repeatedly. If you have a digital file -- text, music, video, or whatever -- you can make as many copies of that file as you want, do whatever you want with the copies. This is a natural law of the digital world, and makes copying on the Internet different from copying Rolex watches or Louis Vuitton luggage.
What the entertainment industry is trying to do is to use technology to contradict that natural law. They want a practical way to make copying hard enough to save their existing business. But they are doomed to fail.
For these purposes, three kinds of people inhabit the Internet: average users, hackers, and professional pirates. Any security measure will work against the average users, who are at the mercy of their software. Hackers are more difficult to deter. Fifteen years of software copy protection has taught us that, with enough motivation, any copy protection scheme -- even those based on hardware -- can be broken. The professional pirate is even harder to deter; this is someone willing to spend considerable money breaking copy protection, cloning manuals and anti-counterfeiting tags, even building production plants to mass-produce pirated products. If he can make a profit selling the hacked software or stolen music, he will defeat the copy protection.
The entertainment industry knows all of this, and tries to build solutions that work against average users and most hackers. This fails because of a second natural law of the digital world: the ability of software to encapsulate skill. A safe that can keep out 99.9% of all burglars works, because the safe will rarely encounter a burglar with enough skill. But a copy protection scheme with similar characteristics will not, because that one-in-a-thousand hacker can encode his break into software and then distribute it. Then anyone, even an average user, can download the software and use it to defeat the copy protection scheme. This is what happened to the DVD industry's Content Scrambling System (CSS). This is how computer games with defeated copy protection get distributed.
The entertainment industry is responding in two ways. First, it is trying to control the users' computers. CSS is an encryption scheme, and protects DVDs by encrypting their contents. Breaks do not have to target the encryption. Since the software DVD player must decrypt the video stream in order to display it, the break attacked the video stream after decryption. This is the Achilles' heel of all content protection schemes based on encryption: the display device must contain the decryption key in order to work.
The solution is to push the decryption out of the computer and into the video monitor and speakers. To see how this idea helps, think of a dedicated entertainment console: a VCR, a Sega game machine, a CD player. The user cannot run software on his CD player. Hence, a copy protection scheme built into the CD player is a lot harder to break. The entertainment industry is trying to turn your computer into an Internet Entertainment Console, where they, not you, have control over your hardware and software. The recently announced Copy Protection for Recordable Media has this as an end goal. Unfortunately, this only makes breaking the scheme harder, not impossible.
The industry's second response is to enlist the legal system. Legislation, such as the Digital Millennium Copyright Act (DMCA), made it illegal to reverse-engineer copy protection schemes. Programs such as the one that broke CSS are illegal to write or distribute under the DMCA. This is failing because of a third natural law of the digital world: the lack of political boundaries. The DMCA is a U.S. law, and does not affect any of the hundreds of other countries on the Internet. And while similar laws could be passed in many countries, they would never have the global coverage it needs to be successful.
More legal maneuvering is in the works. The entertainment industry is now trying to pin liability on Internet service providers. The next logical step is to require all digital content to be registered, and to make recording and playback equipment without embedded copy protection illegal. All in an attempt to do the impossible: to make digital content uncopyable.
The end result will be failure. All digital copy protection schemes can be broken, and once they are, the breaks will be distributed...law or no law. Average users will be able to download these tools from Web sites that the laws have no jurisdiction over. Pirated digital content will be generally available on the Web. Everyone will have access.
The industry's only solution is to accept the inevitable. Unrestricted distribution is a natural law of digital content, and those who figure out how to leverage that natural law will make money. There are many ways to make money other than charging for a scarce commodity. Radio and television are advertiser funded; there is no attempt to charge people for each program they watch. The BBC is funded by taxation. Many art projects are publicly funded, or funded by patronage. Stock data is free, but costs money if you want it immediately. Open source software is given away, but users pay for manuals and tech support: charging for the relationship. The Grateful Dead became a top-grossing band by allowing people to tape their concerts and give away recordings; they charged for performances. There are models based on subscription, government licensing, marketing tie-ins, and product placement.
Digital files cannot be made uncopyable, any more than water can be made not wet. The entertainment industry's two-pronged offensive will have far-reaching effects -- its enlistment of the legal system erodes fair use and necessitates increased surveillance, and its attempt to turn computers into an Internet Entertainment Platform destroys the very thing that makes computers so useful -- but will fail in its intent. The Internet is not the death of copyright, any more than radio and television were. It's just different. We need business models that respect the natural laws of the digital world instead of fighting them.
Similar sentiment about the death of the PC:
http://www.theregister.co.uk/content/2/17419.html
Copyright (c) 2001 by Counterpane Internet Security, Inc.