| The Tamper Proof Container, Rootkits, and the Sony Rant @ :: worthy :: Dec 11 2005, 13:33 (UTC+0) | |
Sony’s only mistake was a poor execution of their plan. Maybe if they had been up-front with their customers, and had not deployed a substandard product, they wouldn’t have gotten themselves into such a pickle. I don’t think that most law abiding citizens will dispute Sony’s right to protect their intellectual property. And, I think most astute people will agree that it’s a fundamental nature of digital information that a perfect copy can be made. And, this is why DRM is so hard to do. In order to understand my viewpoint on the use of rootkits to protect digital information, you need to understand what DRM is really about. DRM is not actually about the digital information – it’s about the container that the digital information is stored within. Some people say that information wants to be free – but that is just a cute statement. The fact is, that information is either free, or it’s not. When the digital information is inside the container, it’s protected and you can’t make a copy of it. When it gets out of the container, it’s free and you can make a million copies of it. Let me illustrate this with an example. In the ideal DRM world, you would go to the music store, but instead of buying a CD, you would get something like a smart card, with a little headphone jack on the side. You can plug in your headphones and listen to the songs. But the only data you can get out of the thing is analog music – you can’t take a digital copy of the song out of the device. The device is a tamper proof container. You can burn it or dip it liquid nitrogen but all that you end up doing is destroying the device and the digital information is lost. Of course, in the real world, a hardware based solution is impractical. But, hardware or not, a tamper proof container is what DRM is about. Try to see this from Sony’s viewpoint - all that Sony is trying to do is make a tamper proof container for their songs – except instead of using hardware, they are using software. Their software tries to convert your computer into a tamper proof container for their music. They want you to listen to their music, but by the rules. Just because you don’t like the rules doesn’t mean Sony doesn’t have the right to make you play by them. Now, people might ask, why do they need to use rootkits? Why do they need to be subversive and install programs that hide on the system? Well, the thing you need to understand is tamperproofing isn’t about hiding from users – it has nothing to do with the users. Tamperproofing is about hiding from hacker tools that are designed specifically to break into the tamper proof container. And here is where rootkit technology enters the picture. If we had our ideal tamper proof smartcard music player, a person might need multi-million dollar specialized equipment to break it open without losing the digital information. That’s why hardware based tamper proofing works so well – it’s the economics of it. Well, in the software world, we have our own set of specialized tools for breaking into programs. Except, in the software world, these tools can be freely copied. Yes, they might be expensive to build – but once the tool is built, it can be posted on a website or traded around on IRC. So, a software based tamper proof container is much harder to protect. And, in general, the strongest technology available for protecting software is the rootkit. Let me posit that to make an effective software based tamper-proof container, rootkits are not an option – they are the fundamental nature of the tamper proof container. Think about this - in order to break open a tamper proof container, you have to reverse engineer it. You have to understand how it works in order to take it apart. Hiding and stealth is the first step in the strategy of making something difficult to reverse engineer. A rootkit can also alter the way the operating system works so that you cannot easily debug the hidden code. And finally, a rootkit can detect when a hacker tool is being used to steal a copy of the digital data. If you take the rootkit out of the picture, you have basically rendered it impossible to make a software based tamper proof container. Rant section begins Like it or not, that music does not belong to you. When you ‘buy’ it – you are actually buying a contractual right to listen to it, not to own the IP. If you actually owned it, you could use it in your hollywood movie, on your website, broadcast it for money, or give away a million free copies of it. Your right to listen to it is governed by a contract – a EULA or terms of use. You may not like the terms of use, but that doesn’t mean they don’t apply. If the contract says you can’t use it in an iPod, so be it. If the contract says you can’t listen to it on a car stereo, so be it. If you don’t like it, don’t buy the contract. What is going on right now is a big change. The change is that technology is emerging to control digital information and how it’s used. Face the facts, people don’t like change. People want things to be like they always have been – they wan’t to freely copy the music, put it in their iPod, play it on their MP3 car stereo, etc. Change happens, people – get over it! Maybe if enough people want to play it on a MP3 car stereo, then Sony will respond to the market and make a new product that works w/ the car stereo. Rant section stops |
