How The Copyright Industry Made Your Computer Less Safe
from the welcome-to-the-world-of-drm dept
I've already written one piece about Cory Doctorow's incredible column at the Guardian concerning digital rights management and anti-circumvention, in which I focused on how the combination of DRM and anti-circumvention laws allows companies to make up their own copyright laws in a way that removes the rights of the public. Those rights are fairly important, and the reason we have them encoded within our copyright laws is to make sure that copyright isn't abused to stifle speech. But, anti-circumvention laws combined with DRM allow the industry to route around that entirely.But there's a second important point in Doctorow's piece that is equally worth highlighting, and it's that the combination of DRM and anti-circumvention laws make all of our computers less safe. For this to make sense, you need to understand that DRM is really a form of security software.
The entertainment industry calls DRM "security" software, because it makes them secure from their customers. Security is not a matter of abstract absolutes, it requires a context. You can't be "secure," generally -- you can only be secure from some risk. For example, having food makes you secure from hunger, but puts you at risk from obesity-related illness.But, to understand security, you have to recognize that it's an ever-evolving situation. Doctorow quotes Bruce Schneier in pointing out that security is a process, not a product. Another way of thinking about it is that you're only secure until you're not -- and that point is going to come eventually. As Doctorow notes, every security system relies on people probing it and finding and reporting new vulnerabilities. That allows the process of security to keep moving forward. As vulnerabilities are found and understood, new defenses can be built and the security gets better. But anti-circumvention laws make that almost impossible with DRM, meaning that the process of making security better stops -- while the process of breaking it doesn't.
DRM is designed on the presumption that users don't want it, and if they could turn it off, they would. You only need DRM to stop users from doing things they're trying to do and want to do. If the thing the DRM restricts is something no one wants to do anyway, you don't need the DRM. You don't need a lock on a door that no one ever wants to open.
DRM assumes that the computer's owner is its adversary.
Here is where DRM and your security work at cross-purposes. The DMCA's injunction against publishing weaknesses in DRM means that its vulnerabilities remain unpatched for longer than in comparable systems that are not covered by the DMCA. That means that any system with DRM will on average be more dangerous for its users than one without DRM.And that leads to very real vulnerabilities. The most famous, of course, is the case of the Sony rootkit. As Doctorow notes, multiple security companies were aware of the nefarious nature of that rootkit, which not only hid itself on your computer and was difficult to delete, but also opened up a massive vulnerability for malware to piggyback on -- something malware writers took advantage of. And yet, the security companies did nothing, because explaining how to remove the rootkit would violate the DMCA.
Given the post-Snowden world we live in today, people are suddenly taking computer security and privacy more seriously than they have in the past -- and that, as Doctorow notes, represents another opportunity to start rethinking the ridiculousness of anti-circumvention laws combined with DRM. Unfortunately, politicians who are way behind on this stuff still don't get it. Recent trade agreements like the TPP and ACTA continue to push anti-circumvention clauses, and require them around the globe, thereby weakening computer security.
This isn't just an issue for the "usual copyright people." This is about actually making sure the computers we use are as secure and safe as they can be. Yet, in a world with anti-circumvention provisions, that's just not possible. It's time to fix that.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: anti-circumvention, copyright, cory doctorow, dmca, drm, security, sony rootkit
Reader Comments
Subscribe: RSS
View by: Time | Thread
What happened was everyone started avoiding wma files like it was the plague, forcing Microsoft into putting in some security to prevent this sort of behavior.
[ link to this | view in chronology ]
Re:
Outlook Express's preview pane that automatically executed any attachment, ActiveX which allows web sites to download and execute code, browser triggers in WMV files that can send your browser to any web site, AutoPlay which will execute whatever code the instructions on a disc or removable device tell it to, hiding extensions for known file types which makes it possible to hide the EXE extension on a file.
[ link to this | view in chronology ]
It started with the boot sector
[ link to this | view in chronology ]
Re: It started with the boot sector
[ link to this | view in chronology ]
Microsoft uses DRM sucessfully hundreds of millions of times.
[ link to this | view in chronology ]
Re: Microsoft uses DRM sucessfully hundreds of millions of times.
If you mean people submit to Windows authorization or DRM on Xbox games: of course people will accept DRM if it's better than the alternative - for a business, being sued over Office licenses - or if there is no feasible alternative - as with Xbox 360/One games - or if it doesn't restrict what people actually want to do - again, as with Xbox games.
If you mean that Microsoft has used DRM without compromising security... that's just flat out wrong. See the comment above from 12:10pm.
[ link to this | view in chronology ]
Re: Re: Microsoft uses DRM sucessfully hundreds of millions of times.
2. i had a recent experience where our DSL tubes went down (which was weird, 'cause MS troubleshooting/diagnostics said NOTHING was amiss, and control panel *said* i was connected to the inertnets, but we were not... neighbor who reported it, said ISP kept insisting it was on our end, then had to relent after a couple days... but even though we could not get a bit to go through the tubes, our 'puters *said* everything was 'okay', weird...), and since i couldn't bother people online, i went to play some solitaire...
well, in win8 (hate, Hate, HATE win8! ! ! more proof positive MS is eee-vil) it is ALWAYS TRYING to connect you to the MS walled garden, which i almost never do (even though the slimy fucks FORCED me to login with my MS 'account' when i up(read: down)graded to win8.1 hate, Hate, HATE win8.1 too! ! !), and kept on crashing and burning the stupid fucking solitaire game because it didn't like that we weren't 'connected'...
POS s/w, POS company...
3. last point i've made before: it simply does not matter if the DRM is technically proficient or difficult to reverse engineer, i'm sure they really don't care... WHEN -as The They (tm) have done and will continue to make more draconian- they make messing with, reverse engineering, or simply DISCUSSING DRM hacks ILLEGAL, it don't matter if it is easy to break, they simply get you for THINKING about breaking it...
welcome to prison planet...
[ link to this | view in chronology ]
Re: Re: Re: Microsoft uses DRM sucessfully hundreds of millions of times.
First off, Windows will say it is connected if it can PING certain addresses. So long as that works, then Windows is happy.
Second, Windows 8 does NOT force you to use a Microsoft account to log in. You have the option to use local accounts only.
[ link to this | view in chronology ]
Re: Re: Re: Re: Microsoft uses DRM sucessfully hundreds of millions of times.
[ link to this | view in chronology ]
Re: Re: Re: Microsoft uses DRM sucessfully hundreds of millions of times.
Reminds me, I should boot in my xp x64 partition sometimes so I can get the full patches, stops being updated after april, right ? This sucks so bad, XP nevermind some obvious flaws, is still the OS they have put the most effort on when it comes to securing it.
[ link to this | view in chronology ]
Re: Microsoft uses DRM sucessfully hundreds of millions of times.
That Microsoft uses DRM does not mean that DRM can have vulnerabilities. Those vulnerabilities can be security problems. Discussing or publishing details about this could violate the law.
In an aside irrelevant to the article, but relevant to your irrelevant post, the idea that DRM "works", which seems to be your claim that it does work, is actually evidence of its failure. It "works" to prevent people from doing ordinary things they want to do, such as play content on all their devices. Or keep their content forever when they discard devices. Or watch it when and where they want.
[ link to this | view in chronology ]
Re: Microsoft uses DRM sucessfully hundreds of millions of times.
DRM works good! If you even try just a little bit its easy to beat. I'm not all that smart and I have never given a nickel to MS and have run windows since 3.1
[ link to this | view in chronology ]
Re: Microsoft uses DRM sucessfully hundreds of millions of times.
If you're going to shill, you have to be more specific.
[ link to this | view in chronology ]
Re: Re: Microsoft uses DRM sucessfully hundreds of millions of times.
And I buy vinyl albums when I really like a band, good bands never stopped putting out vinyls.
[ link to this | view in chronology ]
Re: Microsoft uses DRM sucessfully hundreds of millions of times.
[ link to this | view in chronology ]
Re: Microsoft uses DRM sucessfully hundreds of millions of times.
A DRM scheme is successful when it stops unauthorised duplication. It can be both successful *and* harmful to security, as your security probably isn't a priority for them.
The point is a systemic one: that the DMCA creates situations where insecure DRM can continue to exist. It is not to say that secure DRM is a technical impossibility.
[ link to this | view in chronology ]
Re: Re: Microsoft uses DRM sucessfully hundreds of millions of times.
[ link to this | view in chronology ]
Re: Microsoft uses DRM sucessfully hundreds of millions of times.
[ link to this | view in chronology ]
what can be done other than begging the corrupt to fix the corruption? again, just asking. it's a real question not just saying it to sound like an asshole or make anyone mad.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
The lie that will kill PCs
As the "monopoly platform" it has some things that are unavailable elsewhere but those aren't so numerous anymore and much of that is expensive specialty stuff only relevant to businesses.
DRM on PC games in particular is a force to drive people to dedicated gaming platforms where the DRM is more transparent.
[ link to this | view in chronology ]
Re: The lie that will kill PCs
foegive me, I'm not the best with words.
[ link to this | view in chronology ]
Re: Re: The lie that will kill PCs
Use windows only when absolutely required.
[ link to this | view in chronology ]
Re: Re: Re: The lie that will kill PCs
[ link to this | view in chronology ]
Re: Re: Re: The lie that will kill PCs
[ link to this | view in chronology ]
Re: Re: The lie that will kill PCs
For dual-booting (and some multi-boot setups) it's as easy as taking a computer with Windows already installed on it, and installing linux side-by-side. These days linux will automatically detect Windows and give you the option to boot into it when the bootloader starts.
As to convenience, I think a better word would probably be familiarity. I obviously don't know when the last time you used linux was (or which flavor), but I can absolutely tell you that it has come a long way in a relatively short time. I would strongly recommend trying a dual-boot setup, then progressing into virtual machines.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Response to: Anonymous Coward on Feb 6th, 2014 @ 12:19pm
[ link to this | view in chronology ]
Doctorow makes some great points
But that aside, one of the takeaways from Doctorow's piece, and I completely agree with it, is that a system using DRM cannot be secured. It's impossible.
[ link to this | view in chronology ]
Good!!
[ link to this | view in chronology ]
Copyright is a big issue
[ link to this | view in chronology ]
It gets worse
What this means is, if someone can find a way to get code accepted by the TPM, they are in control of your computer and you have no way to get control back.
Some people worry about Iran building nuclear weapons. I worry about them infiltrating one single engineer into the right department at Microsoft or Intel.
[ link to this | view in chronology ]
Re: It gets worse
That's overstating the case a bit. TPM does not prevent you from replacing the OS with something that ignores TPM. The side-effect to doing that is anything that requires TPM authentication to work won't anymore. In practice, that's not a big deal at all.
[ link to this | view in chronology ]
Re: Re: It gets worse
...did you miss the entire Windows 8 "secure boot" kerfuffle?
[ link to this | view in chronology ]
Re: Re: Re: It gets worse
[ link to this | view in chronology ]
Re: Re: Re: Re: It gets worse
[ link to this | view in chronology ]
Re: It gets worse
[ link to this | view in chronology ]
Re: Re: It gets worse
Of course, it's doomed to failure, since anything that prevents an honest FOSS fan from using their own hardware for legitimate purposes is asking them to create a workaround/hack that can be used for any purpose (witness the PS3 debacle after OtherOS was removed) and thus wastes the time and effort involved. Sadly, people will be fooled in swallowing the crap that's given as excuses for doing this so long as someone says "piracy".
[ link to this | view in chronology ]
Think of who benifits from these laws.
I have to wonder if the spy agencies aren't behind pushing for these laws and provisions as a means to provide a way of deploying their spyware.
[ link to this | view in chronology ]
A brilliant peice - deserves the title of polemical.
[ link to this | view in chronology ]
Re: A brilliant peice - deserves the title of polemical.
[ link to this | view in chronology ]
Exept DRM is not 'security'
Stupid convoluted, reverse logic and a simple TD scare tactic..
Sorry TD security does not work that way, you (should) damn well know that. (you probably do, but you don't want to upset your 7 fans).
DRM would not be needed at all, if it was not for a large group of people (like the TD crowd) who wants to steal everything not tied down, for their own free pleasure.
Who spend all their lives making up excuses as to why this theft is acceptable, (like not calling it theft, but "infringement") and crying like 4 year old girls when groups and people seek to stop this significant theft of other peoples property.
Oh, that's another argument made by the wannabe thieves, the "Its not real property"..
But then sometimes they slip up, and accuse the Government of getting some low life's bitcoins, forgetting they are not real property.
Effectively arguing FOR AND AGAINST the same principle.
So according to TD, hacking make computer MORE secure because they hack, and security software developers make computers LESS secure because they work to make computers more secure.
You even admit it yourself, MR Masnick Admitting that it is the result of "HACKERS" that has forced this security upon us..
", every security system relies on people probing it and finding and reporting new vulnerabilities."
For a start that is clearly UNTRUE, NO SECURITY SYSTEM RELIES ON PEOPLE ATTACKING IT for its security... what are you stupid ??
But security systems are certainly in place because people "PROBE THESE SYSTEMS".
So yes, if no one hacked, and no one stole there would be no need for security.
And of course, according to Masnick, MORE HACKERS and THEIFS MAKES US MORE SAFE !!!
More hackers, more copyright thieves, means more security software, means more security, means more safety (although DRM is not a security software) it is an anti-theft software.
DRM is not a anti-virus, or a anti-hacking software, it is a security measure to stop theft.
Having or not having DRM on your computer does not make your computer ANY LESS or ANY MORE SECURE. Again, you must know this by now Masnick..
You've been doing this for 16 years, you must of learnt something about technology by now.
Or do you simply prefer to act stupid to appease you 3 diehard fans ?
[ link to this | view in chronology ]
Re: Exept DRM is not 'security'
Did you not read the part about Sony's Rootkit?
[ link to this | view in chronology ]
Re: Exept DRM is not 'security'
THEFT - start by defining this and then rewrite this retarded article.
To restate the above:
THEFT leads to SECURITY TO STOP THIEVES leads to MORE ADVANCED THEFT leads to MORE ADVANCED SECURITY and so on and on and on...
This is the nature of the game so when people stop taking things that they are not supposed to take then security prof's will stop using things like Anti-Virus, Firewalls and DRM.
[ link to this | view in chronology ]
Re: Exept DRM is not 'security'
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Lets see..
A certain Important software program for use on your computer, by a MAJOR CORP..
Has had TONS of updates in the last couple years..
Whats interesting is that NOT being part of Apple, they are also one of the major software companies WRITING for them..
RECENTLY they announced that that the DRM that they wrote for a piece of portable hardware was going AWAY, and that ALL those that used it, must redo the DRM to a current version, or THEIRS.
Simple DRM, checks a disk, as its inserted into your computer then plays it..
WHAT else could you do with Software AND DRM??
Go out and get cover art?
Get lyrics?
TELL SOMEONE that you have THAT PROGRAM??
REPORT the name of all your music to someone?
REPORT any music/video that DONT have DRM??
(this was noted on a smart TV, recently for LG..and someone got upset)
If you arnt upset yet...ASK ADOBE..what they are doing.
[ link to this | view in chronology ]
Re: Lets see..
As for flash, its easy not to need it anymore.
[ link to this | view in chronology ]
Re: Re: Lets see..
What? That's nonsense.
If you were to say _most_ Linux distributions come with _a_ pdf reader, that would be correct. But even then, the choice of which reader (there are many) is included is usually tied to which desktop environment is being used (KDE, Gnome, XFCE, etc).
[ link to this | view in chronology ]
Hmmm... that strikes me as being a bad example. Having a reasonable amount of food does not do this, only an abundance of it, and even then only if you overuse the resources you can access.
A better way to put it is that having food secures you from hunger, but may also place you at risk of, say, food poisoning or certain allergic reactions. Also, like DRM, it may not even do its primary job properly - if the only "food" you have is poor quality, you may still suffer from malnutrition even if dying from pure hunger is no longer going to happen, and it can be worse than nothing if it happens to be laced with rat poison.
[ link to this | view in chronology ]
DRM in EU - (not un)touchable?
Looks like at least some forms of DRM can be circumvented legally in EU now...
[ link to this | view in chronology ]
Hacking
[ link to this | view in chronology ]
Worst Article Ever?
-- Sorry, but this is just stupid. Applying this logic would say why do any of us need firewalls, they just stop hackers from getting at what they want. And while we are at it, last time I checked most people still lock their doors at night because we probably A. Have something that others would want and B. Don't want to give it to them.
Here is what I think people forget when they read these embarrassingly one-sided and obviously prejudiced articles bashing content owners...the reason why they have DRM in the first place is because typically the content has been discounted from the price of something like a DVD/BR. Being able to rent a movie on iTunes is cheaper than buying it on DVD and hence has been discounted to counteract the limited usage. BTW, when you pay a discounted price to see the movie in a theatre, you don't get to film a copy with your camcorder and bring it home with you either (not legally at least). You also don't get to see it the next day without another ticket...
Finally, using a near 10 year old example with the Sony root kit -- seriously, thats the reason why people should be afraid of DRM on their computer, because in 2005 Sony released audio CD's that had it???
[ link to this | view in chronology ]
Re: Worst Article Ever?
Inept analogy is inept.
DRM is not like me locking my front door at night. It's like buying a house with one of the rooms locked by the previous owners that I am not allowed, by law, to enter.
[ link to this | view in chronology ]
Touchy Subject!
Which is really great since the arguments used by these quantity-paid forum stuffers are so pathetic and groundless, they make the case for ending DRM far better than anyone else here.
I hadn't realized that DRM discussions were such serious shill-bait! Apparently, the legacy industries are putting most of their eggs in this basket.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
If you want true security have a non-networked and online PC (not virtual obviously, derp) or get yourself a in-house proxy/firewall server. Re-write your routers to block all and only write in exceptions. 2ez.
[ link to this | view in chronology ]
windows insecurity
[ link to this | view in chronology ]
now thats what they want!!
[ link to this | view in chronology ]