Clean coal, 2+2=5 and other delusions

Posted: April 10, 2008 | Author: | Filed under: environment, events, media, oped | Leave a comment »

The public relations salvo against global warming legislation is already underway, even before any concrete proposals were introduced in either the House or Senate. Washington Post notes that a group backed by the coal industry is spending $35M on a new ad campaign in primary and caucus states to spread the message that coal is a clean fuel. With the appropriately Orwellian name of Balanced Energy Choices (similar to how the campaigns against raising fuel economy standards used to be called  “Concerned/Anguished/Distraught Citizens for Vehicle Choice”) the TV spots use the catchy image of a power cable being plugged into a lump of coal. True enough considering that 50% of US power generation capacity comes from coal, and it is the one fuel that the world is not in any danger of running out anytime soon. The remainder is at best disingenuous: as the Post article points out, the definition of “clean” conveniently excludes carbon emissions.

Strangely the message has not made it very far online: Googling for clean coal will not return any top matches related to the slick campaign website and the commercial itself that praises the virtues of energy security. Not even a sponsored result. Instead the collective wisdom of the web responds with a balanced perspective on technologies such as IGCC that promise to extract comparable energy with a fraction of the emissions associated with directly burning the fuel. One of the hits points to an article from last year’s Sierra Club magazine and another one on the second page finds a blistering indictment of the concept from Washington Post op-ed side. That’s not exactly a success story, considering the commercial spots were produced by the same company responsible for the “what-happens-here-stays-here” themed advertising for Las Vegas.

cemp

Netflix, Apple and movie distribution over the Internet

Posted: January 20, 2008 | Author: | Filed under: Internet, media, review | Leave a comment »

Couple of announcements on movie distribution made the headlines recently:

  • At CES 2008 in Vegas, Netflix announced a partnership with LG to build a set-top box for streaming movies to consumers over the Internet. Movies will be free to existing Netflix subscribers, the only additional cost being the hardware.
  • Not to be outdone, Apple took the opportunity and preaching-to-the-choir environment of MacWorld to make a splash with its own take-two attempt at movie distribution, iTunes Movie Rentals.
  • Not to be outdone Netflix announced it was removing existing limits on streaming for subscribers– Netflix already had boasted a “watch now” feature where subscribers

What to make of these developments?

For Netflix users, it’s business as usual. This blogger’s account had its streaming limits lifted before the announcement, at least if the Netflix web page was correct about describing the program. Streaming works fine on a decent broadband connection already,  although the image quality is sub-par when projected on a TV and the software requires a Windows operating system because of its dependence on the DRM platform. (Also worked fine under Parallels on this bloggers’s Macbook Pro with Tiger.) Long-term trends in increasing bandwidth as well as availability of new options such fiber-to-the home means that the quality may improve to the point of being competitive with existing high-definition content options. Given that an average PC or laptop can easily feed a high-quality digital via DVI interface today (and some even boast HDMI output) the set-top has questionable value. At best it may be an all-in-one solution for consumers who are not tech-savvy but it’s hard to argue that learning how to connect a DVI cable to the TV is not worth the $$$ for the device. In all likelihood the hardware will be subsidized by Netflix and given away for free in exchange for binding contracts on an extended Netflix subscription– similar to the cell-phone/wireless plan model.

The main challenge for Netflix is the limited selection. While the main catalog for physical DVD distribution boasts tens of thousands of titles and current new releases, the “Watch Now” option limits viewers to 6000 titles, most of them ancient. It’s as if a record label decided to experiment with DRM-free downloads and started with the Perry Komo collection.

As for Apple, this is the second foray into movie downloads. Jobs admitted that the first time around was not very successful:

“We learned what people wanted was movies, movies, movies. [...] We weren’t delivering that, so we’re back with Apple TV, take two.”

iTunes will charge $4 for new releases and $3 for the euphemistically named “library titles”(translation: dated junk featuring washed out movie stars from the 1980s) As with Netflix everything comes with the inane DRM baggage. Apple gives viewers 24 hours to finish the movie once downloaded, terms comparable to XBox Live movie downloads. At 640×480 image quality is hardly stellar but again there is room for improvement with an eye toward HD-quality in the future. Another significant disadvantage: iTunes requires download of the entire movie before it can be played. Netflix solution allows for streaming with intelligent buffering.

Ultimately the choice comes down to pricing models: Netflix is flat fee for all-you-can-download over a limited catalog that is likely to work better for independent film, documentaries and rehashed TV-series, as well as shoring up gaps in movie background– in case there is a friend who has not yet seen “The Clockwork Orange.” As back-up there is always the DVD arriving in the mail. iTunes is optimized for instant gratification over a more updated selection and a correspondingly higher price tag.

cemp

Dangerous digits, forbidden Diggs: how not to deal with leaks

Posted: May 2, 2007 | Author: | Filed under: Internet, media, Security, software | Leave a comment »

The main encryption key protecting all HD-DVD content  against unauthorized copying (“processing key”) was discovered almost 3 months ago in February, and published in the Doom9 forums. In some ways that hack was just a question of time. Software DRM is always vulnerable to reverse engineering. Unlike a true cryptographic  attack, in this case the crown jewels are there, hidden in plain sight shipped with every copy of software capable of playing HD-DVD and BluRay discs. It is quite possible other people had already accomplished the same feat but chose to keep quite and perhaps profit by privately exploiting this information, selling to pirating rings etc.

All of that would be expected. But the truly strange part is that the disclosure issue flared up again yesterday in a storm of protest messages to Digg. Short version of the story:

  • Somebody posted the key in a Digg submission
  • Digg removed it in response to a cease-and-deskist letter, fueling all sorts of conspiracy theories including one allegation that the site had been receiving funding from the HD-DVD association.
  • Users revolted– for 24 hours, every other story on the site featured creative ways to publish the key.
  • Digg admitted the error of its ways and tried to make amends, agreeing to not remove any more user submissions. Damn the torpedoes, full speed ahead.

As quoted in the New York Times article published today:

“You’d rather see Digg go down fighting than bow down to a bigger company,” wrote Kevin Rose, Digg’s founder, in a blog post. “We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be. If we lose, then what the hell, at least we died trying.”

Jay Adelson, Digg’s chief executive, said in an interview that the site was disregarding the advice of lawyers. “We just decided that it is more important to stand by our users.”

Stepping back for a second, let’s put on the risk management hat and ask what has been accomplished in this campaign asking websites to take down offending posts. Breach of valuable cryptographic key material is a serious problem, even when it was destined to happen with the current DRM design. But arguably there is marginal utility in limiting scope of the disclosure. Now the key itself is not really the dangerous asset, since most users can not write the software required to duplicate content. It is only useful to the select few who have the software but not the key. We can bet that no reputable software vendor will be writing that code, although the success of DeCSS in the past shows commercial involvement is far from necessary to get critical mass. But even granting that there is some good reason for limiting distribution of the key, what purpose did the C&D  letters serve?

  1. Ensuring that the key is even more widespread online than ever before, as indignant users made ahere  point of duplicating the 16 hexadecimal digits everywhere they went online. (And some times offline: it is now on tshirts and mugs. CafePress lists over 1000 products.) In this way the cease & desist letter served to initiate the greatest “distributed content replication” rush seen this far. Some of the entires were quite ironic: in one case the C&D letter itself contained the key, which ended up on Chilling Effects.
  2. Drawing extensive press coverage from mainstream media, including New York Times, Forbes and BBC. At a time when the legitimacy of DRM is in question and Apple has successfully spear-headed a movement to offer DRM-free music, the attempt to compensate for technical failures of AACS with legal tactics is unlikely to win any converts to the content industry viewpoint.
  3. Drawing the ire of customers– it would not be the first time.

This is hardly a success story in limiting the distribution of leaked secrets.

cemp

EMI announces DRM-free music

Posted: April 3, 2007 | Author: | Filed under: Internet, markets, media | Leave a comment »

It is finally happening, but the Beatles selection may not be part of the deal.(Ironic considering their long standing brand disputes over “Apple,” since the Fab Four’s recording company was called Apple Records long before Jobs and Wozniak put together their first prototype.)

iTunes will be the first to carry music sans DRM. This may become the rare controlled experiment in free market economics. Both proponents and detractors of DRM have argued that it is (not) the optimal way for content owners to maximize revenue. Until now there was no way to empirically verify this because there was no way to get DRM-free music online, with the exception of the beleaguered Russian site AllOfMP3 which always seemed to be on the verge of legal trouble. With the option to choose between unrestricted and DRMed downloads, consumers can now vote with their wallet to express a preference.

cemp

NFL clip incident, act II

Posted: March 26, 2007 | Author: | Filed under: Internet, law, media | Leave a comment »

My friend and law professor Wendy Seltzer’s story was Slashdotted last week, after the NFL apparently violated procedure around DMCA takedown notices.

According to her blog post, the clip from Superbowl broadcast showing the copyright warning was restored by YouTube after her counter-notification. Not content to let the matter rest, NFL fired back. But instead of seeking action in court as called for by DMCA, they sent a second, identical notice to YouTube resulting in removal of the offending content for a second time. Quote:

If the NFL deigned to respond, I expect they would argue something like “the volume of material is so high, we can’t possibly keep track of all the claims of non-infringement. Our bots are entitled to a few mistakes.” But if they’re not able to keep track of the few counter-notifications they’ve received (the YouTube URL and page stayed the same at all times it’s been up), how can they demand that YouTube respond accurately and expeditiously to all the DMCA notifications they send, or worse, filter all content as Viacom is demanding?

This is an interesting complement to stories of users wronged by content owners and threatened with costly lawsuits. Perhaps for the first time, the target of the infringement claim is an expert in DMCA, runs the website ChillingEffects dedicated to chronicling DMCA abuses (at one point used by Google when search results were altered due to take-down notice) and is writing about her experiences in a blog.

cemp

Copyright: state of the union in three stories

Posted: February 14, 2007 | Author: | Filed under: Internet, law, media, Security | Leave a comment »

1. Neutral: Following Steve Job’s call to end digital rights management, a story is circulating in the blogosphere that EMI may release its entire catalogue DRM-free.

2. On the upside: AACS, the content protection system used for HD-DVD and BluRay has experienced its first serious defeat. The news comes from the same Doom9 forums where 2 months ago a researcher with handle “muslix” had succeeded in extracting a volume key for one of the titles. That attack was only good for stripping DRM from a single title. Each DVD has its own volume key, which itself is encrypted to many “player keys” one for every device/player that licences the standard. Of course once you can extract a single volume key, you can repeat the process to extract others but that can become a labor-intensive process. Yesterday another researcher announced that he had been able to recover one of the players keys.

Surprising? Hardly. It was only a matter of time. The attack targeted a software player– in other words an application that the user installs on their computer. Palladium / NGSCB / TCG notwithstanding the PC remains an open platform today: there is no way to hide secrets from the owner of the machine. That means the DVD-player software that ships with its own key material has no reliable way to hide it from the administrator of the machine. There is no equivalent to a “vault” where keys can be safely squirreled away, protected from the user assumed to be malicious. This is why DRM depends on obfuscation and obscurity, without any solid grounding in theory, and that’s why it desperately needs non-technical defenses such as DMCA to discourage reverse-engineering. And we can see how successful DMCA has been in the HackSDMI challenge, DeCSS debacle and series of successful attacks on iTunes and Windows Media Player.

Development of attacks on AACS also bear out a prediction from Ed Felten:

“Once he has device keys, he could in principle publish them (or equivalently publish a program containing them), thereby allowing everybody to extract title keys and decrypt discs. But if he does this, the AACS central authority will learn which device keys he is using and will blacklist those keys, which will prevent those keys from decrypting discs manufactured in the future.”

Compare this to the following quote from the post announcing successful break:

“I’m not telling which player I used (well you can guess but you might guess wrong) to retrieve the Processing Key because I don’t want to give the AACS LA any extra legal ammunition against any player company.”

3. On the downside: “This copyright notice is copyrighted.” Wendy Seltzer just received a DMCA takedown notice for posting on YouTube a recording of the copyright notice from NFL’s Superbowl broadcast. She is a law professor and intended to use the clip for teaching. (YouTube did not waste any time and sent her the letter in 5 days; if only customer service worked that quickly.) Except this is one takedown notice they may come to regret: Wendy runs the Chilling Effects clearing-house where website owners can post take-down notices they received. Even Google used to forward their DMCA notices there, giving full disclosure when search results are altered due to legal requests.

cemp

TiVo angling for a Big Brother award

Posted: February 5, 2007 | Author: | Filed under: Internet, media, privacy, Security | Leave a comment »

“I promise with my hand on a Bible that your data is not being archived and sold, [...] We don’t know what any particular person is watching,” he said. “We only know what a random, anonymous sampling of our user base is watching.”

So says the CEO for Tivo, according to a recent article in San Francisco Chronicle. The data in question is whether subscribers are skipping commercials. This is a classic case of having to place blind faith in hardware, or at least in the marketing proclamations of the vendor. The TiVo device sitting in the consumer’s living room certainly has visibility into what is being watched and how often the commercial skip feature is used to avoid going postal over that lame beer commercial again. But what is not clear is whether this information is shipped off the box to headquarters, for data mining purposes and if it is, to what extent it is sanitized to strip identifying information about the original user.

Problem is only Tivo engineers can know for sure– and even they may not have it right. One person’s “anonymized data-set” is another’s treasure find of personal data waiting to be correlated against just the right database to reveal the identity behind each record. For everyone else Tivo is a blackbox. The only sources of information are:

  • Vendor claims, to the extent they are complete and accurate
  • Third-party claims, such as privacy advocates assuming they have better sources of information
  • Information gathered by reverse engineering the device. This is costly and returns on investment can be low. Often vendors intentionally obfuscate their protocol in order to protect their intellectual property. (Conspiracy theorists would argue obfsucation only serves to hide nefarious purpose.)

Tivo is neither unique or particularly significant. The question of whether a device owned by the user is acting against their interests comes up all the time. A deceptive short-cut is that open source software is better because anybody can verify it is working as intended. MythTV instead of Tivo? True– in the trivial sense that, if you went over every line of code and built it from scratch yourself. (Otherwise you are at the mercy of the authors, download sites etc.) That approach does not scale and better trust mechanisms are called for. Marketplace reputation of an established company in principle serves as a check: too many eggregious data collection practices equates to lost revenue. But such dynamics can only operate when there is transparency and competition: when users know exactly how 2 different PVR vendors use their data, and factor this into their purchasing decision. We are far from that level of awareness.

cemp

Follow

Get every new post delivered to your Inbox.