Dangerous digits, forbidden Diggs: how not to deal with leaks

The main encryption key protecting all HD-DVD content  against unauthorized copying (“processing key”) was discovered almost 3 months ago in February, and published in the Doom9 forums. In some ways that hack was just a question of time. Software DRM is always vulnerable to reverse engineering. Unlike a true cryptographic  attack, in this case the crown jewels are there, hidden in plain sight shipped with every copy of software capable of playing HD-DVD and BluRay discs. It is quite possible other people had already accomplished the same feat but chose to keep quite and perhaps profit by privately exploiting this information, selling to pirating rings etc.

All of that would be expected. But the truly strange part is that the disclosure issue flared up again yesterday in a storm of protest messages to Digg. Short version of the story:

  • Somebody posted the key in a Digg submission
  • Digg removed it in response to a cease-and-deskist letter, fueling all sorts of conspiracy theories including one allegation that the site had been receiving funding from the HD-DVD association.
  • Users revolted– for 24 hours, every other story on the site featured creative ways to publish the key.
  • Digg admitted the error of its ways and tried to make amends, agreeing to not remove any more user submissions. Damn the torpedoes, full speed ahead.

As quoted in the New York Times article published today:

“You’d rather see Digg go down fighting than bow down to a bigger company,” wrote Kevin Rose, Digg’s founder, in a blog post. “We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be. If we lose, then what the hell, at least we died trying.”

Jay Adelson, Digg’s chief executive, said in an interview that the site was disregarding the advice of lawyers. “We just decided that it is more important to stand by our users.”

Stepping back for a second, let’s put on the risk management hat and ask what has been accomplished in this campaign asking websites to take down offending posts. Breach of valuable cryptographic key material is a serious problem, even when it was destined to happen with the current DRM design. But arguably there is marginal utility in limiting scope of the disclosure. Now the key itself is not really the dangerous asset, since most users can not write the software required to duplicate content. It is only useful to the select few who have the software but not the key. We can bet that no reputable software vendor will be writing that code, although the success of DeCSS in the past shows commercial involvement is far from necessary to get critical mass. But even granting that there is some good reason for limiting distribution of the key, what purpose did the C&D  letters serve?

  1. Ensuring that the key is even more widespread online than ever before, as indignant users made ahere  point of duplicating the 16 hexadecimal digits everywhere they went online. (And some times offline: it is now on tshirts and mugs. CafePress lists over 1000 products.) In this way the cease & desist letter served to initiate the greatest “distributed content replication” rush seen this far. Some of the entires were quite ironic: in one case the C&D letter itself contained the key, which ended up on Chilling Effects.
  2. Drawing extensive press coverage from mainstream media, including New York Times, Forbes and BBC. At a time when the legitimacy of DRM is in question and Apple has successfully spear-headed a movement to offer DRM-free music, the attempt to compensate for technical failures of AACS with legal tactics is unlikely to win any converts to the content industry viewpoint.
  3. Drawing the ire of customers– it would not be the first time.

This is hardly a success story in limiting the distribution of leaked secrets.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s