DRM FAIL: Five Broken Copy Protection Schemes

A copy protection scheme used in virtually all consumer HD video devices, from Blu-ray players to game consoles, was broken this week when someone leaked an essential secret key online. The High-Bandwidth Digital Content Protection (HDCP) protocol key found its way onto the Internet on Monday, and HDCP vendor Intel has since confirmed its authenticity.
It’s unlikely that this breach will have any immediate impact on either digital media sales or online piracy. However, the defeat of HDCP is yet another instance of supposedly unbreakable content protection schemes failing badly.
Still, people in the industry are holding onto the illusion that there will one day be a secure architecture for digital content, despite of plenty of evidence to the contrary. We’ve compiled a list of five of the most glorious DRM failures over the years:
1. Macrovision. The original copy protection scheme was first deployed in 1984 on VHS tapes. Macrovision worked by adding invisible signals to the video recordings on commercially released VHS tapes, which would make it impossible to make copies of these tapes with a second DVD VHS recorder. Macrovision was later also added to DVD players, disabling the ability to record DVDs on VHS. Macrovision Was however easily defeated when tinkerers figured out ways to filter out those extra signals, leading to a brief boom of Macrovision filtering devices. Some DVD player manufacturers also allowed users to disable Macrovision through special codes.
Macrovision’s corporate entity is now called Rovi, and it’s increasingly focusing ondelivering programming guides for CE devices. Its long-defeated technology, however, is still in use on virtually any DVD player.
2. CSS. The Content Scramble System was Hollywood’s attempt to lock down the DVD format and prevent end users from ripping and copying DVDs. It was cracked in 1999, when a number of unknown hackers disassembled a software DVD player to extract its encryption key. This crack eventually led to a tool called DeCSS. One of the people involved in the creation of DeCSS was Jon Lech Johansen, who found himself targeted by Norwegian law enforcement and Hollywood studios as a result. The case against Johansenwas eventually dropped in 2004, and he went on to bring media playback tools to the Android world with his San Francisco-based company doubleTwist. CSS decryption tools now have found their ways into many DVD copying tools, but their sale is still illegal in the U.S.
3. SDMI. The Secure Digital Music Initiative tried to prevent music piracy through watermarking of audio tracks. The initiative was founded in 1998 and backed by some 200 music, technology and CE companies. However,it faced difficulties coming to market, partially because even within the industry, some doubted its effectiveness. These critics were supposed to be convinced with a contest launched in 2000 that asked security experts to “hack SDMI.”
Princeton professor Ed Felten took the initiative by its word, and cracked all but one proposed watermarking schemes. The Recording Industry Association of America (RIAA) went on to threaten Felten with a lawsuit when he tried to document his findings, but subequently backed down when Felten teamed up with the EFF. SDMI eventually dissolved in 2001.
4. BD+. The early defeat of DVD copy protection hasn’t stopped the industry from trying to lock down Blu-ray disks. In fact, the BD+ copy protection scheme is far more sophisticated than CSS, because it’s based on updateable keys. However, that hasn’t stopped skillful minds from cracking BD+, and rips of a number of Blu-ray movies have since appeared online. The industry has reacted to this by in turn updating BD+, but the cure turned out to be more like a poison: Dozens of Blu-ray titles have been rendered unplayable for owners of Samsung’s Blu-ray players, thanks to copy protection gone wrong.
5. HDCP. The High-Bandwidth Digital Content Protection protocol aims to protect video signals traveling from one device to another. For example, if you connect your Blu-ray player via HDMI with your TV, then all the video will be encrypted with HDCP. The idea behind this is to prevent people from recording the HD signal, just like the original Macrovision copy protection system tried to prevent recordings on VHS.
And just like with Macrovision, this has led to the emergence of HDCP filtering devices. Dongles that make it possible to play HDCP-protected streams on non-compliant devices have been available for a number of years, but the fact that HDCP is now completely broken could potentially enable rogue manufacturers to build more sophisticated DVRs or Blu-ray copying devices. Also possible: Interfaces like an HDMI USB adapter or an HDMI Firewire converter, allowing you to write encrypted video streams onto your hard drive and then decrypt them with the help of a future DeHDCP application.

However, all of this likely won’t change much for the average consumer. Copy protection, even if broken, tends to be around for decades, as Macrovision and CSS have proven. And we can be sure that the next fail-safe protection scheme is just around the corner…