Finally, on the last day of May, iTunes has been updated to version 7.2 along with the arrival of “iTunes Plus”. DRM-less, 256kbps AAC files at last. I was excited enough to hop on right away and purchase 2 albums that has been sitting in my Amazon shopping cart for months (in their CD form, no less).

I’ve always been a very discerning audiophile, which only recently finally succumbed to the fact that keeping all of my music in Apple Lossless is really just a waste of hard drive space for a small (although still perceivable) quality gain. I have over thousands of dollars invested in pretty good audio equipments, most of which I no longer listen to on even a monthly basis anymore.

My Super Audio CD player is completely useless, as the format has died a painful and slow death. Now it is nothing more than a glorified CD changer that I never, ever bother to change. I have racks of CD’s that I don’t really want to deal with on my next move, only half of which has been ripped into MP3′s.

Fact of the matter is, there are only so many hours of entertainment I can relegate to my schedule per day, and most of those times are split in between games, TV, and other activities outside of the house. My interaction with music now are limited to my commute and a few minutes at work when I don’t have to worry about the next meeting. I am now content with 256kbps

The whole fiasco is summarized at TechCrunch, with the users eventually winning out at the end. Obviously, there was no way that Digg can fight back against their entire user community. It’s a demonstration of how powerful the public voice can be, especially given the proper medium.

The question here, is that if a decryption key can be made into such highly publicized information, then what is the boundary for any information to remain private? Traditionally these type of information are always available, but only through backdoor channels, you always had to “know somebody that knew somebody” and digg around (no pun intended) for these ever-elusive hack. Now a HD-DVD decryption key is out in the wild, what’s a software maker’s right to protect say… their serial numbers?

If everyone posted their Windows Vista serial key, for example, what is Microsoft’s right to protect themselves against a possible outbreak of millions of serial keys being made public, and the ensuing windows activation nightmare?

Hackers discover HD DVD and Blu-ray “processing key” — all HD titles now exposed

Enjoy!

Vista Month: Welcome To The DRM?

It’s a good, short & concise post that pretty much summarizes all the ideas behind Vista’s new content protection scheme without going into too much details. Although the post itself is relative old news by now (not to say that my post isn’t), the comments following the post is most entertaining.

There are quite a few people who swear they’ll never use Vista. Which will most likely be challenged when they purchase their next machine which will inevitably ship with Vista preinstalled. A few said they would rather switch to Linux, and even fewer said they will switch to MacOS. Completely understandable, since you can get Linux distributions for free, and you would have to pay for a new machine to get MacOS.

The number of people who are willing to defend Microsoft on this point is also surprising. While a few valid counter arguments has been made, including that most of these security features are turned on/off depending on the policy of the content provider; the fact remains that the studio has absolute, revocable control over what we paid for.

As history has shown us, it’s really hard to disable or extend pre-existing devices of any sort. For example, add-on drives to enable extra functions in consoles has never really panned out (even XBox 360′s HD-DVD drive is nothing more than offering an value add to watch HD-DVD content. No games will ever come out in that format). Destroying backward compatibility, as some early CD-DRM methods has proven, is also nearly impossible. With all the non-compliant stand-alone HD players out there, it’s hard to say if the studios will ever enforce complete security profiles on HD content.

However, this isn’t about the practical application of such ideals, but the fact that our rights to some degree has been completely taken away by these implementation of technology. If we allow them to get away with it this round, they will make sure it was implemented the “right way” the next time around. That’s an argument that everyone seems to be missing.

Part of me didn’t believe that even Microsoft would go as far as implementing a content protection system that would come at a such detriment to the consumer. So I waited for weeks to see if Microsoft had any sort of public statement and rebuttal against it. Microsoft did eventually comment on the content protection behind Vista, and really couldn’t say much more other than admitting, and putting a good spin on what has been done.

Short blurb about AACS
To understand Windows Vista content protection, we have to first understand the difference between DVD, Blu-ray and HD-DVD. Our good ol’ DVD format was made during the adolescence of the digital content era. At the time the movie studios were promised that this complex encryption algorithm would never be cracked. As it turns out, CSS (the method of encryption used on DVD) wasn’t as impervious as we thought. If I recall correctly, the key to decrypting CSS was discovered in one of the software that plays back DVD on the PC. Since there’s no way to revoke that key once discovered, CSS encryption was hence cracked forever.

Thus, with HD-DVD and Blu-ray, the studios sought out a much more effective method of protecting their content. What they arrived at is what’s known as AACS (Advanced Access Content System). The key differences between AACS and CSS are:

• AACS seems to have a more modern public/private key encryption system, where there are many more keys assigned than there are in CSS encryption. The granularity of key distribution is unknown. Keys can be handed out on a per-player or per-model number basis, or perhaps even a per-company basis. This is unknown.What is for sure, is that there is a very complex & established backend that manages the distribution & licensing of all these keys.
• AACS uses a revocable broadcast system, where the content providers can revoke keys that has been hacked & distributed illegally. So if they realize a certain key has been compromised, they could distribute future content where they no longer will play and decrypt by using that pirated key.
• Manufacturers of players, either software or hardware based, has to pay licensing fee to AACS in order to use the keys. If a certain manufacturer say, goes out of business and then fails to pay the licensing fee, there are no guarantee that your player from that said manufacturer will continue to function. They could revoke the key and you would essentially be stuck with a brick (or useless bytes on your hard drive, if it’s a software player).
• AACS is also “policy-based”. Meaning that each Blu-ray and HD-DVD has a list of configurable policy to act with the hardware/software system that it is playing on. The content provider can choose to enable & disable certain features. For example, a lot of first-generation players shipped with component output which does not support HDCP (the end-to-end encryption from your player to your TV set), and a lot of current content does not have the policy to disable or degrade playback at the lack of HDCP. However content providers can choose to enable this feature in the future and once again, render your current hardware/software potentially useless.

How doe this affect Windows Vista?
Microsoft has an obvious strategy on making Windows Vista the next “media center” for every home, which probably also led to the decision for them to comply with just about everything that content providers wanted, even above and beyond the normal amount of compliance that is expected from a hardware manufacturer of traditional players.

AACS on its own is much more resource intensive; which explains why very early first generation Blu-ray and HD-DVD players can take as long as a minute to just “load” the disc. Of course that has improved with better & cheaper processors in the players, and won’t be much of an issue on your PC. Other than this resource being taken up by decryption, there are still other issues.

Like the aforementioned flexible policy with AACS, Windows Vista is also designed to “degrade” video & sound playback quality if the policy of the content calls for it. Of course all players has to deal with this, but PC users has the worst of it, because there’s a severe lack of completely compliant hardware available. To have complete compliance with AACS, you need to have HDCP, the end-to-end data encryption protection from the disc all the way to your monitor/speakers. There are very few hardware available that has HDCP compliance. There are very few HDCP compliant video cards, I’m not aware of any HDCP compliant sound card at all (which means you can’t get a digital output, only analog), and there are next to none HDCP compliant computer monitor on the market.

Furthermore, complete HDCP compliance requires part of the video/sound driver to become a “black box”. Obviously if the driver source code is available completely, HDCP would be easily hacked or bypassed by some method. So those users who chooses to run alternative operating systems, such as Linux, may be completely out of luck when it comes to HD content on their computer. There would be no open-source driver development to support HDCP components.

However, like I said earlier, most content available now do not have the entire set of compliance rules enabled, simply because there are still plenty of HD components on the market that doesn’t have compliance, and will *never* be compliant. It’s hard to say whether the content provider will eventually enable these features, and essentially shut out all first generation HD adopters (players & TV without HDCP support are all going to be obsolete if they choose to do so). It remains a fact that they are the ones in control, the consumers are not.

Other than HDCP compliance checks, Microsoft also implemented a “tilt-bit”. This is where they go much further to ensure content provider’s happiness than even the stand-alone players. A “tilt-bit” is a term derived from pinball machines, where there’s a detection that if you tilt the machine too much, the machine would consider that you were cheating & stop your ability to continue play. There is a constant system check that runs in the background every 30ms (milliseconds) when you are playing HD content. It checks against all the drivers in the system, all the processes, to make sure that nothing “weird” is going on. Nothing out of “expectation” is going on.

The reality is that computers are rather fickle machines. When you have millions of microscopic circuits on a tiny little chip smaller than your nails, there are a lot of errors that happens on a very small scale at all times. Computer chip do deteriorate over time as well, resulting very small breakdowns in circuits. Most people don’t realize that their computer is very much like their car, where “wear & tear” over time eventually degrades performance and kills a computer (which answers a lot of the questions like, “Why did my computer break down? I’ve only had it for 5 years and only ran one software on it!”). A “tilt-bit” check essentially catches errors similar to what your computer will naturally produce, and then decides what is deemed “appropriate” and what might be “hostile” and then restarts your graphic subsystem if it detects any potentially “harmful” behavior.

This is done to ensure that there isn’t any memory resident hack that’s capturing the decrypted output somehow. It’s also a very wide-area check for any potential hack of any sort that the system just can’t even predict or even know about. It’s like catching brim shrimps with a fishnet.

Lastly, there is a 128-bit encryption for all data sent through the PCI bus to your video card during playback, to ensure that no one can use any sort of a hardware snoop to capture unencrypted data going from the disc to your video card. HD content already takes up much higher bandwidth than DVD, now imagine having to encrypt/decrypt that content over PCI bus in real time. That’s an incredible amount of resource being eaten up for no reason other to service the content providers.

Will other OS’s follow suit?
This kind of insanely taxing implementations of content protection, is what I believe to be the reason that we have yet to see any sort of next-gen content announcement from Apple.

As much as people criticize Apple’s FairPlay DRM for being a closed & proprietary system, people also forget how much Apple fought to reach the compromise that became FairPlay. FairPlay came at a time where record companies weren’t happy about distributing digital content, and even those who did, did not want to license more than one device at a time. They wanted to charge people money for every device that their music played on. Apple fought back, got the contract so people can play their music on up to 5 devices, and are able to disable licensing on devices that they no longer use.

Even before the iTunes Music Store (I’m also surprised at how many people forgot that iTunes existed without the music store at first, and the first iPods did not have downloadable content; it was just a MP3 player), iPod implemented a really screwy one-direction music download to the device, where the song names would be completely scrambled & referenced by a XML file to provide a “soft-protection”. This was part of the design that convinced the music industry that Apple were at least somewhat reasonable to work with. Apple didn’t do these things for no reason at all, they did it so they can negotiate some sort of a compromise that could appease both content provider and the consumers.

Microsoft had made absolutely no attempt at negotiating for a compromise of any sort. Even with their Zune player, they agreed to “pay” music labels for each Zune they sold, even if none of that label’s music would ever make it onto a Zune. Microsoft has certainly made a terrible example of how to deliver content protection to their consumer, and I hope other companies will not follow in their footsteps.

Take a look at Engadget’s article for more information:
VirginMega France to sell DRM-free MP3s in March

What is exciting to me, is that Jason Mraz released his EP not in iTunes, not in WMA format with DRM, and most certainly not on the Zune marketplace (that wouldn’t have done him any good at all, would it?); but in pure, unadulterated MP3 file format. The audiophile in me still despises MP3 for what it is, a lossy compression format where some of the most important and delicate detail in the music gets freeze dried, but it is by far more preferable than any other DRM-laden formats.

Similarly, Ropeadope has announced that they’re going to all digital distribution of their records starting this year; and early indication is that they will be distributing via MP3′s, sans all the DRM-goodness that major record label deem as their sacred family jewel.

It is also worthy to mention that some big artists that has less need for major label backing, such as Phish, has been publishing their own music on the web for years now. Phish goes one step further in distributing not only MP3′s, but uncompressed versions of their live tours.

More and more, record labels are exposed as promotional vehicles of bland and uninspired music rather than scouts of original & exotic talent. Several years ago Apple had the chance to revolutionize the music industry by allowing artists to directly publish music via iTunes Music Store. Instead they went the safe route and established a storefront for a pre-existing, but archaic economy. It certainly doesn’t help that Microsoft essentially sanctioned treating people like thieves by giving record labels royalty on every Zune player sold (which isn’t all that many, I wonder if they have to provide royalty on the players they give away?).

People love the artists, everyone hates the record label. The record industry has a chance here to gain a huge amount of traction with the public by allowing people the freedom to do what they want with their music. Remove DRM, and suddenly the record industry improves its image by a huge amount, and maybe that plunging music sale would surge back up again. Keep going down the DRM route, eventually all good artists will start publishing their own music, on their own terms.