Category Archives: Book/Paper

Olivier BOMSEL explains the economics of the graduated response

Posted on by
Reply

Olivier BOMSEL, French economist, has always presented interesting views on the media industry. Thus, he has been invited to participate to the French commission Olivennes. The outcomes of this commission have given the basis for the French graduated response.

It was normal that Olivier justifies the outcomes. In Decreasing copyright enforcement costs: the scope of a graduated response, he explains why it is an economically rationale decision.

Section 3 is my preferred one. He explains why free riding on copyright content was an incentive for a strong roll-out of broadband. ISPs had no incentive to fight piracy. According to him, once broadband successfully deployed, a second phase starts. ISP search new revenues through paid distribution. Butt due to piracy, cost of content raised. ISP have now some incentives to fight piracy.

Section 4 explains the graduated response. The purpose is to increase the probability to be caught, thus through fear have a deterrent effect.

With the French case, he shows that the ISPs will bear the cost of this fight and not the content owners. One interesting application of the polluters pay principle.

This section is less convincing. Nevertheless, the paper is highly recommendable.

Security and cloud computing

Posted on by
Reply

RSA recently published a white paper entitled The role of Security in Trustworthy Cloud Computing. The document is extremely interesting.

It presents the different security challenges that enterprise will face when switching to public or even private cloud computing. With cloud computing, IT departments will loose control. This loss of control needs to be balanced by more trust and confidence in external providers (cloud infrastructure provider such as Amazon’s E2C, service provider in case of SaaS…).

For instance, the document some requirements for secure data

It will require
* Data isolation
* More granular data security
* Consistent data security
* Effective data classification
* Information Rights Management
* Governance and Compliance

We could argue that all these requirements already exist in the non cloud world. Nevertheless, they become MANDATORY in cloud computing! They will be more complex to implement and to monitor.

The document seems to lack one important threat. The insider threat was already a member of the cloud provider who illegally access private data. I believe there is another threat, another user of the cloud that attempts to access your data if isolation is not perfect.

There is already a rush towards cloud computing. But clearly, security of cloud computing is not yet mature. There is no integrated secure available solution.

IFPI report 2009

Posted on by
Reply

The annual report of IFPI is always interesting. The 2009 edition has just been released. Its title is exciting: New business models for a changing environment. This year, IFPI put the focus on the new ways to monetize musics. They highlight mainly three main trends:
– Music access, through a subscription, or a package people have free access to a catalog. Nokia offered such service. French ISP Neuf Cegetel runs such service since 2007. For no additional cost, they offer legitimate access to a catalog of nine music genres. For a monthly fee of 5€ (7US$), they provide legitimate access to all universal Music tracks.
– Ad supported services, the deal of mySpace music is important. UGC sites are the new distribution channels of music. Half the most popular streams on YouTube are copyrighted music videos.
– Games, branding and merchandising. The huge success of Guitar Hero is an example. The report provides some example of combined launching of games featuring band music and corresponding release of album.

Thus, music industry is clearly exploring new business models. They have to. DRM free music puts the pressure.

Of course, there is a section on piracy. This year teh focus is on the role of ISP to thwart piracy. France is showcased for its graduated response (known as HADOPI). Our friend Olivier BOMSEL is interviewed. Olivier was member of the French “commission Olivennes” that suggested the graduated response (and many other things)

Nice to read document

Digital Future Symposium (DFS)

Posted on by
Reply

This event organized by the Center for Content Protection was hold with Asia TV at Singapore. Thus, the audience was rather large (140 people) and encompassed broadcasters, producers, and press.
The best presentations were:

  • Brad HUNT (former CTO of MPAA, and now consultant at Digital Media Directions) presented his four major trends in content protection
    • Use of fingerprinting to monetize content
    • Digital copy and managed copy for optical media
    • Domain based DRM
    • DECE with some emphasis on Marlin
  • Fabrice Moscheni (Fastcom) presented an impressive demonstration of DVB-CPCM. The demonstration raised a lot of interest.
  • Yangbin Wang (Vobile) explained how Vobile protected Olympic Games for CCTV

Conax, BayTSP, Verimatrix, Microsoft and Viaccess presented their products. Intertrust made a dull presentation of Marlin. I made two presentations:

  • A global approach of security explaining that using only fingerprint or watermark is insufficient, at least for tightly controlled distribution. The distinction between tightly controlled distribution and loosely controlled distribution was appreciated.
  • An introduction to DVB-CPCM before Fastcom’s demonstration.

Two main messages were conveyed during this symposium. Content Identification Techniques may allow monetization of content. Domain is the next paradigm in DRM.

C&ESAR 2008

Posted on by
Reply

I was present only at the last day of this conference. It recently changed its name from former “Journées du CELAR”. It remains mostly a French conference. What did I prefer in this day:

  • A very good introduction to contactless cards (smart card and RFID tags) with a nice list of threats and some countermeasures. The presentation was not highly technical but nevertheless complete. In the future of countermeasures, I loved the idea to embed micro batteries for having some margins for security measures. This will help in solving atomicity problems (a nightmare when designing a secure implementation of communication protocols).
  • LANET (University of Limoges) presented a detailed attack on JavaCard bypassing the sandboxing to dump instructions. Nice work, although not applicable to modern cards
  • DCSSI presented their preferred solution for electronic vote. The speaker clearly stated that he would rather not use electronic vote because it will never be 100% secure. Political pressures require such solutions.

I always thought that security people would be paranoid. It seems I am wrong. As usual in conferences, people use their laptops even to do sometimes mail. I was surprised of the number of people who do not use a confidentiality filter. My direct neighbors were from DGA (Direction Générale de l’Armement). They openly shoulder surfed the mails of person before them. He was not from the DGA. Companies should be default equip the computers from their travelers with such filters. I must confess that THOMSON does not. You have to ask for one.

The evolution of copyright

Posted on by
Reply

Andy Oram published a very interesting document that describes the history of copyright laws. It explains how it drifted with time and what are the internal concepts of copyright. For instance, he highlights the difference between patent and copyright. Patent protects a function whereas copyright protects an expression. You have to fight to get the protection of patent whereas you have to fight to leave the protection of copyright (that is “on” by default)
The document is really interesting to read if you are interested to understand what copyright is, and how it arrived where it is. The only critic is that (as for many paper on this subject) is mainly US centric.

The address of the paper is How copyright got to its current state

Thank you Jean Jacques for the pointer. :Wink: