Six new exemptions to DMCA

Posted on by
Reply

Wednesday, August 4, 2010

End of July, the US Copyright Office and the Librarian of Congress have announced six new exemptions that authorize circumventing protection measures as defined by the Digital Millennium Copyright Act (DMCA).

  • It is possible to extract from a DVD (protected by CSS) small video sequences to create a new work, for criticism or education purpose. In other words, DVD is treated like book. Fair use allowed citing extracts of books.
  • Making mobile phone applications interoperable with other handsets. This was in theory already covered by fair use.
  • Jail breaking phones in order to be used on other carrier networks.
  • Circumventing video games for the purpose of good faith testing for, investigating, or correcting security flaws or vulnerabilities; this is good news for security researchers.
  • Circumventing computer programs protected by dongles if they are bugged or obsolete.
  • eBooks if no edition allow access to speak aloud function or special formats displaying (in clear for impaired people)

I don’t know enough about the US regulatory system to assess that it is equivalent to an evolution of the DMCA or just a recommendation. IN any case, it is always the judge who has the final words. Any US lawyer who may answer this question?

BOSS

Posted on by
Reply

The GIPSA lab of INPG Grenoble organizes BOSS (Break Our Stegano System) challenge. Attackers will have access to a database of 1,000 pictures. Half of them are steganoed using a system called HUGO. The payload will be the same for every steganoed picture. Attackers have the source code of HUGO. The objective is to discriminate through steganalysis the stega pictures from the cover pictures.

The challenge is interesting. Regularly, the newspapers disclose story of unlawful people using steganography to hide message on the web. In these stories, the attackers/governmental agencies have not the advantages of knowing the used algorithms.

BOSS should remind you BOWS2. The GIPSA lab organized the same type of challenge but for watermark.

Security Newsletter #16 is available

Posted on by
Reply

The summer edition of Technicolor Security Newsletter is available.

Our guest is Chris Carey, the CTO of Paramount. He presents the new threats and types of piracy that studio are facing. Extremely interesting.

Stéphane Onno describes some vulnerabilities of deployed embedded devices. Patrice Auffret and Mohamed Karroumi shed some lights on the latest attack on OpenSSL. Olivier Courtay and Antoine Monsifrot will introduce you to the basics of Trusted Platform.

I hope that you will enjoy reading it. Do not hesitate to provide some feedbacks.

To subscribe, send a mail at security.newsletter@technicolor.com

From Pirate Bay to Flattr

Posted on by
Reply

Flattr is a new Swedish “social network”. The goal of Flattr is to remunerate the creators of content you like on the Net. Our does it work?
You have to register and define a monthly sum that you will distribute. Once registered, you can add a flattr button on any of your content (blog, videos, pictures, songs…). When a flattr member likes your content, he pushes the corresponding button. Of course, you do the same. At the end of the month, your monthly sum will be equally shared between the contents you liked. The corresponding value will be credited on the account of each content owner you liked. Let’s suppose that your monthly sum is 2€. If you clicked on 10 buttons, each creator will receive 0.2€. If you clicked only once, the happy creator will be granted 2€. If you did not click, the 2€ will be given to a charity.

It is a nice business model. Flattr takes a fee of 10%. It uses a kind of micropayment.

Some potential issues:

  • It will only work if there is a network effect. For that, they need to have attractive content in other words get the buy-in of creators
  • Attractive content? One of the potential issues is the ownership of a piece of content. How to prove the ownership? How to avoid appropriating copyrighted contents?

Why such cryptic title? Does Sweden not give you a hint? One of the founders is Petter Sunde. Petter Sunde is also one of the founders of The Pirate Bay.

In any case, an interesting initiative to follow up.

Identifying providers and downloader in BitTorrent

Posted on by
1

A team of five INRIA researchers presented an interesting paper at 3rd Usenix workshop on large Scale Exploits and Emergent Threats: Spying the World from your Laptop – Identifying and Profiling Content Providers and Big Downloaders in BitTorrent. The title says everything.

Using a single machine and some “flaws” in BitTorrent protocol, they collected and analyzed 148 million IP addresses involved in more than 2 billion instances of downloads. Then, they tried to identify the content providers and the big downloaders.

For instance, for the content providers (i.e. the person who generated the first torrent of a content), they spied the tracker sites to identify new torrents. If a torrent appeared with only one source address, then it was the address of initial content provider!

With no surprise, they discovered that most of the illegal contents are provided by a limited number of content providers. The distribution shape is very long tail oriented. The top 100 contributors provide about 30% of the contents on BitTorrent! The hosting centers of the initial seeds are mostly in France and Germany but the content providers themselves were from other countries.

Interestingly, they discovered that big downloaders where often hidden behind proxies, Tor or VPN. They also identified some monitoring “sites”.

A nice view of the P2P activity.

YouTube won against Viacom

Posted on by
Reply

I regularly report news on the litigation between Viacom and YouTube. Wednesday, 23rd June was the latest event.
Judge Louis Stanton, in an extensive 30-page report, ruled in favor of Google. Judge Stanton selected a law that protects ISPs from copyright infringements if they quickly banish the infringing pieces of content. For instance, he explained that YouTube removed in one day the 100,000 videos that were cited in a Viacom takedown notice. It took Viacom several months to collect these infringing samples.
The lawsuit highlighted some embarrassing behaviours when analyzing the email exchanges. For instance, two founders of YouTube pleaded the third founder to stop posting infringing content on YouTube (at the birth of YouTube). Some documents showed that Viacom expected to acquire YouTube before Google. And many other stories…

As usual, the two opponents sides are orthogonal. I would suggest reading both point of views. For instance:

Is it the end of the story? No, Viacom goes on appeal.

IEEE P1817: a new DRM standard?

Posted on by
Reply

In February, I reported about a new concept Digital Personal Property. IEEE is launching a project to develop this DRM, so called Consumer-ownable Digital Personal Property. It is P1817.

The main goal is to mimic the features of a physical good. In other words, if you would be able to enforce the uniqueness of the instance of a digital good, then there would be no serious reason to limit drastically. In other words, you would be able to act like with a physical book. You could lend it, or sell it. In economic terminology, the challenge is to turn a digital good into an excludable good. By nature, digiatl goods are non-rival and non-excludable.

The main technical concept is that the piece of content is encrypted and can be distributed freely. But the decryption key will be

moveable but uncopiable

. Actually, the decryption key, so called playkey, will be double, one in a server repository and the other one for the user. To lend a piece of content, Alice will hand herplaykey to Bob… To return the piece of content,Bob will send back her playkey. Meanwhile, Alice should not have anymore her playkey.

I see several issues with this proposal.

  • – There must be only two instances of the playkey (one in a server, and one at the consumer). The technical challenge will be the moveable but uncopiableplaykey. One of our Holy Grails. Some enforcements are foreseen.

    Counterfeit Handling
    The playkey banking system facilitates the identification of counterfeited playkeys.
    Playkey pair synchronization occurs, during which the system checks the validity of the playkeys with the issuer and the registrar. There are at least two approaches to handling counterfeits: (1) The consumerʼs player is notified, after which the user interface always highlights the item as counterfeited, and (2) the consumerʼs playkey vault is directed to
    invalidate the device playkey, notify players of its invalid status, and refuse to provide further services for that playkey. The first approach leaves the counterfeit usable, and depends on the social stigma of owning and using forged goods to discourage its further use and encourage reporting of the forgery to vendors and publishers. The second approach prejudges intent and guarantees that the consumer victim pays the price of
    the illegal activity. Either way, there exists the opportunity for vendors or publishers to offer rewards for information leading to the identification of the counterfeiters.

  • How to handle the multi format issue? Today, many customers complain about non compatible format protected by DRM content. For instance, if you use different resolution or codec. Take as an example a Blu-Ray disc and a SD file for Windows player. This does not nicely map in the physical world. A book has no incompatibility of format with your eyes. If we would like to push the comparison, the challenge would be to be able to provide the same book but with different languages.Currently, the foreseen answer by the industry is the digital rights locker.

Will it succeed? I don’t know. In any case, I will be very interested to study the solution making a digital data structure “moveable but uncopiable”.