Some updates concerning older topics

Posted on by
Reply

In September, I reported that the French TV recording service wizzgo was not allowed to record M6 and W9. Last week, the court banished TF1 and NT1 (a subsidiary of TF1) from the service. Meanwhile, all the channels of France Television group were also banned. Only a few channels remain available through this service.

More and more Free To Air broadcasters propose a system of catchup TV. And of course, they expect to secure their advertising revenues. This type of service would cannibalize these revenues. Wizzgo wil have to find another business model.

In September, I also reported the massive campaign against DRM for the game Spore. The creators of the game “World of Goo” have reported that they estimate that the PC version of their game has been pirated at 90% (more accurately 82%). On their blog, they explain their measurement methods. They record the IP addresses of the highest scores reported to their server. World of Goo is not protected by DRM.

The conclusions of the creators is that DRM is worthless, because another game that was protected by DRM had the same piracy level. :Sad: His conclusion is also that for 1000 deterred pirated instances, you gain one purchased version. I am not sure that this ratio would be valid for a blockbuster. If you sadly want the game, and have no alternate solution than purchase it, would you miss the game?

Brilliant Digital offers a new filtering technology

Posted on by
Reply

Brilliant Digital Entertainment announces a new technology for ISPs. Once the ISP detects that the request concerns an illegal audio files, it would block the link and propose an alternative link to purchase a legal version. The company already proposes legal distribution using P2P.

Some interesting facts:
– The announce of this new technology has been made by two former rivals: Kevin Bermeister (formerly KaZaa) and Michael Speck (former anti piracy of Music Industry Piracy Investigations)
– The business model is interesting. Brilliant Digital Entertainment would share some part of their revenues gained from sales with the ISPs.

Now, let’s have a look on the technical tidbits. Very few information are available (only the announcement). The site itself has no reference to the new technology. It seems that the ISPs would intercept the request of the illegal file. This means two things:

  • A mean to detect illegal files; It is probably associated to a list of hash codes of contents that have been spotted as illegal. Similar work will have to be done for instance for French graduated answer. Fingerprinting technologies should allow to find some infringing files.
  • A mean to spot the request; In view of the described method When the architecture of the internet that has our technology recognizes one of those proven illicit files, it blocks it, disconnects the link to it and adds to the search results the opportunity to purchase the legitimate material , I would guess that they replace the illegal trackers by legal trackers powered by AltNet (the technology of Brilliant Digital). It means that they have a way to spoof the request.

As a rough analysis, the second point may be Achilles heel. This may work if the request is done using a typical browser calling the tracker sites. It may be more difficult if using dedicated tools such as Che for instance. With collaborating tracker sites, they could secure the answer.

It is an interesting initiative that we have to follow.

Murder of virtual avatar, real punishment?

Posted on by
Reply

Two weeks ago, a 43-year old Japanese woman has been jailed for the murder of her virtual divorced husband. Her avatar was married to a avatar in “Maple Story“, a kind of Korean Second Life. Her virtual husband divorced without notifications. As retaliation, she logged in the account of the owner of her divorced avatar and destroyed the avatar. It seems that he shared with her his account login credentials.

She has been charged for illegal computer access and destruction of digital information. She may face up to five year jail or $5000 (3500€) fine. Interestingly, if her avatar would have killed her divorced avatar within the metaverse, then she would not be prosecuted. Death in metaverses is common. You may murder in Second Life. You may be killed by monsters or other characters in World Of Warcraft. That is the game. But here, she destroyed the avatar data (different from killing the avatar). An avatar may represent a lot of time investment, emotional investment and sometimes even monetary investment. The death (following metaverse’s rules) of an avatar may be accepted by his owner (sometimes with difficulty). But this destruction of data may represent a moral wrong and even financial loss.

Regardless of the morale judgment of this story, this story highlights a coming big problem. How will real world rule the interaction with metaverses. Metaverses will take an increasing importance in our life. Current regulations are not adapted to this coming challenge. Even metaverses are not ready. Many challenges for security in these worlds are needed. In many cases, the threats will come from the real world.

Nintendo DSi incompatible with linkers?

Posted on by
Reply

Nintendo has just launched its new portable console DSi. It has a 17% larger screen than DS, a 0.3 megapixel camera and the possibility to download and store games.

Interestingly, it seems that Nintendo took also this opportunity to fight back the linker-based piracy. First reports announce that the most spread linkers (R4, …) do not work anymore with this version.

Thus, good move from Nintendo. The question is how long will it resist.

Thanks Yves

Is French HADOPI law dead? (3)

Posted on by
Reply

The story about HADOPI continues. On 31st October, French Senate, the upper parliamentary chamber, has voted with a huge majority the law “Création et Internet”. This law allows the implementation of the graduated riposte. An amendment has been appended that would restrict the blocking to a given set of services. Mrs ALBANEL, the French minister of Culture, announced that HADOPI would not stop access to phone and TV services (if possible).

Nevertheless, it is still not clear if this law is not overruled by the EU amendment 138 (see Is French HADOPI law dead?)

More information about this law will be available in next next security newsletter (due in less than two weeks).

Civolution

Posted on by
Reply

Civolution is a new spinoff of Philips. Civolution will manage all the identification solutions from Philips. It encompasses MediaHedge the platform dedicated to content identification on Internet (based on fingerprinting technology) and Teletrax the platform for broadcast metering (based on the watermark technology). Of course all the watermarking activities, for instance DCI, are part of Civolution.

The new company was launched on 20th October 2008. It would be interesting to know if all the corresponding team of Natlabs did follow. In any case, HAITSMA Jaap followed. He is the CTO of the new entity.

Feedback from ACM DRM Workshop

Posted on by
Reply

On Monday, I attended the 8th ACM DRM workshop. Here are my feedbacks on this workshop.

There were two invited talks.
KAHN Robert (from CNRI) presented The role of identifiers in information access . The talk was about the Digital Object Architecture (DOA). The idea behind that is to redraw Internet from a communication centric system to a digital object centric system. Every digital object would be identified by a unique handle and servers/proxies would resolve it and provide the actual location of repository (reminds you something :Wink:?, Kahn is behind TCP/IP). This is what is used for DOI.
The link with DRM? The message was that it is important to separate the terms and conditions (expressed as metadata) from the actual enforcement. I fully agree. . His attempt to apply it to the Broadcast Flag was more dubious.

The second invited speaker was YACOV Yacobi. He is the lead of Microsoft’s anti-piracy group. He presented Content Identification He tackled three issues: piracy versus counterfeiting, new DRM and economics of fight against counterfeiters. His distinction between pirated goods and counterfeited goods seemed not extremely good to me. A counterfeited good is a physical good that looks like the original and is sold at about the same price. Thus, the sorting is mainly on the price.
His new DRM approach was the use of media hashing (what we currently call fingerprinting or perceptual hash). Clearly, he was not aware of the state of the art in the field, both about existing solutions, and approaches like the one proposed by Philips many years ago.
In the last part, he presented a complex modeling of economics to determine the optimal effort in counterstriking counterfeiters. It would have been more interesting to focus all his presentation only on this topic.

About the other papers:
JIN Hei (IBM) presented Adaptive traitor tracing for anonymous attack. The starting point is the sequence keys traitor tracing scheme of AACS. It was an extensive analysis on how many movies you had to retrieve to safely incriminate one infringer within a non cooperating coalition. The figures are still very high. As we stated many years ago, sequence keys will probably never be useful in AACS. Furthermore, the analysis assumes that the infringer does not collude content with other members. Would I be an attacker, this is what I would do. Nevertheless, nice theoretical work using probability.

YUNG M. (Microsoft) presented Public-key traitor tracing from efficient decoding and unbounded enrollment . A traitor tracing scheme based on El Gamal. I will let Marc JOYE comment :Wink:

JAMKHEDAR Pramod presented Formal Modeling of Rights. He proposed a scheme that should encompass any Rights Expression Language. Compared to the work of GUTH or CHONG, there is the addition of obligations inside the model. Obligations are external conditions that have to be accomplished prior to granted this action.

DOERR (with Ton KALKER) presented Design rules for interoperable domains – Controlling content dilution and content sharing . It was a presentation of two interesting concepts of CORAL: the rights token (a REL that is independent from the DRMs) and management of domains. The most interesting part was the ideas on how to control the size an dilution. He proposed three mechanisms: proximity, cardinals, and time-out. I think that we did not dare to embed time-out for contents within DVB-CPCM. I am not sure that people would appreciate.

Discussions were extremely interesting. Long discussion with the representative of EFF (but that is another story)

And of course, I presented my paper A Four Layer Model for Security of DRM