Wednesday, December 01, 2004

Son of CSS: HD-DVD v. Skylink...

Just as luck would have it, I was doing some research on the new HD-DVD format wars and Ed Felten comes up with a new article on it...

AACS: Son of CSS

AACS is the Advanced Access Content System. It is the next-generation technology that will purportedly solve the "piracy problem" for movies on HD-DVD. AACS basically serves the same function that CSS does for regular, low-def, DVD movies, but it's a lot more complicated. If you want to know all the technical mumbo-jumbo, you need to read the AACS Technical Overview...

I've read it, but I won't bore you with the technical details. There is, however, one very important diagram on page 21 (the next to the last page) that makes everything very very clear.

No Palladium, No HD-DVD

In that figure, you can see two little gray rectangle(ish) boxes labelled "Authenticator in AACS Optical Drive" and "Authenticator in Host". The "Authenticator in Host", on the right, is suppose to be part of your computer. Hmmm, my computer doesn't have one of those yet...

If you look at the diagram a little longer, you'll see that the authenticator in the HD-DVD drive is supposed to talk to the one in the host (your computer). Those two authenticators chat back and forth to make sure they're both "authentic", and once that's decided they continue their conversation over an encrypted link.

The only technology I've read about in the past few years that would allow devices to "authenticate" themselves to each other and allow them to have private, encrypted, conversations would be Palladium.

Palladium, if you remember, is the "new" technology that is supposed to "secure" your computer and make the Internet safe for eCommerce. It also has the effect of enabling all kinds of Big Brother and/or anti-competitive activities. There was a big uproar about this a while back, and that's why nobody calls it Palladium anymore. The new name for Palladium is now NGSCB, the Next Generation Secure Computing Base. Intel just calls it "safe computing"... After all, who's willing to vote against "safety" in this post 9/11 world... Now back to AACS...

AACS is designed so that there will be an unbroken chain of strong cryptography between the HD-DVD media and your video card. As long as that chain remains unbroken, there will be absolutely no possibility for consumers to exercise their traditional fair use rights.

The reason Palladium is necessary is because all that strong-crypto needs to be tamper-proof. Any step of the process that isn't protected by Palladium technology can be hacked, through software, to allow fair use. Without Palladium, there is simply no other way to meet the design goals of AACS.

Obsolete By Design

The other thing Hollywood has learned from DeCSS is that it's a mistake to use a single, permanent, cryptographic key. If I remember correctly, each region-encoded DVD used a different media key. Once that key is compromised, everything is vulnerable to "piracy". Under AACS they have the ability to "revoke" a compromised media key and create a new one.

Revocation is like changing the locks on your house, except that your player is the key and the HD-DVD movie is the house. Once the locks on the house have changed, there's no way to use your old key to get in and grab a beer.

The real kicker is that the AACS Licensing Authority can change those media keys at any time. They don't have to wait for a Jon Johansen to write DeCSS. They can do it any time they want, for any reason whatsoever. For example, they could decide to revoke a media key whenever sales go flat and blame it all on the "piracy" problem.

This is an excellent method for stimulating sales, because once they revoke that media key you won't be able to watch the latest releases on your old HD-DVD player. Now you'll have to go buy a new HD-DVD player. Just remember, don't go buying it on eBay... You'll have to buy a brand-new one because ALL the old players on eBay will have the same revoked keys that yours does.

And how many of you think you'll be able to watch your old HD-DVD movies (you know, the ones with the revoked media keys) on a new HD-DVD player? I'm betting you won't be able to... Why? Because it'd improve Hollywoods' bottom-line if you have to go out and buy new copies of all the movies in your library.

It's in the interests of both the consumer electronics manufacturers, and Hollywood, to revoke these media keys as often as the market will bear... This is the easiest way for both industries to maximize their profits.

Unless we change the law, I predict that fair use isn't going to exist for digital media after 2010. By then, nearly all of our current computers will be dead and the only ones we can replace them with will have Palladium inside. Without the force of law, I don't think we'll ever convince these industries to recognize fair use... Why? Because not recognizing consumers' fair use rights will makes them more money...

Don't Forget the Lawyers

Inevitably, someone will crack AACS. And just as inevitably there will be DMCA lawsuits. But any new DMCA lawsuits will have to take Skylink and Lexmark into account, so it might not end so horribly this time.