Medium Low

The 2007 Webby Award winners were announced today. The Webby’s are the premier awards for web sites. They’ve added so many categories in recent years that you wonder if some award inflation has occurred; it’s less special to win something these days with 69 categories than with the old six categories (and yet they still neglected to add a “Best in Show” award). Many of the new categories have more to do with industry categories than tracking best practices or new web technologies. With new categories such as “Pharmaceuticals”, “Beauty and Cosmetics” and “Insurance”, it seems these were created to allow potential sponsors a chance to win awards since they couldn’t possibly compete in genuine categories like “Best Home Page” or “Best Copy/Writing”. After all, KFC and Geico were winners this year, not exactly institutions you’d think of to be the Best Of anything on the Web.

Notable winners include Al Gore’s channel, Current TV, which won the Television category. Will he personally accept the award at the ceremony in June? The Webby’s are known for limiting recipient’s acceptance speeches to five words — tough for any politician.

Also, savetheinternet.net won the People’s Voice Activism award for their campaign to keep the Internet free. This means that Verizon, the major sponsor of this year’s Webby Awards and fierce opponent of Net Neutrality, will have to present the award to their adversary.

On the evening of May 1, 2007 a bellwether event in the saga of Digital Rights Management (DRM) took place. Users of digg.com revolted against the site's administrators and overruled their decision to remove an important DRM "secret" from the site.

Time will tell if this story bubbles up to the mainstream press. It should, because it represents the first time that such secrets have been revealed in such a public (and uncontrollable) way.

The secret that was revealed is an encryption key for HD-DVD discs, specifically the "processing key". The two new high definition DVD formats, Blu-Ray and HD-DVD, both use much more sophisticated DRM strategies than the old DVD format. They both use the Advanced Access Content System (AACS). AACS uses a combination of keys to encrypt content. One key is associated with the player, another with the disc and the "processing key" is the master key. Crackers had already published ways to discover the player keys and the title keys. On February 11, "arnezami" published his discovery of the processing key on the Doom9 forum. The processing key is "the one key to rule them all." Thus, this is a Very Big Deal.

The AACS system is designed so that the controlling "authority" (AACS-LA) can disable old keys (they can invalidate keys in your player) and issue a new key to be used during the manufacture of all subsequent discs. That's what they announced they would do on April 16.

But the cat is out of the bag. arnezami's technique can be used again to obtain the new processing key. His technique exploited weak security in an unnamed software HD-DVD player, so it may be a little more difficult to repeat the feat. But it will certainly be accomplished.

I should point out that I believe in copyright. Artists and other content creators should have the right to control the distribution of their creations and earn compensation for their labor. I have a 40GB iTunes library, and every single song in it was ripped from a CD that I own. But I detest DRM and have never purchased content that was "managed" by it (at least not effective DRM - my DVDs are obviously encrypted with CSS but these days CSS might as well not exist). I am perfectly willing to respect copyright, but I strongly feel that I should able to make any personal use I desire of content that I've legally purchased. But personal use ends at the boundary of my personal device collection. It does not include giving copies to my friends or reproducing the content in a public domain like the Internet.

As many have commented, we are witnessing the end of the DRM "experiment". With regards to AACS in particular, we will reach a point where new keys are being cracked as fast as the AACS-LA can issue them. It will still take some time, but eventually content distributors will have no choice but to give up. It will not be economical to try to keep up with the crackers. Technology is not the answer. Education is. Perhaps it's unlikely, but the only solution is educating people that stealing content is wrong and convincing them to respect copyright on moral grounds.

The death of AACS, the DRM scheme used by HD-DVD and Blu-Ray, is arriving at an accelerated pace (see "DRM End Times"). arnezami has been joined by "Geremia" over at the Doom9 forums and together they have made significant progress toward permanently breaking AACS. The current hack still requires technical skills (desoldering chips in drives, flashing ROM), but they are making discoveries that should lead to easy tools that anyone could use.

arsTechnica has a pretty good summary, concluding:

Although AACS has proven much more difficult to fully crack than the copy protection on regular DVDs, it is unlikely to remain only partially cracked for very long. The real problem with trying to create an "uncrackable" copy protection is that the media must come with the keys used to decrypt it somewhere on the device and the media itself. Hiding these keys in different places—security by obscurity—merely delays the inevitable. Of course, for the content providers, any delay is still better than no delay at all, so expect the battles between copy protection and hackers to continue.

AACS is probably the most sophisticated DRM scheme that is being used in publicly distributed media. The death of AACS could be the knock on the head that media companies need in order for them to realize DRM is a dead end.

Remember when I described how the AACS LA can issue replacement encryption keys that are designed to restore DRM protection for subsequently released Blu-Ray and HD-DVD discs? Well, the AACS LA did that for the first time about a month ago. Guess what? Engadget reports that the new keys are already cracked and packaged into a DVD-ripping application, even before the first discs that use the new keys have been released! As the kids say these days, that's the awesome.

Following up on my old DRM thread: lately comes news that the iPhone Dev Team have succeeded in jailbreaking the iPhone 3G. The Slashdot post about it contains some pertinent comments:

schmidt349 wrote:

This wasn't some simple privilege escalation coming out of a buffer overflow in the web browser. Apple signs the shit out of every binary on the phone. The kernel won't execute a binary in userland unless it's signed; the firmware loader won't execute the kernel unless it's signed; the low-level bootloader won't execute the firmware loader unless it's signed.

The iPhone 3G is a paragon of embedded device security, at least by way of making sure unapproved code doesn't run on the device, and it's a testament to just how amazing the iPhone Dev Team guys are that they actually found a way to (a) defeat the whole chain of trust in the iPhone firmware in order to jailbreak it. This by the way doesn't even take into account their real genius, the hack into the baseband firmware for the S-Gold radio device, which executes code in its own universe, completely separate from the S5L application processor.

In short, this hack wasn't some bunch of script kiddies having a sleepover and cracking the copy protection on Arkanoid 2 for the C64. This was a brilliant circumvention of some of the tightest security ever found on a PDA or mobile phone.

followed by sycraft-fu, who added:

This is an excellent case study in why DRM is retarded. As you say, this is some of the tightest security ever found. Yet, it has been broken by some very smart people. Such is the fate of any DRM that is sufficiently widespread that smart people care to go after it. You can be as clever as you like with your DRM scheme, you are going to find someone as clever as you will likely break it.