[13164] in cryptography@c2.net mail archive
Re: eWeek: Cryptography Guru Paul Kocher Speaks Out
daemon@ATHENA.MIT.EDU (Nomen Nescio)
Fri May 2 21:27:09 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: Nomen Nescio <nobody@dizum.com>
To: cryptography@metzdowd.com, iang@systemics.com
Date: Fri, 2 May 2003 20:40:03 +0200 (CEST)
Ian Grigg writes:
> In practice, this paper raises - in my mind - more
> questions than answers. For example,
>
> * it seems way to complex to have any merit in
> court. That is, I can't quite see how it would
> be possible to prove the results, given the
> math, to the satisfaction of a jury or judge.
>
> (E.g., Find an expert who will disagree, and
> battle it out.)
>
> * it requires identity tracking. Conceivably,
> that might work in a cooperative arrangement,
> such as commercial software, where companies
> hold still, but is unlikely to make much
> headway in retail movie sales.
Actually, the Cryptography Research approach did not require identity
tracking or legal judgements. Data is not watermarked to the user's
identity during distribution, as had been anticipated by previous
watermarking schemes. Rather, the data can be distributed as identically
manufactured optical disks, just as is done today.
In the CR system, the user's content player would watermark its own
"identity" (ie. some digital identifier) into the output that it produces.
It would apply marks to its output based on its own identifier. Then if
the output is redistributed, it is possible to determine which playback
device (e.g. which DVD player) created it. This device would then be
blacklisted and future releases of content would not include the keys
necessary to play on that particular device.
In theory there is no need to get courts involved. Everything happens
on a private basis. But in practice, someone whose expensive DVD player
has been turned into a semi-useless piece of junk may not be too happy.
He might go to court to challenge the content companies on invalidating
his player. He can deny that he participated in a redistribution scheme.
Maybe he could even get an anti-trust complaint going, if all the content
companies band together to share blackball information. Then we are
back to your scenario, battling experts in court.
On the other hand, the CR protection concept is very similar to the
approach which has been used by satellite TV broadcasting, where we have
seen a similar battle of measures and counter-measures. People who use
pirate cards sometimes find them invalidated after a while. You'd think
some of them might try going to court to fight the measure, but in
practice what happens is that if a legitimate customer (i.e. someone
paying the subscription fee) complains that his crypto card has stopped
working, they'll ship him a new one.
The idea is that a pirate would go through so many broken devices
that it would be too suspicious for him to keep requesting new ones.
Plus he probably wants to keep a low profile and not expose his true
name to the authorities. These kinds of measures seem adequate to keep
things out of the court system.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
