Main | Star Wars Sith Leaked Online »

May 17, 2005

Star Wars: Revenge of DRM

An interesting overview (Link: Security and Digital Cinema: The Last Big Question) of the techniques, processes and technologies being used to secure digital film, begs the question - if it the content is already in digital form, why is so much effort being made to specifically secure digital film as a separate medium?

Of course the answer is... there is a good deal of money at stake, and the industry wants some assurance that going digital does not also mean going bankrupt.

So the movie industry, via:

Digital Cinema Initiatives (DCI), a limited liability company that was established in March 2002 and whose members include Disney, 20th Century Fox, MGM, Paramount, Sony Pictures Entertainment, Universal and Warner Bros...

...has created a draft of standards to put forth and enforce with content licensees (theaters), to ensure that content can not be leaked, sold, stolen, etc..

Many companies do not understand the value of protecting content itself, particularly outside of the realm of content/data that it they are mandated/regulated to secure - such as healthcare information, credit card information, and the like.

Content that is being distributed for sale, is a more clear cut case, although it seems that buyers/implementors of solutions (such as Digital Rights Management - DRM, as is the case in the digital film example) tend towards the extremes, either doing almost nothing to secure their content, or pursuing these capabilities to the ends of the earth.

A quote that troubles me from this article is:

"This biggest issues now are over fingerprinting and watermarking, and we need to be careful. How do we set those standards without telling the bad guy how to do it?"

This is a well known area of faulty thinking in security, the issue of "security through obscurity." If security measures/technologies can not stand up to scrutiny of the direct code or processes themselves, then it is essentially not secure. For anyone who recalls the controversy when the 'encryption' scheme (Content Scrambling System or CSS) was broken by a Norweigan teenager in 1999 (Link: DeCSS) - the primary issue of that security mechanism was the idea that the algorithm itself could be kept secret, and the wonder of reverse engineering proved that it was not a secret for long. Weak security is weak security, and hiding the details only buys a finite amout of time.

The entertainment industry has gone down this path many times, and while there are some signs that they are getting more saavy about doing this well, there are still hiccups that echo back to past mistakes, directly from their own industry, let alone best/worst practices from the business world at large. At least in this case, they are using more established, strong encryption techniques (AES-128 bit) - rather than the 40-bit (and limited keyspace at that) techniques from CSS, and separating the key mechanism from the storage medium, so progress is being made, but not as quickly or comprehensively as the current available state of the art would indicate.

While Star Wars is now coming to a close, Digital Rights Management and Content Security (the larger roll-up of all technologies securing content at rest, in motion, regardless of file format, transmission medium, etc.) is in relative infancy, although it is much farther along than most organizations realize.

Posted by Dan Keldsen on May 17, 2005 | Permalink | Bookmark This


The comments to this entry are closed.