EDIT 2007/06/30 004
I re-read Mr. Carlos Serrão original post, and altough the all tone of the post points in one direction I missed the end conclusion where he states that he believes that it is possible to have Open Source Secure DRM application. My apologies to him.
———– ORIGINAL POST FOLLOWS ———–
On the Portuguese blogosphere there has been a lot of talking about DRM in the past few days. I’ve seen so many things that I have no idea where to start, but I’ll try.
First of all a little on computer systems. When we consider a standard computer with a standard OS as a Turing Machine we know that we can simulate any other system inside this one. Mac users are used to this:
1-Run Mac OS on the Power Mac,
2-Run a Virtual Machine that simulates a PC,
3-Run Windows inside the simulated PC,
For all practical and theoretical purposes the simulated CPU has no way to know that it is a real (hardware) or virtual (software). And we can keep on doing this:
4-Run Vmware in Windows,
5-Run Linux inside Vmware.
So lets try to include DRM with this. But first, lets see what are the broad goals of DRM.
1- To give the distributer of content control over who opens a certain data.
2- To make it impossible for a user to do a Digital Copy of a certain data.
Lets see how we can implement this for the music industry:
1- Create a hardware audio player, lets call it iPlayer
2- Create a store with musics, lets call it iMusic
When a user buys a iPlayer he goes to the iMusic site to buy some songs, and enters the serial number of the player.
The store can now produce customized songs for the player. These songs can be encrypted with a key that is inside the iPlayer. When the user sends the file to a friend, his iPlayer will have a different key inside, and will not know how to open the file. Almost perfect! It is not perfect because the user can still share the data. But for the iMusic store is as good as perfect because only the person who bought the file can open it.
But is this really perfect?
Lets remember where we started. A computer system has no way to know it is running inside a simulate environment. So what stops us from creating a simulator that simulates an iPlayer? The fact that the iMusic store knows something that we do not know: “the key inside our iPlayer”. But lets say that for some reason we have that piece of information (i’ll return to the process of getting the key latter on). We can simulate our iPlayer and when it decrypts the data we can grab the raw unencrypted data and store it. We just cracked the DRM protection.
But you need the key!
Here comes hardware hacking, that is the process of somehow opening the iPlayer and getting the key from one of the chips inside. Or, from the iMusic store perspective, how to make hardware that cannot be tampered.
Chips can be made where it is very VERY hard to retrieve the keys. But where there is a will there is a way
Things are looking bad for the iMusic store. And it gets even worst.
The user will want to play his songs on his iPlayer and on his computer. So the store gives a shot in the foot and produces a software called iDesktopPlayer that the user installs in his laptop. The store is not “dumb” and forces you to download new musics that are encrypted against a key inside the iDesktopPlayer. So now you just need to create a software that simulates a sound card, this simulated card will dump all information to a file.
So this all comes down to:
The iMusic store needs to partner with computer vendors and create a world were there are no Turing machines.
That is the TCG. The idea is to have a computer where all software is Trustworthy. Meaning it is signed or encrypted and the keys are in hardware tamper proof.
And people say this kills Open Source Software. Actually no:
-----BEGIN PGP SIGNED MESSAGE-----
echo "This is a secure, OpenSource Audio Player!"
$key = get_this_computer_key_stored_in_hardware();
$decrypted_audio = gpg_decrypt($enc_file, $key);
echo "This file is not for this machine... PIRATE!!!!"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
-----END PGP SIGNATURE-----
This piece of code is Open Source. Any one can look at it and see what it does. A trustworthy computer that had my gnupg key could verify the signature and execute the software. But if onewas to change something the computer would no longer be able to run it. This kills FREE SOFTWARE.
So this answers Mr Carlos Serrão when he says that OpenSource and DRM cannot mix. They can. But it will not be Free Software with all the liberty’s stated by the Free Software Foundation:
* The freedom to run the program, for any purpose (freedom 0).
* The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this.
* The freedom to redistribute copies so you can help your neighbor (freedom 2).
* The freedom to improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this.
This post is already lengthy so I’ll stop know. Maybe one of these days I’ll talk some more on why I think it is impossible to build a Trusted Computing Platform.