I think a key lesson (from the technical side) is that it is a bad idea to fix a key in such a way that you can not change it. This is analogous to having the same password on all your accounts. If one of the forums you use has a security flaw that reveals your password, you don't want your bank login compromised.
The most amazing part of this was that someone actually reverse-engineered the key from a reading of the AACS system. (http://forum.doom9.org/showthread.php?p=953036). It's almost trivial to design a system better than this. A simple public-key/private-key system would prevent this leak (although it would be still weak to insider leaks).
If Coke can keep its secret sauce secret, you'd think it'd be possible to key a bunch of number secrets.
While it's cool to see crazy Internet hijinks, spreading the key doesn't actually affect piracy. The key allows the removal of DRM on HD DVD which allows it to be ripped to x264. Only a select few need the key/software for there to be a problem.
Re: direct, head-on attacks This is clearly an asymmetric warfare problem. You have limited resources to stop the piracy of many users.
Assume a simplistic model where all users will either buy or pirate depending on the cost of the alternatives. This assumes that the moral objection to piracy can simply be added to cost. We ignore the users that will not buy at any cost (die-hard pirates) and those that will not pirate at any cost (good guys).
Suppose there is a distribution P(x) that gives the number of users that will pay at most x for a product. If the retail price, R, of the product exceed a user's willingness to pay, that user will pirate if the pirated product is available. The pirated product is available if someone is able to defeat the protection scheme.
Let M be the integral of P(x) for all x>R denote the number of paying users. Let N be the integral of P(x) for all x<R denote the number of would-be pirates. The revenue to the company is M*R. The 'claimed' losses from piracy is N*R. At most, the company is able to spend M*R on anti-piracy. However, the pirates are able to spend the integral of xP(x) for x<R.
Since the market has a long tail, xP(x) for x<R is greater than M*R. That means that there is no amount of money that the company can spend to prevent piracy! The intuition is that there are many people in China willing to spend a few cents to watch a movie and those cents add up.
The company has already chosen a retail price R, that maximizes revenues. Thus, it cannot pass on any costs from anti-piracy measures to its customers. Therefore, the smart move is to not implement any DRM. It's simply not profitable.
Clearly this model assumes that there is uniform pricing. The trick is that if we could price discriminate (region codes, anyone?), then we can actually increase the revenue and capture xP(x) for all x. That is a HUGE difference. In particular, xP(X) for all x is clearly more money than the pirates could spend! From this, we see that DRM is not to reduce piracy as much as it is to implement monopoly pricing. Piracy is a symptom of the LACK of monopoly. Piracy shows us that the free market is working! When Micrsoft stops complaining about piracy, they need to be broken up by the Justice Department.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
branchandroot
no subject
Date: 2007-12-10 03:57 am (UTC)The most amazing part of this was that someone actually reverse-engineered the key from a reading of the AACS system. (http://forum.doom9.org/showthread.php?p=953036). It's almost trivial to design a system better than this. A simple public-key/private-key system would prevent this leak (although it would be still weak to insider leaks).
If Coke can keep its secret sauce secret, you'd think it'd be possible to key a bunch of number secrets.
While it's cool to see crazy Internet hijinks, spreading the key doesn't actually affect piracy. The key allows the removal of DRM on HD DVD which allows it to be ripped to x264. Only a select few need the key/software for there to be a problem.
Re: direct, head-on attacks
This is clearly an asymmetric warfare problem. You have limited resources to stop the piracy of many users.
Assume a simplistic model where all users will either buy or pirate depending on the cost of the alternatives. This assumes that the moral objection to piracy can simply be added to cost. We ignore the users that will not buy at any cost (die-hard pirates) and those that will not pirate at any cost (good guys).
Suppose there is a distribution P(x) that gives the number of users that will pay at most x for a product. If the retail price, R, of the product exceed a user's willingness to pay, that user will pirate if the pirated product is available. The pirated product is available if someone is able to defeat the protection scheme.
Let M be the integral of P(x) for all x>R denote the number of paying users. Let N be the integral of P(x) for all x<R denote the number of would-be pirates. The revenue to the company is M*R. The 'claimed' losses from piracy is N*R. At most, the company is able to spend M*R on anti-piracy. However, the pirates are able to spend the integral of xP(x) for x<R. Since the market has a long tail, xP(x) for x<R is greater than M*R. That means that there is no amount of money that the company can spend to prevent piracy! The intuition is that there are many people in China willing to spend a few cents to watch a movie and those cents add up. The company has already chosen a retail price R, that maximizes revenues. Thus, it cannot pass on any costs from anti-piracy measures to its customers. Therefore, the smart move is to not implement any DRM. It's simply not profitable. Clearly this model assumes that there is uniform pricing. The trick is that if we could price discriminate (region codes, anyone?), then we can actually increase the revenue and capture xP(x) for all x. That is a HUGE difference. In particular, xP(X) for all x is clearly more money than the pirates could spend! From this, we see that DRM is not to reduce piracy as much as it is to implement monopoly pricing. Piracy is a symptom of the LACK of monopoly. Piracy shows us that the free market is working! When Micrsoft stops complaining about piracy, they need to be broken up by the Justice Department.