現在地 HOME > 掲示板 > IT3 > 157.html ★阿修羅♪ |
|
(回答先: Shiftキーを押すだけで、コピー防止CDが複製可能に【ZD Net記事】 投稿者 クエスチョン 日時 2003 年 10 月 10 日 07:23:20)
●クエスチョンさんが投稿された下記の記事ですが――
-----------------------------------------------------------
Shiftキーを押すだけで、コピー防止CDが複製可能に【ZD Net記事】
http://www.asyura2.com/2us0310/it03/msg/155.html
IT03 155 2003/10/10 07:23:20
投稿者: クエスチョン
-----------------------------------------------------------
ここに紹介されているプリンストン大学の「ジョン・ホルダーマン」と
いう学生は“コロンブスの卵”のようで着眼点が面白いなあ、と思って
この人が「このほど自身のWebサイトで公表した論文」なるものを見て
みたいと思いました。
とりあえず、ZD Net に紹介されている翻訳版の記事をここでも
あらためて紹介しておくと次の通り――
▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼
ZDNN 2003年10月8日 03:28 PM 更新
http://www.zdnet.co.jp/news/0310/08/ne00_shift.html
Shiftキーを押すだけで、コピー防止CDが複製可能に【ZD Net記事】
米大学生が発見したCDコピー防止技術の解除方法は、Shiftキーを押すだけという単純なもの。しかしレコード会社は「一般ユーザーによるコピーは防止できる」との考えだ。
プリンストン大学の学生が、コンピュータのShiftキーを押すだけでBMGがテストしているCDのコピー防止措置を解除できる手法を発表した。
同大学博士課程の学生ジョン・ホルダーマン氏はこのほど自身のWebサイトで公表した論文で、BMGがソウルアーティストのアンソニー・ハミルトンの新アルバムで導入している新種のコピー防止措置を解除する方法について解説した。
通常の環境で使用すると、このアルバムがコンピュータのCDドライブで再生されるたびに、コピー防止ソフトが自動的にWindowsマシンにロードされ、従来型のコピーやMP3のリッピングはできなくなる。しかし、Shiftキーを押すという単純な操作によって、WindowsのAutoRun機能がコピー防止ソフトをロードしなくなり、音楽が自由にコピーできるようになるとホルダーマン氏は説明している。
この手法はBMGも、このコピー防止技術を開発した小規模企業SunnComm Technologiesも確認済み。両社とも、CDのリリース前からこのことは知っていたと語り、現在でも、この保護技術によって平均的なユーザーによるコピーは防止できるとの考えだとしている。
「このことについては認識していた」とBMGの広報担当ナサニエル・ブラウン氏は語る。「新しいコピー管理技術は、一般のユーザーが楽曲のコピーを大量のCDに焼いたり、ネットにアップロードするのを防ぐための、いわば“減速バンプ”として用意されている。この技術では、コピー防止という点で支障があるとしても、再生のしやすさや融通が利くことをあえて優先することにした」
ホルダーマン氏が今回公表したようにBMGとSunnCommの最新のコピー防止措置が簡単に解除できることは、顧客の反発を買うことなくコンテンツを保護するという、レコード会社と技術企業が目指している微妙な均衡を浮き彫りにしている。
SunnCommのCDコピー防止技術は、市場に出回っているものの中で最も柔軟性が高い。同社の技術では、あらかじめリッピングされたバージョンの楽曲がCDに収められ、これらはコンピュータにコピーしたり、CDに数回焼いたり、多様な携帯デバイスにコピーしたりできる。無制限に利用できるMP3ファイルとは異なり、これらはコピーできる回数が制限されており、すべての携帯音楽デバイスで再生できるわけではない。
アンソニー・ハミルトンのCDは、コンピュータで利用するためのこうした“セカンドセッション”トラックを収録した新世代のコピー防止CDの初の製品だ。SunnCommのライバルのMacrovisionもこの技術方式を採用している。レコード会社はこうしたトラック(主にMicrosoftのWindows Mediaフォーマットで提供される)のコピー防止CDへの収録を推進することで、自分のCDの音楽がコンピュータで楽しめなくなるのではないかというコンシューマーの懸念を払拭することを目指している。
SunnCommの技術は将来版で改良される予定だが、同社の最高経営責任者(CEO)ピーター・ジェーコブズ氏は、この技術は現時点でもレコード会社にとって魅力的だろうと語る。コピーするためにShiftキーを押すのは単純な操作だが、この操作をするときには、コンピュータユーザーは自分が不正なことをしていると自覚せざるを得ない、と同氏は説明する。それだけでも、多くの人はコピーするのを思いとどまるだろうと同氏は付け加えた。
「これは全か無かで考える問題ではない」とジェーコブズ氏。「鍵のピッキング方法についての情報は出回っているから、自分の家が泥棒に入られるというのはあり得ることだ。だからといって、鍵を買わないということにはならない」
コピー防止ソフトのロードを完全に防ぐには、CDをコンピュータで聴くたびに、適切なタイミングを見計らってShiftキーを長い間押し続ける必要がある。また、コピー防止ソフトをロードしないとセカンドセッショントラックにはアクセスできなくなるが、このトラックにビデオなどのボーナスコンテンツを収めるCDが今後増えていくだろう、とレコード会社関係者は話している。
ホルダーマン氏は、Shiftキーを押すという操作が簡単なだけに、その影響がないようにするのは難しいと指摘する。また同氏は、コピー防止措置の回避方法を解説する行為を違法とする法律に触れることは心配していない。
「Shiftキーを押すとこうなるという説明を公開することは、コピー防止技術の回避装置の取引という違法事項に含まれるとは思えない。あまり心配していない」(ホルダーマン氏)
▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
●まず「ジョン・ホルダーマン」の正確な綴りを知るために原文記事を
見てみた……
▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼
http://zdnet.com.com/2100-1105_2-5087875.html
Shift key breaks CD copy locks
By John Borland
CNET News.com
October 7, 2003, 10:58 AM PT
A Princeton University student has published instructions for disabling the new anticopying measures being tested on CDs by BMG--and they're as simple as holding down a computer's Shift key.
In a paper published on his Web site this week, Princeton Ph.D. student John Halderman explained how he disabled a new kind of copy-protection technology, distributed as part of a new album by BMG soul artist Anthony Hamilton.
Under normal circumstances, the antipiracy software is automatically loaded onto a Windows machine whenever the Hamilton album is run in a computer's CD drive, making traditional copying or MP3 ripping impossible. However, simply holding down the Shift key prevents Windows' AutoRun feature from loading the copy-protection software, leaving the music free to copy, Halderman said.
The technique was confirmed by BMG and SunnComm Technologies, the small company that produces the anticopying technology. Both companies said they had known about it before releasing the CD, and that they still believed the protection would deter most average listeners' copying.
"This is something we were aware of," BMG spokesman Nathaniel Brown said. "Copy management is intended as a speed bump, intended to thwart the casual listener from mass burning and uploading. We made a conscious decision to err on the side of playability and flexibility."
The ease with which Halderman and others have disabled BMG and SunnComm's latest copy-protection techniques illustrates the delicate balance that record labels and technology companies are trying to strike in protecting content without angering listeners.
SunnComm's technology is the most flexible version of CD copy-protection to hit the market yet. It includes "pre-ripped" versions of the songs on the CD itself, each of which can be transferred to a computer, burned to CD several times, or transferred to many kinds of portable devices. These differ from unrestricted MP3 files in that only limited copies can be made, and not every portable music device can play them.
The Anthony Hamilton CD is the first release in this new generation of copy-protected CDs that come preloaded with these "second session" tracks designed for use on a computer, a strategy also being pursued by SunnComm rival Macrovision. Record labels have pushed for these tracks, mostly provided in Microsoft's Windows Media format, to be included on copy-protected CDs in order to ameliorate consumers' concerns about not being able to use their music on computers.
SunnComm CEO Peter Jacobs said the technology--which will be improved in future versions--should still be attractive to record companies. Though simple, the act of holding down the Shift key in order to enable copying does let computer users know they're doing something unauthorized, he said. That alone will dissuade many people from making copies, he added.
"This is not an all-or-nothing thing," Jacobs said. "People can break into your house, because there's lots of information out there on how to pick locks. But that knowledge doesn't mean you don't buy a lock."
In order to fully prevent the antipiracy software from loading, a listener has to hold the Shift key down for a long period of time, at exactly the right time, every time they listen to the CD on a computer. Moreover, anyone who doesn't load the software won't get access to the second session tracks, which on future CDs will increasingly include videos and other bonus material, record company insiders say.
For his part, Halderman says the workaround is so simple that it's hard to fix. Nor is he worried about falling afoul of laws that make it illegal to describe how to get around copy-protection measures.
"I hardly think that telling people to push Shift constitutes trafficking in a (copy-protection technology) circumvention device," Halderman said. "I'm not very worried."
▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
● ……なんだこりゃ、邦訳記事は「ホルダーマン」だけど、「Halderman」だから
むしろ「ホールダマン」[h⊃:ldэman]じゃないか。(苦笑)
(発音記号がないので似た形の文字をつかっています。
「⊃:」は「オー」、「э」は「e」を逆立ちさせた弱い「ア」を示します。)
で、ジョン・ホールダマン氏について言及した記事をざっと当たってみると
こんなのがあった。
▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼
http://www.slyck.com/news.php?story=262
Copy Protection Defeated - Again
October 7, 2003
Thomas Mennecke
Princeton PhD student John A. Halderman has found a way around those pesky copy protection schemes. No elaborate algorithm decryption, no sharpies, just hold down the shift key and you're on your way.
Here's some background information. SunnComm Technologies recently developed a CD copy protection technique call MediaMax CD3. The way it works is quite simple. Most Windows operating systems are by default set to autorun every time you insert a CD. When you insert the CD, it automatically runs the copy protection software, MediaMax.
In addition, there are several other ways to disable and/or defeat this protection:
● Computers running Linux or Mac OS 9 can't run the MediaMax software at all, so they can always copy the recording.
● Many users disable the autorun feature (autostart on Mac OS), so their systems will be able to copy the disc unless the user manually launches MediaMax.
● Windows users who haven't disabled autorun can suspend it when they play a SunnComm-protected disc by holding down the shift key for a few seconds while inserting the CD. They can then copy the data normally. (This won't work if the driver is active because the user has accepted the SunnComm EULA or because MediaMax ran since the system booted. However, affected users can still copy the disc by manually disabling the driver)
You can read a complete report with detailed instructions from John Halderman at his Princeton website.
【ジョン・ホールダマン氏がプリンストン大学ウェブサイトに掲げた原論文には、このやりかたが
詳しく書いてある。ここで論文がまるごと読める。】
http://www.cs.princeton.edu/~jhalderm/cd3/
▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
●そういうわけで、ここからホールダマン氏自身のサイトと、これらの記事の
ネタ元の論文にたどり着いたわけです。
以下がそのホールダマン氏のオリジナル論文。
ちゃんと“学術論文”の体裁になっているのが愉快。
▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼
http://www.cs.princeton.edu/~jhalderm/cd3/
Analysis of the MediaMax CD3 Copy-Prevention System
John A. Halderman
Department of Computer Science
Princeton University
Version 1.1 - October 6, 2003
-----------------------------------------------------------
●●Abstract.
MediaMax CD3 is a new copy-prevention technique from SunnComm Technologies that is designed to prevent unauthorized copying of audio CDs using personal computers. SunnComm claims its product facilitates "a verifiable and commendable level of security," but in tests on a newly-released album, I find that the protections may have no effect on a large fraction of deployed PCs, and that most users who would be affected can bypass the system entirely by holding the shift key every time they insert the CD. I explain that MediaMax interferes with audio copying by installing a device driver the first time software from the CD is executed, but I show that this provides only minimal protection because the driver can easily be disabled. I also examine the digital rights management system used to control access to a set of encrypted, compressed audio files distributed on the CD. Although restrictions on these files are more relaxed than in prior copy protected discs, they still prohibit many uses permitted by the law. I conclude that MediaMax and similar copy-prevention systems are irreparably flawed but predict that record companies will find success with more customer-friendly alternatives for reducing infringement.
-----------------------------------------------------------
This document can be referenced as Princeton University Computer Science Technical Report TR-679-03.
The most recent version is available online at http://www.cs.princeton.edu/~jhalderm/cd3/.
●●1. INTRODUCTION
Several recent news reports (AFP [1], Washington Post [2], USA Today [3], AP [4], Arizona Republic [5], LA Times [6], CNet News [7]) describe a new copy-prevention method that has been applied to an album by Anthony Hamilton released by BMG on September 23. This system, called MediaMax CD3, was created by SunnComm Technologies, the producers of the first-generation copy-prevention system MediaCloQ. Discs manufactured with SunnComm's new technique include two versions of the music, each protected in a different way. One set of songs are CD audio tracks that play in standard CD players but are supposed to be difficult for computers to copy. The second set are compressed, encrypted Windows Media files that employ digital rights management (DRM) to restrict how they are used. Music producers hope that the combination of these technologies will help reduce illegal copying while still allowing legitimate customers to play songs on their PCs, but this can only be achieved if both components are secure.
In this report, I explain how MediaMax functions, analyze the weaknesses of its design, and discuss its implications for the debate about CD copy protection and the problem of copyright infringement. I find that although SunnComm has gone to great lengths to respond to criticisms of earlier systems, MediaMax still prohibits many uses of the recording that are allowed under law. At the same time, the system's protections are so weak that they are unlikely to cause any significant reduction in copying.
●●2. PHYSICAL DESCRIPTION
I bought the recording Comin' From Where I'm From by Anthony Hamilton (Arista Records/BMG) from Amazon.com and received it on September 25. The disc contains twelve tracks for approximately 52 minutes of listening time.
The album cover has a sticker with this message:
-----------------------------------------------------------
This CD is protected against unauthorized duplication. It is designed to play on standard playback devices and an appropriately configured computer (see system requirements on back). If you have questions or concerns visit www.sunncomm.com/support/bmg.
-----------------------------------------------------------
The hyperlink points to a FAQ that explains that the audio tracks are protected against copying and provides solutions for common problems accessing the disc's DRM-controlled content.
The following text is printed at the bottom of the back cover:
-----------------------------------------------------------
THIS CD IS ENHANCED WITH MEDIAMAX SOFTWARE. Windows Compatible Instructions: Insert disc into CD-ROM drive. Software will automatically install. If it doesn't, click on "LaunchCd.exe." MacOS Instructions: Insert disc into CD-ROM drive. Click on "Start." Usage of the CD on your computer requires your acceptance of the End User License Agreement and installation of specific software contained on the CD. Windows System Requirements: Windows 98/2000/XP, Internet Explorer 5.5 or later, Windows Media Player 7.1 or compatible player. Mac System Requirements: Mac OSX 10.1, Power Mac G3/G4, iMac, eMac, Powerbook G3/G4, iBook with 128 Mb of RAM, Windows Media Player for Mac OSX, Internet Explorer 5.2, Monitor capable of displaying 800x600 screen resolution & 256 colors (64K colors recommended), 12x or faster multi-session-enabled CD-ROM drive, Flash Player 6. Digital files on this CD will also play on portable devices supporting secure WMA files. Certain computers may not be able to access the enhanced portion of this disc. None of the manufacturers, developers, or distributor make any representation or warranty, or assumes any responsibility, with respect to the enhanced portion of this disc.
-----------------------------------------------------------
The "Compact Disc Digital Audio" logo is absent from the printed jacket and the face of the disc, but it is embossed in the plastic on the inside of the jewel case. The CD itself bears the warning: "This disc is protected against unauthorized duplication."
●●3. THE ANTI-COPY SYSTEM
One component of the MediaMax system is designed to make it difficult to extract CD audio tracks as unprotected audio files using a PC. Thwarting extraction would prevent users from copying the CD or uploading tracks to peer-to-peer networks. SunnComm has published strong-sounding but carefully worded statements about this technology's effectiveness. In a press release [8] dated August 27, they cite "external testing" that demonstrated "'an incredible level of security for the music,'":
-----------------------------------------------------------
CD copy protection robustness tests were performed to determine the security level of the product against unauthorized copying of the digital content. This was completed using a large set of Microsoft Windows and Apple Macintosh computer systems in tandem with many of the known ripper programs available on the market today. The PMTC [Professional Media Test Center] determined that none of the ripper programs used in the testing process was able to produce a usable unauthorized copy of the protected CD yielding a verifiable and commendable level of security for the SunnComm product. [Emphasis added.]
-----------------------------------------------------------
I assert that these claims are patently deceptive. In practice, many users who try to copy the disc will succeed without even noticing that it's protected, and all others can bypass the protections with as little as a single keystroke.
To understand why, we can compare MediaMax to prior anti-copy systems like the ones I studied in my earlier report, "Evaluating New Copy-Prevention Techniques for Audio CDs" [9]. These systems rendered CDs incompatible with most computers by modifying the table of contents (TOC) or other data structures on the discs in ways that deviate from published standards. Although this effectively prevented copying in many PC configurations, it also reportedly caused incompatibility with some DVD players, video game systems, and car CD players. The resulting public outcry over these "broken" recordings forced manufacturers to redesign the protections.
MediaMax is a second generation copy-prevention system, and SunnComm claims in the same press release [8] that it "provide[s] playability on any consumer's playback system without exceptions or limitations." Such perfect compatibility can only be achieved by leaving the standard CD audio portion of the disc unprotected, so MediaMax uses another method to block PC-based copying. Analysis of the Anthony Hamilton album shows that this method is special software loaded from the CD that interferes with copy attempts.
Windows has a feature called "autorun" that automatically starts programs from CDs when they are inserted into the computer. If a MediaMax-protected CD is placed in a PC that has autorun enabled, Windows runs a file called LaunchCD.exe located on the disc. This program provides access to the DRM-controlled encrypted content, but it also loads a special device driver into the system's memory. On Windows 2000/XP, this driver is called SbcpHid. The LaunchCD.exe program also presents an end user license agreement (EULA). If the user ever clicks Accept to agree to the terms of the license, the MediaMax driver is set to remains active even after the computer is rebooted. The driver examines each CD placed in the machine, and when it recognizes the protected title, it actively interferes with read operations on the audio content. Similar methods are used to protect the tracks on Windows 98/ME and Mac OSX systems.
This behavior can be verified by loading then disabling MediaMax according to the following instructions:
-----------------------------------------------------------
Start with a Windows 2000/XP system with empty CD drives.
1.Click the Start button and select Control Panel from the Start Menu.
2.Double-click on the System control panel icon.
3.Select the Hardware tab and click the Device Manager button.
4.Configure Device Manager by clicking "Show hidden devices" and "Devices by connection," both from the View menu.
5.Insert the Anthony Hamilton CD into the computer and allow the SunnComm software to start. If MediaMax has never been started before on the same computer, the SbcpHid driver should appear on the list for the first time. However, on some systems Windows needs to be rebooted before the driver becomes visible.
At this point you can attempt to copy tracks from the CD with applications like MusicMatch Jukebox or Windows Media Player. Copies made while the driver is active will sound badly garbled, as in this 9-second clip [10].
Next, follow these additional steps to disable MediaMax:
1.Select the SbcpHid driver from the Device Manager list and click "Properties" from the Action Menu.
2.Click the Driver tab and click the Stop button to disable the driver.
3.Set the Startup Type to "Disabled" using the dropdown list.
With the driver stopped, you can verify that the same applications copy every track successfully. Setting the Startup Type to disabled prevents MediaMax from restarting when the computer is rebooted. It will remain deactivated until LaunchCD.exe is allowed to run again.
-----------------------------------------------------------
MediaMax's protections are ineffective because the driver program can easily be disabled or, depending on the system configuration, it might never be installed to begin with. As a result, audio content is vulnerable to copying in nearly all deployed systems. SunnComm's press release may be technically correct--if their testers always ran the MediaMax application before trying to copy audio, they likely would see protection in every case. However, in practice the software often fails to start, and when it does start, users can manually suppress it. Here are some examples:
● Computers running Linux or Mac OS 9 can't run the MediaMax software at all, so they can always copy the recording.
● Many users disable the autorun feature [11] (autostart on Mac OS), so their systems will be able to copy the disc unless the user manually launches MediaMax.
● Windows users who haven't disabled autorun can suspend it when they play a SunnComm-protected disc by holding down the shift key for a few seconds while inserting the CD. They can then copy the data normally. (This won't work if the driver is active because the user has accepted the SunnComm EULA or because MediaMax ran since the system booted. However, affected users can still copy the disc by manually disabling the driver using a procedure like the one above.)
In all these cases, the audio tracks are left unprotected.
These vulnerabilities will be difficult or impossible to repair. SunnComm's software can't take any corrective action if it isn't started, and all these flaws involve ways that it is prevented from running in the first place. To make matters worse, MediaMax, unlike earlier copy-prevention techniques, works entirely in software. This means a moderately skilled programmer could, in only a few minutes, write an application to watch for and unload the SbcpHid driver, neutralizing MediaMax's copy resistance while leaving all the disc's other features intact.
SunnComm's claims of robust protection collapse when subjected to scrutiny, and their system's weaknesses are not only academic. The Washington Post story [2] notes that a key test of the disc's copy-prevention abilities would be how long after its release the tracks appeared on peer-to-peer music trading networks. I searched Kazaa on September 27, when the album had only been on sale for four days, and already all the songs were available for download. If SunnComm or BMG really believed this disc was difficult to copy, then its actual weakness should be as embarrassing as the discovery in 2002 that Sony's key2audio scheme can be defeated using only a felt-tipped pen [12].
●●4. THE DRM RESTRICTIONS
While one component of the MediaMax system tries to protect the disc's audio tracks from copying, a second component permits limited use of the recording subject to the control of a digital rights management framework. Some earlier anti-copy schemes also allowed playback of encrypted tracks, but these employed less sophisticated content protection methods. Users were generally restricted to playing the tracks through a proprietary player and only while the disc was in the drive. MediaMax allows a broader range of uses by employing true DRM techniques.
The protected disc includes Windows and Mac formatted data sessions that contain compressed, encrypted Windows Media audio (WMA) recordings of the tracks along with SunnComm's proprietary MediaMax software. After launching the driver software discussed in the previous section, the MediaMax application obtains and manages digital "licenses" the allow playback and other limited operations on the WMA files. When MediaMax loads, it presents an end user license agreement (EULA) [10]. If the user declines the EULA or closes the window, the software ejects the CD. However, users can simply ignore the EULA window and start other applications on top of MediaMax.
For the time being I've decided not to accept the EULA, so I can't access the software to evaluate it further. The agreement contains a number of terms that are undesirable from my position as a security researcher, including:
-----------------------------------------------------------
II. You will not reverse engineer, decompile, disassemble or otherwise tamper with or modify the Digital Content;
-----------------------------------------------------------
and
-----------------------------------------------------------
1.3. Except as expressly provided herein, you shall not copy, modify, reproduce, sell, distribute or otherwise transfer the Digital Content. You may not reverse engineer, decompile, translate, adapt or disassemble the Digital Content or the software contained in it and/or on this CD.
-----------------------------------------------------------
Interestingly, the EULA also states:
-----------------------------------------------------------
1.2. Your rights to use the Digital Content are conditioned on your ownership of a license to use and possession of the original Compact Disc (CD) media and are terminated in the event you no longer own or possess the original CD media.
-----------------------------------------------------------
This apparently prohibits using copied tracks as backups in case the original disc is lost, stolen, or destroyed.
The SunnComm privacy policy [10] is featured prominently among the documents included on the disc. It promises: "No personal information is required from you. Since we don't collect it, we cannot store it or sell it." However, SunnComm also reserves the right to modify the policy, and it's unclear whether they are the only party with an opportunity to gather data when users download playback licenses.
Without accepting the EULA I can't personally evaluate the rights and restrictions placed on the WMA files. However, SunnComm's documentation and reports in the press indicate that users are permitted to:
● Copy tracks to the hard drive for playback without the original CD
● Burn tracks to CDs up to 3 times
● Share the songs with others by emailing them links to DRM-controlled tracks that expire after 10 days
● Download tracks to DRM-enabled portable players
The disc also contains a readme file [10] that describes some restrictions in more detail:
-----------------------------------------------------------
1. You may only download and use the digital keys [licenses] on a personal computer designated for your own private use.
2. Other than your PC, you may only use the content on compliant software players and/or compliant portable devices.
3. The PC, software players, and portable devices must be compliant with current security standards and compatible with the technology that is used to access, deliver, and secure the content.
-----------------------------------------------------------
It also mentions the capability to download to portable players, but this seems to be limited by a "Check-In - Check-Out" process to only three tracks at a time.
I'd appreciate detailed reports about the restrictions from others who choose to accept the license agreement. It would be especially interesting to know how much effort it takes to use the DRM system on typical PCs (i.e., whether additional software needs to be downloaded and installed, whether there are compatibility problems, etc.). I'm also curious if and how the MediaMax software restricts users from loading encrypted tracks onto multiple PCs from the original disc.
Since I haven't tried it myself, I can't comment on the security of SunnComm's DRM protections except to say that they are a misplaced effort. Even if MediaMax employs foolproof DRM to protect the encrypted files, its impact on illegal copying will be limited, since any user can work around the restrictions by copying the CD audio tracks. This should serve as a reminder for future DRM implementors that a security design is only as strong as its weakest component.
●●5. DISCUSSION
The anti-copying technology used on this CD can be broken with only minimal effort, but the album remains a landmark as one of the first widely distributed recordings to combine DRM technology with copy prevention software. In my view, it can be seen simultaneously as an olive branch for those who oppose CD copy prevention and a trojan horse to encourage wider acceptance of DRM.
Critics of copy-resistant CDs should acknowledge that this system differs from earlier products in several positive ways, though notable drawbacks certainly persist:
● MediaMax supports both Windows and Mac platforms, rather than only Windows (although Linux users are still locked out of the WMA content)
● The system distributes media in a standard format, WMA, enabling playback on multiple applications rather than a single proprietary player (though WMA is a closed standard, and the disc still includes a restrictive EULA that must be accepted before the files can be accessed)
● The CD audio portion of the disc is compatible with a wider range of playback devices than earlier protections since the tracks themselves are unmodified (although the WMA files can only be used on a limited number of devices that qualify as "secure")
● MediaMax allows users to copy the WMA files to their PCs so the songs can be played without the original disc (but the EULA seems to forbid using these files as backups in case the CD is lost)
● SunnComm has included a privacy policy that promises not to collect or sell user data (but it's unclear whether this data actually is being collected)
● The DRM controls permit burning tracks to CDs and downloading them to digital devices for time and space shifting (although the number of burned copies and downloaded tracks are severely limited)
● Perhaps most intriguingly, the system grants a small number of rights beyond what is generally regarded as fair use, allowing users to legally share trial copies of the songs by emailing links to time-limited downloads (but like any DRM system, the rights permitted by the software fall short of the flexible, evolving permissions understood as fair use, which necessarily depend on human judgment)
These concessions aside, MediaMax can also be viewed as an attempt to condition music customers to accept a greater level of industry control over how they use the recordings they buy. SunnComm CEO William Whitmore addressed concerns about MediaMax's restrictions in an article in the Washington Post [2]:
-----------------------------------------------------------
People may say, 'Why would you restrict me to three copies?' Well, we could have made it zero copies. You have to balance your rights and privileges versus your obligations and responsibilities.
-----------------------------------------------------------
Most people agree that such a balance is essential to copyright, but many believe setting the balance should be the purview of courts and legislatures rather than media companies. Opponents of DRM worry that CDs with permissive rights management may lead to wider public acceptance of restricted recordings. Once the technology is accepted, the skeptics fear, record companies could tighten the restrictions with each new release until no fair use is permitted, and ultimately they could charge for every time a recording is played. This outcome would not be balance but unilateral producer control.
●●6. CONCLUSIONS
Record companies will evaluate anti-copy technologies by weighing their ability to reduce infringement against their drawbacks. For customers who prize fair use rights--like the ability to time and space shift recordings and to create compilations of the music they own--the limitations SunnComm's system places on these rights undermine the value of purchased music. This loss in value for music customers may fail to yield any benefit for the industry because of the weakness of anti-copy technologies. CD copy-prevention schemes that depends solely on software, as SunnComm's does, will be trivial to disable, and alternative strategies that modify the CD data format will invariably cause public outcry over incompatibility with legitimate playback devices.
Even if copy-resistant CDs make it harder for users to illicitly copy CDs they own, the technology will not necessarily reduce the overall incidence of copyright violation. Peter Biddle et al. of Microsoft have much to say about this topic in their paper, "The Darknet and the Future of Content Distribution" [13]. "Increased security (e.g. stronger DRM systems) may act as a disincentive to legal commerce," they suggest, by driving would-be customers to underground sources, such as peer-to-peer file trading networks, that provide media in unrestricted forms. No existing security technology can prevent copying in every case, so protected recordings will inevitably become available from these so-called "darknet" sources. Biddle concludes that for content producers to effectively compete against illicit distribution, they must work to provide "convenience and low cost rather than additional security."
If this theory is correct, the industry has the best chance of accomplishing its goals by giving customers more for their money and making it easier for them to buy music. I believe anti-copy CD technologies will prove unfruitful, and will therefore eventually be abandoned by record companies. There firms may take a cue from the movie industry and increase the value of CDs by bundling interesting bonus features rather than restrictive copy-control software. It seems likely that they will also capitalize on the popularity of digital distribution by aggressively supporting online services like Apple's successful iTunes Music Store. These strategies likely will pave the way to reduced infringement by enticing more listeners to pay for recordings.
●●7. REFERENCES
1."US firm hopes anti-piracy CD will rock blackmarket." AFP via Yahoo News, September 24, 2003.
http://story.news.yahoo.com/news?tmpl=story&u=/afp/20030924/tc_afp/us_music_piracy_030924221124
2.Frank Ahrens. "BMG Offers Legal Song Sharing." Washington Post, September 23, 2003.
http://www.washingtonpost.com/wp-dyn/articles/A49456-2003Sep22.html
3.Mike Snider. "Anti-swap CD hits the racks." USA Today, September 22, 2003.
http://www.usatoday.com/tech/news/techinnovations/2003-09-22-copycd_x.htm
4.Alex Veiga. "Recording Industry Eyes 'Smart' CDs." Associated Press via Excite News, September 18, 2003.
http://apnews.excite.com/article/20030918/D7TL3G4O0.html
5.Glen Creno. "Phoenix firm gets CD-piracy contract." Arizona Republic, September 13, 2003.
http://www.azcentral.com/arizonarepublic/business/articles/0913sunncomm13.html
6.Jon Healey. "BMG is Releasing Copy-Protected CDs." LA Times, September 13, 2003.
http://www.latimes.com/business/la-fi-cd13sep13,1,578082.story
7.John Borland. "Copy-protected CDs take step forward." CNET News.com, September 12, 2003.
http://news.com.com/2100-1027-5075656.html
8."SunnComm's MediaMax CD-3 Technology Passes International Test with 'Flying Colors.'" SunnComm press release, August 27, 2003.
http://www.sunncomm.com/press/pressrelease.asp?prid=20030827630
9.John A. Halderman. "Evaluating New Copy-Prevention Techniques for Audio CDs." In Proc. ACM Workshop on Digital Rights Management, Washington, DC, November 2002.
http://www.cs.princeton.edu/~jhalderm/papers/drm2002.pdf
10.The following materials related to the MediaMax-protected Anthony Hamilton CD are available on my homepage:
・sample of garbled audio, http://www.cs.princeton.edu/~jhalderm/cd3/cd3-sample.mp3
・BMG end user license agreement (EULA), http://www.cs.princeton.edu/~jhalderm/cd3/bmg-eula.html
・SunnComm privacy policy, http://www.cs.princeton.edu/~jhalderm/cd3/sunn-privacy.html
・SunnComm readme file, http://www.cs.princeton.edu/~jhalderm/cd3/sunn-readme.html
11."How to Enable or Disable Automatically Running CD-ROMs." Microsoft Knowledge Base Article 155217.
http://support.microsoft.com/support/kb/articles/Q155/2/17.ASP
12."CD Crack: Magic Marker Indeed." Reuters via Wired News, May 20, 2002.
http://www.wired.com/news/technology/0,1282,52665,00.html
13.P. Biddle, P. England, M. Peinado, and B. Willman. "The Darknet and the Future of Content Distribution." In Proc. ACM Workshop on Digital Rights Management, Washington DC, November 2002.
http://crypto.stanford.edu/DRM2002/darknet5.doc
●●Acknowledgments
I'd like to thank Ed Felten, David Robinson, and Fred von Lohmann for making insightful contributions to this report.
●●Revisions
Changes in version 1.1: Several readers pointed out a technical oversight in the initial version of this paper. If the user has ever accepted the SunnComm end user license agreement (by clicking Accept when the license is displayed), the MediaMax driver does not become deactivated when the computer is rebooted, as I had stated. Rather, it reloads every time unless the user takes steps to disable it. I did not notice this behavior in my earlier tests because I have not accepted the agreement. Nevertheless, this observation does not mean MediaMax is more secure than I previously believed. Users who have accepted the license can easily disable the driver using a procedure like the one in section 3. This would allow them to copy the disc normally as long as the LaunchCD.exe program is not allowed to start.
--------------------------------------------------------------------------------
John A. Halderman (jhalderm@cs.princeton.edu)
Last modified: Tue Oct 7 14:36:14 EDT 2003
▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲
●ついでに、昨年8月に「CDのコピープロテクトなんか時間の無駄だ」と
ホールダマン氏が喝破していたという関連記事を紹介しておきます。
▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼▼
http://www.vnunet.com/News/1136680
CD copy protection 'a waste of time'
By Nick Farrell [08-11-2002]
Any measure is easy to circumvent, says expert
The music industry's technical efforts to prevent CD piracy are "fundamentally misguided", according to a US technology expert.
Princeton University's John Halderman told New Scientist that CD copy protection measures will always be confounded by simple software upgrades.
Current copy protection wisdom is to issue CDs with dummy tables that interfere with the way computers read discs, thereby preventing them from working on computers.
If the CDs can't be read on computers then they cannot be copied. But Halderman told the magazine that this approach is flawed because the measures can easily be side stepped.
Makers of CD players and CD-Rom drives can make "relatively simple modifications" to bypass such measures, he said.
Halderman will detail his findings at a conference on digital copyright in Washington later this month.
▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲