[rumori] pho: CRPM FAQ & CPRM on ATA - Full Coverage

From: Don Joyce (djATwebbnet.com)
Date: Mon Feb 19 2001 - 11:31:15 PST

Forwarded by Negativland.

>X-Authentication-Warning: penguin.onehouse.com: majordomo set sender to
>owner-phoATonehouse.com using -f
>X-Sender: webmasterATxgeneration.net (Unverified)
>Date: Sun, 18 Feb 2001 22:30:26 -0500
>To: phoATonehouse.com
>From: Mike Darrah <webmasterATxgeneration.net>
>Subject: pho: CRPM FAQ & CPRM on ATA - Full Coverage
>Mime-Version: 1.0
>Sender: owner-phoATonehouse.com
>Precedence: bulk
>content/2/17009.html - CPRM on ATA - Full Coverage
>content/2/15718.html - CRPM FAQ
> Everything you ever wanted to know about CPRM, but ZDNet wouldn't tell you...
> By: Andrew Orlowski in San Francisco
> Posted: 29/12/2000 at 09:07 GMT
> 1. What is CPRM?
> CPRM or Content Protection for Recordable Media is a mechanism for
>controlling the copying, moving and deletion of digital media on a host
>device, such as a personal computer, or other digital player. It's already
>used in specific removable media, and is now being proposed for inclusion
>in the ATA specification, for hard drives.
> Each CPRM-compatible ATA hard drive is individually signed, and
>authenticates the playback and movement of files on the device against a
>central server using CPRM-compliant software.
> 2. Is CPRM going to go into hard drives? Has this already happened? If it
>hasn't, will it happen?
> The NCTIS T.13 committee, which sets the ATA hard disk standard, will
>meet for the third time to debate a proposal to extend the ATA command set
>to include CPRM in February. The proposal is "optional": devices may
>include CPRM and be deemed "compliant" with the ATA specification, but not
>have CPRM available to client software.
> 3. How does this "break" existing software?
> In itself, it doesn't. Several things must happen. The hardware must be
>CPRM-compliant, and have CPRM activated in the firmware by the
>manufacturer, and the user must then download CPRM-ready media, such as
>audio files or documents, using CPRM-compliant software. The media
>downloaded must also have restrictions placed upon its reproduction - but
>then, that's the whole point of protecting files with CPRM isn't it?
> The user must also have the keys - or access to the keys - when the
>signed media is moved, or copied or deleted. Downloaded media is
>associated with an individual drive, so if you can't produce the keys,
>then restore operations will fail. If you can't produce the keys, then
>RAID software will break. If you can't produce the keys, file optimisation
>and disk defragmenters will be unable to move the blocks used by the
>media. If you can't produce the keys, one-to-many imaging programs will
> 4. So this means I'll be able to sign application binaries, or entire
>software distributions, to prevent unauthorised duplication?
> Yes
> 5. So why is Microsoft against this, if it prevents wholesale "piracy" of
>its software in developing nations?
> Um, can you ask us another...?
> 6. So I'll still be able to trade MP3s and burn my audio CDs, and I don't
>need to worry about it.
> Yes, but for how long? You're assuming that in the future that content
>producers, such as the folk who produce your audio CDs, will ignore CPRM,
>that the default mass-market download mechanism (let's call it "Internet
>Explorer") will ignore CPRM, and that mass-market hardware vendors will
>not produce CPRM drives. That's a lot of assumptions, isn't it? And it
>doesn't it make you wonder why they went to the trouble of inventing it?
> Follow the money.
> 7. Who is behind CPRM?
> The intellectual property behind CPRM is owned by the 4C Entity, which
>comprises Intel, IBM, Matsushita and Toshiba. Patents are administered by
>License Management International, LLC. The former created the CSS
>copy-control technology, and the latter is involved in litigation against
>DeCCS authors.
> 8. OK, who is really behind CPRM?
> You can work that one out yourselves. According to Intel, the
>entertainment distributors wanted to exclude the personal computer
>industry from playback of digital entertainment content, and the computer
>industry - keen to see the PC as a playback device for DVD and audio - was
>obliged to meet them half-way.
> We certainly believe that Intel executives know that its continuing
>growth depends on it being an open platform: it has aided non-Microsoft
>OSes, and encouraged the adoption of Intel technology in non-PC platforms
>that conceivably threaten the PC itself, but grow the market for
>Intel-blessed, industry standard PC technology. Intel has also noticed
>that Napster has become a primary reason why people buy PCs, and in
>promoting the peer-to-peer architecture, implicitly promotes an
>architecture that encourages the free exchange of information and content.
>Intel tells us that CPRM on ATA threatens this growth. Nice Intel! So why
>don't they remove it (jump to 11 for technical details) ? And why does
>Intel continue to sponsor research projects such as HDCP? Nasty Intel!
> It's possible that IBM and Intel have market power that they don't
>realise, or simply aren't willing to flex. For example, both companies
>have prepared for a future where mobile internet terminals ("smartphones")
>are the dominant consumer playback device. Both IBM and Intel have the
>market power to influence content standards in such a market for the good.
> 9. The 4C Entity says CPRM on ATA is optional. Surely no one will be
>stupid enough to build it into drives?
> Think chicken-and-egg: the key here is "mass market".
> If the majority of producers move overnight to distributing CPRM
>copy-controlled media, the hardware mass market has two choices: it can go
>with the flow, and give its customers the ability to play the latest
>music, read the latest news, view the latest movies... or it can ignore
>it. Ignoring it supposes that there's a sufficient number of non-compliant
>refuseniks out there to make it worth while.
> Here's another, more dystopian way of looking at it. If CPRM-compliant
>hardware is the de facto standard in the marketplace, then media producers
>will be able to switch to disseminating only restrictive-copy content
>overnight, and they'll be able to do it as easily as flicking a switch.
>They will need the connivance of software applications, but it only takes
>a CPRM-compliant Internet Explorer to achieve this and the vast majority
>of desktop personal computers will have been assimilated. By this stage,
>you may well be living in a CPRM-free world, but the bets are that your
>neighbors won't be. Are you confident you'll be able to dissuade them,
> 10. IBM and Intel say that The Register's story mistakenly assumes that
>CPRM is intended for fixed hard disks, whereas it's only intended for
>removable media. Is this true?
> Not if you examine the ATA extensions under consideration closely.
> FACT: The CPRM ATA call interface requires information that standard ATA
>hard disks need, but that packet based removable ATAPI drives such as Zip
>and Jaz drives,don't: such as sector start and offset information. If the
>CPRM proposal under consideration by T.13 was for packet-based ATAPI
>drives, it wouldn't need this information.
> FACT: We know of only one removable ATA drive: Castlewood's Orb. All
>others use ATAPI, or media-specific extensions on top of ATA (as with
>IBM's Microdrives) - that don't require extensions to the ATA command set.
> From our conversations with the people behind the proposal, and public
>documents released by the T.13 committee, we'll agree that their focus to
>date has been on removable drives, and it's apparent that not all of the
>consequences of CPRM in fixed-drives have been discussed.
> But unforeseen or not - and despite public protestations of their good
>intentions - the 4C Entity is delivering a solution tailor-made for fixed
>disk ATA drives, and building right into the specification for industry
>standard fixed drives. This is indisputable.
> Now ask yourself, why is it there?
> 11. Won't an encrypted file system, or a virtual file system bypass CPRM?
> Of course it will. In any operating system, device driver authors are
>free to reject the CPRM calls made by a software application. So the OS
>need not store CPRM digital media. Virtual file systems simply add another
>rejection point at which CRPM can be bounced off the system, and you're
>clean. With a software libre operating system (a BSD, Linux or AtheOS)
>let's assume that this is more likely to happen than with a commercial
>operating system (Windows, MacOS, Solaris).
> But what then? We hear a GNU...
> 12. RMS says GNU/Linux and open source could fragment because of CPRM.
>How could this happen?
> He didn't say fragment, but this:-
> "If users accept the domination of centrally-controlled data, free
>software faces two dangers, each worse than the other: that users will
>reject GNU/Linux because it doesn't support the central control over
>access to these data, or that they will reject free versions of GNU/Linux
>for versions "enhanced" with proprietary software that support it. Either
>outcome will be a grave loss for our freedom."
> In other words, "ideologically pure" systems could continue... but they'd
>be unable to read or view content provided by the media and entertainment
>industries. Some may redress this and include CPRM in their free software
>distributions, but in doing so, forever cede control of the content and
>information to the entertainment and media industries, argues Stallman.
> 13. CPRM ensures the artists and authors get paid. So isn't CPRM a fair
>way of doing this?
> CPRM is sponsored by the distributors of entertainment media, not the
>people who create it, and we're yet to find an author or artist who
>approves of the mechanism. For the very simple reason, that an artists and
>authors' royalty is a tiny proportion of the fee charged by the
>distributor to the end user. The distributors gained powerful vertical
>monopolies when they were the gatekeepers of analog media, and tightly
>controlled both the mechanics of distribution, and the dissemination of
>information about authors and artists. The Internet destroys both these
>assumptions. So in by-passing the distributor, authors and artists stand
>to gain far more than they lose.
> 14. But publishers and record companies invest in promoting and nurturing
>new entertainers and authors. Aren't they entitled to a reward for this?
> Of course they are. But is that reward proportionate to what the
>distributors invest? From a historical perspective - the timespan of human
>creativity - the control these distributors have exerted has been very
>brief, and very dependent on a specific technology.
> But it would be a mistake to view the entertainment industry as a
>monolithic entity. The recording industry already views hit singles and
>CDs as loss leaders for merchandising....
> 15. I don't like CPRM. Who can I complain to?
> You may complain to all of the parties mentioned above, who have public
>websites. We linked to them in this story. Intel's security group also has
>a form where you can post comments here.
> When you've prevented CPRM from polluting the ATA specification used by
>hard drives, tell us, and we'll report it.
> Mike Darrah
> -X- webmasterATxgeneration.net
> Web / Digital Media Consulting The X Generation Network

Rumori, the Detritus.net Discussion List
to unsubscribe, send mail to majordomoATdetritus.net
with "unsubscribe rumori" in the message body.
Rumori list archives & other information are at

Home | Detrivores | Rhizome | Archive | Projects | Contact | Help | Text Index

[an error occurred while processing this directive] N© Detritus.net. Sharerights extended to all.