How The Copyright Industry Made Your Computer Less Safe
from the welcome-to-the-world-of-drm dept
I’ve already written one piece about Cory Doctorow’s incredible column at the Guardian concerning digital rights management and anti-circumvention, in which I focused on how the combination of DRM and anti-circumvention laws allows companies to make up their own copyright laws in a way that removes the rights of the public. Those rights are fairly important, and the reason we have them encoded within our copyright laws is to make sure that copyright isn’t abused to stifle speech. But, anti-circumvention laws combined with DRM allow the industry to route around that entirely.
But there’s a second important point in Doctorow’s piece that is equally worth highlighting, and it’s that the combination of DRM and anti-circumvention laws make all of our computers less safe. For this to make sense, you need to understand that DRM is really a form of security software.
The entertainment industry calls DRM “security” software, because it makes them secure from their customers. Security is not a matter of abstract absolutes, it requires a context. You can’t be “secure,” generally — you can only be secure from some risk. For example, having food makes you secure from hunger, but puts you at risk from obesity-related illness.
DRM is designed on the presumption that users don’t want it, and if they could turn it off, they would. You only need DRM to stop users from doing things they’re trying to do and want to do. If the thing the DRM restricts is something no one wants to do anyway, you don’t need the DRM. You don’t need a lock on a door that no one ever wants to open.
DRM assumes that the computer’s owner is its adversary.
But, to understand security, you have to recognize that it’s an ever-evolving situation. Doctorow quotes Bruce Schneier in pointing out that security is a process, not a product. Another way of thinking about it is that you’re only secure until you’re not — and that point is going to come eventually. As Doctorow notes, every security system relies on people probing it and finding and reporting new vulnerabilities. That allows the process of security to keep moving forward. As vulnerabilities are found and understood, new defenses can be built and the security gets better. But anti-circumvention laws make that almost impossible with DRM, meaning that the process of making security better stops — while the process of breaking it doesn’t.
Here is where DRM and your security work at cross-purposes. The DMCA’s injunction against publishing weaknesses in DRM means that its vulnerabilities remain unpatched for longer than in comparable systems that are not covered by the DMCA. That means that any system with DRM will on average be more dangerous for its users than one without DRM.
And that leads to very real vulnerabilities. The most famous, of course, is the case of the Sony rootkit. As Doctorow notes, multiple security companies were aware of the nefarious nature of that rootkit, which not only hid itself on your computer and was difficult to delete, but also opened up a massive vulnerability for malware to piggyback on — something malware writers took advantage of. And yet, the security companies did nothing, because explaining how to remove the rootkit would violate the DMCA.
Given the post-Snowden world we live in today, people are suddenly taking computer security and privacy more seriously than they have in the past — and that, as Doctorow notes, represents another opportunity to start rethinking the ridiculousness of anti-circumvention laws combined with DRM. Unfortunately, politicians who are way behind on this stuff still don’t get it. Recent trade agreements like the TPP and ACTA continue to push anti-circumvention clauses, and require them around the globe, thereby weakening computer security.
This isn’t just an issue for the “usual copyright people.” This is about actually making sure the computers we use are as secure and safe as they can be. Yet, in a world with anti-circumvention provisions, that’s just not possible. It’s time to fix that.
Filed Under: anti-circumvention, copyright, cory doctorow, dmca, drm, security, sony rootkit
Comments on “How The Copyright Industry Made Your Computer Less Safe”
Nothing new on this. Back in the day of DC++, Microsoft came out with licensed wma files. But there was no check on the part where it sent you to the authorized site to buy a license. So the RIAA hired a company called Loudeye to salt a fake authorized site with malware instead of a license as Microsoft had granted implied authorization without any checks in security.
What happened was everyone started avoiding wma files like it was the plague, forcing Microsoft into putting in some security to prevent this sort of behavior.
Re: Re:
Microsoft has a long history of intentionally adding security vulnerabilities to Windows.
Outlook Express’s preview pane that automatically executed any attachment, ActiveX which allows web sites to download and execute code, browser triggers in WMV files that can send your browser to any web site, AutoPlay which will execute whatever code the instructions on a disc or removable device tell it to, hiding extensions for known file types which makes it possible to hide the EXE extension on a file.
It started with the boot sector
It all started with the boot sector – s/w companies used it for copy protection – and then virus writers used it to hide their programs.
Re: It started with the boot sector
And then Microsoft made it even easier to hide programs by giving malware writers about a dozen different ways to auto-run programs when Windows boots.
Microsoft uses DRM sucessfully hundreds of millions of times.
Seems like can work if done right…
Re: Microsoft uses DRM sucessfully hundreds of millions of times.
I’m not sure what you mean.
If you mean people submit to Windows authorization or DRM on Xbox games: of course people will accept DRM if it’s better than the alternative – for a business, being sued over Office licenses – or if there is no feasible alternative – as with Xbox 360/One games – or if it doesn’t restrict what people actually want to do – again, as with Xbox games.
If you mean that Microsoft has used DRM without compromising security… that’s just flat out wrong. See the comment above from 12:10pm.
Re: Re: Microsoft uses DRM sucessfully hundreds of millions of times.
2. i had a recent experience where our DSL tubes went down (which was weird, ’cause MS troubleshooting/diagnostics said NOTHING was amiss, and control panel said i was connected to the inertnets, but we were not… neighbor who reported it, said ISP kept insisting it was on our end, then had to relent after a couple days… but even though we could not get a bit to go through the tubes, our ‘puters said everything was ‘okay’, weird…), and since i couldn’t bother people online, i went to play some solitaire…
well, in win8 (hate, Hate, HATE win8! ! ! more proof positive MS is eee-vil) it is ALWAYS TRYING to connect you to the MS walled garden, which i almost never do (even though the slimy fucks FORCED me to login with my MS ‘account’ when i up(read: down)graded to win8.1 hate, Hate, HATE win8.1 too! ! !), and kept on crashing and burning the stupid fucking solitaire game because it didn’t like that we weren’t ‘connected’…
POS s/w, POS company…
3. last point i’ve made before: it simply does not matter if the DRM is technically proficient or difficult to reverse engineer, i’m sure they really don’t care… WHEN -as The They ™ have done and will continue to make more draconian- they make messing with, reverse engineering, or simply DISCUSSING DRM hacks ILLEGAL, it don’t matter if it is easy to break, they simply get you for THINKING about breaking it…
welcome to prison planet…
Re: Re: Re: Microsoft uses DRM sucessfully hundreds of millions of times.
You aren’t too bright are you?
First off, Windows will say it is connected if it can PING certain addresses. So long as that works, then Windows is happy.
Second, Windows 8 does NOT force you to use a Microsoft account to log in. You have the option to use local accounts only.
Re: Re: Re:2 Microsoft uses DRM sucessfully hundreds of millions of times.
In all fairness, the only using a local account thing is only if you don’t want to install any mobile optimized apps from the Microsoft app store. Then you have to convert the account to a Windows account.
Re: Re: Re: Microsoft uses DRM sucessfully hundreds of millions of times.
Why didn’t you just stay with Win7. It’s this generation’s XP, believe me they will support just as long…
Reminds me, I should boot in my xp x64 partition sometimes so I can get the full patches, stops being updated after april, right ? This sucks so bad, XP nevermind some obvious flaws, is still the OS they have put the most effort on when it comes to securing it.
Re: Microsoft uses DRM sucessfully hundreds of millions of times.
That in no way addresses the article. At all.
That Microsoft uses DRM does not mean that DRM can have vulnerabilities. Those vulnerabilities can be security problems. Discussing or publishing details about this could violate the law.
In an aside irrelevant to the article, but relevant to your irrelevant post, the idea that DRM “works”, which seems to be your claim that it does work, is actually evidence of its failure. It “works” to prevent people from doing ordinary things they want to do, such as play content on all their devices. Or keep their content forever when they discard devices. Or watch it when and where they want.
Re: Microsoft uses DRM sucessfully hundreds of millions of times.
um how?
DRM works good! If you even try just a little bit its easy to beat. I’m not all that smart and I have never given a nickel to MS and have run windows since 3.1
Re: Microsoft uses DRM sucessfully hundreds of millions of times.
Which DRM? The one that left legitimate customers unable to access their purchased music after they shut down “Plays For Sure”? The one that left people unable to validate and use their legally purchased copies of Windows when their servers failed? Or the one they were forced to abandon for the XBox One because there was such a negative backlash against it, giving huge amounts of press and goodwill to its competitors? Perhaps you just mean the one that fails miserably at preventing pirated copies of Windows and Office being used, even if legal customers manage to jump through the required hoops on many occasions?
If you’re going to shill, you have to be more specific.
Re: Re: Microsoft uses DRM sucessfully hundreds of millions of times.
I just download music on slsk/nicotine+, its around since 2004 and somehow nobody cares about shutting it down. Probably because its too “complicated” for the plebs, I remember installing slsk on people’s computers and they went back to lamewire anyway getting their viruses. I imagine slsk survives easily because 95% of the music shared is not commercial crap. Also, if someone uses good firewall practices and blocklists, the bad guys can never catch you.
And I buy vinyl albums when I really like a band, good bands never stopped putting out vinyls.
Re: Microsoft uses DRM sucessfully hundreds of millions of times.
Microsoft has broken their DRM several times, causing users to lose content they had already paid for. When they moved from Zune to Xbox live, Zune users lost access to their content. Xbox live had issues where, if your Xbox broke and you got a new one, you lost access to everything you had purchased on Xbox live. I think there have been more, but these are the ones I can remember right now. DRM is bad. It compromises security and it breaks, screwing the user. The Sony rootkit was absolutely inexcusable, compromising security on millions of computers.
Re: Microsoft uses DRM sucessfully hundreds of millions of times.
You’ve completely missed the point. Did you even read the article? That some DRM schemes ‘work successfully’ doesn’t mean they aren’t harming your security.
A DRM scheme is successful when it stops unauthorised duplication. It can be both successful and harmful to security, as your security probably isn’t a priority for them.
The point is a systemic one: that the DMCA creates situations where insecure DRM can continue to exist. It is not to say that secure DRM is a technical impossibility.
Re: Re: Microsoft uses DRM sucessfully hundreds of millions of times.
Isn’t there tons of utilities to remove drm anyway?
Re: Microsoft uses DRM sucessfully hundreds of millions of times.
Um… Microsoft’s DRM has been broken over and over again… It also has been used to infect computers with malware as a previous poster commented… Your statement is incorrect. There is no “done right” with DRM, it is inherently flawed.
what can people do about these things like this that keep happening that keep happening? seriously I’m just asking.
what can be done other than begging the corrupt to fix the corruption? again, just asking. it’s a real question not just saying it to sound like an asshole or make anyone mad.
Re: Re:
sorry for typos 🙂
Re: Re:
Depends on what you require. If you can get by without major software and services, moving to an all-open-source platform is your best bet. Windows -> Linux, Office -> LibreOffice, etc.
Re: Re: Re:
I think you could be right, I did that before and should have stuck with it. but eventually I gave in to the convenience of windows.
Re: Re: Re: The lie that will kill PCs
I find nothing convenient about Windows.
As the “monopoly platform” it has some things that are unavailable elsewhere but those aren’t so numerous anymore and much of that is expensive specialty stuff only relevant to businesses.
DRM on PC games in particular is a force to drive people to dedicated gaming platforms where the DRM is more transparent.
Re: Re: Re:2 The lie that will kill PCs
believe me, I am not an advocate for anything made by microshit and agree with everything you say. I should choose my words more carefully. I have some “specialty” software that I can’t “conveniently” run without windows is what I was basically trying to say.
foegive me, I’m not the best with words.
Re: Re: Re:3 The lie that will kill PCs
Dual boot.
Use windows only when absolutely required.
Re: Re: Re:4 The lie that will kill PCs
touche 😉
Re: Re: Re:4 The lie that will kill PCs
p.s. when you said dual boot it brought back so many memories.
Re: Re: Re:3 The lie that will kill PCs
As has already been commented, dual-booting (or multi-booting) is a great option, for many, many reasons. For example, if something breaks in one OS, you can still use your computer. Further, if something breaks in Windows, you can quite often boot in through linux to fix it. Another great option, although not quite the same, is to run Windows in a virtual machine, thus negating the need to restart the computer in order to run any specialty software.
For dual-booting (and some multi-boot setups) it’s as easy as taking a computer with Windows already installed on it, and installing linux side-by-side. These days linux will automatically detect Windows and give you the option to boot into it when the bootloader starts.
As to convenience, I think a better word would probably be familiarity. I obviously don’t know when the last time you used linux was (or which flavor), but I can absolutely tell you that it has come a long way in a relatively short time. I would strongly recommend trying a dual-boot setup, then progressing into virtual machines.
Re: Re: Re: Re:
You should get Linux Mint, it’s not ubuntu, and it’s really damn easy for anybody to use. My mom is on Linux Mint, just so she won’t have to deal with viruses, malware and all that crap. Never had her have to call me again since I installed it on her pc.
Re: Response to: Anonymous Coward on Feb 6th, 2014 @ 12:19pm
You could change to Linux as for it is your best option. Linux is free, open source(anyone can see the code so, typically, it’ll be safer. And there are so many options and flavors for every taste.
Doctorow makes some great points
It’s a must-read piece, and he’s absolutely right. One of the things that I’ve been saying — and I should probably try to write this up in a piece for TD instead of just a comment — is that DRM is malware. Anyone shipping it should be prosecuted under the same legal framework that’s used to prosecute virus propagators or botnet operators.
But that aside, one of the takeaways from Doctorow’s piece, and I completely agree with it, is that a system using DRM cannot be secured. It’s impossible.
Good!!
I completely agree…People have started to pay more and more attention to making sure the computers they use are as secure and safe as they possibly can. Of course today it is obvious to say that is not that much possible to do.
Copyright is a big issue
Copyright is a big issue today and it is a problem that need attention.
It gets worse
Ever heard of a TPM chip? It’s essentially DRM implemented in hardware, to make analysis and therefore circumvention more difficult, and it allows “trusted” (DRM’d) code to run at a higher level of privilege than ordinary programs. And they’ve been distributing computers with these abominations for several years now.
What this means is, if someone can find a way to get code accepted by the TPM, they are in control of your computer and you have no way to get control back.
Some people worry about Iran building nuclear weapons. I worry about them infiltrating one single engineer into the right department at Microsoft or Intel.
Re: It gets worse
“What this means is, if someone can find a way to get code accepted by the TPM, they are in control of your computer and you have no way to get control back.”
That’s overstating the case a bit. TPM does not prevent you from replacing the OS with something that ignores TPM. The side-effect to doing that is anything that requires TPM authentication to work won’t anymore. In practice, that’s not a big deal at all.
Re: Re: It gets worse
…did you miss the entire Windows 8 “secure boot” kerfuffle?
Re: Re: Re: It gets worse
Did you miss that “secure boot” has nothing to do with TPM? It can be used even in computers without a TPM. “Secure boot” is the firmware bootloader checking the signature of the operating system it loads, to confirm it has been signed by a key trusted by Microsoft. Nothing more, nothing less.
Re: Re: Re:2 It gets worse
Where did you hear that? Because the description I read–where the folks at Microsoft described why it was supposedly such a useful thing–said that the TPM was an integral part of the process, to “ensure the integrity” of the whole thing from end to end.
Re: Re: Re:2 It gets worse
In other words, your PC is no longer fully in your control. If something does go wrong, you aren’t in a position to fix it because that control has been taken away from you. It resides with Microsoft or some hacker that manages to break this DRM scheme.
Re: Re: Re:3 It gets worse
In other words, Microsoft have failed to compete on an equal level – not only with open source OSes but even older versions of their own OS! – so, forcing people to stick with the OS that came with their computer is their best way forward (since they still largely control the OEM market).
Of course, it’s doomed to failure, since anything that prevents an honest FOSS fan from using their own hardware for legitimate purposes is asking them to create a workaround/hack that can be used for any purpose (witness the PS3 debacle after OtherOS was removed) and thus wastes the time and effort involved. Sadly, people will be fooled in swallowing the crap that’s given as excuses for doing this so long as someone says “piracy”.
Think of who benifits from these laws.
Other than the owners perverse protection, the holes DRM can provide benefits for people wishing to do others harm as well as all the spy agencies.
I have to wonder if the spy agencies aren’t behind pushing for these laws and provisions as a means to provide a way of deploying their spyware.
A brilliant peice - deserves the title of polemical.
I’ve also been having my own say on the article itself 🙂 I won’t repeat the comments here, but have a lookie.
Re: A brilliant peice - deserves the title of polemical.
I would, but the Guardian is one of the sites where I can’t see the comments.
Exept DRM is not 'security'
So ‘security is an “ever evolving”, and the hackers make things more secure because they try to hack, not the people who write the software in the first place, they don’t do ANYTHING, its the hackers who try to break DRM who MAKE DRM !!!! OMG !
Stupid convoluted, reverse logic and a simple TD scare tactic..
Sorry TD security does not work that way, you (should) damn well know that. (you probably do, but you don’t want to upset your 7 fans).
DRM would not be needed at all, if it was not for a large group of people (like the TD crowd) who wants to steal everything not tied down, for their own free pleasure.
Who spend all their lives making up excuses as to why this theft is acceptable, (like not calling it theft, but “infringement”) and crying like 4 year old girls when groups and people seek to stop this significant theft of other peoples property.
Oh, that’s another argument made by the wannabe thieves, the “Its not real property”..
But then sometimes they slip up, and accuse the Government of getting some low life’s bitcoins, forgetting they are not real property.
Effectively arguing FOR AND AGAINST the same principle.
So according to TD, hacking make computer MORE secure because they hack, and security software developers make computers LESS secure because they work to make computers more secure.
You even admit it yourself, MR Masnick Admitting that it is the result of “HACKERS” that has forced this security upon us..
“, every security system relies on people probing it and finding and reporting new vulnerabilities.”
For a start that is clearly UNTRUE, NO SECURITY SYSTEM RELIES ON PEOPLE ATTACKING IT for its security… what are you stupid ??
But security systems are certainly in place because people “PROBE THESE SYSTEMS”.
So yes, if no one hacked, and no one stole there would be no need for security.
And of course, according to Masnick, MORE HACKERS and THEIFS MAKES US MORE SAFE !!!
More hackers, more copyright thieves, means more security software, means more security, means more safety (although DRM is not a security software) it is an anti-theft software.
DRM is not a anti-virus, or a anti-hacking software, it is a security measure to stop theft.
Having or not having DRM on your computer does not make your computer ANY LESS or ANY MORE SECURE. Again, you must know this by now Masnick..
You’ve been doing this for 16 years, you must of learnt something about technology by now.
Or do you simply prefer to act stupid to appease you 3 diehard fans ?
Re: Exept DRM is not 'security'
“Having or not having DRM on your computer does not make your computer ANY LESS or ANY MORE SECURE.”
Did you not read the part about Sony’s Rootkit?
Re: Exept DRM is not 'security'
I would love Masnick to actually reply to this, this guy called you out on all the BS you wrote in this article.
THEFT – start by defining this and then rewrite this retarded article.
To restate the above:
THEFT leads to SECURITY TO STOP THIEVES leads to MORE ADVANCED THEFT leads to MORE ADVANCED SECURITY and so on and on and on…
This is the nature of the game so when people stop taking things that they are not supposed to take then security prof’s will stop using things like Anti-Virus, Firewalls and DRM.
Re: Exept DRM is not 'security'
Copying is not theft. Until you realize this you can never ever have an argument about anything related to sharing.
we wont be able to fix it because politicians are too worried about losing the backing of the entertainment industries, both in money and friendship. those in Congress are best buddies with those in the industries. why? because the industries know that a job promise when leaving politics and/or a donation while in politics will be repaid a hundred fold by the introduction of new laws. the fact that the new laws fuck everything up for everyone, including the industries, is irrelevant! they would rather that than admit they are wrong and start afresh, doing things the right way!!
entertainment is one of the biggest things being used against us.
Re: Re:
You, sir, are quite correct.
Lets see..
This is abit important..
A certain Important software program for use on your computer, by a MAJOR CORP..
Has had TONS of updates in the last couple years..
Whats interesting is that NOT being part of Apple, they are also one of the major software companies WRITING for them..
RECENTLY they announced that that the DRM that they wrote for a piece of portable hardware was going AWAY, and that ALL those that used it, must redo the DRM to a current version, or THEIRS.
Simple DRM, checks a disk, as its inserted into your computer then plays it..
WHAT else could you do with Software AND DRM??
Go out and get cover art?
Get lyrics?
TELL SOMEONE that you have THAT PROGRAM??
REPORT the name of all your music to someone?
REPORT any music/video that DONT have DRM??
(this was noted on a smart TV, recently for LG..and someone got upset)
If you arnt upset yet…ASK ADOBE..what they are doing.
Re: Lets see..
Yeah, I use FOXIT Reader when in windows for pdf’s and linux just comes with its own pdf reader.
As for flash, its easy not to need it anymore.
Re: Re: Lets see..
linux just comes with its own pdf reader.
What? That’s nonsense.
If you were to say most Linux distributions come with a pdf reader, that would be correct. But even then, the choice of which reader (there are many) is included is usually tied to which desktop environment is being used (KDE, Gnome, XFCE, etc).
“For example, having food makes you secure from hunger, but puts you at risk from obesity-related illness”
Hmmm… that strikes me as being a bad example. Having a reasonable amount of food does not do this, only an abundance of it, and even then only if you overuse the resources you can access.
A better way to put it is that having food secures you from hunger, but may also place you at risk of, say, food poisoning or certain allergic reactions. Also, like DRM, it may not even do its primary job properly – if the only “food” you have is poor quality, you may still suffer from malnutrition even if dying from pure hunger is no longer going to happen, and it can be worse than nothing if it happens to be laced with rat poison.
DRM in EU - (not un)touchable?
Well, this might be interesting http://curia.europa.eu/juris/document/document.jsf?text=&docid=146686&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=581960
Looks like at least some forms of DRM can be circumvented legally in EU now…
Hacking
Any computer/ cell / tab that uses certain (i won’t mention) music stream/ download services with drm can be hacked. All I need is a public ip and then I can piggy back on the ports left open for media authentication. This goes for movies as well. Data is a gold mine! And with new laws, its easier than ever to cash in!
Worst Article Ever?
“DRM is designed on the presumption that users don’t want it, and if they could turn it off, they would. You only need DRM to stop users from doing things they’re trying to do and want to do. If the thing the DRM restricts is something no one wants to do anyway, you don’t need the DRM. You don’t need a lock on a door that no one ever wants to open.”
— Sorry, but this is just stupid. Applying this logic would say why do any of us need firewalls, they just stop hackers from getting at what they want. And while we are at it, last time I checked most people still lock their doors at night because we probably A. Have something that others would want and B. Don’t want to give it to them.
Here is what I think people forget when they read these embarrassingly one-sided and obviously prejudiced articles bashing content owners…the reason why they have DRM in the first place is because typically the content has been discounted from the price of something like a DVD/BR. Being able to rent a movie on iTunes is cheaper than buying it on DVD and hence has been discounted to counteract the limited usage. BTW, when you pay a discounted price to see the movie in a theatre, you don’t get to film a copy with your camcorder and bring it home with you either (not legally at least). You also don’t get to see it the next day without another ticket…
Finally, using a near 10 year old example with the Sony root kit — seriously, thats the reason why people should be afraid of DRM on their computer, because in 2005 Sony released audio CD’s that had it???
Re: Worst Article Ever?
And while we are at it, last time I checked most people still lock their doors at night because we probably A. Have something that others would want and B. Don’t want to give it to them.
Inept analogy is inept.
DRM is not like me locking my front door at night. It’s like buying a house with one of the rooms locked by the previous owners that I am not allowed, by law, to enter.
Touchy Subject!
By the Gods! This topic has brought out the shills in the forum like rain brings out the worms on a golf course.
Which is really great since the arguments used by these quantity-paid forum stuffers are so pathetic and groundless, they make the case for ending DRM far better than anyone else here.
I hadn’t realized that DRM discussions were such serious shill-bait! Apparently, the legacy industries are putting most of their eggs in this basket.
darryl just hates it when due process is enforced.
I’m not worried about DRM or being hacked because I know and understand the risks of using a global computer network. I also know that I’m not interesting enough to hack. “Hahaha now we have his insurance statements for the year!”
If you want true security have a non-networked and online PC (not virtual obviously, derp) or get yourself a in-house proxy/firewall server. Re-write your routers to block all and only write in exceptions. 2ez.
windows insecurity
Windows insecurity can be traced to their initial decision to have to use twice as many assembly instructions to do anything due to their mega fail twisted dos core that is still there passing assembly instructions now.
now thats what they want!!
Even Amazon had applied DRM across the board; but now we can see there is an option for Amazon when we upload where we can select whether we want DRM or not! Now the question is what you prefer!!?? 🙂