Descrambling the hard drive copy-protection scheme
HOLLYWOOD WANTS A piece of your hard drive.
A proposal now under consideration by a technology standards organization lays the groundwork for content protection capabilities on your next hard drive and has privacy advocates crying foul.
The group responsible for the proposal is called the 4C Entity and is led by industry heavyweights Intel and IBM. The 4C Entity submitted the proposal to the industry committee that controls the standards for hard drives as well as other removable media.
Opponents contend the plan will lead to content protection code on hard drives that will curtail the exchange of digital audio, video, and information, limiting how people can use their PCs.
Some go further and claim it is the first step toward the end of free content on the Web. They argue that the strategy plays into the hands of greedy music and movie studios and that it could even hinder basic and legal tasks such as hard drive backups.
Proponents of the plan claim such scenarios are ridiculous, and say it has nothing to do with hard drives, but rather with removable storage media such as Flash memory, microdrives, and most rewritable DVD drives. Besides, they say, it affects only protected content-not your everyday text files.
Which side's claims are accurate? It's hard to say, as the main architect of the plan, IBM's Jeff Lotspiech, has twice accepted then later declined our requests for an interview.
An IBM spokesperson says Lotspiech and representatives from the other 4C companies (which include Matsushita Electronic, parent company of Panasonic, and Toshiba) are cloistered to create a document that addresses common questions about the plan. Lotspiech won't comment until the group posts that FAQ on its Web site at an as-yet unspecified time, the spokesperson says.
It's easy to understand why this plan has caused confusion and concern: It is a tangle of awkward acronyms, base-level technologies, and industry politics. It starts with the National Committee for Information, Technology Standards, the industry body that sets the common standards upon which all PCs operate.
The subcommittee in charge of the ATA standard-which controls hard disks and other drives-is called the T13 group. This group is currently working to update the ATA standard.
The 4C Entity is lobbying the T13 group to change the ATA standard, introducing base-level instructions that let device manufacturers implement a 4C-created technology called Content Protection for Recordable Media.
CPRM is basically an encryption scheme. It is compliant with the Secure Digital Music Initiative supported by the big music companies that limits reproduction of secure content.
A representative for 4C member Intel says the suggested ATA changes are generic and would allow vendors to incorporate any type of content protections -- not just CPRM. Furthermore,
CPRM would apply only to ATA-driven removable media such as microdrives and flash memory, not hard drives, in Intel's view.
"The scenario [opponents] put forth is hilarious," says Manny Vara, Intel spokesperson. The CPRM technology will not impact your current files; it simply doesn't work that way, he says. Besides, he adds, Intel wouldn't sanction its use in hard drives.
"This is not to be used with hard drives," he says. Using the technology to restrict what users can put on their hard drives, restricting what people do with their PCs, would be bad businesss for Intel, he says. More than 80 percent of the company's sales come from PC processors, chip sets, and motherboards, so it wants PCs to do more, not less, he says.
"We want to make sure that the PC will be able to play any type of cool new media that comes out," he says. That's why CPRM technology won't prevent you from ripping your own CDs or downloading free music from sites such as Napster. It simply will not impact today's content, he says.
So what would the technology do, exactly? According to Vara, the only time CPRM would kick in is if you downloaded CPRM-coded content, such as a song, and moved it to a CPRM-enabled MP3 player using CPRM-compliant storage.
No CPRM technology would ever reside on your hard drive, and despite its CPRM code, you could still do whatever you want with the content while it's on your hard drive, he says. But once it's on the CPRM device and media, it may stop you from replicating it further, he says.
So if you can copy the content from the hard drive, where is the security? Vara admits the system isn't foolproof, but he says it's a step in the right direction toward appeasing content owners.
Despite Vara's insistence that the 4C Entity never planned to use CPRM on hard drives, early reports suggest IBM's Lotspiech has discussed using the technology on hard drives. That's difficult to confirm with Lotspiech avoiding interviews, and hard drive vendors such as Seagate, Maxtor, and Quantum staying mum for the moment.
However, at least one member of the T13 group is talking. Andre Hedrick, a representative for Linux in the group and a storage industry consultant, says the original 4C plan was not specifically for hard drives. But because it is for use in the ATA standard, that "implied" it could be for hard drives, which is unacceptable, he says.
"I objected," he says. The 4C group listened and announced last week it will include a provision that lets end users disable the CPRM feature, should it eventually find its way onto future hard drives, he says.
Hendrick also disputes Intel's claims that hard drive backups won't be affected. If you try to back up CPRM content to an unsecure drive, you'd lose access to that content because your second drive can't read the CPRM encryption. You might need new utilities even for backups between compliant drives. The software also needs to recognize CPRM to properly manage the content.
Intel's suggestion that you can download CPRM content to a non-CPRM hard drive is also incorrect, Hendrick contends. Although you could theoretically perform the transfer, you wouldn't be able to access the content on that PC. That material would have to pass directly into a CPRM-ready device and media to work, bypassing the noncomplaint hard drive, he says. That's the value of the system to content owners.
CPRM satisfies the "paranoia" of people who want to sell movies and music but don't want to cede control of it, Hendrick says. "The Hollywood sewer wants to protects its content."
Dave Reinsel, senior analyst for hard disc drives at IDC, offers a less disdainful view of the technology.
"The sooner content protection gets here, the sooner they [the record companies] will start providing content," he says. "They won't allow free distribution."
If consumers want to download this digital content, they'll need a drive that accommodates this protection, Reinsel says. Someday, content download may not be possible without protection.
Consumers may not be happy with the copy-protection scheme; the only benefit for them would be the capability to download this protected content and they may not care about getting such content.
T13 member Hendrick says that's why people must be able to disable the CPRM feature, as he sugggests to the committee. "If people can turn it off, then they can choose," he says.
"The announcement that you can shut it off doesn't address the issue," says Brad Templeton, chairman of the board for the Electronic Frontier Foundation, which monitors free-speech and privacy issues on the Internet.
Sure, you might be able to turn it off, but if over time all new songs are CPRM-enabled, you won't be able to download and access them and play them off your disabled drive, he says.
Templeton says he suspects at first all hard drives and software music players will continue to play all songs, even those with CPRM. But in a few years, when most computers have the CPRM-ready hard drives, the content owners could change the rules, only allowing secured music to work.
Another question is whether CPRM would work on all operating systems, he says. Although Microsoft would surely integrate the necessary code into its products, how do you add such a feature to an open-source operating system, he wonders. And if you can't, does that mean non-Windows operating systems could not play new music?
Expect questions about this issue to linger for months, because the ATA standard won't be finalized for quite some time, says Kate McMillan, director of the NCITS Secretariat.
This is a recent proposal, first offered in October 2000, she says. The T13 group may approve it in its February 20 meeting, but then they must post the standard for public review for at least 45 days, she says. Then, opponents and supporters can voice their opinions.
"I'm sure we're going to get some comments," she says.
After that, the T13 group must address those questions, approve the proposal, and send it on to the NCITS for final approval. McMillan doesn't expect a solid standard to arrive until at least May 2001.
"It takes at least six months; and that's if everybody loves it," she says.
PC World Senior Associate Editor Anush Yegyazarian contributed to this report.
For more enterprise news, go to www.pcworld.com . Copyright(c) 2001 PC World.