chosaq

The impossibility of Sun’s Open Media Commons

Back in August, Sun announced it would start with an open source DRM project, confusingly dubbed “Open Media Commons”. The EFF’s Cory Doctorow and Donna Wentworth both pointed out the logical impossibility of the OSS+DRM combo. An interesting quote from Cory’s follow-up post about the issue:

Crypto isn’t about algorithms. Crypto is about threat-models. The threat model for SSL is a third-party eavesdropper. The threat model for DRM is that the intended recipient of the cleartext will gain long-term access to the cleartext.

In the meantime, the Open Media Commons website has gone live (that is, I hadn’t seen it until yesterday), featuring a press release paper about Sun’s own “open standards-based DRM solution”, called DReaM. I had a look at the document, but didn’t quite get what they’re at. Section 1.8 “Security through obscurity” states:

Historically, proprietary end-to-end architectures have relied upon obscurity to avoid being cracked. Such systems are based upon a false foundation of security promises. Such systems have been cracked and will continue to be breached.

That’s correct, but how can Sun’s DRM be any different? The problem with DRM is that it’s built around flawed threat model (cfr. Doctorow) – in any DRM system, recipient Bob and hacker Mallory are one and the same person, making DRM fundamentally different from SSL (although Sun doesn’t seem to think so). In other words, the only way to “secure” a DRM system is by obscuring how you descramble the encoded signal to a more enjoyable form – an approach that, as we know, is prone to hacking.

Applying this on DReaM’s alleged open source aspect, the conclusion is simple: if security can only happen through obscurity, open sourcing the project becomes an impossibility.

Note 1: Prof. Lenz believes open source DRM is possible, but I don’t agree: excluding people who contribute DRM-defeating code to the project may be easy, but nothing (except the law, maybe) stops them from using the project’s source code for creating their own circumvention tools. In other words, you can create an open source DRM, but it will be meaningless, as it will be hacked even faster than closed source DRM systems.

Note 2: as if the words “open” and “commons” aren’t confusing enough (we’re talking about DRM here!), the Open Media Commons frontpage’s “related links” section also links to Creative Commons, making it feel like an affiliate project or something (which I’m sure it’s not). Disturbing.

Comments on “The impossibility of Sun’s Open Media Commons” (feed)

Comments and pings are closed.

  1. If a DRM system is based on obscurity, it violates basic crypto design principles. See Wikipedia on Kerckhoff’s Law.

    Actually, one advantage of open source software for security related programming is exactly that it follows Kerckhoff’s law as a default.

    So, if there is any influence the development model has on the effectiveness of DRM, it is probably the other way around.

    Open source production does not mean having your DRM “hacked even faster”. It means that your security is not in obscurity, where it has no business to be in the first place. It means that your project will not be hacked the moment someone finds out that all it takes is pressing the shift key.

    Actually you are probably right that it is for the very least very difficult to build effective DRM on the PC platform. The latest SONY case shows that consumers rightfully won’t put up with the necessary level of taking over their machines.

    However, there are other possible platforms that are better suited or designed for DRM in the first place.

    Doctorow believes that no DRM can be effective, ever. That obviously means that it makes no difference if the necessarily uneffective DRM is developed as open source or not. That in turn removes most of the relevancy of his comments on this particular point.

    You need to believe that there can be such a thing as effective DRM in the first place if you want to talk about which production method is suited better to build it.

    » Karl-Friedrich Lenz on November 17th, 2005 at 23:08