T.13 hoses down CPRM fears

It was all a terrible dream...

  • alert
  • submit to reddit

Mobile application security vulnerability report

A compromise that the 4C Entity hopes will defuse the CPRM controversy could be agreed this week. The second draft of the revised proposal permits copy control mechanisms, but their use may be confined to removable devices.

Of course, that's what 4C members (Intel, IBM, Matsushita and Toshiba) insist it was all along - if it wasn't for those pesky facts. In fact CPRM was first proposed for industry standard ATA disk drives back in October, and was again presented to the T.13 committee, which oversees the ATA standard, in December - only with references to "CPRM" excised.

As the news spread, computer users reacted with outrage, with calls to boycott CPRM-compliant hardware. There was even serious talk among free software developers of boycotting IBM's much vaunted Linux initiatives.

But only after the San Jose Mercury made the story front page news on January 29, did we hear that a compromise was eagerly being sought.

In advance of the second draft, the T.13 committee has indulged in some ass-covering of its own. It has published an FAQ - the first it's ever produced - on the subject of CPRM on ATA drives.

It was all a terrible dream

"4C has never proposed that CPRM be included in the ATA/ATAPI standard," the document begins.

Excuse me? Rather damning evidence to the contrary can be found on the T.13's own website. You can see for yourself. The document "Content Protection for Recordable Media (CPRM) Proposal" dated 9 October 2000, for example.

Between the first and the second pitches, CPRM was made more "generic" ... with incriminating references to CRPM removed, as these minutes from the second, December T.13 meeting show:

"All subcommands and data structures now have generic names, rather than those of CPRM... Some editorial improvements were suggested, but no objections were raised to the technical content.

Paul Anderson moved to include this proposal with the noted minor corrections as a revision 3 into ATA/ATAPI-6, and Task Kasebayashi seconded. The vote was 4:2:11. This motion failed because the approvals did not exceed 50% of the membership, part of the "ANSI two-thirds" rule for late proposals. This proposal will remain on the agenda."

So here you have a Paul Anderson voting to move CPRM into the ATA spec version 6 (with the names changed, you'll note). While the Paul Anderson who authored the latest FAQ that denies this ever took place. Could they be related?

Always optional

"Will CPRM cripple the entire computer industry?" the document asks rhetorically. "No. Since copy protection is always optional, CPRM will only be utilized if there is consumer demand for exciting new entertainment content that is only made available in a copy protection framework."

Good-ee. But then...

"CPRM is not designed for nor applicable to fixed, captive hard drives," it asserts.

Let's remind ourselves of the context for this proposal. The ATA committee oversees the technical standard used by fixed hard drives. There is only one removable drive which uses this command set: Castlewood's Orb. Other removables such as Zip drives use the ATAPI standard.

And other media use specific supersets of ATA, but these don't require the ATA standard to be modified. The proposal was specifically designed to use ATA, rather than ATAPI (removable) semantics. Make no mistake, the CPRM proposal as first mooted, regardless of these parties protestations of innocence, was a torpedo aimed at the fixed hard drive standard.

That's why we figured you'd want to know about it sooner - when it was possible to make a difference - rather than later.

As the FAQ acknowledges:

"CPRM-protected files are only playable when they reside on CPRM-enabled devices." And in the case of backups:- "Restoring a protected file to a different piece of media would initially result in a un-playable file."

The document fairly also seeks to absolve the hard drive manufacturers of blame for the CPRM caper. Which is quite correct - as the T.13 committee has twice deferred attempts to have the 4C's CPRM copy control proposal adopted as part of the specification.

"Did CPRM arise by shadily influencing HDD vendors in back-room meetings?" asks the FAQ.

Well, of course CPRM didn't "arise" in meetings with vendors, it "arose" much earlier. Hard drive folks have plenty to worry about without cooking up schemes which restrict data movement. At some point CPRM had to be granted approval by hardware vendors, which is how, in this case, the world got to hear about it.

Interestingly the FAQ answers one of the most emblematic points made by John Gilmore in his essay What's Wrong With Copy Protection [translations also available in Portuguese and German (and not Dutch as we earlier said)]. Gilmore describes how stealth restrictions imposed by manufacturers can very quickly become personal:

"By private agreements among major companies, such as SDMI and CPRM (that later end up being "submitted" as fait accompli to accredited standards committees, requiring an effort by the affected public to derail them). By private agreements behind the laws and standards, such as the unwritten agreement that DAT and MiniDisc recorders will treat analog inputs as if they contained copyrighted materials which the user has no rights in. (My recording of my brother's wedding is uncopyable, because my MiniDisc decks act as if I and my brother don't own the copyright on it.)"

We ask the questions

Doubtless with this in mind, the FAQ asks: "If CPRM becomes ubiquitous, then I won't be able to use these new compliant recorders to record my baby's first words, right?"

And goes on to answer itself:

"A: You will absolutely be able to use CPRM-compliant recorders to record personal content. CPRM is used by applications that require its use and will not be used nor affect applications used to record personal content. Just like DVD video players play unprotected videos and SDMI players import unprotected music, all CPRM-enabled players and recorders will play/record unprotected content. This is not accidental. Going back to the original DVD video definition, the fundamental principle underlying copy protection has always been: "If the entertainment industry wants its content protected, it must take positive action, encrypting it and/or watermarking it at the source."
Representatives from various computer companies have
repeatedly gone on record as unwilling to protect content that was not already protected before it entered the computer system."

So with the help of CPRM, they'll be able to lock it down for good. ®

Related Stories

For our full CPRM on ATA coverage, click here.

The Power of One Brief: Top reasons to choose HP BladeSystem

More from The Register

next story
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
Bose says today is F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
prev story


Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.