Feeds

Cryptographers to Hollywood: prepare to fail on DRM

No universal panacea here

  • alert
  • submit to reddit

SANS - Survey on application security programs

RSA 2005 Movie industry representatives at RSA 2005 in San Francisco today called on the IT industry for help in thwarting illegal file sharing before the problem threatened its revenues. But they were told that they must recognise the limitations of digital rights management in their fight against digital piracy.

Speaking on the RSA conference panel Hollywood's Last Chance - Getting it Right on Digital Piracy, Carter Laren, security architect at Cryptographic Research, noted that cryptography is "good at some problems, such as transmitting data so it can't be eavesdropped or even authentication, but it can't solve the content protection problem. If people have legitimate access to content, then you can't stop them misusing it.

"Anyone designing content protection should design for failure and if it fails update it," he added.

John Worrall, marketing VP at RSA Security, agreed that content protection systems should be easy to upgrade. The entertainment industry must also learn from its previous mistakes in pushing the weak CSS copy-protection system for DVDs. "If content providers open up standards to good cryptographic review they will get a better system," he said, to applause from the RSA 2005 audience.

The entertainment industry also needs to be responsive to changing market conditions and consumer preferences, according to Worrall: "Don't lock down a set of content rules that look draconian five years from now. Be flexible enough to incorporate change in rules. If rules are too restrictive people will go to other channels, including pirated material."

Andy Sentos, president of engineering and technology at Fox Entertainment Group, argued that device manufacturers need to recognise the requirements of the movie industry in the design of their products. "There's a value in both content and functionality but there has to be a balance," he said. ®

Related stories

SuprNova.org ends, not with a bang but a whimper
The BitTorrent P2P file-sharing system
MPAA closes Loki
Stealing movies: Why the MPAA can afford to relax
Norway throws in the towel in DVD Jon case

RSA 2005

All the Reg stories from this year's conference

3 Big data security analytics techniques

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.