MS plans ‘Secure PC’ that won't copy pirated audio files
I'm sorry Dave, I can't do that...
Microsoft's research division is busily inventing a mysterious beast called the Secure PC, which is designed to win hearts, minds and wallets in the recording industry by blocking unlicensed copying of digital music. We know that the Secure PC exists at least as a concept, because it's listed as a project of Microsoft research's cryptography group.
Sadly, the crypto boffins haven't yet put up any kind of spec, or even a white paper, but there are a few pointers in the overview pieces Microsoft Research is currently running in an apparent bid to get the anti-piracy message across better. Paul England of the cryptography group apparently has the mission of persuading "content providers that the PC should be the platform of choice for buying, viewing and manipulating content from the Internet", which you might reckon sounds a bit more like sales than research, but we'll let that pass.
"England has a bold plan to improve the PC and make it a secure delivery system for audio and video," says Microsoft. England's solution involves "making minor modifications to the PC's hardware to allow Microsoft to make a secure version of the Windows Media Player". So clearly, this is at least a part of the Secure PC.
The particular minor modifications aren't specified, but the net effect is: "Essentially, this would turn the PC into a record player as far as music is concerned, while preserving the other open aspects of the computer. Record companies could release their records in an encrypted, unable to be copied Windows Media Audio format that would only work on the secure version of the Windows Media Player. A similar arrangement could be reached with the movie studios for film distribution."
Other, related aspects of the Secure PC will likely include Secure Audio Path technology, which is intended to operate at OS level and keep the data encrypted right up until the point where the sound card is actually playing it, and the ability to control burning of WMP files onto CD via rights Manager. It's possible that the Secure PC is simply a bit of spin and/or minor mods on top of the Secure Audio Path plans (which themselves require Microsoft-approved signed drivers for audio cards), but it's probably sensible to stay paranoid about it at least until we get a spec. And until we're sure it's not going to have some kind of CPRM 2 scheme slid in among the minor modifications.
From the point of view of many habitually non-paying users, the scheme might not seem to matter much. Use another player, use another OS, and despite the recording industry's best efforts it does seem likely that good old audio CD will be eminently and easily rippable for quite some time yet.
But actually from Microsoft's point of view, this is quite useful. Back to Paul (Birmingham and Imperial College - one of ours, apparently - sorry people): "'We must convince the record industry that the PC is better than the compact disc in terms of piracy,' England says, pointing out that any 14-year-old can now buy a CD, copy it with a 'ripper' program and post it on the Web for all his friends to share."
See the sense of that? Microsoft already has a ubiquitous client it can pitch to the music business, and if it can pitch it as secure, far more secure than audio CD. Windows and Windows Media Player file formats and technologies will become the obvious solution for the music and film businesses. The Microsoft solution also has advantages from their point of view in that it allows online licence management, pay to play systems and on-the-fly updating of "revocation lists". These update your client on compromised certificates.
It's hardly Microsoft's fault if people pirate audio CDs, nor is it Microsoft's fault if other formats are used for unauthorised copying. "MP3 is less popular with record company executives, film producers, and other content providers," as Microsoft says. So Microsoft can be the squeaky-clean secure music delivery system that slowly convinces the record business it's better than audio CD, while the record industry carries on suing the crap out of everybody else. And getting the security progressively more into the OS and the hardware might have implications for the ongoing viability of other players, mightn't it? Got to be careful with that one, though...
MS Research is also currently publicising another, mostly unrelated, operation; the anti-piracy activities of one ANalias. We'll draw a veil over most of the activities of this sad individual, who apparently hangs around warez areas gathering information in the arms race against copying. But it says here: "Microsoft protects its software from abuse by writing into the basic code protection mechanisms that, while the program is running, continually verify that it has not been tampered with." We're baffled by this, considering the amount of tampered with, but apparently viable, Microsoft software there is all over the Web.
It continues: "The program may 'call' for the tamper protection mechanism every 40 clicks of the mouse, or every time a file is opened, and if the right response is not forthcoming, the program shuts down. The 'call' is usually encrypted so that it cannot be detected or intercepted." Any information on where this appears already, or where it's going to appear, would be appreciated. ®
Microsoft Research Links
Sponsored: Becoming a Pragmatic Security Leader