Death to DRM, we'll kill it in a decade, chants EFF
Anti-piracy mechanisms block reverse-engineering and security studies
DEF CON 23 The Electronic Frontier Foundation (EFF) has used the DEF CON hacking conference to launch a campaign to stamp out digital-rights management (DRM) technology.
In an ironic twist, the cyber-rights warriors hope to use the hated Digital Millennium Copyright Act (DMCA) to kill off mechanisms that attempt to thwart piracy and reverse-engineering.
One of the DMCA's most pernicious parts is Section 1201, which makes it a criminal offense to circumvent technological controls on copyrighted products, or to distribute tools to do so. In the past this has been used to prosecute 2600 magazine after it published the secret to breaking the anti-copying technology in DVDs. Cory Doctorow, who rejoined the EFF to get behind this, thinks Section 1201 can be used for good.
There's very little case law on Section 1201, he said, because the industry is very careful about when it prosecutes. It went after 2600 because the case would be heard in New York, where judges aren't tech savvy, and because most members of the judiciary aren't keen on hackers.
But there have been successes. In 2004, Lexmark brought a Section 1201 case [PDF] against a company that was refilling its ink cartridges and resetting the chip inside to fool the printer into accepting them. The judge ruled against them on the grounds that the only copyrighted work in the cartridge was the DRM itself.
But now, with the internet of things, huge numbers of devices have copyrighted material inside, and there's no way to check the security of them because of Section 1201. As a result, we have devices like insulin pumps and home security systems that have never been scrutinized because researchers don't want to break the law.
"Section 1201 is deadly for security," Doctorow said. "We have one methodology for security that works, and that's disclosure and adversarial peer review. It's the same methodology that we used to go from the dark ages to the enlightenment."
But, he pointed out, security researchers break Section 1201 all the time – they just don't talk about it. So the EFF wants to change that.
One of the advantages America has is that there's a constitution and an independent judiciary, so stupid laws can get struck down if they are ruled unconstitutional, Doctorow said. That's how strong encryption was legalized, and he thinks it can do the same on DRM. "We want to know about the work you're doing and want to structure research so it's as litigation-proof as possible," he said. We also want to ensure that research is optimized to make sure any court judgement is a shining beacon on the hill, not a terrifying icon of how bad it is to go up against the machine.
Once you eliminate Section 1201, then DRM will die out, he posited. If DRM goes in the US, then other countries will follow suit, he predicted, because "when one party in a suicide pact pulls out, the other one does too." ®
Sponsored: Becoming a Pragmatic Security Leader