Digital Rights Management and Operating Systems
“Sony has recalled many millions of its music CDs, because they contain ‘copy protection software’ that may damage computers. Describe and explain this story; compare Sony’s approach with other attempts to achieve copy protection, and discuss the future for digital rights management in operating systems design.”
In August 2000, the Vice President of Sony Pictures Entertainment announced to the Americas Conference on Information Systems “The industry will take whatever steps it needs to protect itself and protect its revenue streams… It will not lose that revenue stream, no matter what… Sony is going to take aggressive steps to stop this. We will develop technology that transcends the individual user. We will firewall Napster at source - we will block it at your cable company, we will block it at your phone company, we will block it at your [ISP]. We will firewall it at your PC… These strategies are being aggressively pursued because there is simply too much at stake.” This was one of the first times many in the technical field saw and predicted the rise of DRM-like technologies. This issue has been invisible to many non-Internet news sources until fairly recently, but, on the infinite discussion of many Internet forums and newsgroups, changes have been noticed and protection has been found and cracked. A notable early example of this was the Content-Scrambling System (CSS) used on some DVDs, introduced around 1996, and integrated into many DVD drives, players and DVD media. However, in 1999 the algorithm was cracked by Johan Johansen, known as “DVD Jon” and a program to decrypt the content, named DeCSS, was released anonymously, possibly by DVD Jon.
The most recent example of DRM controversy hitting the mainstream news all started when a man named Mark Russinovich, Chief Software Architect and co-founder of Winternals Software, was testing his new version of “RootkitRevealer”, and was surprised to find that he, according to his software had a rootkit. Rootkits are defined by TeCrime International as “A collection of tools that allows a hacker to provide a back-door into a system, collect information on other systems on the network, mask the fact that the system is compromised…”. In this case, Mark found files, an application and registry keys that had been hidden by the operating system, preventing them from being detected from the Windows API. Due to Mark being a security expert, and him writing security tools such as the aforementioned RootkitRevealer, he was somewhat surprised to hear he had picked up a rootkit on his machine.
Traditionally, to have got a rootkit on your machine, you needed to have run, either as a root on UNIX based systems or Administrator on Windows based machines, an executable that installed the rootkit on your machine. Another possible method is remote execution through security holes in software (recently, holes in PHP web applications such as PHP Nuke), allowing the executable to install and run the rootkit file. Virus checkers and running files only from trusted sources can normally stop the first method, and a good software or hardware firewall (or being behind a router or proxy with closed ports) can normally prevent the second. As a Windows expert, Mark was likely to be using both of these methods, hence leading to his surprise.
Windows rootkits traditionally patch the Windows APIs to prevent their files being found. Using this knowledge, Mark dumped the contents of the service table, looking for entries that pointed outside of the Windows kernel. Finding two of these, he found a link to one of the files masked by the API modification. Examining this file, he found that it was hiding any file with the prefix
$sys$_. Further examining the DLL files, he found that they had been signed by a company named “First 4 Internet”, who sold a DRM software named XCP. He also found that they had produced software for several record companies, including Sony, to implement copy-protection methods on CDs. He then traced this back to a copy-protected CD he had bought. Sure enough, when he played the media from the bundled player on the disk, the DRM manager’s CPU increased. The DRM manager was also running as a Windows service, with the subtle name of “Plug and Play Device Manager”. This, even at a stretch, is a complete lie, with the DRM manager having very little to nothing do do with Plug and Play, but instead being about protecting digital content. This naming was, presumably, to stop a normal or even slightly technical user from spotting anything being amiss if examining their Windows Services.
With this knowledge in hand, Mark went about attempting to remove the rootkit. This resulted in him finding out that the installed DRM files had installed themselves as a filter under his CD-ROM device drivers, resulting in his CD drive no longer working when he removed them. He managed to eventually restore things to working order, but this raises some important questions in the future of DRM. This software was, by the opinion of a man who Microsoft have awarded a “Microsoft Most Valuable Professional” certification, shoddily written, had no visible removal method, and used CPU time even when the DRM media was not present.
This scandal, initially posted on Mark’s blog, grew from technical to mainstream news, and seen many differing reactions. Spyware and antivirus companies released updates to remove it and prevent its installation, unnecessary now, as in the last week, Microsoft have released a patch to remove it. The fears of the rootkit hiding new viruses and hacks has been released for World of Warcraft, a popular MMORPG (massively multiplayer on-line role playing game), using this rootkit to avoid detection of the hacks. Legally, the States of California, New York and Texas have initiated lawsuits against Sony, with the New York suit seeking damages for all those affected throughout the United States. Italy has also filed lawsuits against Sony over the rootkit. However, removal of the software, before these suits pass, could be claimed to violate the Digital Millennium Copyright Act in the United States. Also, ironically, a researcher named “Muzzy” has identified code from the LAME MP3 encoder inside the rootkit code, presumably to pattern match and prevent the protected CD’s from being encoded. However, the LAME software is licensed under the open-source LGPL, which requires disclosure of any modifications as well as the credit being given to the copyright holder. To quote “Muzzy”, “this is certainly copyright infringement”. This means Sony and First 4 Internet are both liable for distributing copyrighted software.
Sony has tried to clean up from the mess of media exposure around the scandal, finally releasing a removal tool on their website. Initially, however, the President of Sony BMG’s global digital business division was recorded on a US public radio program saying “Most people, I think, don’t even know what a rootkit is, so why should they care about it?”, further claiming, “component is not malicious and does not compromise security”. While the claim the product is not malicious is justified, I believe it is apparent from the evidence above that the product has already been used, in the case of the WOW hackers, to compromise security. In addition, Sony’s removal tool uses ActiveX, meaning it is not usable on alternative browsers such as Firefox or Opera, and ActiveX frequently finds itself disabled by security-conscious users, due to the spyware infestations and malicious programs that frequently accompany it. This may be seen as excessively paranoid, but in this case it would be justified, as it has been reported by “Muzzy” that the ActiveX control has 2 methods called “RebootMachine” and “ExecuteCode”, the prior, unsurprisingly, but amazingly insecurely, reboots the machine, and the latter remains untested, but presumably allows remote code execution. These methods could, technically, be called by any website that uses the ActiveX API, without prompting the user, simply by calling the already installed ActiveX control. Additionally, even when the removal control is run, several scriptable methods are left behind, still allowing the ability to reboot the machine remotely, using only a web browser. Quoting Muzzy, “Considering anyone can reboot the computer using these, I suspect security wasn’t thought about for even a second during development of this thing. Virus writers and such would be very interested in analysing what these methods do, as some of them are remotely exploitable… by design.” Recently, a new standalone installer was released, which seems to properly remove the software. Sony announced, on November 11, 2005, that they will stop producing CDs using First 4 Internet’s XCP DRM software. According to the New York Times, 4.7 million CDs have been shipped and 2.1 million sold that use this technology, and although Sony is initiating a recall, is is likely at the start of 2006 there will still be machines compromised by this system, and, according to the New York Times, there are still at least 2 Internet borne worms that take advantage of the rootkit.
Other methods of DRM have been in use for years. As previously mentioned, the CSS method of protecting DVDs will shortly be coming to its 10th birthday. Other notable methods are the Apple Fairplay DRM used on their iTunes MP3s and the Microsoft NSC format encoding, both cracked by DVD Jon and DivX, which required a phone line in order to view its video disks. Other methods of content protection seen recently have been the phone or Internet activation requirements of Office and Windows XP, digital watermarking and Valve’s Steam software. Steam is an interesting move in the world of content protection and many, myself included, applaud it as a move in the right direction of both content protection and software publishing. Steam, instead of requiring traditional purchase and then activation, requires you to download their client program, register an account, and either register existing pre-Steam products, or buy products directly from their Steam program. It is interesting, as it does not require an Internet connection to play Steam games off-line, as long as they have been activated on the Internet at least once. The Steam distribution platform also automatically updates software with patches, and creates a directory of on-line servers for playing Steam games, allowing them to be quickly found and connected to, using the Steam browser. Initially, this platform was only used by Valve, the creators and developers of Half-Life, but, after the Half-Life 2 release proved the platform to be valid and powerful, we have seen a release of a few more games such as Pirates!, Rag Doll Kung Fu and Darwinia.
Unfortunately, bright stars such as Steam seem to be few and far between in the ever-progressing field of DRM. The previously mentioned Digital Millennium Copyright Act was passed in 1998 and signed into law in the United States. One of the key parts of the DMCA is the content on Circumvention of Technological Measures, which prohibits devices or services that are primarily designed to circumvent, have limited commercially significant purpose or use other than to circumvent or are marketing for use in circumventing copyright measures such as DRM. Understandably this and other similar legislation brings crackers such as DVD Jon under fire, who was arrested for “computer hacking” in 2002. He was, however, acquitted without charge in January 7, 2003, after argument from the defence that any copy protection he circumvented was for DVDs he already owned, and under Norwegian law it is legal to make personal copies of data such as DVDs for personal use.
Legislation, such as that previously mentioned, is meeting operating system design with the emergence of the Next-Generation Secure Computing Base (NGSCB), formerly know as Palladium. This is a software architecture designed by Microsoft to implement trusted computing on future versions, post-Vista, of the Windows operating system. Trusted computing refers to the design of systems or software designed to perform the way they “should”, potentially allowing computer manufacturers and software authors to increase their control over how the computer systems are used by their users. This could result in users no longer being able to change their software, control information they receive, control their own created data and could remove anonymity options from the Internet. The trusted computing methods require a next generation processor, which could be designed by AMD or Intel, as both have stated they will integrate trusted computing into future processors, which protects memory and data from hardware on the chip. This could, potentially, make methods such as DeCSS and other cracking of encryption and DRM physically impossible, as it would require overrides on the hardware level, rather than a software modification. In the first version of trusted computing, tested by Microsoft, it was possible to delete pirate software remotely, due to remote detection. This could also be used to blacklist data from, say, Office 2000 in Office 2006, forcing the user to upgrade rather than being able to use old software. This could also require remote-activation, secured on a hardware level, and the operating system requiring said hardware, making piracy physically impossible. Microsoft claims that trusted computing won’t suddenly stop anything from working, but the long term goals are to prevent piracy and removal of protection methods.
This method of protection will work with a chip on the CPU, known as a Nexus chip. This chip will be implemented onto the motherboard, and communicates with a feature in the CPU to prevent memory access from one program to another’s area of memory, a bridge in the operating system kernel, known as the Nexus, and individual application security components (NCAs). This will all produce information and communicate with on-line security servers maintained by both hardware and software vendors, removing authorisation capabilities from the users machine. This memory protection means that DVD players could prevent their area of memory, used to actually play the DVD, from allowing external access to rippers to obtain the content. Trusted computing, in a privative form, is already available in Windows Server 2003, for protecting confidential documents and automatic document destruction.
The long-term effects and, some might say, goals of trusted computing are darker than they might at first appear. Many, including Microsoft and Sony, would claim they are just trying to prevent their copyrights being broken. “Trusted computing can be turned off!” they may say. However, as a user of an alternate operating system, trusted computing could may well affect me in negative ways. Due to the requirement of most of my software to be open source, potentially, my computer no longer would be able to digitally create MP3s or videos, and I could be unable to open trusted computing protected documents. If studying at a university that protected their course materials in this way, this could force me to use a Microsoft operating system in order to do my work. Also, the music industry, due to the huge force and costs behind DRM, could well see smaller, independent record labels die out, unable to afford to protect their media. This type of protection undermines the GPL and other open source products. IBM and HP have already started work on a TC-enhanced version of Linux, but this code may need to be propriety, and therefore may need to cost money to use.
“Trusted computing” is a deceptive title. It moves the trust of computing from the administrator to the developers of software and to the owners of media. This requires a radically different approach in operating system design, as at all levels, from hardware to memory management to software, everything must be managed and authenticated by a third party, potentially crippling the system if and when this authentication suffers from bugs or is not available. It also poses dire consequences for kernel hackers everywhere, and people who use operating systems such as Linux and like modifying the deepest internals of there systems to work the way that they want.
The future of DRM is clouded, but it seems almost inevitable that it will feature heavily on future Microsoft operating systems. However, many users who value freedom of data and fair use of software and media, especially those who currently use Linux due to these freedoms, are unlikely to lie down and take the new measures without a fight. Whether this fight is fought by cracking protections, hacking servers, boycotting Microsoft in favour of Linux or other operating systems, or taking legal action under “Fair Use” law, remains to be seen, but, personally, I will not simply accept the new DRM measures forced upon us, and if I can help others through programming for the Linux operating system to obtain a system that allows these freedoms, I will.