Vista and Digital Rights Management (DRM)

[Lawrence]

A forensic computer investigator told me at a conference this week that Vista has DRM built into it; that it automatically reports all media files played on the system to the RIAA. He claimed Microsoft received millions from the RIAA in order to install this aspect of the software. You cannot turn it off, and it runs silently in the background so that you don't even know it is happening.

I would dismiss it as just another anti-Microsoft rumor/conspiracy theory, but he is a reliable source. The problem is that I would suspect it would produce such a massive amount of data (MILLIONS of users, playing thousands of media files, each) that even the RIAA would not be able to do much with it, but perhaps I underestimate the efficiency of their searching and database software.

Has anyone else heard of Vista incorporating secret DRM reporting?

Edit: the only thing I've found so far pertains to prophylactic DRM measures that hackers can take advantage of. See the quoted sources below.

[Toon Town Dave]

I have not read of any evidence supporting that claim.

I'm a CISSP and generally follow what the real security researchers are up to. Something like that would have hit one of the mailing lists, blogs or conferences if it were true.

[OneTrueDabe]

I would dismiss it as just another anti-Microsoft rumor/conspiracy theory

Wow, FUD being pushed back *AT* Microsoft! I like it...

Seriously, though, ever since the iTunes Music Store started offering all of EMI's collection DRM-Free, I've only bought their "iTunes Plus" songs.

I also see Universal is going a similar route (but bypassing iTMS -- a Bad Idea, IMHO)

On a related note, what do people think of recording the "Music Choice" or "Urge" cable channels? Is that despicible, or is it a legitimate way of gathering music?

[kitkat]

On a related note, what do people think of recording the "Music Choice" or "Urge" cable channels? Is that despicible, or is it a legitimate way of gathering music?

You mean because you paid for the cable service, rather than recording something free?

[OneTrueDabe]

You mean because you paid for the cable service, rather than recording something free?

Sure.

How different is it from recording [Rob Bamberger's excellent] Hot Jazz Saturday Night on our local NPR station?

[Lawrence]

From Wikepedia:

Microsoft's Windows Vista contains a DRM system called the Protected Media Path, which contains the Protected Video Path (PVP). PVP can prevent protected content from playing while unsigned software is running in order to prevent the unsigned software from accessing the protected content. Additionally, PVP can encrypt information during transmission to the monitor or the graphics card, which prevents unauthorized methods of video recording.

From a pre-Vista-release DRM Blog (May 2006):

There are many reasons that drivers in Vista are going to be different than other Windows, but it boils down to Microsoft completely reworking the window manager and window rendering subsystem. In one way this is a good thing. It should help prevent non-responsive applications from locking up the entire system and causing reboot situations. However, as with all things we report on DRM Blog, there is DRM lurking just under the surface. In this instance the DRM's name is Output Protection Management (OPM).

Its amazing how complicated things seem when you use acronyms instead of the actual words to describe something. OPM is an umbrella term that includes PVP, PAP, PVP-UAB, SAP, and PUMA. No problem right?

* PVP - Protected Video Path
* PAP - Protected Audio Path
* PVP-UAB - PVP User-Accessible Bus
* SAP - Secure Audio Path
* PUMA - Protected User Mode Audio


Now you should see that all these acronyms actually are all under the umbrella term DRM. I will not go into detail about these technologies, but will simply point out that they will all affect your "Vista Experience" if you do not have compatible hardware.

It seems that Microsoft left a little information out with their published specifications. If you want your new Vista PC to partake in "premium content" then you must have a video card and driver combination that is PVP-OPM and PVP-UAB certified. At the 2005 WinHCE Microsoft handed out an interesting document that describes OPM in all its incarnations and what a video card vendor must do to be certified.

To get a certificate, a graphics card or GPU manufacturer will first have to sign a legal document (read contract) that specifies that the hardware or driver in question meets all of the specifications laid out in the "Compliance Rules" document. This compliance document is part of this legal contract. As it turns out, there is no testing done by Microsoft. It's an an honor system backed by a legal contract. "Content protection is about links in a chain" with each member of the PC industry being responsible "to protect premium content, to ensure that the content industry will trust its content to the PC". If a "valid report of content leakage occurs" then Microsoft will have no option but to "revoke the driver's ability to play high-level premium content". Microsoft claims that this is in the best interest for for hardware vendors and driver developers as this revocation process will "protect against actions that a content provider might take" if a leakage occurs.

The document goes on to say that the compliance rules also have a "Content Industry Agreement" for video hardware robustness and that certification can only be given to manufacturers who meet those rules. There could be several reasons for the content industry to require a certain amount of robustness in video hardware. However, the only logical one is that it will take a lot of horsepower to down sample high-definition video and audio on the fly. This is linked to the HDCP protection flag that we discussed in our last article.

Once again the consumer is the one paying for DRM and most people will never know about it. But the fun does not stop there. "If you are a graphics chip manufacturer", it is your responsibility as one of the trusted links in the PC chain to make sure that you are not selling your chips to any rogue elements who are going to make "hacker-friendly graphics boards". Logically, according to Microsoft, the easiest way to do this is to ensure that your GPU performs encryption in the chip itself. Apparently, it is also important that both the driver certificate and the private key both be "obfuscated". In fact, Microsoft has come up with an obfuscation tool that they use for their Certified Output Protection Protocol (COPP). It is assumed that the driver makers will use this same tool when obfuscating their key.

If this makes no sense to you, don't worry. The simple answer is that this is all part of Microsoft's Trustworthy Computing effort. If you look up the meaning of trustworthy computing you will find marketing terms such as security, privacy, reliability, and best business practices. Don't believe the hype. It just means that all the DRM now has a pretty ribbon wrapped around it with a good name. The only trust taking place here is between very large companies that want to sell you content, hardware, and software that violates your privacy, artificially inflates prices, and makes it illegal for you to tinker with.

I don't know whether any of this panned out (thus the thread), but I suspect these quotes hit on part of what they were talking about at my conference last week. It does not include the allegations of reporting potential DRM violations, but instead seems to be a prophylactic measure to prevent audio or video copying and editing, even for personal "fair use."

[Lawrence]

Here's a more recent source, noting not only the similarity of Vista's DRM measures to the 2005 Sony rootkit scandal that caused Sony so much flack, but also that the Vista DRM measures might create similar security issues as the Sony rootkit thing did.

It also contains a brief discussion of the ITunes-Vista incompatibility problems that I mentioned in another thread: not an outright "ITunes won't work on Vista," but bugs and problems that occur when you use ITunes and an IPod on Vista.

Introducing Windows Vista: Unprecedented Digital Restrictions for an Unsuspecting Populace

Windows Vista integrates many of the restrictions Sony's DRM rootkit directly into the operating system. One of the best analyses on the impacts of Vista's built-in DRM is by security expert and self-proclaimed professional paranoid, Peter Gutmann,iv who writes, “Windows Vista includes an extensive reworking of core OS elements in order to provide content protection for so-called 'premium content.' This incurs significant costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista, but the entire PC industry.”

Among the other “features” of Windows Vista that Gutmann explores are:

* disabling of hardware that is not approved by Microsoft – the idea being that you could use unapproved hardware to copy copyrighted material (even if this copying is legally protected by fair use laws);
* degrading the quality of audio/video to prevent capture through other devices – Gutmann mentions the incredible problem this poses for telemedicine practitioners hoping to share high-resolution scans/videos of, for example, your brain;
* making decisions for you (the end user) as to what media you can and cannot copy (regardless of your legal right to do so) – in essence, an operating system that, though extra-legal means, eliminated your rights as the purchaser of media.

The question many readers might be asking is whether these fears are hypothetical or whether these actions are actually being taken. As it turns out, not only are these problems being experienced, they are well known to the major companies and media providers. Windows Vista has already been found to refuse to play legally bought media and has had problems with “disabling hardware” like iPods to the point where they permanently cease to function – as the Apple website itself states, “Ejecting iPod from Windows Explorer or by using the 'Safely Remove Hardware' feature in Windows Vista may corrupt your iPod. Microsoft is working on a software update for Windows Vista which addresses this compatibility issue.”v A non-exhaustive list of known problems between Windows Vista's DRM and iPod/iTunes include:

* iTunes Store purchases may not play when upgrading to Windows Vista from Windows 2000 or XP;
* iPod models with the “Enable Disk Use” option turned off may be unable to update or restore iPod software, and make changes to iPod settings;
* iPod models configured to Auto Sync and have the “Enable Disk Use” option turned off may require being ejected and reconnected to resync;
* Ejecting an iPod from the Windows System Tray using the "Safely Remove Hardware" feature may corrupt your iPod;
* Cover Flow animation may be slower than expected;
* Contacts and calendars will not sync with iPod.

Not only does the Vista operating system infringe upon your legal rights, it detrimentally impacts other hardware you may wish to attach to your computer. Since a vast majority of new computer buyers have no choice except the Windows operating system, these issues will affect potentially millions of unsuspecting consumers in the months and years to come. Taken together, copyright law, DRM, and Windows Vista represent an insidious trifecta for expanding the commodification of personal activities and an unprecedented assault on fair use, privacy, and legally protected activities.

[GemZombie]

I wonder how any of you are running Vista?

I am, on multiple machines. To date DRM has not changed my usage of music at *all*. My MP3's still play, and the FBI has not busted down my door. I've been able to rip my CD's using the same software I used on XP

While I understand people's worries, and I share some of them, people have their panties bunched up a bit too tight on this issue. DRM doesn't hamper normal fair usage, and only presents a mild annoyance for the real pirates anyway.

[Lawrence]

I wonder how any of you are running Vista?

I am, on multiple machines. To date DRM has not changed my usage of music at *all*. My MP3's still play, and the FBI has not busted down my door. I've been able to rip my CD's using the same software I used on XP

While I understand people's worries, and I share some of them, people have their panties bunched up a bit too tight on this issue. DRM doesn't hamper normal fair usage, and only presents a mild annoyance for the real pirates anyway.

I am not running Vista, but need to get a new computer for my business and was wondering whether any of these concerns were legitimate. I also bought a Vista-compatible laptop before Vista came out and was wondering whether I should "upgrade" to Vista. That's why I'm asking for feedback.

I wear boxers, not panties , but I do feel uptight about this issue because over-zealous DRM protections HAVE impacted my fair usage quite a bit: but I only discovered the problem years later. One example you might have heard already: I recorded dozens of minidiscs--in real time--through my stereo from my own CDs and LPs back in the 90s before MP3 players (and widespread MP3 usage) even existed. Without carrying a minidisc player everywhere I go, they are now unusable. So I wanted to get them on my computer and legally convert these legal, personal-use compilations to MP3; but the Sony software for transferring music from minidiscs to a computer will only do so if the music came from that computer: an overzealous anti-piracy measure that greatly impedes "fair use." Because I personally recorded them in real time without a computer, I am screwed and would need to re-record them in real time, on an analog signal (degrading the quality even more), without automatic song indexing.

For similar reasons, I refuse to buy anything from ITunes because the 5-computer limit on many of the ITunes proprietary files will make them obsolete and unplayable in a few years after I upgrade computers a few times.

I thus want to make sure that the MP3s I legally create on a Vista system do not become non-transferrable; when I hear rumors to the contrary (from a reliable source, at that), I do freak out. I also want to make sure that my existing MP3s will work; and when I hear rumors to the contrary, I also freak out.

That said, I know you pay attention and I do trust your opinion on tech issues, so your feedback helps alleviate this concern.

Does anyone else have any experience or info?

[SoundInMotionDJ]

For similar reasons, I refuse to buy anything from ITunes because the 5-computer limit on many of the ITunes proprietary files will make them obsolete and unplayable in a few years after I upgrade computers a few times.

Computers can be de-authorized in iTunes, and will no longer count against the 5 computer limit. If you have 5 computers authorized, you can also choose (a limited number of times per year) to de-authorize all the computers on your account and pick 5 new computers.

There are other reasons you may want to avoid iTunes, but the 5 machine limit is not quite the show-stopper you describe.

I choose to immediately convert the songs from m4p to CD to mp3 - so I have no long term DRM issues with songs purchased from iTunes.

--Stan Graves

[Lawrence]

For similar reasons, I refuse to buy anything from ITunes because the 5-computer limit on many of the ITunes proprietary files will make them obsolete and unplayable in a few years after I upgrade computers a few times.

Computers can be de-authorized in iTunes, and will no longer count against the 5 computer limit. If you have 5 computers authorized, you can also choose (a limited number of times per year) to de-authorize all the computers on your account and pick 5 new computers.

There are other reasons you may want to avoid iTunes, but the 5 machine limit is not quite the show-stopper you describe.

I choose to immediately convert the songs from m4p to CD to mp3 - so I have no long term DRM issues with songs purchased from iTunes.

Good points, but 1) even if you can do it, the fact that you can "deauthorize" a computer is not well-known; at least I didn't know about it until you mentioned it, and I still don't know if you can do it after you dispose of the previous computer (You might be stuck if you neglect to do it). 2) It still places an unnecessary burden on the user, presuming criminality on completely innocent people, and placing the burdens of criminality on those completely innocent customers.

As for converting the files, 3) converting from one compressed format to another degrades the sound quality noticeably.

Granted, ITunes (and its proprietary format) appears to be doing just fine without my business. But that doesn't mean I need to like it.

[SoundInMotionDJ]

Good points, but 1) even if you can do it, the fact that you can "deauthorize" a computer is not well-known; at least I didn't know about it until you mentioned it, and I still don't know if you can do it after you dispose of the previous computer (You might be stuck if you neglect to do it).

De-authorization of a computer is a menu choice within iTunes that is akin to "Authorize this computer." How "well known" that is will be left to the individual reader. (I knew about it...)

The "reset" of all authorized computers is a bit harder to find. I found it when computer died, taking it's authorization to the great bit-bucket in the sky. The reset can only be done when you have 5 computers already authorized, and only a limited number of times per year. So, over time authorizations from "dead" computers can be retrieved.

So, you are not "stuck" if a computer dies - but it is less than convenient to recover the authorization (and appears to be by design).

2) It still places an unnecessary burden on the user, presuming criminality on completely innocent people, and placing the burdens of criminality on those completely innocent customers.

The "necessity" of that burden appears to be relative to the user. I don't find the burden to be more or less arduous than authorizing a new computer to play iTunes m4p music. Which I did not find to be more or less arduous than installing the iTunes software to begin with.

As for converting the files, 3) converting from one compressed format to another degrades the sound quality noticeably.

Actually it doesn't (or perhaps, it doesn't have to).

Direct conversion from compressed to compressed will typically result in a larger degree of loss than a conversion from compressed to uncompressed to compressed. The "uncompressed" format "fills in" the information with a best guess about what actually should go there. In many cases, that guess is very good. Having a "full range" signal allows many compression programs to do a better job when compared to having a compressed signal.

Most "direct" conversion tools that I have seen do something akin to "burn to [virtual] CD, then rip" to accomplish the conversion.

The 128kbps AAC format is roughly "equivalent" in quality to an mp3 that is between 160kbps and 192kbps, depending on the nature of the music that was compressed.

In blind tests, using my PA setup, listeners were unable to distinguish between compressed and uncompressed sources. In fact, the responses were often worse than guessing should have produced.

Granted, I'm "tricky" during the tests. For instance, I vary the volume of the songs (louder does not mean better quality - but it often gets votes for better quality...). After conducting these tests, I determined that I was pickier than average when it comes to my music collection.

That is not to say that iTunes is without flaws, or that compressed music in general is anything other than a set of compromises.

--Stan Graves

[Lawrence]

Although the merits and demerits of ITunes are worth discussing (and I do appreciate the insight), I really want to keep the thread about Vista and its DRM applications. The ITunes reference was merely to point out an example of why I consider any DRM that restricts fair use to be unacceptable, especially when it does it secretly and you only find out about it later. The point is not merely about whether the burden is too much of a hassle, it's a more fundamental point that the innocent user should not face ANY hurdles, no less hurdles that some users might not ever figure out. Even if there is an end-run around the ITunes or the minidisc examples I cited (and I am sure there is an end run around the minidisc example), the point is that I genuinely have been stymied by the minidisc experiment, and I had no idea about the end-run around the ITunes computer-authorization until you pointed it out. The burden of figuring these things out is just unacceptable.

Does Vista have secret DRM, and does it interfere with anyone's fair (or even "unfair") use so far? Or is it something that will crop up years from now, like the minidisc problem? Or is it all just another anti-Microsoft conspiracy theory that Microsoft might have once considered, but never actually materialized?

[SoundInMotionDJ]

The burden of figuring these things out is just unacceptable.

First, let me say that I have no first hand experience with Vista as I will be sticking with XP for the foreseeable future.

The burden of understanding new technology and how to use it to accomplish tasks that are of interest to you will continue to grow as digital technology grows in the makretplace. Figuring out DRM is no different than figuring out how to rip a CD to mp3, or figuring out how to configure an external sound card, or figuring out how to setup an account and post on a discussion board, or figuring out how to get e-mail on your blackberry. As technology evolves, you will either invest the time and energy to figure it out, or you will not.

It does appear that DRM is getting pushed back (iTunes is offering DRM-free songs for $1.29) and pushed forward (Vista incorporates more/better DRm controls) at the same time. Where the "final answer" will fall is to be determined.

DRM is not all bad. One of the ways that digital content will be made available for the PC is under the protections of DRM. Because there is DRM, I can watch full episodes of some of my favorite TV shows over the web - in case I miss an episode. That service would not exist without DRM.

As for "fair use" - DRM will remain at odds with fair use for the foreseeable future. It is not in the financial interests of the music industry to fully support your fair use rights. From their point of view you should buy a 45, then the cassette, then the CD, then the mp3, then the <whatever_comes-next>, etc. Paying one time and converting to whatever format you want is not a good financial model for them. "Fair use" might be your "right" under the law, but that does not mean that the copyright holder needs to make it easy for you.

5 years ago, DRM was barely on anyone's radar. 5 years from now the overall situation will be different than it is today.

If you truly feel that the burden of understanding the technology that you are trying to make use of is unacceptable, then perhaps sticking with CDs for the next several years makes the most sense for you and your situation. I view learning about the technology that I use as an investment in my understanding.

My advice is to determine how to keep your music DRM free as you go. That is the best way to ensure that you will have access to it in the future. .. Keeping in mind that my extensive collection of "mix tapes" from college are now un-playable as I no longer have a working tape player.

--Stan Graves

[GemZombie]

My point is, which I think some people might miss, that if you use MP3's today, you can continue using MP3's without any interference from Vista. DRM applies to formats that *use* DRM. MP3 does not. You can rip and play just as you did before... and since most of us use that scenerio, most of us have nothing to fear with Vista.

I have avoided iTunes for a variety of reasons, but DRM is a big one.

Also "Vista and DRM" is a bit misleading.... 90% of the DRM implementation is really just Windows Media Player 11. It's just that you need WMP to play most of the DRM-enabled files that are aimed towards Windows users.