Comments on: DRM is passive and active

By: Nate Lawson

Nate Lawson — Mon, 22 Oct 2007 16:50:37 +0000

Well, it’s some kind of restriction, although it’s certainly not in the same class as something designed to be DRM from the beginning. It’s similar to people saying XOR with a constant is “encrypting the data” — nowhere near accurate. In that case, I call it “masking the data” since it is slightly transformed. So what’s the term for “unprotected, but with a couple speedbumps bolted on the side”?

By: Alun Jones

Alun Jones — Thu, 18 Oct 2007 18:03:20 +0000

Makes sense – type 2 is no DRM at all, in essence. Whether it’s a “broadcast flag” on television, or a CD with an executable root-kit, there are legitimate systems that won’t even see that the content should be protected, and the temptation to deal with that is to somehow outlaw such systems.
It’s effectively already happened – while multi-region DVD players are common and inexpensive in the UK, in the US, I find it difficult to find a player that is advertised as multi-region. While they’re clearly not illegal, the marketplace here has somehow been coerced into making them unavailable.
Maybe my proposed two types should be “DRM” and “not DRM” :)

By: Nate Lawson

Nate Lawson — Thu, 18 Oct 2007 15:38:45 +0000

Thanks for the reply. I see you used to work at Microsoft but don’t any more. Sorry for the mistake.

My main issue is that you picked two arbitrary DRM schemes and then defined a terminology based on them. I’ll call the two approaches “ProtectionX” and “Assassin” instead of “active” and “passive”, respectively.

1. Encrypted file + DRM client (“ProtectionX”): DRM client attempts to verify environment before decrypting file. Assumes file is encrypted with standard symmetric crypto so that it can’t be retrieved without at least one instance of DRM client.

2. Unprotected CD + autorun assassin software (“Assassin”): CD is unprotected 16 bit samples readable by standard consumer grade equipment. In one specific environment and configuration (Windows with autorun), the assassin program runs and attempts to interfere with any attempt to copy data.

What I’m trying to tell you is that your example of a file with a flag that says “do not copy” or a disc with autorun assassin software that is otherwise unprotected is a special case. It’s an attempt to retrofit some kind of client-side control onto a format that doesn’t already have it, not a type of pre-defined DRM.

No one, especially content producers, asks for an unprotected format and assumes they’ll bolt on something later. All you’re seeing is the fact that some formats made it out of the gate without protection (CD) or were weak and eventually broken (DVD-CSS). In those cases, some people make the effort to add optional “assassin” software, even if it only slows down some small percentage of users.

You and I both agree that this is ineffective, easily bypassed, and can interfere with legitimate use. But some companies have analyzed the cost/benefit tradeoff and based on that information continue to deploy this approach rather than accept the alternative (do nothing).

Side note: the reason why this subject is particularly important to me is that some people are already using the concepts “active” and “passive” in terms of DRM. The claim is that crypto-based systems (i.e., AACS) are “passive” and software protection (i.e., BD+) are “active”. This is nonsense since you have to consider the software that decrypts the disc part of the system, and thus there are no true “passive” systems.

By: Alun Jones

Alun Jones — Tue, 16 Oct 2007 03:49:53 +0000

I’ve obviously failed to communicate a number of things:
1. I am not “of Microsoft” by any means.
2. I am fully aware that in any DRM system, there is an ‘active’ and a ‘passive’ component.
3. My attempt to give names to different types of DRM refer to whether the content is securely protected when it’s just laying there (“passive”), or whether it’s only protected when you’re running the DRM component (“active”).
So, if you encrypt a file, and hand me the encrypted bits on a disk, that’s what I would call “passive DRM”, because its protection does not require me to be running the DRM client code. Only its unlocking requires me to run the DRM client code (or a reasonable facsimile thereof) and get a key. Killing the DRM client code restores the protection – it has “defence in death”.
If, on the other hand, you place the file unencrypted on the disk, but expect my file reader to obey a flag in the file’s header to not display it, then that’s what I would call “Active DRM”, because the protection requires that the DRM client code is active. Killing the DRM client code removes the protection.
That latter kind of DRM can only function in an environment where users can be prevented from _not_ running the DRM client code. This is why you see irritating (and sometimes successful) attempts by various content producers to pass legislation that prevents users from choosing what software to run – or not run – on their own machines.
Sure, you can say that there’s a continuum between these two extremes – and that the fact that “passive DRM” requires a key to be given to the client certainly makes it possible to hack – but I think the distinction is worth making.
So, now that I’ve further explained myself, do you agree with me that there is a valid distinction between the two types of protection? Are we simply quibbling about names?