Technologies for Digital Restrictions Management

In March 2005 I wrote about DRM and what it means for our freedom and now I decided to publish a more technical sequel. Back then I was outraged by the fact that Intel added a new DRM feature (DTCP-IP) to its dual-core processors. Why is that you may ask? Well … traditionally DRM means ways to restrict the use of copyrighted digital media content like music and movies. However, the DRM umbrella is broad enough so that it can cover any technology that can be used to control and restrict the use of “digital media” — computer software included. Having a DRM-enabled processor together with a DRM-enabled operating system could mean that:

  • only “blessed” (i.e. certified) applications will be allowed to run (supporters will motivate this my the need to stop viruses and worms)
  • encrypted documents can be opened only with the “blessed” Microsoft Office
  • Sites like MSN or can be accessed by the “blessed” IE7 and no other will be able to fake it (enforced through cryptographically strong digital signatures)
  • an application developer could enforce that his applications work under on a certain operation system with little chance for the users to fake it
  • projects like WINE and VMWARE will have to break/fake encryption keys to work and this will render them illegal in many parts of the world US included (DMCA)

Well, it is needless to say that this would mean a lot of money for the established monopolies like Microsoft and Intel and disaster for users and their freedom. Richard Stallman predicted this evolution several years ago in essays like: Can you trust your computer?:

“Treacherous computing puts the existence of free operating systems and free applications at risk, because you may not be able to run them at all. Some versions of treacherous computing would require the operating system to be specifically authorized by a particular company. Free operating systems could not be installed. Some versions of treacherous computing would require every program to be specifically authorized by the operating system developer. You could not run free applications on such a system. If you did figure out how, and told someone, that could be a crime.”

So these technologies are really going to happen, one little step at a time and DTCP-IP is one of these little steps. I will discuss next the DRM technologies that Intel has implemented so far and the technologies that are planned for the near future.


DTCP-IP (Digital Transmission Content Protection over Internet Protocol) is a specification developed by Intel, Toshiba, Hitachi, Sony, and Panasonic to protect copyrighted content that is transferred over digital interfaces in home networks. Digital content can be shared between devices in a user’s home only under the restrictions imposed by the copyright holder and cannot ce shared with third-parties outside the home network. Using an authentication scheme and content encryption, DTCP-IP limits the transfer of copyrighted content to “trusted” destinations and does not allow the content to be transmitted over the Internet unencrypted. Developed initially for protocols like Firewire (IEEE 1394) and USB 2.0, the specification was later extended to home networks that use the Internet Protocol (thus the -IP in the name).

The content is always kept digital and encrypted so (in theory) can only be decrypted if the receiving device is certified to handle content in a secure manner. My knowledge is that the early specifications (1999) used the Diffie Hellman algorithm for the digital signatures and a 56 bit M6 block cipher for content encryption (similar to the DVD encryption) but it is very possible that newer versions have more advanced encryption algorithms employed.

Some problems I see with DTCP-IP:

  • It imposes restrictions to the users and violates their fair use rights and the freedom to chose whether they want to use a certain technology or not (without being restricted access to the content)
  • Although DTCP-IP has some flexibility when it comes to the restrictions that can be applied (“Copy Free”, “Copy Once”, “Copy No More”, “Copy Never”) it is most likely that content suppliers will most often use “Copy Never”.
  • Every action other than viewing and copying (under the restrictions specified above) is not allowed although it might be legal under copyright law to perform such actions.
  • Even though copyright laws specify a time limit after which the copyright work becomes part of the public domain for anyone to use freely, DTCP-IP provides no mechanism to remove the copy control systems embedded into works once they enter the public domain, after the term of copyright expires
  • DTCP-IP is a patent encumbered specification and it would be very hard (is possible) to have free software implementations thereof without infringing those patents. Moreover, another problem would be obtaining the certificates and secret keys required by the DTCP-IP protocol. Maybe all these problems could be circumvented somehow, it is hard for me to tell as long as all the technical information concerning the DTCP is hidden. In order even to to see the DTCP-IP “standard” you must get a license from DTLA (Digital Transmission Licensing Administrator) that costs more than 10000$/year. Reverse engineering could also be used, but it is surely illegal in some places.

For (a little) more information about DTCP-IP follow these links: [1][2][3].


COPP (Certified Output Protection Protocol) is a proprietary mechanism developed by Microsoft for applying copy protection to video that is output by the graphics adapter. It is implemented in Windows Server 2003 with SP1 and later, and Windows XP with SP2 and later. I don’t know much about this, or other proprietary Microsoft technologies, but I do know that this is part of the “trustworthy computing” initiative at Microsoft.

For more information on the COPP see this.


HDCP (High-bandwidth Digital Content Protection) is a a specification developed by Intel to “protect” digital audio and video content as it travels across Digital Visual Interface (DVI) or High Definition Multimedia Interface (HDMI) connections. The HDCP specification is proprietary and implementation of HDCP requires a license from the Digital Content Protection LLC. In addition to paying fees, licensees must also agree to limit the usefulness and interoperability of their products by restricting outputs and lowering the quality of reproduction on some interfaces such as speaker cables. Licensees cannot allow their devices to make copies of content, and must design their products to “effectively frustrate attempts to defeat the content protection requirements.” HDCP has many known vulnerabilities but breaking it also means breaking the law (i.e. DMCA).

Despite its known flaws FCC approved HDCP as a “Digital Output Protection Technology” on August 4th, 2004. FCC regulations would have required digital output protection technologies on all digital outputs from HDTV signal demodulators as of July 1st, 2005. However, on May 06, 2005 in a unanimous decision, the DC Circuit Court of Appeals tossed out the broadcast flag, considering that the FCC rule that would have crippled digital television receivers.

On the 19th of January, 2005 the European Industry Association for Information Systems (EICTA) announced that HDCP is a required component of the European “HD Ready” Label.

For more information on HDCP see: [4][5][6][7][8][9]


CGMS-A (Copy Generation Management System for Analog) is a copy protection mechanism standardized by various organizations including IEC and EIA/CEA (IEC 61880, IEC 61880-2, EIA/CEA-608-B, CEA-805A). CGMS-A can be used in DVD-Video, D-VHS, DVD Recorders , Blu-ray Recorders and, most importation, digital broadcasts. If a couple of bits in a program’s CGMS-A settings are switched on, a supporting receiver (e.g. a Microsoft Media Center PC) will encrypt the program, making it unplayable on anything but the recording PC. HBO is currently encrypting all of its programs with CGMS-A. They allow you to “copy” a program that you record from their signal once. The trouble is that they consider that one-time copy to be recording the program onto your hard drive, not taking it from the hard drive to a DVD.

For more information on CGMS-A see: [10][11][12][13].

Linux and other free operating systems could hardly provide the ability to use these “cursed” technologies (i.e. technologies licensed under “reasonable, non-discriminatory terms”). The terms “reasonable and non-discriminatory” are the same ones Microsoft used to shut free operating systems out of several other markets. Now Intel and other hardware providers are all getting together and slamming the door on free software. Something must be done about this.

2 Responses to Technologies for Digital Restrictions Management

  1. This is a great website posting, I have learned a whole lot.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: