• Table of Contents
• Next Section

	TECHNOLOGY+ Head-Shots & Winning Combinations

There is no technological way to make illegal copying impossible. The ONLY effective deterrent to content counterfeiting is to remove the economic incentives on a title by title basis, with due diligence in every available area: laws, enforcement, technology, etc. The following discussion of technology is based on this axiom.

Security experts regularly remind their clients that there is no such thing as "complete security." Every security measure put in practice erects a hurdle or barrier to entry. Nothing more. If the cost of penetrating the security outweighs the value of getting in, only foolish perpetrators will attempt it. The owner must evaluate the liability of a break-in (potential losses/replacement costs) and determine a suitable spending level for security precautions. These truisms apply perfectly to data security. Deterrence works, and deterring greed works against the financially motivated.

A discussion of technologies to defeat home-copying and commercial piracy could be extended to several large books. All of these technologies have at least one Achilles' Heel and can be broken or otherwise stunted from maintaining their effectiveness beyond an all too short time span. One way to categorize such technological deterrents is according to where they occur: packaging, altering the disc itself, and altering the data stream. Some techniques belong in more than one category. A few well-known examples are:

• Microdots & other "invisible" images.
  These have been used both on packaging materials and the disc itself. High-end scanners used by counterfeiters are accurate to 7 microns, however, so these are routinely defeated.
  
• Holograms.
  The cost of making counterfeit holograms is rather high, yet a 1995 antipiracy bust confiscated 48,000 bootleg holograms. Imprinting a hologram on the disc's lead-in area has also been used.
  
• Serial numbers.
  Many in-line inkjet or laser-etched CD printing devices are equipped to serialize as an integral part of the manufacturing process; manufacturers make this available at added cost.
  
• Source identification.
  The best known are the SID or IFPI (International Federation of the Phonographic Industry) codes which identify the replicator as well as which machines pressed the disc. Any counterfeiter can make a mold with somebody else's IFPI-number on it.
  
• Data lead-in and/or lead-out area.
  CD-R drives don't copy lead-in data, and normally ignore the lead-out area, so home dubs would be immediately apparent. As with other "open real estate" on a disc, these empty spaces may be filled in a variety of clever ways. Albeit quality assurance must verify experimental techniques do not render discs unusable.
  
• Passwords.
  One technique buries the password within the disc so de-encryption is automatic yet most copies will not duplicate the password. Except for RSA (discussion below), most password-encryption is now considered inadequate to withstand a well-financed attack.

Although it was never really implemented, Sony made an interesting proposal to alter the tracking specs on their players so that special discs can be made on which the tracks wobbled too much to be readable on competitors' standard CD drives. While this would not deter pirates from buying a Sony player and then stealing the clean data stream off of it, it's a creative example of altering the disc itself. It's possible that companies such as Sony or others could come up with more sophisticated schemes in the future.

Copy protection generally concentrates on altering the data stream. The most commonly-implemented encryption/scrambling schemes, including Macrovision, are beyond the powers of the average consumer to break but get turned into mincemeat by experts in the field.⁷ A quote from a Hack Watch News article (on a previous generation of VideoCrypt smart card) applies to anti-counterfeiting technology in general: "Things will change over the next few months though if Sky [Rupert Murdoch's satellite news+ organization] brings out its new 0A card. Then the pirates may be defeated - for a while. However, the problem is that nobody is sure how long the new card will remain unhacked. The most important lesson that the DSS broadcasters could glean from the European experience is that the cards have to be changed every six months. Otherwise it is certain that they will be hacked." (copyright 1995 Hack Watch News, posted at <http://www.iol.ie/~kooltek/euroex.html>)

An exception to this pattern of rapid obsolescence is the RSA technique (the public key/private key system named after the initials of its inventors), which uses a string of prime numbers to create so large a number that it is mathematically prohibitive to factor. Bill Gates includes a nice summary of RSA on pp. 106-111 of his book The Road Ahead, including a 1993 example of a 129-digit number which was successfully factored although experts at one time believed so large a number to be unbreakable. Expert debate rages as to the size of number which would remain unfactorable in practice, but meanwhile RSA encryption works very nicely in principle. The principle, we might point out, is directly analogous to the advice of security people described a few paragraphs earlier: the number is always theoretically breakable but it can be made so large as to be too much trouble and expense to break.⁸

When most optical discs presently available to consumers are encrypted, it is with a single password usually available by phone (in return for a credit card charge, for example). This means that one purchaser can leak the password to the rest of the world by posting it online. In order to implement a technique such as effective RSA encryption on consumer discs, and prevent leaks, each disc (or small batches) would have to be highly individualized. This is of course feasible in government and secure corporate communications (hundreds of copies), but has not yet been implemented in the consumer market (millions of copies).

Although no copy protection technique will remain unbroken for very long, it is simply another prudent measure to take. Sophisticated members of the digital marketplace have learned not to rely too heavily on "vendors' claims". While vendors may think they are advocating a "zero tolerance attitude" they profit when anybody buys what they supply and do not take these matters to heart as much as they should. To pick just one example, manufacturers of Video CD drives should feel the same horror that content-creators do at the escalating bootleg title-base. But those manufacturers are mere bystanders and that horror does not really strike home (although they are sometimes owned by the same parent company as content-creators). Chris Cookson, Senior VP of Technical Operations for Warner Bros., has publicly stated: "The availability of counterfeit titles is helping drive sales of Video CD players in the Asian market."⁹ Even at the height of World War II, weapons manufacturers had a distressing willingness to supply either side of the conflict.

To return to the boxing analogy: Nothing slows down a strong opponent like repeated blows to the head. So none of these technological jabs defeat piracy, nor do the legal and enforcement jabs, but each of them is a head-shot that slows down the opponent. Heavyweight Champion Larry Holmes, discussing his jab, once said words to the effect of: "First I'm going to make him drunk and then I'm going to mug him." Winning combinations that really hurt pirates can only be put into action if these criminals are first jabbed off balance.

Another analogy that can be used is the police roadblock (see QUICK-TAKE below).

This roadblock or boxing content protection model reflects the state-of-the-art for 1996 (short of rethinking the whole technological approach). Unless every disc, every player, and every play of a disc can be tracked, this economic-disincentive strategy is the best that can be achieved. Like "The Club" in a car, it is likely to send criminals looking for something else to steal.

QUICK-TAKE

$$$ ECONOMIC DISINCENTIVES $$$
The only thing that stops pirates dead is financial risk. They don't want to spend money; they want to make money. Lucrative targets will always be attacked, but nobody knocks off give-away discs (such as those found in the back of books or magazines). A creative mix of different measures can raise the barrier-of-entry for illegal copying of any single title.

POLICE & JAIL SENTENCES
Even though few counterfeiters are ever seriously confronted by these, they do instinctively avoid them. Foreign governments must especially be encouraged to lean more heavily on malefactors within their borders. Every title-holder with valuable foreign distribution rights should try to make sure these deterrents are in place. Meanwhile countries with weak enforcement, like Kuwait and Russia, are probably to be avoided.

PUBLIC EXPOSURE & FINES
A successful pirate dreads exposure because it forces them to reorganize their phony paper trail. Like a gangster in prison, this stops them from running their organization so openly. Rich criminals can even afford huge fines, and there are very few huge fines levied in anti-counterfeiting. The consumer, on the other hand, hates the idea of any fines at all and they are a significant consumer threat.

"MORAL SUASION"
This cannot be omitted, no matter how flimsy it may seem. The past ten years have seen an enormous "sea-change" in American public opinion, and the global populace must be mobilized to care that the people who supply them with entertainment and information can recoup their investments. This is especially important for the protection of foreign title-holders in their local markets, who could be growing into big companies, generating thousands of jobs and significant tax revenues, were it not for being deprived of the commercial value of their work.

• Table of Contents
• Next Section

written April 1996 -- please send comments to veyr@primenet.com
© ZOOM TELEVISION, INC. 1996, all rights reserved