Some Observation about Internet2, DRM and Personal Privacy
(by Andreas Schiffler, IC-Agency)
Some reports say that the routers of the upcoming Internet2 will execute a new generation of Digital Rights Management (DRM). Others claim that Internet2¹s routing protocol IPv6 can easier identify and locate P2P file sharers (they call it "identity and access management"). So, should we be concerned that our personal privacy is going to be under attack and DRM will rule our media world?
Let's have a quick look at the glossary entry for "digital rights management" (DRM) on Microsoft's site:
"Any technology used to protect the interests of owners of content and services (such as copyright owners). Typically, authorized recipients or users must acquire a license in order to consume the protected material—files, music, movies—according to the rights or business rules set by the content owner."
There are the two named components for DRM in this definition:
1. the material must be protected
2. the recipient must be authorized
The first part is easy to explain. An encryption algorithm is used to scramble the bits. One needs to know/have the key to unscramble the data. Once scrambled however, nobody - not even an I2 router - can know what the content is unless it is at least partially decrypted. Actually the last statement isn't entirely correct ... an I2 router cannot unscramble the data IF the sender and the receiver have the choice of algorithm.
The second part is the core of DRM. It usually means that the recipient must have a sufficiently hard to break physical permanent key or a temporary key that is usually acquired via a network. There are variations on these schemes (key hierarchies, public keys, etc.) but it always boils down to a permanent-physical or temporary-dynamic key.
An example for type1 key distribution would be the current DVD encryption model (CSS) which is part of a software or inside a chip in a DVD player. Another good example of this will be the upcoming High-Bandwidth Digital Content Protection (HDCP) use which encrypts/decrypts digital video content flowing between players and PCs into screens. Again the core is a physical device with a key and algorithm inside.
An example for the type2 dynamic keys, would be the iTunes login. It generates a per-user key which is used to unlock the received content. This method is currently a favored approach by many - including Microsoft for its MediaPlayer DRM - as it allows the right to be remotely managed (i.e. revoked if necessary) and monitored. This feature is for example used to allow a user to "burn" an iTunes song onto a CD N-times from within the iTunes software. It also allows for extensive tracking of content use and typically requires a permanent network connection for content to be consumed.
The "permanent connectivity" is where we are headed in my view. Currently, we are dependent on power to consume digital content. Many devices require already a "back-haul" to enable digital content to be accessed. Satellite PPV in Canada and the US uses a phone call to retrieve the key. The cable companies already have a digital network to provide Internet services which can be used to unlock OnDemand PVR programming. So basically, we are heading into a world where we are dependent on connectivity to consume digital content. Currently, the HD distributors play down such a requirement for their HD-player hardware ("no it will never happen") without mentioning that this only applies to first generation HD content and future content might well require a network connection.
Of course Microsoft likes this very much as they are the provider for networked devices (Windows on the Desktop or Devices) and key-managers (Windows on the Server). That's why they were so avidly engaged in pushing their view for the new HD standard and formats like WMV.
Back to the Internet2 connection with this: Remember the first stipulation on decryption of the data - only if the protocol (or algorithm) is controlled and a standard, does I2 have a chance to snoop on the data flowing over it. So what implications does this have for the I2 control over content?
While an I2 routers primary job is to send data around, it could be used to filter data packets more efficiently. IPv6 has provisions to facilitate this more than the current IPv4 does through a larger address space and some special bits. Also the infrastructure is currently being designed. While the old ARPA Internet was build to "just work" and filtering was added more an afterthought, the new I2 hardware can be designed with particular filtering features right from the start. This is where the "encryption" of part 1 comes in ... there are several algorithms that provide more than one key to decrypt data. Such a secondary key could then be used to snoop in data that is considered safe. Again however this highly specific to the content being transported - so if I pull out my PGP program and encrypt a movie that I want to send to my friend using a 2048 AES scheme, no I2 router in the world will know that is transmitted. Of course my friend will have to get the key using good old sneaker-net ...
The more likely approach will be to hook into the second part of DRM ... the key exchanges. This is technically easier since keys are small and will also be required for many content accesses. While key management is typically the domain of the key-server, the I2 infrastructure could be used to track and filter key exchanges independent of the key-servers. Again, similar to the encryption snooping above, this requires that the key exchanges are standardized in some form so the I2 hardware knows what is being exchanged is a key. Again I could pull out my PGP program and encrypt my the key for my friend plus embed it into an image (steganography) and send it via email entitled "Fun Stuff". By the time the I2 router has find the key in the data, I am done watching the movie.
Now as for P2P control - this is an easy one. I2 will simply make is easier to control via better blocking capabilities down to the port level.
But there is a problem - the Internet providers. Currently most P2P and VoIP activity of home users is legally in the gray-zone. Most providers stipulate in their usage agreement document that running a server at home is forbidden (go check your contract). Sure enough, when I had more uploads one month than downloads, by provider Cogeco send me an email asking me to disable my "server" (I had just received some uploads from a friend). So why do they bother with metering and not just turn off my uploads. Fortunately for us, most data exchange programs including any P2P client and VoIP stuff like Skype are really little servers. Skype for example uses P2P technology and possibly YOUR PC (if it directly connected to the Internet) to connect two users behind NAT firewalls which would otherwise not be able to talk or send files. This is the staple of all providers - the way they make money and upsell you to the latest High-Speed service. In fact they are the group who are currently between the MPAA and - for example - Canadian P2P downloaders.
Again we hit I2 here ... because an Internet Provider is itself being provided by - you guessed it - the I2 network (in the future at least). So if the local provider isn't filtering, his upstream provider will. So if a local provider does not want to risk being shut down, filtering becomes possibly a necessity at the provider level. But there is one more factor: providers can lower their cost dramatically with I2 - their main cost right now is the per Gigabyte bandwidth charges to their upstream provider. I2 will not just make everything faster, but foremost lower the per Gig cost for local providers. This is a goldmine for the providers which will keep the prices high for the consumer (the carrot will be a doubling of speeds or bigger bandwidth allowance) - I foresee that they will embrace I2 and at the same time implement a more strict P2P filtering in the future. They can do that with I2, because they can afford to loose 10-20% of customers (the downloaders) and offset the losses through the lowering of bandwidth costs through I2. Makes perfect business sense ...
Where does this leave free information flow? I2 will certainly aid in the implementation of filtering mechanisms at all levels for good and not so good purposes. Future DRM will prevent "ripping" of content into non-DRM formats. The Internet community at large will always work around it (i.e. envision my PGP example above fully automated) - so at the moment, consider all current DVD material out thare available for sharing and all future HD stuff locked away. The I2 powers at work will always try to shut down "illegal activity" but at the same time play catch up with the current protocol of the day. The P2P downloaders will have to live with a reality of being tracked and lower efficiencies of their protocols (i.e. onion-routing). And remember, "never underestimate the bandwidth of a jumbo-jet full of floppy disks!"
A few months ago it was reported that "The recording industry (RIAA) and hollywood (MPAA) are keen on figuring out I2. They quickly sued students over i2hub." Note that there is nothing I2 specific in this, other than I2 was used to transfer bytes. Since the perceived damage goes up with download speeds which are very high on I2, it was of course targeted by the watchdogs right away.
All of this feels a bit "big-brothereske" - so, what can we do? I think there are a few things that actually might keep future I2 and DRM scenarios less monopolized. One is to promote open standards and to limit use of closed schemes. The idea of an "digital ecosystem" that is rich in open protocols is appealing. Maybe don't use Microsoft's WMV stuff if you don't have to. And don't get too used to the conveniences of DRM-embracing services like iTunes. Maybe stick with the good'ol DVD standard for now until the DRM wars on the HD front have proven to protect the consumer.
To finish off this article, I want to share a few "finds" related to "bandwidth management" on _todays_ internet. Interestingly enough, Canadas ISPs - which seemed relatively bening on the P2P front as compared to the US and European ISPs - are involved in some secret "network optimizations" of their own. Regadless of these developmens, I2 deployment will likely make it easier and more efficient for all players in the Internet infrastructure to "manage" (i.e. filter) traffic flows, sicne raw network filtering is really nothing new and protocol level proxying which puts your websurfing through _their_ servers is in common use already today.
Links: Limiting P2P
In the p2p arena, providers seem to cap bandwidth usage - on the forums, the talk was that the new residential VoIP service was impacted by heavy p2p users prompting a filtering of the p2p ports at these providers. Since almost all providers worldwide are having some VoIP plan, I expect to see this kind of restriction to become very common.
Shaw secretly limits BitTorrent uploads
Rogers Bit Torrent Cat & Mouse
Links: Limiting VoIP
Since VoIP is a new cash cow for ISPs and they control their networks, filtering the competition out of the datastream seems like a typical business trend. We'll have to see what the regulators have to say ... especially contentious, since most broadband connections are operated by the traditional Telcos which, while regulated heavily, seem to have a bigger stake than all to retain voice communication customers at all costs.
Cable Companies: We'll Kill VoIP
Links: Australian ISPs
Australian ISPs seems to keep a keep a layed back approach for now - but then a 10G cap is meager pickings (I get a 102G/month cap) which will probably not satisfy users in the years to come (its the bandwidth needed for a daily 1.5h VoIP call). Plus the p2p police is not far ...
Big three ISPs say peer-to-peer OK
Australian ISP raided in BitTorrent crackdown
Links: China's Firewall
Of course we enjoy still a relatively unobstructed dataflow compared to other countries. Interestingly enough, I2 might become more irrelevant for the bulk of users from China, as this massive country prepares its own Internet - likely complete with content filters integrated at every edge of the network infrastructure. With that in mind, Google's recent debacle on search filtering seems like a reasonable business decision to me after all. They face sineo-irrelevancy with a decade in my view anyhow.
Empirical Analysis of Internet Filtering in China
China Prepares to Launch Alternate Internet