HDCP hack confirmed

DRM Intel officials did their best last night to downplay the potential impact of the breach of HDCP copy protection even as they confirmed that the purported master key that appeared on several web sites earlier this week is in fact the genuine article.

“We can use it to generate valid device keys that do interoperate with the (High-bandwidth Digital Content Protection) protocol,” an Intel spokesman told CNET Thursday. Using the master key, it would be possible to build a device that could play, decrypt and potentially record copy-protected HD content. But as a practical matter, the spokesman said, “that’s a difficult and costly thing to do,” because it would require fabbing chips .

“We believe that this technology will remain effective,” the spokesman said. “There’s a large install base of licensed devices including several hundred licensees that will continue to use it and in any case, were a (circumvention) device to appear that attempts to take advantage of this particular hack there are legal remedies, particularly under the DMCA (Digital Millennium Copyright Act).”

That last bit seems optimistic. The law may be on the industry’s side but it’s a lumbering giant in the fast-moving world of hackers and Warez groups. Moreover, once someone designs a dummy HDMI chip using the master key, some hungry fabricator somewhere in the world will recognize the potential market when it sees it and start turning cranking out the necessary silicon to “mod” existing devices, or to fashion HDCP-ripper black boxes.

In any case, the risk alone may be enough to alter studio calculus. Studio plans to introduce movies in a new, pre-Blu-ray HD VOD window, which have been in the works for at least two years, are premised on the integrity of HDCP. Without that assurance, the studios and their profit-participant partners are likely to conclude that too much downstream revenue would be put at risk by going ahead with those plans.

Longer term, the hack has now substantially increased the risk for the studios from the FCC’s ongoing efforts to stimulate the market for network-agnostic, retail set-top boxes by mandating a new type of digital home gateway designed to allow consumers to connect any navigation device to any service provider’s network. While the FCC’s NOI for the proposal contemplates the use of DTCP-IP (Digital Transmission Copy Protection over IP) to secure content at the gateway, HDCP would still be likely to play a critical role in any content distribution business model to ensure content moves securely between devices downstream from the gateway.

In comments to the FCC on the proposal the MPAA has already expressed concern that “the Commission appears to assert that device manufacturers should be able to develop and introduce innovative navigation devices without the need to consult with MVPDs  or sign ‘restrictive’ license agreements,” by which it means accepting design restrictions on outputs and ensuring that digital outputs are protected:

Content suppliers today enter into private bilateral agreements with MVPDs to license their content for distribution on MVPD platforms. These bilateral agreements set forth the terms under which content is made available, including terms concerning content security. MVPDs give effect to these obligations through either direct contractual relationships with consumer electronics manufacturers or similar arrangements through industry standards bodies, which in turn approve technologies to protect content downstream within the home environment. The chain of privity in this ecosystem is essential to ensure consistent content presentation, and to protect MVPD content from theft and unauthorized redistribution.

In other words, the MPAA is already concerned that the FCC’s AllVid proposal opens the door to black boxes that are not subject to industry-standard licensing rules on protecting content as it moves between and among digital devices. Now, with the real threat that black boxes or mod kits designed specifically to rip HDCP-protected content will be floating around, with no technical, contractual or practical means to prevent their use the studios’ concerns over the AllVid proposal will only be heightened.

So, at a time when Hollywood is in desperate need of new revenue streams to replace plunging sales of physical media, the studios could find themselves paralyzed, at least until they see how this will really play out. In that sense, the damage has already been done.

Further reading:

HDCP Antipiracy Leak Opens Doors for Black Boxes

Intel Confirms HDCP Master Key Is Out