Douglas Crockford




2022 Appearances





How JavaScript Works

Electric Communities


Flickr Photo Album



December 2005

Alice and Bob

Cryptography is the art of concealing the content of messages. Alice and Bob can exchange messages with confidence that Eve, who is able to see the messages, cannot understand their meaning. This is possible if Alice and Bob agree on a suitable encryption algorithm, and if they share a secret key that they can keep from Eve. This is called Private Key Cryptography, and it can be very effective.

But suppose that Alice and Bob were unable to exchange a key in advance? In that case they can use Public Key Cryptography. In Public Key Cryptography, keys come in two parts, a public key and a private key. Bob can make his public key known to everyone. Alice can use Bob's public key to encrypt a message for Bob. Only Bob is able to decrypt the message by using his secret private key.

DRM systems use cryptography in an extremely perverse way. In a DRM system, Alice wants Bob to get the message, but does not trust Bob to have the key, and does not even fully trust Bob with the message. So Alice instead trusts Bob's Set Bottom Box, which contains the shared secrets necessary for Alice to send messages to Bob. The Set Bottom Box is to keep Bob from learning the secrets. It also is intended to limit Bob's access to the decrypted message.

DRM systems are dependent on the idea that all Set Bottom Boxes can successfully protect their keys, presuming that hardware is secure. It turns out that it is not. It is surprisingly easy and inexpensive to liberate the keys from devices if you are in possession of the devices. The techniques available for breaking the secrets include timing analysis, glitching, simple and differential power analysis, DEMA/SEMA attacks, JTAG/SCAN attacks, software bug exploitation, hardware bug exploitation, and firmware modification.

Most people will not bother with these attacks, but neither are most people media pirates. DRM is sufficient to stop people who wouldn't bother, but will fail to stop determined infringers. It will block honest people from doing legal things, while allowing criminals to mass duplicate. It seems to me that DRM should allow honest people to do legal things, while preventing criminals from doing illegal things. But that is not what DRM does.

The Studios feel that anything is better than nothing. But sometimes, nothing is the best we can do.

Why Does RIAA Hate America?

In today's super polarized political environment, it seems that you are either in support of the Patriot Act or in support of the Terrorists.

On 2005-11-11 at the United States Chamber of Commerce conference on Intellectual Property theft in Washington, Stewart Abercrombie Baker (the new Assistant Secretary of Homeland Security (Policy)) reminded us that our computers are now an important part of our emergency communications network. He warned the Content Industry to stop attempting to compromise the security of our computers.

There's been a lot of publicity recently about tactics used in pursuing protection for music and DVD CDs in which questions have been raised about whether the protection measures install hidden files on peoples' computers that even the system administrators can't find. It's very important to remember that it's your intellectual property -- it's not your [the Content Industry's] computer. And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days.

He then went on to suggest that an avian flu outbreak here could be significantly worsened by an irresponsible DRM strategy. DRM makes Americans die. DRM is an Instrument of Terror.

He starts off well, but then gets nutty. But when things get super polarized, everything gets nutty.

Cecilia Gonzalez

RIAA (Recording Industry Association of America) has been suing individual music lovers as part of its terror campaign to stop internet filesharing. These cases exploit their recent changes to copyright law, changing the focus of the law from stopping evil publishers to punishing citizens.

This campaign could backfire if they took on someone who had clearly broken the law, but was not deserving of punishment. Someone like Cecilia Gonzalez. She is a native of Guanajuato, Mexico now living in Chicago. She could not afford RIAA's $3,500 settlement offer. She is a single mom. She has two kids. She is out of work. She just lost her appeal. She has been ordered to pay $22,500 ($750 each for 30 songs). The judges called her a thief and compared her to a shoplifter. This was an important win for RIAA because Gonzalez fought back.

Cases like this make you wonder Is the law wrong? And what would the law be if it were right?

For example, should the music industry be subject to product liability? If you buy a CD and the music sucks, should you have the right to return it? If a music company knowingly bundles a hot song with 10 other songs that it knows to be ultra crappy, has it committed fraud?

They have played fast and loose with the law. The pendulum may swing back.

The Next Small Thing

Just as HDTV is coming online, there is now lots of fuss about LDTV (Low Definition Television). The idea is to deliver video with small, portable devices. This will be a good thing for people who feel that they are unable to devote enough time to TV viewing at home. They will now be able to catch up on their stories while attending meetings or driving their cars.

Monday Night Football

As broadcast television continues to erode, the networks will increasingly attempt to move more of their presence into other media. A recent example is CBS making its who-cares sitcoms available for download on Yahoo!. A more significant example is Disney moving Monday Night Football from its ABC broadcast network to its ESPN cable network.

As broadcasting declines and cable and satellite and IPTV grow, ESPN has the reach of a broadcast network, greater if you consider that ESPN operates 8 channels. The networks cannot easily move to cable because their agreements with their affiliates keep them locked down, but they can and do operate cable networks, and we can expect more programming to migrate from broadcast to cable as broadcasting continues to die.