General	Audio-CD	Analog	Consoles	Storage	Obsolete
Ebook	Concepts	Software	Transmission

That isn't something anyone except the members of the RIAA should worry about--certainly not the artists, and certainly not the general public. Rather, this is a perfect example of capitalism in action. Just as the motor car replaced the horse and cart, so will the Internet replace most of the roles performed by today's recording industry." - Ian Clarke, Freenet

Concepts and definitions

This page doesn't describe actual copy protection technolgies, but explains some of the concepts involed. DRM can be a complicated field, espicially because many DRM features try to grant control that copyright law itsself doesn't, such as regioning systems.

Regioning	Regioning isn't a protection technology, but it is only possible with the aid of a DRM technology. The objective is simple. Set up some system to prevent content brought in one country being used in another. There are various reasons: Different prices in different countries Different cinema and DVD release dates in different counteries... ...so they can reuse cinema films (those things are very expensive) Selling cinema tickets, then selling the same person a DVD. Not possible if that person brought a cheap import. DVD is the most well-known regioned system, but there are others. PS2 and most other consoles are also regioned. Legally region systems probably violate free-trade laws but that doesn't mean anything until someone proves it in court. As DVD was released most studios claimed they would not use region protection when re-releaseing their old titles, because the DVD release would not conflict with the cinema release. Strangly they have never released a region-free DVD. Their re-releases were already available internationally on video and even on TV, so why region the DVDs? I have no idea, neither does anyone else, and the studios never mention it. A nice example of their paranoia. A protection system is available, they use it, even when there is no possible benefit to them. Some people see a conspiracy here. I just see stupidity. Regioning is used on DVDs and most games consoles.
Watermarks	Here Is a bit on how to remove them. It is only an introduction to a very complicated field. If you want to do it and consistantly have output files of higher quality than the stego-data, you need to read a lot of complicated math.
Renewability	This has to be one of the most misnamed technologys ever. From the name you would never guess this is a self-destruct system. Renewability describes any system where the protection technology can be either disabled or replaced remotely. The theory is that if a protection technology is broken it is possible to shut it down, sealing the hole. Consumers all upgrade their software or applience to a patched version, and everything is back to normal. Obviously consumers wont be pleased so its used spareingly. Another use is disabling everything built by one manufacturer if they dont pay the licence fees. The CPSA PDF file explains the situations where an appliance can be revoked (ie trashed), which include requests from the government, unpaying manufacturers, and broken technology. So politics is involved, and things can be disabled just because someone with a lot of money or political clout says so. DVDs have a basic form of renewability, but its only been used once because it would cause a PR problem and its easy enough to get round anyway. The only time its been used is to revoke the player which was used to get the CSS keys used to write DeCSS. DeCSS isn't affected by the revocation. Windows media player also supports renewability. Thats why you cant stop it checking for updates. The xbox has a renewability system, activated when connecting to the Xbox live gameing servers, which MS reprogramed to detect modchips and lock chiped boxes out of the online gameing system. Althrough renewability is bad publicity, and viral renewability like the CPSA is just asking to be exploited, its essential for revoking stolen or leaked keys, or at least nailing the door shut. Most DRM systems include renewability to some extent, althrough the implimentation can vary anywhere between a simple system for changeing keys to a hugely complicated system like the CPSA. Some people have suggested renewability might be used by companys as a weapon against competitors. They could find a hole in their competitors product so severe the renewability manager would have no choice except to revoke the device. Hackers could also use the technique to embaress manufacturers they dont like. Such things are not entirely unknown already: A while ago one sat TV company cracked and leaked keys for another companys system according to rumor, but nothing was ever proven.
Spoofing	Spoofing has three meanings: 1. One of the many techniques used by copyright holders to fight piracy, "spoofing" refers to the practice of flooding p2p networks with fake files, which can contain anything from three minutes of silence to the famous "what the f**k do you think your doing" madonna file. Looping a few seconds of music is also popular. Spoofing in this way is generially seen as annoying but acceptable, because it discourages piracy without affecting legitimate users. 2. Another, far less popular, practice is also called spoofing. Some sites, particually porn sites, attempt to advertise by putting bots on networks which respond to all searches by appending the search string to a filename containing adverts. ie you search for "matrix reloaded" and you get a hit for "matrix reloaded.wmv" which automaticially launches a full screen popup bomb of a porn site (with a fairly high probability the site will then play an embariseing background sound, espicially if there are other people in hearing range :-) 3. Finally, spoofing can refer to the practice of giveing files fake names. You download one song or movie, but get a completly different one. Contary to popular oppinion, these are not caused by copyright holders trying to annoy pirates. They wouldn't replace files with perfectly good but incorrectly labeled files. Its generially accepted now that while a few of these files are honest mistakes, quite a lot are created by obnoxious users (probably teenagers :-)) who just want to be annoying, or sometimes want to inflate their kazaa ranking. Another theory is that users downloading porn on a shared computer (home/office) rename their downloads to prevent others seeing. The solution is the same for dealing with any of these through. Use a verified link site to ensure the file you want is the one you download.
Wedge programs	This is a class of generic attack, similar to an analog hole. The princible of a wedge is simple. For most DRM systems, there exist one or more windows of opertunity between decryption and rendering where data can be intercepted either compressed or uncompressed. A wedge program is forced into one of these windows, like a wedge into a gap. One of the more popular forms of wedge program is a false sound card driver, which diverts all audio output to a wave file. Wedge attacks can be defended against, either through exemes of tamperproofing or trust-based systems such as SAP which refuse to output through unsigned drivers.
RIAA	Recording Industry Association of America. One of the most active anti-piracy groups, the RIAA can be quite fanatical, and doesn't care who gets in its way while its working. Members include almost every large label in the US, and a few CE companies as well. Althrough noone questions its devotion, its short-sighted techniques have made it a bit of a laughing stock. It is also famous for manipulateing numbers - particually in an incident where it claimed to have confiscated about 400 CD burners in a raid, but had actually only taken a fraction of that number, and multiplied by the average speed! The official website is at riaa.com. A boycott group is at boycott-riaa.com.
IFPI	The International Federation of the Phonographic Industry is essentially the international equivilent of the RIAA, but is nowhere near as active. The IFPI monitors piracy and produces statistics, and often raids conventional counterfit-pirates, but is almost inactive against internet piracy. Thats the RIAAs area.
MPAA	The movie equivilent of the RIAA, the Motion Picture Association of America keeps a much lower profile than its music equivilent but can be just as active. The MPAA has a reputation for "stealth" lobbying, manipulateing politics behind the scenes and with minimal publicity. What the public dont know they wont campaign against. This is how the DMCA was passed. Members include all major studios.
BSA	BSA: The Business Software Alliance is a group of software companies dedicated largely to fighting piracy, with some other activity. Microsoft seems to have a lot of influence. The BSA makes a minimal attempt to fight internet piracy, running enforcer bots, but has accepted that theres not much it can do and dedicates most of its resources to monitoring corporate licenses. They are infamous for their surprise audits, where a company is suddenly investigated with very little warning usually following a tip-off from an (anonymous) employee. This has fustrated many admins, espicially the types who dont keep detailed licenseing records, or keep them in untidy piles spread round several offices. Asside from this, the BSAs also produces piracy statistics in an annual report (which usually includes a short rant about China :-). The BSA has only one famous mistake. They once surveyed license infringeing companies to find the cause of these infringements, and found the vast majority of infringements were accidential, caused by admins who did not understand the complicated licenseing terms and would install an OEM license on another computer, or use an upgrade edition license without valid licenses for the previous editions. Rather than simplify licenseing terms, the BSA set up a course for techies to learn Legalese :-)
Dongles	Hardware-based protection, used mostly by very high-end programs. These are extremally secure, but expensive to impliment. The dongle is an external device which connects to the PC - newer versions by USB, older usually as pass-through parallel. The software simply checks if this device is attached. Not only does this prevent copying by anyone without hardware-manufacturing ability, but the dongle can also contain a tamperproofed real-time clock for licence expiration. Typicly, the dongle will be heavily referenced in software and authenticated cryptographicly to complicate any attempts to disable the dongle-check routines. The usual technique for breaking these is a skilled software crack, but due to the expense of manufacturing and distributing the devices very few home users will see this form of protection.