I want to put data on a disk only for people to read and not for them to be
able to copy. I’d like to do this for email as well. How can I do this?
No, this question didn’t come from the MPAA, or the RIAA, but it certainly
seems like they’ve been asking the same question lately. How do you create
content, be it MP3’s, movies, or just random data for business purposes, that
can be used, but not copied.
That’s right, we’re talking copy-protection and digital rights management
here.
My opinion? It’s a lost cause.
Become a Patron of Ask Leo! and go ad-free!
I want to start by clarifying something: I am not
advocating piracy. Copying or downloading copyrighted material is stealing,
pure and simple, no matter what the technologies are involved.
As we’ll see in a second, I believe that attempts to thwart copying by
technological means are ultimately doomed to failure, and the business that
rely on mass sales of materials with the requirement that they cannot be
further copied need to start looking for a different business model.
•
The first thing we need to understand is that “reading” and “copying” are
really the same thing. Data on a disk is just that; data. Bits. In order to be
able to use the data, you need to be able to read the data from the disk.
Similarly, a copy operation is just reading data, and then writing it somewhere
else. If you prevent reading, you prevent copying, but you also prevent
use.
There have certainly been various technologies over the years that have
attempted, through hardware and/or software, to restrict who can read the data,
but ultimately they’ve failed.
What’s more common, and might point to a solution for your purposes, is not
to prevent the actual copying of data, but to restrict what can be done with
the data once it’s been copied.
A good example of this is that when you purchase an song from iTunes, the
file you download can be copied anywhere, as much as you want. I do this to
back up my iTunes library, for example. You just can’t use all of those copies.
Through what’s called “digital rights management”, the music is encrypted in
such a way that only iTunes is supposed to be able to decrypt and play the
music, and only if the machine it’s on is authorized to play it. In practice
this actually works very well. Apple allows you to pick up to 5 computers to
“authorize” for each download, and you can easily move the authorization from
one computer to another should you so desire.
But it’s not perfect. iTunes encryption has been hacked, and you can make
unprotected copies of the songs you download from iTunes. Illegal
unprotected copies.
In fact, the same is true for DVDs – the content is encrypted, supposedly
only decryptable by legitimate DVD players, but that too was quickly cracked.
Even as I write this the (incredibly complex) encryption used on HD-DVDs and
Blu-ray has reportedly been hacked.
intended for mass distribution but ultimately you can’t make it
impossible.”
As I expected it would.
The problem is that in order to be able to use something, you need
to somehow legitimately be able to decrypt and read it. That means that the
means for decrypting something must be present on the devices used to do so.
Ultimately that makes them discoverable, with enough effort.
And that’s really the bottom line. You can make it hard to copy and use
something that’s intended for mass distribution but ultimately you can’t make
it impossible.
Now, there are some possibilities depending on your particular situation,
who you trust, and who you’re attempting to protect your data from.
If you don’t trust the people who are legitimately using your data – well,
you’re pretty much screwed. That’s the position that the music and movie
industries are in, and as I’ve just described, you can see how well that’s been
working.
If you do trust the legitimate users of your data, though, there
are possibilities. The simplest is simply to encrypt the data with a password
that only you and they know. I’d use TrueCrypt for this. Or, if you like, use a public key encryption
scheme such as that in GnuPG – rather than
requiring knowledge of a password, it requires possession of
the appropriate key in order to access your data.
The trust required here is that your legitimate users won’t:
-
share the unencrypted data with people they should not
-
share the password or decryption key with people they should not
As for email, the same rules apply: anyone that can view an email can copy
it. Therefore if you don’t trust your recipients, you’re screwed. If you
do trust them, then an encrypted email solution is your best bet to
avoid others gaining access to the messages.
I can’t find it now, but this reminded of me of an emailed joke I saw a while back. It was something like, the text:
“At last! I have developed the perfect copy protection: this Word document can be read only by the intended recipient, and neither copied or distributed!”
…clearly displayed in MS Word in a *digital photo* of the screen, in jpg format.
In other words, you can never plug the ‘analogue hole’; and the RIAA’s attempt to do so through HDCP is, thankfully, doomed to complete and inevitable failure.
My most recent encounter with broken copy protection was on a game I purchased for my son. I installed it on my system, and it immediately crashed upon startup. I uninstalled/reinstalled it — same thing. I installed it on my son’s system — same thing.
I went to the manufacturer’s website to see if there was a patch available, only to find the user forum full of hundreds of complaints about the exact same thing — the game simply wouldn’t run, and crashed up startup.
The cause? The copy protection would crash on many systems. With no word of a solution/workaround/patch from the manufacturer, people started posting URLs of cracked versions of the game, just so that people who legitimately owned the game could play it with the illegal copy.
I just wanted to first say that I am not trying to shill or spam but my company actually has an email security software program that does exactly that. But our software doesn’t require a server which means the only two people involved in the email thread quite literally is the author and the recipient. Our software also prevents, editing, printing, screencapturing, and forwarding of emails. And we have an authentication feature where only the email addresses you specifiy as the recipient can decrypt the message.
Leo, I know you said that DRM is quite impossible and I can agree to a certain extent. If someone tries hard enough, I’m sure most encryption algorithms can be cracked but try out product and let us know what weaknesses you see. We would really appreciate the feedback and what we can do to improve it.
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
I’m almost certain I can screen capture and forward anything. And even
if technically disabled (which I believe I have a technique to work
around) — a digital camera can still work wonders these days.
The fact remains: if the recipient can see it, it can be copied.
Somehow.
Leo
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.6 (MingW32)
iD8DBQFF1h7wCMEe9B/8oqERAvmeAJ4oiiO1h31oZG3qmawDDfIMkDvp6gCfWBfa
1jIbuIRxYesKpqPBiCQff4Y=
=kxPh
—–END PGP SIGNATURE—–
ANYTHING that can be recorded visually or audibly can be copied.
A book can be photo copied or scanned and OCR’ed. A movie on a film reel can be camcordered in the theater. And if something’s been encrypted, once it’s been decrypted by the receiving party, you have to trust them not to misuse it or leave the decrypted copy laying around in a manner than can be duplicated.
There is only one way to ensure your greatest ideas are never copied… keep them to yourself (and make sure you don’t talk in your sleep). :-)
Hello, Leo,
What causes windows applications not to respond?
Microsoft should now hurry up and create much more solutions for windows applications when they do not respond sometimes. Do you agree with me?
Roberta:
see http://ask-leo.com/not_responding_what_does_it_mean_and_what_do_i_do_about_it.html
For future reference, this is the box to comment on this article, e.g. my comment above. The ‘ask your question’ searchbox is at the top right of the page.
Just so this post won’t be *completely* off-topic, one the basis that everyone likes a wikipedia link, http://en.wikipedia.org/wiki/Analog_hole
Google’s book search has a very nice feature which prevents copying.
Hello, Leo,
This is Roberta Gallant in Concord, New Hampshire, again. I have a problem in
the Add Or Remove Programs windows. Almost all the software programs I installed into my computer are missing from the Add Or Remove Programs list window? What should I do about this issue now?