http://www.inside.com/jcs/Story?article_id=25476&pod_id=13

Copy This! Can 'Military' Technology Beat Digital Piracy?
Roger Parloff

3/12/2001 6:6

A small Austin start-up run by intelligence community alums is parachuting
into the burgeoning,
post-Napster, copy-protection market with a remarkably thin, invisible
software product that claims
to offer nearly invincible armor for music, video, film and e-books alike.
But the most remarkable
part is, it fights back at would-be pirates.

''If you try to hack it, it destroys itself,'' explains company CEO George
Friedman. Hasta la vista,
John Perry Barlow!

Friedman's company, Infraworks Corporation, has its roots in the military,
where the operating
motto certainly has never been ''Information Wants to Be Free,'' but
something along the lines of
''Loose Lips Sink Ships.'' Infraworks is chaired by former Secretary of
Defense and National
Security Adviser Frank Carlucci, who also chairs The Carlyle Group merchant
bank and Nortel
Networks, the global communications firm. Friedman's own background is ''in
intelligence and
computer security,'' he says. The author of books on business intelligence
and the use of
technology in warfare, Friedman currently chairs the business intelligence
Web site Stratfor.com
(intelligence-speak for strategic forecasting).

Friedman first began grappling with digital-rights management problems, he
says, during Operation
Desert Storm, when the government feared that troops who received satellite
images on the
battlefield might forward them back home by e-mail as souvenirs. So the
problem was, Friedman
explains: ''Could we make (the image) sticky, so you couldn't do that? I
thought about it, working
on a solution for defense and intelligence purposes. Then I thought, that's
very nice, but Disney
pays more.''

In 1997 Friedman launched Infraworks, which soon began marketing a software
shredder -- a file
overwriter, really -- called Sanitizer. (It comes in two versions: one for
commercial uses and
another ''to meet military standards.'') But Infraworks is now beginning a
foray into copy protection
with an intriguing technology it calls InTether.

Evidently anticipating that his far-reaching claims about InTether might
strain credulity, Friedman
has obtained reports from two outside research groups -- the National
Software Testing
Laboratory in Conshohocken, Penn., and a more unusual body known as SPOCK --
generally
verifying that the software appears to behave as advertised. SPOCK, which
stands for Security
Proof-of-Concept Keystone, is a Department of Defense-sponsored consortium
which tests and
evaluates information-security technologies on behalf of 65 private security
firms and 19
government agencies.

The InTether system consists of a packager, used by the originator of a
file, and a receiver, used
by the recipient. The packager enables a publisher, record label, movie
studio -- or, for that matter,
a law firm, doctor's office, bank or anyone else who wants information
security -- to impose a set
of restrictions on almost any digital file. InTether, Friedman says, works
equally well with, for
instance, Word, Adobe Acrobat, Lotus or Excel documents, e-books, music,
video or
photographic files.

Using the packaging software, the originator can determine how many times
the recipient can view
or play the file; whether the recipient can alter it and send it to others;
the identity of permissible
recipients (determined by ID numbers and passwords); whether the file can be
printed freely, once,
or never; how long the file can be viewed or played (in hours and minutes);
the date on which the
file can first be opened; and the date on which, if the originator wishes,
the file will self-destruct
and vanish from the recipient's hard drive. (Version 2.0, one hopes, will
offer simulated smoke and
sizzling sounds for the full Mission: Impossible experience.)

To open an InTethered file, you need the InTether ''receiver.'' But that
software is so thin -- just 300
kilobytes -- that it can easily be sent along with the file itself.
Alternatively, it can be downloaded
from the Internet and installed in less than 15 minutes, according to
Infraworks and NSTL. (It took
me closer to five.) In contrast, to use Vivendi Universal's current
secure-music offering,
Bluematter -- which, of course, can currently be used for no purpose other
than listening to
Vivendi Universal music files -- the consumer must download about 6.5
megabytes of software
made by both Intertrust Technologies and Magex, a financial clearinghouse.
(It took me more
than a week to install the temperamental Magex software properly, including
three lengthy
customer service calls.)

Once the InTether receiver has been installed, you can open and use any
InTethered document
simply by accessing the application you would ordinarily use with such a
file -- Word, Excel,
RealJukebox, Windows Media Player, etc. From the perspective of the user,
the Infraworks
software is almost invisible, except that when viewing or playing an
InTethered document the
consumer will not be able to use certain commands -- typically, the
''copy,'' ''print,'' ''cut,'' ''paste''
and ''save as'' commands.

The InTether software can achieve these goals because it is ''basically an
add-on to the operating
system,'' Friedman explains. The receiver is anchored to the C drive, where
it cannot be moved or
copied, and it is ''cloaked'' to render it invisible to the Windows
operating system. (InTether
currently only works with Wintel machines, not Macs.) It also contains a
''vault,'' where InTethered
documents are stored. Although the InTether system does involve cryptography
-- InTethered files
are encrypted, and the receiver contains the key to decrypt them -- the
receiver does much more
than that. It places ''system-level controls on what you can do that are
persistent,'' Friedman says,
effectively overriding the operating system. It controls file operations and
manages the computer's
ports and devices in order to ''lock down'' files and disable the clipboard
and screen print functions.

For this reason, Friedman says, InTether can continue to protect files even
when they are open
and playing or being viewed on the computer -- the time when most
conventional encryption
schemes leave files vulnerable to theft. Accordingly, common screen-grabbers
or software
recording devices like Total Recorder -- which divert and copy music while
it is being played -- do
not work with InTether, according to Friedman. ''We're fairly deep in the
operating system,'' he
says, ''so we see what's going on and we either permit or deny it from
happening in relation ... to
the files under our control.''

But InTether's most intriguing features are those intended to rebuff
hackers. To begin with,
Friedman says, the system incorporates 11 layers of security defenses. ''All
have to be
successfully navigated'' in order to hack the system. ''But one piece does
nothing but check
continually the integrity of the other pieces,'' he says. ''If you could
disable a certain piece, within
milliseconds our system would know.''

At that point -- probably before, he says -- InTether begins taking counter
measures. One relatively
mild step, Friedman explains, is to force you to reboot your computer. Since
the fastest reboot is
about six minutes, he says, this defense alone creates a serious obstacle
for most automated,
so-called brute-force hacking tools, which ordinarily bombard a
digital-rights management
technology with 50,000 trial-and-error attacks per second. Forcing a
six-minute pause between
each attack ''shifts the advantage from the offense to the defense,''
Friedman maintains.

But if the hacker persists, and continues making ''aggressive'' attempts to
disable InTether's
defenses or pierce its vault, he'll get what Friedman calls ''the white
screen of death.'' His InTether
receiver, together with all the InTethered files stored inside it, will be
destroyed. Attacks ''would
have to be pretty aggressive and multiple'' in order to trigger the white
screen of death, Friedman
says, not so reassuringly.

In any event, a successful hack would not be irreversible, the way the
cracking of the DVD
scrambling system appears to have been. ''We expect it to be hacked,''
Friedman says, ''but it's
upgradeable. We expect to update the product regularly. We'll give customers
an upgraded
version, and the recipient has to upgrade. If he refuses, he can't open the
new data.''

Why in the world would you willingly install an InTether receiver on your
computer, given the way it
hobbles your control over your own computer? Because without it, you won't
be able to play or
view InTethered music, games, video, books or documents. (On the other hand,
if InTether does
spook you, you can uninstall it in seconds, using the standard Windows
Add/Remove function.)

My own very limited test run of the Infraworks system, using InTethered
Word, PDF, and plain text
documents, indicated that InTether did what it was supposed to do. Hardly a
technical
sophisticate, I attempted no hacks, and incurred no counterattacks. The
system did cause me
some temporary alarm, however. It turns out that when an InTethered file is
open -- say, a Word
document -- the user cannot copy, cut, paste, or print any other Word
document on his computer,
including those that have not been InTethered. That's because, Friedman
later explained, InTether
imposes restrictions at the application level. But once I closed the
InTethered file, the spell was
lifted, and all normal operations resumed.

In response to a detailed e-mail describing how InTether works, encryption
expert Bruce Schneier
responded dismissively, predicting in a sentence that InTether would fail.
Schneier, who is the
chief technology officer for Counterpane Internet Security, which provides
network security services
for businesses, appended a short essay of his, entitled, ''The Futility of
Digital Copy Prevention,''
which he apparently believes is sufficient to outline the inherent flaws of
all digital-rights
management technologies. ''Digital files cannot be made uncopyable, any more
than water can be
made not wet,'' Schneier proclaims in the essay. ''All digital copy
protection schemes can be
broken, and once they are, the breaks will be distributed -- law or no law.
Average users will be
able to download these tools from Web sites that the laws have no
jurisdiction over. Pirated digital
content will be generally available on the Web. Everyone will have access.''

Benighted though they may be, some corporate new-media executives appear to
be intrigued by
InTether. In the publishing arena, Time Inc., McGraw-Hill, R.R. Donnelley &
Sons and an
e-textbook company called ByteSizeBooks.com, are each evaluating it, they
confirm. (Though the
system allegedly works just as well with music, film and video, Friedman
says he is initially
focusing on the publishing industry and conventional commercial enterprises
with a need for
confidentiality -- i.e., banks, law firms and health care providers.)

Officials at ByteSize and McGraw-Hill both say they were especially drawn by
InTether's capacity
to protect every aspect of the multimedia e-books they are developing. ''You
can assign different
use permissions to the different forms of media contained within a book,''
says Mark Broussard,
president of ByteSize. You could, for instance, theoretically specify that
text could be freely
copied, while photos could be copied once, and audio and video could be
copied never. In addition,
InTether can be used to permit what Broussard calls ''molecular''
distribution -- i.e., readers can cut
out individual chapters from a book and lend them to others. The same
restrictions that apply to
the whole book would then transfer with the particular chapter. ''It's
really powerful,'' says
Broussard.

The hacker crowd may not be as thrilled by this whole development, of
course. On the other hand,
if they can put aside their initial horror at InTether's potential for
protecting intellectual property,
and focus instead on its exciting potential as a tool for enhancing private
and confidential
communications, they may reconsider. Using InTether's packaging and
receiving software, for
instance, a hacker gang like global hell, renowned for vandalizing Web
sites, could plot and
coordinate a hack attack -- to deface it with virtual graffiti, say, or
pillage it of passwords and credit
card numbers -- all the while secure in the knowledge that the electronic
correspondence among
gang-members could be rendered uncopyable, unprintable, unforwardable and
guaranteed to
self-destruct on or before the day of the attack.

Every digital cloud has a silver lining.

************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************