The Dawn of Hardware Hacking? By Jon Iverson March 25, 2001 — Savvy music fans willing to ignore the built-in copying restrictions on consumer-targeted CD recorders have always had their computer-based CD and DVD recorders and hard drives to play with, especially when it comes to manipulating MP3 files. Maybe not for much longer. A new content-protection approach is attempting to tighten the digital noose around the necks of PC users who have spent the last few years virtually unencumbered when it comes to—as Apple so succinctly puts it—rip, mix, burn.

Software-based techniques for controlling content have been appearing over the last several years; now, however, major computer parts suppliers say that they are preparing to integrate copy protection into computer hardware products such as storage devices, memory cards, and chips. IBM, Intel, Matsushita Electric, and Toshiba, members of the 4C Entity, have created a technology called CPRM (Content Protection for Recordable Media), which would be built into hardware products and used to control the use of tagged audio files.

If a content company encodes a CPRM tag into an audio track, CPRM-compliant hardware, such as a hard-disk or MP3 recorder, will then control how those files are used. According to 4C, "the CPRM specification was designed to meet the robustness and renewability requirements of content owners while balancing the implementation needs of both the consumer electronics and PC industries. To accomplish these requirements, the system defined by the specification relies on key management for interchangeable media, content encryption, and media-based renewability." Audiophiles may remember that the notorious watermarking technology from Verance, intended to protect content encoded for the DVD-Audio format, is also available for licensing at the 4C website.

Previous, software-based protection systems have always been highly susceptible to hacker attacks, but many feel that this new hardware approach will be much tougher for the average user to circumvent. Texas Instruments and Cirrus Logic have both begun to include copy-protection technology from InterTrust in some of their chips, and InterTrust's Olin Sibert points out that "this kind of architecture makes it possible to build applications where it's not feasible to modify or hack the software." Forrester Research's Eric Scheirer adds, "I think that in the grand scheme of things, the only way to make copy protections work is to invoke the hardware in a very integrated way."

Consumer rights advocates are clearly not pleased with the CPRM approach, with the Electronic Frontier Foundation's John Martilla remarking that "if they succeed in this, all of a sudden these industries have complete control over how the public does such things as backing up their music libraries." But to succeed, both music companies and hardware manufacturers need to agree on an industry-wide standard such as SDMI and implement it across the board—something many analysts say will be a tough sell.