The Piracy Challenge of our age
MED Profile (from Macmillan's MED Magazine)
In this
series we will profile people and companies that work with us on
producing our print, electronic and online dictionaries. In the first
article, you can read about Link Data Security, the company which
developed the copy protection for the award-winning Macmillan English
Dictionary CD-ROM. By Hans Pedersen:
Link Data Security – the beginnings
The world has always hosted a
mix of
innovators and imitators – innovators having personal satisfaction,
artistic ambitions or simply money as the driving force. War, too, has
always been a huge driving force. Besides giving us machines that can
kill human beings in incredible numbers in the shortest possible time,
innovators have also pushed encryption and deciphering of codes which
guard or reveal secret messages. Computer development was greatly
accelerated during the World War II Enigma deciphering project in the
UK. (Incidentally, the project was also called 'the Bombe', and in
itself a copy of the Polish 'Bomba' machine.)
Innovators have
always had problems getting decent compensation for their creative
efforts, but in the old days, at least, the original manufacturer had
some advantages. On the one hand, quality loss occurred during attempts
of copying the production. On the other, physical production costs were
low due to mass production. As a result, it was too expensive for
others to start a small production run.
In today's digital
distribution neither of these hold true. While traditional films,
pictures and books could be copied, the quality would always be
degraded due to their analogue nature. A digital copy is never
identical to the original, but in the digital binary world "close to 0"
is the same as 0 and "close to 1" is 1. So a digital copy is as good as
the original.
Even for a single digital copy, the production
cost is minimal. Traditionally, you could get some protection by
patents or other copyright legislation. But the headlong rush of our
age often means that a product's life span is shorter than a patent
cycle. To this, add globalization, where the offender distributing your
product over the internet may be located on a small island in the
Pacific.
All this explains why most publishers today use, or at
least strongly consider, technical means of preventing unauthorized
access, which is referred to as licensing or copy protection. You will
find copy protection on all games, most software packages and even on
Microsoft's operating systems. It simply creates higher revenue,
resulting in better products at a more competitive price.
Link Data Security – the beginnings:
Link Data
Security produces the CD-Cops protection used by Macmillan on its
electronic dictionaries since 2002. We realized the need for protection
ourselves way back when our debugger program for the Swedish ABC80 CP/M
computer was massively pirated due to the lack of an efficient copy
protection system. (For those not familiar with CP/M, it was the
dominant operating system in the late 1970s before DOS took over.)
Diskette-based
protection in those days was of poor quality, so we built a diskette
protection system to guard our next product, a DOS program that could
convert all sorts of CP/M diskette formats. Our fortune was made by a
Danish magazine written by someone with special copying equipment from
the Far East – a bit-copier that could clone any diskette. This machine
had two drives built together, the speed digitally controlled by the
same quartz crystal. It was able to throw 100,000 bits/track over to
the copy diskette and ensure that no bits were missing or overwritten.
After some work, we were able to defeat this monster and get publicity
– also internationally.
Lotus 1-2-3 used our protection system
for many
years to guard their famous spreadsheet that had been pirated a lot.
For instance the 1-2-3 was used all over Russia in the mid 1980s. All
they ever sold were five copies or something of that order! The Lotus
cooperation started when they launched their Arabic version. The local
dealers demanded protection — and not just any protection — before they
would stock the product.
Marketing is always tricky. The Lotus
contact came by way of a technical wizard in Bahrain. A casual remark
to the Prince of Bahrain caused an immediate exchange of 300 PCs in the
administration from IBM to Compaq. A customer from Germany learned
about our product from a software shop in a tiny village in India. They
had all the software in the world for sale, but only one original
package. When asked why, the Indian contact said they couldn't copy the
protection. In Russia, newspapers and TV stations helped us by warning
against non-functional copies of an expensive language program from the
USA. A pirate factory had made 10,000 CDs with the booklet, CD code and
everything. The only problem was that they didn't work; the CD code did
not match the glass master.
Marketing in Spain did not go as
planned. We had a very active distributor that spread thousands of free
demo diskettes trying to create sales for us. This diskette could be
used to produce ten real protected key diskettes with protected
programs on them. We were thankful for the distributor until we learned
that he was selling the diskettes for $20 each.
Copy protection is supposed to
earn you more
money by making it impossible or very difficult to make pirate copies,
at least on a commercial basis. A milder form is called copy
discouragement. Here a mix of simple technologies and psychological
tricks (such as a seemingly individual number popping up on the user's
screen when the product is run) discourage normal users from making
copies. We have seen examples where all users got the same code, but it
probably still had some effect on piracy.
With freedom comes
responsibility, and with protection comes restrictions. After all, that
is what the protection is about: restricting access. The legal user,
however, doing his daily routine jobs, should not be hindered. This
requires a fine balance. Given the huge amount of piracy present, it is
in the interest of the legal customer to avoid paying for too many
cheaters. The greater the number of users that actually pay for the
product, the lower the price and the more resources can go into the
development, maintenance and support of the product. By analogy,
widespread cheating in tax payments means reduced income for the
country and, as a result, we all get poorer. It is the same with
piracy, even if the producer is a private company.
How can
anyone judge how much piracy there is, or even know if any of the
pirates would ever consider buying the product? To answer these
questions, many producers have tried releasing two similar products,
with only one being copy protected. Provided the protection is
efficient and works well for the legal user, in most cases the
registered sale has been much higher for the protected version.
See also "Why protect?".
To
handle end-user support, CD-Cops has introduced web-based automatic
internet support. Besides giving fast help to users, it has also given
a clear picture of the amount of hacking efforts. Our AutoSupport
statistics show a massive number of piracy attempts. Four out of five
users do not give their email address, almost exclusively due to
piracy. Three out of four of those with an email address hold pirated
copies and CD-ROM emulators.
There is also massive organized
piracy in Russia and the Far East, where factories send out an
incredible amount of cheap, almost identical copied products. We have
conducted a lot of business in China and have visited the gigantic
warehouses containing cheap software. Known and original software
packages are sold 10 times cheaper than anywhere else due to high
expectations for the rapidly expanding market. Even so, on the black
market right outside, you can get almost identical products for less
than a dollar.
You might wonder why nobody
has been able to copy
the secret CD-Cops token that makes the original CD-ROM work? Well, the
answer is simple: there is none. Instead the uniqueness any pressing
facility naturally leaves on the media is measured. As a bullet can be
traced back to the gun that fired it, or a written page to the
typewriter it came from. Since PCs cover a wide range of combinations
of all sorts of hardware and software, it is no trivial task to ensure
precise measurement on every conceivable PC. On top of that, consider
that CDs get scratched or smudged. We invented the CD-Cops technology
in 1996 and have been refining it ever since.
Creating
copy protection is not only a technical job; it also requires some
political work. Even the best protection will be hacked if the physical
quantity of protection is not up to the job. For instance, protecting
high profile games should not be done with the same standard system
used for a dictionary CD-ROM. Different customers should not have the
same system or the same keys.
It is an important task to use the
right ammunition and to find the right level of protection which is
enough to do the job without restricting the legal user too much.
Making the wrong political decisions can be fatal. Our main competitor
in China introduced a policy of giving customers their money back if
the protection was broken within a certain period of time. The result
was that customers sent the protected items to us and others for
cracking. A word of advice: never encourage or motivate your customer
to defeat your protection system.
In the security business you
need to be humble –
you're not the only smart guy out there. The Japanese army believed
they had an unbreakable code, and for that reason they did not change
it throughout World War II. This was fortunate for the Allies because
the code had actually been broken long ago.
The German Enigma
machine had so many combinations that it too was believed to be
unbreakable. Two things made it possible to crack it: the building of a
computer-like machine to try out many more possibilities than foreseen,
plus a fatal bug: a letter could be coded to any other letter, but not
to itself. By guessing a large phrase or sentence that would appear
somewhere in the document it was possible to find the place by looking
for an area with no character matches in the encrypted text. Now a
so-called "known plaintext" attack could be made. It is much easier to
crack a code if you know both the encrypted and the coded version.
So
nothing is unbreakable. Still the right amount of protection helps.
Even though you know a determined burglar can always get in, you do
lock your door when you leave your home, don't you?