Copy Protection

Copy protection, also known as copy prevention or copy restriction, is any technical measure designed to prevent duplication of information. Copy protection is often emotionally debated, and is thought to sometimes infringe on some users' property rights: for example, the legal right to make a backup copy of a videotape they have purchased, to install and use computer software on multiple computers, or to upload their music into their digital audio player for easier access and listening.

Note on terminology

The media industries have always referred to the technology as copy protection. Opponents believe the term encourages people to identify with publishers who benefit from it, rather than the users who are restricted by it. Copy prevention and Copy control are neutral terms that are sometimes used instead. With some protection methods, "copy protection" is a misnomer because any number of copies can be made from an original and all of these copies will work, but only in one computer, or only with one dongle, or only with another device that cannot be easily copied.

The term is also often related to and/or confused with the concept of digital rights management. Digital rights management is a more general term because it includes all sort of management of works, including copy restrictions, but copy protection may include measures that are not digital. A more likely description to this is "technical protection measures" (TPM), which is often defined as the use of technological tools in order to restrict the use and/or access to a digital work. Using the scientific classification as an analogy, DRM is the genus, and TPM is the species.

Business rationale

Copy protection is most commonly found on videotapes, DVDs, computer software discs, video game discs and cartridges, and more recently, some audio CDs. Historically, most companies that publish works on these media have believed that copy protection will increase the company's revenues, by limiting the ability of the consumer to make copies of the media. In the absence of copy protection, most of these media are relatively easy to copy in their entirety using a machine (as opposed to photocopying each page of a book). This results in a situation where consumers can easily make copies of the items to give to their friends, a practice known as "casual copying". Because this practice reduces the number of people in the market who lack the product, it is therefore argued that the ease of copying such media robs the company of potential customers. The counter argument says that no sale is lost, because the people who obtain free copies only use what they can get for free, and therefore would not purchase their own copy if they were unable to obtain a free copy.

Some other publishers have avoided copy-protecting their products, on the theory that the resulting inconvenience to their users outweighs any benefit of frustrating "casual copying." No formal studies have been conducted which show a monetary benefit one way or the other.

The term copy protection refers to the technology used to attempt to frustrate copying, and not to the legal remedies available to publishers or authors whose copyrights are violated.

Technical challenges

From a technical standpoint, it would seem theoretically impossible to completely prevent users from making copies of the media they purchase, as long as a "writer" is available that can write to blank media. The basic technical fact is that all types of media require a "player"—a CD player, DVD player, videotape player, computer, or video game console. The player has to be able to read the media in order to display it to a human. In turn, then, logically, a player could be built that first reads the media, and then writes out an exact copy of what was read, to the same type of media, or perhaps to some other format, such as a file on a hard disk.

At a minimum, digital copy protection of most media is subject to the analog hole: regardless of any digital restrictions, if music can be heard by the human ear, it can also be recorded (at the very least, with a microphone and tape recorder); if a movie can be viewed by the human eye, it can also be recorded (at the very least, with a video camera and recorder). In practice, almost-perfect copies can typically be made by tapping into the analog output of a player (e.g. the speaker output or headphone jacks) and, once redigitized into an unprotected form, duplicated indefinitely. Copying text in this way is more tedious, but the same principle applies: if it can be printed or displayed, it can also be scanned and OCRed. With basic software and some patience, these techniques can be applied by a typical computer-literate user.

Since these basic technical facts exist, it follows that a determined individual will definitely succeed in copying any media, given enough time and resources. Media publishers understand this; copy protection is not intended to stop professional operations involved in the unauthorized mass duplication of media, but rather to stop "casual copying".

Copying of information goods which are downloaded (rather than being mass-duplicated as with physical media) can be inexpensively customized for each download, and thus restricted more effectively. They can be encrypted in a fashion which is unique for each user's computer, and the decryption system can be made tamper-resistant.

Copy protection on older media

Copy protection has been attempted in many ways, long before computers and digital media entered the picture. For example, the ancient practice of watermarking is an attempt to at least prove the authenticity of the original, though this does not itself prevent copying.

The music industry in particular has long sought a reliable copy protection method—early attempts included adding a high frequency spoiler signal to an analog recording so that tape recorders would generate an unpleasant whistle when the spoiler heterodyned with the bias oscillator. These attempts were largely unsuccessful, since the spoiler was either audible to the listener on the original tape, or else so high that it would not be reproduced reliably when played back.

Copy protection for computer software

Copy protection for early home computer software, especially for games, started a long cat-and-mouse struggle between publishers and crackers. These were (and are) programmers who as a hobby would defeat copy protection on software, add their alias to the title screen, and then distribute the cracked product to the network of warez BBSes or Internet sites that specialized in distributing unauthorized copies of software.

Software copy protection schemes for early computers such as the Apple II and Commodore 64 computers were extremely varied and creative because most of the floppy disk reading and writing was controlled by software, not by hardware. The first copy protection was for cassette tapes and consisted of a loader at the beginning of the tape, which read a specially formatted section which followed.

The first protection of floppy disks consisted of changing the address marks, bit slip marks, data marks, or end of data marks for each sector. For example, APPLE’s standard sector markings were:

D5 AA 96 for the address mark. That was followed by track, sector, and checksum.

DE AA EB concluded the address header with what are known as bit slip marks.

D5 AA AD was used for the data mark and the end of data mark was another DE AA EB.

Changing any of these marks required changing the software which read the floppy disk, but produced a disk that could not be copied. Some systems used complicated systems that changed the marks by track or even within a track.

By 1980 the first nibble copier, Locksmith, was introduced. These copiers reproduced copy protected floppy disks an entire track at a time, ignoring how the sectors were marked. This was harder to do than it sounds, because APPLE disks did not use the index hole to mark the start of a track. Tracks could start anywhere. Never the less, Locksmith copied APPLE II disks by taking advantage of the sync fields between sectors, which consisted of a long string of FF (hex) bytes between each sector. It found the longest string of FFs, which occurred between the last and first sectors on each track, and began writing the track in the middle of that. How APPLE used selfsync to align the drive head with the beginning of a byte (or nibble as is the proper technical term) is beyond the scope of this article.

Ironically, Locksmith would not copy itself. The first Locksmith measured the distance between sector 1 of each track. Copy protection engineers quickly figured out what Locksmith was doing and began to use the same technique to defeat it. Locksmith countered by introducing the ability to reproduce track alignment and prevented itself from being copied by embedding a special sequence of nibbles, that if found, would stop the copy process. A graduate student in computer science at the University of South Carolina reverse engineered Locksmith, found the sequence and distributed the information to some of the 7 or 8 people producing copy protection at the time.

For some time, Locksmith continued to defeat virtually all of the copy protection systems in existence. The next advance came from the previously mentioned graduate student’s thesis on software copy protection, which devised a way of replacing APPLE’s sync field of FFs, with random appearing patters of bytes. Because the graduate student had frequent copy protection discussions with APPLE’s copy protection engineer, APPLE developed a copy protection system which made use of this technique.

Of course a competitor of Locksmith, Back It UP, devised several methods for defeating that, and ultimately a method was devised for reading self sync fields directly, regardless of what nibbles they contained.

The back and forth struggle between copy protection engineers and nibble copiers continued until the APPLE II became obsolete and was replaced by the IBM PC and its clones.

Floppy disks were replaced by CDs as the preferred method of distribution, and companies like Macrovision, Sony and HexaLock providing copy protection schemes that work by writing data to places on the CD-ROM where a CD-R drive cannot normally write. Such a scheme has been used for the Sony PlayStation and cannot be circumvented easily without the use of a modchip.

For software publishers, a less expensive method of copy protection is to write the software so that it requires some evidence from the user that they have actually purchased the software, usually by asking a question that only a user with a software manual could answer (for example, "What is the 4th word on the 6th line of page 37?"). This approach can be defeated by users who have the patience to copy the manual with a photocopier, and it also suffers from BTO vulnerability, so that once crackers circumvent the copy protection on a piece of software, the resulting cracked product is more convenient than the original software, creating a disincentive to buying an original. As a result, user-interactive copy protection of this kind has mostly disappeared.

Other software copy protection techniques include:

• A dongle, a piece of hardware containing an electronic serial number that must be plugged into the computer to run the software. This adds extra cost for the software publisher, so dongles are uncommon for games and are found mostly in expensive high-end software packages.
• Bus encryption and encrypted code for use in Secure cryptoprocessors. This prevents copying and tampering of programs used in high security environments such as ATMs. This hardware solution is based on the fact that unlike music, video, and text that must eventually be revealed to users to be heard, viewed, or read, program instructions are needed only by the cryptoprocessor that decrypts and executes them.
• A registration key, a series of letters and numbers that is asked for when running the program. Many computer games use registration keys. The software will refuse to run if the registration key is not typed in correctly, and multiplayer games will refuse to run if another user is online who has used the same registration key.
• Name & Serial, a name and serial number that is given to the user at the time the software is purchased, and is required to install it.
• Keyfile, which requires the user to have a keyfile in the same directory as the program is installed to run it.
• A phone activation code, which requires the user to call a number and register the product to receive a computer-specific serial number.
• Internet product activation, which requires the user to connect to the Internet and type in a serial number so the software can "call home" and notify the manufacturer who has installed the software and where, and prevent other users from installing the software if they attempt to use the same serial number.
• Protection by code morphing or code obfuscation. The Code Morphing is multilevel technology containing hundreds of unique code transformation patterns. In addition this technology includes the special layer that transforms some commands into Virtual Machine commands (like P-Code). Code Morphing turns binary code into an undecipherable mess that is not similar to normal compiled code, and completely hides execution logic of the protected code.

Copy protection methods usually tie the installed software to a specific machine by involving some unique feature of the machine. Some machines have a serial number in ROM, while others do not, and so some other metric, such as the date and time (to the second) of initialisation of the hard disk can be used. On machines with Ethernet cards, the MAC address, which is unique and factory-assigned, is a popular surrogate for a machine serial number; however, this address is programmable on modern cards.

These schemes have all been criticized for causing problems for validly licensed users who upgrade to a new machine, or have to reinstall the software after reinitialising their hard disk. Some Internet product activation products can allow replacement copies to be issued to registered users or multiple copies to the same licensee.

Like all software, copy-protection software sometimes contains bugs, whose effect may be to deny access to validly licensed users. Most copy protection schemes are easy to crack, and the resulting cracked software is perceived as being more valuable than the uncracked version, because users can make additional copies.

In his 1976 Open Letter to Hobbyists, Bill Gates complained that "most of you steal your software." However, Gates initially rejected copy protection and said "It just gets in the way."

There is also the tool of software blacklisting that is used to enhance certain copy protection schemes.

Case study: Steam

The best known form of Internet activation is Valve's Steam system. Using Steam, players can either download games directly from Valve or register store bought copies; in either case that copy of the purchased game is inextricably linked to the player's account on Steam and cannot be transferred without either passing on Steam account details or, in the case of store bought games, getting a new CD key.

While the system has its advantages and has been extremely successful in reducing illicit copying of Valve's games, it is not without criticisms. When Valve's flagship game Half-Life 2 was released, millions of players attempted to register their copies of the game simultaneously. This lead to an overload of Valve's servers and temporarily denied legitimate customers access to their purchased game.

Copy protection specific to old games

During the 1980s and 1990s, computer games sold on audio cassette and floppy disks were usually protected with a user-interactive method that demanded the user to have the original package or a part of it, usually the manual. Copy protection was activated not at installation but every time the game was executed.

Sometimes the copy protection code was needed not at launch, but at a later point in the game. This helped the gamer to experience the game (e.g. as a demonstration) and perhaps could convince him to buy it by the time the copy protection point was reached.

Several imaginative and creative methods have been employed, in order to be both fun and hard to copy. These include:

• The most common method ("What is the 13th word on the 7th line of page 22?") was often used at the beginning of each game session, but as it proved to be troublesome and tiring for the players declined in popularity.
• Manual containing information and hints vital to the completion of the game, like answers to riddles (Conquests of Camelot, King's Quest 6), recipes of spells (King's Quest 3), keys to deciphering non-Latin writing systems (Ultima series, see also Ultima writing systems), maze guides (Manhunter), dialogue spoken by other characters in the game (Wasteland, Dragon Wars) or a radio frequency to use to communicate with a character to further a game (Metal Gear Solid).
• Some sort of code with symbols, not existing on the keyboard or the ASCII code. This code was arranged in a grid, and had to be entered via a virtual keyboard at the request "What is the code at line 3 row 2?". These tables were printed on dark paper (Maniac Mansion), or were visible only through a red transparent layer (Indiana Jones and the Last Crusade), making the paper very difficult to photocopy. Another variant of this method was a card with color sequences at each grid reference that had to be entered. This also prevented photocopying.
• The Secret of Monkey Island offered one of the most imaginative protection keys: a rotating wheel with halves of pirate's faces. The game showed a face composed of two different parts and asked when this pirate was hanged on a certain island. The player then had to match the faces on the wheel, and enter the year number that appeared on the island-respective hole. Its sequel had the same concept, but with magic potion ingredients.
• Superior Soccer had no outward signs of copy protection, but if it decided it was illegally copied, it would make the soccer ball in the game invisible, thus making it impossible to play the game.
• Zork games such as Beyond Zork and Zork Zero came with "feelies" which contained information vital to the completion of the game. For example, the parchment found from Zork Zero contained clues vital to solving the final puzzle. However, whenever the player attempts to read the parchment, they are referred to the game package. The in-game help function alluded to this form of control with the response "good luck, blackbeard" to queries that were unsolvable without the original game materials.
• Some game companies offered "value-added" goodies with the package, like funny manuals, posters, comics, storybooks or fictional documentation concerning the game (e.g. the Grail Diary for Indiana Jones or a police cadet notebook with Police Quest or the Hero's manual of Quest for Glory or a copy of the National Inquisitor newspaper in Zak McKracken) in order to entice gamers to buy the package.
• The lenslok system used a plastic prismatic device, shipped with the game, which was used to descramble a code displayed on screen.

Copy protection for videotape

Companies like Macrovision provide schemes to videotape publishers making copies unusable if they were created with a normal VCR. All major videotape duplicators license Macrovision or similar technologies to copy protect video cassettes for their clients or themselves.

Starting in 1985 with the video release of "The Cotton Club", Macrovision has licensed to publishers a technology that exploits the automatic gain control feature of VCRs by adding pulses to the vertical blanking sync signal. These pulses do not affect the image a consumer sees on his TV, but do confuse the recording-level circuitry of consumer VCRs. This technology, which is aided by U.S. legislation mandating the presence of automatic gain-control circuitry in VCRs, is said to "plug the analog hole" and make VCR-to-VCR copies impossible, although an inexpensive circuit is widely available that will defeat the protection by removing the pulses. Macrovision uses a legal strategy of patenting its video AGC system, giving it a more straightforward basis to shut down manufacture of any device that descrambles it than often exists in the DRM world.

Copy protection for audio CDs

By 2000, Napster had become a popular mainstream hobby, and several music publishers responded by starting to sell some CDs with various copy protection schemes. Most of these are playback restrictions that aim to make the CD unusable in computers with CD-ROM drives, leaving only dedicated audio CD players for playback. This does not, however, prevent such a CD from being copied via analogue connections, which has led critics to question the usefulness of such schemes.

CD copy protection is achieved by assuming certain feature levels in the drives: The CD Digital Audio is the oldest CD standard and forms the basic feature set beyond which dedicated audio players need no knowledge. CD-ROM drives additionally need to support mixed mode CDs (combined audio and data tracks) and multi-session CDs (multiple data recordings each superseding and incorporating data of the previous session).

The play preventions in use intentionally deviate from the standards and intentionally include malformed multisession data or similar with the purpose of confusing the CD-ROM drives to prevent correct function. Simple dedicated audio CD players would not be affected by the malformed data since these are for features they don't support — for example, an audio player will not even look for a second session containing the copy protection data.

In practice, results vary wildly. CD-ROM drives may be able to correct the malformed data and still play them to an extent that depends on the make and version of the drive. On the other hand, some audio players may be built around drives with more than the basic intelligence required for audio playback. Some car radios with CD playback, portable CD players, CD players with additional support for data CDs containing MP3 files, and DVD players have had problems with these CDs.

The deviation from the Red Book standard that defines audio CDs required the publishers of these copy-protected CDs to refrain from using the official CDDA logo on the discs or the cases. The logo is a trademark owned by Philips and Sony and licensed to identify compliant audio discs only. To prevent dissatisfied customers from returning CDs which were misrepresented as compliant audio CDs, such CDs also started to carry prominent notices on their covers.

In general the audio can always be extracted by applying the principle of the analog hole. Additionally, such programs as ISOBuster may be capable of producing hidden audio files.

Examples of CD copy protection schemes are Cactus Data Shield and Copy Control.

Sony CD copy protection scandal

In late 2005, Sony BMG Music sparked the Sony CD copy protection scandal when it included a form of copy protection called Extended Copy Protection ("XCP") on discs from 52 artists. Upon inserting such a disc in the CD drive of a computer running Microsoft Windows, the XCP software would be installed. If CD ripper software were to subsequently access the music tracks on the CD, XCP would substitute white noise for the audio on the disc.

Technically inclined users found that XCP resembled a rootkit, in that after installation, XCP went to great lengths to disguise its existence; the code even attempted to disable the computer's CD drive if XCP were forcibly removed. XCP's efforts to cloak itself unfortunately allowed writers of malware to amplify the damage done by their software, hiding the malware under XCP's cloak if XCP had been installed on the victim's machine. Several publishers of antivirus and anti-spyware software updated their products to detect and remove XCP if found, on the grounds that it is a trojan horse or other malware; and an assistant secretary for the United States' Department of Homeland Security chastised companies that would cause security holes on customers' computers.

Facing apparently unanimous resentment and class action lawsuits Sony BMG issued a product recall for all discs including XCP, and announced it was suspending use of XCP on future discs. On November 21, 2005 the Texas Attorney General Greg Abbott sued Sony BMG for XCP and on December 21, 2005 sued Sony BMG for MediaMax copy protection.

Copy protection in recent digital media

More recently, publishers of music and movies in digital form have turned to encryption to make copying more difficult. CSS, which is used on DVDs, is a famous example of this. It is a form of copy protection that uses 40-bit encryption. Copies will not be playable since they will be missing the key, which is not writable on DVD-R or DVD-RW discs. With this technique, the work is encrypted using a key only included in the firmware of "authorized" players, which allow only "legitimate" uses of the work (usually restricted forms of playback, but no conversion or modification). The controversial Digital Millennium Copyright Act provides a legal protection for this in the US, that would make it illegal to distribute "unauthorized" players—which was supposed to eliminate the possibility of building a DVD copier. However, CSS and other such software-based solutions have been reverse engineered, providing access to the encryption keys and methods.