MED Magazine - Issue 40 - July 2006

MED Profile
In this series we will profile people and companies that work with us on producing our print, electronic and online dictionaries. In the first article, you can read about Link Data Security, the company which developed the copy protection for the award-winning Macmillan English Dictionary CD-ROM.

The piracy challenge of our age: CD-ROM copy protection
by Hans Pedersen

Innovators and imitators

The world has always hosted a mix of innovators and imitators – innovators having personal satisfaction, artistic ambitions or simply money as the driving force. War, too, has always been a huge driving force. Besides giving us machines that can kill human beings in incredible numbers in the shortest possible time, innovators have also pushed encryption and deciphering of codes which guard or reveal secret messages. Computer development was greatly accelerated during the World War II Enigma deciphering project in the UK. (Incidentally, the project was also called 'the Bombe', and in itself a copy of the Polish 'Bomba' machine.)

Innovators have always had problems getting decent compensation for their creative efforts, but in the old days, at least, the original manufacturer had some advantages. On the one hand, quality loss occurred during attempts of copying the production. On the other, physical production costs were low due to mass production. As a result, it was too expensive for others to start a small production run.

In today's digital distribution neither of these hold true. While traditional films, pictures and books could be copied, the quality would always be degraded due to their analogue nature. A digital copy is never identical to the original, but in the digital binary world "close to 0" is the same as 0 and "close to 1" is 1. So a digital copy is as good as the original.

Even for a single digital copy, the production cost is minimal. Traditionally, you could get some protection by patents or other copyright legislation. But the headlong rush of our age often means that a product's life span is shorter than a patent cycle. To this, add globalization, where the offender distributing your product over the internet may be located on a small island in the Pacific.

All this explains why most publishers today use, or at least strongly consider, technical means of preventing unauthorized access, which is referred to as licensing or copy protection. You will find copy protection on all games, most software packages and even on Microsoft's operating systems. It simply creates higher revenue, resulting in better products at a more competitive price.

Link Data Security – the beginnings

Link Data Security produces the CD-Cops protection used by Macmillan on its electronic dictionaries since 2002. We realized the need for protection ourselves way back when our debugger program for the Swedish ABC80 CP/M computer was massively pirated due to the lack of an efficient copy protection system. (For those not familiar with CP/M, it was the dominant operating system in the late 1970s before DOS took over.)

Diskette-based protection in those days was of poor quality, so we built a diskette protection system to guard our next product, a DOS program that could convert all sorts of CP/M diskette formats. Our fortune was made by a Danish magazine written by someone with special copying equipment from the Far East – a bit-copier that could clone any diskette. This machine had two drives built together, the speed digitally controlled by the same quartz crystal. It was able to throw 100,000 bits/track over to the copy diskette and ensure that no bits were missing or overwritten. After some work, we were able to defeat this monster and get publicity – also internationally.

Growth by word of mouth

Lotus 1-2-3 used our protection system for many years to guard their famous spreadsheet that had been pirated a lot. For instance the 1-2-3 was used all over Russia in the mid 1980s. All they ever sold were five copies or something of that order! The Lotus cooperation started when they launched their Arabic version. The local dealers demanded protection and not just any protection before they would stock the product.

Marketing is always tricky. The Lotus contact came by way of a technical wizard in Bahrain. A casual remark to the Prince of Bahrain caused an immediate exchange of 300 PCs in the administration from IBM to Compaq. A customer from Germany learned about our product from a software shop in a tiny village in India. They had all the software in the world for sale, but only one original package. When asked why, the Indian contact said they couldn't copy the protection. In Russia, newspapers and TV stations helped us by warning against non-functional copies of an expensive language program from the USA. A pirate factory had made 10,000 CDs with the booklet, CD code and everything. The only problem was that they didn't work; the CD code did not match the glass master.

Marketing in Spain did not go as planned. We had a very active distributor that spread thousands of free demo diskettes trying to create sales for us. This diskette could be used to produce ten real protected key diskettes with protected programs on them. We were thankful for the distributor until we learned that he was selling the diskettes for $20 each.

Why use copy protection?

Copy protection is supposed to earn you more money by making it impossible or very difficult to make pirate copies, at least on a commercial basis. A milder form is called copy discouragement. Here a mix of simple technologies and psychological tricks (such as a seemingly individual number popping up on the user's screen when the product is run) discourage normal users from making copies. We have seen examples where all users got the same code, but it probably still had some effect on piracy.

With freedom comes responsibility, and with protection comes restrictions. After all, that is what the protection is about: restricting access. The legal user, however, doing his daily routine jobs, should not be hindered. This requires a fine balance. Given the huge amount of piracy present, it is in the interest of the legal customer to avoid paying for too many cheaters. The greater the number of users that actually pay for the product, the lower the price and the more resources can go into the development, maintenance and support of the product. By analogy, widespread cheating in tax payments means reduced income for the country and, as a result, we all get poorer. It is the same with piracy, even if the producer is a private company.

How can anyone judge how much piracy there is, or even know if any of the pirates would ever consider buying the product? To answer these questions, many producers have tried releasing two similar products, with only one being copy protected. Provided the protection is efficient and works well for the legal user, in most cases the registered sale has been much higher for the protected version.

Customer support

To handle end-user support, CD-Cops has introduced web-based automatic internet support. Besides giving fast help to users, it has also given a clear picture of the amount of hacking efforts. Our AutoSupport statistics show a massive number of piracy attempts. Four out of five users do not give their email address, almost exclusively due to piracy. Three out of four of those with an email address hold pirated copies and CD-ROM emulators.

There is also massive organized piracy in Russia and the Far East, where factories send out an incredible amount of cheap, almost identical copied products. We have conducted a lot of business in China and have visited the gigantic warehouses containing cheap software. Known and original software packages are sold 10 times cheaper than anywhere else due to high expectations for the rapidly expanding market. Even so, on the black market right outside, you can get almost identical products for less than a dollar.

The secret of CD-Cops

You might wonder why nobody has been able to copy the secret CD-Cops token that makes the original CD-ROM work? Well, the answer is simple: there is none. Instead the uniqueness any pressing facility naturally leaves on the media is measured. As a bullet can be traced back to the gun that fired it, or a written page to the typewriter it came from. Since PCs cover a wide range of combinations of all sorts of hardware and software, it is no trivial task to ensure precise measurement on every conceivable PC. On top of that, consider that CDs get scratched or smudged. We invented the CD-Cops technology in 1996 and have been refining it ever since.

A fine balance

Creating copy protection is not only a technical job; it also requires some political work. Even the best protection will be hacked if the physical quantity of protection is not up to the job. For instance, protecting high profile games should not be done with the same standard system used for a dictionary CD-ROM. Different customers should not have the same system or the same keys.

It is an important task to use the right ammunition and to find the right level of protection which is enough to do the job without restricting the legal user too much. Making the wrong political decisions can be fatal. Our main competitor in China introduced a policy of giving customers their money back if the protection was broken within a certain period of time. The result was that customers sent the protected items to us and others for cracking. A word of advice: never encourage or motivate your customer to defeat your protection system.

No rest

In the security business you need to be humble – you're not the only smart guy out there. The Japanese army believed they had an unbreakable code, and for that reason they did not change it throughout World War II. This was fortunate for the Allies because the code had actually been broken long ago.

The German Enigma machine had so many combinations that it too was believed to be unbreakable. Two things made it possible to crack it: the building of a computer-like machine to try out many more possibilities than foreseen, plus a fatal bug: a letter could be coded to any other letter, but not to itself. By guessing a large phrase or sentence that would appear somewhere in the document it was possible to find the place by looking for an area with no character matches in the encrypted text. Now a so-called "known plaintext" attack could be made. It is much easier to crack a code if you know both the encrypted and the coded version.

So nothing is unbreakable. Still the right amount of protection helps. Even though you know a determined burglar can always get in, you do lock your door when you leave your home, don't you?


Copyright © 2006 Macmillan Publishers Limited
This webzine is brought to you by Macmillan Education