CPRM

2/23/2001

Copy Protection for Recordable Media (CPRM): A set of extensions to the AT Attachment Protocol (aka Integrated Drive Electronics - IDE) considered by the committee that controls the ATA Standard in early 2001. Although the extensions are presented as modifications for providing privacy on removable media drives, they seem to include modifications that would allow protection of fixed media, i.e. hard drives. It is also proposed to modify SCSI drives to use CPRM.

The technology is similar to that used on DVDs and works by using a hidden area of the storage to maintain a list of up to 3000 controlled "disk" areas, passwords, and access rules in a "Media Key Block" to encrypt the data. A hidden unique drive ID is also implemented. Building the controls into the drive electronics makes bypassing the controls substantially more difficult than alternatives implemented in external software. This technology allows controlled access material to be intermixed with normal material.

CPRM was proposed as an optional feature, and even if implemented would not necessarily be activated by the user.

Since a disk drive with CPRM active could not be backed up, restored, copied, replaced, etc with today's tools, CPRM is highly controversial. It is clear that CPRM is incompatible with all existing disk utilities as well as with RAID arrays. It is possible that some utilities can be modified to be CPRM compatible. It is probable that some -- defragmentation for example -- can not. Microsoft -- a company more known for originating than fighting troublesome technologies is strongly opposed and has proposed a less draconian alternative. CPRM is backed by IBM, Intel and a company called License Management International that will earn a small royalty for each CPRM device sold.

Note1: The CPRM proposal was rescinded in late February 2001 and was replaced by a Phoenix Technologies originated proposal to define 8 "generic" (i.e. "proprietary") commands. The 8 commands could be used by any vendor in any way provided only that the functions provided must be identified in a standardized way.

Note2: I was told when this was originally posted that the analysis was incorrect and was the result of basing an article on media hysteria. While the gentleman who told me that is almost always right, I belive that in this case he was wrong and that the above article is pretty much correct.

Return To Index Copyright 1994-2002 by Donald Kenney.