DRM, custom hardware and technical solutions to human problems

Arseni Mourzenko
Founder and lead developer
January 8, 2018
Tags: short 50 security 8

A now closed ques­tion on Soft­wa­reEngi­neer­ing.SE asked about a way to pre­vent the users from get­ting screen­shots of an ap­pli­ca­tion. The con­text is an ap­pli­ca­tion show­ing sen­si­tive doc­u­ments in a bank. While the doc­u­ment is en­crypt­ed, it re­mains safe. When it's shown to the user, it can be com­pro­mised.

The per­son was there­fore in­ter­est­ed by the tech­ni­cal means to pre­vent screen­shots cap­tur­ing. The an­swer I post­ed seems in­ter­est­ing enough to be cloned here. Here it is.

No mat­ter how many mil­lions of dol­lars you're ready to throw at this, it is a known prob­lem which has no so­lu­tion. And it's not just about PrtScr, but all the ap­pli­ca­tions which let you record and trans­mit still pic­tures or videos of your mon­i­tor. This in­cludes some­one who streams the con­tent of the screen to an­oth­er ma­chine with Google Hang­outs and press­es PrtScr there. And of course, no mat­ter what you do on the PC it­self, the per­son can still take a sim­ple pho­to of the mon­i­tor.

The sit­u­a­tion is very well ex­plained in a TheDai­lyWTF ar­ti­cle.

When it comes to copy­ing dig­i­tal con­tent, DRM could work if you do con­trol the de­vices used to ac­cess data. And by con­trol, I mean you de­vel­op them your­self, and you make sure they are tam­per-proof. The de­vice re­ceives en­crypt­ed data, de­crypts it with a pri­vate key kept in se­cret by the hard­ware it­self, and then shows it. As soon as you want to show the con­tent on any­thing else than your hard­ware, it won't work. By the way, de­sign­ing hard­ware which with­stands tam­per­ing at­tempts is hard (but since you have mil­lions of dol­lars, it can work).

The prob­lem is when you want to pre­vent the ap­prox­i­mate copy­ing as well, i.e. a pho­to of your DRM-en­abled screen shot with a smart­phone (or a very ex­pen­sive high-res cam­era) is not ac­cept­able. The only way to be safe is to make your hard­ware be used in your se­cure lo­ca­tion, and search every per­son who would have ac­cess to it to pre­vent get­ting a cam­era in or out. This is very sim­i­lar to the sit­u­a­tion where some­one want­ed to pro­tect the source code from be­ing copied.

Is it tech­ni­cal­ly pos­si­ble? In the­o­ry, yes.

Is it doable in real life? I let you an­swer the ques­tion your­self.

In real life, tech­ni­cal so­lu­tion won't work, be­cause you're fac­ing a hu­man prob­lem. There­fore, you need a non-tech­ni­cal so­lu­tion. In your case, since you're deal­ing with bank­ing em­ploy­ees who are ex­pect­ed to be­have prop­er­ly, a sim­ple warn­ing mes­sage should be enough:

You are not au­tho­rized to make copies of the cur­rent screen. [...] pros­e­cut­ed to the fullest ex­tent of the law [...]

And then, you need to train your users. In­stead of block­ing PrtScr, let them do it, but when they press it on this par­tic­u­lar screen, make the app send a no­ti­fi­ca­tion to the se­cu­ri­ty of­fi­cer. As soon as one or two users would see the se­cu­ri­ty of­fi­cers come ask­ing them ques­tions about the rea­son why they took a pic­ture of a screen show­ing sen­si­tive in­for­ma­tion, most users would be very un­will­ing to try.