it's removing HDCP protection that's problematic, not adding HDCP protection

looking at the available information on HDCP, it looks like the transmitter does not have to be authenticated - they use the receiver's pubkey, much like a web browser transmits to an HTTPS server