Slashdot Mirror
Encrypting Digital Music With Multiple Keys
Orne writes: "The New York Times has an article about mathematicians at Brown who have patented a new music encryption system that is based on cycling encryption keys. '... a typical three-minute song could be scrambled into 180 different codes; anyone taking the time to break a single code would be rewarded with only one second of music.'" I'm not going to try to parse the math behind it, but advances like this are why I advocate laws to protect fair use of copyrighted materials -- sooner or later a successful crypto-system to prevent all non-permitted use of materials will be developed, complete with tamper-proof hardware in your PC, and then where will we be?
I'm sure RIAA can afford to license this patented technology, and if it protects their assets, it will be. In fact, you can probably be assured that RIAA will go to great lengths to prevent others from using this technology (such as independent musicians distributing over the web) if, again, it threatens their assets.
As for its use, most of you are forgetting that the average person is willing to pay for convenience. Sure, it's easy to intercept the signal at the soundcard, or record it off your speakers, but the average person isn't going to go to that trouble, provided that the price is reasonable ($20/mo for on-demand access to the majors' catalogs, e.g.).
To within half a percent, pi seconds is a nanocentury. -- Tom Duff
Of course we don't like this. The system is nothing more then a slightly glorified CSS. It still requires that the decrypting and playing/displaying be in a controlled environment following the agenda of somebody other then the user. You think you'll ever see an open source player for this? Think they are going to be happy when somebody reverse engineers it and makes a tool that write the raw data to disk rather then hardware?
The idea of controlling information is just wrong. It doesn't matter how good the system is, by defenition it has to mean that you are infringing on the freedom of viewer and somehow controlling his actions. You may LIKE that, but I sure as hell don't.
-
We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.
It seems that the music industry is hell-bent on preventing people from ever listening to the music (in short, preventing them from consuming the product they produce!). The problem comes from the fact we all hear the same thing - audio pressure waves - and there's absolutely nothing (short of a digital-in jack in the back of everyone's head, yeah, ok, sure) that they can do about it.
Encrypt it all you want. Put all the OS-specific protections on it you want. It doesn't change the fact that on your sound card, there's a DAC chip. Any electrical engineering student, given the specifications on the DAC being used come up with something to do a pretty good re-sampling at the chip, before filters are applied, and get a good copy out - or hell, just resample the audio out. As another poster indicated, doing this many times helps to isolate random noise that can be processed out, and mp3 is lossy, anyhow (another debate).
What the music industry is deglecting is that they thing that the millions of consumers out there are willing to throw away a multi-hundred dollar investment in a CD player - which does a damn good job of playing back music as is, even crappy ones. This is what kills the music industry - in their greed, they've made the de facto standard for music a perfect unencrypted copy. Any attempt to change this will result in legislation out the wha-hoo, because for all the RIAA's lobbying dollars, they're SOL.
Encryption is useless for an application like this because at some level, we all need to hear the same pressure waves.
kudos
..don't panic
They are just going to encrypte everything. You sound card will have hard ware encryption. It will only connect to special digital speakers. Upon connecting to these speakers, it will negotiate a special encrytion key with the speakers, and then only send encrypted music to the speakers. The same will be done for monitors and such, so that you can't FUCKING USE ANY OF YOUR STUFF!!!
Dionysus vs, Socrates! The greatest battle of all time!
I especially hate the bullshit about USE licensing. That's breaking up a product into multiple pieces. Frankly I expect to pay less if I'm not allowed full use.
The real motivation for most artists in wanting to protect their work is not to prevent their fans from listening to it, but to prevent some dumbass from burning 2000 CDs of their music and selling them for 10$ apiece. That person is profitting from someone elses work. As a poet I wouldn't like it if someone took my work and sold it for a profit without even asking me. But I also don't think my work should be perpetually protected. I think 2 years is more than sufficient before any form of artwork becomes public domain.... Some would disagree with me I'm sure. But I think that is plenty of time for an artist to profit from their work. Heck, it's about 5 times what the average popular lifetime of a piece of music is nowadays. It's not as if N-Sync is going to be around this time next year to bitch about their album being pirated.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
The idea is interesting...even if it is fatally flawed, in ways that make it useless.
/dev/audio but let me dump the digital input right into a file (or better yet...had an mp3 encoder on the other side of it encoding and dumping)
Anything short of tamperproof hardware, with built in DAC and speaker outputs just can not stop the copying....and even then...with the right equipment...a pretty good copy could be made (do a few analog copies and combine them together to reduce random noise).
If a program, in the Users system, EVER has a decryption key that the whole system rests on...then it is flawed...the user has the key (even if it means probing memory in real time to find it). Even barring that....if it ever goes digitally through something the user controls (like the sound card driver)...then the user can copy with no key.
It would be nearly trivial to make a linux driver that looked just like
What about for windows? I wouldn't imagine it would be too hard.
I supose these guys are mathematicians. They have a hammer (math; encryption technology) and to them every problem looks like a nail. The problem is that encryption is an end to end thing. It can't protect you from the person that you are sending the data rightfully to.
I mean if adam encrypts a letter to bob telling bob that he suspects his wife is having an affair but he wants to find out who it is with before he accuses her...all the encryption in the world wont help him if bob is the one who is sleeping with her.
This problem is a technical impossibility to solve, if you want to allow people to use the data you give them on anything but custom hardware that you have control over. Its a completely backwards aproach.
Take java...java is a trusted environemnt (avirtual machine) which knows how to check and "watch" untrusted code and stop it from doing bad things. This is the opposite...they have trusted data...and run it in an untrusted environment...yet make sure the environment (which is what is interpreting it in the first place) is not doing "bad things".
"I opened my eyes, and everything went dark again"
If you can ever buy a CD, it seems to me that you could always use a ripping program not equipped with this encryption standard and rip some good ol' mp3s that you can trade freely with your freinds and loved ones.
I don't think that the music industry wants to stop selling cds, either, especially considering that they still have a slight advantage over mp3 in quality and portability through ubiquity. And even if you could only get music in this encrypted format, eventually they gotta release a player of some sort that will have a digital out for high class speaker systems, so people could take that signal and convert it into a wav and then make it into an mp3.
Information wants Coq
Some asshole once stated that "You're going to force us to make songs that can only be played on one walkman". How would they do this?
You would go to their web site, you would plug in your walkman. Your walkman would send the web site it's public key. The web site will charge you $5.95 and encrypt the song with your walkman's public key and then let you download it. That song can now only be sent to your walkman, which decrypts it with it's private key moments before sending it to audial output systems.
Now, most keen people will say "Uh, big deal, I'll just record the output". Uber-leet hackers will go "Cool, a challenge" and take apart the walkman and yank out the private key, or simply figure out the algorithm and determine how to best crack it. If possible.
Now, here's the point. They know you'll crack their encryption. The entire point of encrypting it is so that they can point to the DMCA and say "Cracking cryptographic systems is illegal, and he did clearly this, using these steps." and the fun-loving hacker is carted off to prison and given a sentence that would make the sentence for rape seem like a slap on the wrist.
Mr. Asshole of the MPAA simply argued that DeCSS breaks CSS. The DMCA says breaking cryptography is illegal, whether you distribute the protected work or not. In fact, you would think that it was deliberately easy to crack so that you DID crack it simply to get you into a larger legal mess.
Cryptography kicks ass, but not when it's used to strip people's rights away.
What worries me, though, is technology that companies like IBM is developing where a digital watermark actually becomes part of the playback audio, reproduced by every component, including your soundcard and speakers, but which cannot be heard by human ears. IBM has developed such a system which is part of the EMMS system (also known as madison), which they claim has passed what they call "golden ears" tests. These tests have people with exceptionally good hearing try to differentiate between recordings with the watermark and without. (I've been to IBM research and heard the files. I couldn't tell the difference, either, FWIW).
The next step, of course, is to have the watermarks generated on the fly for each electronic transaction that purchases the music (how far away do you think we are from hardware that can do that in a second or two?), encoding your personal information or a transaction ID into the stream. Then, if you upload the music, they will be able to track down the source of the new digital copy of the music to you.
That's pretty scary to me, at least, because we're back to that total control picture. I personally don't believe that artists should have total control of their works, let alone abitrary "copyright holders" like labels and publishing companies, because fair use is an important part of the knowledge chain.
Imagine tuition bills for higher education once professors can't photocopy small excerpts to pass out in class, or you can't actually pick up a book from the Library, copy a few pages, and go home to write you papers. Or that to actually read the book *in the library*, someone has to pay.
What happens to free libraries with perfect copyright control?
I could go on, but I think I've made my point. Different pieces of the technology puzzle to enable full copyright control exists already. I think that all the pieces will be there soon. And that scares me.
politics, food, music, life: FatMixx
The system talked about will be useful only to send out previews of unreleased music - once the CD hits the shelves, MP3s will become readily available, and unstoppable. For that matter, high bandwidth connections will soon become common enough to make practical downloading uncompressed CD audio - 1.2 Mbit/sec allows real-time transmission.
Near the bottom of the article was mentioned a token that could be moved from device to device, but that would be customized for each user's devices, so it couldn't be loaned out. It also couldn't be used on any new hardware you buy without reprogramming, making it even less convenient than Circuit City's DivX. This is one idea for a consumer app that's going to sink without a trace.
The cryptosystem may have a useful application, but preventing music trading isn't it. Maybe it would be good for high-bandwidth military applications.
I wish I could moderate you up. One way or another, the audio reaches a format that is accessable. (Say, someone could read a dolby digital output. Or they could pick an analog signal off of the wires to the speakers.)
You mention signal degradation. Well, with audio cassettes, you get more loss with each generation copied. But if you (worst case) record an analog signal, your only loss is at the first recording. All subsequent copies are just as good.
I'm not an audio nut, but this is fine with me. My imperfect human ears cannot distinguish the difference between an MP3 that was sourced from a digital CD, versus an MP3 that was sourced from an FM station or a digital sampling of the analog output of a stereo.
I don't care about the RIAA, MPAA, etc. I don't like the idea that fair use is not being considered. Fair use is above any group and individual. But then I'm biased. Everything I work on will be preleased in XM or IT or MOD or some other tracker format. Then MP3s on miniCDs.
Maybe out on vynil next. And then for backup purposes on CD.
If I have stereos all through my house and back yard, I'd like to access my music from anywhere using a wireless palmtop running a Unix.
All this protecting is going to annoy anyone who actually does something with music and that includes a lot of music buyers not just signed bands. This whole listen and shut up attitude bugs me.
I especially hate the bullshit about USE licensing. That's breaking up a product into multiple pieces. Frankly I expect to pay less if I'm not allowed full use.
The message on the other side of this sig is false.
Reasons why this is not a big deal:
sigs are a waste of space
So the sum of this is that it's ultimately a futile endeavor, regardless of how they rotate keys or whatnot. The folks at Emusic are selling hundreds of times more music than anyone else and none of their stuff is encrypted -- did you know that half their board came from PGP: Pretty Good Privacy, the crypto folks? And that Gene, their CEO, is a longtime cypherpunk? So why is it, you should ask yourself, that some of the most knowledgeable crypto people in the world would start the only online music sales outfit to sell *unencrypted* dowloads?
Maybe because they understand what crypto is really for.
Crypto is for keeping secrets between parties that desire to keep that information a secret. If A wants to tell B something, he can use crypto to prevent some C from listening in that both A and B don't want hearing the information. But if B desires to share this information with other parties, there is fundamentally, long-term nothing that can be done to protect B from sharing it. Crypto is only useful at protecting information if all parties who know the secret want to keep it a secret.
So ultimately, any attempt to protect publicly-published data (books, movies, music) with crypto is going to fail; it's fundamentally untenable.
David E. Weekly
David E. Weekly
Code / Think / Teach / Learn
h4x0r for
Oh, fantastic. another unbreakable cryptosystem to secure digital music. yea. Not that I can't play it, and loop it back directly in with no loss of quality into another system. ooooh. who cares if it's encrypted??? If the consumer can listen to is, the consumer can record it. Simple. No technological controls will ever, ever prevent pirating.
While this cryptosystem sounds really cool technologically (possibly very powerful encryption) a) the cryptographic element of security is never the one broken--if you have five trillion brass-plated locks on your steel, reinforced door, people break through the window, for look for the key in one of those stupid rocks by the side of the door. b) cryptography is great for security and privacy and integrity, but is helpless against willful copyright violation by a cryptographically-authenticated party (like, say, the consumer).
And in any case, there is nothing to get consumers to move 100% to this system, as opposed to trading MP3s. even if bill gates includes DRM into windows, people will use Linux, or FreeBSD, or not throw their 'old' computers away and keep them for functionality sake to play mp3s and whatnot.
in short, cool idea, useless for the purpose.
Returned Peace Corps IT Volunteer
I thought slashdotters liked strong crypto and innovative crypto and anything else that could be used to keep the government out of your hair. Why are we getting our panties in a bunch that someone else might get to use crypto too?
If, as we've stated many many times, the RIAA is obsolete then they will have no use for this technology because they won't have any music to encrypt. The musicians will all be using this to encrypt the songs they are selling off of their websites. Does anyone have a problem with the musicians profiting from their work and using this to enforce how something they created is used? Not I.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
Remember, denial always comes right before going kaputski. Remember the disney movies? The Humorous Sidekick always tells the bad guy: "Umm... what if they Exploit Badguy's One Huge Weakness?" The Generic Evil Bad Guy will then laugh and say: "Nonsense. They would never be able to... " At that point, he is obliterated.
This can be extended as an analogy to the recording industry. First, they think "nobody will ever like this mp3 stuff". Then they pretend to ignore its spread. Once they realize that things are going to hell in the proverbial handbasket, they introduce their weak attempt at mimicking this.
It's very simple. Any music released in this format will never be used. Period. As long as they still sell the CD, people will still get it in mp3 format. And if they only release it in a digital encrypted format, then nobody will buy it. No matter what, the recording industry is doomed.
Friends don't let friends misuse the subjunctive.
We'll be in the same place we are now, very simple, just take audio out from your computer, use a double male line to the audio in port, and record onto mp3 or whatever replaces it, encryption scheme bypassed. if you can _LISTEN_ to music, you can get around any and all encryption of it.