Set Digital Music Free

The latest issue of EFF's newsletter covers the HackSDMI challenge. Probably not surprisingly, they're urging the same thing as Don Marti, who Salon interviewed.Update: 09/19 3:33 PM by michael : The RIAA, EFF, and 2600.com debated SDMI on Pacifica radio today.

Another take on the story

[broody]

I am rather partial to this editoral myself.

Re:Another take on the story

[finkployd]

I'm sorry, but that editorial is garbage. It seems the author believes that as "hackers", we HAVE to crack SDMI if we are truely against it, otherwise we are just all talk. What the author completly fails to see is that this contest is not the war, it's not even a battle. If we can't hack it, they win. If we hack it and turn in the prize money, they still win because then they can simply close the holes we found. All they are doing is learning from CSS's mistake and trying to make sure they aren't letting something really unsecure out the door.

The "real" hackers will be breaking it after the contest, when it's officially released. And they won't do it for money, they will do it for freedom.

Finkployd

Only if it isn't secure.

[bluGill]

The goal is to have no eyeballs look at this until it is ratified. This increases our chance that once they force this down everyone's throats someone can find a hole.

Remember, if the system is really secure there isn't much we as hackers can do. 128 bit encryption is 128 bit encryption, and baring major advances is unbreakable to hackers. Let the music industry get a strangle hold on the people with a new standard and there isn't much we can do to lossen it technologicaly.

Of course there is the other way to look at this: help make this standard as secure as possibal. Then keep reminging people that you used to be able to copy music for your own purposes, and legally you still can. When people get mad congress does listen, and they can force the industry to release the ability for everyone to take advantage of fair use. Grass roots politics is where things get done in the US, so join a political party that mostly thinks like you, and get things done. (It doesn't have to be the republicrats, but a major party gives you a better shot of getting your canidate elected in exchange for some lesser issues going against you)

Re:Only if it isn't secure.

[ka9dgx]

"128 bit encryption is 128 bit encryption, and baring major advances is unbreakable to hackers."

If there's one thing I learned from reading Secrets and Lies, it's that there is ALWAYS a hole in the system somewhere.

The players for this format will always be unsecure, because we'll have physical access to them, and can take them apart and tweak as much as we want. In order to be playable on an infinite number of players, there has to be a global secret, locked up in the hardware (just like the DVD keys), that secret WILL be reveiled, and probably in a shockingly short amount of time.

It's not possible to lock things up the way the RIAA wants to, they should devote their energies to their original mission, assuming it had something to do with promoting music, and let this issue drop!

--Mike--

Why? (Just like a 2 year old)

[ka9dgx]

I just sent this off to info@sdmi.org earlier today:

Why do we need "secure digital music"?

CDs and MP3 files seem to do just a fine job of handling my music needs, there seems to be nothing missing.

Would this initiative secure funding for the artists, or offer new capabilities for the listeners that don't currently exist?

Would this allow me to secure my music by getting access to it if the media it came on was damaged?

How does this guarantee my right to fair use under existing copyright laws?

--Mike--

Perhaps a secure format has a place

[namespan]

Lately I've been thinking that we're drawing the lines for battle in the wrong places. Perhaps there SHOULD be a secure format that can be used for things like limited listening. I know we all cringe about self-destroying CDs and the like, but really it could be a great method of exposure -- 2 listens, and the disc is done, and then you can buy a PERMANENT CD. That might be an agreeable setup, material waste aside. A limited download might be used to accomplish the same thing. You can play it n times, but then you have to buy. Sort of like the trial period/limited number of times kind of shareware (which has a place, even if it's non-free).

Now, I think most of us fear that if secure initiatives come out:

1) they WON'T be used wisely. We might be forced to pay per every viewing/listening/reading.

2) that it will somehow be made illegal and/or very difficult to freely view/distribute stuff you actually have the rights to.

It seems to me that #1 is possible, but that if we start fighting the battle from the other end (#2),
we might be able to make a lot more headway with conservative policy makers AND preserve the freedoms that are truly important. Remember, the GPL doesn't stop Intellectual Property from existing under the law, and make everything free. It (and other free licences) just makes Free Software possible.

We are fighting the battle for #2 in a number of places (DeCSS I think falls in this category), but we're also wasting a lot of time on #1. Given a chance, I think secure initiatives might find a fair place next to free alternatives.

SDMI is not uncrackable

[Mark+F.+Komarinski]

It took almost two years to crack CSS, and that was only because Xing didn't encrypt their keys (BTW, did Xing ever get in trouble for this?)

If the "crack SDMI" goes on for 3, 6, 9 months, even a year, without being cracked, it doesn't prove anything. There is no such thing as an uncrackable algorithm. The Germans thought Enigma was uncrackable, they were wrong. The MPAA thought CSS was uncrackable, and they were wrong. Now the RIAA is trying to build anther "uncrackable" code. And they're going to find out in a year, two years, 5 years, whatever, that they're dead wrong as well. The best that the RIAA can hope for is making the encryption such that it can't be cracked brute-force by today's computers. How long have CDs been around? 20 years or so? How far has computing technology gone in that time? Will computers sometime during the life of SDMI be enough to do a brute-force attack against SDMI? I'd wager yes.

They aughta go read "Applied Cryptography" and just give up. SDMI is irrelevant, CD-Audio will take years to catch on. MP3 is here, working, popular, and sufficient for most users.

PS, I just proved that SDMI can (and will) be cracked. Send me my $10k.

Re:Don Marti steps down

[bfields]

Here's what you say:

As I submitted earlier, Don Marti has stepped down from the boycott. Hopefully it will get posted on Slashdot soon.

Here's what the articl e that you link to says:

Marti has softened his stance just a bit. "I'm still concerned, and I'm still researching, but I'm less concerned," Marti said.

and, later:

Still, Marti said he wouldn't encourage people to participate in the hack. "I think SDMI is becoming less and less relevant," he said, as the popularity of digital music continues to grow.

This might suggest some unfortunate waffling on Marti's part. But it's not exactly the strongest evidence for your statement. Do you have any other source?

--J. Bruce Fields

SDMI are Cheap Bastards

[ewhac]

Okay, let's see here: SDMI want me to test the strength of their proposed security measures, measures on which the entire future of the music industry's electronic offerings will be based. An industry that earned over $16 billion in profits last year.

...And they're only offering me $10,000. And they want me to do it "on spec".

How very typical of the music industry. What cheap bastards.

Tell you what, SDMI: Crank the prize offering by at least three orders of magnitude, and we'll talk...

Schwab

Re:One nit on EFF's letter

[JoeBuck]

As Courtney Love points out in detail, artists aren't eating under the current system. Artists may well do better giving away MP3s and asking for tips and making money from concert tours than under the current system. As she says:

Today I want to talk about piracy and music. What is piracy? Piracy is the act of stealing an artist's work without any intention of paying for it. I'm not talking about Napster-type software.

I'm talking about major label recording contracts.

Re:click-through SUCKS

[jbridge21]

A flaw has been pointed out be a fellow poster; thank you.

I don't see any cookie required to view the page... so maybe I'll link directly to the downloads:
download a
download b
download c
download d
download e
download f

And, in case those don't work, I will have mirror up soon enough at diddl.firehead.org/censor/hacksdmi.o rg with no license agreements necessary for download.

Have a nice day.


-----

Re:Instead of hacking SDMI...

[prizog]

That's not what it says! It says "Hack SDMI.org" Not "Hack hacksdmi.org". They want you to hack their main site - that's why they put up this one... wait... :)


-Dave Turner.

Is Anyone Else Disturbed?

[wholen1]

I hate the fact that the new windows media player, by default, has a little box checked that says, "Allow WinMedia to send information to sites you download movies from.."
I would be about as excited to know that everytime I play a CD in my computer, or an MP3 file, that information is being sent to the RIAA (or anyone for that matter.) What exactly would be the point in surrounding an audio format in with a barrier to prevent copying? Besides what was mentioned before.. nothing is perfect. PGP isn't perfect (although it has not been cracked in some time, it WILL eventually get cracked..) And the same goes for this new audio format.. CSS got cracked, so will SDMI.
If I own a company and I invest millions of dollars in an encryption scheme, which I know will not last more than a year, maybe two, but will require a change from hardware manfacturer's to make a new encryption - I'm going to go out of business. Something tells me that 12 months is a pretty generous estimate considering the amount of hype this story has recieved.
Realistically, the RIAA should look at some different models to make money off of music. Naptser is insanely popular, even among novice users (my Dad is on Napster and he has trouble starting IE and searching Yahoo.) I would pay $5/month to use Naptser and Napter's 4 million + users would make that equivalent to approximately 500,000+ CD's.. ($15 apeice for the CD's). Napster pays the artists or the record labels a royalty and everyone is happy.
Or base it on downloads.. every song costs .20 or .10 for that matter.. either way you slice it MP3's are free once they are made.. no CD art, no reproduction cost, no CD case, no shipping or handling..
However, if their intentions are to keep ALL of the pirated music off the net, well that will never happen. There will always be the squadrons for rouges for whatever reason will blatantly infringe on copyrights, just because they can. As there will always be people that download that material because it's free.
To think that someone gets paid to set there and say, "Hey let's make a new encryption scheme" is ludicris to me. I could be making a ton of money thinking up actual good ideas.. I wonder how that guy got that job... hmmm

"The same thing we do everynight Pinky, try and take over the world." - Brain