Slashdot Mirror
Hack-SDMI Boycott Explored
Andrew Leonard writes: "Tech companies want hackers to break SDMI watermarks because they know watermarking will never work and are desperate for a different solution. In Salon, Janelle Brown shows how the hack-SDMI boycott is revealing a major rift between the tech and entertainment companies that make up the SDMI coalition." Amusing how the tech companies oppose SDMI because they think it won't work, not because they think it will screw consumers. And several anonymous sources interviewed for the article seem to have gotten it wrong: everyone thinks it will be broken, it's just that most of them think the opportune time for that would be about 2 days after the music companies have irrevocably committed to their new method of making it difficult for people to listen to music rather than 2 days before.
did you read the sdmi spec? I did. and I found some rather frightening provision : any unmarked music entering the sdmi system has to be marked as valid for only 4 working copies at a time. And so, even if some music work as no copiright att all, once it enter the system, you can no longer make as many copies as you wish.
C'net testing showed that most people can't tell the difference between 192kbit/sec MP3s and the original, and basically nobody can tell 256 kbit/sec.
...
If 256 KBits/Sec is your standard, then your standard is 5:1 compression. My standard is lossless, or 2:1 compression. You can argue one way or the other about whether the difference is noticable, but I'll point out that the difference between a 5:1 download and a 2:1 download is mostly that of convenience. Both are equally feasible, and as network speed rises and disk space prices fall every year, the difference between the two will become negligable.
Your point about sound quality is correct. For most people, there's simply no reason to download 2 1/2 times as much data, because they can't tell the difference. However
SDMI creates a brand new reason to do so that never existed before and has nothing to do with sound quality. The new reason to download 2 1/2 times as much data is because that's what will be required in order to encode the music so you can play it on your portable SDMI player, and that's a powerful incentive.
The record companies stand, poised to replace "Perfect Music Forever" with "Music, purposely degraded -- made imperfect, and technologically restricted so it isn't necessarily Forever", at the exact moment that network distribution of their former, better product, "Perfect Music Forever" -- unwatermarked files with lossless compression -- is becoming possible. This is a disasterous strategy for the music industry.
5:1 verses 2:1 illustrates why the SDMI watermarking strategy will fail. It's too little too late. It's based on the assumption that downloading a lossless digital audio file is not feasible, which is not true. It's just unnecessary -- yet. The RIAA thinks that SDMI will destroy downloadable music technology, when all it will really do is force the abandonment of lossy compression.
The legacy of this failed attempt at market control will be deliberately introduced audio distortion on future CDs. This raises a new question. What will happen when someone figures out how to remove the watermarks completely, leaving the work undistorted? How will the recording industry compete against something that sounds, or is perceived to sound better than their store-bought product, and can be downloaded for free? They are not considering the results of their strategy. They do not understand the technology. Even worse for them, they no longer understand that the quality of their product is their product. In this sense, they have completely lost their way.
- John
that's why they had the contest. When the other part of the DMCA kicks in (the 28th?) they can simply arrest everyone who submitted an entry. viola! mp3's disappear!
--
+&x
Compensation of $10,000 will be divided among the persons who submit a successful unique attack on any individual technology during the duration of the SDMI Public Challenge. In exchange for such compensation, all information you submit, and any intellectual property in such information (including source code and other executables) will become the property of the SDMI Foundation and/or the proponent of that technology. In order to receive compensation, you will be required to enter into a separate agreement, by which you will assign your rights in such intellectual property. The agreement will provide that (1) you will not be permitted to disclose any information about the details of the attack to any other party, (2) you represent and warrant that the idea for the attack is yours alone and that the attack was not devised by someone else, and (3) you authorize us to disclose that you submitted a successful challenge. If you are a minor, it will be necessary for you and your parent or guardian to sign this document, and any compensation will be paid to your parent or guardian.
This article has it backwards. The hacker community should not participate in this contest, as it will prove to be a loss for the community as a whole. After all, if the details cannot be disclosed, they must be planning to still implement it. (If they were planning to make a new system if they defeated it, why would they want the details of breaking it hidden from public view?!)
What should happen? As mentioned before in the last time slashdot discussed it, it should be attacked, but not for the contest, and not for the money. $10,000 is a worthless sum when it would have cost them tens of millions to try to break it on their own.
Not too long ago, Scientific American ran a couple of items like this one citing Xerox, and specifically Mark Stefik on digital rights enforcement. So where's Xerox and their tech in all this?
At the Xerox site I found some references to XRML or DPRL (Digital Property Rights Language) and ContentGuard
More XRML at Oasis-Open like this item by Robin Cover.
But I don't see anything off-hand on doing the MP3 kind of thing. That would involve an extension to autonomous devices. Could be done if the devices had decent hard-to-tamper clocks.
There are other people in the same business such as NetActive
It's still not free, of course. But I'm not yet convinced that copyright is dead. I'm willing to pay for rights, but I need the real rights that I used to get, not some constrained version like SDMI.
--
Henry Troup
Yes, but the DMCA forbids reverse-engineering, or copy-protection disabling. Hmmm, I wonder whose idea that was, and how much it cost to get it into law. . .
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
The idea is to do all the copying in the digital domain. Converting to analog and then back to digital will lose sound quality. The trick is to do it in such a way that the watermarking is bypassed.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
Manufacturers are the people who tried to establish DIVX as the market standard by selling the players for $50-$100 more than regular DVD units. AFAIKT, they haven't gotten any more clueful since then.
/.
/. If the government wants us to respect the law, it should set a better example.
And then SDMI players will be found on the shelves where miracouously you can turn this 'feature' off, "oops engineering left in some test menues, well, we trust our customers to simply not do this, and no, we don't know why our player sells better than any of the others out there despite it's slightly higher price". We've seen it all with DVD's and region encoding.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
The RIAA has no idea how good they have it, right now.
The main purpose of SDMI watermarks is to detect if a watermarked song has been compressed. The idea is that this will "break Napster." Breaking MP3s is completely the wrong approach! What the industry is forgetting is that lossy compression is just one way to transmit music. There are lossless compression schemes that achieve approximately 2:1 instead of 10:1 compression on music files. They're five times bigger, but disk space is dirt cheap now and network speeds are increasing. Quite frankly, lossless internet music distribution isn't something in the far distance, it's coming and it's coming fast.
What the industry doesn't realize is that they have one last chance to save themselves -- they need to market MP3s as a preview format, and CDs as a high quality format that you buy in a store that sounds better than MP3. Right now, they still have an opportunity to survive. If someone downloads an MP3, then decides that they like the song, they have a very good incentive to go out and purchase the CD, for a very practical reason that has nothing to do with morals or ethics or artists getting paid -- they still have an actual trump card. A CD sounds better!
Here's why SDMI is a two-pronged suicide weapon for the RIAA:
1) Even if the watermark is inaudible, people will think that they hear it. They will be dissatisfied, and will want unwatermarked music. Where will they get unwatermarked versions of their favorite albums? Not from the record store. They will have to either find a used, pre-SDMI CD, or copy it from their friend, or Napster, and they will feel zero guilt about doing so, because after all, they can't buy the uncorrupted version of the CD in the store anymore.
2) If SDMI succeeds, and it becomes impossible to play a song once it has been compressed to MP3, then people will be forced to stop using MP3. What will replace MP3? There are already lossless codecs -- the "shorten" format among them -- that achieve 2:1 compression (as opposed to 10:1 for MP3.) Napster and the like could quickly be retrofitted to use lossless compression instead of lossy compression.
If this happens, then the record industry will have destroyed the only consumer benefit in their pre-recorded CDs. So long as an MP3 sounds worse than a CD, consumers feel justified in "upgrading" their MP3s by buying the CDs. If people feel that the store-purchased CD is going to sound the same or worse than a download, then why should they buy it?
Or how about if the store-bought CD of "Dark Side Of The Moon" has audible distortion due to the watermarking, but you can easily download a lossless copy from Napster that was made from a pre-SDMI CD.
What will you do if you want the "best" sounding version of an album? There are collectors who pay top dollar for 1950s vinyl because they think it sounds better than CDs. Pre-SDMI CDs will join those ranks, but Pre-SDMI CDs will be infinitely reproducable.
In short, SDMI is suicide for the record labels. It's going to force changes in Napster and consumer behavior that actually destroy their own business model. Permanently.
Let's stop
working on legitimate OSS projects and help the Recording Industry come up with a better consumer trap.
I've said this before and gotten flamed into oblivion for it, but I think it needs to be said again:
Something like SDMI might not be all that bad.
We in the Open Source Community have been busy with things ranging from effective (encouraging subscription models, bulding a new codec, refining street-performer-like schemes, etc) to things, um, less-effective (yelling "information wants to be free!" and defending the tactics of Napster).
What I wonder about is why we haven't sat down and thought about how we could create something that would actually allow those who so desire to have some control over the destiny of their content.
I'm not talking about Iron Clad control, which I'm sure most of the current heirarchy in the recording industry wants. Nothing "uncrackable". We don't have a foolproof copy-protection system now, and we're doing fine. What I'm thinking is copy protection that is:
1) just strong enough to encourage Joe Average off the street to buy rather than make copies
2) allows fair use afterwards
#1, of course, has to be done in conjunction with a pricing structure and preview system that will support it. #1 is just an extra push to encourage the consumer to support an artist.
So, why not? And please don't say "but the artists won't see any of their money. The evil record companies will take it all." For those who go through record companies, that's probably true. But there will be some who won't....
Libertarianism is rich wolves and poor sheep playing gambler's ruin for dinner.
If i understand the watermarking correctly, it is based on the fact that some parts (frequencies?) of the audio signal are inaudible to human listeners, so a watermark signal there wouldn't degrade the sound. Isn't it quite trivial to generate some noise/random signals at the *modulated* frequencies *of* the watermark signal, or just read the watermark signal, invert it and put it back? What am i missing?
--
Okay, admittedly, all of us would really like to see the record company fall on its own sword and ruin itself by releasing the "perfect" distribution system for music online, having some hardware manufacturers go full-steam and produce products, the record industry puts out their songs, THEN it is cracked.
That, by the way, is why the hardware groups oppose it. They know it is going to die because it won't work. They want it proven before they spend incredible amounts of time and money engineering and producing a dead product.
Now, if I were to crack it before they are committed, they have a chance to put another solution in place. I really doubt that if someone produced the magic bullet that kills watermarking that the RIAA will say, "Okay. We're not going to protect our music." They'll just come up with something else.
By hacking later, it also buys time. And it also destroys the RIAA's reputation so when they're working on a "second solution", their sphere of influence will be diminished. And in the mean time, you'll get access to all the watermarked songs they've released.
Hack now? No thank you. But I do feel badly for the engineers who are being forced to create a lemon.
Manufacturers are the people who tried to establish DIVX as the market standard by selling the players for $50-$100 more than regular DVD units.
Yeah, but Divx offered $2.00 movie rentals, and you (technically) didn't have to return the movie when you were done. However, Divx didn't really offer any of the benefits of DVD (multiple aspect ratios, etc). Dibx was a brand-new high tech product marketed towards the "couch potatoe" masses. SDMI seems to be heading down the same path. Even if you have a halfway decent CD player you have NO reason to invest in a new player, especially if the new player only gives you the abilty to play SDMI music.
-This sig intentionally left blank
All the serious hi-fi nutters I know reckon that CD quality isn't good enough, and that transitor amplifiers are insufficiently linear. It's got to be vinyl and valves!
you can copy a CD to a minidisc through a digital connection.
You can't copy that Mini Disc to another minidisc digitally (you can anaolog thouhgh duh.)
However there is a box they sell in japan which claims to remove the copy management. Your supposed to run the output through a fiber into the box and it removes the protection system. They say it also removes track marks, labels etc.
You can't prevent copying. period. You can only hope that people act a little responsibly.
they're just trying to make it harder to prevent piracy from becoming too rampant.
I have this mental image of a bunch of RIAA executives being flown to a nice resort hotel, gathering in the conference room, listening to a full-blown multimedia presentation on their new Copy Resistant Audio Protection[tm] system, watching the techs wheel in the prototype and start it up... and hearing something that makes Thomas Edison's wax-cylinder phonograph sound like top-of-the-line Bang & Olufsen.
/.
/. If the government wants us to respect the law, it should set a better example.
And..you only need to go digital->analog->digital once. Once you get it back into digital form (mp3 or vorbis, etc), you can then make as many perfect digital copies of the very slightly degraded (not detectable by 95% of the population.. if done properly) sound image as you like...and can send it to as many people as you like (technically, if not legally).
The whole Metallica thing is interesting; or rather the response to it is interesting.
The general anti-RIAA response to the Napster case seems to be, "Don't hold the company responsible for the users' actions."
But when Metallica did just that (going after the music pirates, not Napster), the response seems to have been, "Don't hold the users responsible, that's bad form."
Although Metallica could have gone about things more sensibly that might have reduced piracy and not antagonized fans (of course, true fans buy music, not steal it), I think their actions were reasonable and justified.
-----
D. Fischer
ShoutingMan.com
It will be an expensive lesson for SDMI to learn, but it is a basic fact of information theory, that you cannot securely deliver information to an individual, who does not want that information to be secure.
This is why SDMI will fail, and their "hacker challenge" is merely a cynical attempt at hyping the technology; selling it to people who don't understand these basic facts. There apparently are engineers out there - the guys who invented SDMI, and they have to SELL this technology to the RIAA, and in order to do that, they have to prove that it's secure. The real dopes here are the RIAA.
So if some hacker goes and wins the prize, you know that SDMI will not ever make it to the marketplace. Nipped in the bud. Either some new technology will come along and take it's place, and similarly fail, because the whole concept is an impossibility, OR, the RIAA will finally learn this lesson. However, greed will probably continue to be a powerful motivator, and maybe they'll figure out that "good enough" copy protection will still work to increase their profits. While they cannot 100% lock down the signal, and prevent unauthorized copying, they can make it hard enough to do, (and risky enough, by lobbying for stupidities like the DMCA), that a maximal profit curve can be obtained.
Now, if nobody comes forward, and hacks SMDI, then the RIAA suckers buy-into it, and the manufacturers buy-into it, and enormous sums of money will be invested in pushing this technology onto consumers. And we know, this will ultimately fail. Not because we hackers are proud of ourselves, not because we are commie-idealists and believe that we should be able to copy the music and that the RIAA companies shouldn't be able to control stuff and get so stinkin rich exploiting the creative spirits of our species. But because it is a fundamental fact of information theory that it just can't work. I think that most of us will derive pleasure in watching the RIAA buy into SDMI, invest in pushing the products, and watch it flop in the marketplace - and likely try again, expensively, with something else, until they give up.
Unfortunately, they wont give up. Because eventually, they're going to find a technology that, while it can be broken, it will either be prohibitively expensive (equipment, time) or risky (jail) to do so. So much so that such a small minority of people will copy, that it will not impact their profits adversely. The music distribution system will eventually reach this equilibrium point. It's an arms-race, as many have pointed out. But someday, the music just wont be worth the risk or effort. I know this, because I have copied a buttload of MP3's, but I haven't taken the time or effort to burn CDs, or buy a separate MP3 player for my car. And this is under a system where there currently is NO copy protection enforcement at all. I'm still buying CDs. A large proportion of people out there aren't anymore, I guess, but as soon as you get SDMI (or something else) out there, and start busting people for trading in unprotected copies, and copyright violations, the majority of these people will stop copying and start buying, and an equilibrium point will be reached. Two things affect this ratio of copiers-to-non-copiers, advancement of copy-protection technologies and legal enforcements, and advancements in hacking technologies. Both are going to happen. But I think what's going to work in the RIAA's favor, ultimately, is the laws they have bought. Circumvention technologies will have to compensate for that, but ultimately, it's going to probably come down to preserving the right to be anonymous on the internet (lest the FBI track you down and bust your Metallica-copying asses). If we lose that right, it's back to burning CD's and sneakernetting them with your friends. The mass-distribution element Napster brought into the game will go back out, and this is why anonymity is such an important thing for RIAA (and other "authorities") to eliminate. It will dramatically reduce the network-effects of the black-market.
So, while we concentrate on the hacking and circumvention technologies, the RIAA is using the law as a club to eliminate freedoms. My conclusion is that maybe we ought to spend some time paying a visit to the EFF website.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
From what you say, we're doing the right thing by letting them go ahead and implement SDMI. It's almost certainly not uncrackable. It will provide some protection for those who want it. It will probably be just enough of an annoyance that Joe Average will just go for a subscription music service or somesuch rather than try to make an alternative work.
NPR did a show this morning on the RIAA/Napster debate. I think that one of the best lines that came out of it was that there needs to be a public discussion about how far we really want copyright laws to go, and whether or not they've already gone too far. I think they have, and I've been saying that for a long time. I believe that if they would fix the copyright laws so that the public once again sees some return for their support of "limited" monopolies on information, then many of these problems that the entertainment and other industries are seeing would be greatly reduced. But, of course, they'll fight tooth-and-nail to prevent the public from getting copyright law changed to their perceived detriment. But, if they want a war, it looks like they'll get it.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
> Of course they want hackers to get deep inside and penetrate their carefully constructed code.
Which is really funny, 'cause when someone does crack it two days after it hits the marketplace, this is really going to make it hard for the industry to cry "IP violation" like they did with DeCSS and CluelessCat.
--
Sheesh, evil *and* a jerk. -- Jade
> I'm sure there will be programs out for copying watermarked records within half a year of the implementation
Probably even before it hits the marketplace. There have been many examples of this with "copyproof" software in the past: bootlegs available before you can even buy a legit copy.
--
Sheesh, evil *and* a jerk. -- Jade
they take the example of the U.S. Government, and ask a respectable university to do a proper audit on the scheme? This way they could be absolutely certain that the code is unbreakable, and has no ill side effects...
In Murphy We Turst
Many in the open source community and the hacking community in general b*tch and moan whenever a company releases something with weak/poor encryption. When a company takes the advice of those that scream loudest, they are suddenly boycotted because there product doesn't meet the "ethos" of the hacking community.
It's nice to see that standing up for your beliefs and convictions is now a flaw.
I may not agree with what the company is doing, and I may secretly hope that the watermark is cracked after it has been accepted BUT I have to respect the company for trying to test their security in the open. It is a step that more companies need to make.
This isn't about security. This is about an industry wanting to take away the last remains of our rights as consumers and they want to do this with our help. Don't believe the rhetoric, as soon as SDMI is cracked another, tougher to crack scheme will be invented and implemented. Why would we want to help them.
The "Boycott" makes the Open Source community look like a whining 2 year old throwing a temper tantrum. "Waaaaa, your not doing things my way, Waaaaa, I'm not going to help you now, Waaaaa, you don't really love me,Waaaaa, I'll show YOU!"
You have got to be kidding me! Heaven forbid we as individuals and as a community should stand up for what we believe in and refuse to aid those that champion a cause diametricly opposed to our own. To even think that this is a clear cut case of security is naive and foolish.
Please stop posting stuff like "They are just using our free programing services and ripping us off". If the open source movement is to be successful FOR PROFIT companies have to make it work. This means that people contribute to to a progect, be it testing as is the case here, or actually coding. They also don't usually get paid for those contributions.
THIS IS NOT ABOUT THE OPEN SOURCE MOVEMENT!!! This has nothing at all do to with open source software. In fact, in NO way does this contest benefit the Open Source Movement. This whole afair reminds me of a Coup. A powerful General influences his army to overthrow the cruel Dictator, just so he can take his place as the country's Dictator. In the end, the people have a Who lyric stuck in their head, "Meet the new boss, same as the old boss". If the Open Source community hacks SDMI before it is released, then RIAA will commission a new scheme tha's even harder to crack, and then we're in worse shape then before. Now I ask, Why the hell do we want to help them?
If you make the water mark stronger, then it shows that our community is full of good coders. If you boycott the FINAL product, and stick to using MP3's or whatever format YOU prefer then in the end market forces will drive the watermarked music people out of business. The idea is to stop the product from being a success because the idea of watermarked music is flawed. NOT that watermarked music can't be made secure.
OK, so by your logic, we should help to create a stronger watermark that infringes on our rights as consumers and aids a cause we believe is wrong just to show how good we are at cracking encryption schemes. That doesn't show the world that we're good coders, it shows them that we're good code-breakers, something many in the world associate with criminal behavior. Because, that's what I want the Open Source community to be known for. Yeah, I want to be a mercenary code breaker for Corporate America.
Furthermore, your assertion that if we boycott the final product we will prevail in the end is flawed. This is even more naive than your previous statements. If you don't believe me just take a look at how well informed the masses are about DeCSS and the MPAA's efforts to infringe basic rights such as "Fair Use" and the Freedom of Speech. No, I'm afraid a boycott of the final product will never work.
The idea of watermarked music is flawed, can't be made secure, and also infringes on our rights as consumers. Now why would I want to prove that to the Recording Industry so they can find a method that isn't flawed, is secure, and still infringes on my rights as a consumer.
"The words of the prophets are written on the Slashdot walls."
Now the main theme of the technology industries is, that the hackers should help them to prove the evil record industry that watermarking doesn't work, so they (the good ones) may avoid sinking millios of dollars in a scheme that won't work anyway. The only part i can agree to is the part about the boneheaded record industry. My advice to the technology industry: if you don't want to sink millions then simply don't. Period. Create your own forum, not headed by the record industry, come up with some sensible alternative, implement it, market it, and let the record industry try to sell records without players to play them on.
And yes, the watermarks will be broken, all of them. And you know this anyway. So why bet money it won't? And i still prefer it to be broken after it was thrown on the market, so everyone participating in this silly scheme loses as much money as possible. It can't hurt enough. I mean, basically what the record industry is trying is to screw over consumers every which way they can, and to screw the artists too while they're at it. If they're boneheaded enough to go on with it, ignoring the advice they specifically asked and payed for, they should pay.
I'm sure there will be programs out for copying watermarked records within half a year of the implementation, and players for playing music stripped of watermarks or for copying music with watermarks intact will be found on the shelves probably earlier (maybe you'll have to open the player and connect two pins or somesuch, thereby voiding the guarantee, but hey, that's even better ).
So if the technology industry wants those watermarks to be hacked they should do it themselves. they've got the experts for it, they know all the weaknesses, so they surely have a headstart. They could do this pretty fast. They could even ask real money for it.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
If the watermarks are different for each copy (not likely in the case of a CD, but maybe for online distribution, which could be marked at time of download with the purchaser's information), all you would need is two copies of the music.
Think of the music as a carrier signal, and the watermark as the actual signal you want to isolate. With two seperate copies, you can do a differencing process on the files, leaving behind the watermark, which can then be further analysed.
I support the EFF - do you?
Reason is the Path to God - Anon
Lossy compression schemes such as Ogg Vorbis and MP3 work by removing sound that humans cannot perceive from the sound sample to improve the compression ratio.
Watermarking, on the other hand, adds sound information that human listeners supposedly will not be able to notice, but which machines will be able to detect. (And be able to perform this detection on any recording without being able to compare the watermarked stream against the original.)
These goals are in conflict. The only way that watermarks can be sure that compression technologies (including future ones) won't remove an inaudible watermark (on the basis that it won't be missed by the listener) is to design a process that uses an audible watermark. Thus, some people (hi-fi buffs, sound engineers, etc.) will be able to hear the difference between a watermarked and unwatermarked recording.
And, of course, most people will think they can hear the difference, and be unwilling to buy SDMI music.
A guy hands you a pair of handcuffs, and says "See if you can get out of these." You twist them and break free with a smug grin.
The next day he returns with new pair, and you play the game again.
One day, you find you can't get out of them. And he walks away, leaving you bound and defeated.
Since we're all unfortunately going to have play this game, I propose a new strategy. Fein defeat at every turn. After he has expanded fortunes producing similar handcuffs for everyone else, divulge the weakness. If he persists in this game, bankrupt him.
Additionally, if the RIAA and MPAA cannot find technological measures to protect their interests, I believe that they will increasingly rely on congress. It would be a grave mistake to assume that we have better access to our congressmen than they do.
However, while the industry's resources may be vast, they are not infinite. Senators *can* be expensive, and prices do fluctuate. Hypothetically, they have to buy off a majority. After rounds three and four, after vendors are expending their own R&D budgets to comply with laws and customers/constituents are wailing, these congressmen will be considerably more expensive. Let's make certain that the cuffs are still quite loose at this point, or it will be close game.
-Hope
Amusing how the tech companies oppose SDMI because they think it won't work, not because they think it will screw consumers.
....And the entertainment companies are in favor of SDMI not because they think it will work, but because they think it will screw consumers.
What was left unsaid, but that I read into it was:
I'll see your senator, and I'll raise you two judges.
This point angers me more than I can articulate.
If you think the watermarking system is fallible, break it and claim the $10,000 yourselves. To expect "the hacking community" to ride in and save your asses -- or your assets, for that matter -- is arrogance at best and cowardice at its worst.
Jay (=
> [
> somehow I get the feeling that making your customers think of you as the enemy
> is probably not the best business strategy.
Elementary game theory - "tit for tat". Treat us like the enemy for 20 years, sooner or later we're gonna wise up.
When it comes to copy-protection, it goes all the way back to the days of cassette tape (royalties on blank tape), the VCR (the Sony case), and DAT (killed the format by forcing hardware manufacturers to implement SCMS).
We've always been their enemy.
It's only been in the past six months that we've collectively woken up from 20-odd years of abuse and realized that they are our enemy.
Segue to the Katz article on virtual communities. The realization that RIAA/MPAA are not just invisible trade organizations, but are actively attacking us - indeed, that there is an "us" for them to attack - is all the evidence I need to know that there are communities. We are bound together by common ideas and goals, not accidents of geography, but it doesn't make us any less a community than our enemies, namely RIAA and the MPAA.
Filk: 2600 miles and runnin'
(Parody: NWA/Dr. Dre's "100 Miles and Runnin'")
[ ... ]
And we got ten thousand hackaz strong,
Got everybody singin' the De-CSS song,
And while you treatin' Goldstein like dirt,
Yo' whole fuckin' family wears De-CSS shirts.
As for this quote:
"Then came the call to boycott the hack-SDMI challenge. Those SDMI members who had been secretly hoping that hackers would breeze through the challenge and prove once and for all that SDMI was wasting its time were dismayed. If the system wasn't tested and broken, SDMI would forge ahead and release a solution that many considered fallible."
Yes, that's precisely the idea. We want a solution released that is fallible, and that way it will be immediately broken.
There is another reason why SDMI should be given free reign to do whatever they want without hacker interference: Let's see which companies decide to produce SDMI-compliant devices. Since they know such devices are basically breakable, and hostile to consumers, this will tell us which companies are willing to stand up for their principles and which ones aren't. After all, membership in SDMI is voluntary. Let's see which companies volunteer to stand up for the consumer, even in the face of economic pressure from the entertainment companies.
Then we'll know which equipment to buy, and which to avoid.
And then we hack SDMI...
________________
________________
Private Essayist
Oh please. Over the weekend, Slashdot linked to a Red herring reprint of a major story we did on Gnutella, and I was a little peeved that we didn't get a direct link. So i asked Rob Malda how we could avoid this, and he said there was nothing wrong with submitting stories directly. So I did.
Next time I'll be sure to mention all my connections with the piece, but anyone who knows my writing well enough to call me "a perfectly fine journalist" ought to know that I wouldn't "whore" anything to slashdot that I didn't think was fully appropriate to Slashdot readers.
Editor, Salon Business & Technology
Salon.com
I must admit, you make some excellent points. :)
:)
Standing up for your beliefs is not a flaw. The problem is the dictomy of the situation. Here we have a company doing what many people in this community say should be done. That is TEST your security in an open environment. The thing that they are testing is a way for RIAA to distribute music that is NOT readily copied, which many people hate. You have to give them a nod for part A, even though you vehemently disagree with part B You can't say you stand for one thing, and then go back on it when somone you don't happen to agree with uses whatever you stand for. Many people are for freedom of speech, as long as the person speaking doesn't disagree with them. It seems some of the boycotters are in that boat.
I see your point, and in some respects agree, but the problem I see is that a company that has done nothing to earn the respect or trust of the open source community thinks they can bribe us into doing their dirty work.
I must admit that I like your analogy about free speech and am reminded of a case where a jewish attorney defended a neo-nazi group under that same right. However, that attorney should not be lambasted and criticized if he chooses not to represent that client. We have to make a choice as to what we feel is the greater harm/good, and be prepared to stand by that choice or recognize it for the mistake it may or may not prove to be.
Do you think that for ONE second, boycott or no boycott that SDMI is going to stop trying to develop this. Come on get real! SDMI is only going to change their tune when their product looses in the market place.
Using your logic and a quote from, (as soon as SDMI is cracked another, tougher to crack scheme will be invented and implemented,) it doesn't really matter if the code is cracked or not now does it. So what's the point, boycott or no boycott? As I said, I hate the idea of the "watermark", but I'm not calling for a boycott on testing the security. I AM calling for a boycott of the final product because that is the ONLY way "we" will win.
I think the real question is, "What will RIAA's response be if the watermark scheme is broken before or after it is released on the public?"
This is an answer that none of us can even begin to guess. However, I think the big unknown factor in obtaining this answer lies in the fate of the DeCSS trial. I'd hate to help create an unbreakable scheme now that it was legal to do so.
Imagine this headline "Hacker cracks SDMI watermark" followed closely by "Open Source Community provides super secure watermark" The open source water mark is used to encrypt voice communications. The licsence doesn't allow the encryption of music.
Now we have a VALID (IMHO) use for the technology! Now no one gets that voice message that starts "your mission should you choose to accept it" except for you.
I like your thinking here, and admit that the thought had never crossed my mind.
I'm thinking way past what SDMI is trying to do. The idea of a water mark isn't going to go away, no matter how much you whine. So lets find ways to put it to GOOD use, and also lets develop that in the open. If you break SDMI's code you set them back for a short while, but a short while may be all people need to develop an alternative thats acceptable to all.
Again, I like your thinking here, I'm just not certain if it is realistic or not. I suppose if the scheme was cracked and an open alternative was developed before RIAA could commision a better scheme, it could happen as you suggest. However, RIAA is not known for its logical and level headed thinking. If an open alternative was developed, would it be adopted by them? I doubt that they would adopt an open solution. For one, their paranoia about the code being readily available to pirates would prevent them from using it. What's worse is they would probably use that code to develop their own closed source alternative, but do so in a way to avoid patent and/or license restrictions.
These are just some ideas, they are not my vision of the future. People in general have to be able to look past their own ranting and see whats down the road. If you really want to change something you have to be realistic. Boycotting SDMI on your own is your business. I'd boycott the final product, I'd also stop buying books from amazon.com if they tried to sell music in that format.
I think I'd rather boycott SDMI, break it after its release, and boycott products that use it.
You mean you're not already boycotting Amazon
The whole idea of a watermark preventing copying is LAUGHABLE. How easy is it to simply use a program that grabs the audio from your sound card raw, you then write it to any format you see fit, (MP3, WAV, etc) Because something is silly and flawed doesn't mean that companies won't do it. (nee look at the ever popular beenie with a proppelor, still a hot seller!)
I agree completely, but you didn't have to insult my hat.
You bring up some good point, but in the end watermarks won't go away. The current rants are akin to standing in front of a train holding your hand out telling it to stop as it speeds down the track at 62 MPH (100kph). I prefer to dig up the tracks, and de-rail the sucker. The way to do that is to make sure that SDMI watermarked music fails in the marketplace. The only way to do that is for concerned consumers to band together and NOT buy in droves.
We're not standing on the tracks, we're just saying be careful where you derail this thing. You may end up causing more harm than good.
Unfortunately, most consumers are more concerned with keeping up with the Jones's and getting the latest, shiniest new toy than they are about their rights as a consumer until after they're locked in.
"The words of the prophets are written on the Slashdot walls."
Amen!
The only problem for some of them is, that some of their competitors (Sony) are also represented in RIAA. It's hard, when you're Onkyo to thumb your nose at RIAA when you have to compete with a competitor who is also a member of RIAA.
"The words of the prophets are written on the Slashdot walls."
It's amazing to me how the record companies, RIAA, and so on have managed to change their image in the minds of at least the "hacker" crowd. Looking at this forum in the past, I'd see an attitude of "How stupid these guys are," when something like this occured. Instead, now I see an attitude of "These guys are the enemy," which is fine in itself, but it goes to show how the record companies actions are having the effect of turning its own customers against itself.
:)
Now, I've never taken a business class or anything, but somehow I get the feeling that making your customers think of you as the enemy is probably not the best business strategy.
Rather amusing, anyway...
---
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Watermarking in the sense of adding a digital signal that identifies the source is also broken in the same way - garble the signal. However, true watermarking isn't that easy to remove! If you garble the signal too much, you will get music that most people actually can hear has been tampered with. I myself don't listen to mp3 or minidisc at home since I don't like the degradation (yes, both my ears and my speakers notice it ;).
For those interested in the subject, look up Steganography (cryptographic branch dealing with hiding information as "noise" in pictures, music etc).
Watermarking is steganography, and steganography works ...
it's in my head
Won't work.
I mean, how could such a thinly deployed layer of integrated sound be constant through analog conversions and back again? Very unlikely.Even if by some miracle they manage to create a watermarking system that is fully transparent and encrypted somehow, and manages to retain itself when converted to analogue and tampered with, there will always be programmers who can get around it. Steve Woston springs to mind, and I'm sure there are many others.
Everything is but a number spoken by itself.
"I'm completely amazed at the idiocy of the open-source movement in opposing ["Hack SDMI"]. If I were a hacker or an open-source person and I didn't like what SDMI is trying to do, I would think that I would want to break the technology -- to make sure that it doesn't work, and to make sure that it doesn't get implemented." After all, if watermarks fail, there is nothing else for SDMI to fall back on: "Not breaking it is the worst thing they can do. If they break SDMI, there will be nothing to implement."
What a way to get support, insults.
Are we supposed to buy this load of crap? If SDMI is cracked before the Recording Industry has implemented it, then they will just find a new method that will be even harder to crack. Yeah that sounds like a good idea. Let's stop working on legitimate OSS projects and help the Recording Industry come up with a better consumer trap.
"The words of the prophets are written on the Slashdot walls."
I may not agree with what the company is doing, and I may secretly hope that the watermark is cracked after it has been accepted BUT I have to respect the company for trying to test their security in the open. It is a step that more companies need to make.
The "Boycott" makes the Open Source community look like a whining 2 year old throwing a temper tantrum. "Waaaaa, your not doing things my way, Waaaaa, I'm not going to help you now, Waaaaa, you don't really love me,Waaaaa, I'll show YOU!"
Please stop posting stuff like "They are just using our free programing services and ripping us off". If the open source movement is to be successful FOR PROFIT companies have to make it work. This means that people contribute to to a progect, be it testing as is the case here, or actually coding. They also don't usually get paid for those contributions.
If you make the water mark stronger, then it shows that our community is full of good coders. If you boycott the FINAL product, and stick to using MP3's or whatever format YOU prefer then in the end market forces will drive the watermarked music people out of business. The idea is to stop the product from being a success because the idea of watermarked music is flawed. NOT that watermarked music can't be made secure.
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
Wait a sec, correct me if I'm wrong, here, but wouldn't they be rather easy to get rid of?
Say you were ripping all your SDMI-'enhanced' (cough) CDs to MP3 format... Now, IIRC, MP3 compression works by getting rid of all the sounds that the human ear can't hear. So wouldn't this edit out the watermark? If so, all you'd have to do is rip them at the highest quality you could, then burn them back to CD... boom, no more watermarks.
-- Dr. Eldarion --
Clearly the industry and Hack SDMI trying to whore the hacking community through this project. Of course they want hackers to get deep inside and penetrate their carefully constructed code. The hope is that this repeated and constant probing will somehow allow the code to increase its endurance and better survive the pounding it will take when released on a consumer market.
Not that hacking shouldnt occur: of course we want our best hackers to be up and ready to vigorously slam whatever is cranked out by the industry. But for Christ's sakes, this kinda stuff shouldn't be done in the public where everyone can watch and learn the techniques. No doubt the industry is gonna wanna observe any public acts related to its code, and it will learn from them and come with new a fury as an tested watermark or new standard is extracted. Why be premature and rush into it now? The trick is to wait until the RIAA comes out to the public with a virgin watermarking scheme, foisting off its purity. Only then should hackers be ready to rush in and tear it apart, thus protecting consumers from whatever digital terrorism the RIAA chooses to practice.
"The most fortunate of persons is he who has the most means to satisfy his vagaries."
"The most fortunate of persons is he who has the most means to satisfy his vagaries."
- Marquis De Sade
You know.. it's a *really* simple concept.
You don't like a business, or their practices? You vote with your MONEY, or *anything else* you can.
I don't like the recording industryk, I don't like the *idea* of sdmi, so why on earth would I assist them in doing anything?
The only thing a business understands is lack of business.
Besides, you know, all this commercial bickering is making so many of us lose sight of what technology means to us. Us geeks have *always* built our own society, culture, whatever based on our access and knowledge of technology. It's only with the internet that the media has become involved. Why make a choice at all? Just because they say I should? Feh.
I'll just ignore them, thank you very much.
Even if they get some people to switch, its simple to just write a program the captures output from the sound api, and records it into a wave file for later recompression.
Under new versions of Windows that implement the Windows Media Digital Rights Management Secure Audio Path, SDMI-compliant applications will play music on SDMI-compliant (no cleartext digital output to untrusted destinations such as a file or waveIn) drivers and silence on drivers that have not been signed by Microsoft to play SDMI audio.
Although, in Metallica's case, silence sounds better than most of their music.
<O
( \
XPlay Tetris On Drugs!
Will I retire or break 10K?
Breaking SDMI after products are on the shelves would definitely be much more interesting than breaking it now. Still, SDMI seems doomed whether it's hacked or not because it offers nothing for the consumer.
Like the article says, it's going to be pretty hard to sell SDMI-compliant CD players. A consumer who knows what SDMI is has no incentive to buy one, unless manufacturers slash prices on them but that's unlikely given the cost of developing the new devices. I wonder if we'll start seeing CDs with SDMI-only tracks (i.e. you get the whole album normally, but there are two extra bonus tracks that only play on an SDMI device). Either that or SDMI support won't be mentioned on packaging, so that someone who goes to buy a new Discman will discover that it supports SDMI when it refuses to play the CD he burned on his computer. That would be a customer relations nightmare.
Anyway, given that SDMI will pretty much repulse most of the early-adopter types who are key to the success of new hardware (like portable MP3 players), the odds of it getting off the ground are low.
I dunno, the article's "tech experts" sounds a little too prefabricated to me. It seems to me that people that say things like:
I'm completely amazed at the idiocy of the open-source movement in opposing ["Hack SDMI"]. If I were a hacker or an open-source person and I didn't like what SDMI is trying to do, I would think that I would want to break the technology(...)
Aren't trying to rally support for the hacking attempt - they're throwing fuel on a pile of wood to start a bonfire! I can't help remembering that these people are working for the SDMI, if they didn't agree with it they should have left a long time ago, heck, if they're good enough to code a watermarking algorithm they're good enough to code for any other high paying company.
I usually trust Salon so I'm not complaining about the article but this smells too much like a stunt to attract attention.
I say let the script kiddies hack it! I also say, let them wake up with a horse's head next to them the very next day.
All browsers' default homepage should read: Don't Panic...