Hack-SDMI Boycott Explored

Andrew Leonard writes: "Tech companies want hackers to break SDMI watermarks because they know watermarking will never work and are desperate for a different solution. In Salon, Janelle Brown shows how the hack-SDMI boycott is revealing a major rift between the tech and entertainment companies that make up the SDMI coalition." Amusing how the tech companies oppose SDMI because they think it won't work, not because they think it will screw consumers. And several anonymous sources interviewed for the article seem to have gotten it wrong: everyone thinks it will be broken, it's just that most of them think the opportune time for that would be about 2 days after the music companies have irrevocably committed to their new method of making it difficult for people to listen to music rather than 2 days before.

SDMI could make MP3 obsolete

[jms]

The RIAA has no idea how good they have it, right now.

The main purpose of SDMI watermarks is to detect if a watermarked song has been compressed. The idea is that this will "break Napster." Breaking MP3s is completely the wrong approach! What the industry is forgetting is that lossy compression is just one way to transmit music. There are lossless compression schemes that achieve approximately 2:1 instead of 10:1 compression on music files. They're five times bigger, but disk space is dirt cheap now and network speeds are increasing. Quite frankly, lossless internet music distribution isn't something in the far distance, it's coming and it's coming fast.

What the industry doesn't realize is that they have one last chance to save themselves -- they need to market MP3s as a preview format, and CDs as a high quality format that you buy in a store that sounds better than MP3. Right now, they still have an opportunity to survive. If someone downloads an MP3, then decides that they like the song, they have a very good incentive to go out and purchase the CD, for a very practical reason that has nothing to do with morals or ethics or artists getting paid -- they still have an actual trump card. A CD sounds better!

Here's why SDMI is a two-pronged suicide weapon for the RIAA:

1) Even if the watermark is inaudible, people will think that they hear it. They will be dissatisfied, and will want unwatermarked music. Where will they get unwatermarked versions of their favorite albums? Not from the record store. They will have to either find a used, pre-SDMI CD, or copy it from their friend, or Napster, and they will feel zero guilt about doing so, because after all, they can't buy the uncorrupted version of the CD in the store anymore.

2) If SDMI succeeds, and it becomes impossible to play a song once it has been compressed to MP3, then people will be forced to stop using MP3. What will replace MP3? There are already lossless codecs -- the "shorten" format among them -- that achieve 2:1 compression (as opposed to 10:1 for MP3.) Napster and the like could quickly be retrofitted to use lossless compression instead of lossy compression.

If this happens, then the record industry will have destroyed the only consumer benefit in their pre-recorded CDs. So long as an MP3 sounds worse than a CD, consumers feel justified in "upgrading" their MP3s by buying the CDs. If people feel that the store-purchased CD is going to sound the same or worse than a download, then why should they buy it?

Or how about if the store-bought CD of "Dark Side Of The Moon" has audible distortion due to the watermarking, but you can easily download a lossless copy from Napster that was made from a pre-SDMI CD.

What will you do if you want the "best" sounding version of an album? There are collectors who pay top dollar for 1950s vinyl because they think it sounds better than CDs. Pre-SDMI CDs will join those ranks, but Pre-SDMI CDs will be infinitely reproducable.

In short, SDMI is suicide for the record labels. It's going to force changes in Napster and consumer behavior that actually destroy their own business model. Permanently.

Re:Can't have it both ways

[Ian+Wolf]

Many in the open source community and the hacking community in general b*tch and moan whenever a company releases something with weak/poor encryption. When a company takes the advice of those that scream loudest, they are suddenly boycotted because there product doesn't meet the "ethos" of the hacking community.
It's nice to see that standing up for your beliefs and convictions is now a flaw.
I may not agree with what the company is doing, and I may secretly hope that the watermark is cracked after it has been accepted BUT I have to respect the company for trying to test their security in the open. It is a step that more companies need to make.
This isn't about security. This is about an industry wanting to take away the last remains of our rights as consumers and they want to do this with our help. Don't believe the rhetoric, as soon as SDMI is cracked another, tougher to crack scheme will be invented and implemented. Why would we want to help them.
The "Boycott" makes the Open Source community look like a whining 2 year old throwing a temper tantrum. "Waaaaa, your not doing things my way, Waaaaa, I'm not going to help you now, Waaaaa, you don't really love me,Waaaaa, I'll show YOU!"
You have got to be kidding me! Heaven forbid we as individuals and as a community should stand up for what we believe in and refuse to aid those that champion a cause diametricly opposed to our own. To even think that this is a clear cut case of security is naive and foolish.
Please stop posting stuff like "They are just using our free programing services and ripping us off". If the open source movement is to be successful FOR PROFIT companies have to make it work. This means that people contribute to to a progect, be it testing as is the case here, or actually coding. They also don't usually get paid for those contributions.
THIS IS NOT ABOUT THE OPEN SOURCE MOVEMENT!!! This has nothing at all do to with open source software. In fact, in NO way does this contest benefit the Open Source Movement. This whole afair reminds me of a Coup. A powerful General influences his army to overthrow the cruel Dictator, just so he can take his place as the country's Dictator. In the end, the people have a Who lyric stuck in their head, "Meet the new boss, same as the old boss". If the Open Source community hacks SDMI before it is released, then RIAA will commission a new scheme tha's even harder to crack, and then we're in worse shape then before. Now I ask, Why the hell do we want to help them?
If you make the water mark stronger, then it shows that our community is full of good coders. If you boycott the FINAL product, and stick to using MP3's or whatever format YOU prefer then in the end market forces will drive the watermarked music people out of business. The idea is to stop the product from being a success because the idea of watermarked music is flawed. NOT that watermarked music can't be made secure.
OK, so by your logic, we should help to create a stronger watermark that infringes on our rights as consumers and aids a cause we believe is wrong just to show how good we are at cracking encryption schemes. That doesn't show the world that we're good coders, it shows them that we're good code-breakers, something many in the world associate with criminal behavior. Because, that's what I want the Open Source community to be known for. Yeah, I want to be a mercenary code breaker for Corporate America.
Furthermore, your assertion that if we boycott the final product we will prevail in the end is flawed. This is even more naive than your previous statements. If you don't believe me just take a look at how well informed the masses are about DeCSS and the MPAA's efforts to infringe basic rights such as "Fair Use" and the Freedom of Speech. No, I'm afraid a boycott of the final product will never work.
The idea of watermarked music is flawed, can't be made secure, and also infringes on our rights as consumers. Now why would I want to prove that to the Recording Industry so they can find a method that isn't flawed, is secure, and still infringes on my rights as a consumer.

Hmmm

[Ian+Wolf]

"I'm completely amazed at the idiocy of the open-source movement in opposing ["Hack SDMI"]. If I were a hacker or an open-source person and I didn't like what SDMI is trying to do, I would think that I would want to break the technology -- to make sure that it doesn't work, and to make sure that it doesn't get implemented." After all, if watermarks fail, there is nothing else for SDMI to fall back on: "Not breaking it is the worst thing they can do. If they break SDMI, there will be nothing to implement."
What a way to get support, insults.
Are we supposed to buy this load of crap? If SDMI is cracked before the Recording Industry has implemented it, then they will just find a new method that will be even harder to crack. Yeah that sounds like a good idea. Let's stop working on legitimate OSS projects and help the Recording Industry come up with a better consumer trap.

waiting game

[beth_linker]

Breaking SDMI after products are on the shelves would definitely be much more interesting than breaking it now. Still, SDMI seems doomed whether it's hacked or not because it offers nothing for the consumer.

Like the article says, it's going to be pretty hard to sell SDMI-compliant CD players. A consumer who knows what SDMI is has no incentive to buy one, unless manufacturers slash prices on them but that's unlikely given the cost of developing the new devices. I wonder if we'll start seeing CDs with SDMI-only tracks (i.e. you get the whole album normally, but there are two extra bonus tracks that only play on an SDMI device). Either that or SDMI support won't be mentioned on packaging, so that someone who goes to buy a new Discman will discover that it supports SDMI when it refuses to play the CD he burned on his computer. That would be a customer relations nightmare.

Anyway, given that SDMI will pretty much repulse most of the early-adopter types who are key to the success of new hardware (like portable MP3 players), the odds of it getting off the ground are low.

Re:Of course watermarking will work

[OlympicSponsor]

"Watermarking is steganography, and steganography works..."

Simple steg works on the level of obscurity: "I've put some secret values in some of the bits of this jpeg but I'm not going to tell you which bits." This is easy to defeat, especially if ALL jpegs have the same watermark (or watermarking system). Just find those bits or better yet, modify ALL the bits.

More complex steg would involve calculating some value based on a key and stegging from there (presumably in a way that would require destroying the "wrapper" data to destroy the steg). Then the recipient needs the decoder. Great system---except that we'll all have decoders. Every SDMIMan (like WalkMan) will have one built in. Just reverse engineer this device and boom, you have decoded your music.

And since each song only needs to be decoded once for freedom to reign....we'll, you get the picture.
--

Re:Of course watermarking will work

[robin]

Of course watermarking will not work. As Bruce Schneier says in Secrets and Lies:

Great idea, but it just won't work.
The problem is that in order for [the copyright owner] to be able to take a copy of [the artwork] and find the embedded watermark, it has to be findable. And if [the copyright owner] can find it, a pirate can find it too. Companies that market this stuff try to tell you that their watermarking schemes can't be removed for this or that technobabble reason.
It just isn't true. As with a subliminal channel, it is virtually impossible to find a good watermark unless you know exactly where to look. But unlike a subliminal channel, the detection mechanism will eventually be made public. Either it will leak into the hacking community like everything else does, or it will be made public the first time a court case turns on watermarking evidence. The mechanisms for watermarking will eventually become public, and when they do, they can be reverse engineered and removed from the [digital content].

--