Slashdot Mirror
SDMI *NOT* Cracked!?
StoryMan writes "Inside.com is reporting that Salon jumped the gun when it reported that SDMI had been cracked. I think this is fascinating. There's obviously a faction within SDMI that doesn't want this thing to fly. (I say this because I'm assuming Salon's 'anonymous' tipster must have been someone within the working group.)"
Well, no, actually. HackSDMI was a ploy by them to see how SDMI would be cracked if released, so now they can pretend as if nobody cracked it, but still alter SDMI to not be crackable anymore. ...
I can't believe people fell for it.
Stupid, stupid
If Salon is right and all watermarks are cracked, then the SDMI can hang its head in shame and admit it is a flop and a failure.
If Salon is wrong and ther watermarkes haven't been cracked by the oh-so-short deadline, then SDMI can get the royal screw over once it reaches the marketplace and the full 100% of the hacker community is dedicated to cracking it instead of holding back due to some notion of protesting.
Either way SDMI is screwed because they first screwed their customers.
If I was a webzine whose stock price was $1 I would publish an article stating SDMI was cracked. No doubt about it. Then I would start inverviewing presidential candidates like a bat out of hell. Funnily enough salon.com seems to fit the picture perfectly.
SDMI holds a $10,000 contest to crack it's encryption.
SDMI gets cracked.
SDMI responds by.....covering it up?
Um, First Posters sure do come up with some strange conspiracies, don't they?
-- Give him Head? Be a Beacon?
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
Why do you have to analyze all the results? If the first file you check has had the watermark removed, and sounds fine, you can bet you are screwed. The files are all independent. The extent to which the first file has been cracked does not depend on the next 449 files.
If I recall correctly, the hacksdmi.org website said that they would be performing some sort of quantitative test to determine how much the uploaded song differs from the original. Given that this test and the test for the watermark can both be easily automated, they have a pretty good idea of how "cracked" their algorithms are.
Sure, they will still want to do more analysis of the samples. Any they probably want to try and wrangle the details out of the people who submitted the samples. But they know. And that's why they're pissed. They know which uploads have the watermark, and they know how similar to the original they all are. If this crap worked at all, they would have said something positive.
Curiously, at almost the same time, the RIAA announced a new program to prevent piracy. See the C|Net story here. The idea is to create a "digital bar code" for songs to allow tracking of copyright information, etc. On the face of it, this sounds like a whole new tack for the RIAA. Any maybe it is. However, the article says:
Nevertheless, if it proves to be difficult to tamper with, the system could be a potential way of identifying authorized and unauthorized songs being traded through services such as Napster.
It sounds to me like the exec's at the RIAA know that their SDMI scheme is going down in flames, and are looking for a backup. However, it sounds like they are going to head right back down the watermark path. Only this time, instead of trying to encode a single bit (play / don't play), they will be trying to encode hundreds or thousands of bits. Whoever brought up Don Quixote in an earlier SDMI thread was right on the money. These folks aren't ever going to learn.
Who ever decided to call this technology watermarking anyway? It's really a horribly inaccurate name. The whole point to a real watermark is that it's difficult to create, and easy for everyone to see. But with "digital watermarks" the idea is to make it invisible. An invisible watermark it what they should call it. Maybe then people would understand what a stupid idea it is.
And there's possibly 450 valid entries?
Each perhaps winning $22 for their work?
Hope they enjoyed it. They obviously didn't do it for the money :-)
Nick Waterman, Sr Tech Director, #include <stddisclaimer>
Even if it wasn't cracked yet, these people seem to be in too much denial to admit it's even possible, let alone inevitable, and if they "manage" hard enough, they can make their echnology do anything they want, including dividing by zero and taking the square root of negative numbers. The results, of course, would be nonexistant and imaginary.
before I make any judgments on who is telling us the truth...
.. I mean, think about it. You're working on a CD encryption scheme for 2 years, and proclaim it completely secure. To prove it, you announce a contest to crack it, all the while comfortable with the fact that nobody will be able to do so. Then somebody does. Uhho, now what? If you admit it, you look foolish, having wasted time and money.
That's what I would do..
------------
CitizenC
Yell, Speak, Protest, Get on the News... Whatever to let the Common Consumer( CC ) know what is going on. Most of them don't give a flying rat's ---- what the --- is going on. They see new technology - go Gee, This looks neat and buy.
We, who ( mostly ) know better, ( at least about this sorta stuff ), need to educate them. Protest, Scream, Bug sales-people about how bad SDMI is. They may convey that to the end-user. Word of mouth sells - so does word of math discourage sells. ( Eggh, Word of mouth - I like that word of math phrase.. anyway.. ).
There's a gorilla from Manilla whose a fella that stinks of vanilla and has salmonella.
As other posters have pointed out, all you did was report the news. If Chiariglione has a problem with that, too bad. He should take it up with the people who leaked the story, not the people who printed it.
Free Hans!
In general, I'm impressed by the quality of Salon reporting. I don't know much about this particular case, but when I've seen their reports on events that I've attended (for example, Ralph Nader rallies), they've been accurate and got their quotes exactly right. This is in contrast to every other news item that I've been involved in or knew something about. I've seen my own numbers embellished (this turned out in my favor actually), quotes from people who never talked to the reporter (obvious quotes that you'd expect someone to say), and various careless blunders as well as other blatant lies. As long as they qualify their stories with "an anonymous source said..." then I don't have a major problem it. You have to be skeptical anyway.
Napster also makes a direct connection to transfer the files. In reality, even if it was routed through a third party it wouldn't make any difference, unless the third party somehow scanned the files being transfered, undoing whatever packaging someone had done, etc..
What the hell does either Gnutella or Napster have to do with child molesters?
If someone runs files from an untrusted source in an account which can do anything other than play in a very contained environment, they deserve what they get. (Yes, with Windows everything is root. They deserve what they get too if they do this.)
Oh, and this "key technologist" has a doctoral degree from Cornell.
I can only conclude, given Shamoon's qualifications and educational background, and the fact that Salon posted this and still expects to be taken as a credible news source, that Shamoon knows something that I don't. I can only surmise, therefore, that Shamoon knows of some group of child molesting virus writers out there who are involved in creating subliminal messages to embed in the music which will mind control any children listening to it to have sex.
Oh, wait, SDMI is embedded in the content...Nah.
Maybe, Salon was cracked..to post the SDMI cracked story, which slashdot posted, and now refutes that SDMI was cracked, which points to Slashdot's credibility to posting the story that SDMI was indeed cracked.
"As for the suspicions raised by members of the digital community as to the rationale behind the contest, Chariglione -- a widely experienced technologist and veteran of standard-making bodies including the Moving Pictures Expert Group (MPEG) and the Open Platform Initiative for Multimedia Access (OPIMA) -- is unconcerned."
He's very concerned.
"This is common practice. We are talking about extremely sophisticated technology," (DVD CCA) "and the best brains in the world" (MPAA) "cannot think of all possible holes" (MP3). So let the public at large" (Jack Valenti) "describe the hole, if there is a hole."
"And what if it does turn out to be an across-the-board win for the hackers? "I really hate to give an opinion on something that at the moment is very hypothetical," (We're up the creek) "he says, "but you know, if the technology has been defeated, it doesn't mean anything. (We're like a one-legged man in an ass-kicking contest) Actually, the fact that somebody has found a hole is good information," (Like WWII) because then you could put a patch to it" (Yeah, that's the ticket) "and you can make your algorithm much more robust." We have no idea what to do next.
Now that would really be something...
sulli
RTFJ.
maybe it has been cracked, but SDMI doesn't want to admit it, because they'd have to
1) give up $10,000
2) look like a complete ass
btw, did you notice that the form on the SDMI page had said that the cracker -MAY- win $10,000?
hmmm, so what's that supposed to mean?
--------------
Maybe Salon created/embellished a story that wasn't really there? Kinda an out-there therory, I know. One wouldn't expect that type of thing from journalists.
Now if you'll excuse me I have to go watch a very special "It Could Kill Your Children" on Dateline NBC and read up on the start of the Spanish-American War.
-----------
end communication
Good point, and you know that's what they are going to try to do. It has already been widely noted that they will be trying to "marginalize" MP3s.
The first players that come out will be "backward compatible" to your MP3 library. Then along the way they will make a "new and better" player and drop MP3 support all together.
Also, because of the DMCA, you put yourself at risk if you opened a player (even if it was to reverse engineer/make modifications so your new player can play MP3s). Copyright violation is now a federal criminal offense instead of just of a civil one. Which means you could do jail time while your neighbor is listening to some new tunes Sony let them download for turning you in!
That's why you have David Corwin, senior counsel for the Motion Picture Association of America, saying that the Digital Millennium Copyright Act (DMCA) is "near and dear to our heart."
Sick stuff..
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
Slander is by definition oral. Once it's written down (as publications do by publishing it), it becomes libel. It's an incredibly important distinction, and it further undermines the consortium's credibility for failing to make it.
-- Anne Marie
I know this post is a little redundant, but a while back I emailed them asking when results could be expected and they replied with this:
"Date: Sun, 15 Oct 2000 14:28:48 -070
From: contact <contact@hacksdmi.org>
Subject: RE: When can we expect official results?
Submissions from the public challenge are still being analyzed. Thanks for
your interest."
Nobody can give a "cracked"/"not cracked" answer until all the results have been analyzed. (Although, I suppose they could give a "cracked" answer if their system REALLY sucks...)
Aaron Plattner
http://www.cyberdeck.org/countzero/techa.html is very good for analysis and i appreciate the reply so fast. but a "spectrogram" is not a way of zooming in and looking at a tiny sample of the wave like that website does, it's a view of the entire wave with elapsed time on the X axis and frequency response on the Y axis and is far more revealing about things like watermarks and inaudible data added to sound. with a spectrogram we could make many more educated assumptions about these watermarks, the formula behind them if any, etc. without doing wav>mp3>wav or digital>analog>digital conversions and merely hoping for the best, so if someone has a spectrogram of the original HackSDMI wav files, or if someone has the actual wav files where i can download them, please let me know either way. thanks.
Thank you from saving me from having to make that point.
Imagine Salon said movie studio insiders had declared that FooBar: The Movie was going to be a bomb, and that the studio replied that
"When a publication makes such a completely wrong, unfounded, anonymous slander, I think it deserves a very strong answer. It's simply not true, because we, ourselves, don't have that information. Our test marketing committee started working on the test screenings Wednesday morning, and it's simply impossible to say whether this is true or this is false."
Now, sure, the insiders might be wrong; after all, the cracks/movie haven't been fully evaluated. But it's the way to guess.
Steven E. Ehrbar
And bluster like this deserves nothing. Janelle Brown and Salon put their individual and corporate necks on the line; and all Chariglione does is spew hot air. If they've published something inaccurate, then you know that they'd be sued in a hot minute -- we know just how fast the music industry sues anything that crosses their lawyers hair-trigger gunsights.
I am certain that it is possible to crack the SDMI watermarking, but I am surprised that it was done so easily.
More power to Brown and Salon for having the guts to publish this article. We need more of that kind of courage.
thad
I love Mondays. On a Monday, anything is possible.
The way the "contest" worked, you got 3 sound files for each set, 2 of them were the same segment (one with watermark, one without) for you to analyze, the 3rd is a segment with the watermark that you were supposed to remove, then re-upload. The upload server automatically checks the files for the precense of the watermark, and rejects them if its not found.
The fact that they've got 450 files to analyze means that at least that many files were succesfully uploaded. Now, it's possible that a bunch of people uploaded random noise or badly distorted versions of the sample (I'm not sure whether the upload server checked that), in which case it's not really a "break" - but I suspect at least a few of the uploads were real breaks.
...and as for the idea that it wouldn't be broken because a bunch of internet hackers decided to boycott it.. well, most software or system crackers out there probably wouldn't know where to begin to crack something like a audio watermark (unless they had the watermarking source to disassemble) - if there were successful breaks made, it was probably by audio stenography experts that already had a good understanding of how the process works and what its shortcomings are.
If you read carefully, they're saying "Since it hasn't yet been proven beyond a shadow of a doubt that it wasn't hacked, as of this moment, it wasn't hacked." Corporate denial at its finest.
Their accusations against Salon are pretty extreme, considering that they themselves don't know that Salon was wrong. They're just pissed that Salon got someone on the inside to talk, and messed up their chance for a damage control press release. Salon was perfectly ethical. The article mentions that it's an anonymous source and not the official word. The article simply makes it clear that there are forces within SDMI that want it to die, and who assert that it will. That there is no uncrackable watermark is common sense, so I don't think Salon went too far.
WARNING: there is a trojan on your
I don't know if you are on crack (you don't sound like you are, but who can tell on the internet?), but cracking an encryption scheme is a much better defined problem than removing a watermark. You have a reasonable standard to decide if you have succeeded. A watermark, on the other hand, introduces some distortion in the music and removing it is going to result in more distortion. Removing it is always possible in the trivial sense that you can write a program to take a music file and output all zeros; it will be a "distortion" of the original music with no watermark. The point of this observation: there is some ambiguity about how good the cracked music has to sound before you call it a legitimate crack. No matter what hackers come up with, these guys are going to swear with their hands on their wallets that cracked music has shitty sound quality and that their watermark doesn't harm the sound quality at all.
The guy in the link mentioned this fact. I'm betting it's something they'll hide behind, even if all their schemes are cracked.
niceFire.com - Humor and Lego's or Lego's and Humor or Some Combination of
Let me try to explain why watermarks will fail: JPEG and MP3 are both streaming formats. Consider an ID3 tag on an MP3 file. An ID3 tag is 128 plaintext bytes of data added to the end of an MP3 file so you can fill in the song's title, artist, album, etc. The ID3 tag is totally separate from the audio itself, since it comes at the end, and it does not change the audio one bit. This is very similar to the way GIF89a images can have text inside them; text which is totally separate from the image data because it comes separately at the beginning or end of the image data. In stark contrast, a SDMI watermark is NOT separate from the audio itself. It is actual changes to the audio file itself interleaved throughout the audio data from beginning, to middle, to end. It is a series of actual frequency changes IN the audio, not outside of it at the beginning or end. It's a series of very slight changes, designed to be so small that they're inaudible but can be picked up by a watermark detector. The bottom line is that SDMI watermark DOES alter audio since it's PART OF the audio data and is not separate from it. Also above you provided a link to a site about JPEG watermarking and the claim is that the watermark does not affect the JPEG image. JPEG and MP3 are very close relatives. JPEG watermarks DO affect the image data, ever so slightly, if it's interleaved. You can't see it because it might be a difference of 1 or 2 shades per pixel on a palette of 16777216 colors (JPEGs are 24-bit by default). a JPG with a non-altering plaintext watermark inside it would be invalid and unviewable, since you'd have image data and non-image data together. Like, the image would cut off where the watermark is, and start off further down out of alignment. It's the same concept behind skips in MP3s. If you miss 10kb or so due to a bad download, you'll be able to hear the rest of the song but there are frames missing and there is a loud glitch. So SDMI is a data-altering watermark which alters the audio and is not the audio the artist intended his audience to hear. It's amazingly close, but it's not the same. Anyway, i don't know yet about 100% eradication of music watermarks, but when it comes to killing image watermarks, this works great for me: Just open the watermarked image in your favorite photo editor, highlight the entire image from very top left to very bottom right, and copy&paste that as a new image. Don't just copy&paste the whole image .. actually highlight from top left to bottom right and paste as a new image, new selection. There goes the watermark! Poof.. gone.
Wrong. It is illegal to sell a VCR which can record Macrovision infested signals without degradation. This is part of the DMCA. If the VCR's electronics are not confused by a Macrovision signal (e.g. due to automatic gain control), the manufacturer has to intentionally add electronics that recognize Macrovision and deny or screw up the recording.
All the content industry has to do is buy some more Congresspeople and get that restriction to apply to every technology. I.E. if a protection technology gets more than x% of the market, it would be illegal for a device to record or retransmit in spite of it.
No longer will active circumvention be required to prove an offense, but merely not recognizing/being affected by protection will be illegal, As will giving any info that could aid in the construction of such a device.
Telling hobbyists how to make their own electronic devices would be illegal - declared as trafficing in devices which allow avoiding (which includes more than circumvention) of copy protection.
Just because it CAN be done, doesn't mean it should!
Just wanted to say that the Inside piece wasn't meant to pass judgement on Salon's story (or Salon itself) -- we just presented Leonardo Chiariglioni's position, in his words, as the head of SDMI. As has been pointed out, he didn't say the six technologies hadn't been hacked, just that no one knows for sure yet, since the review process is ongoing. (Personally, I would be surprised if the hacks weren't successful, given what people have been saying about digital security.) But just to be clear, it was Chiariglioni who characterized the Salon report as wrong, unfounded, etc., not Inside. And I don't think it would be fair to say we "bought" his spin by publishing his words -- I did my best to raise in the story the significant doubts people have about digital security in general and the enormous, perhaps impossible task the SDMI has set for itself, and if you check Inside's coverage of SDMI and the major labels' pretty lame attempts at public secure-music trials so far, I don't think we've been coddling anyone. At any rate, having Chiariglione's words out there complements Salon's piece (IMO), and we'll have to see how SDMI handles it from here. (email: johara@inside.com)
We checked out the story with three members of the coalition, all of whom confirmed it. They did so off the record, of course, which puts us in a vulnerable position. But all I see in the inside.com article is one source, the executive director, who has every reason to be unhappy with Salon, not just for this story, but for previous stories in Salon that painted him in an unflattering light.
We printed their denial, we checked it out as best we could. I won't respond to larger questions about Salon's "ethics" but I'll defend Salon's technology coverage to the DEATH.
Editor, Salon Business & Technology
Salon.com
He's denying it, but he has not said that it has not been cracked. It was a very careful, political statment.
What he didn't say is if the group that reportedly cracked it provided the "plaintext" of the watermark. If they managed to extract that, then all his bluster is about evaluating how well they removed the watermark and eliminated the damage the watermark caused.
...as opposed to the degradation caused by a watermarking system designed to be detectable even after passing through an MPEG decoder -> encoder -> decoder cycle? After being recorded to analog cassette? After being compressed for FM transmission? That kind of degradation?
The Inside.com reporter did not understand enough about the technology to ask the right questions, and let him/her self be snowed.
"How perfectly Goddamn delightful it all is, to be sure" Charles Crumb
Thing is, hackSDMI is holding all the eggs. The contest was rigged from the start, which is why I attacked Technology A and then stopped.
.889 letter, then six (6) copies of the following letter:
It's pretty funny actually. They give you some files, two are the "Same" one with watermark, one without, then a third with the watermark, and ya gotta remove the watermark from the third and send it in. So I did that. Pretty damn sure I removed the watermark... Sent it in. Ya know what I got... here you go:
--- Begin Quote ---
Dear hacksdmi@cyberdeck.org:
Thank you for taking part in the open public challenge of proposed Secure Digital Music Initiative (SDMI) technologies. We have received your submission, and we appreciate the enthusiasm with which you have responded.
However, we were unable to process this submission because:
Status message: N/A
Score: 0.889
Remark: The watermark was not completely removed.
Please refer to the guidelines at www.hacksdmi.org for details about the requirements.
You are invited to resubmit a new proposal prior to the closing date of this challenge.
Your participation in this historic challenge is appreciated, and even if you do not resubmit, please be assured that your enthusiasm and participation have helped us as we all work together to develop the digital music economy.
--- End Quote ---
That was in response to my first attempt...
So I got a score of 88.9% Does this mean I removed 88.9% of the watermark? or that I removed 11.1%? or is it even a percentage? Does it mean a damn thing at all? Hell no. Also, if SDMI devices are so picky that 11.1% of a "watermark" is enough to cause them to not play a song, dont you think that will cause a ton of "false positives" ??? Pretty lame sounding to me...
I got no less than 8... yes EIGHT copies of this letter from them. Talk about a spamfest.
Actually, I got 2 copies of the
--- Begin Quote ---
Dear hacksdmi@cyberdeck.org:
Thank you for taking part in the open public challenge of proposed Secure Digital Music Initiative (SDMI) technologies. We appreciate your interest, the time you invested in this effort and the creativity you applied to this project.
Unfortunately, our analysis indicates that your challenge did not succeed. As you may recall, in order to be successful an effort had to disable the proposed copyright protection system without adversely affecting the underlying music. Your effort was not able to meet these tests.
Nonetheless, we appreciate your interest in this challenge. Your efforts as well as the efforts of other potential challengers have helped us tremendously, and we thank you very much for your hard work.
--- End Quote ---
Herm, they say that they have analysed my submission. So, what are these 450 submissions that are still being analysed? Those must be the ones that really DID "hack" SDMI... hehe Someone somewhere is lying...
Now, talk about "plausible deniability" They simply send out the same form letter to EVERYONE who submits anything. Then they NEVER admit that anyone "hacked" it. Of course, I bet they where ALL cracked. Will HackSDMI ever admit it? NO of course not, then they have no product to sell. And then, when SDMI compliant devices come out, and they are worthless, cause all the hacks DO work, the joke will be on them.
Watermarks are only useful for one thing: tracking the original source of a piece of information.
If the goal is to nail the original poster of a copyright work, watermarking will fail: as compression technology improves, watermarking information will automatically be stripped out as it is non-important information.
If the goal is to allow buyers to time, space, and media shift a copyright work, it will also fail: users will buy players that don't require the music to be encoded with some realbits+watermarkbits = bigprime scheme. Even the DMCA doesn't force hardware manufacturers to use protection technologies.
Watermarking only works if a) the end user devices are all SDMI compliant, b) the end user devices refuse to play anything but compliant audio, and c) no one bothers to break positive watermarking (i.e. if no watermark, you don't play.)
Point b is possible but not likely. Point c will happen rapidly if point b comes to pass.
I've been looking into watermarking a bit, and I'm less confident about such assertions than I was a few days ago.
In particular, there's this awesome paper online. (Click .pdf or .ps in the upper right corner of the page.) It's remarkable stuff, even if you just look at the pictures. For example, they show a photo before and after watermarking. As you flip back and forth, it's as if the shadows have somehow subtly changed. They do all sorts of crazy stuff like JPEG encode/decode, cutting off parts of the picture, adding noise, photocopying, multiple-watermarking. But none of that destroys the original mark.
Frankly, I'm QUITE surprised that anyone could break watermarks under the conditions of the hacksdmi contest. (Come to think of it, the proposed "technologies" were not all watermarks, right?) My feeling is that if SDMI keeps the watermark verifier in hardware, cracking their scheme could be a real bear.
At least, until some community-friendly engineer anonymously posts details of the verification process on USENET from a public-access terminal. :-)
Quoting from Salon's article:
One SDMI participant predicted: "They are going to try to keep it quiet -- the official word will be that the testing company is still analyzing the results. They will try to skate out of this without releasing the information that it's all broken."
Quoting from Inside's article:
'When a publication makes such a completely wrong, unfounded, anonymous slander, I think it deserves a very strong answer,'' Chariglione told Inside, referring to a report appearing on Salon.com Thursday citing anonymous sources that claimed each of the six technologies offered up for hacking by the SDMI had been compromised. ''It's simply not true, because we, ourselves, don't have that information. We have about 450 files, with 450 descriptions of methods -- you know, our testing managing committee started working on this Wednesday morning, and it's simply impossible to say whether this is true or this is false. Nobody knows! And when I say nobody, I mean nobody, because it's 450 music files that have yet to be tested.''
IF it had been an entirely internal affair, I MIGHT sympathize (nah, probably not!) But in either case, the C-man's wrath is misplaced. He should be angry at the leakers, not at Salon. What he's really saying is "You had no right to report this until *I* said it was OK, because I'm the head honcho." That thinking may apply to whatever underlings leaked the info, but not to the independent media! Salon was carrying out their journalistic duty to REPORT NEWS, and I don't see this as being sensationalist. They presented all the (available) facts, they included both sides (i.e. the fact that the "official report" from SDMI was still forthcoming), and they didn't over-exaggerate the importance or significance of what they were reporting.
One thing I'll buy - he's probably not lying when he says they don't know. I would be very surprised if the "inside sources" weren't simply acting on educated guesses based on preliminary findings. They haven't had enough time to do an in-depth study yet, so it's unlikely that any results are %100 conclusive yet (it couldn't be THAT bad... could it?) On the other hand, educated guesses are often VERY close to the mark, and I suspect some people who know what they're talking about were doing the leaking. And as the C-man points out, it's not a cut-and-dried "it's cracked or it isn't" judgement. A crack may slightly degrade the quality of the audio but leave it sufficiently intact that your average MP3 listener isn't going to mind. By a techincal "all-or-nothing" definition, this is NOT a successful crack, but it's still enough to send them back to the drawing board I'm sure...