Slashdot Mirror

← Back to Stories (view on slashdot.org)

SDMI *NOT* Cracked!?

Posted by Hemos on from the who-to-believe? dept.

StoryMan writes "Inside.com is reporting that Salon jumped the gun when it reported that SDMI had been cracked. I think this is fascinating. There's obviously a faction within SDMI that doesn't want this thing to fly. (I say this because I'm assuming Salon's 'anonymous' tipster must have been someone within the working group.)"

9 of 108 comments (clear)

  1. Re:Watermarks don't work by Frank+T.+Lofaro+Jr. · · Score: 4
    Even the DMCA doesn't force hardware manufacturers to use protection technologies.

    Wrong. It is illegal to sell a VCR which can record Macrovision infested signals without degradation. This is part of the DMCA. If the VCR's electronics are not confused by a Macrovision signal (e.g. due to automatic gain control), the manufacturer has to intentionally add electronics that recognize Macrovision and deny or screw up the recording.

    All the content industry has to do is buy some more Congresspeople and get that restriction to apply to every technology. I.E. if a protection technology gets more than x% of the market, it would be illegal for a device to record or retransmit in spite of it.

    No longer will active circumvention be required to prove an offense, but merely not recognizing/being affected by protection will be illegal, As will giving any info that could aid in the construction of such a device.

    Telling hobbyists how to make their own electronic devices would be illegal - declared as trafficing in devices which allow avoiding (which includes more than circumvention) of copy protection.

    --
    Just because it CAN be done, doesn't mean it should!
  2. Re:Salon responds by Jon+O'Hara · · Score: 4

    Just wanted to say that the Inside piece wasn't meant to pass judgement on Salon's story (or Salon itself) -- we just presented Leonardo Chiariglioni's position, in his words, as the head of SDMI. As has been pointed out, he didn't say the six technologies hadn't been hacked, just that no one knows for sure yet, since the review process is ongoing. (Personally, I would be surprised if the hacks weren't successful, given what people have been saying about digital security.) But just to be clear, it was Chiariglioni who characterized the Salon report as wrong, unfounded, etc., not Inside. And I don't think it would be fair to say we "bought" his spin by publishing his words -- I did my best to raise in the story the significant doubts people have about digital security in general and the enormous, perhaps impossible task the SDMI has set for itself, and if you check Inside's coverage of SDMI and the major labels' pretty lame attempts at public secure-music trials so far, I don't think we've been coddling anyone. At any rate, having Chiariglione's words out there complements Salon's piece (IMO), and we'll have to see how SDMI handles it from here. (email: johara@inside.com)

  3. Salon responds by Andrew+Leonard · · Score: 5

    We checked out the story with three members of the coalition, all of whom confirmed it. They did so off the record, of course, which puts us in a vulnerable position. But all I see in the inside.com article is one source, the executive director, who has every reason to be unhappy with Salon, not just for this story, but for previous stories in Salon that painted him in an unflattering light.

    We printed their denial, we checked it out as best we could. I won't respond to larger questions about Salon's "ethics" but I'll defend Salon's technology coverage to the DEATH.

    --

    Editor, Salon Business & Technology

    Salon.com

  4. A very politic answer by K8Fan · · Score: 5

    He's denying it, but he has not said that it has not been cracked. It was a very careful, political statment.

    ...it's simply impossible to say whether this is true or this is false.

    What he didn't say is if the group that reportedly cracked it provided the "plaintext" of the watermark. If they managed to extract that, then all his bluster is about evaluating how well they removed the watermark and eliminated the damage the watermark caused.

    ...an evalution of whether the proposed technologies were affected in such a way as to avoid the intended effect, whether the results can be replicated, and whether in attacking the technology the music quality was degraded.

    ...as opposed to the degradation caused by a watermarking system designed to be detectable even after passing through an MPEG decoder -> encoder -> decoder cycle? After being recorded to analog cassette? After being compressed for FM transmission? That kind of degradation?

    The Inside.com reporter did not understand enough about the technology to ask the right questions, and let him/her self be snowed.

    --
    "How perfectly Goddamn delightful it all is, to be sure" Charles Crumb
  5. Re:*someone* probably knows. by CountZer0 · · Score: 5

    Thing is, hackSDMI is holding all the eggs. The contest was rigged from the start, which is why I attacked Technology A and then stopped.

    It's pretty funny actually. They give you some files, two are the "Same" one with watermark, one without, then a third with the watermark, and ya gotta remove the watermark from the third and send it in. So I did that. Pretty damn sure I removed the watermark... Sent it in. Ya know what I got... here you go:

    --- Begin Quote ---

    Dear hacksdmi@cyberdeck.org:

    Thank you for taking part in the open public challenge of proposed Secure Digital Music Initiative (SDMI) technologies. We have received your submission, and we appreciate the enthusiasm with which you have responded.

    However, we were unable to process this submission because:
    Status message: N/A
    Score: 0.889
    Remark: The watermark was not completely removed.

    Please refer to the guidelines at www.hacksdmi.org for details about the requirements.

    You are invited to resubmit a new proposal prior to the closing date of this challenge.

    Your participation in this historic challenge is appreciated, and even if you do not resubmit, please be assured that your enthusiasm and participation have helped us as we all work together to develop the digital music economy.

    --- End Quote ---

    That was in response to my first attempt...

    So I got a score of 88.9% Does this mean I removed 88.9% of the watermark? or that I removed 11.1%? or is it even a percentage? Does it mean a damn thing at all? Hell no. Also, if SDMI devices are so picky that 11.1% of a "watermark" is enough to cause them to not play a song, dont you think that will cause a ton of "false positives" ??? Pretty lame sounding to me...

    I got no less than 8... yes EIGHT copies of this letter from them. Talk about a spamfest.

    Actually, I got 2 copies of the .889 letter, then six (6) copies of the following letter:

    --- Begin Quote ---

    Dear hacksdmi@cyberdeck.org:

    Thank you for taking part in the open public challenge of proposed Secure Digital Music Initiative (SDMI) technologies. We appreciate your interest, the time you invested in this effort and the creativity you applied to this project.

    Unfortunately, our analysis indicates that your challenge did not succeed. As you may recall, in order to be successful an effort had to disable the proposed copyright protection system without adversely affecting the underlying music. Your effort was not able to meet these tests.

    Nonetheless, we appreciate your interest in this challenge. Your efforts as well as the efforts of other potential challengers have helped us tremendously, and we thank you very much for your hard work.

    --- End Quote ---

    Herm, they say that they have analysed my submission. So, what are these 450 submissions that are still being analysed? Those must be the ones that really DID "hack" SDMI... hehe Someone somewhere is lying...

    Now, talk about "plausible deniability" They simply send out the same form letter to EVERYONE who submits anything. Then they NEVER admit that anyone "hacked" it. Of course, I bet they where ALL cracked. Will HackSDMI ever admit it? NO of course not, then they have no product to sell. And then, when SDMI compliant devices come out, and they are worthless, cause all the hacks DO work, the joke will be on them.

  6. Watermarks don't work by Gorobei · · Score: 5
    Watermarks are an inherently flawed proposition. They will never work because they are the direct opposite of compression (i.e. compression attempts to remove unimportant information, and watermarks are, by definition, unimportant information.) By important information, I mean the actual audio.

    Watermarks are only useful for one thing: tracking the original source of a piece of information.

    If the goal is to nail the original poster of a copyright work, watermarking will fail: as compression technology improves, watermarking information will automatically be stripped out as it is non-important information.

    If the goal is to allow buyers to time, space, and media shift a copyright work, it will also fail: users will buy players that don't require the music to be encoded with some realbits+watermarkbits = bigprime scheme. Even the DMCA doesn't force hardware manufacturers to use protection technologies.

    Watermarking only works if a) the end user devices are all SDMI compliant, b) the end user devices refuse to play anything but compliant audio, and c) no one bothers to break positive watermarking (i.e. if no watermark, you don't play.)

    Point b is possible but not likely. Point c will happen rapidly if point b comes to pass.

  7. Don't dismiss watermarking too fast... :-( by e_lehman · · Score: 5

    I've been looking into watermarking a bit, and I'm less confident about such assertions than I was a few days ago.

    In particular, there's this awesome paper online. (Click .pdf or .ps in the upper right corner of the page.) It's remarkable stuff, even if you just look at the pictures. For example, they show a photo before and after watermarking. As you flip back and forth, it's as if the shadows have somehow subtly changed. They do all sorts of crazy stuff like JPEG encode/decode, cutting off parts of the picture, adding noise, photocopying, multiple-watermarking. But none of that destroys the original mark.

    Frankly, I'm QUITE surprised that anyone could break watermarks under the conditions of the hacksdmi contest. (Come to think of it, the proposed "technologies" were not all watermarks, right?) My feeling is that if SDMI keeps the watermark verifier in hardware, cracking their scheme could be a real bear.

    At least, until some community-friendly engineer anonymously posts details of the verification process on USENET from a public-access terminal. :-)

  8. And this contradicts Salon's story how? by ravi_n · · Score: 5

    Quoting from Salon's article:
    One SDMI participant predicted: "They are going to try to keep it quiet -- the official word will be that the testing company is still analyzing the results. They will try to skate out of this without releasing the information that it's all broken."

    Quoting from Inside's article:
    'When a publication makes such a completely wrong, unfounded, anonymous slander, I think it deserves a very strong answer,'' Chariglione told Inside, referring to a report appearing on Salon.com Thursday citing anonymous sources that claimed each of the six technologies offered up for hacking by the SDMI had been compromised. ''It's simply not true, because we, ourselves, don't have that information. We have about 450 files, with 450 descriptions of methods -- you know, our testing managing committee started working on this Wednesday morning, and it's simply impossible to say whether this is true or this is false. Nobody knows! And when I say nobody, I mean nobody, because it's 450 music files that have yet to be tested.''

  9. Uh-Oh, Watch Out! The C-guy's on the warpath! by yamutt · · Score: 5
    Considering that it was their idea to make this an OPEN challenge, I'd have difficulty in feeling any sympathy, even if I agreed with their philosophy and approach (which I don't). Just another example of "we want to take advantage of the open approach, but only up to where WE draw the line of openness".

    IF it had been an entirely internal affair, I MIGHT sympathize (nah, probably not!) But in either case, the C-man's wrath is misplaced. He should be angry at the leakers, not at Salon. What he's really saying is "You had no right to report this until *I* said it was OK, because I'm the head honcho." That thinking may apply to whatever underlings leaked the info, but not to the independent media! Salon was carrying out their journalistic duty to REPORT NEWS, and I don't see this as being sensationalist. They presented all the (available) facts, they included both sides (i.e. the fact that the "official report" from SDMI was still forthcoming), and they didn't over-exaggerate the importance or significance of what they were reporting.

    One thing I'll buy - he's probably not lying when he says they don't know. I would be very surprised if the "inside sources" weren't simply acting on educated guesses based on preliminary findings. They haven't had enough time to do an in-depth study yet, so it's unlikely that any results are %100 conclusive yet (it couldn't be THAT bad... could it?) On the other hand, educated guesses are often VERY close to the mark, and I suspect some people who know what they're talking about were doing the leaking. And as the C-man points out, it's not a cut-and-dried "it's cracked or it isn't" judgement. A crack may slightly degrade the quality of the audio but leave it sufficiently intact that your average MP3 listener isn't going to mind. By a techincal "all-or-nothing" definition, this is NOT a successful crack, but it's still enough to send them back to the drawing board I'm sure...