Slashdot Mirror
Yet More SDMI fallout
Andrew Leonard writes: "SDMI's Leonardo Chiariglione said Salon's last story was "slander" so Janelle Brown went back to one of our sources and got more details about exactly what is going down. The article also includes a response from Chiariglione."
Besides, we all have way too many MP3's by now to switch to any new format but MP4 (someone should hurry up with that too!)
Why not switch to OggVorbis, which is already 33% smaller than MP3 at the same quality? Plugins are available for both Winamp and XMMS. Just because you have a lot of MP3s on CD-R doesn't mean you can't start using OggVorbis today. And because it's completely Free (Lesser GPL libraries; no patents), there will be no SDMI forced on you.
Will I retire or break 10K?
First, I have some severe doubts about the fact that all 6 technologies have been "cracked".
Technologies D and E if properly implemented should not be crackable. They are basically digital signatures.
Regarding techno A,B,C and F (watermarking technologies), the problem is the following.
They start with a song A and create a marked version A'. Now there are two ways to "remove" the mark: either find A again (or something extremely close to A) or create yet a new version A'', which is not necessarily close to A, but where the mark is not detected. In the first case, you need a complete understanding of how the watermark is working, is the second, you can just randomly modify the song until the Oracle tells you it can't detect the mark.
If you can recreate A, (or almost can), then it is a major crack, because (1) it will work for all song, (2) it will almost surely pass the audibility testing.
If you won be creating some A'', then there is no garantee that your attack will work against another song, nor that the audibility test will be passed, nor that the audibility test will be passed for other songs.
I assume most attacks followed the second path because they require less technical knowledge. This is why the SDMI needs to do a lot of testing.
As a side note, the hard part in the contest, (if you really want to recover the original A), is to understand how detection works exactly. I won't mention the specific technologies, but I can tell that for some of them, finding the algorithm was rather simple. Some others introduced artefacts to make the recovery harder.
However, SDMI people need to realize that if they release their system, it _will_ be reverse enginnered and that the detection algorithm will be made public. Once you know how detection works, it is usually fairly easy to peform this major cracking, e.g. surgically removing the mark, without damaging the song.
Yes, that's true. At this point, it does not matter that it's cracked.
The RIAA is losing the PR war -- the back and forth between Salon is proof of that -- by not handling things correctly.
If they want people to respect, fear, or otherwise appreciate SDMI, they need to be up front about the whole thing.
Was it cracked? Yes.
What's next? We're not sure. Stay tuned.
Pretty simple. I'd still think the RIAA are a bunch of money grubbing whores, but at least if they had cajones enough to admit defeat -- and admit that, yeah, it's a tough nut to crack, if not downright impossible to crack -- I'd realize that the suits in charge of the RIAA are savvy enough to realize that new media is different than the old media.
That in itself would be a minor victory: a suit admitting that, hey, maybe we can't pimp our wares the same way we've been pimping it in the past. Maybe, uh, we need to sit down and examine this "internet" stuff. But they won't admit that.
Leo won't admit that.
And Jack Valenti -- the decrepit MPAA dude -- is convinced that he, too, can win the battle with PR spin. ("Hey, pal, I know movies! Me and Jack Kennedy loved movies!")
Watching and listening to Valenti is like watching Boffo the Unemployed Clown parading around a smoke-filled room trying to score laughs with Don Rickles jokes -- "Heh, heh, that old hag was so ugly she even deflated my tires!! Ba da bing!"
It's funny in a pathetic way. Like you're watching some old geezer unravel on the spot. Poor Jack.
Poor Leo.
Hey, guys, here's a tip: take your golden parachute retirement bonus, head to Martha's Vineyard to your country houses, and shut the fuck up.
I'm not an audiophile, but I do know enough on wave theory that I would suspect that a better test would be to take both files, and look at the FFT of both samples at various times, using small time step units, and calculating some 'error' that the stripped file is off by. This should penaltize more for adding noise that wasn't there in the original sample than just for lower signal. Set some threshold that can be determined by doing the same comparison between a 196kbit-encoded file and a 128kbit-encoded. If the stripped sample performs worse than this, then the stripping fails, as it also took too much of the non-watermark stuff away. (Or some variation on this method -- again, I'm not an audiophile, just a scientist). This would make concrete winning conditions and take ambiguity out of it.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
No, it says that "each *attacked* sound sample" (note, emphasis added by me :), meaning, after the sound sample was attacked and the watermarking removed. At least, that's the way I read it. So, their tests say, after we've verified that the watermark is gone, we'll check the sound quality. If it's equal to or better than a 64 kbps MP3 (per channel or total, I don't care), we'll consider that a break.
Except the DMCA makes it illegal to exercise your fair use rights by subject you to an RIAA lawsuit everytime you decode an RIAA music file for space-shifting or distribution. It's bullshit, but that's what this new law accomplishes & shit judge's like Kaplan stand behind it while reaming the consumer in the ass.
The DMCA is unconstitutional. Until it is thrown out, I see no immorality in ignoring it. I will continue to excercise my fair-use rights. The failure of SDMI helps me do so. Just like the freedom to bear arms, we now have the freedom to bear code! to defend our rights. What the Government giveth, the Corporations cannot taketh away. If they try, well.. let them try.
hurrah for analog out!
Don't blame me - I voted for Howard Dean. http://dean2004.blogspot.com
mp3 is *perceptual* encoding.
it strips out the shit you can't hear.
you can't hear a 1GHz tone.
mp3 encoding strips it out.
ergo, they need one that mp3 encoding won't strip out.
which means it needs to be audible, and affects the sound quality.
do i need to write it in crayon for you?
It sounds like the SDMI is attempting politics at advancing itself to big brother. Imagine the future if it has its way:
All audible recordings must be recorded with a SDMI licensed recorder with an approved SDMI serial number registered to the owner's legal name and address. Recording technology is considered a munition and subject to export treaties and content may not be distributed to countries under embargo.
I'm sure there would be provisions for recording class notes with a non-approved recorder. They would have no problem with 8-bit 8KHz recording.
For the test to mean anything, the "Golden Ears" must operate "blind". They must not be told which sample is the original watermarked one and which is the one with the watermark removed. If they know which sample is which, then the comparisons are invalid.
The idea is that the watermark is encoded in "noise" frequencies in the sound data, so that it can't be discerned by the human ear, but, with the proper decoder, provides information.
Well lossy compression formats like mp3 are supposed to remove any information not relevant to the human ear, therefore one could assume that any attempt to introduce additional information in a stream encoded trough such a codec must result in an audible alteration of the audio.
But since I know very little about audio encoding, I'd like to know if the above is actually provable. If it is, SDMI stands no chance of actually succeding.
Anyone?
I strongly believe that trying to be clever is detrimental to your health. -- Linus Torvalds
The whole ongoing SDMI fiasco makes one wonder why they even bother trying to create a secure format anyway. In today's CPU-cycle-saturated world, there is no such thing as a truly secure format! If the data behind that wall of encryption is valuable enough, someone, somewhere, will break it -- and in this case, the information is extremely valuable; break SDMI and you've got unlimited access to all the music the world wants, all for free! Who could say no to that?
Now, that's not to say it's impossible to create secure music. But the only way to do that is to take the original master recording directly from the studio to a lead-lined vault ten miles below ground, lock the door, and throw away the key. Be sure to toss the band in there too, so they can't play unauthorized copies or variants of the song during their next concert. Of course, even then you're not truly secure, as the recording engineer or any other people who heard the session could sell his recollection of the arrangement to some cover artist to re-create, so you'd have to lock them in the vault too.
Now you're secure! Of course, you're also unable to sell the recording to anyone. Oops.
Given all that, one wonders why the industry doesn't just cut their losses, declare victory, and go home. They'd be well advised to follow the counsel of Rep. John Kasich, a Republican House member who has based his career on opposition to federal spending on programs that don't make sense. One particular hobby horse of Kasich's was the B-2 Stealth bomber, whose $1 billion per plane price tag Kasich found ludicrous. During one House committee hearing on funding the bomber's development, Kasich asked the Department of Defense witnesses if it wouldn't be cheaper and just as effective to simply announce that we'd built the B-2, rather than actually building any. After all, since the B-2 was supposed to be invisible, how could any enemy be certain we hadn't? Maybe the best outcome for all parties in the SDMI fiasco would be to just roll out a wide-open protocol, declare it secure, and concentrate on doing what they do best -- marketing and promotion of acts with mass appeal -- rather than doing what they are so manifestly bad at -- software engineering. Oh well, one can hope...
Read my blog.
I'll keep this comment within the context of music, mp3's, and CD's, rather then venturing off to the related DVD discussion. Traditionally, we receive our own personal copies of music in the form of CD or tape. CD's are really the only choice as a source for converting said music to mp3's. So, if we receive or music in CD format, and we have computers at our disposal with great encoding tools like Lame, BladeEnc, and algorithms like mp3 or Ogg Vorbis, why should we worry about the RIAA?
Seriously, folks. I don't see CD's dying any time soon, and by legal precedence, we have a right to make copies for ourselves or our friends. If this means burning new CD's or encoding an MP3, we have the right. Distributing said MP3's over the Internet may be another discussion, but actually encoding a song to MP3 format is NOT breaking the law. The RIAA is making the same old argument it always has, "We want control." In the end, common sense will hopefully prevail and once again quell the tantrums of the gorilla sized child.
assert(expired(knowledge));
The real irony here is that they're trying to use the technology because the laws didn't work. Oh shit. What kind of circle are we into now???
________________
They're - They are
Their - Belonging to them
I don't want free as in beer. I just want free beer.
I'm a musician, have played professionally since high school, etc., and I want to see musicians get paid for their work, but SDMI and copyright laws that give nothing to the consumer and instead remove more rights from the consumer, isn't the answer.
Hey! Yo! Over here, guys! We got an expert in JPS! :)
So, uh, could you be persuaded to post some more details? :) Did you, um, look at some kind of Fourier transform (discrete cosine transform?) and look for some tweaking between A and A'? Were you really able to find something??? It seemed to me that they had so many choices-- watermarking individual k-second blocks, say-- that it would be very difficult to reverse engineer their watermarking procedure based on a single example.
My speculation had been that the scheme was cracked by someone with inside knowledge, as there are apparently a lot of folks in SDMI trying to undermine this thing through leaking. Maybe some people did have details of the verification process.
As I understand it, their idea is to have a fragile watermark and a robust watermark in each song on a CD. Ripping to an MP3 will destroy the fragile watermark, but leave the robust watermark intact. A player can refuse to play if it detects this situation. Admitting their unforgability, what role do digital signatures play? Surely they can not be the robust watermark-- one could just clip them. Do digital signatures substitute for the fragile watermark?
(The new Salon article says: "All four technologies in the public test had successful attacks submitted against them." The source is, apparently, only talking about the watermark technologies. I think the Salon author is a little confused on this point.)
Watch the world turn into a place where all cops are replaced by lawyers.
...Oh wait...
EOM
The funniest part about this new piece in Salon is Leo's reponse that, see, the anonymous source can't be correct because, uh, he shifts tenses!
One of the more pathetic (and bizarre) spin jobs I've seen in a long time.
I think the RIAA is scared of releasing the results. They are starting to realise that they are a behemoth that is obsolete in the new economy. The major function of the record labels is distribution and promotion, both of which can now be done over the internet by the individual artists. The RIAA doesn't even do that much, really are they are is a lobbying group. Why else would they be based in Washington D.C.? The dolts working for them will never be able to come up with a watermarking scheme that we will not be able to crack. I also saw a CNN article which mentions a "new project" by the RIAA to tag digital music files with a "unique identifier" to track them. They are partnering with another company and expect it to be done by the middle of next year. They are hedging their bets, trying different ways of controlling the distribution of music. I don't think it will work. As soon as a critical number of artists pull their heads out of their asses and start promoting themselves instead of signing with the major record labels, these big power hungry labels will go the way of the dinosaur
.sigless
Enigma
Enigma
Enigma
When one gratuitously SPEAKS falsely of another to third party(ies), that is "slander." When the false, published allegations are WRITTEN, it's called "libel."
They've GOT to be kidding! That's a VERY low standard. "Still sounded better"??? Is that to imply that once the watermark is applied, the acceptible level of sound quality is equal to a 64 kbps MP3 file?
As an audiophile, I find that statement to be absolutely revolting. It's impossible to get natural sounding music out of a file of such low bitrate. 128 kbps is tough. 192 is getting close to being acceptable. Having listened to the difference between 44khz/16bit and 96khz/24bit, I can tell you with certainty that even pure 44/16 PCM is limited. If 64 kpbs mp3 encoding is the standard for sound quality, then we are about to take a huge step backwards in audio reproduction. Neverind the privacy and fair use aspects of this (which are VERY important), just from a sound quality perspective, this technology seems doomed to fail.
I'll repeat what's been said here before...
It is impossible to add a non-audible watermark to music that can survive a well done perceptual encoding (ie, MP3 encoding, etc). The idea of perceptual encoding is to remove everything that is non-audible to save space. These two technologies are at odds with each other. The only way to preserve that watermark is for it to be audible from the start.
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
The "music revolution" has already taken off, and it's out of the hands of the record industry. MP3 is a genie that can never be pushed back in its bottle. The record companies' revenue stream doesn't matter one bit to any music fan, they just want music and free is a damn good price.
I'm actually surprised that they're not attacking MP3's more (not that they have a leg to stand on, but that never stopped them before) I expect to see lawsuits against shoutcast.com pretty soon though (for enabling the unauthorized rebroadcast of 'pirate' MP3s)
Besides, we all have way too many MP3's by now to switch to any new format but MP4 (someone should hurry up with that too!)
The RIAA today announced the failure of its first attempt at creating a secure music delivery system.
A spokeman commented 'We overlooked the human angle. If you can hear it or see it, you can hack it.'
Accordingly the RIAA intends to create SDMI 2, directly addressing this issue. The decryption process will be delayed until the last possible moment and hardwired onto a sealed chip.
The spokeman added 'By moving the location of the decryption process we can minimise the risk of a successful hack occurring. We recogise that this mean implanting the chip into every human brain on the planet but our IP is important to us.'
Note for editors:
The expected costs of the surgery required are likely to be below what would have otherwise been spent on failed technologies, lawyers and payments to successful hackers.
Geez, I'm not a laywer, and even I knew the difference! If this lack of intelligence is typical of the SMDI folks, then they deserve to have their scheme get cracked.
The whole point of SDMI is not to protect artists' IP but to protect the RIAA's monopoly on distribution. The funny thing is that the RIAA's corporate urges are going to work against them, finally, instead of for them. In this case, since Corporate Culture demands that if you spend money on something it Must Be a Success to Save Face, they will press on blindly with SDMI and try to minimize/ignore that 1. it was cracked and 2. watermarking is a foolish method of protection when dealing with lossy compression algorithms anyway. So we will probably get SDMI forced on us despite its obvious flaw. That's fantastic! Because even if all of us wake up tomorrow with SDMI-compliant CD players substituted for our old ones, we can just continue to burn MP3's for time/space-shifting, distribution with friends, sharing, etc as we have always done legally, as is our right. The big fear was that SDMI would take away our fair-use rights. But since SDMI has been proven to be as much a joke as we all knew it would be, SDMI will fail to achieve its primary purpose (taking away our rights). We should all now cheer SDMI on!
remember, there will always be Analog Out, and soundcards, and wave recorders, and Ogg. Only the hard-core audiophiles will find these tools to be insifficent, and those are the people who will buy Super-CD or DVD-A's anyway. But for casual listeners of music, we will always have the tools available to enjoy and legally share music as is our right under fair-use.
Don't blame me - I voted for Howard Dean. http://dean2004.blogspot.com
When it all comes down to it, one can say any piece of information is encrypted. Who's to say that this message isn't an encrypted and compressed recipe for Niemann Marcus' famed cookies or details of the Roswell Incident?
The fact is, this message was digitally encoded in ASCII (unless Slashdot went UniCode). Taken at face value, this message is just a really big number, represented in binary. Your browser assumes it to be ASCII and "decrypts" it as such.
Now, if my information on copyright is correct, facts cannot be copyrighted. A number is a fact. Thus, no one can copyright the number 7. Now help me out here, why can an MP3 file, which is, when it all comes down to it, a really big number be copyrighted?
Cheers,
Slak
And SDMI might be pronounced "S dummy".
The next thing to remember is to put next things next.
It's worth noting that watermarking video will probably work better than watermarking audio. Noise in audio is much more noticeable than in video. In video, of course, you have a lot more data to hide the watermark in.
There are plans to replace audio CDs with DVD Audio discs, which will be a lot more difficult to rip. (Basically, there will be no way of doing it without violating the DMCA, as is the case with DVD video.) As CDs are fundamentally insecure (for the content industry), the only thing keeping them from disappearing is market inertia. As soon as CDs can be phased out, they will be.
SDMI will never prevent you from copying the latest metallica single. SDMI is to prevent you from releasing your music to 'the masses' in a digital format. The new track from you favorite local band will not play on you SDMI 'protected' walkman.
The intent is that same as DCC on a DAT player, to protect the channel the music companies use to become rich. When someone creates the hack that inserts a SDMI watermark that can fool the players, that will be something to write home about.
âoeWho knew something as harmless as willful ignorance could end up having real consequences?â
The whole idea is that cats have lots of air resistance. They can survive hitting the ground from their terminal velocity.
--
No more e-mail address game - see my user info. Time for revenge.
Win dain a lotica, en vai tu ri silota
- The Digital Watermark has been cracked at least partially enough to render both the music listenable and the protection useless (whether the music passes the "golden ears" test is a different matter, one that is no doubt playing a pivotal role in the SDMI's definition of "successfully cracked";)
- Salon's source is most likely not the authority they'd like us to think it is--probably a mid to low level person, possibly an individual operating strictly on what they've heard and picked up off peoples' desks (mind you, this does not mean that they are not a credible source; just that the data is probably not as cut and dried as Salon would like one to think;)
- Not only will we need to wait for the official test results for answers, we'll proabably not get those answers at all--at least, not in any form other than the carefully-crafted babble we've read all along from this whole episode.
Don't hold your breath for too long. Salon is reporting on anonymously leaked data from a group which is going to carefully craft any official information releases so as to render the actual information useless.Obliteracy: Words with explosions
Am I the only one who's thinking that it doesn't matter whether SDMI was actually hacked? It sounds to me like the RIAA wants to proceed with it whether it's really secure or not. They'll probably deny it was hacked in the end, proclaim it secure, and threaten to sue anyone who says (or proves) otherwise.
They've thrown millions of dollars at making a secure (in their minds) technology. They'll spend millions more trying to convince us that it's in our best interest to ditch our old stereo equipment so we'll comply with their new rules. And then they'll spend millions more in court to silence people who say or prove that it's not secure (hiding behind the DCMA no doubt).
Yup, SDMI is secure. Just like DVD. Can't be cracked at all. And on a similar note, those emperor's clothes look great.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Well, isn't the sales tactic which SDMI is planning to use considered extortion by almost every corporate-world-hating human on the planet?
I am seeing an alarming trend which 'net upstarts and conglomerate giants alike are using to push products: limited functionality per unit paid. This is evident in the many time-based and per-incident "services" out there (iOpener, Cue:Cat, TiVo, Y@p) and the rampant sales of consumable products (phone cards, printer ink cartridges that go for $50 per unit, etc.). The companies feel that they can start an endless stream of profit due to the nature of their products. The worst part of this is when the company knowingly makes the consumable products inferior (HP with their printers that can't clean themselves, Digital:Convergence with their shoddy PCB and housing, etc.). Then, there's the nightmare of customer service; companies that put you on hold eternally unless you buy more of their products. Personally, I am offended that the BBB and other watchdog agencies aren't cracking down on this. It's a blatant and legal swindling of the consumers.
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
Cracking one file might be hard, but I would be interested to know if anyone could gain an advantage by getting two copies of the same song and comparing them. Wouldn't you be able to "pick out" the frequency hopping watermark bits?
If you had three copies of the same piece, it seems that at any given bit, one might not be like the other two...
Any stegonographers in the audience tonight??
(I'm assuming that the watermarks won't all be the same for a given song. Besides, what good would that be?)
...or maybe not.
Reminds me of a short story by Jorge Borges' "Library of Babel" which was a near-infinite structure that contained a staggering number of identical books. In fact, every single possible book of that lenght was in the library.
Some books were all "a" repeated over and over, some were the true histories of famous people, some were the false histories of poor people. Some books coninued on from other books... you get the idea.
The book that was the "holy grail" is the book that indexes all the other true books (probably with several continuing tomes). Of course, there were a large number of false indexes lying around.
The story is basically making exactly your point, in that the difference between information and data is selection. I can enumerate all numbers encoding 3 minute songs at cd quality, but only a small fraction of them will be interesting to listen to. The information is telling you which one data point is interesting to listen to.
To continue this rambling post some more; in the vein of GEB, any creation can be facted, by stating that it is a creation.
"cherry blossoms fall pink / with dew drops / heavy from morning light" is my creation, and thus can be copyrighted.
However, the entire previous sentence is a fact, and thus cannot (nor can this one). Tim Robbins ref: this sentence is in the mob; it has italic connections. This sentence is pregnant, it is missing its period
erm. I forgot my point. ramble ramble
What the source is claiming is that despite the fact that the watermark has been removed, the sounds quality is still acceptable. The sound quality with the watermark intact would be better, probably much better.
MSK
- unauthorised covers by major label acts
- use in films or TV or Muzak (tm) or as background to advertisements
- redistribution for profit by K-Tel or some comparable label
This is very important. My nervousness is that at some point the argument will be made that if you expect copyright to protect you from these things happening against your will, you'd be using watermarks and prohibiting fair use and getting a Big Record Deal etc ad nauseam- and that the laws may be _changed_ using such arguments to punish anyone who is trying to uphold fair use and still expects copyright to protect against commercial exploitation. It's kind of like 'you can't have your cake and eat it too!' Except you can- under current law. At the moment it is _my_ decision whether I want to allow fair use, and I can do so without throwing away my rights to control commercial use, as I am the copyright holder. I would like to see this more broadly understood, because it would be a hell of a thing to lose this just because a lot of people are content to take the burden of 'breaking the law' onto themselves.It's fine that many people are willing to disobey a legal climate that they feel is unjust- but that mustn't cover up the fact that as a content producer I have a _right_ to allow and encourage fair use. It does _not_ equate to 'I am putting everything I do into the public domain, go nuts'. Currently I can allow fair use and still have leverage to resist unauthorised commercial use. If the line blurs and that begins to slip it will be a very bad thing. How would you like it if you made music and then discovered one of your tracks on TV with singing munchkins selling Windows upgrades or something? There are some aspects of copyright that need to keep their teeth.
I don't know if this applies to tigers.
--
No more e-mail address game - see my user info. Time for revenge.
Win dain a lotica, en vai tu ri silota
Just thought I'd post a more recent late-breaking article from Salon.com here:
Another crack in the SDMI wall
A team of researchers claims to
have successfully hacked a digital
music watermarking system
(Basically, more corroboration that SDMI has been broken & SDMI knows it.
I'm annoyed that consumer technology is being delayed [by years] for this.)
--
--
He lives in a world where those who do not run the client software of the omnipresent meme are unacceptable.
The thing is, as I understand it, watermarking is supposed to avoid this very thing. The idea is that the watermark is encoded in "noise" frequencies in the sound data, so that it can't be discerned by the human ear, but, with the proper decoder, provides information. The theory goes that if you pass said sound sample through various filtering software, decode it, re-encode it, etc, the watermarking (ideally) will remain, because it's stored in the audio itself... if you want to retain high-quality audio (in order to pirate it), you can't trash the watermark either... now, whether it will work in practice is another thing. :)