Slashdot Mirror
Yet More SDMI fallout
Andrew Leonard writes: "SDMI's Leonardo Chiariglione said Salon's last story was "slander" so Janelle Brown went back to one of our sources and got more details about exactly what is going down. The article also includes a response from Chiariglione."
First, I have some severe doubts about the fact that all 6 technologies have been "cracked".
Technologies D and E if properly implemented should not be crackable. They are basically digital signatures.
Regarding techno A,B,C and F (watermarking technologies), the problem is the following.
They start with a song A and create a marked version A'. Now there are two ways to "remove" the mark: either find A again (or something extremely close to A) or create yet a new version A'', which is not necessarily close to A, but where the mark is not detected. In the first case, you need a complete understanding of how the watermark is working, is the second, you can just randomly modify the song until the Oracle tells you it can't detect the mark.
If you can recreate A, (or almost can), then it is a major crack, because (1) it will work for all song, (2) it will almost surely pass the audibility testing.
If you won be creating some A'', then there is no garantee that your attack will work against another song, nor that the audibility test will be passed, nor that the audibility test will be passed for other songs.
I assume most attacks followed the second path because they require less technical knowledge. This is why the SDMI needs to do a lot of testing.
As a side note, the hard part in the contest, (if you really want to recover the original A), is to understand how detection works exactly. I won't mention the specific technologies, but I can tell that for some of them, finding the algorithm was rather simple. Some others introduced artefacts to make the recovery harder.
However, SDMI people need to realize that if they release their system, it _will_ be reverse enginnered and that the detection algorithm will be made public. Once you know how detection works, it is usually fairly easy to peform this major cracking, e.g. surgically removing the mark, without damaging the song.
Yes, that's true. At this point, it does not matter that it's cracked.
The RIAA is losing the PR war -- the back and forth between Salon is proof of that -- by not handling things correctly.
If they want people to respect, fear, or otherwise appreciate SDMI, they need to be up front about the whole thing.
Was it cracked? Yes.
What's next? We're not sure. Stay tuned.
Pretty simple. I'd still think the RIAA are a bunch of money grubbing whores, but at least if they had cajones enough to admit defeat -- and admit that, yeah, it's a tough nut to crack, if not downright impossible to crack -- I'd realize that the suits in charge of the RIAA are savvy enough to realize that new media is different than the old media.
That in itself would be a minor victory: a suit admitting that, hey, maybe we can't pimp our wares the same way we've been pimping it in the past. Maybe, uh, we need to sit down and examine this "internet" stuff. But they won't admit that.
Leo won't admit that.
And Jack Valenti -- the decrepit MPAA dude -- is convinced that he, too, can win the battle with PR spin. ("Hey, pal, I know movies! Me and Jack Kennedy loved movies!")
Watching and listening to Valenti is like watching Boffo the Unemployed Clown parading around a smoke-filled room trying to score laughs with Don Rickles jokes -- "Heh, heh, that old hag was so ugly she even deflated my tires!! Ba da bing!"
It's funny in a pathetic way. Like you're watching some old geezer unravel on the spot. Poor Jack.
Poor Leo.
Hey, guys, here's a tip: take your golden parachute retirement bonus, head to Martha's Vineyard to your country houses, and shut the fuck up.
I'm not an audiophile, but I do know enough on wave theory that I would suspect that a better test would be to take both files, and look at the FFT of both samples at various times, using small time step units, and calculating some 'error' that the stripped file is off by. This should penaltize more for adding noise that wasn't there in the original sample than just for lower signal. Set some threshold that can be determined by doing the same comparison between a 196kbit-encoded file and a 128kbit-encoded. If the stripped sample performs worse than this, then the stripping fails, as it also took too much of the non-watermark stuff away. (Or some variation on this method -- again, I'm not an audiophile, just a scientist). This would make concrete winning conditions and take ambiguity out of it.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
The whole ongoing SDMI fiasco makes one wonder why they even bother trying to create a secure format anyway. In today's CPU-cycle-saturated world, there is no such thing as a truly secure format! If the data behind that wall of encryption is valuable enough, someone, somewhere, will break it -- and in this case, the information is extremely valuable; break SDMI and you've got unlimited access to all the music the world wants, all for free! Who could say no to that?
Now, that's not to say it's impossible to create secure music. But the only way to do that is to take the original master recording directly from the studio to a lead-lined vault ten miles below ground, lock the door, and throw away the key. Be sure to toss the band in there too, so they can't play unauthorized copies or variants of the song during their next concert. Of course, even then you're not truly secure, as the recording engineer or any other people who heard the session could sell his recollection of the arrangement to some cover artist to re-create, so you'd have to lock them in the vault too.
Now you're secure! Of course, you're also unable to sell the recording to anyone. Oops.
Given all that, one wonders why the industry doesn't just cut their losses, declare victory, and go home. They'd be well advised to follow the counsel of Rep. John Kasich, a Republican House member who has based his career on opposition to federal spending on programs that don't make sense. One particular hobby horse of Kasich's was the B-2 Stealth bomber, whose $1 billion per plane price tag Kasich found ludicrous. During one House committee hearing on funding the bomber's development, Kasich asked the Department of Defense witnesses if it wouldn't be cheaper and just as effective to simply announce that we'd built the B-2, rather than actually building any. After all, since the B-2 was supposed to be invisible, how could any enemy be certain we hadn't? Maybe the best outcome for all parties in the SDMI fiasco would be to just roll out a wide-open protocol, declare it secure, and concentrate on doing what they do best -- marketing and promotion of acts with mass appeal -- rather than doing what they are so manifestly bad at -- software engineering. Oh well, one can hope...
Read my blog.
Watch the world turn into a place where all cops are replaced by lawyers.
...Oh wait...
EOM
The funniest part about this new piece in Salon is Leo's reponse that, see, the anonymous source can't be correct because, uh, he shifts tenses!
One of the more pathetic (and bizarre) spin jobs I've seen in a long time.
I think the RIAA is scared of releasing the results. They are starting to realise that they are a behemoth that is obsolete in the new economy. The major function of the record labels is distribution and promotion, both of which can now be done over the internet by the individual artists. The RIAA doesn't even do that much, really are they are is a lobbying group. Why else would they be based in Washington D.C.? The dolts working for them will never be able to come up with a watermarking scheme that we will not be able to crack. I also saw a CNN article which mentions a "new project" by the RIAA to tag digital music files with a "unique identifier" to track them. They are partnering with another company and expect it to be done by the middle of next year. They are hedging their bets, trying different ways of controlling the distribution of music. I don't think it will work. As soon as a critical number of artists pull their heads out of their asses and start promoting themselves instead of signing with the major record labels, these big power hungry labels will go the way of the dinosaur
.sigless
Enigma
Enigma
Enigma
When one gratuitously SPEAKS falsely of another to third party(ies), that is "slander." When the false, published allegations are WRITTEN, it's called "libel."
They've GOT to be kidding! That's a VERY low standard. "Still sounded better"??? Is that to imply that once the watermark is applied, the acceptible level of sound quality is equal to a 64 kbps MP3 file?
As an audiophile, I find that statement to be absolutely revolting. It's impossible to get natural sounding music out of a file of such low bitrate. 128 kbps is tough. 192 is getting close to being acceptable. Having listened to the difference between 44khz/16bit and 96khz/24bit, I can tell you with certainty that even pure 44/16 PCM is limited. If 64 kpbs mp3 encoding is the standard for sound quality, then we are about to take a huge step backwards in audio reproduction. Neverind the privacy and fair use aspects of this (which are VERY important), just from a sound quality perspective, this technology seems doomed to fail.
I'll repeat what's been said here before...
It is impossible to add a non-audible watermark to music that can survive a well done perceptual encoding (ie, MP3 encoding, etc). The idea of perceptual encoding is to remove everything that is non-audible to save space. These two technologies are at odds with each other. The only way to preserve that watermark is for it to be audible from the start.
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
The RIAA today announced the failure of its first attempt at creating a secure music delivery system.
A spokeman commented 'We overlooked the human angle. If you can hear it or see it, you can hack it.'
Accordingly the RIAA intends to create SDMI 2, directly addressing this issue. The decryption process will be delayed until the last possible moment and hardwired onto a sealed chip.
The spokeman added 'By moving the location of the decryption process we can minimise the risk of a successful hack occurring. We recogise that this mean implanting the chip into every human brain on the planet but our IP is important to us.'
Note for editors:
The expected costs of the surgery required are likely to be below what would have otherwise been spent on failed technologies, lawyers and payments to successful hackers.
The whole point of SDMI is not to protect artists' IP but to protect the RIAA's monopoly on distribution. The funny thing is that the RIAA's corporate urges are going to work against them, finally, instead of for them. In this case, since Corporate Culture demands that if you spend money on something it Must Be a Success to Save Face, they will press on blindly with SDMI and try to minimize/ignore that 1. it was cracked and 2. watermarking is a foolish method of protection when dealing with lossy compression algorithms anyway. So we will probably get SDMI forced on us despite its obvious flaw. That's fantastic! Because even if all of us wake up tomorrow with SDMI-compliant CD players substituted for our old ones, we can just continue to burn MP3's for time/space-shifting, distribution with friends, sharing, etc as we have always done legally, as is our right. The big fear was that SDMI would take away our fair-use rights. But since SDMI has been proven to be as much a joke as we all knew it would be, SDMI will fail to achieve its primary purpose (taking away our rights). We should all now cheer SDMI on!
remember, there will always be Analog Out, and soundcards, and wave recorders, and Ogg. Only the hard-core audiophiles will find these tools to be insifficent, and those are the people who will buy Super-CD or DVD-A's anyway. But for casual listeners of music, we will always have the tools available to enjoy and legally share music as is our right under fair-use.
Don't blame me - I voted for Howard Dean. http://dean2004.blogspot.com
And SDMI might be pronounced "S dummy".
The next thing to remember is to put next things next.
- The Digital Watermark has been cracked at least partially enough to render both the music listenable and the protection useless (whether the music passes the "golden ears" test is a different matter, one that is no doubt playing a pivotal role in the SDMI's definition of "successfully cracked";)
- Salon's source is most likely not the authority they'd like us to think it is--probably a mid to low level person, possibly an individual operating strictly on what they've heard and picked up off peoples' desks (mind you, this does not mean that they are not a credible source; just that the data is probably not as cut and dried as Salon would like one to think;)
- Not only will we need to wait for the official test results for answers, we'll proabably not get those answers at all--at least, not in any form other than the carefully-crafted babble we've read all along from this whole episode.
Don't hold your breath for too long. Salon is reporting on anonymously leaked data from a group which is going to carefully craft any official information releases so as to render the actual information useless.Obliteracy: Words with explosions
Am I the only one who's thinking that it doesn't matter whether SDMI was actually hacked? It sounds to me like the RIAA wants to proceed with it whether it's really secure or not. They'll probably deny it was hacked in the end, proclaim it secure, and threaten to sue anyone who says (or proves) otherwise.
They've thrown millions of dollars at making a secure (in their minds) technology. They'll spend millions more trying to convince us that it's in our best interest to ditch our old stereo equipment so we'll comply with their new rules. And then they'll spend millions more in court to silence people who say or prove that it's not secure (hiding behind the DCMA no doubt).
Yup, SDMI is secure. Just like DVD. Can't be cracked at all. And on a similar note, those emperor's clothes look great.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Cracking one file might be hard, but I would be interested to know if anyone could gain an advantage by getting two copies of the same song and comparing them. Wouldn't you be able to "pick out" the frequency hopping watermark bits?
If you had three copies of the same piece, it seems that at any given bit, one might not be like the other two...
Any stegonographers in the audience tonight??
(I'm assuming that the watermarks won't all be the same for a given song. Besides, what good would that be?)
...or maybe not.
The thing is, as I understand it, watermarking is supposed to avoid this very thing. The idea is that the watermark is encoded in "noise" frequencies in the sound data, so that it can't be discerned by the human ear, but, with the proper decoder, provides information. The theory goes that if you pass said sound sample through various filtering software, decode it, re-encode it, etc, the watermarking (ideally) will remain, because it's stored in the audio itself... if you want to retain high-quality audio (in order to pirate it), you can't trash the watermark either... now, whether it will work in practice is another thing. :)