Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yet More SDMI fallout

Posted by Hemos on from the yes-no-yes-no dept.

Andrew Leonard writes: "SDMI's Leonardo Chiariglione said Salon's last story was "slander" so Janelle Brown went back to one of our sources and got more details about exactly what is going down. The article also includes a response from Chiariglione."

8 of 125 comments (clear)

  1. OK. Let's clarify a few things by JPS · · Score: 5

    First, I have some severe doubts about the fact that all 6 technologies have been "cracked".
    Technologies D and E if properly implemented should not be crackable. They are basically digital signatures.

    Regarding techno A,B,C and F (watermarking technologies), the problem is the following.

    They start with a song A and create a marked version A'. Now there are two ways to "remove" the mark: either find A again (or something extremely close to A) or create yet a new version A'', which is not necessarily close to A, but where the mark is not detected. In the first case, you need a complete understanding of how the watermark is working, is the second, you can just randomly modify the song until the Oracle tells you it can't detect the mark.

    If you can recreate A, (or almost can), then it is a major crack, because (1) it will work for all song, (2) it will almost surely pass the audibility testing.

    If you won be creating some A'', then there is no garantee that your attack will work against another song, nor that the audibility test will be passed, nor that the audibility test will be passed for other songs.

    I assume most attacks followed the second path because they require less technical knowledge. This is why the SDMI needs to do a lot of testing.

    As a side note, the hard part in the contest, (if you really want to recover the original A), is to understand how detection works exactly. I won't mention the specific technologies, but I can tell that for some of them, finding the algorithm was rather simple. Some others introduced artefacts to make the recovery harder.

    However, SDMI people need to realize that if they release their system, it _will_ be reverse enginnered and that the detection algorithm will be made public. Once you know how detection works, it is usually fairly easy to peform this major cracking, e.g. surgically removing the mark, without damaging the song.

  2. Declare victory and go home by jalefkowit · · Score: 5

    The whole ongoing SDMI fiasco makes one wonder why they even bother trying to create a secure format anyway. In today's CPU-cycle-saturated world, there is no such thing as a truly secure format! If the data behind that wall of encryption is valuable enough, someone, somewhere, will break it -- and in this case, the information is extremely valuable; break SDMI and you've got unlimited access to all the music the world wants, all for free! Who could say no to that?

    Now, that's not to say it's impossible to create secure music. But the only way to do that is to take the original master recording directly from the studio to a lead-lined vault ten miles below ground, lock the door, and throw away the key. Be sure to toss the band in there too, so they can't play unauthorized copies or variants of the song during their next concert. Of course, even then you're not truly secure, as the recording engineer or any other people who heard the session could sell his recollection of the arrangement to some cover artist to re-create, so you'd have to lock them in the vault too.

    Now you're secure! Of course, you're also unable to sell the recording to anyone. Oops.

    Given all that, one wonders why the industry doesn't just cut their losses, declare victory, and go home. They'd be well advised to follow the counsel of Rep. John Kasich, a Republican House member who has based his career on opposition to federal spending on programs that don't make sense. One particular hobby horse of Kasich's was the B-2 Stealth bomber, whose $1 billion per plane price tag Kasich found ludicrous. During one House committee hearing on funding the bomber's development, Kasich asked the Department of Defense witnesses if it wouldn't be cheaper and just as effective to simply announce that we'd built the B-2, rather than actually building any. After all, since the B-2 was supposed to be invisible, how could any enemy be certain we hadn't? Maybe the best outcome for all parties in the SDMI fiasco would be to just roll out a wide-open protocol, declare it secure, and concentrate on doing what they do best -- marketing and promotion of acts with mass appeal -- rather than doing what they are so manifestly bad at -- software engineering. Oh well, one can hope...

    --

    Read my blog.

  3. DMCA by No-op · · Score: 4
    You know, the best part about SDMI is that they could use something like a simple XOR scheme and call it encryption, and say it's protected under the DMCA. so while you could strip the file easily, they could slam you for it.



    Watch the world turn into a place where all cops are replaced by lawyers.



    ...Oh wait...

    --
    EOM
  4. Can't they even get their terms right? by techwatcher · · Score: 4

    When one gratuitously SPEAKS falsely of another to third party(ies), that is "slander." When the false, published allegations are WRITTEN, it's called "libel."

  5. Better than a 64 kbps MP3 file???? by sdo1 · · Score: 5
    From the salon.com article...

    subjected to preliminary listening tests performed by "golden ears" listeners to ensure that each attacked sample still sounded better than a 64 kbps MP3 file.

    They've GOT to be kidding! That's a VERY low standard. "Still sounded better"??? Is that to imply that once the watermark is applied, the acceptible level of sound quality is equal to a 64 kbps MP3 file?

    As an audiophile, I find that statement to be absolutely revolting. It's impossible to get natural sounding music out of a file of such low bitrate. 128 kbps is tough. 192 is getting close to being acceptable. Having listened to the difference between 44khz/16bit and 96khz/24bit, I can tell you with certainty that even pure 44/16 PCM is limited. If 64 kpbs mp3 encoding is the standard for sound quality, then we are about to take a huge step backwards in audio reproduction. Neverind the privacy and fair use aspects of this (which are VERY important), just from a sound quality perspective, this technology seems doomed to fail.

    I'll repeat what's been said here before...

    It is impossible to add a non-audible watermark to music that can survive a well done perceptual encoding (ie, MP3 encoding, etc). The idea of perceptual encoding is to remove everything that is non-audible to save space. These two technologies are at odds with each other. The only way to preserve that watermark is for it to be audible from the start.

    -S

    --
    --- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
  6. Pronunciation by bbhack · · Score: 5

    And SDMI might be pronounced "S dummy".

    --
    The next thing to remember is to put next things next.
  7. Doesn't matter if it was hacked or not.... by Jason+Levine · · Score: 4

    Am I the only one who's thinking that it doesn't matter whether SDMI was actually hacked? It sounds to me like the RIAA wants to proceed with it whether it's really secure or not. They'll probably deny it was hacked in the end, proclaim it secure, and threaten to sue anyone who says (or proves) otherwise.

    They've thrown millions of dollars at making a secure (in their minds) technology. They'll spend millions more trying to convince us that it's in our best interest to ditch our old stereo equipment so we'll comply with their new rules. And then they'll spend millions more in court to silence people who say or prove that it's not secure (hiding behind the DCMA no doubt).

    Yup, SDMI is secure. Just like DVD. Can't be cracked at all. And on a similar note, those emperor's clothes look great.

    --
    My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    1. Re:Doesn't matter if it was hacked or not.... by danderson · · Score: 5

      That's what I've been thinking. What's to stop them, really? Ask yourself could this happen:

      The SDMI invites "hackers" to defeat the watermarks on some samples of digital music. Many hackers do so, and hoping to win some of the $10,000 sign away their souls^H^H^H^H^H rights to the de-watermarking techniques they created. The SDMI carefully reviews the hacks and finds that in many cases the watermark was completely removed. These samples get passed on to the "Golden Ears" (note that in this case "Golden" refers to the amount of money these people are being paid to say exactly what they are told to say). The Golden Ears say that none of the hacked music files are worth listening to. (regardless of the actual quality). The SDMI then announces that their watermarking technology is "un-hackable" and companies start developing players for SDMI watermarked files. Those that did find watermark removal techniques are outraged because some of the de-watermarked music files that they can create sound exactly the same as the watermarked files. Because of the NDA, if they say anything, they will find themselves swamped in litigation. The SMDI then sneaks a bill through congress that makes illegal all music devices that fail to recognize the SDMI watermark, thanks to the DMCA.

      Think about it. The SMDI could be a lot smarter than we gave them credit for. Or maybe I'm just a conspiracy theorist.

      --
      This is supposed to be great art. So why does it look like a bunch of decapitated naked people? -- Calvin