Slashdot Mirror
Yet More SDMI fallout
Andrew Leonard writes: "SDMI's Leonardo Chiariglione said Salon's last story was "slander" so Janelle Brown went back to one of our sources and got more details about exactly what is going down. The article also includes a response from Chiariglione."
First, I have some severe doubts about the fact that all 6 technologies have been "cracked".
Technologies D and E if properly implemented should not be crackable. They are basically digital signatures.
Regarding techno A,B,C and F (watermarking technologies), the problem is the following.
They start with a song A and create a marked version A'. Now there are two ways to "remove" the mark: either find A again (or something extremely close to A) or create yet a new version A'', which is not necessarily close to A, but where the mark is not detected. In the first case, you need a complete understanding of how the watermark is working, is the second, you can just randomly modify the song until the Oracle tells you it can't detect the mark.
If you can recreate A, (or almost can), then it is a major crack, because (1) it will work for all song, (2) it will almost surely pass the audibility testing.
If you won be creating some A'', then there is no garantee that your attack will work against another song, nor that the audibility test will be passed, nor that the audibility test will be passed for other songs.
I assume most attacks followed the second path because they require less technical knowledge. This is why the SDMI needs to do a lot of testing.
As a side note, the hard part in the contest, (if you really want to recover the original A), is to understand how detection works exactly. I won't mention the specific technologies, but I can tell that for some of them, finding the algorithm was rather simple. Some others introduced artefacts to make the recovery harder.
However, SDMI people need to realize that if they release their system, it _will_ be reverse enginnered and that the detection algorithm will be made public. Once you know how detection works, it is usually fairly easy to peform this major cracking, e.g. surgically removing the mark, without damaging the song.
The whole ongoing SDMI fiasco makes one wonder why they even bother trying to create a secure format anyway. In today's CPU-cycle-saturated world, there is no such thing as a truly secure format! If the data behind that wall of encryption is valuable enough, someone, somewhere, will break it -- and in this case, the information is extremely valuable; break SDMI and you've got unlimited access to all the music the world wants, all for free! Who could say no to that?
Now, that's not to say it's impossible to create secure music. But the only way to do that is to take the original master recording directly from the studio to a lead-lined vault ten miles below ground, lock the door, and throw away the key. Be sure to toss the band in there too, so they can't play unauthorized copies or variants of the song during their next concert. Of course, even then you're not truly secure, as the recording engineer or any other people who heard the session could sell his recollection of the arrangement to some cover artist to re-create, so you'd have to lock them in the vault too.
Now you're secure! Of course, you're also unable to sell the recording to anyone. Oops.
Given all that, one wonders why the industry doesn't just cut their losses, declare victory, and go home. They'd be well advised to follow the counsel of Rep. John Kasich, a Republican House member who has based his career on opposition to federal spending on programs that don't make sense. One particular hobby horse of Kasich's was the B-2 Stealth bomber, whose $1 billion per plane price tag Kasich found ludicrous. During one House committee hearing on funding the bomber's development, Kasich asked the Department of Defense witnesses if it wouldn't be cheaper and just as effective to simply announce that we'd built the B-2, rather than actually building any. After all, since the B-2 was supposed to be invisible, how could any enemy be certain we hadn't? Maybe the best outcome for all parties in the SDMI fiasco would be to just roll out a wide-open protocol, declare it secure, and concentrate on doing what they do best -- marketing and promotion of acts with mass appeal -- rather than doing what they are so manifestly bad at -- software engineering. Oh well, one can hope...
Read my blog.
They've GOT to be kidding! That's a VERY low standard. "Still sounded better"??? Is that to imply that once the watermark is applied, the acceptible level of sound quality is equal to a 64 kbps MP3 file?
As an audiophile, I find that statement to be absolutely revolting. It's impossible to get natural sounding music out of a file of such low bitrate. 128 kbps is tough. 192 is getting close to being acceptable. Having listened to the difference between 44khz/16bit and 96khz/24bit, I can tell you with certainty that even pure 44/16 PCM is limited. If 64 kpbs mp3 encoding is the standard for sound quality, then we are about to take a huge step backwards in audio reproduction. Neverind the privacy and fair use aspects of this (which are VERY important), just from a sound quality perspective, this technology seems doomed to fail.
I'll repeat what's been said here before...
It is impossible to add a non-audible watermark to music that can survive a well done perceptual encoding (ie, MP3 encoding, etc). The idea of perceptual encoding is to remove everything that is non-audible to save space. These two technologies are at odds with each other. The only way to preserve that watermark is for it to be audible from the start.
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
And SDMI might be pronounced "S dummy".
The next thing to remember is to put next things next.
That's what I've been thinking. What's to stop them, really? Ask yourself could this happen:
The SDMI invites "hackers" to defeat the watermarks on some samples of digital music. Many hackers do so, and hoping to win some of the $10,000 sign away their souls^H^H^H^H^H rights to the de-watermarking techniques they created. The SDMI carefully reviews the hacks and finds that in many cases the watermark was completely removed. These samples get passed on to the "Golden Ears" (note that in this case "Golden" refers to the amount of money these people are being paid to say exactly what they are told to say). The Golden Ears say that none of the hacked music files are worth listening to. (regardless of the actual quality). The SDMI then announces that their watermarking technology is "un-hackable" and companies start developing players for SDMI watermarked files. Those that did find watermark removal techniques are outraged because some of the de-watermarked music files that they can create sound exactly the same as the watermarked files. Because of the NDA, if they say anything, they will find themselves swamped in litigation. The SMDI then sneaks a bill through congress that makes illegal all music devices that fail to recognize the SDMI watermark, thanks to the DMCA.
Think about it. The SMDI could be a lot smarter than we gave them credit for. Or maybe I'm just a conspiracy theorist.
This is supposed to be great art. So why does it look like a bunch of decapitated naked people? -- Calvin