Slashdot Mirror
More Cracks In The SDMI Wall
The indefatigable Andrew Leonard writes: "Now Princeton researchers are getting in on the act. SDMI's watermarks do not seem to be made of very stern stuff. Janelle Brown has a story about a team led by Edward Felten that says it too has triumphed in the hack SDMI challenge." I think they could have made it simpler by having the watermark simply be Vincent Price's voice moaning over every track so "protected," or some juicy backwards masking, and been done with it. The Salon piece is loaded with the links you need;)
We are doing a university project that aims at
defeating all known audio watermarking techniques.
So far we killed EVERY SINGLE ONE using a mixture
of techniques including inaudible transforms in
the frequency domain, jitter in the time domain
and very funny huffman shuffling of the bitstream,
making it 1% larger because we also apply a
reverse psymodel where inaudible frequencies
are actually added instead of eliminated.
We only have an mp3 bitstream specific test tool
right now but adapting this to AAC is no big
deal (we chose mp3 because of its popularity).
Of course you need a decoder source for this
but once you have one, you can start mess up the
bitstream all the same.
I work on that project because frankly, SDMI can
kiss my behind. Too bad them guys have too little
brain mass! Sitting duck, their watermark is.
No, we did not ignore the ethical or political issues involved. In fact, if anyone understands those issues it's an expert in the technology, not some angry anonymous B1FF. The very fact that you think "damage is done" shows that you don't understand the serious technological problems behind what SDMI is trying to do. Just how do you think SDMI is now a step ahead?
No, we are not helping SDMI restrict fair use by making them (and everyone else) aware of weaknesses in the system. Keeping mum about ways to circumvent the system will hurt everyone, as a flawed SDMI in deployment hurts everyone a lot more than no SDMI at all.
Here's an ethical question for you: what about Diamond Multimedia? First they were sued by the recording industry over their MP3 players. Now if we let SDMI deploy a flawed system they're going to get screwed again, having to blow tons of money by putting these SDMI ASICs in their portable devices. That make them drain more battery power and otherwise suck. This is an okay scenario to you?
And what about users? A circumventable system on your portable devices may not stop people with the right utilities from making copies, but it will forever get in the way and generally annoy the heck out of people. This is also okay for you? Acceptible losses, friendly fire, if it will help you teach SDMI a lesson?
If SDMI is never going to work, the right thing to do is to keep it on the drawing board. Anything else will yield an awful end result.
It has been asked and talked about before: but the real question is just what exactly is in SDMI for the consumer? The average consumer, I mean. Not the guy that has a home LAN, digital sound cards, and 100+ CDRs of MP3s.
..." mode, but it was a telling moment.
I'm talking about the family who goes to Best Buy on a Saturday to buy a new CD player or buy a couple of CDs.
What's SDMI gonna do for these people? Nothing.
Jack Valenti (the MPAA, not RIAA) has been spouting off about "ethics" for the past week or so. "We need to change our culture so that people realize that downloading audio/video is stealing. We need to adjust people's ethics and make them aware that, yes, stealing is bad. You cannot be a good person and steal."
Now, Valenti is a prick. There's no doubt about it. He's an old guy of the worst sort: a guy who thinks he's "in touch" but, of course, is woefully out of touch. He thinks he's in touch because he's "been around" for something like 40 years -- wining and dining with Jack Kennedy, setting up the current MPAA rating system, (boy, when I was 11 and blocked out of Apocalypse Now because of Valenti's 'R' rating, I was furious. I even wrote a letter to the guy -- he didn't answer -- and attempted to explain that it should be up to my parents about whether or not I should be able to see Apocalypse Now or the Deer Hunter and not Jack Valenti and his out of touch band of decrepit geezers who have managed for years to wine and dine and subsequently get in bed with all of the politicos. But I digress...) and acting as the rabid lobbyist for the interests of the Motion Picture Industry.
The problem with the MPAA -- and by extension the RIAA -- isn't Napster or DIVX (the video codec, not the failed Circuit City venture) or peer-to-peer networking -- it's one of perception.
True, a new business model would help matters -- a business model in which the RIAA and MPAA figure out how to exploit technology, leverage it, and still give the consumer a sense of empowerment -- but the real issue is one of perception. The RIAA and MPAA are vile whores.
I don't say this lightly, either. Not too long ago I was at an 'eGovernment' conference (one of the dumbest conferences I'd ever attended -- government, for sure, has no clue when it comes to understanding the way business and tecnology have shifted, but, again, I digress...) and the keynote speaker was some higher-up on the US Internet Council. (Some non-profit US group out of Washington DC who go around the globe and attempt to get everybody to buy into the global benefits of the internet). This guy -- a fantastic speaker, by the way -- was asked a question about Napster and about pending litigation against Napster and Scour and guess what? The first words out of his mouth was this: "The RIAA is vile."
No kidding. It was a joke -- and he switched into his serious "Well, okay, not vile, but you know
The audience cheered. For me, it was the high point of a dumb conference. (Can someone explain to me why the government -- state and local, especially -- don't get dot-com speakers to speak at these things instead of government webheads? I mean, if the government is gonna learn anything about "leveraging" the internet, the place they should for instruction is into the private sector and not back into the public sector, where -- except for some academic wonks, perhaps -- they will find only cluenessness piled upon more cluelessnes, but, okay, I digress...)
My point is this: that the RIAA and MPAA both need better PR if anyone is gonna buy into Valenti's ethical arguments. It's as if a pimp complains to a Congressman about how his "business has been bad lately because the ladies been giving it up for free. Man, I gotta install computerized chastity belts and issue encrypted keys!"
No one listens to the pimp because he's a pimp. The other pimps praise the first pimp's ethics -- Yeah, man, there is an Ethics of Pimping -- but everybody else gives the pimp a crazy look: Ethics? You're not serious, right?
That's what Valenti is fighting against. He's in a PR war for getting Joe Consumer to buy into the Ethics of the Pimp.
Andrew Leonard is a contributing editor at Salon magazine, a fact which no doubt was accidentally dropped from the story in editing. Timothy apologises for this and will endeavour to make sure that connections between media outlets pushing stories on slashdot are made clear in future.
The technique was basically to defeat the watermark (using noise or blur or whatever), and overlay a new one on it using the digimarc software. I am willing to bet that basically the same technique would work with sound files, as many of the principles are the same.
If I have access to the SDMI watermarking software (as I am sure to have sooner or later if the clueless fools go ahead with any of this nonsense) then I will be able to replace their watermarks with one of my own. This is pretty funny, not only will I have 'cracked' SDMI, but actually subverted it to my own purposes.
Everybody knows that watermarking will never work, why are they persisting with this madness?
I wish they would get a clue, and offer me something that I want, like good quality songs from complete catalogues available from reliable servers. In which case, I will gladly pay a reasonable tarriff for access to them.
It was Dr. Edward Felten who demonstrated for the courts that IE could in fact be removed from Windows 98, and that clear benefits to the consumer resulted from doing so. It was his evidence that Microsoft attempted to discredit with a video that later turned out to be faked.
t rial/breaking/docs/mstrial121198.htm , http://www.zdnet.com/zdnn/stories/news/0,4586,2196 350,00.html.
See http://www0.mercurycenter.com/business/microsoft/
The stupid Slashdot line breaking algorithm means that you may have to deal with spaces it introduces. Since it seems you can hide spaces in tags, it should be fairly straightforward for trolls to introduce overlong lines this way - I hope Taco fixes it...
--
Xenu loves you!
These guys, by participating in this challenge, are helping the RIAA to restrict our ability to engage in fair use, period. In short, they are helping the process along to take away our freedom.
Reading their tortured excuses in their FAQ (http://www.cs.princeton.edu/sip/sdmi/faq.html) regarding why it was ok to help the RIAA because of "scientific research" or the pursuit of knowlege or whatever-- TOTALLY misses the big picture. Fellas, if you're really interested in watermarking as a science, then have an open discussion about it. But the RIAA doesn't give a shit about research; their challenge is closed for a very practical reason-- to restrict access so that they control when and how our fairly purchased media is played.
It's disheartening that these researches are ignoring the political and moral ramifications that underlies their research-- always a most dangerous practice of science. At best they are ill-informed-- their constant reference to "pirates" suggests they don't really understand the issues involved here.
I am glad they pulled out of the challenge and that they don't think the RIAA can succeed in the long run, but in the short term the damage is done-- they've already made the RIAA aware of weaknesses in their system so at least for the moment, they are already a step of where they might be otherwise.
Nice job guys.
Very keen observations, all of them. The intended model for SDMI, presently, is that all music will have the same kind of watermarks for which all players will be screening. These will be used in a general infrastructure by which the marks will instruct players/recorders to not accept marked music under certain conditions, for instance if it is or has been compressed.
Watermarking with secret keys to detect rather than directly prevent unauthorized distribution is technologically feasible. Using a secret key would make it more secure, and with no detector to use as an oracle one could not tell if their music is marked or not. There is still a serious problem with this technology however: if detection is automated, people could still perform tricks to misalign the music with a detector. Simply encrypting an MP3 and providing the key will scramble it beyond the ability of a webcrawler to find it.
In other words, they believe that the whole idea behind SDMI is bound to fail technically.
If you submit a successful hack to the SDMI challenge, it becomes the intellectual property of the RIAA (this is a condition of the contest). If you don't submit your hack to them, but to a third party for verification, they can and will claim you have not passed their tests.
The only people who would be sane to submit a hack are the companies who have submitted competing watermarking technologies. They have a vested interest in breaking their rivals work.
I'd be interested in knowing if this research actually met that condition as most universities claim IPR on work by their grad students and employees.
BTW it keeps coming up in this thread, but you cannot defeat many audio watermarks by overlaying a new watermark. The way the technology works is to add 'adjusted noise' to the track, and adding a second watermark will test positive for both. As you add more you degrade both the original watermark and the original sound, the premise being that by the time you screw the watermark up you have also screwed the music.