Money For Nothin' From The SDMI Hacking Contest

OS24Ever points to this CNN story, writing: "SDMI is announcing that they are paying two hackers $5000 each for breaking the encryption on their watermarking technology." And as the article points out, conspicuously ignoring the fact that independent researchers have broken four of the watermarking schemes without getting taking part in the official contest.

Re:This is DIVX Part 2 - Audio Edition

[sdo1]

If you capture the analog output, there is no way that the watermark could be preserved

That is completely false. The watermark is imbedded in the ANALOG signal. There are several technologies that SDMI is proposing, and I'll be honest, I couldn't hear them all on the samples they provided with and without the watermarking. Some were audible, but perhaps those are the harder ones to break. The quality of the original works wasn't that great to begin with, so maybe that had something to do with it. I'd imagine that it'd be easier to bury a non-audible watermark in "busy" music than it would something that's soft and simple.

The watermark is designed to survive digital conversion and compression. And some of the technolgies do survive. I did some of my own testing of the "sample" files that SDMI made available. I subtracted the "watermarked" from the "unwatermarked" files leaving just the watermark. Then I compressed the files with various schemes (mp3 file compression to different bit rates), and again sutracted the watermarked from the unwatermarked files. This leaves behind a post-compression watermark. I then compared this to the uncompressed watermark. And in most cases, they were, both visually and audibly, similar enough that I could imagine that the watermark may have survived.

In theory perceptual coding (which .mp3 compression is) should get rid of non-audible parts of the files. The fact that the watermarks did remain to some extent shows that they are, at least in theory, audible.

-S

Can't Stop Piracy

[(eternal_software)]

No matter what, you can always record the lineout from your soundcard, then recompress into whatever you feel like (MP3, for example).

You may say "not many people would go through the trouble", but only ONE person has to, then they can share the MP3 just like we do now.

Nothing will stop this, so why are they bothering with all this encryption technology?

Watermark Nightmares

[Adrian+Lopez]

That a piece of music carries a watermark linking it to the person who purchased it raises certain important issues. For instance, certain problems arise when person X transfers his copy to person Y (permanently or otherwise). Imagine what happens if person Y pirates a copy of the song without person X's knowledge. Would person X be held responsable, given that X's identity is linked to the file? Companies seem to believe it's their right to track our every move, privacy be damned.

Of course they really don't want us to transfer our files to anyone else. Every sale is a "first sale" under their little scheme. Why should hackers help out a group whose only purpose is to limit our rights as consumers?

Re:The only way you can encrypt music

[gmhowell]

It won't work because, quite honestly, the RIAA and pals don't want it to work. Given their profits, it should be trivial to buy big number crunching machines (to watermark the music and house our public keys). Then they only have to do two things:

First, put a terminal into Sam Goody, Coconuts, etc. that reads your ID (username/password or smartcard. The latter is cool and could be combined with a discount card) and then burns your disc.

OR, cheaper still, let you enter your username/password and dl the music to your machine. While cooler, and while it would be a 'legitimate' method of selling emusic, it also would let you make a copy to a cd.

But, since THEY want you to buy a copy for the CD, a copy for the computer, a copy for your RIO, etc, they won't do the second option. At least not for so much money that we are right back where we started (CD's too expensive, so rip 'em off)

The former plan won't work: it takes too long to burn a disc (no, not really, but after you pay your money, are you gonna wait for 30 minutes to get a copy of Britney98SyncAguilera? No, you gotta go show it off to your friends.) There is also the issue of coasterization. I imagine there are essentially zero flawed discs coming from the music makers' plants. Even in a well designed system, in store burners might turn out .1%-1% flawed discs. Expensive both in terms of replacement and PO'ed consumers.

It is a good idea, and one that I think all parties SHOULD be able to live with. Problem is, it takes away enough freedom from the consumer, and enough profit from the manufacturer to make it unlikely to happen.

idoits at large

[magnum32]

Do you think the general public can understand what the challenge is truly about? Most will probably miss the point of the story all together and be abashed that someone would pay a hacker for doing anything. I just think a story like this doesn't belong on cnn because a majority of the readers are too technically inept to grasp the point. I dont want to say these people don't deserve to get the information but they simply miss or misunderstand anything that the media tries to report to them. Of course, who trusts the media anyway.

This is DIVX Part 2 - Audio Edition

[sdo1]

I think a lot of people here are missing the point. They're not going to encrypt every CD with a unique number, but they WILL make you register your SDMI compliant play-back device (hardware or software).

Now maybe the original work you bought at the store has a watermark in the music. If your SDMI compliant device does not see said watermark, it won't play.

And if it DOES see the watermark, an ADDITIONAL watermark containing your unique registration information is added to the OUTPUT device, be it a digital out or analog out.

Now you capture that output (record it to tape, rip it to .mp3, or whatever) and then pass it around the internet... and BAM! They've gotcha!

From that file, they'll be able to read the watermark (assuming you haven't done a credible job destroying it while still maintaining the sound quality of the music) and they know EXACTLY who's equipment the file was produced on... and since you've registered that equipment (or software), they know exactly who YOU are.

Now go back to my 2nd paragraph. To make this even more ugly, maybe your SDMI compliant playback device will only play "clean" originals or copies from your own SDMI compliant devices. Try to play back some song that you copied from a buddy and his registration code is buried in the watermark. Bzzzzt. Invalid code. Will not play.

This is evil, evil technology. The way to stop it is the same way we stopped DIVX. Educate your friends and family. And don't buy SDMI compliant devices (hardware AND software).

-S