Slashdot Mirror
SDMI Challenge Participants May Face DMCA Action
ssimpson writes "Everyone has probably forgotten the SDMI challenge to hackers to try to break a handful of proposed watermarking and "other" protection mechanisms? Well, it was recognised that a group of researchers at Princeton University broke all of the protection mechanisms and were due to publish a paper on at the 4th International Information Hiding Workshop (25-29 April) but have been threatened with the DMCA if they publish the results. So much for academic freedom, eh? SDMI seem particularly upset because one of the protection mechanims broken in the paper, The Verance Watermark, is currently used for DVD-Audio and SDMI Phase I products. Oops. Somehow, a copy of the threatening letter and the full paper entitled "Reading Between the Lines: Lessons from the SDMI Challenge" has appeared on John Young's excellent Cryptome site. SMDI's urge to "withdraw the paper submitted for the upcoming Information Hiding Workshop, assure that it is removed from the Workshop distribution materials and destroyed, and avoid a public discussion of confidential information." seems a little weak now...."
Alright. Why would anyone buy a SDMI CD player?!
I know in my house alone, we have atleast 9 non-SDMI CD players that I can think of off the top of my head. The CD format is so widespread right now that I'd imagine it's a similar situation pretty much everywhere. I have no reason to go out and buy a new CD player. I have a portable AIWA discman that I bought in 1997. It has worked like a charm. It has all the neccessary features; 10 second anti-skip, hold, and play controls. What else could they put in there to make you want to go out and buy a CD player that won't work in alot of cases? Are they trying to play the public for fools. This is sounding alot like the DIVX fiasco, and we all know how that turned out...
Dys.
This comment is brought to you by the drug caffiene, and the number 5.
Nothing but lies, lies, and more lies from the RIAA and their cronies. Why should we believe anything they have to say anymore?
Eric
--
Be who you are...and be it in style!
Which is to say- don't hold your breath. Did you think these things _need_ a TAS to discern them? You'll be able to hear it quite easily on a boombox- or through a Xing mp3 at 128K. That's the _point_.
It's said that the Verance watermark sounds like middle-distance buzzing bees at a higher pitch (buzzing flies?). Which may, in a sick way, be compensated for by the fact that, with the hypercompression techniques in use, there _is_ no middle distance for commercial music anymore- everything is brutally up-front and flattened, and there are no quiet passages that are not compressed to full volume, and loud passages are routinely distorted to the point of flat-topped waves, so this covers up the other sonic ugliness of the buzzing flies sound.
So, the commercial sphere is going to mean extremely high resolution media containing totally smashed and flattened audio of relentless, ear-fatiguing aggressiveness, which contains in the background a noise of buzzing flies or some other uncorrelated noise at least 6 DB louder than the current worst possible CD-audio quantization noise, or to look at it another way, a noise of buzzing flies or some other such extraneous sound that is always louder than the worst distortion components produced by mp3 encoders such as Xing.
I couldn't make this up if I tried... and it's appalling, but it also offers an opportunity.
There are places out there gearing up to give indie musicians the capacity to do music distribution without going through a label. Largest is the rip-off mp3.com, which only lets you sell CDs made from 128K (inadequate) mp3s. Of course, by definition this is still less distortion than DVD-A with watermarks... however, there's others, and the one I'm most a fan of is ampcast.com, which is just finishing up their own CD program, with the option to have CDs duped from Red Book master CDRs you supply to Ampcast: burn-to-order of _real_ CDs. (Burning from special 256K and up mp3s not available for download is also an option.)
The thing is, there's an extra thing Ampcast is doing- they are taking pains to allow the artists to tap into the existing distribution networks. You can buy an official barcode for your CD through them for $20 a barcode- and get them shrinkwrapped with spine stickers, everything you'd want to have your stuff alongside commercial releases and look just the same as them.
The catch is- maybe you don't _want_ your indie stuff to fight its way into that channel. You can always sell it over the net, after all, and go for alternative distribution- and more relevantly, there was a time when the stuff with barcodes _sounded_ _better_ than what people could do in their garages. But that time is gone! These days, not only is electronic, computer-generated music more popular, but the facilities for producing commercial-quality music have never been more affordable- and at the same time, the people producing the commercial music are increasingly _wrecking_ it with compression and blatant overlimiting (so you could do just as well, sonically, with Pro Tools, or better if you chose), but they are also preparing to add uncorrelated noise many times as bad as the noise of clean old vinyl records (or the quantization noise of the very worst CD transfers), _intended_ to be worse than the worst an mp3 encoder can do!
So in a way, the logical thing would be to run screaming- to abandon even the idea of sharing the same shelves with that crap, and try to establish a sort of underground that would most likely be centered on CDs done right. CDs done right (with recent improvements in dither technology) are surprisingly good, even compared to high end analog media. And we can be absolutely sure that the record industry will never produce anything as good as CDs done right again (barring a total collapse and recalibration of their values). The one-two punch of volume wars and watermarks will keep them totally pinned, hopelessly committed to debilitating and selfish practices that ruin their reputation for professional sound quality...
Let's get ready to spread the word on that one. It's just as fair as the way CDs were spun to be better than LPs by use of signal-to-noise ratio figures. Hell, records have better sound than bad mp3s- it's totally legitimate to say at this point that watermarked DVD-A will have substantially worse signal-to-noise ratio than vinyl records, and it is a plausible claim. Naturally, audio CDs will _really_ stomp watermarked DVD-A for signal-to-noise ratio...
The truth, of course, is that you can hear past a noise floor to a certain extent- this is what helps vinyl records, and why dithering is so important for digital audio. This doesn't help the watermarking side much as that's still an annoying type of sound by design, right in the most sensitive hearing band- but it's basically true. However, conventional wisdom is that the noise floor is a hard limit- and this can be turned around as a deadly attack on watermarked media's superiority. Somebody come up with what the signal-to-noise ratio is (including correlated noise) for the worst mp3 you can come up with, like Xing 128K or something. We'll get the word out that watermarked stuff by definition must have a signal-to-noise ratio that is worse even than that...
I wish that SDMI would follow through with their threat and pursue Princeton University and the United States Navy in court to suppress publication of an academic paper. These parties have the resources to mount an aggressive defense, and the case would set a precedent that would significantly weaken the DMCA.
Heh heh....I can see it now:
SEAL Team four, your mission is to mount an 'aggressive defense' of the US Navy against the SDMI. The gloves are off on this one gentlemen. As you know, any operation where the opposition employs lawyers releases us from the standard rules of engagement.
Publicity. The SDMI was being introduced at a time when some individuals were having some doubts about efficiency of CSS style algorithms.
CSS was based on the following set of assumptions:
Data that is transmitted in an encrypted format can not be read except by authorized users-- users that have access to the appropriate key.
Of course, as with all covert communications, the key must be transmitted in a secure fashion.
Now, the CSS designers decided that if DVD players were designed with a "hidden" sector, the key could thus be distributed. Persons who merely copied the data from a DVD would have nothing except the encrypted data-- useless without a key. Access to the key depended on physical access to a tangible medium-- the actual DVD-Video disk.
Of course, the key transmission protocol was eventually compromised, and cryptoanalysts discovered that the actual encrytion- instead of being 40-bit, was closer to 25-bit-- literally, a toy code.
Cryptoanalysts and Cryptologists have long recognized that an ideal code should involve a strongly assymetric algorithm-- cheap for a user to decode with a proper key, but expensive for a eavesdropper to decrypt. More importantly, the algorithm should be subjected rigorous testing and/or peer review. The CSS algorithms were not subjected to this kind of testing prior to the release of DVD-Video.
The SDMI proponents, hearing this criticism, decided that their coding algorithms needed that extra bullet point: "peer-reviewed". But, apparently, they had neglected to consider that their algorithms might amount to nought. They only had visions of a future press release:
"SDMI invulnerable to hacking! Music Industry safe from hackers."
And, because, all of the participants in HackSDMI were bound by confidentiality clauses, no one would be the wiser.
What? That trade liberalization means economic growth, which means less grinding poverty in the developing world? There are some pretty screwed-up things about transnational organizations like trade authorities, including especially attempts to make thought-crime laws like the DMCA international, but the alternative of uncoordinated, inefficient, and parochial (to local corporate interests) trade barriers is worse. Much better to support organizations that fight government/corporate corruption, like Transparency International than hide in ones own nationalistic hole.
I wrote parts of this stuff
please refrain from exposing what idiots we are and how much our encryption software sucks.
We already all know what idiots they are (cat's out of the bag on that one!), and the first amendment still protects our right to tell others what idiots they are.
What seems to be illegal now is proving what idiots they are mathematically...
For Princeton not to DTRT here
would be far more expensive in the long run.
Sure! Here is my copy!
--
If the odd freak builds their own DA converter out of twigs and masking tape the RIAA isn't going to have a fit. Because in the kind of environment where that is necessary....they've already won.
-------------------
-------------------
This is my SIG. There are many like it, but this one is mine.
Well, it's not really confidential any more, is it? It's not like Felten signed an NDA to get the SDMI secrets, and is now publishing them. The whole point of the exercise was for his team to figure it out on their own. I don't see how it can be considered confidential information restricted only to the SDMI group any more, since another party has independently figured it out. It could be argued that Felten's research is confidential to him until he decides to publish, but it's not confidential to the SDMI folks any more.
While I'm at it, kudos to Cryptome! The site is probably one of the most important resources on the 'net, here's hoping it never goes away.
Your right to not believe: Americans United for Separation of Church and
Attack on challenge C:: In the first at- tack, we shifted the pitch of the audio by about a quartertone.... Our submissions were confirmed by SDMI oracle as successful. In addition, the perceptual quality of both attacks has passed the "golden ear" testing conducted by SDMI after the 3-week challenge.
Attack on challenge F: For Challenge F, we warped the time axis, by inserting a periodically varying delay.... confirmed by SDMI oracle as successful.
l-_-_-_-l-_-_-_-l
OK, C in particular was trivial, the kind of thing even somebody who knew nothing about signal processing would try, but, come on, didn't SDMI even try to crack their own things before throwing them out to the world?
Based on what I see in this paper, I think SDMI's motives may be misinterpreted here... I think there's a significant component of embarassment here! "Breaking" some of these "amazingly-wonderfully-powerful gonna-save-music-as-we-know-it" schemes was trivial. No wonder they want to hide it.
Note that the papers definately seem to have enough information to build automated crackers for some of the schemes, mostly shell scripts to already existing tools.
It's clear to me that the USA as a free country is collapsing. The twin pressures of a non-productive population viting themselves more and more "bread and circuses" out of the pockets of the workers, and corporations extering pressure on those same politicos (who humor them so as to FUND these "bread and circuses" re-election schemes) is causing us to lose our freedom.
Sad but true... it is pretty much agreed upon that this slow slide is an inevitable characteristic of every government. Our founding fathers only attemped to make one that would suffer it as slowly as possible, but I doubt any one of them thought it would last forever.
Like most things that deteriorate gradually, however, very few REALLY fight it since it spans generations. Why fight for something that will only become bad a few generations later? Screw our great great great grandkids... besides things aren't so bad right now right? RIGHT?
I'm sure in a few hundred years a new, bloody revolution will be fought, this time over intellectual freedoms, when the new peasants realize that their fiefdoms run by the corporations are undeniably corrupt. For now, we can close our eyes to the truth, for don't we have Coca-Cola, MTV, Nikes, Britteny Spears, Microsoft Products, and great movies like "Titanic"? Truly marvelous products that are the result of a wonderful free market, no?
300 years, huh? Crap! I may actually live to see 2076..
Moral? Did you read the letter?
..instead engage SDMI in a constructive dialogue on how the academic aspects of your research can be shared without jeopardizing the commercial interests of the owners of the various technologies.
..at least one of the technologies that was the subject of the Public Challenge, the Verance Watermark, is already in commercial use and the disclosure of any information that might assist others to remove this watermark would seriously jeopardize the technology and the content it protects.
The specific purpose of providing these encoded files and for setting up the Challenge was to assist SDMI in determining which of the proposed technologies are best suited to protect content in Phase II products.
Failure wasn't an option. It was commercial research. However, since they didn't take the money, they didn't agree. Reading the part about the "clik-thru" agreement (spelling for emphasis) made me laff.
Anyway, I hope that this story will illustrate the dangers of the DMCA so that the european equivalent which is on its way will never come up.
'twould be nice, wouldn't it.
--
+&x
I seem to remember there being (and me using) a link to the published document. www.cryptome.something blah...I can't remember or find it in my history..hmm..
anyways...what happened slashdot???
-- Who is the bigger fool? The fool or the fool who follows him? --
Do we believe we can defeat any audio protection scheme? Certainly, the technical details of any scheme will become known publicly through reverse engineering. Using the techniques we have presented here, we believe no public watermark-based scheme intended to thwart copying will succeed. Other techniques may or may not be strong against attacks. For example, the encryption used to protect consumer DVDs was easily defeated. Ultimately, if it is possible for a consumer to hear or see protected content, then it will be technically possible for the consumer to copy that content.
All the criteria are filled: it pisses off the AckAcks, has strong backing in working code and best of all, reads like your average /. post on the subject...
--- Hot Shot City is particularly good.
They are not immature just evil. People running these coporations are the spawn of the devil.
War is necrophilia.
Then again, the end of the presentation makes this point:
Ultimately, if it is possible for a consumer to hear or see protected content, then it will be technically possible for the consumer to copy that content.
At that point, it doesn't much matter what the encryption/protection scheme actually is: their only hope is to use the DMCA bludgeon on their own customers. And unfortuantely, customers only have patience for so long before they say "F*** it..."
"I will take the Ring," he said, "though I do not know the way."
> > Information Hiding Workshop, assure that it is removed from the
> > Workshop distribution materials and destroyed, and avoid
> > a public discussion of confidential information.
>
> Oops! Now it's on the Internet. I hope everyone saves a copy
> for when cryptome is shut down
Yeah, just goes to show you what these jokers know about information hiding! How 'ya 'sposedta hide information when it gets onto Cryptome and mirrored all over hell's half acre?
Now RIAA - those l33t d00dz are serious about information-hiding! Invite them to this information-hiding thingy, they know what it's all about!
...on our own paper regarding the SDMI challenge. Now, I'm not sure I will...
What I think is really very funny is that the SDMI didn't contact us to have to paper removed or something. This probably means that either 1) they know we are French and know the DMCA doesn't apply or 2) (most likely) they don't really care about our results because we are attacking an algorithm that they haven't picked.
So the funny point is that they had apparently already chosen and deployed an algorithm before the contest. Now they are whinning because the Princeton team (brillantly) broke this very algorithm. And they are invoking some almost "moral" reasons for that, while they probably would have shut up if only the three other algorithms had been broken.
Anyway, I hope that this story will illustrate the dangers of the DMCA so that the european equivalent which is on its way will never come up, and that eventually the US one will be removed.
Whilst I'm happy to see the results published, it's dissapointing to see them leaked anonymously. I would have far prefered the faculty at Princeton to stand up, give the RIAA the finger and say "We're scientists. We do research and publish. If you don't like the fact that some of our guys cracked your methods, don't make them so weak".
Now the appearance is that university researchers *are* in fear of RIAA and the bizarre legal state of affairs that exists. After all, if Princeton can't/won't stand up to them, who will?
It's nice that the paper is out, and that, (presumably), they can now present it at the IHW conference without repercussions, but it still leaves a bad taste in my mouth.
Tales from behind the Lagom Curtain
If the researchers went ahead and published the paper anyways. Large universities have fairly competent legal teams, they should be able to defend themselves.
Besides, this is Princeton. I can't see how any litigation pursued against researchers from Princeton would be anything other than a black eye for SDMI. It's not like they'd be suing some little private university with no grad school that no one's ever heard of. This is barely a step down from threatening Harvard (and seriously, who in their right mind would threaten Harvard?).
It would be a shame if Princeton's legal dept tells the researchers to back down because they don't have a legal leg to stand on here. Hell, even if they didn't have a legal leg to stand on it would still be fun to watch SDMI go after several professors at Princeton. High visibility and bad publicity for SDMI. I'd pay to watch those court proceedings.
Moller
They addressed the letter wrong:
April 9, 2001
Professor Edward Felton
Department of Computer Science
Princeton University
Princeton, NY 08544
Dear Professor Felten,
(etc.)
Well, it's a good thing that they got the Zip code right. Last time I checked, Princeton University wasn't in NY. The RIAA can't even send threatening letters correctly.
Colleges and Universities also have a time honored tradition of bending over for anyone who is or might be a contributor. If Princeton's development office has them on file as a donor, you'll be disappointed how quickly they'll act to shut up their own students and faculty.
Well...I don't know how true that is in general. But specifically regarding this case, from the FAQ (http://www.cs.princeton.edu/sip/sdmi/faq.html) on their webpage, they state that:
Fortunately, the DMCA did not apply to this challenge, since SDMI granted explicit permission to study their technologies. We are not sure whether it would have been legal to study these technologies outside the context of this challenge. We think the DMCA, by criminalizing some kinds of study of important technologies, represents an "ignorance is bliss" approach to technological copyright enforcement, which will not work in the long run. We lobbied against certain aspects of the DMCA while it was before Congress, and we still consider it to be a seriously flawed law. (my emphasis)
Above, we mentioned the important role of analysis in the design of security systems. The main problem with the DMCA is that it hinders this analysis, restricting it in order to provide an extra layer of legal protection for existing copyright systems. But this causes the scientific process to stagnate. Imagine a federal law making it illegal for anyone (including Consumer Reports) to purposefully cause an automobile collision. While this may be a well-intentioned attempt to stop road-rage, it also bans automobile crash-testing, ultimately leading to unsafe vehicles and the inability to learn how to make vehicles safe in general. The situation with the DMCA is analogous.
So this group of researchers lobbied against the DMCA. This would be the perfect opportunity for them to fight it. Seeing as how they've said that they disagree with the DMCA, it seems that it would be more likely for them NOT to fold under the RIAA's pressure.
Moller
Unless of course the watermarking process destroys signal information, in which case there will be no way to recover it.
Free Hans!
According to this article, recording engineer Tony Faulkner was able to spot the watermark 75% of the time on his first chance at hearing it. What does that tell you? That this stupid watermark is going to be something you will hear on every DVD-A disc you buy! Doesn't that suck?! Well, the recording companies don't care ... they just want to stop those Napster punks from stealing their content -- quality be damned!
Free Hans!
I don't have a copy of the file, is it for Deutche (German) language pages? Do Germans need different style sheets? Or is this some sort of style-remover?
i18n is a bad abbreviation
[
Did anyone not save a copy of this document or download the Zip provided? Most wouldn't probably have cared much otherwise. I would have read it and moved on myself. Now how many copies of it are out there? When will these groups realize that as soon as they threaten legal action, it's both an incentive to make as many copies of the "infringing" documents as possible, and find out exactly what it is and how it works? If it's to be censored, it must a) work and b) be interesting. Probably never...they didn't learn it with DeCSS, nor with CP4Hack (The CyberPatrol URL list cracker,) nor now with this article.
-- Insert witty one-liner here. --
The important thing to understand is that these are defenses. This means the RIAA still gets to drag someone into court and wage a legal war of attrition, while the defense are argued. That's very, very, expen$$$ive.
Augh, I know this comment is a bit late for anybody to see it in the story, but oh well. If you want to see the original web page, license, AND download the test data sets, then just check out the link in my sig.
-----
That's funny. At my web design job I've been naming all my external stylesheets "de.css" also. Nobody at work knows what it means (I've tried to explain, but...), but they just go along with it anyways, even on projects I have nothing to do with. :-)
Stupid Cheap Guitars
...this kind of thing really gets my goat. I think I've got an answer, albeit one that's unlikely to be passed any time soon.
What we need is a law that would allow courts to punitively strip intellectual property protections from individuals, companies, and organizations that use those protections in bad faith.
Under my proposal, those who abuse the system would be subject to public domainification not only of the IP in question, but also of other IP they may own.
My law would allow courts to strip IP ownership in the event that any one of the following is true:
- The guilty party is using IP laws to prevent dissemination of critiques of IP. This includes flaws, comparisons with other solutions, historical research, or other legitimate academic or competitive information
- The guilty party *knowingly* sought and received IP protection in bad faith; IE patenting something with advance knowledge of prior art that would disqualify the patent
- The guilty party is, or has a business relationship with, the RIAA
Ok, that last one may not fly, but the first two cases are increasingly common, and go beyond corporate malfeasance and into the area of crimes against the public good. The only way these abuses will stop will be if there are severe penalties levied on those who perpetrate IP abuse.
Cheers
-b
If I wanted a sig I would have filled in that stupid box.
As stated in my story, a copy of the paper is at: http://cryptome.org/sdmi-attack.htm
Happy mirroring :)
"Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."
Ok, maybe their methods aren't the best but we should all realize that the music industry has our best interests at heart when they do things like this. They really aren't concerned with profit or maintaining their monopoly, no, by doing this they hope to continue to produce quality music at a reasonable price for the consumer.
lose the good stuff in the noise and burden the attacker even more, intentionally wasting their time.
I love it!
--
--
"It is now safe to switch off your computer."
I mounted the iso image in loopback mode (mount -o loop ...) and did a find on the filesystem to see what the latest Mandrake has.
imagine my surprise when I found they had a copy of DE-CSS in there:
% find /mnt -print
/mnt/tutorial/style/de.css
/mnt
/mnt/autorun.inf
/mnt/COPYING
.
.
.
/mnt/VERSION
its the 2nd to last file in the distro.
sorry for blowing the whistle on you, Mandrake, but I'm just doing what my country wants; turning in my fellow man for the Greater Good.
--
--
"It is now safe to switch off your computer."
Edward Felten is amazing.
This guy is my hero! Looks so *innocent*, doesn't he? :-)
From the law his own self:
USS Code, Section 1201(g)(2):
Permissible acts of encryption research. - Notwithstanding the provisions of subsection (a)(1)(A), it is not a violation of that subsection for a person to circumvent a technological measure as applied to a copy, phonorecord, performance, or display of a published work in the course of an act of good faith encryption research if -
(A) the person lawfully obtained the encrypted copy, phonorecord, performance, or display of the published work;
(B) such act is necessary to conduct such encryption research;
(C) the person made a good faith effort to obtain authorization before the circumvention; and
(D) such act does not constitute infringement under this title or a violation of applicable law other than this section, including section 1030 of title 18 and those provisions of title 18 amended by the Computer Fraud and Abuse Act of 1986.
Let's see: the scholars recd the copy lawfully (they didn't infringe copyright to get it); their act was not just necessary for research, but was research itself; I am sure they are making a good faith effort, as is evidenced in the harrassing letter; I'll eat my hat if releasing their paper breaks any other laws.
That's 4 for 4.
But wait there's more:
1201(g)(3):
Factors in determining exemption. - In determining whether a person qualifies for the exemption under paragraph (2), the factors to be considered shall include -
(A) whether the information derived from the encryption research was disseminated, and if so, whether it was disseminated in a manner reasonably calculated to advance the state of knowledge or development of encryption technology, versus whether it was disseminated in a manner that facilitates infringement under this title or a violation of applicable law other than this section, including a violation of privacy or breach of security;
(B) whether the person is engaged in a legitimate course of study, is employed, or is appropriately trained or experienced, in the field of encryption technology; and
(C) whether the person provides the copyright owner of the work to which the technological measure is applied with notice of the findings and documentation of the research, and the time
when such notice is provided.
The scholars *are* disseminating the information to further encryption study; if they are not employed in the proper field, then no one is; clearly they have notice of the findings to the copyright holder, to wit the harrassing letter.
Conclusion: Those bastards don't have a leg to stand on.
I was thinking a bed cover or shower curtain...
/Smuffe
Perhaps not, but nor do they want to get in the habit of not publishing research because someone with lotsa lawyers says not to.
--
Dyolf Knip
And this RIAA scenario is even more stupid since all the people involved signed agreements making this a perfectly legal hack.
--
Dyolf Knip
Duly mirrored on my homepage. Server & perpetrator (yours truly) are in Brazil. DMCA can't catch me. (I hope)
1. Buy lots of music. Store into notebook.
2. Sell notebook to accomplice. Get cash.
3. File theft of notebook.
4. Preferrably have this happening in some faraway country like India.
5. Get back to USA, crying crocodile tears because of your expensive, lost notebook. Thankfully, you had backups of everything.
Hm, you're right, not easy. But doable. Having everything happen in the same country will be a lot cheaper but a little more risky, what with traceable hardware and all. I guess variations coud be concocted. A nice intellectual exercise, I must say.
Just read the cryptome piece and this really made me see red: /. crowd that has been pissed off by the RIAA, if something like this is implimented it will affect and piss off a far greater amount of people.
"The HackSDMI challenge contained two "non-watermark" technologies. Together, they appear to be intended to prevent the creation of "mix" CDs, where a consumer might compile audio files from various locations to a writable CD",
RIAA members are total scum, If I buy a CD and I want to make a compliation, that's my business, they are my CDs. So far it's been the switched on
If I can not longer backup my own properity because of these efforts, surely the people that prevented me making a backup must provide a replacement if it gets damaged?
Seems like the record companies want it both ways.
A journey of a thousand miles starts with a brutal anal raping at airport security
I wonder how this could be used in a First Amendment challenge to the DCMA?
Check out the Vinny the Vampire comic strip
"It is a greater offense to steal men's labor, than their clothes"
What if Prof. Felton releases the conclusions in an academic environment abroad.
Since SDMI asked for their crappy scheme to be broken, would that still be illegal under the DMCA ?
Up to this point most other (civilized) countries appear to have more reasonable laws on the issue then threatening academic researchers with jailtime.
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
So, has anyone put this on Freenet yet? If so, what's the key? If not, then I'm very disappointed in Slashdot.
--
A feeling of having made the same mistake before: Deja Foobar
If this ever goes to court, it will be a good test of the DMCA.
Unlike previous cases (DeCSS, etc, etc) that were electronic publications, this one is a paper based publication. The court has no problems with understanding things that are on paper (compared to anything electronic) and thus their academic publication will most likely enjoy the full protection of the law. That and I'm sure that there is a long history of corporations trying to stop the publication of formal academic papers (from what I've seen, the academic's usually win)
When coupled with the fact that the SDMI folks presented a formal and public challenge to break their system, I'm sure that whatever protection that they though the dcma would have provided them will be thrown out the window.
While it could be argued that the issue comes down to interpretation of the constitution (federal gov't has the right to support useful arts via copyright laws but is forbidden from abridging freedom of the press or of speach), I think that any reasonable court would probably conclude that forbidden devices cannot include research papers where no machine-readable code is in place. I would suspect that cryptonanysis papers would still be protected. Crackers will ownez everything if they aren't because of the lack of professional criticism for such devices....
Sometimes, I wish people would have the backbone to fight these kind of things. It does not really matter-- someone will eventually and fight and then I would suspect that court will rule in the defendent's favor.
LedgerSMB: Open source Accounting/ERP
Oops! Now it's on the Internet. I hope everyone saves a copy for when cryptome is shut down tomorrow.
---
Know someone who is stealing cable? Report them!
But then, I wouldn't be surprised if the SDMI people back down to make sure they don't lose their most valuable weapon in the fight against free speech.
---
Know someone who is stealing cable? Report them!
The best quotation I found was, "the Verance Watermark is already in commercial use and the disclosure of any information that might assist others to remove this watermark would seriously jeopardize the technology and the content it protects."
Huh? Wasn't that the point? To prove that it doesn't work? Or maybe it's just another example of that old logical fallacy, "We can't do X because X contradicts what we do."
Join the Petition Against Petitio Ad Principii!
Interrobang, back at last!
I'm not a geek, I'm just a clever script.
"Do we believe we can defeat any audio protection scheme? Certainly, the technical details of any scheme will become known publicly through reverse engineering. Using the techniques we have presented here, we believe no public watermark-based scheme intended to thwart copying will succeed."
Which makes the DMCA all the more abhorrent. It's NOT a copyright protection law, but a copy protection protection law.
Copy protection was proven an ineffective mechanism back in the 1980's, and it's just as ineffective now, if not more so, given the much greater number of computer professionals (that you may call "hackers") than there were then.
Given that the right to make a backup copy is an established RIGHT under the Constitutional derived principle of "fair use" would it not follow that any law preventing you from circumventing copy protection to excercise that right would be Unconstitutional?
Keep in mind, the Constitution places SEVERE limits on the scope and duration of patents and copyrights (though that has been violated many times by Congress and several presidents, most recently, Clinton. when copyrights were extended pretty much to infinity).
=== The price of freedom is eternal vigilance
"The DMCA has so far only protected the rights of big business. The courts have a history of supporting free exchange of ideas. I have faith in our courts. I hope this is not misplaced."
I don't have much faith in the courts. Perhaps I'm pessimistic, but so-called "judge" Kaplan seems to be a typical example of the neo-Napoleonoic complex that most of our newer judges seem to have.
Also, keep in mind, that Judges come from lawyers. Lawyers come from lawfirms. The past 20 years has seen a geometric increase in litigation, most of it being done BY the corporations and the powerful. From that pool of lawyers come the next crop of judges. Today, I'd doubt it's possible to apppoint a Federal judge who hasn't done a lot of work for at least one of the aggressive IP cartels.
Judges are supposed to be different from lawyers. They are supposed to be impartial, ubiased, and rule on the LAW, not their personal biases. If "judge" Kaplan is indeed a typical example of the modern judge, then it's obvious that wishing for impartiality is, indeed, wishing for something that won't happen.
=== The price of freedom is eternal vigilance
"The RIAA/SDMI released all watermarked music tracks, of which some contained watermarks currently in production, with a challenge to crack them. Obviously, they assumed that no one would be able to crack it"
All the more indication the RIAA/MPAA et all are on a suicide march. They have no clue about technology, but yet, have the power and influence to get law passed restricting the rights of US citizens to it...
There never was and never WILL be a copy protection scheme that will absolutely prevent someone who is determined to copy from copying it, so long as the copy protection MUST allow the thing to be read, run, viewed, or played.
Ultimately, they will be forced into suing their customers, which will be the end of it, any business that sues its customers because it's scheme or product can't suceed on it's own merits fails (Rambus).
What our government has to decide is this:
Do we want to become a country where corporations have absolute control over IP, or a free country where there is a right to innovate?
Obviously, if the DMCA sticks, and all individual initiative is crushed, some other country without restrictive IP laws will one day take the lead in technological innovation.
=== The price of freedom is eternal vigilance
"If they were patented, how they work would be required to be fully described in detail and on public file in the patent office. By keeping the code s33cr3t, they get no protection but can hope that security through obscurity will keep the innards of their function safe. Obviously it doesn't."
And the DMCA seems to have the effect of assigning perpetual "patent" protection to such "trade secret" schemes as well. Which is clearly Unconstitutional.
=== The price of freedom is eternal vigilance
"Oh, and kids... 1350 Hz is not some whacky frequency that only bats can hear. It's somewhere around E above high C, which is a perfectly fine note, when you think about it. I mean, I play trumpet, I love listening to trumpet music. Cutting out 1350 Hz will effect everyone from Maynard Ferguson to Miles Davis (well maybe not Miles Davis. ;-)"
"1349 Hz ought to be enough for anybody" -Jack Valenti
I get your point. You'd think that any "new" media that is intentionally inferior to the old would fail in the market. But, remember, we're dealing with CONSUMERS here... Windows `9x is clearly an inferior and more restrictive product when compared to OS/2, Linux, BeOS, or even the original DOS it's still based on, yet it still dominates the market because of superior marketing.
Maybe the IP cartels think they can get SDMI accepted in the same manner?
=== The price of freedom is eternal vigilance
"Corporations by their nature are amoral, mindless beasts..."
Amoral, yes (remember the Pinkerton's "Geek profiling" service they are offering to schools to single out geeks as "potentially dangerous"?), but not mindless. Corporations seek profit like a tiger seeks prey. A world where IP companies have "carte blanche" to charge whatever they want for media is obviously a major objective for them.
"they'll have more luck in China, where censorship is part of the very society... I feel sorry for the Chinese in that regard."
I feel sorry for the Chinese, or any people not living in an open society, though I hate their evil governments. What is scary, is that laws like the DMCA threaten to end all freedom in the USA, and turn us into a "Corporate State" where corporations own everything. This is the opposite extreme of "communism" where the government owns everything, though the end results would be the same.
Just as people were no freer under Hitler's fascist Germany than under Stalin's USSR, they'd be no better off in Jack Valenti's "SDMI Rebublic"
It's clear to me that the USA as a free country is collapsing. The twin pressures of a non-productive population viting themselves more and more "bread and circuses" out of the pockets of the workers, and corporations extering pressure on those same politicos (who humor them so as to FUND these "bread and circuses" re-election schemes) is causing us to lose our freedom.
We are noticeably less free today as we were in 1984, I shudder to think of what we will be like in 2084...
=== The price of freedom is eternal vigilance
"Why did SDMI have the challenge in the first place? They were enthusiastic about the challenge, but when someone cracks their technologies, they get so upset and were even reluctant to admit that someone had. If they say "try to crack this" they should accept it if someone does crack it, and also accept the results of that. Furthermore, why were they challenging people to crack a watermarking technology that is currently being used???"
If they truly expected that it wouldn't be broken, that is outright stupidity. Also, their "hacksdmi" challenge would seemingly, IANAL, put them on shaky ground as to preventing a participant from publishing the results of their participation.
Obviously, some corporate drone got giddy with the idea that SDMI was somehow "hackerproof" and ceme out with this "challenge" because he couldn't resist trying to give the hackers "what for"...
This has happened before. Wasn't it a corporation that publically proclaimed the Titanic "unsinkable", only to be proven wrong on the first trip?
=== The price of freedom is eternal vigilance
"As for noticably less free, well, we're free from the worry of Nuclear War, something you can't say about '84"
Maybe on a World War III scale, but the inevitibility of some sort of nuclear catastrophe increases yearly. It's only a matter of time before a rogue state or terrorist group gets a nuke and explodes it on a US city. In fact, the breakup of the USSR probably INCRESED the possibility, as there are many Russian nuclear engineers now unemployed, and LOTS of Russian nuclear material out there.
Also, don't forget that China now has multiple ICBM's targeted at the USA now, and thanks to Clinton, they might actually HIT something, when 3 years ago, a Chinese rocket could barely reach orbit with any reliability... And, China puts a far lower value on human life than even the USSR did...
Nuclear fission bombs are INCREDIBLY simple devices! They are less complex than most consumer electronics, including your PC! Anyone with half a brain and fissionable nuclear material can make one. In fact, this information is pretty much public domain and easily available.
So far, it's only the strict controls of the nuclear material that has prevented every rogue state in the world from having nukes. But inevitably, somewhere, someone will get it.
=== The price of freedom is eternal vigilance
"So, all they have left is to bring legal action against those few who dare to openly and publicly present this information, to make these people suffer for opposing the corporations.
Which means that there will be martyrs. It's not that fun to BE a martyr, so I don't think there will be much of this.
"There's a war on folks, and this is just another battle in that war. We'll see LOTS of casualties before it's over, but in the end, I think we can win this one. Any speculation on what the final costs might be, when corporations realize they can't win this war???"
You have more faith in the sheep masses than I do. Since 1933, and accelerating since 1964 or so, we've been becoming a nation centered around meeting the public's ever-increasing demand for "bread and circuses".
In 50 years, at our rate of population growth, tax rates will have to be over 75% just to support these "bread and circuses" programs.
By then, there will either be a second revolution (not likely, given the fact that most will be happy living off everyone else), or else the ONLY producers left will be mega corporations. The megacorps will be even MORE powerful than they are now as a result... Would you work 40 hours a week for less than 1/4th of what you earn? I wouldn't...
=== The price of freedom is eternal vigilance
"If they can push laws through that would make it illegal to sell a device which circumvented SDMI, the RIAA wouldn't be as concerned about rogue players because they could sue the manufacturers for damages. Perhaps worst of all, they could sue YOU for violating the DMCA by using your rogue player."
If our government does that, then you might understand the purpose of the 2nd Amendment (just as ignored as the clearly power-limiting 9th and 10th amendments), as that would be an indication that the time may be for some kind of revolt...
I don't like or advocate violence, but someday ultimately, violence may become necessary to force the government to start living within the law (Constitution).
Simply, the purpose of establishing a government is to SAFEGUARD the freedom of the people. If the government sells out solely to corporate interests, then it is ceasing to perform it's function.
You might find this hard to belive, but one of the "matches to the fuse" that started the American Revolution was something not all that dissimilar... England had the habit of granting and supporting "corporate" monopolies in it's own self interest. The "Boston Tea Party" was a revolt against one such market monopoly, granted to the British West Indian Company to sell tea to the colonies...
This government action prevented the Colonists from buying their tea from cheaper sources, and mandated they buy from a government suported and subsidized monopoly.
=== The price of freedom is eternal vigilance
"Hasn't it been said before that no matter how well-kept a democracy may be, it will almost never last for more than ten generations?"
I think it was Athens, Greece that was the reference in that statement. Athens was only one city, and it was the only powerful city-state that had a democratic government. And it was ultimately taken over by Macedonia, which had a purely authoritarian government.
"I wouldn't be sure this is absolutely true, as the Greeks managed to stave off total political decay for hundreds of years until the Romans had conquered them (still, their democracy was a bit different)."
10 generarions is approximately 300 years... Which is about right for the duration of BOTH the Roman Republic and the Athenian democracy.
The Roman Republic, BTW, is largely the framework that was used to create the American Republic...
"However, it seems that there is no perfect government, and I doubt there ever will be. "
Correct. Humans are imprefect, and there is no possibility of any Human creation of being truly perfect.
But, we always must strive for better. Just as the American Republic is an improvement of the Roman one (more perfect), someday there will be one that is more perfect than it is. Society evolves slowly over time just as biology does.
=== The price of freedom is eternal vigilance
"Why, because he disagreed with you? Maybe the law actually says what he said it meant, and it's the law, not the judge, which is wrong."
Kaplan DID NOT apply the Constitution to the DMCA, which he is required to do by his sworn oath he took when he (allegedly) became a "judge" (remember, judges, like ALL federal officeholders swear an oath to defend the Constitution).
Not only did he fail to apply a Constitutional test to the DMCA, he conviently "forgot" to apply the provisions WITHIN the DMCA that allow for reverse-engineering for the purposes of interoperability. Which I think DeCSS as the key component of a Linux DVD player, clearly IS!
The DMCA itself has provisions stating that it cannot circumvent the Constitution's own provisions for fair use. Which the so-called "judge" completely failed to evaluate.
Furthermore, the DMCA contains NO provision expressely allowing a court to forbid web links! He invented that out of thin air.
TO summarize, Kaplan interpreted the DMCA as applied to the DeCSS case only in the most extreme and narrow manner in the most favorable way to the MPAA as could be done. He has very little in the way of precedent or law on his side to support his judgement, which I expect to get tossed out on the same ass Kaplan should be tossed out on.
Kaplan's own ties to the MPAA previous to his becoming a "judge" alone is reason enough to call into question his conduct in the case. And that's why he SHOULD have recused himself... The Courts are supposed to have NO appearance of impropriety.
Kaplan's actions reprimanding EFF lawyer Martn Garbus for similar and less direct ties to the plantiff MPAA, then tossing off a motion for his recusal with 90 pages of schlock gives any reasonable person plenty of room to doubt and question his motives.
It could be said, because of his behavior in the case, that Kaplan had his bread buttered BEFORE becoming a judge by the MPAA, and his actions were designed to make sure that it was buttered by them AFTER he leaves the bench. Don't forget that Kaplan, a Clinton appointee, is a relatively new judge. And unfortunately, probably representative of the direction the courts are headed...
=== The price of freedom is eternal vigilance
"Keep in mind that the highest note on a piano is somewhere near 4 kHz; so even though the "robust" component of the watermark may be audible, it will most likely only slightly alter the timbre of sounds in the average song (and so will probably only be heard by musicians and extreme audiophiles)"
Which is why watermarking is a doomed technology. The FIRST adopters of any new audio technology are the musicians and audiophiles. Why? For one thing, brand new technology is almost ALWAYS very expensive at first, and the true devotees are the only ones that will run right out and get it, because it's the best, right?
Well, as you and others have demonstrated, SDMI "watermarking" makes for audio quality that is INFERIOR to current media. The audiophiles will NOT run out and buy it, which will drasticaly slow if not STOP it's acceptance as a replacement for CD. It's the early adopters who subsidize the mass production that ends up lowering the costs for the "rest of us" when we start buying into it.
The only way SDMI will ever make it is if the RIAA, et all, subsidize it, ie, make the players CHEAPER than what is out there now. I don't see that happening, as it would cost them BILLIONS to do this.
=== The price of freedom is eternal vigilance
I think you make some very excellent points! Well done.
"Between these poles I think that there is a rational middle ground. The type of rights enforcement technology the RIAA is insisting upon cannot work, as with DeCSS every player has to have the secret key."
Which is why any such scheme that has to rely on "security by obscurity" will fail. Any consumer-level product will end up being broken, simply because it CANNOT change to make it incompatible with any breaks.
Simply put, any replacement of the audio CD will fail if the consumer is forced to replace ALL of his players and/or media every few months to a year because of SDMI "improvements" in response to breaks. Audio and video media MUST be ubiquitous to succeed.
The ultimate piracy prevention is to charge reasonable prices for the product, which is something the RIAA and MPAA are completely unwilling to do. Which is why they are wasting MILLIONS of dollars on doomed protection schemes, for the sole purpose of the ability to FORCE the market to bear whatever price they choose to set, by preventing piracy.
The RIAA and MPAA are charging many MANY times the cost of their product for the product.
I do NOT endorse piracy, but I do recognize that it does serve a legitimate purpose in giving the IP companies incentive to keep the prices reasobable.
=== The price of freedom is eternal vigilance
If you read the paper, you'll see that one of the algorithms actually is patentend, and therefore can't be a trade secret -- this is even noted in the paper.
Brackets contain world's first nanosig, highly magnified:[.]
The paper is not anonymous. Follow the link to the FAQ and you will see several of the participants listed. Additionally, not only did they not take the paper down, they simply posted the RIAA's letter ahead of it. Kinda makes a statement, posting the threat letter at the beginning of the very webpage they want you to suppress, eh?
Brackets contain world's first nanosig, highly magnified:[.]
Nobody issues a challenge like that if they expect their precious standard to be broken. Oops. Now they're pissed. I didn't realize two year olds were allowed to run corporations.
Brackets contain world's first nanosig, highly magnified:[.]
Some of the most undereported documents are the ideas Napster had to 'monetize the userbase'. They were all at least as clueless as the ideas the RIAA have had.
Basically Napster would become a clone of AOL, a stiff monthly fee plus lots of intrusive pop up ads.
I agree that the ideas were stupid and Napster never had a chance of succeeding. However they told the billions of dolars story to their VC who evidently bought it.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Sorry, that is SDMI are Loosers (TM)
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
The whole premise of SDMI is pretty funky, the idea is that the device manufacturers will spike their devices to protect the interests of the labels. This is a pretty forlorn hope since the consumer electronics companies bought up content companies to help them sell hardware. Sony and Philips have content divisions but they play thrid or fourth fiddle to the consumer electronics divisions.
For SDMI to succeed there must be no way to get a non SDMI player. That ain't going to happen. The other premise is that there must either be no way to rip a CD - a futile effort in itself or no more material will be released on CD.
The alleged rip protection for CDs on the street at the moment make use of widespread bugs in CDROM device drivers. An audio CD player that encounters an error makes a best effort attempt to continue. A CDROM driver will in many cases report an error and stop. This can be fixed by simply patching the driver to emulate CD Audio players - a process that was already in progress since users were complaining about lack of robustness when playing CDs.
Meanwhile the sales of CDs have actually started to decline for the first time ever. I suspect that this is not just the result of Napster. I suspect that the ultra aggressive tactics of the labels have discouraged many purchases.
I have no sympathy for the crooks running Napster, the idea you can build a billion dollar business helping people rip off everyone else in the music business is one extreeme of the debate. The other is the equally greed RIAA and DVD crew who want to use digital technology that is not up to the task to massively increase their profits. I have sat through presentations from DRM companies who claim that they will not only protect content, they will make higher profits possible through product placement, advertising, co-marketting and extortionate pay per view charges.
Between these poles I think that there is a rational middle ground. The type of rights enforcement technology the RIAA is insisting upon cannot work, as with DeCSS every player has to have the secret key.
I think that a digital download format with a watermark could work. But the detection software would have to be closely held and used only to identify individuals who were ripping lots of tracks and putting them onto the Internet. Their access to the download service would be cut off. Such a scheme would probably be as good a limit on piracy as can be obtained. There would be minimal incentive to break the watermark scheme since it would not prevent a person from listening to the pirate tracks, merely discouraging the piracy. The attackers could not know in any case whether their de-watermarking technology had succeeded. The distributors could deploy new schemes without prior notice.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
These kind of threats by industry groups to prevent the publication of scientific papers that may injure their public image or some foothold in the market is not new. I heard a man named Robert Park speak a year ago. He is a professor (physics, I think, but I can't remember where he teaches) and a writer, and this talk was one of a series of lectures to promote his latest book, "Voodoo Science." After the lecture, there was to be a brief book signing. Unfortunately, lawsuits were preventing the release of the book (libel).
Dr. Park said that these kind of law suits are common, but the courts have a history of releasing academic material in an effort to protect a free exchange of ideas.
The DMCA has so far only protected the rights of big business. The courts have a history of supporting free exchange of ideas. I have faith in our courts. I hope this is not misplaced.
I hope Professor Felten et. al. fight this tooth and nail. Princeton has a legal department, and this is Princeton's fight. I hope they stand behind the professor.
"Dear Sir:
Because we believe that our cool watermarking technology is going to make us lots and lots of money, and because we think that the internet is a fad and will hopefully go away soon, please refrain from exposing what idiots we are and how much our encryption software sucks.
Oh, and please don't let anyone know about all of the hard work you did to prove that. We thank you for that and all, but will attempt to destroy you if you talk bad about us.
Finally, we will have to sue you under the DMCA if anything that you have said, ever, in your life, and we mean ever, could, at any time, in some way, possibly, be used to give someone the faintest idea about cracking this software and maybe using this illegally. we don't care about a better tomorrow as long as we make money today and look good."
Sound right? *sigh*
Random Musings
What are you talking about? These folks managed to hold every single one of their conferences in some exotic location like Florence or Hawaii, all at company expense. I would say they're quite clever, really.
So what if they never quite got any decent work done?
I was under the impression that "encryption research" was specifically excepted under the DMCA anti-circumvention clause. Does this letter take that into account? I would love to see this go to court, even though today's (apparently bought and paid for) federal courts give me little reason for optimism.
They also seem to have trouble understanding that watermarking is not technically feasible. It won't take some really smart guys from Princeton to break this or future systems. Given Chiariglione's inelegant and messy technical track record, I doubt they are going to get a technical clue any time soon either.
Let them add poor watermarks to poor content and create players with all sorts of limitations. In the long run, it's only going to hurt their business. Dealing with these people is a waste of time in my opinion.
Excellent post. However, noise floor is not a particularly good measure of what we can and cannot hear. In the case of SDMI, the watermark (based on the article) appears to be a signal added in the 4-8 kHz band. Keep in mind that the highest note on a piano is somewhere near 4 kHz; so even though the "robust" component of the watermark may be audible, it will most likely only slightly alter the timbre of sounds in the average song (and so will probably only be heard by musicians and extreme audiophiles). And the "fragile" component of the watermark (the part that's used to determine if the file has been modified) is specifically designed to be inaudible. From the article, it appears that the "robust" component is equivalent to a slight echo; since most music recordings are deliberately made in rooms with significant echos, even the "robust" component is not likely to be audible. So adding SDMI encoding to your favorite audio file probably won't introduce audible artifacts, unless you're a world-class musician.
On stereophonic equipment, the monaural sound obtained through multiple channels will enhance your listening pleasure.
As I understand the agreement, the professors were only under the confidentiality clause if they accepted the cash settlement...They did not, and that is why the SDMI could only "Urge" them not to publish the paper, and make vague threats of legal action. They have every right to put forth their findings, after their work. Also...does it seem to anyone else that the SDMI *completely* tried to fix the contest so that no one would win? The whole point of this seems to be them trying to say "Look at our unbreakable work"...even to the extent of fixing the contest "the 'broken' oracle"