Slashdot Mirror

← Back to Stories (view on slashdot.org)

SDMI Challenge Participants May Face DMCA Action

Posted by Roblimo on from the academic-freedom-and-commercial-interests-collide dept.

ssimpson writes "Everyone has probably forgotten the SDMI challenge to hackers to try to break a handful of proposed watermarking and "other" protection mechanisms? Well, it was recognised that a group of researchers at Princeton University broke all of the protection mechanisms and were due to publish a paper on at the 4th International Information Hiding Workshop (25-29 April) but have been threatened with the DMCA if they publish the results. So much for academic freedom, eh? SDMI seem particularly upset because one of the protection mechanims broken in the paper, The Verance Watermark, is currently used for DVD-Audio and SDMI Phase I products. Oops. Somehow, a copy of the threatening letter and the full paper entitled "Reading Between the Lines: Lessons from the SDMI Challenge" has appeared on John Young's excellent Cryptome site. SMDI's urge to "withdraw the paper submitted for the upcoming Information Hiding Workshop, assure that it is removed from the Workshop distribution materials and destroyed, and avoid a public discussion of confidential information." seems a little weak now...."

12 of 228 comments (clear)

  1. I was supposed to present results at IHW ... :( by JPS · · Score: 4

    ...on our own paper regarding the SDMI challenge. Now, I'm not sure I will...

    What I think is really very funny is that the SDMI didn't contact us to have to paper removed or something. This probably means that either 1) they know we are French and know the DMCA doesn't apply or 2) (most likely) they don't really care about our results because we are attacking an algorithm that they haven't picked.

    So the funny point is that they had apparently already chosen and deployed an algorithm before the contest. Now they are whinning because the Princeton team (brillantly) broke this very algorithm. And they are invoking some almost "moral" reasons for that, while they probably would have shut up if only the three other algorithms had been broken.

    Anyway, I hope that this story will illustrate the dangers of the DMCA so that the european equivalent which is on its way will never come up, and that eventually the US one will be removed.

  2. Weak by Mike+Connell · · Score: 5

    Whilst I'm happy to see the results published, it's dissapointing to see them leaked anonymously. I would have far prefered the faculty at Princeton to stand up, give the RIAA the finger and say "We're scientists. We do research and publish. If you don't like the fact that some of our guys cracked your methods, don't make them so weak".

    Now the appearance is that university researchers *are* in fear of RIAA and the bizarre legal state of affairs that exists. After all, if Princeton can't/won't stand up to them, who will?

    It's nice that the paper is out, and that, (presumably), they can now present it at the IHW conference without repercussions, but it still leaves a bad taste in my mouth.

    --
    Tales from behind the Lagom Curtain
  3. proof the RIAA is stupid. by moller · · Score: 5

    They addressed the letter wrong:


    April 9, 2001

    Professor Edward Felton
    Department of Computer Science
    Princeton University
    Princeton, NY 08544

    Dear Professor Felten,

    (etc.)


    Well, it's a good thing that they got the Zip code right. Last time I checked, Princeton University wasn't in NY. The RIAA can't even send threatening letters correctly.

  4. I'm going to disagree for this instance by moller · · Score: 5

    Colleges and Universities also have a time honored tradition of bending over for anyone who is or might be a contributor. If Princeton's development office has them on file as a donor, you'll be disappointed how quickly they'll act to shut up their own students and faculty.

    Well...I don't know how true that is in general. But specifically regarding this case, from the FAQ (http://www.cs.princeton.edu/sip/sdmi/faq.html) on their webpage, they state that:

    Fortunately, the DMCA did not apply to this challenge, since SDMI granted explicit permission to study their technologies. We are not sure whether it would have been legal to study these technologies outside the context of this challenge. We think the DMCA, by criminalizing some kinds of study of important technologies, represents an "ignorance is bliss" approach to technological copyright enforcement, which will not work in the long run. We lobbied against certain aspects of the DMCA while it was before Congress, and we still consider it to be a seriously flawed law. (my emphasis)


    Above, we mentioned the important role of analysis in the design of security systems. The main problem with the DMCA is that it hinders this analysis, restricting it in order to provide an extra layer of legal protection for existing copyright systems. But this causes the scientific process to stagnate. Imagine a federal law making it illegal for anyone (including Consumer Reports) to purposefully cause an automobile collision. While this may be a well-intentioned attempt to stop road-rage, it also bans automobile crash-testing, ultimately leading to unsafe vehicles and the inability to learn how to make vehicles safe in general. The situation with the DMCA is analogous.

    So this group of researchers lobbied against the DMCA. This would be the perfect opportunity for them to fight it. Seeing as how they've said that they disagree with the DMCA, it seems that it would be more likely for them NOT to fold under the RIAA's pressure.

    Moller

  5. The Verance Watermark by Apotsy · · Score: 5
    The thing that really sucks about the Verance watermark is that it is designed to survive lossy compression and analog copying. Of course, in order to do that, it has to be so obtrusive that you can hear it, despite the company's claims to the contrary.

    According to this article, recording engineer Tony Faulkner was able to spot the watermark 75% of the time on his first chance at hearing it. What does that tell you? That this stupid watermark is going to be something you will hear on every DVD-A disc you buy! Doesn't that suck?! Well, the recording companies don't care ... they just want to stop those Napster punks from stealing their content -- quality be damned!

    --
    Free Hans!
  6. will this trigger them, as well? by TheGratefulNet · · Score: 5
    I just downloaded the latest Mandrake install .iso

    I mounted the iso image in loopback mode (mount -o loop ...) and did a find on the filesystem to see what the latest Mandrake has.

    imagine my surprise when I found they had a copy of DE-CSS in there:

    % find /mnt -print
    /mnt
    /mnt/autorun.inf
    /mnt/COPYING
    .
    .
    .
    /mnt/tutorial/style/de.css
    /mnt/VERSION

    its the 2nd to last file in the distro.

    sorry for blowing the whistle on you, Mandrake, but I'm just doing what my country wants; turning in my fellow man for the Greater Good.

    --

    --

    --
    "It is now safe to switch off your computer."
  7. Felten is amazing. by e_lehman · · Score: 5

    Edward Felten is amazing.

    • This is the same guy that provided Boies with his technical ammunition in the Microsoft trial. It was while trying to prove that Felten's IE-remover program didn't work that Microsoft was devastatingly caught showing a faked video.
    • Would you prefer this incident has been used as a First Amendment challenge on DMCA? Say by the ACLU? Back in January, baby!!! (See page 15, or 8 by the document's own numbering.)
    • And now, just to pour salt on the wounds, his group leaks the SDMI cracks anyway. I love it!

    This guy is my hero! Looks so *innocent*, doesn't he? :-)

  8. DMCA will protect the scholars, not SDMI by sparkane · · Score: 5

    From the law his own self:

    USS Code, Section 1201(g)(2):

    Permissible acts of encryption research. - Notwithstanding the provisions of subsection (a)(1)(A), it is not a violation of that subsection for a person to circumvent a technological measure as applied to a copy, phonorecord, performance, or display of a published work in the course of an act of good faith encryption research if -

    (A) the person lawfully obtained the encrypted copy, phonorecord, performance, or display of the published work;
    (B) such act is necessary to conduct such encryption research;
    (C) the person made a good faith effort to obtain authorization before the circumvention; and
    (D) such act does not constitute infringement under this title or a violation of applicable law other than this section, including section 1030 of title 18 and those provisions of title 18 amended by the Computer Fraud and Abuse Act of 1986.

    Let's see: the scholars recd the copy lawfully (they didn't infringe copyright to get it); their act was not just necessary for research, but was research itself; I am sure they are making a good faith effort, as is evidenced in the harrassing letter; I'll eat my hat if releasing their paper breaks any other laws.

    That's 4 for 4.

    But wait there's more:

    1201(g)(3):

    Factors in determining exemption. - In determining whether a person qualifies for the exemption under paragraph (2), the factors to be considered shall include -

    (A) whether the information derived from the encryption research was disseminated, and if so, whether it was disseminated in a manner reasonably calculated to advance the state of knowledge or development of encryption technology, versus whether it was disseminated in a manner that facilitates infringement under this title or a violation of applicable law other than this section, including a violation of privacy or breach of security;
    (B) whether the person is engaged in a legitimate course of study, is employed, or is appropriately trained or experienced, in the field of encryption technology; and
    (C) whether the person provides the copyright owner of the work to which the technological measure is applied with notice of the findings and documentation of the research, and the time
    when such notice is provided.

    The scholars *are* disseminating the information to further encryption study; if they are not employed in the proper field, then no one is; clearly they have notice of the findings to the copyright holder, to wit the harrassing letter.

    Conclusion: Those bastards don't have a leg to stand on.

  9. Excellent. by JAVAC+THE+GREAT · · Score: 4
    This is just the challenge the DMCA needs to be taken to the Supreme Court and repealed. With Princeton (=State of New Jersey? Is Princeton public?) footing the legal bill, they can afford to go all the way, and the with something so fucked up as this SDMI is bound to lose.

    But then, I wouldn't be surprised if the SDMI people back down to make sure they don't lose their most valuable weapon in the fight against free speech.
    ---

    --
    Know someone who is stealing cable? Report them!
  10. Re:SDMI are loosers by mikethegeek · · Score: 4

    I think you make some very excellent points! Well done.

    "Between these poles I think that there is a rational middle ground. The type of rights enforcement technology the RIAA is insisting upon cannot work, as with DeCSS every player has to have the secret key."

    Which is why any such scheme that has to rely on "security by obscurity" will fail. Any consumer-level product will end up being broken, simply because it CANNOT change to make it incompatible with any breaks.

    Simply put, any replacement of the audio CD will fail if the consumer is forced to replace ALL of his players and/or media every few months to a year because of SDMI "improvements" in response to breaks. Audio and video media MUST be ubiquitous to succeed.

    The ultimate piracy prevention is to charge reasonable prices for the product, which is something the RIAA and MPAA are completely unwilling to do. Which is why they are wasting MILLIONS of dollars on doomed protection schemes, for the sole purpose of the ability to FORCE the market to bear whatever price they choose to set, by preventing piracy.

    The RIAA and MPAA are charging many MANY times the cost of their product for the product.

    I do NOT endorse piracy, but I do recognize that it does serve a legitimate purpose in giving the IP companies incentive to keep the prices reasobable.

    --
    === The price of freedom is eternal vigilance
  11. SDMI are loosers by Zeinfeld · · Score: 5
    The SDMI effort has been pretty disorganized and chaotic from start to finish. I was at an SDMI conference in 1999 where the premise was that the scheme had to ship for Xmas 1999. Needless to say they missed.

    The whole premise of SDMI is pretty funky, the idea is that the device manufacturers will spike their devices to protect the interests of the labels. This is a pretty forlorn hope since the consumer electronics companies bought up content companies to help them sell hardware. Sony and Philips have content divisions but they play thrid or fourth fiddle to the consumer electronics divisions.

    For SDMI to succeed there must be no way to get a non SDMI player. That ain't going to happen. The other premise is that there must either be no way to rip a CD - a futile effort in itself or no more material will be released on CD.

    The alleged rip protection for CDs on the street at the moment make use of widespread bugs in CDROM device drivers. An audio CD player that encounters an error makes a best effort attempt to continue. A CDROM driver will in many cases report an error and stop. This can be fixed by simply patching the driver to emulate CD Audio players - a process that was already in progress since users were complaining about lack of robustness when playing CDs.

    Meanwhile the sales of CDs have actually started to decline for the first time ever. I suspect that this is not just the result of Napster. I suspect that the ultra aggressive tactics of the labels have discouraged many purchases.

    I have no sympathy for the crooks running Napster, the idea you can build a billion dollar business helping people rip off everyone else in the music business is one extreeme of the debate. The other is the equally greed RIAA and DVD crew who want to use digital technology that is not up to the task to massively increase their profits. I have sat through presentations from DRM companies who claim that they will not only protect content, they will make higher profits possible through product placement, advertising, co-marketting and extortionate pay per view charges.

    Between these poles I think that there is a rational middle ground. The type of rights enforcement technology the RIAA is insisting upon cannot work, as with DeCSS every player has to have the secret key.

    I think that a digital download format with a watermark could work. But the detection software would have to be closely held and used only to identify individuals who were ripping lots of tracks and putting them onto the Internet. Their access to the download service would be cut off. Such a scheme would probably be as good a limit on piracy as can be obtained. There would be minimal incentive to break the watermark scheme since it would not prevent a person from listening to the pirate tracks, merely discouraging the piracy. The attackers could not know in any case whether their de-watermarking technology had succeeded. The distributors could deploy new schemes without prior notice.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/
  12. DMCA by dachshund · · Score: 5

    I was under the impression that "encryption research" was specifically excepted under the DMCA anti-circumvention clause. Does this letter take that into account? I would love to see this go to court, even though today's (apparently bought and paid for) federal courts give me little reason for optimism.