Slashdot Mirror
Felten & Co. Present SDMI Findings, Finally
chill writes: "Princeton scientist Dr. Edward Felten and his colleagues presented their paper entitled 'Reading Between the Lines: Lessons From an SDMI Challenge' at the Usenix Security Symposium. CNN has an article.
This is the paper that the RIAA threatened legal action (DMCA) over in the past, if he made his findings public. They have since backed off their threats."
Newsforge is carrying a piece on the same thing that goes into a bit more depth, and links to coverage of yesterday's press conference, and the Standard has a decent piece on it as well.
Yes, I agree with the point about individual accountability, but what about CORPORATE accountability?
Think: If you own a business and you do something illegal, what happens?
You go to jail. Do not pass go. Do not collect $200. You lose your business. Think of it as a death penalty. You have everything to lose if you decide to join the dark side.
Now, consider a massive, multi-national corporation, who's only goal is to, well, make money. If you can make $500 million in profits using illegal methods, knowing that the penalty will probably be around $10 million in fines, what do you think is going to happen? There is no corporate death penalty anymore. Yeah, they fire the CEO (and give him a multimillion dollar severance package and send him on his way), and maybe some other key executives (ditto), but before long, you have the same mentality producing the same problems. It's a numbers game.
For more on this and more, check out this book .
If you were me, you'd be good lookin'. - six string samurai
The presentation was interesting, if you are an EE studying practical applications of signal processing. By applying standard SP techniques to the sample files, Felten and crew were able to discover all kinds of hidden information buried within. These are standard computer algorithms such as Fast Fourier Transforms, echo detection, and statistical analysis. Nothing magical, mystical, patented, or even super secret. Normal curricula for 2nd year EE students, statisticians, and maybe some CS majors.
The best part started about 40 minutes into the presentation. One of the panel members (I can't remember his name) gave an analysis of section 12.01 of the U.S.Code, broken down paragraph by paragraph. There was a good summary of the DMCA, which exposed it clearly enough for laymen to understand it is not a copyright law, but a "para-copyright law". The distinction is that it doesn't directly change existing laws, but modifies the contract between copyright holders and consumers. Very clear and well spoken, this speaker is someone who has clearly given the speech repeatedly and knows exactly how to present the information for maximum impact.
If you download the presentation, at least take the time to watch that 10 minute section. It will give you the verbal ammo needed to start convincing people you know the basis of why the DMCA is bad.
the AC
[The next section is the EFF lawyer saying "ummm" about 50 times per minute, and completely losing the audience]
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
"The Standard" just went bust.
They're right. The RIAA never threatened him with direct action. The letter only said something along the lines of "your actions could subject you to legal action under the rules of the DMCA". Big difference, hmm? "I'm not saying I'll kill you if you come on my property. It's just that if you come on my property, you might...ummm...die a violent death." The RIAA's claim that no threats were made is infuriatingly insulting.
An interesting anagram of "BANACH TARSKI" is "BANACH TARSKI BANACH TARSKI"
Since RIAA backed down and Felton got to present his research, we may have lost the best case we had to try and get section 1201 of the DMCA overturned. :(
"Weapons should be hardy rather than decorative" - Miyamoto Musashi
I think that goes for OS's too
>My prediction - RIAA sues Felten and co
It doesn't matter: as the DOJ said when Adobe "dropped out" of the Sklyrov case: it's a criminal offence.
Why isn't the FBI arresting this guy?
I'd much rather see an american professor in jail for breaking US laws than a russian student.
Do US laws only pertain to foreigners?
When I die, please cast my ashes upon Bill Gates -- for once, make him clean up after me!
Open source community has taken some issues and yes freedoms to heart without thinking about the consequences. We assume as a society, rightly so mind you, that certain rights are free. But are they? I argue that we live, die by standards not of laws and freedoms, but by capalistic visionaries who interests lie only in economic value. We have seen in the past as Gates with Apple, Gates with Gnome a concern effort to improve the quality of software. What really has happened was Gates taking a technology and pervesing it not for the good for all, but to grease his little pockets. As with RIAA and Adobe, comapnies are motivate only to expand the interests with intend of expanding its economic influence and punishing those who seek to deny it of its dominance. Really OSS(OPEN SOURCE SOCIETY) see it has a point of freedom of expression. When it is an actually an economic factor not a freedom. That is what we must decide.
The stance being taken by the industry to "protect" copyright is amazingly similar to the idea discussed earlier that publishing security flaws helps the Black Hats. If nobody is allowed to talk about it, nothing bad can happen. Of course, in this case, we (the end users) probably want something bad to happen to the corporations. But not talking isn't a solution to either problem.
Are you kidding? It's SOOO much easier to abuse a forigner than a US citizen... After all, most US citizens don't give a rats ass if a russian is imprisoned for speaking and thinking.
Jailing a prof would cause an outcry that would actually cause the law to be tossed out. We can't have that...
I'm astounded that even the EFF reduces all human activity to, "consumption" I did not donate money to the EFF to be called a consumer and if anything would help the debate about our rights in the electronic age (EFF's alleged mission) it would be to recognize the rights we are looking for are citizen's rights, not consumers.
I just finished writing my email to Cindy Cohn a the EFF (cindy@eff.org), and I encourage others to follow-suit.
Feel free to use:
Thanks for all your work for the EFF - I recently became a member and I'm pleased with the EFF's support of the Dimitry & Felten cases.
I'm a little non-plussed though, to see the EFF using language that, IMO, do nothing to help the world recognize the need for ciziten's rights in cyberspace. To wit:
> "This is where the EFF lives and where many of you live -- we live on > the cutting edge," she said. "We're looking at problems that actually > haven't hit home to the consumer yet. That's where we always try to be > ... until everyone else catches up."
I'm a great many things in my life, but "consumer" is right near the bottom of it. I consume what I need to consume in order to do the things that are higher on the list, like be a good citizen and contribute to my community. If we allow ourselves to be called consumers, we will only be able to fight for "consumers rights". I don't want consumers rights, I want citizen's rights. I want to be recognized as a living, thinking, articulate member of society, not a consumer.
I know it may seem like a minor point, and I know that "consumer" has become popular media slang for the common man, but I don't think it's a positive trend and I feel that it's a trend that will only hurt the causes that EFF stands for.
I humbly suggest the EFF do justice to the people it claims to fight for and call them citizens in all public comment or releases.
Thanks for you time.
Too bad they didn't debug .ogg delivery on something less important.
I'll see your senator, and I'll raise you two judges.
Felten and company have a lawsuit pending over the DMCA's chilling effect on free speech. But how much credibility is the judge going to give the case now that Felten has published his findings? We all know the RIAA isn't going to do anything to Felten while the lawsuit is an issue, because they don't want to give the other side any ammunition for their case.
But now that Felten has presented his findings, it seems to me there's a reasonable chance that the judge will ask "so how exactly has the DMCA proven to be chilling, given that you've presented your work?".
Felten may still win his case, but it seems to me that by presenting his findings he's reduced the odds of winning significantly...
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
How much bad publicity is it for a company when they dare you to break their copy protection then threaten a university when it was accomplished and they wanted to publish their findings. This is just typical CYA because I believe that these companies that have pushed for the DMCA know that is in a dangerous state and might get repealed. They want to hold on as long as possible to it and use it for the right fight. It just saddens me that our government "for the people and by the people" has been substituted with "for the corperations and by the corperations"
here
The video you linked is of a certain MadDog being interviewed, not anything that has to do with SDMI.
Seems like somebody screwed up the video files.
- sigs are for wimps.
They shot a warning and the scientific community, threatening people to discuss their findings. We had a nice story here yesterday about Niels Ferguson (formerly at Digicash, his homepage, btw, can be found here). So for them it was a step in the right direction. The problem is way more fundamental, going hand in hand with the full disclosure discussion that goes on today. People will find security flaws and, if you do not publish them, "Blackhats", people doing this for BUSINESS, will exploit them. If you disclose your findings and help the organizations (because, no matter what you say, somebody who owns the rights for content should have the right to protect it) to find a reasonable level of security enabling them to maintain their business, you help the companies. And this is a good thing. Alternative models might work in some places (Shareware, donations, voluntary work) but not in all cases. And people want to pay their bills, raise their kids and send them to school. If you think that is wrong, then we might want to start a new discussion on capitalism vs. communism vs. marxism and other models.
Straight from the horse's mouth... the RIAA letter
He's got the RIAA letter, the statement contradicting the RIAA letter, the agreement to the competition, and other such nifty info.
I'm waiting for someone to use RSA or something similar for copy protection purposes. Then, it will be illegal to do research on prime number theory, because discussing efficient algorithms to factor large numbers will be a violation of the DMCA. Last I heard, this was a semi-hot topic in math research. I for one hope the DMCA makes research illegal, because the media and the public will be MUCH more upset at that than a few hackers who can't get free music anymore. Also, scientists have a much better record of making their voices heard than Russian political prisoners^h^h^h^h^h^h^h^h^h^h^h^h^h^h^h^h^h computer programmers.
I would've expected news like that out of the communist bloc just a few years ago, but not here and not now.
I take it as a given that the good Dr. Felten withdrew the initial paper because he could then show clear evidence of a chilling effect. Now, of course, the lawsuit proceeds apace, but Felten can of course present his paper without interference from the RIAA because it would further Felten's claims and provide even more clear evidence that the DMCA was, in fact, unconstitutional (not that any thinking person who doesn't accept big media's spin on things needs more clarification on the matter).
To continue to go after Felten would strengthen the case against the DMCA and, speed the day, the eventual dismantlement of this egregiously rotten piece of legislation.
Yay Felten et al. Thank goodness he's on our side.
Protege Posterioram Tuam
While your descriptions sound like the ridiculous rewards some have come to expect from our legal system I wonder if the juries had all the information you listed. Judges are routinely asked to exclude evidence on the grounds that it would unreasonably prejudice the jury. For example, the jury may never have known how the man locked in the garage found his way there.
"Shortly before the group was due to present its paper at an April conference in Pittsburgh, a lawyer for SDMI and the RIAA sent Felten a letter telling him he could face legal action under the Digital Millennium Copyright Act, a 1998 law that bars efforts to defeat copyright-protection technologies.
The lawyer, Matthew Oppenheim, has since backed away from the letter, saying the SDMI had an obligation to protect the trade secrets of the companies that developed the anti-piracy technology but never intended to sue."
So if they "never intended to sue", what the hell did they mean by "could face legal action under the [DMCA]?" Oh wait - maybe they thought they'd just drop a dime on him - give the FBI a call and have him arrested at the conference!
Let's see: a bunch of manufacturers are getting together over a technology that largely eliminates fair use. That means consumers get less for their money when they buy CDs. That's the equivalent to raising prices. When a bunch of manufacturers get together and agree to raise prices, that's an antitrust violation. So.... Given the Bush Administration's frosty relations with Hollywood, this might even work.
InstaPundit! Ahead of the Curve Since 30 Minutes Ago
How about the following examples, then?
1. January 2000: Kathleen Robertson of Austin Texas was
awarded $780,000.00 by a jury of her peers after
breaking her ankle tripping over a toddler who was
running amok inside a furniture store.
The owners of the store were understandably
surprised at the verdict, considering the misbehaving
tyke was Ms. Robertson's son.
2. June 1998: A 19 year old Carl Truman of Los Angeles
won $74,000.00 and medical expenses when his neighbor
ran over his hand over with a Honda Accord.
Mr. Truman apparently didn't notice someone was at
the wheel of the car whose hubcap he was trying to steal.
3. October 1998: A Terrence Dickson of Bristol
Pennsylvania was exiting a house he finished robbing
by way of the garage. He was not able to get the
garage door to go up, the automatic door opener was
malfunctioning. He couldn't reenter the house because
the door connecting the house and garage locked when
he pulled it shut. The family was on vacation, so
Mr. Dickson found himself locked in the garage for
eight days. He subsisted on a case of Pepsi he found,
and a large bag of dry dog food.
This upset Mr. Dickson, so he sued the homeowner's
insurance company claiming the situation caused him
undue mental anguish. The jury agreed to the tune of
half a million dollars and change.
4. October 1999: Jerry Williams of Little Rock Arkansas
was awarded $14,500.00 and medical expenses after
being bitten on the buttocks by his next door
neighbor's beagle. The beagle was on a chain in it's
owner's fenced in yard, as was Mr. Williams. The
award was less than sought after because the jury
felt the dog may have been provoked by Mr. Williams
who, at the time, was shooting it repeatedly with a pellet gun.
5. May 2000: A Philadelphia restaurant was ordered to
pay Amber Carson of Lancaster Pennsylvania
$113,500.00 after she slipped on a spilled soft drink
and broke her coccyx. The beverage was on the floor
because Ms. Carson threw it at her boyfriend 30
seconds earlier during an argument.
6. December 1997: Kara Walton of Claymont, Delaware
successfully sued the owner of a night club in a
neighboring city when she fell from the bathroom
window to the floor and knocked out her two front
teeth. This occurred while Ms. Walton was trying to
sneak through the window in the lady's room to avoid
paying the $3.50 cover charge. She was awarded
$12,000.00 and dental expenses.
no, they can still sue the RIAA for DELAYING the release of their findings. And that is what they were suing about in the first place.
Free as in *BUUURP!*
The DMCA is far from dead. In fact, it appears to be working overtime. We're all doomed!
Co-founder of GerbilMechs
what was the RIAA's real intent? Did they simply retract their threat to sue for the sake of PR, or what it something deeper?
The bluff smells of censorship, IMO. It is a warning to every other research group who will walk the fine line that is the DMCA that they are being watched. The scrutiny serves the role of censorship, and the threat of legal action will remain until the researchers ask if they can publish.
I seriously don't know what is worse. Not being able to publish at all, or having to pander to the legally privileged (thanks to the DMCA) and beg "Please, please, can I publish my paper?". In either case, Big Brother wins.
If you circumvent the DMCA to read a document about how to reverse engineer something (circumventing the DMCA yet again), do you get thrown in jail twice?
So, EVERYONE, please go to ticketmonster.hostingsupport.com and REGISTER for a free login/password. You DON'T need to be a customer.
If the /. effect doesn't kill them outright, then logging in lets you submit trouble tickets. So, spam them with brilliant trolls about Jews, goat sex, niggers, WHATEVER! Make their tech support team a living hell so they won't be able to answer any tickets at all -- it's no big loss, 'cause that's how they ALREADY are!
Finally, please write a nice email to noalegal@noa.nintendo.com explaining how CI Hosting is using Pokemon graphics and characters illegally and in infringement of Nintendo's copyright. Once you see the Ticketmonster site, you'll see what I mean. Hopefully Nintendo will slap them with a big lawsuit.
Anyways, please join in and teach them a LESSON for SCREWING ME LIKE THIS!
Yeah, but my point is that the judge may well say "Chilling effect? What chilling effect?" as a result of Felten's decision to present his findings.
Some would argue that a "chilling effect" isn't even there unless it causes some people to not speak out when they otherwise would have. Since that condition doesn't apply to Felten anymore, the judge may simply dismiss his suit as being a case where someone is "crying wolf".
Felten might still win. But as I said, I think he's managed to reduce his chances by doing this.
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
Another thing; don't think this is a finished issue. Students who attended the conference may be in violation of the law if they describe its proceedings to their advisors, and people who write software which implements Professor Felton's methods would almost certainly be in violation of the law.
On a lighter note; isn't it funny how little understanding some people have of security? Verance relied on the secrecy of their algorithm to protect the data, but the algorithm was patented. Which means you could look it up, which means they willingly betrayed their own security methods.
Yes, I'm still a junky. Are you still a bitch?
I think you are wrong. Corporations would still be making power grabs even if people didn't file ridiculous suits, just like they'd sneak their toxic waste into the water to save a buck.
We didn't bring it on ourselves; I think it's the natural evolution of business. Not that we shouldn't fight it.
Was it that SDMI is dead as a doornail and they therefore know Felten's study can't do any damage to their cash flow, or that the publicity was so bad? I think we can rule out altruism as their motivation...
*This page intentionally left pointless*
Someone thumbed his nose at copyright protection Wednesday without getting arrested, indicted or sued.
Finally, someone sees cracking encryption as something other than a hacker threat. There are more uses for such activity, such as education, to see how the encryption works.
Let's hope that this is a precedent, since that government is unlikely to repeal this law.
Please stop it before the disease spreads!
Silly guys. Don't they realize that on the internet, the headline is only as tantalizing as what the referring link says, so this kind of thing doesn't increase readership?
Let them spend billions of dollars on putting their entire catalogue online in a "safe" form.
Then we strike, and the RIAA is dead. Overnight.
Like the guy said in the article, "there's no use pretending this technology is secure". I think there's a very good use for pretending this technology is secure.
Let's pretend!
For a while there I thought I was turning into some crazy sort of amnesiac
Malike Bamiyi wanted my assistance.
They basically said that they never threatened anyone with anything. I've been trying to find the actual letter that was sent to Prof. Felton, so I could read it for myself.
Does anyone have a copy of the original letter that the RIAA (or whoever) sent to Prof. Felton?
This means that his attempt to sink DMCA is ruined.
The problem is we've had too many multi-million-dollar judgments against corporations because some loon spilled coffee on her lap or because some idiot couldn't read the Surgeon General's Warning. These are cases where the individuals themselves were the ones who should have been held accountable, but the corporations ended up getting the blame.
As a result, corporations bend over backwards to cover their own asses in these cases with all kinds of legalese. The DMCA, the Felten case, Sklyarov, and all of this nonsense are a result of this; since individuals have gotten judgments they didn't deserve, corporations have been able to get more protection than they really needed.
It's not just "Oooh, evil corporations are taking over everything!" Individual citizens failed to be accountable for their own actions, and convinced uneducated juries that the world owed them a living. As a result, companies have gone ape-shit to try to protect themselves, and now this practice has gotten out of hand.
There's a historical cause behind what we're seeing today. It isn't "us" against "them."
It's also not a zero-sum game, where one group gains freedoms at the expense of others.
On the other hand, the Sklyarov arrest could serve to support Felten's case. Sure, the details are different, but the fact that Sklyarov was actually arrested should help make Felten's fear of being arrested seem reasonable to a judge.
You may find this difficult to believe but not everything makes its way onto the Internet.
"These are hypotheticals. We have no idea what he may or may not write," said RIAA spokesman Jano Cabrera.
That sentence says everything that is wrong with the attitudes of those wielding the DMCA as a weapon. It should not matter what Professor Felton or any other person (academic or not) should write - so long as it is not covered under the dangerous restrictions (i.e. national secrets, "Fire" in a crowded theater, etc.) Freedom of Speech is at issue here and someone's ENTERTAINMENT copyright does not deserve as much protection as an intellectual discourse. It appalls me that apparently, entertainment profits are more important than scientific knowledge.
Don't just complain - DO something about it!
The corporations are looking out for their own interests, not the interests of the artists. The artists would be better off if fans could directly contribute to what they enjoy, instead of the the blatant theivery of the corporate world. I love to see the DMCA supporters try to argue that their thievery is supported by law- they wouldn't need laws if people agreed with the issues they bring up.
Laws should be there to protect us from groups taking our freedoms, not for groups to take our freedoms away. Don't sell your soul to the DMCA.
In the distance you hear an ominous moo.
My prediction - RIAA sues Felten and co.
---- Yay! I have a sig!
Julien Stern lectured at SummerCon this year about compromising the SMDI watermarking scheme. SummerCon said they would post the talk at some time in the future at www.summercon.org. It was interesting to hear the further they got into the challenge, the more restrictions that were put up to prevent them from publishing the work.
I would encourage everyone to read Dr. Felten's original paper, not just because you can now, but because it provides a lot of insight into the techniques that were used to watermark the SDMI audio files.
One thing that really struck me was how simplistic the watermarking was. Not to take anything away from the team's accomplishment, but I have no doubt these technologies would have been defeated by someone within days of release.
If this was the current state of the art in watermarking technologies (and you have to assume it was), it makes me wonder if digital watermarking is really a viable technology.
-Sommelier
Kudos to stu72 for pointing out one of the worst and most prevalent linguistic crimes going -- the reduction of (most) human behavior to "consumption."
... they have good implications about the involvement / volition of the involved parties. Consumer and consumption sound to me like "here are the corpses to feed to these beetles. By morning, they'll be white and clean."
I like to tell people who call me a "consumer" "No, I'm a customer. A catfish is a consumer."
Custom, customer, and customization
Glad I'm not the only one annoyed by that word.
timothy
jrnl: http://tinyurl.com/c2l8yr / foes: http://tinyurl.com/ckjno5
RSA and Eliptic Curve Cryptography is used for "copy protection" in a number of products. HIEW uses RSA for it's keyfile IIRC, and ECC is used by CloneCD, just to name two examples.
Or were you thinking of something else?
Belief is the currency of delusion.
you're poor, poor karma.
The fact that the RIAA has backed off from a lawsuit is immaterial. Read Felten's declaration to the court and you will see that the mere threat of litigation has already had a "chilling effect" on his rights to freely communicate his findings. The case he builds in this declaration is really very compelling.
Sounds like someone is trying to get most of the population on side ('normal' piracy isn't so bad), while leaving the way open to single out an individual. "Ohh. He's (he = computer programmer who just wrote a CSS clone) a digital pirate. He must be really bad. Let's put him in gaol."
Meanwhile the bulk of the population feels secure and does nothing, as they are 'normal pirates'.
Probably the journalist isn't even conscious of using this term, as they read it in an RIAA press release.
you forgot to top your list with troll.
humbly tell it to Ceaser Chavez.
we are all consumers and producers, some of us are citizens. a rare few are the common man. or perhaps you are a believer in corporate homogenity, that we are, the world over, subjects of a united megacorp. in that case please amend your list with victim at the top.
the EFF does great work. if you don't like it, don't send them money. meanwhile, don't waste my donation with your semantic hairsplitting tripe.
Even a quick search on the names and locations cited indicate, that those examples are pure fiction. While doing a quick check on Google, there seem just to be one lone reference for all of them.
You're just trolling. At least you could have had the decency to add a reference to Natalie Portman and hot grits.
The SDMI nastygram that started this was a pretty vanila knee-jerk threat. It is the type of threat that in most cases can be made without fear of the consequences since the chances are that the target will simply roll over at the first hint of a threat.
What the SDMI lawyers certainly did not expect was that making threats would land them as defendants in a lawsuit that would be diffciult for them to either defend or disengage from. Essentially the only way to avoid a costly fight is to tell the court to vacate the anti-trafficing provisions in the DMCA that the RIAA paid so much to Senatorial campaign coffers to buy.
What the SDMI and RIAA failed to grasp is that Felten and co are much less interested in the ability to publish one paper than the larger principle. There is no real incentive for Felten and co to accept an out of court settlement.
In the process the suit is likely to issue the coup de gras to SDMI. The group has been spectacularly unsuccessful in meeting a goal to agree on a standard by Christmas 1999. Only one of the vendors has released an SDMI compliant player and they modified it to play unrestricted MP3s pretty quickly when nobody would buy it.
The only reason SDMI is continuing is sheer inertia and the fact that the manufacturers who could not give a monkey's for the interests of the labels would rather participate in an obvious failure of a group than withdraw and risk it being replaced.
I attended only one SDMI meeting and told my company to steer well clear of the loosers. The work was chaotic with deadlines set to fit unrealistic schedules that would inevitably fall apart leading to delay. Worse however was the fact that while 150 engineers were working on one set of specs in open meetings a closed group of 8 people were hacking out a private deal in a back room that entirely negated the rest of the groups work.
Bet you wish you thought of this nym first
riaa holds a contest to see if anyone can break their standard
(part boast, part free-beta-testing)
someone does
they get mad at the winner?
who put these clowns in charge?
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."