Epitaph Selling MP3s

ElJefe writes "According to SonicNet, Epitaph Records (Offspring, Bad Religion, NOFX') is going to start selling songs and albums in MP3 format on Emusic. The songs are 99 cents each, or $8.99 for a whole album. The article quotes the president of EMusic [Ed: "SDMI will die" guy] as saying "You go where the customers are, and they're going to stay with MP3." Although I'm not a huge fan of any of the bands, it's nice to see someone using MP3 instead of SDMI. " The site also has yet another article on SDMI that says SDMI will treat copies like physical objects, limiting copies to a number specified by the content distributor.

How I would design SDMI

[Sloppy]

I have an entirely speculative idea on how SDMI might work, based simply on how I would do it, if I were a music industry asshole. You're all going to hate it, but maybe it will be fun to poke holes in my idea. Gee, I'm just begging for flames, aren't I? :-)

The goal: Minimize the exposure of digital data in plaintext form. If the data ever passes through a user-programmable computer system or a network, it must be in encrypted form.

The first thing I'de do is tell users to forget about any delusions that they will ever be able to play SDMI music through a conventional sound card. As many others have mentioned, it is impossible to protect the data if that happens, because someone will just use a virtual soundcard driver to slurp up the plaintext data. Likewise, SDMI music "files" stored on a general-purpose computer must never be reusable. In fact, your SDMI music is not going to be stored on the same drive your Windoze system is....

And here is the gimmick: I would design a spec for a black box that plugs into a USB or firewire port. This box would be an embedded computer with hard disk. This system would be used for all SDMI storage. Users would never have access to music files on their own hard disks which are accessible by general-purpose computers.

Downloading music from a server would really be a transaction between my storage box and the server. There would be a secure encrypted link. That way, the data can pass through a general-purpose computer, so users can use the internet, web browsers (with a plugin, of course), etc. to get the files. But the data would be encrypted and useless at any point between the server and my box. Only as it is written to my embedded system would the data be decrypted. (And it would probably be scrambled, like DVD is, before writing to HD, in case some cracker takes the HD out of my box.)

Playback would be the same idea: a secure link between the embedded box and a SDMI speaker.

Tada! Impossible to copy data (except by analog sampling the speaker output) and all the user has to do is buy a USB SDMIdrive and USB SDMIspeakers. Fire away if you see any technical problems.

And if you think you see a marketing problem (e.g. "Users would not buy the fucking box and new speakers") then I'de like to remind you that we're talking about the same kind of people who throw away a perfectly good P100 because it didn't run Win98 fast enough, and they "upgraded" to Win98 because someone sent them an MS Office 2000 document. So don't try to tell me that consumers aren't suckers or that they reject bad ideas.

I think I see some ways to attack SDMI, but it's going to be a long hard battle, where you're not only fighting a large industry, but also fighting the hypnotized herd who funds it... It will be like Windoze all over again. Please point out my logic flaws, because this is getting depressing.