Boycott of Music Industry's Hacker Challenge Urged 378
phu170n writes "Don Marti, technical editor for the Linux Journal, has called for a boycott of the hacker challenge recently announced by the music industry's SDMI collective. Looks like principle can be worth something (more than $10,000, at least) these days."
All watermarks are detectable (Score:3)
If all SDMI wanted to do was mark a piece as authentic, every piece would have the same mark and there wouldn't be much incentive to break it. "Heh, this POS is by Britney Spears. I know because it's watermarked." "Couldn't you tell that by tinny, teenage voice singing about her life ending because her teenage boyfriend dissed her." "Ummmm..."
But authenticity marking isn't what they're after. SDMI is looking for encryption and user identification. This means each unit would get a different watermark. Breaking it is then a simple matter of buying 5 copies and doing a binary diff of the output of "mpg123 -s britney.mp3 > tempfile". Build a bogus watermarked file by pulling the first byte from file one, the second from file two,
Am I in trouble now?
Why bother audiojacking? (Score:2)
Why I will attempt to crack this (Score:2)
My rationale is this: Right now, few consumers care about "secure" music - they just want the selection. If the industry provides this, no matter how encumbered, then they will be happy -- UNLESS the protection is too much of a hassle.
The objective should be to break all the easy schemes, making it a nightmare to go through the hoops necessary to use the software and devices in such a way that a hapless user could not possibly be getting digital content... This will be sufficient for the mass of customers to vote with their money, and end this senselessness.
As to why now, and not later?
Because I (or you, if you are so inclined) can do it in your name, publicly, and watch the news stories "secure digital music technology foiled by slashdot troll". There won't be much in the way of SDMI music for a while anyway, because the powers-that-be surely understand the "wait and crack it later" attitude.
Further, it can be a nice challenge, and if you aren't doing it for the money you could always help out the EFF...
As to some of the suggestions so far...
1. Converting to analog -> audio will not remove the watermark. (Nor will various compression-decompression, unless you had a nearly perfect psycho- aucoustic model..) I'm sure there are watermarking games possible with two versions of the watermark in the same digital content but they are probably not going to allow that.
The window here is to tweak the bits JUST enough to foil the player without damaging the content any more than it already has been...
Or to provide tweaks to SDMI devices to ignore the watermarking...
2. Using digital out, and finding non-SDMI compliant devices to store to. Note that WindowsME is already taking steps to avoid "rogue" drivers which store digital audio to disk, or output to SPDIF or a digital loopback. (www.microsoft.com/hwdev/audio).
Re:Prize money isn't guaranteed (Score:5)
I didn't catch that-- good point.
Frankly, if our software engineering skills are worth only $10k to them, they obviously don't need this too much.
I can just picture a bunch of arrogant marketting types sitting together:
And just think, people like these gave $5 million to the vice president last night...
once upon a tim there was a project like this (Score:2)
I've lost track of the project quite a while ago, but I dimly recall a group that was going to engineer a clone of the Gravis Ultrasound when Gravis announced the decision to stop making consumer sound cards.
I couldn't connect to google for some reason and alta vista's advanced search didn't find what I was looking for. Does anyone else know what happened to this intrepid group of open hardware hackers?
Re:This is what we wanted, right? (Score:3)
As usual it is a matter of control and short-sightedness. The record corps figure that the old stuff that just a few people want can't generate enough revenue to make having it available worthwhile. And they are right when you look at current distribution models, but on the net they can offer a subscription service where that old Skip James tune just takes up a few megabytes on a server and doesn't require pressing, shipping, etc. That way they make money from the millions of vapid Britteny Spears fans as well as the fans of older/obscure artists. Hey RIAA, that is more money, not less.
Re:Why bother "boycotting"? (Score:2)
Re:give it away now (Score:2)
Actually, this is not the role that watermarking is intended to play in SDMI, at least not initially. It really is intended to play a part in access control, not tracking. The idea is that songs on all new CDs will have a generic, identical watermark saying basically "this music is copyrighted" and then SDMI-compliant mp3 players and stuff are supposed to find this watermark and refuse to play the file unless it comes packaged in one of their goofy little secure formats that implements access control and copy prevention, e.g. are keyed to the particular player or whatever. SDMI-compliant mp3 players are supposed to refuse to play watermarked music packaged in a regular unprotected mp3 file without access control.
So, actually, watermarking in SDMI is part of an access control scheme and not a scheme for tracking individual copies. Obviously this is totally hopeless access control scheme since you just need an mp3 player that doesn't implement their broken blocking mechanisms, but it's an access control scheme nonetheless.
Re:I Propose a new Challenge (Score:2)
Re:Why bother "boycotting"? (Score:2)
If the DVD-CCA made such an offer, there encryption scheme would probably be a lot better and we'd be even more SOL.
To hack or not to hack.... (Score:2)
Hypocrites (Score:3)
So hack this puppy all you want, just don't publish what you find until after it has been released and is widely used
Bono Act (Score:2)
<O
( \
XGNOME vs. KDE: the game! [8m.com]
Re:The more I think about it, the curiouser I get (Score:2)
The argument which I expect to be used in court is that any device which can be used to circumvent a digital copy protection scheme is the equivalent of a lock pick - and thus mere possession of them is a crime.
Once a law is on the books it is very difficult to get it repealed. There are millions of laws in this country - you pretty much know about all of the ones that have ever been repealed. The reason you have heard about laws being held as unconstitutional is that it is so rare an event that when it happens it is NEWS.
Prohibition was repealed because most people drank - drug prohibition has not been repealed because most people don't do drugs. Into which of those categories of bad law would the DMCA be more likely to fall? Just because most people WE know are involved with computers and understand the issues does not mean that most people in society as a whole are like that.
Re:This is what we wanted, right? (Score:2)
They're also doing it in a way that is contrary to a few laws [stanford.edu]:
--
why bother with WINE? (Score:2)
Why not just create a device driver for the Windows sound API that plays its 'output' to a file in .mp3, .wav or whatever? Then making a duplicate is as easy as choosing the driver as the playback device in Windows and playing your SDMI tunes with your 'authorized' software.
Contest Illegal? (Score:3)
What does happen if somebody cracks their protection? Do they go back to the drawing board, or do they buy the rights to the crack for $10,000, patent it, and then refuse to publish it?
My advide to anyone who thinks about taking up the challenge is to read the agreement very carefully. My hunch is that they will try to buy the rights to the crack.
Re:Bono Act (Score:2)
--
Fair use != perfect (Score:2)
Does fair use entitle you to a perfect digital copy? People have stated various ways to get one or two decent copies out even with the copy protection, but say that "it would degrade for each generation". Well, so what? Fair use doesn't allow for multiple generations of copies anyway.
Is there a way to get one decent sounding copy and have that first generation copy be acceptable? If so, fair use is just fine. I don't see any consitutional right to a perfect copy, and the main need for that perfection seems to be unfair use (multiple generation copies spread to those who didn't buy the music.)
Note, I am responding only to the stated assumptions by some on this discussion that a) you can get a slightly degraded first generation copy under this system, and b) it still would infringe fair use. If one of these assumptions is incorrect, I'd apriciate knowing it, but they aren't my assumptions so don't flame me.
-Kahuna Burger
Re:give it away now (Score:2)
Why not?
Does it harm the copyright owner in some way? Does it reduce their profits or otherwise reduce their incentive to create?
---
Re:on second thought (Score:2)
Re:IANAL (Score:2)
Depends where is it published. In some countries reverse engineering for interoperability is legal.
So if someone with an overgrown ego publishes not his findings in an inappropriate country just in order to be famous and k3wl we have the DeCSS case again. If someone with brain passes it along to the other side of the globe than... Oh well we all know where Micro$ networking was reverse engineered.
Re:give it away now (Score:2)
Ever meet a CD with software that required you to type in a "CD key"? Like recent Windows? Or Diablo II? That's not one-off pressing, yet each CD is unique. Marking of audio CDs can be done similarly.
they're embedding watermarks in files that they'll make available on a "pay per download" basis. Which is what everyone's been asking for, isn't it?
Asking for? I don't recall people crying out "Please, please, watermark the music files!!". Why would everybody ask for that?
You'll be able to listen to it wherever you go, since with the watermark, copying isn't so much an issue. You can put it in your car sdmi player, your portable one, your computer, and anywhere else you go. You just won't be able to share your stuff with anyone else
You are confused. Very confused.
First, to repeat myself, watermarking is basically a tracking technique, not an access control technique. One can copy a watermarked file as much as one wants.
Second, for the situation you describe to come to pass, the music you buy must be playable only on SDMI-compliant players and nothing else. I don't like this. I don't like buying music which can be played only on "approved devices". My computer probably won't be one.
Third, why would you care if your friends distribute your music online? Because the RIAA will know that it's YOUR copy of music that is floating on the net? And how would they know it? Will it be so that you could download music if only you would identify yourself (e.g. credit card) to the seller? I don't like this. Why shouldn't I be able to buy music anonymously? Besised, what could they do? "Your Honor, I believe my computer was hacked into and somebody stole my music files."
ive it a couple years to sink in and Napster, Freenet, and Gnutella will be history...
Dream on, baby, dream on...
Kaa
Don't worry. (Score:2)
Nonetheless, the protocols described in the spec are TOO weak and it looks like its subject to replay attacks all over the place. Using a CD Image would get you as many SMDI copies as you like. It is also likely that the SMDI to device stream is replayable if you record it.
These coroporate design by committee things always make me wonder about the mean intellegence of greedy corporate bastards. They can come up with acronyms all day, but try and get them to give you a decent protocol, just try it.
John
A better (worse) way of doing it (Score:2)
Watermarking of music is pretty damn hard. (ie, I can't figure out how to do it well, and I must have given it several minute's thought). You have to modify a sensitive signal in a robust and non-intrusive manner.
However, it is do able to fingerprint it; perhaps not as advanced as what was proposed here a while ago, but something with a +50% success rate (I am being precise here; statistically 50.001% would be ok). So now they'll have your player store fingerprints of every song it has played. Whenever it is connected to a network or network-nearer device, the fingerprints are forwarded (along with your uid, of course).
If this were implemented, the industry would get exactly what they wanted, and more. They could prosecute you for illegally playing a song (note the false positive allowance above -- they would have to amass a preponderance of evidence before they could persue you). They get super-valuable demographics info. They could sell you monthly or yearly subscriptions (buy all sony music for a year!). Popular consumers get rebates ('We've identified you as someone who "spreads the word" to youtr friends about great music! Come check out Columbia's newest pop sensation The Chiterlings!'), or even credit for word of mouth marketing.
They won't even have to verify every song, the system works like taxes -- they might audit you, so you are honest.
Ok, some details are hazy, but all that is needed is accuarateish tracking of individual's listening habits.
I've said it before, I'll say it again. The above is an evil scheme, but I'm fascinated enough by the implications to almost go along and implement it. I gotta admit, I may dislike big companies, but I am buyable. I'm just not cheap.
Re:Hypocrites (Score:2)
It does say this though:
- No person shall circumvent a technological measure that effectively controls access to a work protected under this title.
"No person", including the creator? USCode is hard to read...--
lossy compression can remove watermarking (Score:2)
However, removing such structures is
Clearly the watermarking has been tested with the popular schemes (ATRAC, MP3 and so on). But they're not the only possible schemes. It is perfectly possible to come up with a lossy compression scheme which corrupts watermarks, without otherwise affecting the signal.
Why do I believe this? Well, because a compression scheme which does that is exactly what you would use to apply the watermark in the first place....
Its interesting that if we had an 'ideal' lossy compression algorithm, (which had an identical encoding for all sounds we would say sounded identical, and where any change to the encoded form was audible) then it would not be possible to watermark the sound.
BTW I'm interested to see how they manage to watermark John Cage's 4:13.
-Baz
Actually the code was cracked... (Score:2)
The Navajo code talkers had to start making up new code words for words like airplane, aircraft carrier, etc. toward the end of the world because the Japanese could understand very much of the 'code.'
Regardless, your point still stands, it would take a phenominal code to survive a machine like Deep Crack that was built specifically to crack a given code.
Re:Why bother "boycotting"? (Score:2)
Actually, I'm pretty darn sure that they do want to improve the product, it's that the product that they want to improve happens to do a bad thing. It's kind of like wanting to improve the ebola virus.
I noticed there's a time limit. It's pretty clear that the goal of this hacksdmi project is to expose weaknesses now, before the system is widely deployed and invested into. They're about to spend a lot of money on it, and now is the time for last-minute fixes, since fixing it after deployment will be much more expensive/difficult.
The Right Thing to do is to hack it as early as possible, but not inform them. Then, after the system is widely deployed, spread the hack far and wide. To encourage people to not do the Right Thing, they offer the $10k prize with the time limit. That makes the situation interesting and enables dramatic plots.
---
Re:Why bother audiojacking? (Score:2)
The vast majority of people I know still have machines with Windows 95. Aside from that, folks will just go to their friends that run Linux or Mac.
Re:on second thought (Score:2)
Unlikely. Once the fundamental algorithm to crack the watermark is known, generating code to implement it is trivial, and their scheme is good as dead.
No, I think they are honestly trying to create a secure watermark, or at least "prove" to the industry that they didn't bungle the encryption scheme like they did last time.
That being said, I still think it takes balls the size of minor planets to go out to the "hacker" community and ask them to help create the "perfect" leg irons that will be used in the future to enslave them... :-(
--
Re:Why Boycott (Score:2)
The question is "Does the music industry want to collect information on anyone who might be interested in attempting to crack their copy protection scheme?" The answer to that question is an unqualified "YES". Do they have the means to compile a database on everyone who tries? Yes, they do.
I did not say that all identity checks are designed to allow someone to get you. I listed a single example - gun registration - which DOES have a hidden agenda. It is exactly for that reason that the People of the US have ALWAYS resisted gun registration.
Nice try at attempting to discredit my writing by implied character assassination - but it won't play.
Re:Can you say, "crazy"? (Score:2)
Nice Matrix reference...
But seriously, speaking of gathering information, by now they have a web log chock-full of IP addresses of potential enemies.
Re:Why bother "boycotting"? (Score:2)
Re:No, this is NOT what "we" wanted. (Score:2)
How is it harder to buy a CD? You drive a few minutes to the store, such as Best Buy, and instantly find the CD you want. On Napster, it might take you anywhere from 30 minutes to a few hours to compile and download all the songs for a given CD. Even then, you're often left with missing songs or poor quality.
As for all the people that Napster being "illegal" will stop, um....it's "illegal" now. Everyone knows that pirating MP3s is illegal and it's not stopping anyone. Most people will tell you it's illegal, but they don't worry about it.
That's not important. What is important is how many of those people would pay a reasonable price to download the official, high-quality MP3 album from the rightful owner. I guarantee you the anwer is: the majority.
People don't steal unless one of the following is true: (1) They have to, i.e. no means to buy, or (2) it's easier to steal something than it is to get it legally, or (3) they're a criminal.
I think it's safe to say most people are not criminals, and most people with means to access the internet are able to afford purchasing music. That means the only reason left is (2): it's easier to steal it on napster than it is to buy the CD and rip to MP3. If the music industry would make it easier to buy an album in MP3 format than it is to steal it, they will have nothing to worry about.
You must be one of those, "people are inherantly evil," guys I keep hearing about.
The glass is half full.
-thomas
"Extraordinary claims require extraordinary evidence."
Re:No, this is NOT what "we" wanted. (Score:2)
If your numbers were accurate, CD sales would most definitely have gone down or at the very least, stagnated. Instead, they have increased.
Otherwise you are implying that without Napster, CD sales would have soared, but with Napster they've just made a small gain due to the loss attributed to Napster?
I have an extremely hard time believing that.
-thomas
"Extraordinary claims require extraordinary evidence."
Let them deploy before hacking it. (Score:2)
Finding the particular bugs in their system for the chance of $10k is not worth it. Anybody with the skill to do that can get standard consulting rates, which start at $200/h at the low end, which translates into at most 50h of consulting. Their offer is an insult. These companies are about to make a capital investment of billions of dollars; once the thing is on the market and the media are pressed, it cannot easily be taken back.
I think we should let them deploy the system as is rather than help them make it even more of a nuisance. Making it tougher to copy is not in the consumer's interest, and it doesn't even help the music companies (even if they think it does).
A question of identity (Score:2)
How are they going to stop me from buying songs as Chuck U. Farley, then bootlegging them to my heart's content? They will require me to pay by credit card. My credit card will become my proof of identity - the proof that I exist in the real world, at a known address, with a real door that can be kicked down. And if I lose my credit card, and my neighbour uses it to buy songs online, songs which he subsequently puts on Freenet? Oops, I'm liable. The credit card company might pay your bill when your card is stolen, but they won't go to jail for you.
We need an anonymous micro-payment system right now.
Re:The more I think about it, the curiouser I get (Score:2)
I do think that we are in for some legal beatings - we make a lot of money and people hate us. The DCMA is just the first of many punches we are going to get thrown at us. I just want everyone to understand what is going to happen to us in the near future and why; that way it won't come as quite so much of a shock.
Re:This is what we wanted, right? (Score:2)
Okay, let me get this right. You get a "bad" copy off Napster, and want to pay for a good MP3 copy. Which you then share on Napster. So the next person who downloads that song (from you) gets a perfect copy. This person then has no reason to go and pay for a "good" copy, they already have one. If the song is popular, your copy spreads like wildfire, and no one needs to buy the "good" copy, they already have it. So, how exactly does this make money for the labels?
No, this is NOT what "we" wanted. (Score:2)
No, they are trying to prevent people from using digital music however they see fit.
They simply cannot release the music in an unsecure format.
Why not? Encryption and SDMI will not stop piraters of music, it will only prevent regular people from easily listening to the music for which they've already paid... just like DVD.
The only thing that would accomplish to make the music easy to put on Napster (or whatever). Someone would buy the music, and the first thing they would do is put it in with all of their other MP3s, shared on Napster. Then everyone else finds it on Napster, and has no need to buy it (and this is especially true for digital music, as you have exactly what you would be purchasing).
Yeah, just like nobody buys software nowadays, it's all pirated in usenet and IRC, and all the software companies are losing money! Right?
What they need to do is: release their albums in high quality, MP3 (or similar unsecured digital music format), for a discount over CD's. Most people, if given the opportunity, would pay for the music, and support their favorite artists.
Some people would download songs off of Napster. Some of those people will then buy the album if they like it, and others will not. We are talking about a minority of people.
Right now, Napster usage is high, but nothing compared to the amount of people actually buying CD's in stores. Napster usage would be reduced dramatically if the labels were selling inexpensive MP3 albums ($5 - $10). They'd be making money hand over fist.
So the only way to offer music online and to have a chance to make any profit is to offer it is some kind of either encrypted or watermarked format. If you want music available for download (legally), there is no other way.
You are dead wrong.
-thomas
"Extraordinary claims require extraordinary evidence."
give it away now (Score:2)
Re:To hack or not to hack.... (Score:2)
Can they really then say, a month later, that the files that they offered for download off their website (And which are now on your hard drive) are now contraband, and cannot be poked/prodded/hacked? The legality of this seems slightly questionable. On the other hand,IANAL, and laws havn't been impressing me recently with their adherance to common sense...
Goal of SDMI != End copying (Score:4)
Go ahead! Buy a Britney song online and download it in SDMI format. Sure, toss it in your Napster share directory! Hack away at it too, and re-record it all you want...
But when the RIAA then scans Napster files, it will be very easy to find out whose copy it is that is floating around there (providing the watermark is still discernible). You did pay for your original download with your credit card, didn't you? Who's 31337 now, when they charge a gazillion bucks in damages to you?
In a way, this is just like DeCCS: the watermark will not prevent copying, but is supposedly meant to stop piracy, while in reality pirates will circumvent it. All it will do will be limiting users choice (eg. no Linux player).
Why bother "boycotting"? (Score:5)
Same with SDMI--they don't want to improve the product, they want to prove it uncrackable. If no breaks it, that will be evidence (to a person versed in using fallacies in place of logic) that SDMI will Make Money Fast For Artists. This gives them credibility and power.
Here's my recommendation: Hack it, but good. Hack it so good it can't be fixed. For instance, connect your soundcard "out" to your "in" and record--there's no getting around that. Alternatively you could hack it so good they have to go back to the drawing board for a year or two--giving MP3 (and Ogg Vorbis!) time to spread even further. If you haven't broken the rules (why are there rules in a hacking contest?) collect the $10k. If you have broken the rules, just post the results to lower their credibility.
--
Linux MAPI Server!
http://www.openone.com/software/MailOne/
Re:Can you say, "crazy"? (Score:2)
The real question is "Is there such a thing as a hidden agenda?" The answer to that question depends upon your degree of awareness of evil. People who are virtually blind to evil except when it reaches the level of violent crime or officially sanctioned genocide, are likely to answer 'No." to that question. People who are more sensitive to evil are more likely to answer "Yes".
Sensitivity has its problems - it is easy to mistake noise for signal when you are sensitive. To someone who is blind to the actions of evil people - the warnings of those who are aware of the actions of evil - sound insane and paranoid. The belief is: "If I can't see it - it must not be there." It never seems to occur to such people that they just might not be able to see very well.
From your reactions to my original post I would make the guess that you are able to see only the actions of those who are not very sophisticated in their evil - and are thus obvious to almost anyone. Did it ever occur to you that there might be a class of evil people who are sophisticated enough to conceal their actions so that they become invisible to anyone who looks no deeper than the surface of events?
Most people are virtualy blind to the actions of sophisticated evil. I refuse to be labled as 'crazy' because I can see sophisticated evil. I am not crazy sir, I am just not as blind and insensitive as you are.
Registration of firearms (Score:2)
A little paranoid, are we?
Yeah, I'm so sure the government would be successful in that matter. Why exactly would they want to collect the firearms of "law abiding citizens"? All that'd do is give all the power to the criminals, since they don't register their guns.
And how exactly are they going to collect these guns from these law abiding citizens? Don't you think it would be a slightly risky proposition to try and go through a town and demand all the weapons? (I.e. what are your chances of having those weapons turned against you immediately.)
Nice logic...
-thomas
"Extraordinary claims require extraordinary evidence."
Re:Why bother "boycotting"? (Score:2)
Can you imagine the RIAA first saing their crap got hacked then the media foinding out the money awarded went to pay for a competing technology!!!
Ex-Nt-User
Re:The more I think about it, the curiouser I get (Score:2)
Re:The more I think about it, the curiouser I get (Score:2)
OK, but what good is that going to do them? They could already just *listen* to the song and know that it's "Oops, I did it again" (or whatever). It would only help them if it were in players, and then we could reverse-engineer it.
-Dave Turner.
Re:Why Boycott (Score:2)
Those who do not learn from history are doomed to repeat it. By the way, the Chinese dissidents were astonished that the "People's Army" fired on them, after all, they were the people. Ask the survivors of Kent State if the National Guard's rifles were loaded.
I don't think there are very many people who believe the "We are the government" argument any longer; it might have flown in 1800, but 200 years later most people see through it.
intrinsically flawed contest (Score:4)
What's worse, they're shooting themselves in the foot. The "contest" (hereafter referred to as "The Sham") runs from Sept. 15 until Oct. 7th. Why that window? Do you REALLY think that if someone is dedicated to cracking whateverthehell it is they're proposing, they'll give up after 3 weeks? Hell no - they'll pick away at it month by month until it's split wide open. Three weeks isn't going to do them a damn bit of good, IMNSHO.
Re:Why Boycott (Score:2)
To participate, just go to the website at www.hacksdmi.org after September 15, 2000 and read the public challenge agreement. If you agree to the terms, you will have until at least October 7, 2000 to do your best.
Sounds pretty useless to me. If someone wanted to really hack it, the first step would be to use multiple layers of anonymity to get access to the code, and then get 2600 or the EFF to publish it. Forget any industry-sponsored contest.
Aw, who cares, SDMI is toast anyway. Do they really think they can get everyone to abandon MP3? If so, can I have some of what they're smoking?
sulli
There is an effective response (Score:5)
Vaporware challenge (Score:2)
The original Slashdot article disappeared from the main Slashdot page while I was posting this. Hmm.
Re:This is what we wanted, right? (Score:2)
What, you mean they can't release music the way they've been doing for the last century? Hogwash. They've been packing away the millions for all that time, too. And despite widespread "piracy". It's not like digital music is new, either. We've had CD's since before a lot of /. users were born.
Then everyone else finds it on Napster, and has no need to buy it (and this is especially true for digital music, as you have exactly what you would be purchasing).
This is also hogwash. Compressed music is a second-rate substitute for the real thing. If I were to download a track from a Napster user, I would be getting considerably less than what the owner of the original CD paid for. It would be good enough for my car or the crappy speakers on my office PC, but painfully inadequate for when I want to sit down at home at my stereo and listen. Maybe when we have the bandwidth to transfer uncompressed CDs the way MP3s are transferred now, they might have a point, but still not a very good one.
The fundamental flaw in all anti-piracy reasoning is that if a user illegally copies a thousand dollars worth of CDs, the music industry has lost a thousand dollars. The fact of the matter is that most people don't have a thousand dollars to spend on CDs every week, especially their core audience, who are teenagers and college students. If every MP3 in the world were magically erased and all sources were cut off, it would not translate into sales. Downloaders of pirated MP3s would probably buy about as many CDs as they do now, or maybe less, since their exposure to new music would be reduced.
--
Who do they think they are? (Score:2)
Don't kiss (or hack) and tell.... (Score:2)
Let's raise money to a fund, and pay more to those how are willing to keep their findings to themselves (or even better, publish them after the challenge is over, and the shit is in use?)
Ost99
Re:No, this is NOT what "we" wanted. (Score:2)
The size of the software does not play into this at all. Similarly, viruses and trojan horses are not a big deal for pirated software anyway. (Ever heard of a CRC or MD5 hash? You can tell if the software is legit or not.)
How many people do you know have have downloaded a MP3 file on a 56k modem? Now compare that to the number of people who have downloaded 120MB (or usually more) software? The size has a huge affect on who will take the time (or can take the time) to download something. Most people get annoyed when they have to wait 5 minutes for an MP3, do you think they want to wait 5 hours, at broadband speed, for a game? And I realize the possibility of viruses is small, but to the average person, a virus is a deadly thing and could destroy everything and is everywhere. They still worry about it.
Is there a system as simple as Napster to use for getting software?
Uhhh, yeah it's called Gnutella (and other similar file-sharing programs). There's nothing about Napster that makes it unique to sharing music files. The same concept can and will be applied to other files. And there's usenet, IRC, HTTP, FTP, etc.
If you think any of those is as easy as Napster, you've saddly mistaken. I know people in the IT industry who don't use Gnutella, because it's too hard to find a decent server and find what you want. Napster is a simple centralized place to download MP3 files that can be played immediately. There is nothing that is as easy and quick as Napster.
The software industry would be destroyed if this were true. On top of that, getting music by Napster is not exactly "free." You have to do the work to locate the songs, especially if you're compiling an entire album, and the quality of the music is unknown or not guaranteed.
Still, presuming it is "free" as you say, most people are honest enough to buy the album, especially if it is considered "illegal" for them to download it on Napster.
Do you count the trouble of going to the store and buying a CD into it's cost? It's the same thing as finding it on Napster, except it's harder and uses gas and more time. As for all the people that Napster being "illegal" will stop, um....it's "illegal" now. Everyone knows that pirating MP3s is illegal and it's not stopping anyone. Most people will tell you it's illegal, but they don't worry about it. It's just the few who think they are "justified" in doing it that claim that pirating MP3s isn't illegal.
That's not a logical argument. I think we can safely say that most everyone on the internet could use Napster to download music. And those same people could also buy a music CD if they wanted.
There are hundreds of millions of people using the internet, and it's growing all the time.
How many people use Napster? A million? Two million? How many of those people actually pirated an entire CD album they hadn't already bought on CD? Ten thousand? Fifty thousand?
Not everyone on the NEt can use Napster. There are many people who can't install a simple program without help. Do you think these people are going to download and install Napster by themselves? And if only 2 million people use Napster, I would bet money that 1,999,999 at least have downloaded pirated music. HEll, you can't find anything else on Napster. As for the actually number of users...as of the press release on July 28, there were 20 million users of Napster. And I would bet that 99.99% of them have downloaded a copyrighted MP3. You don't need to download a whole CD, you only need to download a song. It could be the single that you didn't want to buy, or the song of that soundtrack that you liked, not a complete CD. And what happens as the NEt grows? When 75% of people are on the net, how many people will be using Napster?
Again, I did not say anything about CD sales on the rise. But I'm glad you brought it up... If Napster really was having a measurable impact on CD sales, they would have gone down, regardless of how you measure causation or correlation.
What constitues "measurable"? IF without Napster CD sales would have gone up by double what they did (and I'm making this figure up for arguement) would that not have been a "measurable" impact? You yourself admit that not everyone has access to Napster. So if only say 10% of the US used Napster instead of buying CDs, that means if total sales jumped by 1% Napster didn't have an affect, even though those 10% of the people would have bought CDs and didn't? That's simple insane. Anything that drives sales down has a "measurable" affect, it doesn't matter if total sales went up or not, if they would have been higher without that "detriment".
Re:No, this is NOT what "we" wanted. (Score:2)
No, it won't stop everyone from pirating music, but it will stop a lot of people. There is no way to stop everyone from doing anything, but if you can limit a large number of people froim doing it, that's still a good thing.
Yeah, just like nobody buys software nowadays, it's all pirated in usenet and IRC, and all the software companies are losing money! Right?
These are too fields that are completely different. Is there a chance of getting a virus with MP3s? Are the MP3 files huge like software? Is there a system as simple as Napster to use for getting software? What are the chances of getting non-working pirated software as compared to non-working MP3s? These two things aren't in the same ballpark, hell, their not even playing the same sport.
What they need to do is: release their albums in high quality, MP3 (or similar unsecured digital music format), for a discount over CD's. Most people, if given the opportunity, would pay for the music, and support their favorite artists.
Some people would download songs off of Napster. Some of those people will then buy the album if they like it, and others will not. We are talking about a minority of people.
Right now, Napster usage is high, but nothing compared to the amount of people actually buying CD's in stores. Napster usage would be reduced dramatically if the labels were selling inexpensive MP3 albums ($5 - $10). They'd be making money hand over fist.
Most people would buy something that they can get for free? I don't know what planet you're living on, but most people I know take free over paid any day. Napster usage is not as high as CD sales, then again not nearly as many people have access to Napster. Only half the households in the US have a computer, which eliminates a HUGE amount of people right there. And yes, people are still buying CDs, but that doesn't mean Napster doesn't have a negative affect. Correlation is not causation. There are a million reason why CD sales went up last year, and there is nothing I've seen that can draw a direct connection between Napster use and CD sales going up. The question isn't how many CDs were sold last year, it's how many would have been sold if Napster (and the resulting MP3 explosion) would not have happened.
Shoul dbe easy in theory (Score:2)
In theory they would have to alter the sound to leave a permanent mark. If that is the case it is merely a task of identifying the mark and playing with SoundForge.
Anyway. I personally am against a boycott. The honor system for payment is not sufficient (despite Stephen King's wishes), and moving to a new media is a good thing. Help them out. Besides, I am personally rather curious at whether or not they can pull it off.
Charge RIAA with RICO... (Score:2)
IANAL (I am not a Legislator), but it seems to me that this 'hack sdmi' challenge may be somehow applicable to RICO (RACKETEER INFLUENCED AND CORRUPT ORGANIZATIONS) statutes.
I found the definitions of RICO on the US House of Representatives [house.gov]' site.
The Hack SDMI effort is potentially an attempt to form a conspiracy to commit a federal offense, i.e., to crack an access control device, according to DMCA.
Further, a "pattern" of racketeering can be shown if two things are proven within ten years.
The more I think about it, the curiouser I get (Score:3)
--
Linux MAPI Server!
http://www.openone.com/software/MailOne/
The usage of phrases and frames. (Score:2)
But once you see fancy graphics in frames, as well as the phrase "shape the future", the corporate bullshit detector should go into screaming overload.
Re:I Propose a new Challenge (Score:2)
Couldn't you just get as many as you want by cranking up your virtual desktop resolution?
Re:This kinda seems pointless in the first place.. (Score:2)
Having both the input and output of the encryption algorithim makes it a LOT easier to figure out the algorithim, for I hope obvious reasons.
that's pretty funny... (Score:2)
Seth
Re:The more I think about it, the curiouser I get (Score:2)
The watermark frequencies could be outside the audible range (20 Hz - 20 kHz). But most audio equipment filters out, or fails to reproduce, inaudible frequencies.
The watermark frequencies could be inside the audible range, disguised or masked by the music. But MP3 compression works by removing inaudible, masked sounds.
The watermark could be encoded steganographically. But resampling will alter the least significant bits of the recording and destroy steganographic information.
What's to stop me connecting the analogue outputs of my soundcard to the analogue inputs of another soundcard (to remove out-of-band frequencies and steganographic data), then making an MP3 of the result (to remove masked tones)? Only the fact that the hardware and software that would allow me to do so (a Linux PC with two Soundblaster 16s and a copy of BladeEnc) will be illegal.
SDMI cannot succeed technologically, and the record companies know this. The technology only exists to provide an excuse for legal restrictions on hardware and software. Any hardware or software that is not "SDMI-compliant" will be branded a "circumvention device" and banned in the USA. Any countries that fail to follow the US's lead will be branded "havens for piracy".
Re:Why bother "boycotting"? (Score:3)
Re:This is what we wanted, right? (Score:2)
Any free service like Napster is going to be flooded with junk and people trying to be clever by mislabeling files.
An organized source, controlled by somebody who cares about the contents, is worth money.
Re:There is an effective response (Score:2)
Bribing\blackmailing the RIAA to donate money to the EFF wouldn't exactly be a great moral victory.
Ultimately, I don't think that this matters. (Score:2)
Personally, I don't think that any of this actually matters. I don't really care whether the RIAA gains industry credibility for the SDMI - if recording companies want to use it then more power to them. I also don't care if the current SDMI implementations are 'proven' to be un-crackable during the artificially restricted cracking period of three weeks - the only thing that this will cause is more trumpet-blowing by the RIAA.
The beautiful thing about the 'net and the hacker community is that I can guarantee at least a 1000:1 ratio of 'smart, motivated hackers' to 'mediocre corporate software engineers' on this one. Whatever the RIAA end up thrusting upon the industry and the unsuspecting public, it'll end up being cracked within the month. End of story.
Let them waste cash developing this white-elephant of a protection mechanism. Whatever they spend here won't be available for them to pay lawyers with
--
Re:This is what we wanted, right? (Score:2)
Maybe to audiophiles, but the average person can't tell a difference between a 128bit MP3 and the CD version. I know I can't. Everyone I talk to says that MP3 is "CD quality". That certainly says to me they can't tell the difference, and if they can, it's not enough to bother them. Only audiophiles with $5000 stero setups notice or care about the difference.
The fundamental flaw in all anti-piracy reasoning is that if a user illegally copies a thousand dollars worth of CDs, the music industry has lost a thousand dollars. The fact of the matter is that most people don't have a thousand dollars to spend on CDs every week, especially their core audience, who are teenagers and college students. If every MP3 in the world were magically erased and all sources were cut off, it would not translate into sales.
No, it doesn't translate into $1000 of sales, but I would bet it translates into at least 1 CD sale lost. If you download $1000 worth of music, chances are there is something in that $1000 you would have paid for if you couldn't get it for free. I wouldn't suggest it's a 1 to 1 ratio, but I would guess that there is some correlation.
Prize money isn't guaranteed (Score:5)
So it looks like they trick people into checking their security for them, and then don't have to give them the cash anyway. Personally, I'd like to see someone remove the watermark and not tell them how it was done. Sure, they'd be forfeiting the possible prize money, but they'd also be delaying the introduction of SDMI. Like Don Marti, I don't copy music from others. And yes, protecting my fair use copying is worth more than $10K to me anyway.
This is boycott is useless (Score:2)
If no one breaks SDMI during the three week period, then they will just have ammunition to say that SDMI works. End of story. Move along.
For those who think that the industry will not get their way, I have a simple answer for you: System on a Chip (SoC). Custom integrated circuits that do all the decrypting, audio decoding, D/A, etc., will be made. Once its all on a single IC chip (and this can likely be done with a bit of work right now), your rights are gone.
I doubt anyone on Slashdot has access to clean room that they could an take apart an Integrated Circuit, figure out how to disable the protections, checksumming of code, etc., and then a fabrication plant than can make enough modified ICs that they could distribute them around. Consumers have lost their rights one by one; they just have not realized it yet, nor cared.
Sorry, but the gig is up.
Beat them at their own game. (Score:2)
---
$10K "Prize"? Are they kidding? (Score:2)
$10K isn't a prize. It is a joke.
Had I broken one of their candidate schemes, I would expect a lot more for my efforts -- or I would keep it for my own later uses, just in case the DMCA is later abrogated or amended.
Re:Why bother "boycotting"? (Score:2)
For the SDMI, my recommendation is to download the stuff, hack it, and then NOT TELL THEM. Then, when they release this stuff, you release your hack the very same day. Take that, SDMI! ;)
Does it really matter? (Score:4)
Now from where I'm sitting, that means that breaking the encryption really isn't of much relevance; the issue is of making player-software available cross platform. This could be done by cracking the encryption, but lets face it: it's a whole lot easier just to reverse-engineer the player-software that is released, which is exactly what was done for DVDs.
Okay, so the powers that be don't especially like that tactic either, but in truth it's better for them too.
Re:give it away now (Score:4)
Re: (Score:2)
Re:give it away now (Score:2)
//rdj
Re:Why bother "boycotting"? (Score:2)
Also, Sound blaster cards were widely distributed via legal channels before the watermarking is released. I understand that as "for all intents and purposes" because at least 50% of computer users have a standard unrestricted sound card right now and can legally sell them (even if there's an unstated assumption that the card will be used to pirate). At what point do you say that it's not effective? 100,000 people having a legal tool that instantly accesses it? 10,000? 1,000?
PS. I don't think they're intending to use watermarking to prevent access, only track people, but this thread is interesting anyway.
--
What to do about it? (Score:2)
I wonder if maybe we couldn't find some way to get this onto national television and let the world know what these idiots are doing. The reason why RIAA, MPAA, and other big industry conglomerates have been able to get away with things like CSS and potentially SDMI, is because the public at large doesn't know what it means, and if they do know what it is, they may not neccesarily know why they should care.
Somehow we need to get this into national press and make people aware of the potential damage these various technologies could do.
Re:Why bother "boycotting"? (Score:2)
Re:The more I think about it, the curiouser I get (Score:3)
> affect the sound but will destroy any watermark.
No, that isn't going to work.
The watermark is a particular set of frequencies, repeated at particular times. It doesn't have to be audible. It certainly won't be removable by just twiddling bits--- anything that doesn't affect the sound won't affect it.
It's possible to use cryptography to hide the watermark, even if you reveal the algorithim for creating it. Any random set of sounds could be a watermark, but only if you know the correct key will you know what the watermark means.
Correctly implemented, there is no way to detect or remove it. However, from what I've read, the SDMI idiots appear to be rather clueless. They want the watermark detection to be built into every player, so that it will refuse to play even analog copies of watermarked material. Of course, this means that all you have to do is reverse engineer one of the millions of players they will be selling, and you know exactly how to find the watermark-- and how to remove it.
Re:No, this is NOT what "we" wanted. (Score:2)
What are you, some sort of RIAA goon? "Limiting a large number of people" is EXACTLY the problem with the music industry. Why limit a large group of people, the people that pay for the music, when the real problem is the minority of people that pirate the music? The piraters, as you fully attest, will not be stopped by encryption, watermarks, or the like. History has proven that they will find always find a way.
If watermarks and encryption did not cause problems for honest people, I wouldn't care about this. But the problem is you can't do encryption or watermarks without limiting what your paying customers can do with their property.
These are too fields [software and music piracy] that are completely different.
No, they're exactly the same. Digital content that can be reproduced at no cost, distributed by file-sharing programs, and are typically sold, not free (as in beer).
Is there a chance of getting a virus with MP3s? Are the MP3 files huge like software?
The size of the software does not play into this at all. Similarly, viruses and trojan horses are not a big deal for pirated software anyway. (Ever heard of a CRC or MD5 hash? You can tell if the software is legit or not.)
Is there a system as simple as Napster to use for getting software?
Uhhh, yeah it's called Gnutella (and other similar file-sharing programs). There's nothing about Napster that makes it unique to sharing music files. The same concept can and will be applied to other files. And there's usenet, IRC, HTTP, FTP, etc.
What are the chances of getting non-working pirated software as compared to non-working MP3s? These two things aren't in the same ballpark, hell, their not even playing the same sport.
You are insane. They are not only the same sport, they're playing for the same team.
Most people would buy something that they can get for free? I don't know what planet you're living on, but most people I know take free over paid any day.
The software industry would be destroyed if this were true. On top of that, getting music by Napster is not exactly "free." You have to do the work to locate the songs, especially if you're compiling an entire album, and the quality of the music is unknown or not guaranteed.
Still, presuming it is "free" as you say, most people are honest enough to buy the album, especially if it is considered "illegal" for them to download it on Napster.
Napster usage is not as high as CD sales, then again not nearly as many people have access to Napster.
That's not a logical argument. I think we can safely say that most everyone on the internet could use Napster to download music. And those same people could also buy a music CD if they wanted.
There are hundreds of millions of people using the internet, and it's growing all the time.
How many people use Napster? A million? Two million? How many of those people actually pirated an entire CD album they hadn't already bought on CD? Ten thousand? Fifty thousand?
And we're only talking about the people on the internet. Add the rest of the people that can access CD's only, and even if you're poor at math, you should be able to see how small the damage by Napster really is.
And yes, people are still buying CDs, but that doesn't mean Napster doesn't have a negative affect. Correlation is not causation.
I never said it didn't have a negative effect. Likewise, you can't prove it does have a negative effect. No one can without a massive, scientific, unbiased study that will never happen.
There are a million reason why CD sales went up last year, and there is nothing I've seen that can draw a direct connection between Napster use and CD sales going up. The question isn't how many CDs were sold last year, it's how many would have been sold if Napster (and the resulting MP3 explosion) would not have happened.
Again, I did not say anything about CD sales on the rise. But I'm glad you brought it up... If Napster really was having a measurable impact on CD sales, they would have gone down, regardless of how you measure causation or correlation.
-thomas
"Extraordinary claims require extraordinary evidence."
Re:Why bother "boycotting"? (Score:2)
Re:Why bother "boycotting"? (Score:2)
That may not degrade the signal enough to get rid of any watermarks.
LK
This is what we wanted, right? (Score:3)
Why Boycott (Score:5)
That is the real reason for the 'hacking contest'. Much in the way that the real reason for registration of firearms is to make the later collection of those weapons from the law abiding easier - so is the real purpose of this contest to allow the music industry to collect information on who is interested in trying to crack their copy protection scheme. Anything you do in this 'contest' may be used against you in a court of law at a later time and date.
Re:There is an effective response : (Score:3)
As for the boycott : they are clearly trying to avoid a DECSS-like failure.
Maybe they have the same level of confidence for their crypto technical than for their www one ?
This shows that DECSS teached some lessons.
But like usual, thos BIG-CORPORATE-FAT--ETC guys understood the teaching the wrong way, because if their "new" system is not cracked it three weeks, it's going to be cracked in four, five... until the sun blows. And even if the crack is declared illegal their will be a part of the world whete someone will sell it, and the bootleging-vox populi will do the rest.
For every better lock, there will be a better thief ! Hey guys, instead of focusing on the lock, please look at the door design.
On the other hand, like every #$$^#@#$ marketing guys, they gave the delays, blissly disregarding the rules of the game. And like usual the requirements seems to be late.
Bu I will advise for the boycott, because their goal is not clear. Apparently they are going to put a bunch of differents technologies under public scrunity. They seemed to learn at that principle of free software : the most testers you have, the better the product. But testing FOR them will be against our interests. Let them test, and if they cannot get people competent enough to point the flaws in their systems, it means they did not deserve that.
This quote sums up the flaw in this plan. (Score:3)
DISCLAIMER: Its long!
Basically they believe that the gaol of these hackers (if they find any) will be for the money or fame. After the three weeks they will give up and go home and never think about it again. However they are just going to end up giving these contestants a taste of flesh and they aren't going to stop. I'm just not that good with words so here are someone else's:
They are fools that think that wealth or women or strong drink or even drugs can buy the most in effort out of the soul of a man. These things offer pale pleasures compared to that which is greatest of them all, that task which demands from him more than his utmost strength, that absorbs him, bone and sinew and brain and hope and fear and dreams -- and still calls for more.
They are fools that think otherwise. No great effort was ever bought. No painting, no music, no poem, no cathedral in stone, no church, no state was ever raised into being for payment of any kind. No parthenon, no Thermopylae was ever built or fought for pay or glory; no Bukhara sacked, or China ground beneath Mongol heel, for loot or power alone. The payment for doing these things was itself the doing of them.
To wield onself -- to use oneself as a tool in one's own hand -- and so to make or break that which no one else can build or ruin -- THAT is the greatest pleasure known to man! To one who has felt the chisel in his hand and set free the angel prisoned in the marble block, or to one who has felt sword in hand and set homeless the soul that a moment before lived in the body of his mortal enemy -- to those both come alike the taste of that rare food spread only for demons or for gods."
-- Gordon R. Dickson, "Soldier Ask Not"
I Propose a new Challenge (Score:5)
Before one learns to fly, one must first learn to walk. Before one learns to develop a secure framework for digital music, one must first learn to use the target attribute.
Re:Better late than never... (Score:3)
It is far better to take SDMI, not find the holes, let them institute it, and then flood the market with the methodology to crack it, forcing them to scrap the entire project and walk away with egg on thier faces.
Re:give it away now (Score:3)
Do you really believe that a company or organization will ever be able to do anything to protect their music, video, or software from piraters if they really want it?
The music industry simply needs to be concerned about making it easy for consumers to buy and use digital music. If they do this, they might be just as successful as the software market.
-thomas
"Extraordinary claims require extraordinary evidence."
Re:Prize money isn't guaranteed (Score:5)
How much time of a professional crypto expert's time would that buy in the real world? A week if they're feeling charitable.
The people behind the SDMI collective spend $10K on lunch. The prize money is more an insult to the value of cryptographic analysis than anything.
Re:Prize money isn't guaranteed (Score:3)
Notice they don't say what copy-protection/watermark methods there are to crack? Or what exactly a successful crack consists of?
It looks like the site requires a major update before the contest can start, and I imagine the legal details will be spelled out more thoroughly at that time. (If ever... the site was built on imagecafe and has dangling links to default pages and has a problem with its frames. It looks as if the only people who worked on it was the PR team.)
--
Don't Boycott; Show Their Futility (Score:3)
How can this be done? I'm no expert on watermarking, so I'll leave that one to someone else. But, for conventional means of copy protection, I have some ideas. If you can hear it, it can be recorded. Better yet, if its digital and your sound card plays it, then its driver is being sent the raw, unencoded, unencrypted data.
How about a fake sound driver? If someone wrote a sound driver (preferably for Windows so the collective would see the impact more plainly) that acted like a regular asound driver but instead recorded the raw audio data to a file, the "protected" songs would be available in an "unprotected" form.
So, how about it? Or do you think the SDMI would just have a law passed to make all Audio Card manufacturers adhere to SDMI specs and encrypt the data down to the DAC?
Re:The more I think about it, the curiouser I get (Score:5)
Under the DMCA any player which does NOT use the watermark is a device which is 'bypassing digital copy protection means' and is thus ILLEGAL.
Not only will all new players be forced, by law, to use the copy protection scheme; but you can be imprisoned for 5 years by using your old CDROM or sound card once the new copy protection scheme is on the market. Like DeCSS any device which can be used to copy protected music IS ILLEGAL under the DMCA.
For example a PC which has a current CDROM burner would be illegal. We can assume that Microsoft will put the music copy protection scheme into a future version of Windows - thus making illegal all current operating systems which do not have that code in them.
The DMCA is not about copy protection; it is about controlling what YOU can do with digital technology.