Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Music Media

Hack-SDMI Boycott Explored 164

Andrew Leonard writes: "Tech companies want hackers to break SDMI watermarks because they know watermarking will never work and are desperate for a different solution. In Salon, Janelle Brown shows how the hack-SDMI boycott is revealing a major rift between the tech and entertainment companies that make up the SDMI coalition." Amusing how the tech companies oppose SDMI because they think it won't work, not because they think it will screw consumers. And several anonymous sources interviewed for the article seem to have gotten it wrong: everyone thinks it will be broken, it's just that most of them think the opportune time for that would be about 2 days after the music companies have irrevocably committed to their new method of making it difficult for people to listen to music rather than 2 days before.
This discussion has been archived. No new comments can be posted.

Hack-SDMI Boycott Explored

Comments Filter:
  • no youre right. SDMI is audiophiles only. for people with a 5000$ stereo, that do not listen to mpeg radio, not to tv, not in the car, not to minidiscs, not to mp3 anyway. and of course not to vinyl. considering they would buy a compromised (even only in a not hearable way) file with encryption.... well. strange superflous discussion.
  • by lfourrier ( 209630 ) on Tuesday October 03, 2000 @02:06AM (#736436)
    did you read the sdmi spec? I did. and I found some rather frightening provision : any unmarked music entering the sdmi system has to be marked as valid for only 4 working copies at a time. And so, even if some music work as no copiright att all, once it enter the system, you can no longer make as many copies as you wish.
  • C'net testing showed that most people can't tell the difference between 192kbit/sec MP3s and the original, and basically nobody can tell 256 kbit/sec.

    If 256 KBits/Sec is your standard, then your standard is 5:1 compression. My standard is lossless, or 2:1 compression. You can argue one way or the other about whether the difference is noticable, but I'll point out that the difference between a 5:1 download and a 2:1 download is mostly that of convenience. Both are equally feasible, and as network speed rises and disk space prices fall every year, the difference between the two will become negligable.

    Your point about sound quality is correct. For most people, there's simply no reason to download 2 1/2 times as much data, because they can't tell the difference. However ...

    SDMI creates a brand new reason to do so that never existed before and has nothing to do with sound quality. The new reason to download 2 1/2 times as much data is because that's what will be required in order to encode the music so you can play it on your portable SDMI player, and that's a powerful incentive.

    The record companies stand, poised to replace "Perfect Music Forever" with "Music, purposely degraded -- made imperfect, and technologically restricted so it isn't necessarily Forever", at the exact moment that network distribution of their former, better product, "Perfect Music Forever" -- unwatermarked files with lossless compression -- is becoming possible. This is a disasterous strategy for the music industry.

    5:1 verses 2:1 illustrates why the SDMI watermarking strategy will fail. It's too little too late. It's based on the assumption that downloading a lossless digital audio file is not feasible, which is not true. It's just unnecessary -- yet. The RIAA thinks that SDMI will destroy downloadable music technology, when all it will really do is force the abandonment of lossy compression.

    The legacy of this failed attempt at market control will be deliberately introduced audio distortion on future CDs. This raises a new question. What will happen when someone figures out how to remove the watermarks completely, leaving the work undistorted? How will the recording industry compete against something that sounds, or is perceived to sound better than their store-bought product, and can be downloaded for free? They are not considering the results of their strategy. They do not understand the technology. Even worse for them, they no longer understand that the quality of their product is their product. In this sense, they have completely lost their way.

    - John
  • If you encode at 192 kbps, you'll have CD quality. Yes, the exact same quality from a CD, and that's proven. If you still think you have special ears, you can encode at 256 kbps (Studio quality). MP3s are not lossless, if you want. CD's are pretty much dead now.

    --
    Q: How does a Unix guru have sex?
    A: unzip;strip;touch;finger;mount;fsck;more;yes;umoun t;sleep
  • that's why they had the contest. When the other part of the DMCA kicks in (the 28th?) they can simply arrest everyone who submitted an entry. viola! mp3's disappear!

    --
  • by zavyman ( 32136 ) on Tuesday October 03, 2000 @06:54AM (#736440)
    From the agreement:

    Compensation of $10,000 will be divided among the persons who submit a successful unique attack on any individual technology during the duration of the SDMI Public Challenge. In exchange for such compensation, all information you submit, and any intellectual property in such information (including source code and other executables) will become the property of the SDMI Foundation and/or the proponent of that technology. In order to receive compensation, you will be required to enter into a separate agreement, by which you will assign your rights in such intellectual property. The agreement will provide that (1) you will not be permitted to disclose any information about the details of the attack to any other party, (2) you represent and warrant that the idea for the attack is yours alone and that the attack was not devised by someone else, and (3) you authorize us to disclose that you submitted a successful challenge. If you are a minor, it will be necessary for you and your parent or guardian to sign this document, and any compensation will be paid to your parent or guardian.

    This article has it backwards. The hacker community should not participate in this contest, as it will prove to be a loss for the community as a whole. After all, if the details cannot be disclosed, they must be planning to still implement it. (If they were planning to make a new system if they defeated it, why would they want the details of breaking it hidden from public view?!)

    What should happen? As mentioned before in the last time slashdot discussed it, it should be attacked, but not for the contest, and not for the money. $10,000 is a worthless sum when it would have cost them tens of millions to try to break it on their own.

  • But I do feel badly for the engineers who are being forced to create a lemon

    perhaps the cue:?!@#%cat (whatever the hell its called) engineers were on to something. it's obviously gonna be reverse engineered, so why waste months and thousands of dollars making some fiendishly clever death device, only to be twarted by some nob with a pocket knife, a piece of string and some naval lint? fsck it - just xor/base64 it and let the lawyers take care of the rest.
  • I stand on the side of hacking AFTER the standard is finalized. However, in any case I don't like the evil tracking the hacksdmi.org web site does, so I now provide you with a way around it:

    diddl.firehead.org/censor/hacksdm i.o rg [firehead.org]

    Yes, now YOU TOO can go get the files to be hacked, without giving them your IP address or agreeing to their stupid (and worthless) agreement!

    Have a nice day.

    mods: read the subject

    -----
  • They are only trying to trick the people who are talented enough to beat them into doing their R&D for them. Let them release the SDMI hardware, I won't buy it, no one will, and then it will all go away for a while.

    The problem is the music industry needs a different business model, give up guys, go with advertising or corporate sponsorship or something that allows the music to be distributed freely without depriving the artist of what they deserve.

    The free distribution of digital media is here to stay, nothing is gonna change that.

  • If i understand the watermarking correctly, it is based on the fact that some parts (frequencies?) of the audio signal are inaudible to human listeners, so a watermark signal there wouldn't degrade the sound. Isn't it quite trivial to generate some noise/random signals at the *modulated* frequencies *of* the watermark signal, or just read the watermark signal, invert it and put it back? What am i missing?

    Well, you don't understand understand watermarking correctly. The watermarking schemes used by SDMI are all spread-spectrum techniques in which the watermark is detected by correlation of the signal with the (known) watermark vector. The watermark, then, goes into every frequency, including audible ones. The idea is to make the changes in the amplitudes of the frequencies small enough you can't hear them but large enough so that, even if the signal were altered as you suggest, a correlation detector would still see the watermark.

    But that's not to say that breaking watermarking schemes isn't pretty straightforward. If you can discover the key that was used to embed the watermark, then you can either (a) remove it, or (b) fake your own.

    Even if you don't know the key, I claim that if the watermark is robust against frequency-domain quantization (which it needs to be for MP3) then you can still determine it by a so-called "hill-climbing" technique. As far as I can tell, there is no mathematical way around that conundrum.

    I don't understand the SDMI scheme very well. Either it won't let you play songs with watermarks, or it won't let you play songs without watermarks. Either way, it's not too tough to break.

    I tried to suggest my own scheme to SDMI, in which the music would be reversibly degraded and distributed for free, like shareware. It took care of many of those thorny issues about fair use, etc., but apparently it didn't leave enough control in the hands of the record companies, because they didn't go for it.

    Didn't matter all that much, anyway, because my scheme could still be broken by capturing the decoded input, just like the existing one can.

  • Not too long ago, Scientific American [sciam.com] ran a couple of items like this one [sciam.com] citing Xerox, and specifically Mark Stefik on digital rights enforcement. So where's Xerox and their tech in all this?

    At the Xerox [xerox.com] site I found some references to XRML or DPRL (Digital Property Rights Language) and ContentGuard [contentguard.com]

    More XRML at Oasis-Open [oasis-open.org] like this item [oasis-open.org] by Robin Cover.

    But I don't see anything off-hand on doing the MP3 kind of thing. That would involve an extension to autonomous devices. Could be done if the devices had decent hard-to-tamper clocks.

    There are other people in the same business such as NetActive [netactive.com]

    It's still not free, of course. But I'm not yet convinced that copyright is dead. I'm willing to pay for rights, but I need the real rights that I used to get, not some constrained version like SDMI.

    --
    Henry Troup

  • Yes, but the DMCA forbids reverse-engineering, or copy-protection disabling. Hmmm, I wonder whose idea that was, and how much it cost to get it into law. . .
  • The idea is to do all the copying in the digital domain. Converting to analog and then back to digital will lose sound quality. The trick is to do it in such a way that the watermarking is bypassed.


    ...phil
  • When / if SDMI is ever deployed people are going to have access to all aspects of the technology. Being able to examine the watermaking and checking binaries, and being able to examine the same stream pre- and post- watermarking, will make the task considerably easier.

    Even if it were deployed and not cracked, it's hard to see how it will gain any market share. Traditional formats take a long time to die. Most new music exists on both tape and CD, some is still on vinyl, and there will be a large market for these formats for a long time to come. Music companies use whatever formats offer a viable market. How many of these companies (and artists) will want to go all digital and lose revenue stream from traditional formats? Until then compression schemes that home users can apply are going to be where it's at...

  • Why do the tech companies participate in the first place in such a brain dead initiative.

    Fear of not having access to content ?

    Afraid not being able to deliver cutting edge stuff ?
    Fear of not having access to specifications ?

    Those might all be valid reasons. However, if this idea is so fsck'ed as it's presented in the article then why the hell don't they stick together and tell the contents providers where to shove it ?

    Save for Sony I don't know of a content monopolist currently being bundled with a tech company.

  • I'm sure the Audio Home Recording Act says something about hardware having to be honest about the copyright information.

    This could be construed as a a breach of that if the hardware insists that a public domain track isn't public domain.
  • SDMI is supposedly watermarking the signal via inaudible frequencies, right? Check out this marketing:

    SDMI: the new technology that can encode digital music data beyond the range of human hearing! Today's CD players can't match that and MP3's are a vague shadow. For quality you can't beat, use SDMI!
    --
  • A consumer who knows what SDMI is has no incentive to buy one, unless manufacturers slash prices on them but that's unlikely given the cost of developing the new devices.

    Manufacturers are the people who tried to establish DIVX as the market standard by selling the players for $50-$100 more than regular DVD units. AFAIKT, they haven't gotten any more clueful since then.
    /.

  • i think they think they can produce players with play music securely...dont think they`ve seen the Creative recorder, in `what-i-hear` mode where it just wav`s (to coin a verb) whatever is going out the back...
  • "home audio equipment (probably including sound cards) will be required to respect. "

    I`d like to see them `require` Linux (and other open source) drivers to respect arbitrary, foreign, protection systems.

  • And then SDMI players will be found on the shelves where miracouously you can turn this 'feature' off, "oops engineering left in some test menues, well, we trust our customers to simply not do this, and no, we don't know why our player sells better than any of the others out there despite it's slightly higher price". We've seen it all with DVD's and region encoding.
  • Wow, what a great straw man you've constructed.

    When people scream bloddy murder about poor security, it's usually because they've payed money for the product that failed, and the failure results in the loss of much more money. Open security is good security, and that benefits the companies producing the products and the people buying the them.

    SDMI is nothing like this, because it benefits none of us, not even the artists, only the record execs. Helping SDMI is like buying into a ponzi scheme.

    And besides, you do realize that this scheme is dependant upon closed, secret, and unhackable hardware? It's broken from the start, so why waste effort trying to make it work?
    --
  • by jms ( 11418 ) on Tuesday October 03, 2000 @07:29AM (#736457)
    The RIAA has no idea how good they have it, right now.

    The main purpose of SDMI watermarks is to detect if a watermarked song has been compressed. The idea is that this will "break Napster." Breaking MP3s is completely the wrong approach! What the industry is forgetting is that lossy compression is just one way to transmit music. There are lossless compression schemes that achieve approximately 2:1 instead of 10:1 compression on music files. They're five times bigger, but disk space is dirt cheap now and network speeds are increasing. Quite frankly, lossless internet music distribution isn't something in the far distance, it's coming and it's coming fast.

    What the industry doesn't realize is that they have one last chance to save themselves -- they need to market MP3s as a preview format, and CDs as a high quality format that you buy in a store that sounds better than MP3. Right now, they still have an opportunity to survive. If someone downloads an MP3, then decides that they like the song, they have a very good incentive to go out and purchase the CD, for a very practical reason that has nothing to do with morals or ethics or artists getting paid -- they still have an actual trump card. A CD sounds better!

    Here's why SDMI is a two-pronged suicide weapon for the RIAA:

    1) Even if the watermark is inaudible, people will think that they hear it. They will be dissatisfied, and will want unwatermarked music. Where will they get unwatermarked versions of their favorite albums? Not from the record store. They will have to either find a used, pre-SDMI CD, or copy it from their friend, or Napster, and they will feel zero guilt about doing so, because after all, they can't buy the uncorrupted version of the CD in the store anymore.

    2) If SDMI succeeds, and it becomes impossible to play a song once it has been compressed to MP3, then people will be forced to stop using MP3. What will replace MP3? There are already lossless codecs -- the "shorten" format among them -- that achieve 2:1 compression (as opposed to 10:1 for MP3.) Napster and the like could quickly be retrofitted to use lossless compression instead of lossy compression.

    If this happens, then the record industry will have destroyed the only consumer benefit in their pre-recorded CDs. So long as an MP3 sounds worse than a CD, consumers feel justified in "upgrading" their MP3s by buying the CDs. If people feel that the store-purchased CD is going to sound the same or worse than a download, then why should they buy it?

    Or how about if the store-bought CD of "Dark Side Of The Moon" has audible distortion due to the watermarking, but you can easily download a lossless copy from Napster that was made from a pre-SDMI CD.

    What will you do if you want the "best" sounding version of an album? There are collectors who pay top dollar for 1950s vinyl because they think it sounds better than CDs. Pre-SDMI CDs will join those ranks, but Pre-SDMI CDs will be infinitely reproducable.

    In short, SDMI is suicide for the record labels. It's going to force changes in Napster and consumer behavior that actually destroy their own business model. Permanently.
  • Let's stop
    working on legitimate OSS projects and help the Recording Industry come up with a better consumer trap.


    I've said this before and gotten flamed into oblivion for it, but I think it needs to be said again:

    Something like SDMI might not be all that bad.

    We in the Open Source Community have been busy with things ranging from effective (encouraging subscription models, bulding a new codec, refining street-performer-like schemes, etc) to things, um, less-effective (yelling "information wants to be free!" and defending the tactics of Napster).

    What I wonder about is why we haven't sat down and thought about how we could create something that would actually allow those who so desire to have some control over the destiny of their content.

    I'm not talking about Iron Clad control, which I'm sure most of the current heirarchy in the recording industry wants. Nothing "uncrackable". We don't have a foolproof copy-protection system now, and we're doing fine. What I'm thinking is copy protection that is:

    1) just strong enough to encourage Joe Average off the street to buy rather than make copies

    2) allows fair use afterwards

    #1, of course, has to be done in conjunction with a pricing structure and preview system that will support it. #1 is just an extra push to encourage the consumer to support an artist.

    So, why not? And please don't say "but the artists won't see any of their money. The evil record companies will take it all." For those who go through record companies, that's probably true. But there will be some who won't....
  • This article states the tech companies are the ones complaining about the boycott. I can understand their perspective completely, it's all about money.

    They're spending their hard(ly) earned money developing SDMI watermarks they know will be broken when commerically released. If this turns out to be true, they will lose much much more in the cost of producing compliant products and paying for the "license" to implement it. So if the solution chosen is extremely easy to circumvent, they lose money much quicker than if a relatively difficult to break solution is chosen.

    Bottom line, they don't care whether it's dropped or not - they just don't want to spend/lose too much because of it. Whether it's dropped or extremely robust, they come out as winners. If the latter, the RIAA wins too. But in only the former would consumers benefit. Make no mistake, they're looking for you to save them money, that's all.

  • Not to be paranoid, but they _would_ say that, wouldn't they? Maybe they're just trying to drum up support. But boycotting it until it's properly released and _then_ hacking it is much more amusing than joining in the RIAA's silly $10,000 buck contest. Talk about tightfisted too, would a decent programmer get out of bed for that amount of cash?
  • by san ( 6716 ) on Tuesday October 03, 2000 @01:32AM (#736461)
    If i understand the watermarking correctly, it is based on the fact that some parts (frequencies?) of the audio signal are inaudible to human listeners, so a watermark signal there wouldn't degrade the sound. Isn't it quite trivial to generate some noise/random signals at the *modulated* frequencies *of* the watermark signal, or just read the watermark signal, invert it and put it back? What am i missing?
  • Amen. His argument seems to go something like this:
    • Hackers break SDMI
    • RIAA realizes SDMI is fundamentally flawed
    • RIAA releases a new copy protection system. This new system is somehow more customer friendly, despite the fact that:
      • Customers aren't friendly to RIAA, they're happy to use Napster in droves.
      • RIAA is made up of big companies. Big companies like frightening EULAs
      • Citizen-friendly copy protection is hard to do. It has to let you carry your music with you... it has to be as easy to use as CD's are, and no more intrusive privacy wise.

    --

  • That should be from the we-want-to-post-something-bashing-SDMI-but-nothing 's-happened-recently dept.

    --
  • I agree, we should still boycott the hack SDMI contest. I want to see the SDMI implemented and then hacked 2 hours after the first watermarked CDs ship. Then the record compaines will be stuck with a watermarking scheme that doesn't work, and may give up with the whole idea of watermarking/secure music files. If they decide to continue with SDMI, then it'll be easy to hack and not much will change, at least for the next few years.
  • How does this help Metallica?

    Their music sounds like watermarks anyway.

    Maybe removing the data, leaving silence would be an improvement.

    In fact, why not incorporate watermarks into all music from now on?

  • by AtariDatacenter ( 31657 ) on Tuesday October 03, 2000 @02:26AM (#736466)
    Okay, admittedly, all of us would really like to see the record company fall on its own sword and ruin itself by releasing the "perfect" distribution system for music online, having some hardware manufacturers go full-steam and produce products, the record industry puts out their songs, THEN it is cracked.

    That, by the way, is why the hardware groups oppose it. They know it is going to die because it won't work. They want it proven before they spend incredible amounts of time and money engineering and producing a dead product.

    Now, if I were to crack it before they are committed, they have a chance to put another solution in place. I really doubt that if someone produced the magic bullet that kills watermarking that the RIAA will say, "Okay. We're not going to protect our music." They'll just come up with something else.

    By hacking later, it also buys time. And it also destroys the RIAA's reputation so when they're working on a "second solution", their sphere of influence will be diminished. And in the mean time, you'll get access to all the watermarked songs they've released.

    Hack now? No thank you. But I do feel badly for the engineers who are being forced to create a lemon.

  • How about proving it can be cracked, but not supplying the info, not claiming the 10k, but suing for reverse-engineering your patented method?

    Watch that decimal point move to the right.

  • Manufacturers are the people who tried to establish DIVX as the market standard by selling the players for $50-$100 more than regular DVD units.

    Yeah, but Divx offered $2.00 movie rentals, and you (technically) didn't have to return the movie when you were done. However, Divx didn't really offer any of the benefits of DVD (multiple aspect ratios, etc). Dibx was a brand-new high tech product marketed towards the "couch potatoe" masses. SDMI seems to be heading down the same path. Even if you have a halfway decent CD player you have NO reason to invest in a new player, especially if the new player only gives you the abilty to play SDMI music.
  • SDMI is audiophiles only. for people with a 5000$ stereo, that do not listen to mpeg radio, not to tv, not in the car, not to minidiscs, not to mp3 anyway. and of course not to vinyl.

    All the serious hi-fi nutters I know reckon that CD quality isn't good enough, and that transitor amplifiers are insufficiently linear. It's got to be vinyl and valves!

  • you can copy a CD to a minidisc through a digital connection.

    You can't copy that Mini Disc to another minidisc digitally (you can anaolog thouhgh duh.)

    However there is a box they sell in japan which claims to remove the copy management. Your supposed to run the output through a fiber into the box and it removes the protection system. They say it also removes track marks, labels etc.

    You can't prevent copying. period. You can only hope that people act a little responsibly.

    they're just trying to make it harder to prevent piracy from becoming too rampant.
  • Will it have to work through analog conversions? I`m sure cutting out a very thin band of frequencies would be one way of id`ing a protected track. Thats what an earlier proposal for copy-protecting suggested. Cant remember the frequencies offhand, but you could hear the difference. The idea was that so could the DAT recorders of the time, and they`d refuse to record the incoming signal.
  • If you garble the signal too much, you will get music that most people actually can hear has been tampered with.

    I have this mental image of a bunch of RIAA executives being flown to a nice resort hotel, gathering in the conference room, listening to a full-blown multimedia presentation on their new Copy Resistant Audio Protection[tm] system, watching the techs wheel in the prototype and start it up... and hearing something that makes Thomas Edison's wax-cylinder phonograph sound like top-of-the-line Bang & Olufsen.
    /.

  • by g_mcbay ( 201099 ) on Tuesday October 03, 2000 @02:30AM (#736473)
    What the RIAA doesn't understand is that the minor sound quality lost by the conversion to analog then back to digital wouldn't be a problem for the vast majority of people, and certainly not those who trade (often poor quality) mp3s on Napster now.

    And..you only need to go digital->analog->digital once. Once you get it back into digital form (mp3 or vorbis, etc), you can then make as many perfect digital copies of the very slightly degraded (not detectable by 95% of the population.. if done properly) sound image as you like...and can send it to as many people as you like (technically, if not legally).

  • After reading the Salon article, I honestly can't say I feel badly for the tech companies involved. If they really feel the whole thing is a sham, they should just pull out of the effort and announce they won't support the standard in their future products.

    If they don't have the balls to do that, they deserve to waste millions implementing useless copy protection hardware.

  • They could probably 'coerce' Creative to fix that, but it will be much harder with software. How easy would it be to write a program the takes the windows waveout and writes it to a file, it can be done in beos too, and even though I am not too much of a linux hacker, I know its possible there too. What's the easiest way?
  • what about running the digitalout on my soundcard to the digitalin?
  • by skoda ( 211470 ) on Tuesday October 03, 2000 @07:47AM (#736477) Homepage
    The whole Metallica thing is interesting; or rather the response to it is interesting.

    The general anti-RIAA response to the Napster case seems to be, "Don't hold the company responsible for the users' actions."

    But when Metallica did just that (going after the music pirates, not Napster), the response seems to have been, "Don't hold the users responsible, that's bad form."

    Although Metallica could have gone about things more sensibly that might have reduced piracy and not antagonized fans (of course, true fans buy music, not steal it), I think their actions were reasonable and justified.
    -----
    D. Fischer
  • It will be an expensive lesson for SDMI to learn, but it is a basic fact of information theory, that you cannot securely deliver information to an individual, who does not want that information to be secure.

    This is why SDMI will fail, and their "hacker challenge" is merely a cynical attempt at hyping the technology; selling it to people who don't understand these basic facts. There apparently are engineers out there - the guys who invented SDMI, and they have to SELL this technology to the RIAA, and in order to do that, they have to prove that it's secure. The real dopes here are the RIAA.

    So if some hacker goes and wins the prize, you know that SDMI will not ever make it to the marketplace. Nipped in the bud. Either some new technology will come along and take it's place, and similarly fail, because the whole concept is an impossibility, OR, the RIAA will finally learn this lesson. However, greed will probably continue to be a powerful motivator, and maybe they'll figure out that "good enough" copy protection will still work to increase their profits. While they cannot 100% lock down the signal, and prevent unauthorized copying, they can make it hard enough to do, (and risky enough, by lobbying for stupidities like the DMCA), that a maximal profit curve can be obtained.

    Now, if nobody comes forward, and hacks SMDI, then the RIAA suckers buy-into it, and the manufacturers buy-into it, and enormous sums of money will be invested in pushing this technology onto consumers. And we know, this will ultimately fail. Not because we hackers are proud of ourselves, not because we are commie-idealists and believe that we should be able to copy the music and that the RIAA companies shouldn't be able to control stuff and get so stinkin rich exploiting the creative spirits of our species. But because it is a fundamental fact of information theory that it just can't work. I think that most of us will derive pleasure in watching the RIAA buy into SDMI, invest in pushing the products, and watch it flop in the marketplace - and likely try again, expensively, with something else, until they give up.

    Unfortunately, they wont give up. Because eventually, they're going to find a technology that, while it can be broken, it will either be prohibitively expensive (equipment, time) or risky (jail) to do so. So much so that such a small minority of people will copy, that it will not impact their profits adversely. The music distribution system will eventually reach this equilibrium point. It's an arms-race, as many have pointed out. But someday, the music just wont be worth the risk or effort. I know this, because I have copied a buttload of MP3's, but I haven't taken the time or effort to burn CDs, or buy a separate MP3 player for my car. And this is under a system where there currently is NO copy protection enforcement at all. I'm still buying CDs. A large proportion of people out there aren't anymore, I guess, but as soon as you get SDMI (or something else) out there, and start busting people for trading in unprotected copies, and copyright violations, the majority of these people will stop copying and start buying, and an equilibrium point will be reached. Two things affect this ratio of copiers-to-non-copiers, advancement of copy-protection technologies and legal enforcements, and advancements in hacking technologies. Both are going to happen. But I think what's going to work in the RIAA's favor, ultimately, is the laws they have bought. Circumvention technologies will have to compensate for that, but ultimately, it's going to probably come down to preserving the right to be anonymous on the internet (lest the FBI track you down and bust your Metallica-copying asses). If we lose that right, it's back to burning CD's and sneakernetting them with your friends. The mass-distribution element Napster brought into the game will go back out, and this is why anonymity is such an important thing for RIAA (and other "authorities") to eliminate. It will dramatically reduce the network-effects of the black-market.

    So, while we concentrate on the hacking and circumvention technologies, the RIAA is using the law as a club to eliminate freedoms. My conclusion is that maybe we ought to spend some time paying a visit to the EFF website.
  • by Danse ( 1026 ) on Tuesday October 03, 2000 @07:54AM (#736479)

    From what you say, we're doing the right thing by letting them go ahead and implement SDMI. It's almost certainly not uncrackable. It will provide some protection for those who want it. It will probably be just enough of an annoyance that Joe Average will just go for a subscription music service or somesuch rather than try to make an alternative work.

    NPR did a show this morning on the RIAA/Napster debate. I think that one of the best lines that came out of it was that there needs to be a public discussion about how far we really want copyright laws to go, and whether or not they've already gone too far. I think they have, and I've been saying that for a long time. I believe that if they would fix the copyright laws so that the public once again sees some return for their support of "limited" monopolies on information, then many of these problems that the entertainment and other industries are seeing would be greatly reduced. But, of course, they'll fight tooth-and-nail to prevent the public from getting copyright law changed to their perceived detriment. But, if they want a war, it looks like they'll get it.

  • > Of course they want hackers to get deep inside and penetrate their carefully constructed code.

    Which is really funny, 'cause when someone does crack it two days after it hits the marketplace, this is really going to make it hard for the industry to cry "IP violation" like they did with DeCSS and CluelessCat.

    --
  • > I'm sure there will be programs out for copying watermarked records within half a year of the implementation

    Probably even before it hits the marketplace. There have been many examples of this with "copyproof" software in the past: bootlegs available before you can even buy a legit copy.

    --
  • I'm glad to see that the Salon staff is submitting articles directly. Hopefully they will then appear in a timely manner, as well as having accurate descriptions of the content, unlike other submissions seen from time to time.

    BTW, I've enjoyed a variety of your articles since I started reading Salon sometime last year.

    -----
    D. Fischer
  • I'm a male and I acknowledge women are better than men. Not only do they not have the much impairing 'competitive real-man' nature of most alpha males (It is alpha male that exudes uber-testosterone, no?), but they are also more rational, and dynamic.

    Regards
  • by heikkile ( 111814 ) on Tuesday October 03, 2000 @02:44AM (#736484)
    they take the example of the U.S. Government, and ask a respectable university to do a proper audit on the scheme? This way they could be absolutely certain that the code is unbreakable, and has no ill side effects...
  • by Ian Wolf ( 171633 ) on Tuesday October 03, 2000 @02:48AM (#736485) Homepage
    Many in the open source community and the hacking community in general b*tch and moan whenever a company releases something with weak/poor encryption. When a company takes the advice of those that scream loudest, they are suddenly boycotted because there product doesn't meet the "ethos" of the hacking community.
    It's nice to see that standing up for your beliefs and convictions is now a flaw.
    I may not agree with what the company is doing, and I may secretly hope that the watermark is cracked after it has been accepted BUT I have to respect the company for trying to test their security in the open. It is a step that more companies need to make.
    This isn't about security. This is about an industry wanting to take away the last remains of our rights as consumers and they want to do this with our help. Don't believe the rhetoric, as soon as SDMI is cracked another, tougher to crack scheme will be invented and implemented. Why would we want to help them.
    The "Boycott" makes the Open Source community look like a whining 2 year old throwing a temper tantrum. "Waaaaa, your not doing things my way, Waaaaa, I'm not going to help you now, Waaaaa, you don't really love me,Waaaaa, I'll show YOU!"
    You have got to be kidding me! Heaven forbid we as individuals and as a community should stand up for what we believe in and refuse to aid those that champion a cause diametricly opposed to our own. To even think that this is a clear cut case of security is naive and foolish.
    Please stop posting stuff like "They are just using our free programing services and ripping us off". If the open source movement is to be successful FOR PROFIT companies have to make it work. This means that people contribute to to a progect, be it testing as is the case here, or actually coding. They also don't usually get paid for those contributions.
    THIS IS NOT ABOUT THE OPEN SOURCE MOVEMENT!!! This has nothing at all do to with open source software. In fact, in NO way does this contest benefit the Open Source Movement. This whole afair reminds me of a Coup. A powerful General influences his army to overthrow the cruel Dictator, just so he can take his place as the country's Dictator. In the end, the people have a Who lyric stuck in their head, "Meet the new boss, same as the old boss". If the Open Source community hacks SDMI before it is released, then RIAA will commission a new scheme tha's even harder to crack, and then we're in worse shape then before. Now I ask, Why the hell do we want to help them?
    If you make the water mark stronger, then it shows that our community is full of good coders. If you boycott the FINAL product, and stick to using MP3's or whatever format YOU prefer then in the end market forces will drive the watermarked music people out of business. The idea is to stop the product from being a success because the idea of watermarked music is flawed. NOT that watermarked music can't be made secure.
    OK, so by your logic, we should help to create a stronger watermark that infringes on our rights as consumers and aids a cause we believe is wrong just to show how good we are at cracking encryption schemes. That doesn't show the world that we're good coders, it shows them that we're good code-breakers, something many in the world associate with criminal behavior. Because, that's what I want the Open Source community to be known for. Yeah, I want to be a mercenary code breaker for Corporate America.
    Furthermore, your assertion that if we boycott the final product we will prevail in the end is flawed. This is even more naive than your previous statements. If you don't believe me just take a look at how well informed the masses are about DeCSS and the MPAA's efforts to infringe basic rights such as "Fair Use" and the Freedom of Speech. No, I'm afraid a boycott of the final product will never work.
    The idea of watermarked music is flawed, can't be made secure, and also infringes on our rights as consumers. Now why would I want to prove that to the Recording Industry so they can find a method that isn't flawed, is secure, and still infringes on my rights as a consumer.
  • it can be done in beos too,

    Remarkable easily since BeOS allows drivers to use standard open() write() and close() operations

    I am not too much of a linux hacker, I know its possible there too. What's the easiest way?

    rm -f /dev/audio
    ln -s /dev/audio pir8.raw

    (Its not a good way and probably not a very reliable way but it will probably work to an extent)
  • They only gave about a month to hack it for the $10,000

    I guess their logic is, its just like they're hiring you... $10K is your monthly wage. That ain't bad.

    Of course, it may seem strange that just getting a (very) temporary job would be treated like winning the lottery or something, but I bet it's actually the future of tech hiring practices!

  • I've got a good friend who's in the audio business. He works for one of the big organisations that will have to run with whatever is finalised on. He's also what you'd call a real enthusiast.

    What he's most concerned about is that on a good audio system setup (like one that would be able to take advantage of the extra frequency response of SACD and DVD-A) is that you can notice the watermarks! Yes, the frequency response is outside the range of the human ear, but remember those debates about CD vs LP...

    ... well, he says he can pick the difference between watermarked and non-watermarked music because it plays with those outer frequencies.

    Now, I personally don't mind THAT much if the companies develop a way of stopping Napster/MP3 etc. I buy most of my music anyway, to encode at higher bit rates. But these companies will really screw consumers if they release watermarked material... because the paying consumers will be getting inferior music in the record companies eternal fight against pirates.

  • by gotan ( 60103 ) on Tuesday October 03, 2000 @03:03AM (#736489) Homepage
    Now the main theme of the technology industries is, that the hackers should help them to prove the evil record industry that watermarking doesn't work, so they (the good ones) may avoid sinking millios of dollars in a scheme that won't work anyway. The only part i can agree to is the part about the boneheaded record industry. My advice to the technology industry: if you don't want to sink millions then simply don't. Period. Create your own forum, not headed by the record industry, come up with some sensible alternative, implement it, market it, and let the record industry try to sell records without players to play them on.

    And yes, the watermarks will be broken, all of them. And you know this anyway. So why bet money it won't? And i still prefer it to be broken after it was thrown on the market, so everyone participating in this silly scheme loses as much money as possible. It can't hurt enough. I mean, basically what the record industry is trying is to screw over consumers every which way they can, and to screw the artists too while they're at it. If they're boneheaded enough to go on with it, ignoring the advice they specifically asked and payed for, they should pay.

    I'm sure there will be programs out for copying watermarked records within half a year of the implementation, and players for playing music stripped of watermarks or for copying music with watermarks intact will be found on the shelves probably earlier (maybe you'll have to open the player and connect two pins or somesuch, thereby voiding the guarantee, but hey, that's even better ).

    So if the technology industry wants those watermarks to be hacked they should do it themselves. they've got the experts for it, they know all the weaknesses, so they surely have a headstart. They could do this pretty fast. They could even ask real money for it.
  • You bet it will work and be a widely industry standard... Just like digital audio tapes and Sony Mini Disks. How many of these high priced copy protection burdoned formats do you have at your house? I have none. I do wish the industry would press some inexpensive 12 inch laser disks. That is the problem with new (encrypted DVD) formats, there is less of the good stuff.
  • If the watermarks are different for each copy (not likely in the case of a CD, but maybe for online distribution, which could be marked at time of download with the purchaser's information), all you would need is two copies of the music.

    Think of the music as a carrier signal, and the watermark as the actual signal you want to isolate. With two seperate copies, you can do a differencing process on the files, leaving behind the watermark, which can then be further analysed.

    I support the EFF [eff.org] - do you?
  • if we accept that SDMI, like any other encryption system, can be broken, then why boycott the hack-SDMI at all? even IF someone breaks SDMI for the contest and encryption is tightened, people will just break it again. and again. and again. We know this. we accept this as a fact. THEY are under the delusion that the ultimate watermarking system is still attainable.

    ha ha.

    there is NO WAY encryption will remain inpenetrable and the watermark remain unremovable, regardless of whether it is broken now or later. the point is, there will eventually be a crack for anything they throw at us, and the crack will be done way cheaper and quicker than all the time, money and effort the SDMI coalition will throw at it.

    i think that whether it is cracked now or later is immaterial, just let them release stuff or not, i dont' care. Let them do their little encryption thing so i can get my DVD audio player sooner rather than later, and wait about 1/2 an hour after it is released for some hax0r to break whatever watermark they have dreamed up that week.

  • Is it true that SDMI is pronounced "sued me"?

    --
  • I have a crack for SDMI, but it's just slightly too large to fit into the margin here.

    --
  • But does anyone have a choice?

    If the RIAA et. al. can get the DCMA passed, why not a law requring all disk players to include SDMI circuitry?

    have a day,

    -l

    have a day,

    -l

  • Lossy compression schemes such as Ogg Vorbis and MP3 work by removing sound that humans cannot perceive from the sound sample to improve the compression ratio.

    Watermarking, on the other hand, adds sound information that human listeners supposedly will not be able to notice, but which machines will be able to detect. (And be able to perform this detection on any recording without being able to compare the watermarked stream against the original.)

    These goals are in conflict. The only way that watermarks can be sure that compression technologies (including future ones) won't remove an inaudible watermark (on the basis that it won't be missed by the listener) is to design a process that uses an audible watermark. Thus, some people (hi-fi buffs, sound engineers, etc.) will be able to hear the difference between a watermarked and unwatermarked recording.

    And, of course, most people will think they can hear the difference, and be unwilling to buy SDMI music.

  • adding a certain hash to parts of the music that we can't hear

    Which are exactly the parts thrown away by compression. Just watermarking won't work; it needs to be a access-control scheme a la CSS - otherwise, why would anyone buy a SDMI player, or sell one?
  • you don't have to know how it works to 'hack' it. all you have to do is get acess to a couple copies of the same song and cut verry small pieces off of it a small random intervals and put the pieces together. the music wil still play good but the watermark will be all messes up. also the more copys that you mix your digital music out of the better.
  • I`d like to see them `require` Linux (and other open source) drivers to respect arbitrary, foreign, protection systems.

    I think their plan is, you will no longer (legally) be able to buy a soundcard that doesn't have this built into the hardware. And tampering with a soundcard to disable the protection will be illegal to.

    Of course the existing base of soundblasters and such is not going to go away anytime soon, so I don't we have to worry about this just yet.

  • rm -f /dev/audio
    ln -s /dev/audio pir8.raw

    I wonder how many people are going to have to learn about MAKEDEV now...

  • by HopeOS ( 74340 ) on Tuesday October 03, 2000 @04:44AM (#736501)
    A guy hands you a pair of handcuffs, and says "See if you can get out of these." You twist them and break free with a smug grin.

    The next day he returns with new pair, and you play the game again.

    One day, you find you can't get out of them. And he walks away, leaving you bound and defeated.


    Since we're all unfortunately going to have play this game, I propose a new strategy. Fein defeat at every turn. After he has expanded fortunes producing similar handcuffs for everyone else, divulge the weakness. If he persists in this game, bankrupt him.


    Additionally, if the RIAA and MPAA cannot find technological measures to protect their interests, I believe that they will increasingly rely on congress. It would be a grave mistake to assume that we have better access to our congressmen than they do.

    However, while the industry's resources may be vast, they are not infinite. Senators *can* be expensive, and prices do fluctuate. Hypothetically, they have to buy off a majority. After rounds three and four, after vendors are expending their own R&D budgets to comply with laws and customers/constituents are wailing, these congressmen will be considerably more expensive. Let's make certain that the cuffs are still quite loose at this point, or it will be close game.

    -Hope
  • Is this what you're talking about?
    http://www.minidisco.com/minispecs/maudioco3.htm l

    grabbed the link through google =P wheee
  • Amusing how the tech companies oppose SDMI because they think it won't work, not because they think it will screw consumers.

    What was left unsaid, but that I read into it was:

    ....And the entertainment companies are in favor of SDMI not because they think it will work, but because they think it will screw consumers.
  • The idea that a company, using a law only valid in America, will try and force any hardware manufacturers outside of America to implement something against their will is just laughable.

    Those companies want to produce their own soundcards with said mechanisms are welcome to do so, and i`m sure they`ll be able to sell them cheaply and get hassle from the monopolies commision etc if they do. I dont see any other way. They can un-invent other formats, its just not going to happen.
  • Where I'm confused here, is how _EXACTLY_ SDMI works with regards to small labels & bands... Is there a licensing fee? Will labels need to purchase a "Watermark ID" or some such nonsense for a price that big labels can easily afford? Will hardware/software companies need to license the technology, bringing music to the bussiness-savvy proprietary DVD distro model that can hide behind the DMCA? If the SDMI can strongarm enough tech companies into requiring a watermark, they'll manage to shut up pesky small labels that have found ways to work outside their distribution channels.
  • I wonder how many people are going to have to learn about MAKEDEV now.

    Ah. Perhaps I should have put a warning there. I guess this makes my post indirectly educational:)
  • Seriously, why is it necessary to make sure that SDMI is hacker proof. With the DMCA all RIAA needs is a trivial (alla rot-13) encryption scheme and any software that circumvents it would be illegal in the US.

    The DMCA makes my job easier. I no longer need to worry about strong security because any attempts at bypassing my lax security is illegal. Also, any illegal information that I encrypt with a 2 character password zip file would be inadmissible in court. Isn't the DMCA wonderful!?!

  • by TrentC ( 11023 ) on Tuesday October 03, 2000 @05:02AM (#736508) Homepage
    ... the tech companies want "the hackers" to take a stand and make a point that they're too spineless to make themselves?

    "The record companies wanted the test to see how effective the technologies are -- but the record companies didn't understand fully that all the technologies are going to be broken," explains one member. "They just wanted the most secure system, and wanted to see which ones were going to be broken. But the technology companies knew that all of them would be broken."
    [...]
    [Emphasis mine]Those SDMI members who had been secretly hoping that hackers would breeze through the challenge and prove once and for all that SDMI was wasting its time were dismayed. If the system wasn't tested and broken, SDMI would forge ahead and release a solution that many considered fallible.

    This point angers me more than I can articulate.

    If you think the watermarking system is fallible, break it and claim the $10,000 yourselves. To expect "the hacking community" to ride in and save your asses -- or your assets, for that matter -- is arrogance at best and cowardice at its worst.

    Jay (=
  • The following is quoted verbatim from their click-through agreement [hacksdmi.org] (emphasis added):

    What is being tested? There are two different types of technologies that are available for testing:

    (1) four different watermark technologies that are designed to detect compression and
    (2) two additional technologies that are designed to ensure that under certain circumstances
    individual tracks of an album are not admitted into an SDMI domain without the presence of the original CD.

    The fact that non-compressed music will be degraded with the watermark hardly renders my message moot. That's the entire point!

    - John
  • 1) These watermarks are going to be put on ordinary CDs that will be played on ordinary CD players. That means that everyone who rips a SDMI degraded CD is going to get the same watermark on their MP3, give or take a few bit errors. Or do you think they're going to individually watermark every CD? That isn't how CDs are made; they are made by stamping thousands of copies from a glass master.

    2) SDMI devices and CDs with SDMI watermarks are intended to be sold over-the-counter, meaning you can pay cash for them, how do you propose that they can "track the mp3 back to its source"?

    3) Their own website [hacksdmi.org] says that their watermarks are designed to detect compression. Read it yourself!

    What's going on here is very simple. The RIAA is focused on one goal.

    Kill Napster by killing MP3s.

    SDMI was constructed with one goal in mind.

    Kill Napster by killing MP3s.

    They simply have tunnel vision. They don't see the bigger picture, and the inevitable consequences of their course of action. Napster can't destroy the recording labels. Only the RIAA can do that. They are!
  • > [the /. crowd used to say] "How stupid these guys are," [but now says that the SDMI guys] are the enemy,"
    > [ ... ]
    > somehow I get the feeling that making your customers think of you as the enemy
    > is probably not the best business strategy.

    Elementary game theory - "tit for tat". Treat us like the enemy for 20 years, sooner or later we're gonna wise up.

    When it comes to copy-protection, it goes all the way back to the days of cassette tape (royalties on blank tape), the VCR (the Sony case), and DAT (killed the format by forcing hardware manufacturers to implement SCMS).

    We've always been their enemy.

    It's only been in the past six months that we've collectively woken up from 20-odd years of abuse and realized that they are our enemy.

    Segue to the Katz article on virtual communities. The realization that RIAA/MPAA are not just invisible trade organizations, but are actively attacking us - indeed, that there is an "us" for them to attack - is all the evidence I need to know that there are communities. We are bound together by common ideas and goals, not accidents of geography, but it doesn't make us any less a community than our enemies, namely RIAA and the MPAA.

    Filk: 2600 miles and runnin'
    (Parody: NWA/Dr. Dre's "100 Miles and Runnin'")

    [ ... ]
    And we got ten thousand hackaz strong,
    Got everybody singin' the De-CSS song,
    And while you treatin' Goldstein like dirt,
    Yo' whole fuckin' family wears De-CSS shirts.

  • by Private Essayist ( 230922 ) on Tuesday October 03, 2000 @03:39AM (#736523)
    I think what others have said is correct, this may have been a plant to entice us to hack SDMI after all. In any case, I agree with those who want to hold back until after SDMI is finalized, and then hack it when it is too late for the record companies to back off.

    As for this quote:

    "Then came the call to boycott the hack-SDMI challenge. Those SDMI members who had been secretly hoping that hackers would breeze through the challenge and prove once and for all that SDMI was wasting its time were dismayed. If the system wasn't tested and broken, SDMI would forge ahead and release a solution that many considered fallible."

    Yes, that's precisely the idea. We want a solution released that is fallible, and that way it will be immediately broken.

    There is another reason why SDMI should be given free reign to do whatever they want without hacker interference: Let's see which companies decide to produce SDMI-compliant devices. Since they know such devices are basically breakable, and hostile to consumers, this will tell us which companies are willing to stand up for their principles and which ones aren't. After all, membership in SDMI is voluntary. Let's see which companies volunteer to stand up for the consumer, even in the face of economic pressure from the entertainment companies.

    Then we'll know which equipment to buy, and which to avoid.

    And then we hack SDMI...
    ________________

  • by Andrew Leonard ( 4372 ) on Tuesday October 03, 2000 @03:41AM (#736524) Homepage
    Oh please. Over the weekend, Slashdot linked to a Red herring reprint of a major story we did on Gnutella, and I was a little peeved that we didn't get a direct link. So i asked Rob Malda how we could avoid this, and he said there was nothing wrong with submitting stories directly. So I did.

    Next time I'll be sure to mention all my connections with the piece, but anyone who knows my writing well enough to call me "a perfectly fine journalist" ought to know that I wouldn't "whore" anything to slashdot that I didn't think was fully appropriate to Slashdot readers.
  • I must admit, you make some excellent points.
    Standing up for your beliefs is not a flaw. The problem is the dictomy of the situation. Here we have a company doing what many people in this community say should be done. That is TEST your security in an open environment. The thing that they are testing is a way for RIAA to distribute music that is NOT readily copied, which many people hate. You have to give them a nod for part A, even though you vehemently disagree with part B You can't say you stand for one thing, and then go back on it when somone you don't happen to agree with uses whatever you stand for. Many people are for freedom of speech, as long as the person speaking doesn't disagree with them. It seems some of the boycotters are in that boat.
    I see your point, and in some respects agree, but the problem I see is that a company that has done nothing to earn the respect or trust of the open source community thinks they can bribe us into doing their dirty work.
    I must admit that I like your analogy about free speech and am reminded of a case where a jewish attorney defended a neo-nazi group under that same right. However, that attorney should not be lambasted and criticized if he chooses not to represent that client. We have to make a choice as to what we feel is the greater harm/good, and be prepared to stand by that choice or recognize it for the mistake it may or may not prove to be.
    Do you think that for ONE second, boycott or no boycott that SDMI is going to stop trying to develop this. Come on get real! SDMI is only going to change their tune when their product looses in the market place.
    Using your logic and a quote from, (as soon as SDMI is cracked another, tougher to crack scheme will be invented and implemented,) it doesn't really matter if the code is cracked or not now does it. So what's the point, boycott or no boycott? As I said, I hate the idea of the "watermark", but I'm not calling for a boycott on testing the security. I AM calling for a boycott of the final product because that is the ONLY way "we" will win.

    I think the real question is, "What will RIAA's response be if the watermark scheme is broken before or after it is released on the public?"
    This is an answer that none of us can even begin to guess. However, I think the big unknown factor in obtaining this answer lies in the fate of the DeCSS trial. I'd hate to help create an unbreakable scheme now that it was legal to do so.
    Imagine this headline "Hacker cracks SDMI watermark" followed closely by "Open Source Community provides super secure watermark" The open source water mark is used to encrypt voice communications. The licsence doesn't allow the encryption of music.
    Now we have a VALID (IMHO) use for the technology! Now no one gets that voice message that starts "your mission should you choose to accept it" except for you.

    I like your thinking here, and admit that the thought had never crossed my mind.
    I'm thinking way past what SDMI is trying to do. The idea of a water mark isn't going to go away, no matter how much you whine. So lets find ways to put it to GOOD use, and also lets develop that in the open. If you break SDMI's code you set them back for a short while, but a short while may be all people need to develop an alternative thats acceptable to all.
    Again, I like your thinking here, I'm just not certain if it is realistic or not. I suppose if the scheme was cracked and an open alternative was developed before RIAA could commision a better scheme, it could happen as you suggest. However, RIAA is not known for its logical and level headed thinking. If an open alternative was developed, would it be adopted by them? I doubt that they would adopt an open solution. For one, their paranoia about the code being readily available to pirates would prevent them from using it. What's worse is they would probably use that code to develop their own closed source alternative, but do so in a way to avoid patent and/or license restrictions.
    These are just some ideas, they are not my vision of the future. People in general have to be able to look past their own ranting and see whats down the road. If you really want to change something you have to be realistic. Boycotting SDMI on your own is your business. I'd boycott the final product, I'd also stop buying books from amazon.com if they tried to sell music in that format.
    I think I'd rather boycott SDMI, break it after its release, and boycott products that use it.
    You mean you're not already boycotting Amazon :)
    The whole idea of a watermark preventing copying is LAUGHABLE. How easy is it to simply use a program that grabs the audio from your sound card raw, you then write it to any format you see fit, (MP3, WAV, etc) Because something is silly and flawed doesn't mean that companies won't do it. (nee look at the ever popular beenie with a proppelor, still a hot seller!)
    I agree completely, but you didn't have to insult my hat. :)
    You bring up some good point, but in the end watermarks won't go away. The current rants are akin to standing in front of a train holding your hand out telling it to stop as it speeds down the track at 62 MPH (100kph). I prefer to dig up the tracks, and de-rail the sucker. The way to do that is to make sure that SDMI watermarked music fails in the marketplace. The only way to do that is for concerned consumers to band together and NOT buy in droves.
    We're not standing on the tracks, we're just saying be careful where you derail this thing. You may end up causing more harm than good.
    Unfortunately, most consumers are more concerned with keeping up with the Jones's and getting the latest, shiniest new toy than they are about their rights as a consumer until after they're locked in.
  • Amen!

    The only problem for some of them is, that some of their competitors (Sony) are also represented in RIAA. It's hard, when you're Onkyo to thumb your nose at RIAA when you have to compete with a competitor who is also a member of RIAA.

  • by Otto ( 17870 ) on Tuesday October 03, 2000 @03:53AM (#736531) Homepage Journal
    It's amazing to me how the record companies, RIAA, and so on have managed to change their image in the minds of at least the "hacker" crowd. Looking at this forum in the past, I'd see an attitude of "How stupid these guys are," when something like this occured. Instead, now I see an attitude of "These guys are the enemy," which is fine in itself, but it goes to show how the record companies actions are having the effect of turning its own customers against itself.

    Now, I've never taken a business class or anything, but somehow I get the feeling that making your customers think of you as the enemy is probably not the best business strategy. :)

    Rather amusing, anyway...
    ---
  • by Troed ( 102527 ) on Tuesday October 03, 2000 @01:37AM (#736538) Homepage Journal
    Watermarking in the sense of adding a certain hash to parts of the music that we can't hear anyway (or rather, most people can't hear). Recompressing the song will then mean that you can't play it back on equipment that needs that hash - solution, add the hash at a later stage.

    Watermarking in the sense of adding a digital signal that identifies the source is also broken in the same way - garble the signal. However, true watermarking isn't that easy to remove! If you garble the signal too much, you will get music that most people actually can hear has been tampered with. I myself don't listen to mp3 or minidisc at home since I don't like the degradation (yes, both my ears and my speakers notice it ;).

    For those interested in the subject, look up Steganography (cryptographic branch dealing with hiding information as "noise" in pictures, music etc).

    Watermarking is steganography, and steganography works ...

  • How does such a watermark "break" MP3 files?

    Simple. You look for a damaged watermark. A perfect watermark means that there has been no compression, a damaged watermark means that the data stream has been tampered with; probably compressed.

    As near as I can figure, the only way SDMI will 'break' MP3 is if every MP3 player both software and hardware is able to decode the watermark.

    That's exactly their goal. They want to require all "phase 2" SDMI compliant devices to look for and refuse to play any MP3s with damaged watermarks.

    Of course, this won't have any effect on open source MP3 players. The effect will be felt in the marketplace, with Rio-type devices. The idea is that all new portable MP3 players will include this detection technology. They are doing the same thing as the MPAA with CSS. Creating an encrypted "standard", and licensing the decryption algorithm as a way to force the hardware manufacturers to include watermark detection software. Without the decryption algorithm, your MP3 player won't be able to handle SDMI content.

    You may be right about Macrovision. However, let me point out that Macrovision works well for two reasons. First off, it is unintrusive when used typically -- if you connect your VCR to your TV, and just play tapes, you'll never notice it. In other words, most people use their VCR to tape off the air and play rented movies. Macrovision does not interfere with either of these activities, which comprise 99% of videotaping activity.

    SDMI is a different story. If you have a portable MP3 player, you need to generate MP3s to play on it. You can generate them either by ripping your own CDs, downloading them from the web, or paying for SDMI encrypted music files. SDMI, if successful, will make the first two impossible. You won't be able to rip your own music files, and you won't be able to use downloaded files. SDMI will be extremely intrusive. You'll be forced to pay for music you already own. This will not be popular.

    Which is why I think that consumer response to SDMI will be different from consumer response to Macrovision.

    Back in the early 1990s, when I was looking to purchase a pair of DAT recorders so that I could trade Grateful Dead tapes, the absolutely most important thing that you needed to make sure of was that whatever combination of equipment you bought did not enforce SCMS. If you had SCMS, you couldn't use the equipment. A lot of people spent extra hundreds of dollars on "Professional" equipment because SCMS rendered the hardware useless.

    My experience with SCMS leads me to believe that SDMI will be similarly rejected by the marketplace. Not only does it offer no consumer advantages, but it's intrusive as well.
  • Won't work.

    I mean, how could such a thinly deployed layer of integrated sound be constant through analog conversions and back again? Very unlikely.

    Even if by some miracle they manage to create a watermarking system that is fully transparent and encrypted somehow, and manages to retain itself when converted to analogue and tampered with, there will always be programmers who can get around it. Steve Woston springs to mind, and I'm sure there are many others.

  • How does such a watermark "break" MP3 files?
    Simple. You look for a damaged watermark.


    Groan. I got this wrong.

    What I meant to say is that the SDMI compliant player looks for MP3s with remnants of a watermark.

    You can still rip your own CDs, but you would have to use special SDMI software that creates a SDMI encrypted file that is tied to your computer (possibly through some hash of your hardware configuration, serial number, etc.)

    Now when you use the special SDMI software to download your SDMI encrypted song to your player, the software verifies that the song was ripped on your computer. This means that you can't put a SDMI encrypted song on Napster, because if someone tries to download the file and load it into their player, the downloading software will recognize that the file was ripped on a different computer, and won't work.

    The basic idea is for the hardware to reject MP3s that have traces of watermarks, meaning that they were ripped outside of the "control" of SDMI software. Old MP3s made from CD rips will continue to work because they won't have the watermarks on them.

  • by Ian Wolf ( 171633 ) on Tuesday October 03, 2000 @01:43AM (#736544) Homepage
    "I'm completely amazed at the idiocy of the open-source movement in opposing ["Hack SDMI"]. If I were a hacker or an open-source person and I didn't like what SDMI is trying to do, I would think that I would want to break the technology -- to make sure that it doesn't work, and to make sure that it doesn't get implemented." After all, if watermarks fail, there is nothing else for SDMI to fall back on: "Not breaking it is the worst thing they can do. If they break SDMI, there will be nothing to implement."
    What a way to get support, insults.
    Are we supposed to buy this load of crap? If SDMI is cracked before the Recording Industry has implemented it, then they will just find a new method that will be even harder to crack. Yeah that sounds like a good idea. Let's stop working on legitimate OSS projects and help the Recording Industry come up with a better consumer trap.
  • Many in the open source community and the hacking community in general b*tch and moan whenever a company releases something with weak/poor encryption. When a company takes the advice of those that scream loudest, they are suddenly boycotted because there product doesn't meet the "ethos" of the hacking community.

    I may not agree with what the company is doing, and I may secretly hope that the watermark is cracked after it has been accepted BUT I have to respect the company for trying to test their security in the open. It is a step that more companies need to make.

    The "Boycott" makes the Open Source community look like a whining 2 year old throwing a temper tantrum. "Waaaaa, your not doing things my way, Waaaaa, I'm not going to help you now, Waaaaa, you don't really love me,Waaaaa, I'll show YOU!"

    Please stop posting stuff like "They are just using our free programing services and ripping us off". If the open source movement is to be successful FOR PROFIT companies have to make it work. This means that people contribute to to a progect, be it testing as is the case here, or actually coding. They also don't usually get paid for those contributions.

    If you make the water mark stronger, then it shows that our community is full of good coders. If you boycott the FINAL product, and stick to using MP3's or whatever format YOU prefer then in the end market forces will drive the watermarked music people out of business. The idea is to stop the product from being a success because the idea of watermarked music is flawed. NOT that watermarked music can't be made secure.

  • Comment removed based on user account deletion
  • Yes, watermarking could work, but it won't. People will continue to use mp3 or vorbis or something else. The technology behind SDMI is all fine and good, but who's goona use it?
  • by PhilHibbs ( 4537 ) <snarks@gmail.com> on Tuesday October 03, 2000 @01:52AM (#736575) Journal
    Recompressing the song will then mean that you can't play it back on equipment that needs that hash
    No, the watermark is a "do not record this" signal that home audio equipment (probably including sound cards) will be required to respect. The watermark will be designed to survive recompression, so that your Ogg Vorbis file is still not recordable by an SDMI-compliant Sony Minidisk recorder, because the watermark is still there. AIUI, SDMI players will play and record music with no watermark, because it has to be usable for home recording, which won't be watermarked unless the kit has "add watermark" functionality.
  • by Phil Eschio ( 210602 ) on Tuesday October 03, 2000 @01:54AM (#736577)
    Clearly the industry and Hack SDMI trying to whore the hacking community through this project. Of course they want hackers to get deep inside and penetrate their carefully constructed code. The hope is that this repeated and constant probing will somehow allow the code to increase its endurance and better survive the pounding it will take when released on a consumer market.

    Not that hacking shouldnt occur: of course we want our best hackers to be up and ready to vigorously slam whatever is cranked out by the industry. But for Christ's sakes, this kinda stuff shouldn't be done in the public where everyone can watch and learn the techniques. No doubt the industry is gonna wanna observe any public acts related to its code, and it will learn from them and come with new a fury as an tested watermark or new standard is extracted. Why be premature and rush into it now? The trick is to wait until the RIAA comes out to the public with a virgin watermarking scheme, foisting off its purity. Only then should hackers be ready to rush in and tear it apart, thus protecting consumers from whatever digital terrorism the RIAA chooses to practice.


    "The most fortunate of persons is he who has the most means to satisfy his vagaries."
  • You know.. it's a *really* simple concept.

    You don't like a business, or their practices? You vote with your MONEY, or *anything else* you can.

    I don't like the recording industryk, I don't like the *idea* of sdmi, so why on earth would I assist them in doing anything?

    The only thing a business understands is lack of business.

    Besides, you know, all this commercial bickering is making so many of us lose sight of what technology means to us. Us geeks have *always* built our own society, culture, whatever based on our access and knowledge of technology. It's only with the internet that the media has become involved. Why make a choice at all? Just because they say I should? Feh.

    I'll just ignore them, thank you very much.
  • I`d like to see them `require` Linux (and other open source) drivers to respect arbitrary, foreign, protection systems.
    I wouldn't! That would be awful! Or, do you mean, they couldn't? Can you buy a video recorder that doesn't have macrovision circuitry? They managed to enforce that one. Sure, there are ways around it, I've got a macrovision stripper box that sitd between my DVD and VCR, but 99% of the population don't even know what macrovision is, all they know is that their taped DVDs look awful. The FAA, FDA, RIA, or whatever the're called could prevent Red Hat et. al. from shipping drivers that bypass SDMI, and could prevent foreign distros from being legitimitely sold in the US. Europe, Japan, Australia etc. will all fall in line, we're all required to impliment DMCA-like (anti-circumvention) legislature by international convention.
  • Even if they get some people to switch, its simple to just write a program the captures output from the sound api, and records it into a wave file for later recompression.

    Under new versions of Windows that implement the Windows Media Digital Rights Management Secure Audio Path, SDMI-compliant applications will play music on SDMI-compliant (no cleartext digital output to untrusted destinations such as a file or waveIn) drivers and silence on drivers that have not been signed by Microsoft to play SDMI audio.

    Although, in Metallica's case, silence sounds better than most of their music.


    <O
    ( \
    XPlay Tetris On Drugs [8m.com]!
  • Ok point taken that watermarks can be used in this way, but SDMI is designed to be applied to completed works immediately prior to public release, not to audit the production of works.
  • by beth_linker ( 210498 ) on Tuesday October 03, 2000 @01:55AM (#736592)
    Breaking SDMI after products are on the shelves would definitely be much more interesting than breaking it now. Still, SDMI seems doomed whether it's hacked or not because it offers nothing for the consumer.

    Like the article says, it's going to be pretty hard to sell SDMI-compliant CD players. A consumer who knows what SDMI is has no incentive to buy one, unless manufacturers slash prices on them but that's unlikely given the cost of developing the new devices. I wonder if we'll start seeing CDs with SDMI-only tracks (i.e. you get the whole album normally, but there are two extra bonus tracks that only play on an SDMI device). Either that or SDMI support won't be mentioned on packaging, so that someone who goes to buy a new Discman will discover that it supports SDMI when it refuses to play the CD he burned on his computer. That would be a customer relations nightmare.

    Anyway, given that SDMI will pretty much repulse most of the early-adopter types who are key to the success of new hardware (like portable MP3 players), the odds of it getting off the ground are low.
  • I dunno, the article's "tech experts" sounds a little too prefabricated to me. It seems to me that people that say things like:

    I'm completely amazed at the idiocy of the open-source movement in opposing ["Hack SDMI"]. If I were a hacker or an open-source person and I didn't like what SDMI is trying to do, I would think that I would want to break the technology(...)

    Aren't trying to rally support for the hacking attempt - they're throwing fuel on a pile of wood to start a bonfire! I can't help remembering that these people are working for the SDMI, if they didn't agree with it they should have left a long time ago, heck, if they're good enough to code a watermarking algorithm they're good enough to code for any other high paying company.

    I usually trust Salon so I'm not complaining about the article but this smells too much like a stunt to attract attention.

    I say let the script kiddies hack it! I also say, let them wake up with a horse's head next to them the very next day.
  • by OlympicSponsor ( 236309 ) on Tuesday October 03, 2000 @01:58AM (#736596)
    "Watermarking is steganography, and steganography works..."

    Simple steg works on the level of obscurity: "I've put some secret values in some of the bits of this jpeg but I'm not going to tell you which bits." This is easy to defeat, especially if ALL jpegs have the same watermark (or watermarking system). Just find those bits or better yet, modify ALL the bits.

    More complex steg would involve calculating some value based on a key and stegging from there (presumably in a way that would require destroying the "wrapper" data to destroy the steg). Then the recipient needs the decoder. Great system---except that we'll all have decoders. Every SDMIMan (like WalkMan) will have one built in. Just reverse engineer this device and boom, you have decoded your music.

    And since each song only needs to be decoded once for freedom to reign....we'll, you get the picture.
    --
  • by robin ( 1321 ) on Tuesday October 03, 2000 @02:02AM (#736598) Homepage

    Of course watermarking will not work. As Bruce Schneier says in Secrets and Lies:

    Great idea, but it just won't work.

    The problem is that in order for [the copyright owner] to be able to take a copy of [the artwork] and find the embedded watermark, it has to be findable. And if [the copyright owner] can find it, a pirate can find it too. Companies that market this stuff try to tell you that their watermarking schemes can't be removed for this or that technobabble reason.
    It just isn't true. As with a subliminal channel, it is virtually impossible to find a good watermark unless you know exactly where to look. But unlike a subliminal channel, the detection mechanism will eventually be made public. Either it will leak into the hacking community like everything else does, or it will be made public the first time a court case turns on watermarking evidence. The mechanisms for watermarking will eventually become public, and when they do, they can be reverse engineered and removed from the [digital content].

    --

"The one charm of marriage is that it makes a life of deception a neccessity." - Oscar Wilde

Working...