Hack-SDMI Boycott Explored 164
Andrew Leonard writes: "Tech companies want hackers to break SDMI watermarks because they know watermarking will never work and are desperate for a different solution. In Salon, Janelle Brown shows how the hack-SDMI boycott is revealing a major rift between the tech and entertainment companies that make up the SDMI coalition." Amusing how the tech companies oppose SDMI because they think it won't work, not because they think it will screw consumers. And several anonymous sources interviewed for the article seem to have gotten it wrong: everyone thinks it will be broken, it's just that most of them think the opportune time for that would be about 2 days after the music companies have irrevocably committed to their new method of making it difficult for people to listen to music rather than 2 days before.
Re:Am I missing something? (Score:1)
Re:Of course watermarking will work (Score:3)
Re:SDMI could make MP3 obsolete (Score:2)
If 256 KBits/Sec is your standard, then your standard is 5:1 compression. My standard is lossless, or 2:1 compression. You can argue one way or the other about whether the difference is noticable, but I'll point out that the difference between a 5:1 download and a 2:1 download is mostly that of convenience. Both are equally feasible, and as network speed rises and disk space prices fall every year, the difference between the two will become negligable.
Your point about sound quality is correct. For most people, there's simply no reason to download 2 1/2 times as much data, because they can't tell the difference. However
SDMI creates a brand new reason to do so that never existed before and has nothing to do with sound quality. The new reason to download 2 1/2 times as much data is because that's what will be required in order to encode the music so you can play it on your portable SDMI player, and that's a powerful incentive.
The record companies stand, poised to replace "Perfect Music Forever" with "Music, purposely degraded -- made imperfect, and technologically restricted so it isn't necessarily Forever", at the exact moment that network distribution of their former, better product, "Perfect Music Forever" -- unwatermarked files with lossless compression -- is becoming possible. This is a disasterous strategy for the music industry.
5:1 verses 2:1 illustrates why the SDMI watermarking strategy will fail. It's too little too late. It's based on the assumption that downloading a lossless digital audio file is not feasible, which is not true. It's just unnecessary -- yet. The RIAA thinks that SDMI will destroy downloadable music technology, when all it will really do is force the abandonment of lossy compression.
The legacy of this failed attempt at market control will be deliberately introduced audio distortion on future CDs. This raises a new question. What will happen when someone figures out how to remove the watermarks completely, leaving the work undistorted? How will the recording industry compete against something that sounds, or is perceived to sound better than their store-bought product, and can be downloaded for free? They are not considering the results of their strategy. They do not understand the technology. Even worse for them, they no longer understand that the quality of their product is their product. In this sense, they have completely lost their way.
- John
MP3 isn't lossless (Score:1)
--
Q: How does a Unix guru have sex?
A: unzip;strip;touch;finger;mount;fsck;more;yes;umou
Re:Of course watermarking will work (Score:2)
--
Take a look at the agreement (Score:3)
Compensation of $10,000 will be divided among the persons who submit a successful unique attack on any individual technology during the duration of the SDMI Public Challenge. In exchange for such compensation, all information you submit, and any intellectual property in such information (including source code and other executables) will become the property of the SDMI Foundation and/or the proponent of that technology. In order to receive compensation, you will be required to enter into a separate agreement, by which you will assign your rights in such intellectual property. The agreement will provide that (1) you will not be permitted to disclose any information about the details of the attack to any other party, (2) you represent and warrant that the idea for the attack is yours alone and that the attack was not devised by someone else, and (3) you authorize us to disclose that you submitted a successful challenge. If you are a minor, it will be necessary for you and your parent or guardian to sign this document, and any compensation will be paid to your parent or guardian.
This article has it backwards. The hacker community should not participate in this contest, as it will prove to be a loss for the community as a whole. After all, if the details cannot be disclosed, they must be planning to still implement it. (If they were planning to make a new system if they defeated it, why would they want the details of breaking it hidden from public view?!)
What should happen? As mentioned before in the last time slashdot discussed it, it should be attacked, but not for the contest, and not for the money. $10,000 is a worthless sum when it would have cost them tens of millions to try to break it on their own.
Re:Why I'm in the "hack later" crowd. (Score:1)
perhaps the cue:?!@#%cat (whatever the hell its called) engineers were on to something. it's obviously gonna be reverse engineered, so why waste months and thousands of dollars making some fiendishly clever death device, only to be twarted by some nob with a pocket knife, a piece of string and some naval lint? fsck it - just xor/base64 it and let the lawyers take care of the rest.
I hope this isn't so late that nobody will see it (Score:1)
diddl.firehead.org/censor/hacksdm i.o rg [firehead.org]
Yes, now YOU TOO can go get the files to be hacked, without giving them your IP address or agreeing to their stupid (and worthless) agreement!
Have a nice day.
mods: read the subject
-----
KEEP up the boycott (Score:1)
The problem is the music industry needs a different business model, give up guys, go with advertising or corporate sponsorship or something that allows the music to be distributed freely without depriving the artist of what they deserve.
The free distribution of digital media is here to stay, nothing is gonna change that.
Re:On the subject of hacking SDMI (Score:1)
Well, you don't understand understand watermarking correctly. The watermarking schemes used by SDMI are all spread-spectrum techniques in which the watermark is detected by correlation of the signal with the (known) watermark vector. The watermark, then, goes into every frequency, including audible ones. The idea is to make the changes in the amplitudes of the frequencies small enough you can't hear them but large enough so that, even if the signal were altered as you suggest, a correlation detector would still see the watermark.
But that's not to say that breaking watermarking schemes isn't pretty straightforward. If you can discover the key that was used to embed the watermark, then you can either (a) remove it, or (b) fake your own.
Even if you don't know the key, I claim that if the watermark is robust against frequency-domain quantization (which it needs to be for MP3) then you can still determine it by a so-called "hill-climbing" technique. As far as I can tell, there is no mathematical way around that conundrum.
I don't understand the SDMI scheme very well. Either it won't let you play songs with watermarks, or it won't let you play songs without watermarks. Either way, it's not too tough to break.
I tried to suggest my own scheme to SDMI, in which the music would be reversibly degraded and distributed for free, like shareware. It took care of many of those thorny issues about fair use, etc., but apparently it didn't leave enough control in the hands of the record companies, because they didn't go for it.
Didn't matter all that much, anyway, because my scheme could still be broken by capturing the decoded input, just like the existing one can.
Where's Xerox in all this? (Score:2)
Not too long ago, Scientific American [sciam.com] ran a couple of items like this one [sciam.com] citing Xerox, and specifically Mark Stefik on digital rights enforcement. So where's Xerox and their tech in all this?
At the Xerox [xerox.com] site I found some references to XRML or DPRL (Digital Property Rights Language) and ContentGuard [contentguard.com]
More XRML at Oasis-Open [oasis-open.org] like this item [oasis-open.org] by Robin Cover.
But I don't see anything off-hand on doing the MP3 kind of thing. That would involve an extension to autonomous devices. Could be done if the devices had decent hard-to-tamper clocks.
There are other people in the same business such as NetActive [netactive.com]
It's still not free, of course. But I'm not yet convinced that copyright is dead. I'm willing to pay for rights, but I need the real rights that I used to get, not some constrained version like SDMI.
--
Henry Troup
Re:Of course watermarking will work (Score:2)
Re:Am I missing something? (Score:2)
...phil
SDMI and The Real World (tm) (Score:1)
When / if SDMI is ever deployed people are going to have access to all aspects of the technology. Being able to examine the watermaking and checking binaries, and being able to examine the same stream pre- and post- watermarking, will make the task considerably easier.
Even if it were deployed and not cracked, it's hard to see how it will gain any market share. Traditional formats take a long time to die. Most new music exists on both tape and CD, some is still on vinyl, and there will be a large market for these formats for a long time to come. Music companies use whatever formats offer a viable market. How many of these companies (and artists) will want to go all digital and lose revenue stream from traditional formats? Until then compression schemes that home users can apply are going to be where it's at...
Reasoning (Score:1)
Fear of not having access to content ?
Those might all be valid reasons. However, if this idea is so fsck'ed as it's presented in the article then why the hell don't they stick together and tell the contents providers where to shove it ?
Save for Sony I don't know of a content monopolist currently being bundled with a tech company.
Re:Of course watermarking will work (Score:1)
This could be construed as a a breach of that if the hardware insists that a public domain track isn't public domain.
the power of marketing (Score:1)
SDMI: the new technology that can encode digital music data beyond the range of human hearing! Today's CD players can't match that and MP3's are a vague shadow. For quality you can't beat, use SDMI!
--
Re:waiting game (Score:2)
Manufacturers are the people who tried to establish DIVX as the market standard by selling the players for $50-$100 more than regular DVD units. AFAIKT, they haven't gotten any more clueful since then.
/.
Re:Of course watermarking will work (Score:1)
Re:Of course watermarking will work (Score:1)
I`d like to see them `require` Linux (and other open source) drivers to respect arbitrary, foreign, protection systems.
Re:Of course watermarking will work (Score:2)
Re:Can't have it both ways (Score:1)
When people scream bloddy murder about poor security, it's usually because they've payed money for the product that failed, and the failure results in the loss of much more money. Open security is good security, and that benefits the companies producing the products and the people buying the them.
SDMI is nothing like this, because it benefits none of us, not even the artists, only the record execs. Helping SDMI is like buying into a ponzi scheme.
And besides, you do realize that this scheme is dependant upon closed, secret, and unhackable hardware? It's broken from the start, so why waste effort trying to make it work?
--
SDMI could make MP3 obsolete (Score:5)
The main purpose of SDMI watermarks is to detect if a watermarked song has been compressed. The idea is that this will "break Napster." Breaking MP3s is completely the wrong approach! What the industry is forgetting is that lossy compression is just one way to transmit music. There are lossless compression schemes that achieve approximately 2:1 instead of 10:1 compression on music files. They're five times bigger, but disk space is dirt cheap now and network speeds are increasing. Quite frankly, lossless internet music distribution isn't something in the far distance, it's coming and it's coming fast.
What the industry doesn't realize is that they have one last chance to save themselves -- they need to market MP3s as a preview format, and CDs as a high quality format that you buy in a store that sounds better than MP3. Right now, they still have an opportunity to survive. If someone downloads an MP3, then decides that they like the song, they have a very good incentive to go out and purchase the CD, for a very practical reason that has nothing to do with morals or ethics or artists getting paid -- they still have an actual trump card. A CD sounds better!
Here's why SDMI is a two-pronged suicide weapon for the RIAA:
1) Even if the watermark is inaudible, people will think that they hear it. They will be dissatisfied, and will want unwatermarked music. Where will they get unwatermarked versions of their favorite albums? Not from the record store. They will have to either find a used, pre-SDMI CD, or copy it from their friend, or Napster, and they will feel zero guilt about doing so, because after all, they can't buy the uncorrupted version of the CD in the store anymore.
2) If SDMI succeeds, and it becomes impossible to play a song once it has been compressed to MP3, then people will be forced to stop using MP3. What will replace MP3? There are already lossless codecs -- the "shorten" format among them -- that achieve 2:1 compression (as opposed to 10:1 for MP3.) Napster and the like could quickly be retrofitted to use lossless compression instead of lossy compression.
If this happens, then the record industry will have destroyed the only consumer benefit in their pre-recorded CDs. So long as an MP3 sounds worse than a CD, consumers feel justified in "upgrading" their MP3s by buying the CDs. If people feel that the store-purchased CD is going to sound the same or worse than a download, then why should they buy it?
Or how about if the store-bought CD of "Dark Side Of The Moon" has audible distortion due to the watermarking, but you can easily download a lossless copy from Napster that was made from a pre-SDMI CD.
What will you do if you want the "best" sounding version of an album? There are collectors who pay top dollar for 1950s vinyl because they think it sounds better than CDs. Pre-SDMI CDs will join those ranks, but Pre-SDMI CDs will be infinitely reproducable.
In short, SDMI is suicide for the record labels. It's going to force changes in Napster and consumer behavior that actually destroy their own business model. Permanently.
We need something SDMI-Like (Score:3)
working on legitimate OSS projects and help the Recording Industry come up with a better consumer trap.
I've said this before and gotten flamed into oblivion for it, but I think it needs to be said again:
Something like SDMI might not be all that bad.
We in the Open Source Community have been busy with things ranging from effective (encouraging subscription models, bulding a new codec, refining street-performer-like schemes, etc) to things, um, less-effective (yelling "information wants to be free!" and defending the tactics of Napster).
What I wonder about is why we haven't sat down and thought about how we could create something that would actually allow those who so desire to have some control over the destiny of their content.
I'm not talking about Iron Clad control, which I'm sure most of the current heirarchy in the recording industry wants. Nothing "uncrackable". We don't have a foolproof copy-protection system now, and we're doing fine. What I'm thinking is copy protection that is:
1) just strong enough to encourage Joe Average off the street to buy rather than make copies
2) allows fair use afterwards
#1, of course, has to be done in conjunction with a pricing structure and preview system that will support it. #1 is just an extra push to encourage the consumer to support an artist.
So, why not? And please don't say "but the artists won't see any of their money. The evil record companies will take it all." For those who go through record companies, that's probably true. But there will be some who won't....
Consider who's complaining... (Score:1)
They're spending their hard(ly) earned money developing SDMI watermarks they know will be broken when commerically released. If this turns out to be true, they will lose much much more in the cost of producing compliant products and paying for the "license" to implement it. So if the solution chosen is extremely easy to circumvent, they lose money much quicker than if a relatively difficult to break solution is chosen.
Bottom line, they don't care whether it's dropped or not - they just don't want to spend/lose too much because of it. Whether it's dropped or extremely robust, they come out as winners. If the latter, the RIAA wins too. But in only the former would consumers benefit. Make no mistake, they're looking for you to save them money, that's all.
Could be sneaky (Score:1)
On the subject of hacking SDMI (Score:3)
Re:Hmmm (Score:2)
--
Wrong Dept. (Score:1)
That should be from the we-want-to-post-something-bashing-SDMI-but-nothin
--
Re:Hmmm (Score:1)
Metallica - of course (Score:1)
Their music sounds like watermarks anyway.
Maybe removing the data, leaving silence would be an improvement.
In fact, why not incorporate watermarks into all music from now on?
Why I'm in the "hack later" crowd. (Score:4)
That, by the way, is why the hardware groups oppose it. They know it is going to die because it won't work. They want it proven before they spend incredible amounts of time and money engineering and producing a dead product.
Now, if I were to crack it before they are committed, they have a chance to put another solution in place. I really doubt that if someone produced the magic bullet that kills watermarking that the RIAA will say, "Okay. We're not going to protect our music." They'll just come up with something else.
By hacking later, it also buys time. And it also destroys the RIAA's reputation so when they're working on a "second solution", their sphere of influence will be diminished. And in the mean time, you'll get access to all the watermarked songs they've released.
Hack now? No thank you. But I do feel badly for the engineers who are being forced to create a lemon.
Re:Could be sneakier (Score:1)
Watch that decimal point move to the right.
Re:waiting game (Score:2)
Yeah, but Divx offered $2.00 movie rentals, and you (technically) didn't have to return the movie when you were done. However, Divx didn't really offer any of the benefits of DVD (multiple aspect ratios, etc). Dibx was a brand-new high tech product marketed towards the "couch potatoe" masses. SDMI seems to be heading down the same path. Even if you have a halfway decent CD player you have NO reason to invest in a new player, especially if the new player only gives you the abilty to play SDMI music.
Re:Am I missing something? (Score:2)
All the serious hi-fi nutters I know reckon that CD quality isn't good enough, and that transitor amplifiers are insufficiently linear. It's got to be vinyl and valves!
SDMI on MD is already broken (Score:2)
You can't copy that Mini Disc to another minidisc digitally (you can anaolog thouhgh duh.)
However there is a box they sell in japan which claims to remove the copy management. Your supposed to run the output through a fiber into the box and it removes the protection system. They say it also removes track marks, labels etc.
You can't prevent copying. period. You can only hope that people act a little responsibly.
they're just trying to make it harder to prevent piracy from becoming too rampant.
Re:Hehehe. (Score:1)
Re:Of course watermarking will work (Score:2)
I have this mental image of a bunch of RIAA executives being flown to a nice resort hotel, gathering in the conference room, listening to a full-blown multimedia presentation on their new Copy Resistant Audio Protection[tm] system, watching the techs wheel in the prototype and start it up... and hearing something that makes Thomas Edison's wax-cylinder phonograph sound like top-of-the-line Bang & Olufsen.
/.
Re:Am I missing something? (Score:3)
And..you only need to go digital->analog->digital once. Once you get it back into digital form (mp3 or vorbis, etc), you can then make as many perfect digital copies of the very slightly degraded (not detectable by 95% of the population.. if done properly) sound image as you like...and can send it to as many people as you like (technically, if not legally).
Re:Why I'm in the "hack later" crowd. (Score:2)
If they don't have the balls to do that, they deserve to waste millions implementing useless copy protection hardware.
Re:Of course watermarking will work (Score:1)
Re:SDMI is a flawed idea, to say the least.... (Score:1)
Re:Metallica - of course (Score:3)
The general anti-RIAA response to the Napster case seems to be, "Don't hold the company responsible for the users' actions."
But when Metallica did just that (going after the music pirates, not Napster), the response seems to have been, "Don't hold the users responsible, that's bad form."
Although Metallica could have gone about things more sensibly that might have reduced piracy and not antagonized fans (of course, true fans buy music, not steal it), I think their actions were reasonable and justified.
-----
D. Fischer
Re:Can't have it both ways (Score:2)
This is why SDMI will fail, and their "hacker challenge" is merely a cynical attempt at hyping the technology; selling it to people who don't understand these basic facts. There apparently are engineers out there - the guys who invented SDMI, and they have to SELL this technology to the RIAA, and in order to do that, they have to prove that it's secure. The real dopes here are the RIAA.
So if some hacker goes and wins the prize, you know that SDMI will not ever make it to the marketplace. Nipped in the bud. Either some new technology will come along and take it's place, and similarly fail, because the whole concept is an impossibility, OR, the RIAA will finally learn this lesson. However, greed will probably continue to be a powerful motivator, and maybe they'll figure out that "good enough" copy protection will still work to increase their profits. While they cannot 100% lock down the signal, and prevent unauthorized copying, they can make it hard enough to do, (and risky enough, by lobbying for stupidities like the DMCA), that a maximal profit curve can be obtained.
Now, if nobody comes forward, and hacks SMDI, then the RIAA suckers buy-into it, and the manufacturers buy-into it, and enormous sums of money will be invested in pushing this technology onto consumers. And we know, this will ultimately fail. Not because we hackers are proud of ourselves, not because we are commie-idealists and believe that we should be able to copy the music and that the RIAA companies shouldn't be able to control stuff and get so stinkin rich exploiting the creative spirits of our species. But because it is a fundamental fact of information theory that it just can't work. I think that most of us will derive pleasure in watching the RIAA buy into SDMI, invest in pushing the products, and watch it flop in the marketplace - and likely try again, expensively, with something else, until they give up.
Unfortunately, they wont give up. Because eventually, they're going to find a technology that, while it can be broken, it will either be prohibitively expensive (equipment, time) or risky (jail) to do so. So much so that such a small minority of people will copy, that it will not impact their profits adversely. The music distribution system will eventually reach this equilibrium point. It's an arms-race, as many have pointed out. But someday, the music just wont be worth the risk or effort. I know this, because I have copied a buttload of MP3's, but I haven't taken the time or effort to burn CDs, or buy a separate MP3 player for my car. And this is under a system where there currently is NO copy protection enforcement at all. I'm still buying CDs. A large proportion of people out there aren't anymore, I guess, but as soon as you get SDMI (or something else) out there, and start busting people for trading in unprotected copies, and copyright violations, the majority of these people will stop copying and start buying, and an equilibrium point will be reached. Two things affect this ratio of copiers-to-non-copiers, advancement of copy-protection technologies and legal enforcements, and advancements in hacking technologies. Both are going to happen. But I think what's going to work in the RIAA's favor, ultimately, is the laws they have bought. Circumvention technologies will have to compensate for that, but ultimately, it's going to probably come down to preserving the right to be anonymous on the internet (lest the FBI track you down and bust your Metallica-copying asses). If we lose that right, it's back to burning CD's and sneakernetting them with your friends. The mass-distribution element Napster brought into the game will go back out, and this is why anonymity is such an important thing for RIAA (and other "authorities") to eliminate. It will dramatically reduce the network-effects of the black-market.
So, while we concentrate on the hacking and circumvention technologies, the RIAA is using the law as a club to eliminate freedoms. My conclusion is that maybe we ought to spend some time paying a visit to the EFF website.
Maybe I missed something... (Score:3)
From what you say, we're doing the right thing by letting them go ahead and implement SDMI. It's almost certainly not uncrackable. It will provide some protection for those who want it. It will probably be just enough of an annoyance that Joe Average will just go for a subscription music service or somesuch rather than try to make an alternative work.
NPR did a show this morning on the RIAA/Napster debate. I think that one of the best lines that came out of it was that there needs to be a public discussion about how far we really want copyright laws to go, and whether or not they've already gone too far. I think they have, and I've been saying that for a long time. I believe that if they would fix the copyright laws so that the public once again sees some return for their support of "limited" monopolies on information, then many of these problems that the entertainment and other industries are seeing would be greatly reduced. But, of course, they'll fight tooth-and-nail to prevent the public from getting copyright law changed to their perceived detriment. But, if they want a war, it looks like they'll get it.
Re:Whatsa point of it now? (Score:2)
Which is really funny, 'cause when someone does crack it two days after it hits the marketplace, this is really going to make it hard for the industry to cry "IP violation" like they did with DeCSS and CluelessCat.
--
Re:Ohh, the poor tech companies (Score:2)
Probably even before it hits the marketplace. There have been many examples of this with "copyproof" software in the past: bootlegs available before you can even buy a legit copy.
--
Re:"Andrew Leonard" (Score:1)
BTW, I've enjoyed a variety of your articles since I started reading Salon sometime last year.
-----
D. Fischer
Re:Make 'protection schemes' crumble. . . (Score:1)
Regards
Why don't (Score:4)
Re:Can't have it both ways (Score:5)
It's nice to see that standing up for your beliefs and convictions is now a flaw.
I may not agree with what the company is doing, and I may secretly hope that the watermark is cracked after it has been accepted BUT I have to respect the company for trying to test their security in the open. It is a step that more companies need to make.
This isn't about security. This is about an industry wanting to take away the last remains of our rights as consumers and they want to do this with our help. Don't believe the rhetoric, as soon as SDMI is cracked another, tougher to crack scheme will be invented and implemented. Why would we want to help them.
The "Boycott" makes the Open Source community look like a whining 2 year old throwing a temper tantrum. "Waaaaa, your not doing things my way, Waaaaa, I'm not going to help you now, Waaaaa, you don't really love me,Waaaaa, I'll show YOU!"
You have got to be kidding me! Heaven forbid we as individuals and as a community should stand up for what we believe in and refuse to aid those that champion a cause diametricly opposed to our own. To even think that this is a clear cut case of security is naive and foolish.
Please stop posting stuff like "They are just using our free programing services and ripping us off". If the open source movement is to be successful FOR PROFIT companies have to make it work. This means that people contribute to to a progect, be it testing as is the case here, or actually coding. They also don't usually get paid for those contributions.
THIS IS NOT ABOUT THE OPEN SOURCE MOVEMENT!!! This has nothing at all do to with open source software. In fact, in NO way does this contest benefit the Open Source Movement. This whole afair reminds me of a Coup. A powerful General influences his army to overthrow the cruel Dictator, just so he can take his place as the country's Dictator. In the end, the people have a Who lyric stuck in their head, "Meet the new boss, same as the old boss". If the Open Source community hacks SDMI before it is released, then RIAA will commission a new scheme tha's even harder to crack, and then we're in worse shape then before. Now I ask, Why the hell do we want to help them?
If you make the water mark stronger, then it shows that our community is full of good coders. If you boycott the FINAL product, and stick to using MP3's or whatever format YOU prefer then in the end market forces will drive the watermarked music people out of business. The idea is to stop the product from being a success because the idea of watermarked music is flawed. NOT that watermarked music can't be made secure.
OK, so by your logic, we should help to create a stronger watermark that infringes on our rights as consumers and aids a cause we believe is wrong just to show how good we are at cracking encryption schemes. That doesn't show the world that we're good coders, it shows them that we're good code-breakers, something many in the world associate with criminal behavior. Because, that's what I want the Open Source community to be known for. Yeah, I want to be a mercenary code breaker for Corporate America.
Furthermore, your assertion that if we boycott the final product we will prevail in the end is flawed. This is even more naive than your previous statements. If you don't believe me just take a look at how well informed the masses are about DeCSS and the MPAA's efforts to infringe basic rights such as "Fair Use" and the Freedom of Speech. No, I'm afraid a boycott of the final product will never work.
The idea of watermarked music is flawed, can't be made secure, and also infringes on our rights as consumers. Now why would I want to prove that to the Recording Industry so they can find a method that isn't flawed, is secure, and still infringes on my rights as a consumer.
Re:Of course watermarking will work (Score:1)
Remarkable easily since BeOS allows drivers to use standard open() write() and close() operations
I am not too much of a linux hacker, I know its possible there too. What's the easiest way?
rm -f
ln -s
(Its not a good way and probably not a very reliable way but it will probably work to an extent)
Re:Could be sneaky (Score:1)
I guess their logic is, its just like they're hiring you... $10K is your monthly wage. That ain't bad.
Of course, it may seem strange that just getting a (very) temporary job would be treated like winning the lottery or something, but I bet it's actually the future of tech hiring practices!
Audio Quality (Score:1)
What he's most concerned about is that on a good audio system setup (like one that would be able to take advantage of the extra frequency response of SACD and DVD-A) is that you can notice the watermarks! Yes, the frequency response is outside the range of the human ear, but remember those debates about CD vs LP...
... well, he says he can pick the difference between watermarked and non-watermarked music because it plays with those outer frequencies.
Now, I personally don't mind THAT much if the companies develop a way of stopping Napster/MP3 etc. I buy most of my music anyway, to encode at higher bit rates. But these companies will really screw consumers if they release watermarked material... because the paying consumers will be getting inferior music in the record companies eternal fight against pirates.
Ohh, the poor tech companies (Score:3)
And yes, the watermarks will be broken, all of them. And you know this anyway. So why bet money it won't? And i still prefer it to be broken after it was thrown on the market, so everyone participating in this silly scheme loses as much money as possible. It can't hurt enough. I mean, basically what the record industry is trying is to screw over consumers every which way they can, and to screw the artists too while they're at it. If they're boneheaded enough to go on with it, ignoring the advice they specifically asked and payed for, they should pay.
I'm sure there will be programs out for copying watermarked records within half a year of the implementation, and players for playing music stripped of watermarks or for copying music with watermarks intact will be found on the shelves probably earlier (maybe you'll have to open the player and connect two pins or somesuch, thereby voiding the guarantee, but hey, that's even better ).
So if the technology industry wants those watermarks to be hacked they should do it themselves. they've got the experts for it, they know all the weaknesses, so they surely have a headstart. They could do this pretty fast. They could even ask real money for it.
Re:Of course watermarking will work (Score:1)
Actually... (Score:2)
Think of the music as a carrier signal, and the watermark as the actual signal you want to isolate. With two seperate copies, you can do a differencing process on the files, leaving behind the watermark, which can then be further analysed.
I support the EFF [eff.org] - do you?
why boycott at all?? (Score:1)
ha ha.
there is NO WAY encryption will remain inpenetrable and the watermark remain unremovable, regardless of whether it is broken now or later. the point is, there will eventually be a crack for anything they throw at us, and the crack will be done way cheaper and quicker than all the time, money and effort the SDMI coalition will throw at it.
i think that whether it is cracked now or later is immaterial, just let them release stuff or not, i dont' care. Let them do their little encryption thing so i can get my DVD audio player sooner rather than later, and wait about 1/2 an hour after it is released for some hax0r to break whatever watermark they have dreamed up that week.
Is it true? (Score:1)
--
Already cracked! (Score:1)
--
Who wants to buy a VCR with copy protection? (Score:1)
But does anyone have a choice?
If the RIAA et. al. can get the DCMA passed, why not a law requring all disk players to include SDMI circuitry?
have a day,
-l
have a day,
-l
Why compression and watermarks don't mix (Score:2)
Lossy compression schemes such as Ogg Vorbis and MP3 work by removing sound that humans cannot perceive from the sound sample to improve the compression ratio.
Watermarking, on the other hand, adds sound information that human listeners supposedly will not be able to notice, but which machines will be able to detect. (And be able to perform this detection on any recording without being able to compare the watermarked stream against the original.)
These goals are in conflict. The only way that watermarks can be sure that compression technologies (including future ones) won't remove an inaudible watermark (on the basis that it won't be missed by the listener) is to design a process that uses an audible watermark. Thus, some people (hi-fi buffs, sound engineers, etc.) will be able to hear the difference between a watermarked and unwatermarked recording.
And, of course, most people will think they can hear the difference, and be unwilling to buy SDMI music.
Re:Of course watermarking will work (Score:1)
Which are exactly the parts thrown away by compression. Just watermarking won't work; it needs to be a access-control scheme a la CSS - otherwise, why would anyone buy a SDMI player, or sell one?
F*** trying to find out how it works (Score:1)
Re:Of course watermarking will work (Score:1)
I think their plan is, you will no longer (legally) be able to buy a soundcard that doesn't have this built into the hardware. And tampering with a soundcard to disable the protection will be illegal to.
Of course the existing base of soundblasters and such is not going to go away anytime soon, so I don't we have to worry about this just yet.
Re:Of course watermarking will work (Score:1)
ln -s
I wonder how many people are going to have to learn about MAKEDEV now...
Logistics for the Casual Fool (Score:4)
The next day he returns with new pair, and you play the game again.
One day, you find you can't get out of them. And he walks away, leaving you bound and defeated.
Since we're all unfortunately going to have play this game, I propose a new strategy. Fein defeat at every turn. After he has expanded fortunes producing similar handcuffs for everyone else, divulge the weakness. If he persists in this game, bankrupt him.
Additionally, if the RIAA and MPAA cannot find technological measures to protect their interests, I believe that they will increasingly rely on congress. It would be a grave mistake to assume that we have better access to our congressmen than they do.
However, while the industry's resources may be vast, they are not infinite. Senators *can* be expensive, and prices do fluctuate. Hypothetically, they have to buy off a majority. After rounds three and four, after vendors are expending their own R&D budgets to comply with laws and customers/constituents are wailing, these congressmen will be considerably more expensive. Let's make certain that the cuffs are still quite loose at this point, or it will be close game.
-Hope
Re:SDMI on MD is already broken (Score:1)
http://www.minidisco.com/minispecs/maudioco3.ht
grabbed the link through google =P wheee
What the author didn't say.... (Score:2)
What was left unsaid, but that I read into it was:
Re:Of course watermarking will work (Score:1)
Those companies want to produce their own soundcards with said mechanisms are welcome to do so, and i`m sure they`ll be able to sell them cheaply and get hassle from the monopolies commision etc if they do. I dont see any other way. They can un-invent other formats, its just not going to happen.
SDMI & Small Labels/Bands (Score:1)
Re:Of course watermarking will work (Score:1)
Ah. Perhaps I should have put a warning there. I guess this makes my post indirectly educational:)
Poor copyright protection is good enough (Score:1)
Seriously, why is it necessary to make sure that SDMI is hacker proof. With the DMCA all RIAA needs is a trivial (alla rot-13) encryption scheme and any software that circumvents it would be illegal in the US.
The DMCA makes my job easier. I no longer need to worry about strong security because any attempts at bypassing my lax security is illegal. Also, any illegal information that I encrypt with a 2 character password zip file would be inadmissible in court. Isn't the DMCA wonderful!?!
Isn't it funny that... (Score:3)
This point angers me more than I can articulate.
If you think the watermarking system is fallible, break it and claim the $10,000 yourselves. To expect "the hacking community" to ride in and save your asses -- or your assets, for that matter -- is arrogance at best and cowardice at its worst.
Jay (=
Re:SDMI could make MP3 obsolete (Score:2)
What is being tested? There are two different types of technologies that are available for testing:
(1) four different watermark technologies that are designed to detect compression and
(2) two additional technologies that are designed to ensure that under certain circumstances
individual tracks of an album are not admitted into an SDMI domain without the presence of the original CD.
The fact that non-compressed music will be degraded with the watermark hardly renders my message moot. That's the entire point!
- John
Re:SDMI could make MP3 obsolete (Score:2)
2) SDMI devices and CDs with SDMI watermarks are intended to be sold over-the-counter, meaning you can pay cash for them, how do you propose that they can "track the mp3 back to its source"?
3) Their own website [hacksdmi.org] says that their watermarks are designed to detect compression. Read it yourself!
What's going on here is very simple. The RIAA is focused on one goal.
Kill Napster by killing MP3s.
SDMI was constructed with one goal in mind.
Kill Napster by killing MP3s.
They simply have tunnel vision. They don't see the bigger picture, and the inevitable consequences of their course of action. Napster can't destroy the recording labels. Only the RIAA can do that. They are!
Re:Amusing... (Score:2)
> [
> somehow I get the feeling that making your customers think of you as the enemy
> is probably not the best business strategy.
Elementary game theory - "tit for tat". Treat us like the enemy for 20 years, sooner or later we're gonna wise up.
When it comes to copy-protection, it goes all the way back to the days of cassette tape (royalties on blank tape), the VCR (the Sony case), and DAT (killed the format by forcing hardware manufacturers to implement SCMS).
We've always been their enemy.
It's only been in the past six months that we've collectively woken up from 20-odd years of abuse and realized that they are our enemy.
Segue to the Katz article on virtual communities. The realization that RIAA/MPAA are not just invisible trade organizations, but are actively attacking us - indeed, that there is an "us" for them to attack - is all the evidence I need to know that there are communities. We are bound together by common ideas and goals, not accidents of geography, but it doesn't make us any less a community than our enemies, namely RIAA and the MPAA.
Filk: 2600 miles and runnin'
(Parody: NWA/Dr. Dre's "100 Miles and Runnin'")
[ ... ]
And we got ten thousand hackaz strong,
Got everybody singin' the De-CSS song,
And while you treatin' Goldstein like dirt,
Yo' whole fuckin' family wears De-CSS shirts.
I disagree (Score:3)
As for this quote:
"Then came the call to boycott the hack-SDMI challenge. Those SDMI members who had been secretly hoping that hackers would breeze through the challenge and prove once and for all that SDMI was wasting its time were dismayed. If the system wasn't tested and broken, SDMI would forge ahead and release a solution that many considered fallible."
Yes, that's precisely the idea. We want a solution released that is fallible, and that way it will be immediately broken.
There is another reason why SDMI should be given free reign to do whatever they want without hacker interference: Let's see which companies decide to produce SDMI-compliant devices. Since they know such devices are basically breakable, and hostile to consumers, this will tell us which companies are willing to stand up for their principles and which ones aren't. After all, membership in SDMI is voluntary. Let's see which companies volunteer to stand up for the consumer, even in the face of economic pressure from the entertainment companies.
Then we'll know which equipment to buy, and which to avoid.
And then we hack SDMI...
________________
Re:"Andrew Leonard" (Score:4)
Next time I'll be sure to mention all my connections with the piece, but anyone who knows my writing well enough to call me "a perfectly fine journalist" ought to know that I wouldn't "whore" anything to slashdot that I didn't think was fully appropriate to Slashdot readers.
Re:Can't have it both ways (Score:2)
Standing up for your beliefs is not a flaw. The problem is the dictomy of the situation. Here we have a company doing what many people in this community say should be done. That is TEST your security in an open environment. The thing that they are testing is a way for RIAA to distribute music that is NOT readily copied, which many people hate. You have to give them a nod for part A, even though you vehemently disagree with part B You can't say you stand for one thing, and then go back on it when somone you don't happen to agree with uses whatever you stand for. Many people are for freedom of speech, as long as the person speaking doesn't disagree with them. It seems some of the boycotters are in that boat.
I see your point, and in some respects agree, but the problem I see is that a company that has done nothing to earn the respect or trust of the open source community thinks they can bribe us into doing their dirty work.
I must admit that I like your analogy about free speech and am reminded of a case where a jewish attorney defended a neo-nazi group under that same right. However, that attorney should not be lambasted and criticized if he chooses not to represent that client. We have to make a choice as to what we feel is the greater harm/good, and be prepared to stand by that choice or recognize it for the mistake it may or may not prove to be.
Do you think that for ONE second, boycott or no boycott that SDMI is going to stop trying to develop this. Come on get real! SDMI is only going to change their tune when their product looses in the market place.
Using your logic and a quote from, (as soon as SDMI is cracked another, tougher to crack scheme will be invented and implemented,) it doesn't really matter if the code is cracked or not now does it. So what's the point, boycott or no boycott? As I said, I hate the idea of the "watermark", but I'm not calling for a boycott on testing the security. I AM calling for a boycott of the final product because that is the ONLY way "we" will win.
I think the real question is, "What will RIAA's response be if the watermark scheme is broken before or after it is released on the public?"
This is an answer that none of us can even begin to guess. However, I think the big unknown factor in obtaining this answer lies in the fate of the DeCSS trial. I'd hate to help create an unbreakable scheme now that it was legal to do so.
Imagine this headline "Hacker cracks SDMI watermark" followed closely by "Open Source Community provides super secure watermark" The open source water mark is used to encrypt voice communications. The licsence doesn't allow the encryption of music.
Now we have a VALID (IMHO) use for the technology! Now no one gets that voice message that starts "your mission should you choose to accept it" except for you.
I like your thinking here, and admit that the thought had never crossed my mind.
I'm thinking way past what SDMI is trying to do. The idea of a water mark isn't going to go away, no matter how much you whine. So lets find ways to put it to GOOD use, and also lets develop that in the open. If you break SDMI's code you set them back for a short while, but a short while may be all people need to develop an alternative thats acceptable to all.
Again, I like your thinking here, I'm just not certain if it is realistic or not. I suppose if the scheme was cracked and an open alternative was developed before RIAA could commision a better scheme, it could happen as you suggest. However, RIAA is not known for its logical and level headed thinking. If an open alternative was developed, would it be adopted by them? I doubt that they would adopt an open solution. For one, their paranoia about the code being readily available to pirates would prevent them from using it. What's worse is they would probably use that code to develop their own closed source alternative, but do so in a way to avoid patent and/or license restrictions.
These are just some ideas, they are not my vision of the future. People in general have to be able to look past their own ranting and see whats down the road. If you really want to change something you have to be realistic. Boycotting SDMI on your own is your business. I'd boycott the final product, I'd also stop buying books from amazon.com if they tried to sell music in that format.
I think I'd rather boycott SDMI, break it after its release, and boycott products that use it.
You mean you're not already boycotting Amazon
The whole idea of a watermark preventing copying is LAUGHABLE. How easy is it to simply use a program that grabs the audio from your sound card raw, you then write it to any format you see fit, (MP3, WAV, etc) Because something is silly and flawed doesn't mean that companies won't do it. (nee look at the ever popular beenie with a proppelor, still a hot seller!)
I agree completely, but you didn't have to insult my hat.
You bring up some good point, but in the end watermarks won't go away. The current rants are akin to standing in front of a train holding your hand out telling it to stop as it speeds down the track at 62 MPH (100kph). I prefer to dig up the tracks, and de-rail the sucker. The way to do that is to make sure that SDMI watermarked music fails in the marketplace. The only way to do that is for concerned consumers to band together and NOT buy in droves.
We're not standing on the tracks, we're just saying be careful where you derail this thing. You may end up causing more harm than good.
Unfortunately, most consumers are more concerned with keeping up with the Jones's and getting the latest, shiniest new toy than they are about their rights as a consumer until after they're locked in.
Re:Hmmm (Score:2)
The only problem for some of them is, that some of their competitors (Sony) are also represented in RIAA. It's hard, when you're Onkyo to thumb your nose at RIAA when you have to compete with a competitor who is also a member of RIAA.
Amusing... (Score:3)
Now, I've never taken a business class or anything, but somehow I get the feeling that making your customers think of you as the enemy is probably not the best business strategy.
Rather amusing, anyway...
---
Of course watermarking will work (Score:4)
Watermarking in the sense of adding a digital signal that identifies the source is also broken in the same way - garble the signal. However, true watermarking isn't that easy to remove! If you garble the signal too much, you will get music that most people actually can hear has been tampered with. I myself don't listen to mp3 or minidisc at home since I don't like the degradation (yes, both my ears and my speakers notice it ;).
For those interested in the subject, look up Steganography (cryptographic branch dealing with hiding information as "noise" in pictures, music etc).
Watermarking is steganography, and steganography works ...
Re:SDMI could make MP3 obsolete (Score:2)
Simple. You look for a damaged watermark. A perfect watermark means that there has been no compression, a damaged watermark means that the data stream has been tampered with; probably compressed.
As near as I can figure, the only way SDMI will 'break' MP3 is if every MP3 player both software and hardware is able to decode the watermark.
That's exactly their goal. They want to require all "phase 2" SDMI compliant devices to look for and refuse to play any MP3s with damaged watermarks.
Of course, this won't have any effect on open source MP3 players. The effect will be felt in the marketplace, with Rio-type devices. The idea is that all new portable MP3 players will include this detection technology. They are doing the same thing as the MPAA with CSS. Creating an encrypted "standard", and licensing the decryption algorithm as a way to force the hardware manufacturers to include watermark detection software. Without the decryption algorithm, your MP3 player won't be able to handle SDMI content.
You may be right about Macrovision. However, let me point out that Macrovision works well for two reasons. First off, it is unintrusive when used typically -- if you connect your VCR to your TV, and just play tapes, you'll never notice it. In other words, most people use their VCR to tape off the air and play rented movies. Macrovision does not interfere with either of these activities, which comprise 99% of videotaping activity.
SDMI is a different story. If you have a portable MP3 player, you need to generate MP3s to play on it. You can generate them either by ripping your own CDs, downloading them from the web, or paying for SDMI encrypted music files. SDMI, if successful, will make the first two impossible. You won't be able to rip your own music files, and you won't be able to use downloaded files. SDMI will be extremely intrusive. You'll be forced to pay for music you already own. This will not be popular.
Which is why I think that consumer response to SDMI will be different from consumer response to Macrovision.
Back in the early 1990s, when I was looking to purchase a pair of DAT recorders so that I could trade Grateful Dead tapes, the absolutely most important thing that you needed to make sure of was that whatever combination of equipment you bought did not enforce SCMS. If you had SCMS, you couldn't use the equipment. A lot of people spent extra hundreds of dollars on "Professional" equipment because SCMS rendered the hardware useless.
My experience with SCMS leads me to believe that SDMI will be similarly rejected by the marketplace. Not only does it offer no consumer advantages, but it's intrusive as well.
Hehehe. (Score:2)
Won't work.
I mean, how could such a thinly deployed layer of integrated sound be constant through analog conversions and back again? Very unlikely.Even if by some miracle they manage to create a watermarking system that is fully transparent and encrypted somehow, and manages to retain itself when converted to analogue and tampered with, there will always be programmers who can get around it. Steve Woston springs to mind, and I'm sure there are many others.
Re:SDMI could make MP3 obsolete (Score:2)
Simple. You look for a damaged watermark.
Groan. I got this wrong.
What I meant to say is that the SDMI compliant player looks for MP3s with remnants of a watermark.
You can still rip your own CDs, but you would have to use special SDMI software that creates a SDMI encrypted file that is tied to your computer (possibly through some hash of your hardware configuration, serial number, etc.)
Now when you use the special SDMI software to download your SDMI encrypted song to your player, the software verifies that the song was ripped on your computer. This means that you can't put a SDMI encrypted song on Napster, because if someone tries to download the file and load it into their player, the downloading software will recognize that the file was ripped on a different computer, and won't work.
The basic idea is for the hardware to reject MP3s that have traces of watermarks, meaning that they were ripped outside of the "control" of SDMI software. Old MP3s made from CD rips will continue to work because they won't have the watermarks on them.
Hmmm (Score:5)
What a way to get support, insults.
Are we supposed to buy this load of crap? If SDMI is cracked before the Recording Industry has implemented it, then they will just find a new method that will be even harder to crack. Yeah that sounds like a good idea. Let's stop working on legitimate OSS projects and help the Recording Industry come up with a better consumer trap.
Can't have it both ways (Score:2)
I may not agree with what the company is doing, and I may secretly hope that the watermark is cracked after it has been accepted BUT I have to respect the company for trying to test their security in the open. It is a step that more companies need to make.
The "Boycott" makes the Open Source community look like a whining 2 year old throwing a temper tantrum. "Waaaaa, your not doing things my way, Waaaaa, I'm not going to help you now, Waaaaa, you don't really love me,Waaaaa, I'll show YOU!"
Please stop posting stuff like "They are just using our free programing services and ripping us off". If the open source movement is to be successful FOR PROFIT companies have to make it work. This means that people contribute to to a progect, be it testing as is the case here, or actually coding. They also don't usually get paid for those contributions.
If you make the water mark stronger, then it shows that our community is full of good coders. If you boycott the FINAL product, and stick to using MP3's or whatever format YOU prefer then in the end market forces will drive the watermarked music people out of business. The idea is to stop the product from being a success because the idea of watermarked music is flawed. NOT that watermarked music can't be made secure.
Re: (Score:2)
Re:Of course watermarking will work (Score:2)
Re:Of course watermarking will work (Score:3)
Whatsa point of it now? (Score:3)
Not that hacking shouldnt occur: of course we want our best hackers to be up and ready to vigorously slam whatever is cranked out by the industry. But for Christ's sakes, this kinda stuff shouldn't be done in the public where everyone can watch and learn the techniques. No doubt the industry is gonna wanna observe any public acts related to its code, and it will learn from them and come with new a fury as an tested watermark or new standard is extracted. Why be premature and rush into it now? The trick is to wait until the RIAA comes out to the public with a virgin watermarking scheme, foisting off its purity. Only then should hackers be ready to rush in and tear it apart, thus protecting consumers from whatever digital terrorism the RIAA chooses to practice.
"The most fortunate of persons is he who has the most means to satisfy his vagaries."
Moral high ground crap. (Score:2)
You don't like a business, or their practices? You vote with your MONEY, or *anything else* you can.
I don't like the recording industryk, I don't like the *idea* of sdmi, so why on earth would I assist them in doing anything?
The only thing a business understands is lack of business.
Besides, you know, all this commercial bickering is making so many of us lose sight of what technology means to us. Us geeks have *always* built our own society, culture, whatever based on our access and knowledge of technology. It's only with the internet that the media has become involved. Why make a choice at all? Just because they say I should? Feh.
I'll just ignore them, thank you very much.
Re:Of course watermarking will work (Score:2)
SDMI-compliant signed drivers (Score:2)
Even if they get some people to switch, its simple to just write a program the captures output from the sound api, and records it into a wave file for later recompression.
Under new versions of Windows that implement the Windows Media Digital Rights Management Secure Audio Path, SDMI-compliant applications will play music on SDMI-compliant (no cleartext digital output to untrusted destinations such as a file or waveIn) drivers and silence on drivers that have not been signed by Microsoft to play SDMI audio.
Although, in Metallica's case, silence sounds better than most of their music.
<O
( \
XPlay Tetris On Drugs [8m.com]!
Re:SDMI could make MP3 obsolete (Score:2)
waiting game (Score:5)
Like the article says, it's going to be pretty hard to sell SDMI-compliant CD players. A consumer who knows what SDMI is has no incentive to buy one, unless manufacturers slash prices on them but that's unlikely given the cost of developing the new devices. I wonder if we'll start seeing CDs with SDMI-only tracks (i.e. you get the whole album normally, but there are two extra bonus tracks that only play on an SDMI device). Either that or SDMI support won't be mentioned on packaging, so that someone who goes to buy a new Discman will discover that it supports SDMI when it refuses to play the CD he burned on his computer. That would be a customer relations nightmare.
Anyway, given that SDMI will pretty much repulse most of the early-adopter types who are key to the success of new hardware (like portable MP3 players), the odds of it getting off the ground are low.
Conspiracy anyone? (Score:2)
I'm completely amazed at the idiocy of the open-source movement in opposing ["Hack SDMI"]. If I were a hacker or an open-source person and I didn't like what SDMI is trying to do, I would think that I would want to break the technology(...)
Aren't trying to rally support for the hacking attempt - they're throwing fuel on a pile of wood to start a bonfire! I can't help remembering that these people are working for the SDMI, if they didn't agree with it they should have left a long time ago, heck, if they're good enough to code a watermarking algorithm they're good enough to code for any other high paying company.
I usually trust Salon so I'm not complaining about the article but this smells too much like a stunt to attract attention.
I say let the script kiddies hack it! I also say, let them wake up with a horse's head next to them the very next day.
Re:Of course watermarking will work (Score:5)
Simple steg works on the level of obscurity: "I've put some secret values in some of the bits of this jpeg but I'm not going to tell you which bits." This is easy to defeat, especially if ALL jpegs have the same watermark (or watermarking system). Just find those bits or better yet, modify ALL the bits.
More complex steg would involve calculating some value based on a key and stegging from there (presumably in a way that would require destroying the "wrapper" data to destroy the steg). Then the recipient needs the decoder. Great system---except that we'll all have decoders. Every SDMIMan (like WalkMan) will have one built in. Just reverse engineer this device and boom, you have decoded your music.
And since each song only needs to be decoded once for freedom to reign....we'll, you get the picture.
--
Re:Of course watermarking will work (Score:5)
Of course watermarking will not work. As Bruce Schneier says in Secrets and Lies:
--