Slashdot Log In
Hack-SDMI Boycott Explored
Posted by
michael
on Tue Oct 03, 2000 06:13 AM
from the spelunking dept.
from the spelunking dept.
Andrew Leonard writes: "Tech companies want hackers to break SDMI watermarks because they know watermarking will never work and are desperate for a different solution. In Salon, Janelle Brown shows how the hack-SDMI boycott is revealing a major rift between the tech and entertainment companies that make up the SDMI coalition." Amusing how the tech companies oppose SDMI because they think it won't work, not because they think it will screw consumers. And several anonymous sources interviewed for the article seem to have gotten it wrong: everyone thinks it will be broken, it's just that most of them think the opportune time for that would be about 2 days after the music companies have irrevocably committed to their new method of making it difficult for people to listen to music rather than 2 days before.
This discussion has been archived.
No new comments can be posted.
Hack-SDMI Boycott Explored
|
Log In/Create an Account
| Top
| 164 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Re:Of course watermarking will work (Score:3)
Take a look at the agreement (Score:3)
Compensation of $10,000 will be divided among the persons who submit a successful unique attack on any individual technology during the duration of the SDMI Public Challenge. In exchange for such compensation, all information you submit, and any intellectual property in such information (including source code and other executables) will become the property of the SDMI Foundation and/or the proponent of that technology. In order to receive compensation, you will be required to enter into a separate agreement, by which you will assign your rights in such intellectual property. The agreement will provide that (1) you will not be permitted to disclose any information about the details of the attack to any other party, (2) you represent and warrant that the idea for the attack is yours alone and that the attack was not devised by someone else, and (3) you authorize us to disclose that you submitted a successful challenge. If you are a minor, it will be necessary for you and your parent or guardian to sign this document, and any compensation will be paid to your parent or guardian.
This article has it backwards. The hacker community should not participate in this contest, as it will prove to be a loss for the community as a whole. After all, if the details cannot be disclosed, they must be planning to still implement it. (If they were planning to make a new system if they defeated it, why would they want the details of breaking it hidden from public view?!)
What should happen? As mentioned before in the last time slashdot discussed it, it should be attacked, but not for the contest, and not for the money. $10,000 is a worthless sum when it would have cost them tens of millions to try to break it on their own.
SDMI could make MP3 obsolete (Score:5)
The main purpose of SDMI watermarks is to detect if a watermarked song has been compressed. The idea is that this will "break Napster." Breaking MP3s is completely the wrong approach! What the industry is forgetting is that lossy compression is just one way to transmit music. There are lossless compression schemes that achieve approximately 2:1 instead of 10:1 compression on music files. They're five times bigger, but disk space is dirt cheap now and network speeds are increasing. Quite frankly, lossless internet music distribution isn't something in the far distance, it's coming and it's coming fast.
What the industry doesn't realize is that they have one last chance to save themselves -- they need to market MP3s as a preview format, and CDs as a high quality format that you buy in a store that sounds better than MP3. Right now, they still have an opportunity to survive. If someone downloads an MP3, then decides that they like the song, they have a very good incentive to go out and purchase the CD, for a very practical reason that has nothing to do with morals or ethics or artists getting paid -- they still have an actual trump card. A CD sounds better!
Here's why SDMI is a two-pronged suicide weapon for the RIAA:
1) Even if the watermark is inaudible, people will think that they hear it. They will be dissatisfied, and will want unwatermarked music. Where will they get unwatermarked versions of their favorite albums? Not from the record store. They will have to either find a used, pre-SDMI CD, or copy it from their friend, or Napster, and they will feel zero guilt about doing so, because after all, they can't buy the uncorrupted version of the CD in the store anymore.
2) If SDMI succeeds, and it becomes impossible to play a song once it has been compressed to MP3, then people will be forced to stop using MP3. What will replace MP3? There are already lossless codecs -- the "shorten" format among them -- that achieve 2:1 compression (as opposed to 10:1 for MP3.) Napster and the like could quickly be retrofitted to use lossless compression instead of lossy compression.
If this happens, then the record industry will have destroyed the only consumer benefit in their pre-recorded CDs. So long as an MP3 sounds worse than a CD, consumers feel justified in "upgrading" their MP3s by buying the CDs. If people feel that the store-purchased CD is going to sound the same or worse than a download, then why should they buy it?
Or how about if the store-bought CD of "Dark Side Of The Moon" has audible distortion due to the watermarking, but you can easily download a lossless copy from Napster that was made from a pre-SDMI CD.
What will you do if you want the "best" sounding version of an album? There are collectors who pay top dollar for 1950s vinyl because they think it sounds better than CDs. Pre-SDMI CDs will join those ranks, but Pre-SDMI CDs will be infinitely reproducable.
In short, SDMI is suicide for the record labels. It's going to force changes in Napster and consumer behavior that actually destroy their own business model. Permanently.
We need something SDMI-Like (Score:3)
working on legitimate OSS projects and help the Recording Industry come up with a better consumer trap.
I've said this before and gotten flamed into oblivion for it, but I think it needs to be said again:
Something like SDMI might not be all that bad.
We in the Open Source Community have been busy with things ranging from effective (encouraging subscription models, bulding a new codec, refining street-performer-like schemes, etc) to things, um, less-effective (yelling "information wants to be free!" and defending the tactics of Napster).
What I wonder about is why we haven't sat down and thought about how we could create something that would actually allow those who so desire to have some control over the destiny of their content.
I'm not talking about Iron Clad control, which I'm sure most of the current heirarchy in the recording industry wants. Nothing "uncrackable". We don't have a foolproof copy-protection system now, and we're doing fine. What I'm thinking is copy protection that is:
1) just strong enough to encourage Joe Average off the street to buy rather than make copies
2) allows fair use afterwards
#1, of course, has to be done in conjunction with a pricing structure and preview system that will support it. #1 is just an extra push to encourage the consumer to support an artist.
So, why not? And please don't say "but the artists won't see any of their money. The evil record companies will take it all." For those who go through record companies, that's probably true. But there will be some who won't....
On the subject of hacking SDMI (Score:3)
Why I'm in the "hack later" crowd. (Score:4)
That, by the way, is why the hardware groups oppose it. They know it is going to die because it won't work. They want it proven before they spend incredible amounts of time and money engineering and producing a dead product.
Now, if I were to crack it before they are committed, they have a chance to put another solution in place. I really doubt that if someone produced the magic bullet that kills watermarking that the RIAA will say, "Okay. We're not going to protect our music." They'll just come up with something else.
By hacking later, it also buys time. And it also destroys the RIAA's reputation so when they're working on a "second solution", their sphere of influence will be diminished. And in the mean time, you'll get access to all the watermarked songs they've released.
Hack now? No thank you. But I do feel badly for the engineers who are being forced to create a lemon.
Re:Am I missing something? (Score:3)
And..you only need to go digital->analog->digital once. Once you get it back into digital form (mp3 or vorbis, etc), you can then make as many perfect digital copies of the very slightly degraded (not detectable by 95% of the population.. if done properly) sound image as you like...and can send it to as many people as you like (technically, if not legally).
Re:Metallica - of course (Score:3)
The general anti-RIAA response to the Napster case seems to be, "Don't hold the company responsible for the users' actions."
But when Metallica did just that (going after the music pirates, not Napster), the response seems to have been, "Don't hold the users responsible, that's bad form."
Although Metallica could have gone about things more sensibly that might have reduced piracy and not antagonized fans (of course, true fans buy music, not steal it), I think their actions were reasonable and justified.
-----
D. Fischer
Maybe I missed something... (Score:3)
From what you say, we're doing the right thing by letting them go ahead and implement SDMI. It's almost certainly not uncrackable. It will provide some protection for those who want it. It will probably be just enough of an annoyance that Joe Average will just go for a subscription music service or somesuch rather than try to make an alternative work.
NPR did a show this morning on the RIAA/Napster debate. I think that one of the best lines that came out of it was that there needs to be a public discussion about how far we really want copyright laws to go, and whether or not they've already gone too far. I think they have, and I've been saying that for a long time. I believe that if they would fix the copyright laws so that the public once again sees some return for their support of "limited" monopolies on information, then many of these problems that the entertainment and other industries are seeing would be greatly reduced. But, of course, they'll fight tooth-and-nail to prevent the public from getting copyright law changed to their perceived detriment. But, if they want a war, it looks like they'll get it.
Why don't (Score:4)
Re:Can't have it both ways (Score:5)
It's nice to see that standing up for your beliefs and convictions is now a flaw.
I may not agree with what the company is doing, and I may secretly hope that the watermark is cracked after it has been accepted BUT I have to respect the company for trying to test their security in the open. It is a step that more companies need to make.
This isn't about security. This is about an industry wanting to take away the last remains of our rights as consumers and they want to do this with our help. Don't believe the rhetoric, as soon as SDMI is cracked another, tougher to crack scheme will be invented and implemented. Why would we want to help them.
The "Boycott" makes the Open Source community look like a whining 2 year old throwing a temper tantrum. "Waaaaa, your not doing things my way, Waaaaa, I'm not going to help you now, Waaaaa, you don't really love me,Waaaaa, I'll show YOU!"
You have got to be kidding me! Heaven forbid we as individuals and as a community should stand up for what we believe in and refuse to aid those that champion a cause diametricly opposed to our own. To even think that this is a clear cut case of security is naive and foolish.
Please stop posting stuff like "They are just using our free programing services and ripping us off". If the open source movement is to be successful FOR PROFIT companies have to make it work. This means that people contribute to to a progect, be it testing as is the case here, or actually coding. They also don't usually get paid for those contributions.
THIS IS NOT ABOUT THE OPEN SOURCE MOVEMENT!!! This has nothing at all do to with open source software. In fact, in NO way does this contest benefit the Open Source Movement. This whole afair reminds me of a Coup. A powerful General influences his army to overthrow the cruel Dictator, just so he can take his place as the country's Dictator. In the end, the people have a Who lyric stuck in their head, "Meet the new boss, same as the old boss". If the Open Source community hacks SDMI before it is released, then RIAA will commission a new scheme tha's even harder to crack, and then we're in worse shape then before. Now I ask, Why the hell do we want to help them?
If you make the water mark stronger, then it shows that our community is full of good coders. If you boycott the FINAL product, and stick to using MP3's or whatever format YOU prefer then in the end market forces will drive the watermarked music people out of business. The idea is to stop the product from being a success because the idea of watermarked music is flawed. NOT that watermarked music can't be made secure.
OK, so by your logic, we should help to create a stronger watermark that infringes on our rights as consumers and aids a cause we believe is wrong just to show how good we are at cracking encryption schemes. That doesn't show the world that we're good coders, it shows them that we're good code-breakers, something many in the world associate with criminal behavior. Because, that's what I want the Open Source community to be known for. Yeah, I want to be a mercenary code breaker for Corporate America.
Furthermore, your assertion that if we boycott the final product we will prevail in the end is flawed. This is even more naive than your previous statements. If you don't believe me just take a look at how well informed the masses are about DeCSS and the MPAA's efforts to infringe basic rights such as "Fair Use" and the Freedom of Speech. No, I'm afraid a boycott of the final product will never work.
The idea of watermarked music is flawed, can't be made secure, and also infringes on our rights as consumers. Now why would I want to prove that to the Recording Industry so they can find a method that isn't flawed, is secure, and still infringes on my rights as a consumer.
Ohh, the poor tech companies (Score:3)
And yes, the watermarks will be broken, all of them. And you know this anyway. So why bet money it won't? And i still prefer it to be broken after it was thrown on the market, so everyone participating in this silly scheme loses as much money as possible. It can't hurt enough. I mean, basically what the record industry is trying is to screw over consumers every which way they can, and to screw the artists too while they're at it. If they're boneheaded enough to go on with it, ignoring the advice they specifically asked and payed for, they should pay.
I'm sure there will be programs out for copying watermarked records within half a year of the implementation, and players for playing music stripped of watermarks or for copying music with watermarks intact will be found on the shelves probably earlier (maybe you'll have to open the player and connect two pins or somesuch, thereby voiding the guarantee, but hey, that's even better ).
So if the technology industry wants those watermarks to be hacked they should do it themselves. they've got the experts for it, they know all the weaknesses, so they surely have a headstart. They could do this pretty fast. They could even ask real money for it.
Logistics for the Casual Fool (Score:4)
The next day he returns with new pair, and you play the game again.
One day, you find you can't get out of them. And he walks away, leaving you bound and defeated.
Since we're all unfortunately going to have play this game, I propose a new strategy. Fein defeat at every turn. After he has expanded fortunes producing similar handcuffs for everyone else, divulge the weakness. If he persists in this game, bankrupt him.
Additionally, if the RIAA and MPAA cannot find technological measures to protect their interests, I believe that they will increasingly rely on congress. It would be a grave mistake to assume that we have better access to our congressmen than they do.
However, while the industry's resources may be vast, they are not infinite. Senators *can* be expensive, and prices do fluctuate. Hypothetically, they have to buy off a majority. After rounds three and four, after vendors are expending their own R&D budgets to comply with laws and customers/constituents are wailing, these congressmen will be considerably more expensive. Let's make certain that the cuffs are still quite loose at this point, or it will be close game.
-Hope
Isn't it funny that... (Score:3)
This point angers me more than I can articulate.
If you think the watermarking system is fallible, break it and claim the $10,000 yourselves. To expect "the hacking community" to ride in and save your asses -- or your assets, for that matter -- is arrogance at best and cowardice at its worst.
Jay (=
I disagree (Score:3)
As for this quote:
"Then came the call to boycott the hack-SDMI challenge. Those SDMI members who had been secretly hoping that hackers would breeze through the challenge and prove once and for all that SDMI was wasting its time were dismayed. If the system wasn't tested and broken, SDMI would forge ahead and release a solution that many considered fallible."
Yes, that's precisely the idea. We want a solution released that is fallible, and that way it will be immediately broken.
There is another reason why SDMI should be given free reign to do whatever they want without hacker interference: Let's see which companies decide to produce SDMI-compliant devices. Since they know such devices are basically breakable, and hostile to consumers, this will tell us which companies are willing to stand up for their principles and which ones aren't. After all, membership in SDMI is voluntary. Let's see which companies volunteer to stand up for the consumer, even in the face of economic pressure from the entertainment companies.
Then we'll know which equipment to buy, and which to avoid.
And then we hack SDMI...
________________
Re:"Andrew Leonard" (Score:4)
Next time I'll be sure to mention all my connections with the piece, but anyone who knows my writing well enough to call me "a perfectly fine journalist" ought to know that I wouldn't "whore" anything to slashdot that I didn't think was fully appropriate to Slashdot readers.
Amusing... (Score:3)
Now, I've never taken a business class or anything, but somehow I get the feeling that making your customers think of you as the enemy is probably not the best business strategy.
Rather amusing, anyway...
---
Of course watermarking will work (Score:4)
Watermarking in the sense of adding a digital signal that identifies the source is also broken in the same way - garble the signal. However, true watermarking isn't that easy to remove! If you garble the signal too much, you will get music that most people actually can hear has been tampered with. I myself don't listen to mp3 or minidisc at home since I don't like the degradation (yes, both my ears and my speakers notice it ;).
For those interested in the subject, look up Steganography (cryptographic branch dealing with hiding information as "noise" in pictures, music etc).
Watermarking is steganography, and steganography works ...
Hmmm (Score:5)
What a way to get support, insults.
Are we supposed to buy this load of crap? If SDMI is cracked before the Recording Industry has implemented it, then they will just find a new method that will be even harder to crack. Yeah that sounds like a good idea. Let's stop working on legitimate OSS projects and help the Recording Industry come up with a better consumer trap.
Re:Of course watermarking will work (Score:3)
Whatsa point of it now? (Score:3)
Not that hacking shouldnt occur: of course we want our best hackers to be up and ready to vigorously slam whatever is cranked out by the industry. But for Christ's sakes, this kinda stuff shouldn't be done in the public where everyone can watch and learn the techniques. No doubt the industry is gonna wanna observe any public acts related to its code, and it will learn from them and come with new a fury as an tested watermark or new standard is extracted. Why be premature and rush into it now? The trick is to wait until the RIAA comes out to the public with a virgin watermarking scheme, foisting off its purity. Only then should hackers be ready to rush in and tear it apart, thus protecting consumers from whatever digital terrorism the RIAA chooses to practice.
"The most fortunate of persons is he who has the most means to satisfy his vagaries."
waiting game (Score:5)
Like the article says, it's going to be pretty hard to sell SDMI-compliant CD players. A consumer who knows what SDMI is has no incentive to buy one, unless manufacturers slash prices on them but that's unlikely given the cost of developing the new devices. I wonder if we'll start seeing CDs with SDMI-only tracks (i.e. you get the whole album normally, but there are two extra bonus tracks that only play on an SDMI device). Either that or SDMI support won't be mentioned on packaging, so that someone who goes to buy a new Discman will discover that it supports SDMI when it refuses to play the CD he burned on his computer. That would be a customer relations nightmare.
Anyway, given that SDMI will pretty much repulse most of the early-adopter types who are key to the success of new hardware (like portable MP3 players), the odds of it getting off the ground are low.
Re:Of course watermarking will work (Score:5)
Simple steg works on the level of obscurity: "I've put some secret values in some of the bits of this jpeg but I'm not going to tell you which bits." This is easy to defeat, especially if ALL jpegs have the same watermark (or watermarking system). Just find those bits or better yet, modify ALL the bits.
More complex steg would involve calculating some value based on a key and stegging from there (presumably in a way that would require destroying the "wrapper" data to destroy the steg). Then the recipient needs the decoder. Great system---except that we'll all have decoders. Every SDMIMan (like WalkMan) will have one built in. Just reverse engineer this device and boom, you have decoded your music.
And since each song only needs to be decoded once for freedom to reign....we'll, you get the picture.
--
Re:Of course watermarking will work (Score:5)
Of course watermarking will not work. As Bruce Schneier says in Secrets and Lies:
--