Forgot your password?
typodupeerror
Music Media

Boycott of Music Industry's Hacker Challenge Urged 378

Posted by CmdrTaco
from the thats-why-we-didnt-post-it dept.
phu170n writes "Don Marti, technical editor for the Linux Journal, has called for a boycott of the hacker challenge recently announced by the music industry's SDMI collective. Looks like principle can be worth something (more than $10,000, at least) these days."
This discussion has been archived. No new comments can be posted.

Boycott of Music Industry's Hacker Challenge Urged

Comments Filter:
  • by Shotgun (30919) on Friday September 15, 2000 @04:05AM (#777732)
    No matter how you slice it, in order to add additional information to any file, you have some bits somewhere.

    If all SDMI wanted to do was mark a piece as authentic, every piece would have the same mark and there wouldn't be much incentive to break it. "Heh, this POS is by Britney Spears. I know because it's watermarked." "Couldn't you tell that by tinny, teenage voice singing about her life ending because her teenage boyfriend dissed her." "Ummmm..."

    But authenticity marking isn't what they're after. SDMI is looking for encryption and user identification. This means each unit would get a different watermark. Breaking it is then a simple matter of buying 5 copies and doing a binary diff of the output of "mpg123 -s britney.mp3 > tempfile". Build a bogus watermarked file by pulling the first byte from file one, the second from file two, ...the sixth from file one, ...etc, and run lame on the result to get 'unmarkedBritney.mp3'

    Am I in trouble now?

  • The SB Live! card (and probably others) has a digital mixer that allows you to "peak" at the digital output before it is converted to analog. That way, you get the real digital output. At least you get a wav this way and can always convert it to MP3, for which decoders can play watermarked songs.
  • by Anonymous Coward
    While I appreciate the editorializing on the part of some people (despite some sour grapes on the part of those who wish they could), I plan to attempt this. Here's hoping that someone doesn't decide to lay waste to the site before I obtain the necessary terms...

    My rationale is this: Right now, few consumers care about "secure" music - they just want the selection. If the industry provides this, no matter how encumbered, then they will be happy -- UNLESS the protection is too much of a hassle.

    The objective should be to break all the easy schemes, making it a nightmare to go through the hoops necessary to use the software and devices in such a way that a hapless user could not possibly be getting digital content... This will be sufficient for the mass of customers to vote with their money, and end this senselessness.

    As to why now, and not later?

    Because I (or you, if you are so inclined) can do it in your name, publicly, and watch the news stories "secure digital music technology foiled by slashdot troll". There won't be much in the way of SDMI music for a while anyway, because the powers-that-be surely understand the "wait and crack it later" attitude.

    Further, it can be a nice challenge, and if you aren't doing it for the money you could always help out the EFF...

    As to some of the suggestions so far...

    1. Converting to analog -> audio will not remove the watermark. (Nor will various compression-decompression, unless you had a nearly perfect psycho- aucoustic model..) I'm sure there are watermarking games possible with two versions of the watermark in the same digital content but they are probably not going to allow that.

    The window here is to tweak the bits JUST enough to foil the player without damaging the content any more than it already has been...

    Or to provide tweaks to SDMI devices to ignore the watermarking...

    2. Using digital out, and finding non-SDMI compliant devices to store to. Note that WindowsME is already taking steps to avoid "rogue" drivers which store digital audio to disk, or output to SPDIF or a digital loopback. (www.microsoft.com/hwdev/audio).

  • by Wellspring (111524) on Friday September 15, 2000 @05:04AM (#777735)

    I didn't catch that-- good point.

    Frankly, if our software engineering skills are worth only $10k to them, they obviously don't need this too much.

    I can just picture a bunch of arrogant marketting types sitting together:

    "Yeah, let's use these hackers to make our product better! We'll dare the kids to break our product, and then they'll work for us."

    "But wait, why would they do that. They hate us."

    "Yeah, but so what? Remember, these guys may be real computer whizzes, but they're naive. Most of them are just kids-- they're doing this because they can't play football and don't have dates. They don't have the savvy, the talent, the raw creative spirit to be in marketting. After all, if they did, they'd being doing this, right?" Everyone nods thoughtfully, except for Todd, the exfootball star, who is suddenly lost in his glory days.

    "So we invite them to crack our system! And then, when they find the hole in it, we'll hire some techies to fix it, and we're done! We can even offer a prize! We'll jack up CD costs."

    "Sounds great!! And just think, we're doing this right here, in Hollywood!"


    And just think, people like these gave $5 million to the vice president last night...

  • I've lost track of the project quite a while ago, but I dimly recall a group that was going to engineer a clone of the Gravis Ultrasound when Gravis announced the decision to stop making consumer sound cards.

    I couldn't connect to google for some reason and alta vista's advanced search didn't find what I was looking for. Does anyone else know what happened to this intrepid group of open hardware hackers?

  • by Rand Race (110288) on Friday September 15, 2000 @04:06AM (#777737) Homepage
    Exactly what we wanted, assuming we want only the most popular songs and wish to pay exorbient fees. These guys need to wake up, I'll gladly pay a monthly fee to a record company for access to their entire cataloug. I don't want just the hit of the day, I want those old delta blues tracks that haven't been released in decades, some cool pre-war european jazz, and a lot of out of print LA punk.

    As usual it is a matter of control and short-sightedness. The record corps figure that the old stuff that just a few people want can't generate enough revenue to make having it available worthwhile. And they are right when you look at current distribution models, but on the net they can offer a subscription service where that old Skip James tune just takes up a few megabytes on a server and doesn't require pressing, shipping, etc. That way they make money from the millions of vapid Britteny Spears fans as well as the fans of older/obscure artists. Hey RIAA, that is more money, not less.

  • So use a non-SDMI aware sound card which should be just about anything available right now. It also isn't enough to check for watermarked audio at the audio in because it is certainly legal for me to connect my CD player to the audio in of my computer and listen to the music through my computer speakers. Besides how would the sound card know that it's input is being recorded. Isn't that the software's problem? In which case, just use non-SDMI aware software which again is most anything available. I think the music industry doesn't understand the very basic truth that if the audio can reach my ear through some means, then it can be recorded again. Yes, the quality may not be as good depending on the method used for that recording but consider this: something like 90% of the audio data is thrown away when creating an mp3 because the average ear can't hear those frequencies anyway. Has this hurt the popularity of mp3s? Not at all. If we're all happy enough to trade music at 1/10th the quality of the original there is no way the music industry can stop us.
  • First, to repeat myself, watermarking is basically a tracking technique, not an access control technique. One can copy a watermarked file as much as one wants.

    Actually, this is not the role that watermarking is intended to play in SDMI, at least not initially. It really is intended to play a part in access control, not tracking. The idea is that songs on all new CDs will have a generic, identical watermark saying basically "this music is copyrighted" and then SDMI-compliant mp3 players and stuff are supposed to find this watermark and refuse to play the file unless it comes packaged in one of their goofy little secure formats that implements access control and copy prevention, e.g. are keyed to the particular player or whatever. SDMI-compliant mp3 players are supposed to refuse to play watermarked music packaged in a regular unprotected mp3 file without access control.

    So, actually, watermarking in SDMI is part of an access control scheme and not a scheme for tracking individual copies. Obviously this is totally hopeless access control scheme since you just need an mp3 player that doesn't implement their broken blocking mechanisms, but it's an access control scheme nonetheless.

  • 9 is the best I could get too.
  • This might be your only chance to get a "license to crack". Imagine how the DeCSS project would have turned out if the DVD-CCA made such an offer.

    If the DVD-CCA made such an offer, there encryption scheme would probably be a lot better and we'd be even more SOL.
  • That is the question. Whether tis nobler to help the powers that be begin relasing digital media, or to let them think they have a secure system and then hack it to hell once they've adopted it.
  • by smartin (942) on Friday September 15, 2000 @04:13AM (#777753)
    Isn't this the same industry that is pushing real hard to make it illegal to hack and publish ways to break commercial encryption schemes. Sure they are offering $10,000 now to anyone who can hack and break it, but what happens after it ships? My guess is that their tone will change and anyone who hacks it will be hunted down and persecuted.

    So hack this puppy all you want, just don't publish what you find until after it has been released and is widely used :)
  • Ever since 1923, there has been no public domain [8m.com]. And fair use rights can be signed away in a contract (think shrinkwrap license on a CD).
    <O
    ( \
    XGNOME vs. KDE: the game! [8m.com]
  • Once the copy protection scheme is in place it would be illegal to make even a fair use copy of music in another format which does not use the copy protection scheme - the only MP3's you could play would be of unprotected music. The view of the DMCA is that anything which CAN be used to copy protected music is illegal. (That is the crux of the DeCSS ruling; DeCSS CAN be used for illegal purposes, and therefore it is illegal)

    The argument which I expect to be used in court is that any device which can be used to circumvent a digital copy protection scheme is the equivalent of a lock pick - and thus mere possession of them is a crime.

    Once a law is on the books it is very difficult to get it repealed. There are millions of laws in this country - you pretty much know about all of the ones that have ever been repealed. The reason you have heard about laws being held as unconstitutional is that it is so rare an event that when it happens it is NEWS.

    Prohibition was repealed because most people drank - drug prohibition has not been repealed because most people don't do drugs. Into which of those categories of bad law would the DMCA be more likely to fall? Just because most people WE know are involved with computers and understand the issues does not mean that most people in society as a whole are like that.

  • They are trying to make music available online, and to make it secure.

    They're also doing it in a way that is contrary to a few laws [stanford.edu]:

    • Copyright's Fair Use clause (eg. one backup copy, use a short snippet for research/study).
    • Contitution's "exclusive right to their works for a limited time" (eg. if a piece of music is released only in SDMI, what happens to it when it's supposed to go into the public domain?)

    --
  • Unless they are going to create new drivers, copying this is as easy as running it in a sandbox and intercepting the input to the sound card drivers.

    Why not just create a device driver for the Windows sound API that plays its 'output' to a file in .mp3, .wav or whatever? Then making a duplicate is as easy as choosing the driver as the playback device in Windows and playing your SDMI tunes with your 'authorized' software.

  • by Millard Fillmore (197731) on Friday September 15, 2000 @04:19AM (#777776) Homepage Journal
    Has anyone checked to see if SDMI is legally allowed to "encourage the circumvention" of the technology? Isn't this inciting people to breaking the DMCA?

    What does happen if somebody cracks their protection? Do they go back to the drawing board, or do they buy the rights to the crack for $10,000, patent it, and then refuse to publish it?

    My advide to anyone who thinks about taking up the challenge is to read the agreement very carefully. My hunch is that they will try to buy the rights to the crack.

  • Well, there's legally a public domain. Though maybe they can license that away too. For instance, if you sign an NDA, the information you get isn't required to go into public domain. I'd love to see them try to pull that.
    --
  • Copyright's Fair Use clause (eg. one backup copy, use a short snippet for research/study).

    Does fair use entitle you to a perfect digital copy? People have stated various ways to get one or two decent copies out even with the copy protection, but say that "it would degrade for each generation". Well, so what? Fair use doesn't allow for multiple generations of copies anyway.

    Is there a way to get one decent sounding copy and have that first generation copy be acceptable? If so, fair use is just fine. I don't see any consitutional right to a perfect copy, and the main need for that perfection seems to be unfair use (multiple generation copies spread to those who didn't buy the music.)

    Note, I am responding only to the stated assumptions by some on this discussion that a) you can get a slightly degraded first generation copy under this system, and b) it still would infringe fair use. If one of these assumptions is incorrect, I'd apriciate knowing it, but they aren't my assumptions so don't flame me.

    -Kahuna Burger

  • You do not have the right to play a digital audio file on anything device you own. Specifically, fair use does not guarantee the right to make digital copies.

    Why not?

    Does it harm the copyright owner in some way? Does it reduce their profits or otherwise reduce their incentive to create?


    ---
  • Don't get me wrong, I agree with the boycott, but I wonder about what will happen when it is released and (inevitably) hacked.

    Depends where is it published. In some countries reverse engineering for interoperability is legal.

    So if someone with an overgrown ego publishes not his findings in an inappropriate country just in order to be famous and k3wl we have the DeCSS case again. If someone with brain passes it along to the other side of the globe than... Oh well we all know where Micro$ networking was reverse engineered.

  • Watermarks have nothing to do with CD's... Think about it... They're not going to do one-off pressings of their CD's unless they plan on selling them for $500-$1000 a piece...

    Ever meet a CD with software that required you to type in a "CD key"? Like recent Windows? Or Diablo II? That's not one-off pressing, yet each CD is unique. Marking of audio CDs can be done similarly.

    they're embedding watermarks in files that they'll make available on a "pay per download" basis. Which is what everyone's been asking for, isn't it?

    Asking for? I don't recall people crying out "Please, please, watermark the music files!!". Why would everybody ask for that?

    You'll be able to listen to it wherever you go, since with the watermark, copying isn't so much an issue. You can put it in your car sdmi player, your portable one, your computer, and anywhere else you go. You just won't be able to share your stuff with anyone else

    You are confused. Very confused.

    First, to repeat myself, watermarking is basically a tracking technique, not an access control technique. One can copy a watermarked file as much as one wants.

    Second, for the situation you describe to come to pass, the music you buy must be playable only on SDMI-compliant players and nothing else. I don't like this. I don't like buying music which can be played only on "approved devices". My computer probably won't be one.

    Third, why would you care if your friends distribute your music online? Because the RIAA will know that it's YOUR copy of music that is floating on the net? And how would they know it? Will it be so that you could download music if only you would identify yourself (e.g. credit card) to the seller? I don't like this. Why shouldn't I be able to buy music anonymously? Besised, what could they do? "Your Honor, I believe my computer was hacked into and somebody stole my music files."

    ive it a couple years to sink in and Napster, Freenet, and Gnutella will be history...

    Dream on, baby, dream on...

    Kaa
  • If you read the spec it appears that SMDI hasn't done anything but create a bunch of acronyms. One technical detail I could gleen from the spec is that it appears they are going to try to use some type of public key cryptography to protect the stream to the portable device. Since the device identification stream has 'certificate' and 'issuing authority' fields.

    Nonetheless, the protocols described in the spec are TOO weak and it looks like its subject to replay attacks all over the place. Using a CD Image would get you as many SMDI copies as you like. It is also likely that the SMDI to device stream is replayable if you record it.

    These coroporate design by committee things always make me wonder about the mean intellegence of greedy corporate bastards. They can come up with acronyms all day, but try and get them to give you a decent protocol, just try it.

    John
  • Dunno.

    Watermarking of music is pretty damn hard. (ie, I can't figure out how to do it well, and I must have given it several minute's thought). You have to modify a sensitive signal in a robust and non-intrusive manner.

    However, it is do able to fingerprint it; perhaps not as advanced as what was proposed here a while ago, but something with a +50% success rate (I am being precise here; statistically 50.001% would be ok). So now they'll have your player store fingerprints of every song it has played. Whenever it is connected to a network or network-nearer device, the fingerprints are forwarded (along with your uid, of course).

    If this were implemented, the industry would get exactly what they wanted, and more. They could prosecute you for illegally playing a song (note the false positive allowance above -- they would have to amass a preponderance of evidence before they could persue you). They get super-valuable demographics info. They could sell you monthly or yearly subscriptions (buy all sony music for a year!). Popular consumers get rebates ('We've identified you as someone who "spreads the word" to youtr friends about great music! Come check out Columbia's newest pop sensation The Chiterlings!'), or even credit for word of mouth marketing.

    They won't even have to verify every song, the system works like taxes -- they might audit you, so you are honest.

    Ok, some details are hazy, but all that is needed is accuarateish tracking of individual's listening habits.

    I've said it before, I'll say it again. The above is an evil scheme, but I'm fascinated enough by the implications to almost go along and implement it. I gotta admit, I may dislike big companies, but I am buyable. I'm just not cheap.
  • I'm sure there's an exception clause in the DMCA [cwru.edu] that allows for the creator of the access control device to try to crack it or to permit a third party to do so, I just can't find it.

    It does say this though:

    • No person shall circumvent a technological measure that effectively controls access to a work protected under this title.
    "No person", including the creator? USCode is hard to read...
    --
  • A lot of posts have pointed out that the watermarks work by using sound structures which we would not normally hear (eg subtle time shifts, masked tones, high/low frequencies etc), in order that it is preserved in D/A A/D conversions.

    However, removing such structures is /exactly/ how lossy compression works. If we can't hear the watermark, there must be some lossy compression scheme which removes or changes it.

    Clearly the watermarking has been tested with the popular schemes (ATRAC, MP3 and so on). But they're not the only possible schemes. It is perfectly possible to come up with a lossy compression scheme which corrupts watermarks, without otherwise affecting the signal.

    Why do I believe this? Well, because a compression scheme which does that is exactly what you would use to apply the watermark in the first place....

    Its interesting that if we had an 'ideal' lossy compression algorithm, (which had an identical encoding for all sounds we would say sounded identical, and where any change to the encoded form was audible) then it would not be possible to watermark the sound.

    BTW I'm interested to see how they manage to watermark John Cage's 4:13.

    -Baz
  • the US forces code was never cracked by the germans or the japanese.

    The Navajo code talkers had to start making up new code words for words like airplane, aircraft carrier, etc. toward the end of the world because the Japanese could understand very much of the 'code.'

    Regardless, your point still stands, it would take a phenominal code to survive a machine like Deep Crack that was built specifically to crack a given code.

  • they don't want to improve the product, they want to prove it uncrackable.

    Actually, I'm pretty darn sure that they do want to improve the product, it's that the product that they want to improve happens to do a bad thing. It's kind of like wanting to improve the ebola virus.

    I noticed there's a time limit. It's pretty clear that the goal of this hacksdmi project is to expose weaknesses now, before the system is widely deployed and invested into. They're about to spend a lot of money on it, and now is the time for last-minute fixes, since fixing it after deployment will be much more expensive/difficult.

    The Right Thing to do is to hack it as early as possible, but not inform them. Then, after the system is widely deployed, spread the hack far and wide. To encourage people to not do the Right Thing, they offer the $10k prize with the time limit. That makes the situation interesting and enables dramatic plots.


    ---
  • And since Joe Sixpack will only have WinME or later in three or four years, kiss the ability to save a .wav goodbye.

    The vast majority of people I know still have machines with Windows 95. Aside from that, folks will just go to their friends that run Linux or Mac.

  • > I really think this whole thing is just a big ploy to be able to buy and hide any code for breaking sdmi, NOT a way to further secure the format. They simply want to buy the code,

    Unlikely. Once the fundamental algorithm to crack the watermark is known, generating code to implement it is trivial, and their scheme is good as dead.

    No, I think they are honestly trying to create a secure watermark, or at least "prove" to the industry that they didn't bungle the encryption scheme like they did last time.

    That being said, I still think it takes balls the size of minor planets to go out to the "hacker" community and ask them to help create the "perfect" leg irons that will be used in the future to enslave them... :-(

    --

  • Paranoia is thinking people are out to get you - when nobody is. IT IS NOT PARANOIA TO THINK PEOPLE ARE OUT TO GET YOU WHEN THEY REALLY ARE.

    The question is "Does the music industry want to collect information on anyone who might be interested in attempting to crack their copy protection scheme?" The answer to that question is an unqualified "YES". Do they have the means to compile a database on everyone who tries? Yes, they do.

    I did not say that all identity checks are designed to allow someone to get you. I listed a single example - gun registration - which DOES have a hidden agenda. It is exactly for that reason that the People of the US have ALWAYS resisted gun registration.

    Nice try at attempting to discredit my writing by implied character assassination - but it won't play.

  • This'll bake your noodle

    Nice Matrix reference...

    But seriously, speaking of gathering information, by now they have a web log chock-full of IP addresses of potential enemies.

  • The soundcard out/in trick does not work. However, I have already hacked SDMI's method. It's a pretty simple hack. I will be informing the engineers of my hack. I am not interested in boycotting. Why? At DefCon in Las Vegas this year, I had a great conversation with Theo de Raadt. We were discussing the existance of zero-day exploits, and his relentless efforts to beat hackers to the punch with OpenBSD. My contention at the time was that if I have written a zero-day exploit, it is my own work, for which I am the original author, and I have the right to keep it a "trade secret" of sorts by not informing the public of the vulnerability. Theo didn't even have to think about my point (I assume he had heard it many times before). He just looked at me and said "Sure, the exploit is yours, and you can do what you want with it. But why be secret? Don't you want it to get fixed? Don't you want the technology to get better?" I guess that really struck me. There are many different types of hackers out there, and you can divide them up and classify them until you are blue in the face (check out a book called "Hackers: Crime in the Digital Sublime" by Paul A. Taylor), but I like to think of hackers as primarily falling into two categories. People that like to test the limits of the technology and push the envelope of the common body of knowledge, and people who just like to get what isn't theirs in a rebellious way. Theo pointed out that if you are any good at all, you will find more vulnerabilities. You will be able to exploit those new vulnerabilities. You will advance technology further, and you will start testing again each time it progresses. On the other hand, if you aren't any good, you may want to hold on to your exploit. You may fear that you won't be able to come up with anything that clever again. You may be disappointed when the vulnerability is fixed, because you can no longer exploit it for your own purposes. I think the problem here is that some of the Linux supporters don't really want the SDMI technology to get any better. They want the technology to be weak, and they want to be able to exploit it. They want the technology to fail. I understand this mentality, but for me, that is not what hacking is about. Keep in mind, that I do not want the cash prize either (it's always good to have money, but I am not going to wait for the contest to let them know what I have found). As for the very vague and uneducated "reasons" why the author of the article is opposed to this contest (read: opposed to the technology), he's pretty far off base. The SDMI technology does not prevent you from copying files. It does not prevent you from excercising your right to reasonable private use of the art. All it does is place a digital watermark on the file that identifies it as belonging to whoever paid for it. It's like a digital name tag. This isn't an intrusive concept at all. I label all of my CDs. Granted, I do not label all of the MP3s I download from Napster, but I am not opposed to technology that would allow me to either. As for concerns that this technology is a violation of privacy (an infringement of rights that, in my mind, is absolutely not permissible under any circumstances), I just don't see it. Having an identifier on my files is not a violation of my privacy. The biggest threat to privacy I can see here is that whenever I download music, someone might be able to catalogue the music that I am interested in by tracking the music that I encode on the servers. This is not a problem with the SDMI technology. This problem exists all over. What about Amazon? Do you think that MP3.com or Napster couldn't be used for similar evils? The fact is, any time you set up an account on someone's server, and start shopping, you are running the risk of being monitored. That is where the potential for violation of privacy lies. So what is the real problem with SDMI? What is the REAL reason for wanting it to fail? We like our MP3s. We like Napster. We like violating copyright laws. I admit to downloading tons of copyrighted music from Napster (Napster tripled my day-to-day bandwidth requirements). We use Stream Ripper all the time to rip MP3s from streaming audio for our private collections. We like taking what is not ours and getting away with it. And some people fear that SDMI will make it difficult for us to do so, which is probably true. If that is the case, then you will want to hack the technology anyway. You will want to publish your hack so that you can liberate the audio warez traders as a whole. SDMI will become aware of your hack. They will fix it. What they are doing by offering this contest is avoiding the security practice that we have objected to in Microsoft products, amongst others. They are allowing the standard to be tested before it gets pushed out to tons of end users. I don't think this is WHY they are doing the contest. They are probably doing it for publicity, as many have already noted. However, a side effect is that they are actually giving people a crack at it. And I thank them for that opportunity. I want the technology to get better.
  • Do you count the trouble of going to the store and buying a CD into it's cost? It's the same thing as finding it on Napster, except it's harder and uses gas and more time.

    How is it harder to buy a CD? You drive a few minutes to the store, such as Best Buy, and instantly find the CD you want. On Napster, it might take you anywhere from 30 minutes to a few hours to compile and download all the songs for a given CD. Even then, you're often left with missing songs or poor quality.

    As for all the people that Napster being "illegal" will stop, um....it's "illegal" now. Everyone knows that pirating MP3s is illegal and it's not stopping anyone. Most people will tell you it's illegal, but they don't worry about it.

    That's not important. What is important is how many of those people would pay a reasonable price to download the official, high-quality MP3 album from the rightful owner. I guarantee you the anwer is: the majority.

    People don't steal unless one of the following is true: (1) They have to, i.e. no means to buy, or (2) it's easier to steal something than it is to get it legally, or (3) they're a criminal.

    I think it's safe to say most people are not criminals, and most people with means to access the internet are able to afford purchasing music. That means the only reason left is (2): it's easier to steal it on napster than it is to buy the CD and rip to MP3. If the music industry would make it easier to buy an album in MP3 format than it is to steal it, they will have nothing to worry about.

    You must be one of those, "people are inherantly evil," guys I keep hearing about.

    The glass is half full.

    -thomas


    "Extraordinary claims require extraordinary evidence."
  • Not everyone on the NEt can use Napster. There are many people who can't install a simple program without help. Do you think these people are going to download and install Napster by themselves? And if only 2 million people use Napster, I would bet money that 1,999,999 at least have downloaded pirated music. HEll, you can't find anything else on Napster. As for the actually number of users...as of the press release on July 28, there were 20 million users of Napster. And I would bet that 99.99% of them have downloaded a copyrighted MP3. You don't need to download a whole CD, you only need to download a song. It could be the single that you didn't want to buy, or the song of that soundtrack that you liked, not a complete CD. And what happens as the NEt grows? When 75% of people are on the net, how many people will be using Napster?

    If your numbers were accurate, CD sales would most definitely have gone down or at the very least, stagnated. Instead, they have increased.

    Otherwise you are implying that without Napster, CD sales would have soared, but with Napster they've just made a small gain due to the loss attributed to Napster?

    I have an extremely hard time believing that.

    -thomas



    "Extraordinary claims require extraordinary evidence."
  • There is no question that SDMI is hackable: the technology cannot work in general, and people will sooner or later circumvent it. However, it can work well enough in practice to be a big nuisance for fair use.

    Finding the particular bugs in their system for the chance of $10k is not worth it. Anybody with the skill to do that can get standard consulting rates, which start at $200/h at the low end, which translates into at most 50h of consulting. Their offer is an insult. These companies are about to make a capital investment of billions of dollars; once the thing is on the market and the media are pressed, it cannot easily be taken back.

    I think we should let them deploy the system as is rather than help them make it even more of a nuisance. Making it tougher to copy is not in the consumer's interest, and it doesn't even help the music companies (even if they think it does).

  • SDMI aims to stop bootlegging by placing a unique, inaudible watermark into every copy of a song. That way, when the RIAA finds an MP3 of the song on Freenet, they can identify the original copy from which the bootleg copy was made. But how does this bring them any closer to prosecuting the bootlegger? Before they can do that, they will need proof that the individual in question downloaded a particular watermarked copy.

    How are they going to stop me from buying songs as Chuck U. Farley, then bootlegging them to my heart's content? They will require me to pay by credit card. My credit card will become my proof of identity - the proof that I exist in the real world, at a known address, with a real door that can be kicked down. And if I lose my credit card, and my neighbour uses it to buy songs online, songs which he subsequently puts on Freenet? Oops, I'm liable. The credit card company might pay your bill when your card is stolen, but they won't go to jail for you.

    We need an anonymous micro-payment system right now.

  • Do I think we are in for another Holocaust? No, not unless there is some sort of technological disaster of huge proportion - which was large enough to personally affect millions of people.

    I do think that we are in for some legal beatings - we make a lot of money and people hate us. The DCMA is just the first of many punches we are going to get thrown at us. I just want everyone to understand what is going to happen to us in the near future and why; that way it won't come as quite so much of a shock.

  • No this isn't what we wanted. I'll tell you what I want: See, I got this song off napster that I really like, except that like a lot of the crap on napster it's got some pops and clicks in it and the last six seconds are cut off. I want to be able to pay the artist $5 and get a nice clean copy, complete with digital signature and MD5sum to ensure that there aren't any bits missing. That's what I'm willing to pay for. But for some reason, they aren't selling. Which is a shame because I'd be willing to buy. I'll tell you what I won't buy tho: I won't buy some SDMI crap that won't play on my Linux box.


    Okay, let me get this right. You get a "bad" copy off Napster, and want to pay for a good MP3 copy. Which you then share on Napster. So the next person who downloads that song (from you) gets a perfect copy. This person then has no reason to go and pay for a "good" copy, they already have one. If the song is popular, your copy spreads like wildfire, and no one needs to buy the "good" copy, they already have it. So, how exactly does this make money for the labels?

  • As the RIAA has gone after Napster, everyone has been talking about how they would buy digital music if is was available. Well, that's what they are trying to do.

    No, they are trying to prevent people from using digital music however they see fit.

    They simply cannot release the music in an unsecure format.

    Why not? Encryption and SDMI will not stop piraters of music, it will only prevent regular people from easily listening to the music for which they've already paid... just like DVD.

    The only thing that would accomplish to make the music easy to put on Napster (or whatever). Someone would buy the music, and the first thing they would do is put it in with all of their other MP3s, shared on Napster. Then everyone else finds it on Napster, and has no need to buy it (and this is especially true for digital music, as you have exactly what you would be purchasing).

    Yeah, just like nobody buys software nowadays, it's all pirated in usenet and IRC, and all the software companies are losing money! Right?

    What they need to do is: release their albums in high quality, MP3 (or similar unsecured digital music format), for a discount over CD's. Most people, if given the opportunity, would pay for the music, and support their favorite artists.

    Some people would download songs off of Napster. Some of those people will then buy the album if they like it, and others will not. We are talking about a minority of people.

    Right now, Napster usage is high, but nothing compared to the amount of people actually buying CD's in stores. Napster usage would be reduced dramatically if the labels were selling inexpensive MP3 albums ($5 - $10). They'd be making money hand over fist.

    So the only way to offer music online and to have a chance to make any profit is to offer it is some kind of either encrypted or watermarked format. If you want music available for download (legally), there is no other way.

    You are dead wrong.

    -thomas


    "Extraordinary claims require extraordinary evidence."
  • This bothers me, while realisticly they are just trying to build an effectivly watermarked audio sceme, I am torn between the ability of someone to prevent "theft" of there material, and my right to have an audio format that is playable on anything I own.
  • You know, that's a good question... Can the RIAA retroactivly declare your activities illegal? They put up the file(s) on the internet, and invite people to hack them, poke them, prod them, mess with them on your computer and see what happens...

    Can they really then say, a month later, that the files that they offered for download off their website (And which are now on your hard drive) are now contraband, and cannot be poked/prodded/hacked? The legality of this seems slightly questionable. On the other hand,IANAL, and laws havn't been impressing me recently with their adherance to common sense...
  • by Dilbert_ (17488) on Friday September 15, 2000 @04:45AM (#777850) Homepage
    A lot of people seem to forget that the idea behind this SDMI scheme is not to stop Joe Sixpack from writing the audio to a file, or use a loopback recording scheme with his soundcard, but to be able to point the finger at him later.

    Go ahead! Buy a Britney song online and download it in SDMI format. Sure, toss it in your Napster share directory! Hack away at it too, and re-record it all you want...

    But when the RIAA then scans Napster files, it will be very easy to find out whose copy it is that is floating around there (providing the watermark is still discernible). You did pay for your original download with your credit card, didn't you? Who's 31337 now, when they charge a gazillion bucks in damages to you?

    In a way, this is just like DeCCS: the watermark will not prevent copying, but is supposedly meant to stop piracy, while in reality pirates will circumvent it. All it will do will be limiting users choice (eg. no Linux player).
  • by FascDot Killed My Pr (24021) on Friday September 15, 2000 @02:56AM (#777853)
    Microsoft put Win2k on the net and we all gleefully pounded on it (for the short periods it was up). Then they released. Is it any good? No.

    Same with SDMI--they don't want to improve the product, they want to prove it uncrackable. If no breaks it, that will be evidence (to a person versed in using fallacies in place of logic) that SDMI will Make Money Fast For Artists. This gives them credibility and power.

    Here's my recommendation: Hack it, but good. Hack it so good it can't be fixed. For instance, connect your soundcard "out" to your "in" and record--there's no getting around that. Alternatively you could hack it so good they have to go back to the drawing board for a year or two--giving MP3 (and Ogg Vorbis!) time to spread even further. If you haven't broken the rules (why are there rules in a hacking contest?) collect the $10k. If you have broken the rules, just post the results to lower their credibility.
    --
    Linux MAPI Server!
    http://www.openone.com/software/MailOne/
  • My original post was moderated up because it pointed out a truth which had not been stated in any of the other posts on the topic.

    The real question is "Is there such a thing as a hidden agenda?" The answer to that question depends upon your degree of awareness of evil. People who are virtually blind to evil except when it reaches the level of violent crime or officially sanctioned genocide, are likely to answer 'No." to that question. People who are more sensitive to evil are more likely to answer "Yes".

    Sensitivity has its problems - it is easy to mistake noise for signal when you are sensitive. To someone who is blind to the actions of evil people - the warnings of those who are aware of the actions of evil - sound insane and paranoid. The belief is: "If I can't see it - it must not be there." It never seems to occur to such people that they just might not be able to see very well.

    From your reactions to my original post I would make the guess that you are able to see only the actions of those who are not very sophisticated in their evil - and are thus obvious to almost anyone. Did it ever occur to you that there might be a class of evil people who are sophisticated enough to conceal their actions so that they become invisible to anyone who looks no deeper than the surface of events?

    Most people are virtualy blind to the actions of sophisticated evil. I refuse to be labled as 'crazy' because I can see sophisticated evil. I am not crazy sir, I am just not as blind and insensitive as you are.

  • Much in the way that the real reason for registration of firearms is to make the later collection of those weapons from the law abiding easier.

    A little paranoid, are we?

    Yeah, I'm so sure the government would be successful in that matter. Why exactly would they want to collect the firearms of "law abiding citizens"? All that'd do is give all the power to the criminals, since they don't register their guns.

    And how exactly are they going to collect these guns from these law abiding citizens? Don't you think it would be a slightly risky proposition to try and go through a town and demand all the weapons? (I.e. what are your chances of having those weapons turned against you immediately.)

    Nice logic...

    -thomas


    "Extraordinary claims require extraordinary evidence."
  • I say HACK the damn thing, win the money and donate it to Ogg Vorbis or FSF! I see this as a great publicity stunt for FSF.

    Can you imagine the RIAA first saing their crap got hacked then the media foinding out the money awarded went to pay for a competing technology!!!

    Ex-Nt-User
  • Actually, this is a bad example. A good friend of mine owns a Thompson machine gun, and it is 100% legal. He had to get a license for it, which is not possible to do for fully automatic weapons manufactured after a certain date. But, when the "ban" on fully automatic weapons went into effect, existing guns were grandfathered. Not that this invalidates your point about ex post facto, I just wanted to point out that machine guns are a bad example.
  • "No, it's not worthless at all. It can still be detected, but only by the people who put it there in the first place.Thus, you can't tell if a given piece of audio is watermarked, but the record companies can scan all the files on your public server and read the watermarks."

    OK, but what good is that going to do them? They could already just *listen* to the song and know that it's "Oops, I did it again" (or whatever). It would only help them if it were in players, and then we could reverse-engineer it.


    -Dave Turner.
  • There is another post that points out that the 'first register - then confiscate' trick is exactly what happened in Great Britain. There is precedent sir; it has happened before.

    Those who do not learn from history are doomed to repeat it. By the way, the Chinese dissidents were astonished that the "People's Army" fired on them, after all, they were the people. Ask the survivors of Kent State if the National Guard's rifles were loaded.

    I don't think there are very many people who believe the "We are the government" argument any longer; it might have flown in 1800, but 200 years later most people see through it.

  • by mr.ska (208224) on Friday September 15, 2000 @02:57AM (#777870) Homepage Journal
    As much as I hope nobody even so much as tries this, I just know there will be some 733t cr4ck3rz out there that won't be able to resist the money and the ego of the whole thing. Sad.

    What's worse, they're shooting themselves in the foot. The "contest" (hereafter referred to as "The Sham") runs from Sept. 15 until Oct. 7th. Why that window? Do you REALLY think that if someone is dedicated to cracking whateverthehell it is they're proposing, they'll give up after 3 weeks? Hell no - they'll pick away at it month by month until it's split wide open. Three weeks isn't going to do them a damn bit of good, IMNSHO.

  • Also, you may be forced to sign terms and conditions prohibiting the release of your work:

    To participate, just go to the website at www.hacksdmi.org after September 15, 2000 and read the public challenge agreement. If you agree to the terms, you will have until at least October 7, 2000 to do your best.

    Sounds pretty useless to me. If someone wanted to really hack it, the first step would be to use multiple layers of anonymity to get access to the code, and then get 2600 or the EFF to publish it. Forget any industry-sponsored contest.

    Aw, who cares, SDMI is toast anyway. Do they really think they can get everyone to abandon MP3? If so, can I have some of what they're smoking?

    sulli

  • by 0xdeadbeef (28836) on Friday September 15, 2000 @02:57AM (#777874) Homepage Journal
    Find a demonstratable flaw in their system, but refuse to reveal how it works until the RIAA donates $10 million to the Electronic Frontier Foundation. The publicity it would generate for the issues at stake would be worth far more than the actual money.
  • You get about three weeks to break the thing, starting September 15. Today is September 15th, and the site isn't up yet.

    The original Slashdot article disappeared from the main Slashdot page while I was posting this. Hmm.

  • They simply cannot release the music in an unsecure format.

    What, you mean they can't release music the way they've been doing for the last century? Hogwash. They've been packing away the millions for all that time, too. And despite widespread "piracy". It's not like digital music is new, either. We've had CD's since before a lot of /. users were born.

    Then everyone else finds it on Napster, and has no need to buy it (and this is especially true for digital music, as you have exactly what you would be purchasing).

    This is also hogwash. Compressed music is a second-rate substitute for the real thing. If I were to download a track from a Napster user, I would be getting considerably less than what the owner of the original CD paid for. It would be good enough for my car or the crappy speakers on my office PC, but painfully inadequate for when I want to sit down at home at my stereo and listen. Maybe when we have the bandwidth to transfer uncompressed CDs the way MP3s are transferred now, they might have a point, but still not a very good one.

    The fundamental flaw in all anti-piracy reasoning is that if a user illegally copies a thousand dollars worth of CDs, the music industry has lost a thousand dollars. The fact of the matter is that most people don't have a thousand dollars to spend on CDs every week, especially their core audience, who are teenagers and college students. If every MP3 in the world were magically erased and all sources were cut off, it would not translate into sales. Downloaders of pirated MP3s would probably buy about as many CDs as they do now, or maybe less, since their exposure to new music would be reduced.

    --

  • Hacker challenge is it? Well, ever since the fiasco with DeCSS, will us hackers listen to the SDMI, which is nothing but the RIAA's DVD-CCA? Of course not. There was no need to call for such a boycott. I don't think even the hungriest hacker, whether true open sourcer or black hat script kiddie, would even think of touching that offer with a ten-meter cattle prod. We've all seen what happened with DeCSS. Now these corporate SOB's have got the gall to ask us for our help? I say screw em.
  • I have an idea!
    Let's raise money to a fund, and pay more to those how are willing to keep their findings to themselves (or even better, publish them after the challenge is over, and the shit is in use?)


    Ost99
  • Is there a chance of getting a virus with MP3s? Are the MP3 files huge like software?

    The size of the software does not play into this at all. Similarly, viruses and trojan horses are not a big deal for pirated software anyway. (Ever heard of a CRC or MD5 hash? You can tell if the software is legit or not.)


    How many people do you know have have downloaded a MP3 file on a 56k modem? Now compare that to the number of people who have downloaded 120MB (or usually more) software? The size has a huge affect on who will take the time (or can take the time) to download something. Most people get annoyed when they have to wait 5 minutes for an MP3, do you think they want to wait 5 hours, at broadband speed, for a game? And I realize the possibility of viruses is small, but to the average person, a virus is a deadly thing and could destroy everything and is everywhere. They still worry about it.


    Is there a system as simple as Napster to use for getting software?

    Uhhh, yeah it's called Gnutella (and other similar file-sharing programs). There's nothing about Napster that makes it unique to sharing music files. The same concept can and will be applied to other files. And there's usenet, IRC, HTTP, FTP, etc.


    If you think any of those is as easy as Napster, you've saddly mistaken. I know people in the IT industry who don't use Gnutella, because it's too hard to find a decent server and find what you want. Napster is a simple centralized place to download MP3 files that can be played immediately. There is nothing that is as easy and quick as Napster.


    The software industry would be destroyed if this were true. On top of that, getting music by Napster is not exactly "free." You have to do the work to locate the songs, especially if you're compiling an entire album, and the quality of the music is unknown or not guaranteed.
    Still, presuming it is "free" as you say, most people are honest enough to buy the album, especially if it is considered "illegal" for them to download it on Napster.


    Do you count the trouble of going to the store and buying a CD into it's cost? It's the same thing as finding it on Napster, except it's harder and uses gas and more time. As for all the people that Napster being "illegal" will stop, um....it's "illegal" now. Everyone knows that pirating MP3s is illegal and it's not stopping anyone. Most people will tell you it's illegal, but they don't worry about it. It's just the few who think they are "justified" in doing it that claim that pirating MP3s isn't illegal.


    That's not a logical argument. I think we can safely say that most everyone on the internet could use Napster to download music. And those same people could also buy a music CD if they wanted.
    There are hundreds of millions of people using the internet, and it's growing all the time.
    How many people use Napster? A million? Two million? How many of those people actually pirated an entire CD album they hadn't already bought on CD? Ten thousand? Fifty thousand?


    Not everyone on the NEt can use Napster. There are many people who can't install a simple program without help. Do you think these people are going to download and install Napster by themselves? And if only 2 million people use Napster, I would bet money that 1,999,999 at least have downloaded pirated music. HEll, you can't find anything else on Napster. As for the actually number of users...as of the press release on July 28, there were 20 million users of Napster. And I would bet that 99.99% of them have downloaded a copyrighted MP3. You don't need to download a whole CD, you only need to download a song. It could be the single that you didn't want to buy, or the song of that soundtrack that you liked, not a complete CD. And what happens as the NEt grows? When 75% of people are on the net, how many people will be using Napster?


    Again, I did not say anything about CD sales on the rise. But I'm glad you brought it up... If Napster really was having a measurable impact on CD sales, they would have gone down, regardless of how you measure causation or correlation.


    What constitues "measurable"? IF without Napster CD sales would have gone up by double what they did (and I'm making this figure up for arguement) would that not have been a "measurable" impact? You yourself admit that not everyone has access to Napster. So if only say 10% of the US used Napster instead of buying CDs, that means if total sales jumped by 1% Napster didn't have an affect, even though those 10% of the people would have bought CDs and didn't? That's simple insane. Anything that drives sales down has a "measurable" affect, it doesn't matter if total sales went up or not, if they would have been higher without that "detriment".

  • Why not? Encryption and SDMI will not stop piraters of music, it will only prevent regular people from easily listening to the music for which they've already paid... just like DVD.


    No, it won't stop everyone from pirating music, but it will stop a lot of people. There is no way to stop everyone from doing anything, but if you can limit a large number of people froim doing it, that's still a good thing.


    Yeah, just like nobody buys software nowadays, it's all pirated in usenet and IRC, and all the software companies are losing money! Right?


    These are too fields that are completely different. Is there a chance of getting a virus with MP3s? Are the MP3 files huge like software? Is there a system as simple as Napster to use for getting software? What are the chances of getting non-working pirated software as compared to non-working MP3s? These two things aren't in the same ballpark, hell, their not even playing the same sport.


    What they need to do is: release their albums in high quality, MP3 (or similar unsecured digital music format), for a discount over CD's. Most people, if given the opportunity, would pay for the music, and support their favorite artists.
    Some people would download songs off of Napster. Some of those people will then buy the album if they like it, and others will not. We are talking about a minority of people.
    Right now, Napster usage is high, but nothing compared to the amount of people actually buying CD's in stores. Napster usage would be reduced dramatically if the labels were selling inexpensive MP3 albums ($5 - $10). They'd be making money hand over fist.


    Most people would buy something that they can get for free? I don't know what planet you're living on, but most people I know take free over paid any day. Napster usage is not as high as CD sales, then again not nearly as many people have access to Napster. Only half the households in the US have a computer, which eliminates a HUGE amount of people right there. And yes, people are still buying CDs, but that doesn't mean Napster doesn't have a negative affect. Correlation is not causation. There are a million reason why CD sales went up last year, and there is nothing I've seen that can draw a direct connection between Napster use and CD sales going up. The question isn't how many CDs were sold last year, it's how many would have been sold if Napster (and the resulting MP3 explosion) would not have happened.

  • Unless they are going to create new drivers, copying this is as easy as running it in a sandbox and intercepting the input to the sound card drivers. While this by itself is not easy (talk to the wonderful creators of WINE for making a good windows sandbox) it is quite possible. I mention WINE in particular because if they are making new formats we all know perfectly well that the only player they will release will be for Windows. Actually, on that thought, WINE might be the best place to build this.

    In theory they would have to alter the sound to leave a permanent mark. If that is the case it is merely a task of identifying the mark and playing with SoundForge.

    Anyway. I personally am against a boycott. The honor system for payment is not sufficient (despite Stephen King's wishes), and moving to a new media is a good thing. Help them out. Besides, I am personally rather curious at whether or not they can pull it off.

  • IANAL (I am not a Legislator), but it seems to me that this 'hack sdmi' challenge may be somehow applicable to RICO (RACKETEER INFLUENCED AND CORRUPT ORGANIZATIONS) statutes.

    I found the definitions of RICO on the US House of Representatives [house.gov]' site.

    The Hack SDMI effort is potentially an attempt to form a conspiracy to commit a federal offense, i.e., to crack an access control device, according to DMCA.

    Further, a "pattern" of racketeering can be shown if two things are proven within ten years.

  • by FascDot Killed My Pr (24021) on Friday September 15, 2000 @03:00AM (#777892)
    Just how is SDMI supposed to work? I understand (somewhat) digital watermarking, but how does that apply? It's not like I have to break the encryption or anything (like forging someone's signature)--I just have to remove it (like erasing the signature). Could I run through an SDMI file and randomly add or subtract 1 from every byte? Shouldn't affect the sound but will destroy any watermark.
    --
    Linux MAPI Server!
    http://www.openone.com/software/MailOne/
  • The first site could actually pass as the site of a real .org

    But once you see fancy graphics in frames, as well as the phrase "shape the future", the corporate bullshit detector should go into screaming overload.

  • I got 12 in mozilla, but I had to turn all the chrome off and scroll the eleventh frame with the keyboard. 2000x1500 pixel 125 dpi display.

    Couldn't you just get as many as you want by cranking up your virtual desktop resolution?
  • Not exactly the same. The Allies would have had a lot easier of a time cracking the code if the Germans sold a box at Harrods that decoded the messages for them!

    Having both the input and output of the encryption algorithim makes it a LOT easier to figure out the algorithim, for I hope obvious reasons.



  • SDMI-aware sound cards would refuse...

    Expecting people to try to hack this standard using a 100% SDMI compliant environment is like saying "Our bulletproof vest works perfectly, so long as you shoot our SDMI-compatible bullets at it." You think I'm going to wear one of those? Screw that. Additionally, do you think I'm going to buy SDMI-compatible bullets if I know they're less effective than the regular cop-killer bullets made possible by DuPont?

    Sorry for stating the obvious here, but the heroic flaw with systems like this is that there'll always be renegade products available that don't adhere to the 'standard', and unlike the case with DVDs, consumers can simply choose to play content not encumbered by SDMI.



    Seth
  • How will they include an inaudible watermark, yet ensure that it is reproduced by all playback equipment? There are three possible ways to watermark an audio signal:

    The watermark frequencies could be outside the audible range (20 Hz - 20 kHz). But most audio equipment filters out, or fails to reproduce, inaudible frequencies.

    The watermark frequencies could be inside the audible range, disguised or masked by the music. But MP3 compression works by removing inaudible, masked sounds.

    The watermark could be encoded steganographically. But resampling will alter the least significant bits of the recording and destroy steganographic information.

    What's to stop me connecting the analogue outputs of my soundcard to the analogue inputs of another soundcard (to remove out-of-band frequencies and steganographic data), then making an MP3 of the result (to remove masked tones)? Only the fact that the hardware and software that would allow me to do so (a Linux PC with two Soundblaster 16s and a copy of BladeEnc) will be illegal.

    SDMI cannot succeed technologically, and the record companies know this. The technology only exists to provide an excuse for legal restrictions on hardware and software. Any hardware or software that is not "SDMI-compliant" will be branded a "circumvention device" and banned in the USA. Any countries that fail to follow the US's lead will be branded "havens for piracy".

  • by Anonymous Coward on Friday September 15, 2000 @03:07AM (#777906)
    The challenge says you can collect UP TO $10,000, not necessarily that you will be paid $10k for success. Winning $1 still qualifies as "up to $10,000." Why sink to the level of the recording industry? If you crack their encryption for greed, they're going to screw you, and we all will suffer. KEEP UP THE BOYCOTT.
  • He (and I) are willing to pay for the guarantee that the file that we get is the correct one and is not corrupted.

    Any free service like Napster is going to be flooded with junk and people trying to be clever by mislabeling files.

    An organized source, controlled by somebody who cares about the contents, is worth money.

  • Bribing\blackmailing the RIAA to donate money to the EFF wouldn't exactly be a great moral victory.

  • You know, there are a number of arguments that have already been stated against this hacking contest, and I am sure more arguments that will be stated against it in the future.

    Personally, I don't think that any of this actually matters. I don't really care whether the RIAA gains industry credibility for the SDMI - if recording companies want to use it then more power to them. I also don't care if the current SDMI implementations are 'proven' to be un-crackable during the artificially restricted cracking period of three weeks - the only thing that this will cause is more trumpet-blowing by the RIAA.

    The beautiful thing about the 'net and the hacker community is that I can guarantee at least a 1000:1 ratio of 'smart, motivated hackers' to 'mediocre corporate software engineers' on this one. Whatever the RIAA end up thrusting upon the industry and the unsuspecting public, it'll end up being cracked within the month. End of story.

    Let them waste cash developing this white-elephant of a protection mechanism. Whatever they spend here won't be available for them to pay lawyers with :)

    --
  • This is also hogwash. Compressed music is a second-rate substitute for the real thing. If I were to download a track from a Napster user, I would be getting considerably less than what the owner of the original CD paid for. It would be good enough for my car or the crappy speakers on my office PC, but painfully inadequate for when I want to sit down at home at my stereo and listen. Maybe when we have the bandwidth to transfer uncompressed CDs the way MP3s are transferred now, they might have a point, but still not a very good one


    Maybe to audiophiles, but the average person can't tell a difference between a 128bit MP3 and the CD version. I know I can't. Everyone I talk to says that MP3 is "CD quality". That certainly says to me they can't tell the difference, and if they can, it's not enough to bother them. Only audiophiles with $5000 stero setups notice or care about the difference.


    The fundamental flaw in all anti-piracy reasoning is that if a user illegally copies a thousand dollars worth of CDs, the music industry has lost a thousand dollars. The fact of the matter is that most people don't have a thousand dollars to spend on CDs every week, especially their core audience, who are teenagers and college students. If every MP3 in the world were magically erased and all sources were cut off, it would not translate into sales.


    No, it doesn't translate into $1000 of sales, but I would bet it translates into at least 1 CD sale lost. If you download $1000 worth of music, chances are there is something in that $1000 you would have paid for if you couldn't get it for free. I wouldn't suggest it's a 1 to 1 ratio, but I would guess that there is some correlation.

  • Apart from anything else, I'm very wary of the wording in the open letter:
    If you can remove the watermark or defeat the other technology on our proposed copyright protection system, you
    may earn up to $10,000.

    So it looks like they trick people into checking their security for them, and then don't have to give them the cash anyway. Personally, I'd like to see someone remove the watermark and not tell them how it was done. Sure, they'd be forfeiting the possible prize money, but they'd also be delaying the introduction of SDMI. Like Don Marti, I don't copy music from others. And yes, protecting my fair use copying is worth more than $10K to me anyway.

  • If no one breaks SDMI during the three week period, then they will just have ammunition to say that SDMI works. End of story. Move along.

    For those who think that the industry will not get their way, I have a simple answer for you: System on a Chip (SoC). Custom integrated circuits that do all the decrypting, audio decoding, D/A, etc., will be made. Once its all on a single IC chip (and this can likely be done with a bit of work right now), your rights are gone.

    I doubt anyone on Slashdot has access to clean room that they could an take apart an Integrated Circuit, figure out how to disable the protections, checksumming of code, etc., and then a fabrication plant than can make enough modified ICs that they could distribute them around. Consumers have lost their rights one by one; they just have not realized it yet, nor cared.

    Sorry, but the gig is up.

  • Make a concerted effort is made to attack the strongest watermarking algorithms, and leave the weakest alone. Maybe, just maybe, the weaker ones will get rubber-stamped as the standard and everyone will be able to enjoy fair use of media without too high of a technical hurdle.
    ---
  • How much do you get paid per diem for consulting, or for a comprehensive cryptanalyis?

    $10K isn't a prize. It is a joke.

    Had I broken one of their candidate schemes, I would expect a lot more for my efforts -- or I would keep it for my own later uses, just in case the DMCA is later abrogated or amended.
  • Win2000 is an excellent product, but if you're using Linux every day you're probably suffering from Stockholm Syndrome.

    For the SDMI, my recommendation is to download the stuff, hack it, and then NOT TELL THEM. Then, when they release this stuff, you release your hack the very same day. Take that, SDMI! ;)

  • by Spudley (171066) on Friday September 15, 2000 @03:09AM (#777935) Homepage Journal
    The issue with this software, as I understand it, is similar to the issue with DVD - ie, you can have the files, but you have to play them with the "approved" software.

    Now from where I'm sitting, that means that breaking the encryption really isn't of much relevance; the issue is of making player-software available cross platform. This could be done by cracking the encryption, but lets face it: it's a whole lot easier just to reverse-engineer the player-software that is released, which is exactly what was done for DVDs.

    Okay, so the powers that be don't especially like that tactic either, but in truth it's better for them too.
  • by AndyS (655) on Friday September 15, 2000 @03:10AM (#777939)
    Well, simple watermarking is a fantastic idea. It means that people aren't going to be doing a napster and share music with everyone and his dog, but they're going to be able to lend music to their friends etc. And, assuming it doesn't change the music itself, it shouldn't affect fair use rights. The only problem I have with this (seemingly) rosy picture is that I'ld be amazed if their watermarks were very a) hard to find and b) robust. If they're not robust, then diddling a bit with the sound could destroy them. If they are easy to detect then they can be stripped out.
  • The Senator in question was not Senator McCain, but rather Senator Orin Hatch.

  • here in the netherlands making a a copy for home-use is a right, by law. if industry uses technology to make copying impossible, they are infringing MY rights. Since I am not a lawyer, I did not make this up myself.

    //rdj
  • Sound Blaster cards weren't "primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title". sec 1201 (a)(2)(A) [cwru.edu]. (Though sec 1201 (a)(2)(C) might get you if you're distributing it and advertise "this will let you listen to pirated music!")

    Also, Sound blaster cards were widely distributed via legal channels before the watermarking is released. I understand that as "for all intents and purposes" because at least 50% of computer users have a standard unrestricted sound card right now and can legally sell them (even if there's an unstated assumption that the card will be used to pirate). At what point do you say that it's not effective? 100,000 people having a legal tool that instantly accesses it? 10,000? 1,000?

    PS. I don't think they're intending to use watermarking to prevent access, only track people, but this thread is interesting anyway.
    --

  • Ok, I think it's fairly obvious how the bulk of the community feels about this idiocy. The important question though, is what are we going to do about?

    I wonder if maybe we couldn't find some way to get this onto national television and let the world know what these idiots are doing. The reason why RIAA, MPAA, and other big industry conglomerates have been able to get away with things like CSS and potentially SDMI, is because the public at large doesn't know what it means, and if they do know what it is, they may not neccesarily know why they should care.

    Somehow we need to get this into national press and make people aware of the potential damage these various technologies could do.

  • For instance, connect your soundcard "out" to your "in" and record--there's no getting around that
    I think they're planning an inaudible watermark that the recording device can still detect. SDMI-aware sound cards would refuse to record watermarked audio.
  • by Anonymous Coward on Friday September 15, 2000 @03:13AM (#777950)
    > Could I run through an SDMI file and randomly add or subtract 1 from every byte? Shouldn't
    > affect the sound but will destroy any watermark.

    No, that isn't going to work.

    The watermark is a particular set of frequencies, repeated at particular times. It doesn't have to be audible. It certainly won't be removable by just twiddling bits--- anything that doesn't affect the sound won't affect it.

    It's possible to use cryptography to hide the watermark, even if you reveal the algorithim for creating it. Any random set of sounds could be a watermark, but only if you know the correct key will you know what the watermark means.

    Correctly implemented, there is no way to detect or remove it. However, from what I've read, the SDMI idiots appear to be rather clueless. They want the watermark detection to be built into every player, so that it will refuse to play even analog copies of watermarked material. Of course, this means that all you have to do is reverse engineer one of the millions of players they will be selling, and you know exactly how to find the watermark-- and how to remove it.
  • No, it won't stop everyone from pirating music, but it will stop a lot of people. There is no way to stop everyone from doing anything, but if you can limit a large number of people froim doing it, that's still a good thing.

    What are you, some sort of RIAA goon? "Limiting a large number of people" is EXACTLY the problem with the music industry. Why limit a large group of people, the people that pay for the music, when the real problem is the minority of people that pirate the music? The piraters, as you fully attest, will not be stopped by encryption, watermarks, or the like. History has proven that they will find always find a way.

    If watermarks and encryption did not cause problems for honest people, I wouldn't care about this. But the problem is you can't do encryption or watermarks without limiting what your paying customers can do with their property.

    These are too fields [software and music piracy] that are completely different.

    No, they're exactly the same. Digital content that can be reproduced at no cost, distributed by file-sharing programs, and are typically sold, not free (as in beer).

    Is there a chance of getting a virus with MP3s? Are the MP3 files huge like software?

    The size of the software does not play into this at all. Similarly, viruses and trojan horses are not a big deal for pirated software anyway. (Ever heard of a CRC or MD5 hash? You can tell if the software is legit or not.)

    Is there a system as simple as Napster to use for getting software?

    Uhhh, yeah it's called Gnutella (and other similar file-sharing programs). There's nothing about Napster that makes it unique to sharing music files. The same concept can and will be applied to other files. And there's usenet, IRC, HTTP, FTP, etc.

    What are the chances of getting non-working pirated software as compared to non-working MP3s? These two things aren't in the same ballpark, hell, their not even playing the same sport.

    You are insane. They are not only the same sport, they're playing for the same team.

    Most people would buy something that they can get for free? I don't know what planet you're living on, but most people I know take free over paid any day.

    The software industry would be destroyed if this were true. On top of that, getting music by Napster is not exactly "free." You have to do the work to locate the songs, especially if you're compiling an entire album, and the quality of the music is unknown or not guaranteed.

    Still, presuming it is "free" as you say, most people are honest enough to buy the album, especially if it is considered "illegal" for them to download it on Napster.

    Napster usage is not as high as CD sales, then again not nearly as many people have access to Napster.

    That's not a logical argument. I think we can safely say that most everyone on the internet could use Napster to download music. And those same people could also buy a music CD if they wanted.

    There are hundreds of millions of people using the internet, and it's growing all the time.

    How many people use Napster? A million? Two million? How many of those people actually pirated an entire CD album they hadn't already bought on CD? Ten thousand? Fifty thousand?

    And we're only talking about the people on the internet. Add the rest of the people that can access CD's only, and even if you're poor at math, you should be able to see how small the damage by Napster really is.

    And yes, people are still buying CDs, but that doesn't mean Napster doesn't have a negative affect. Correlation is not causation.

    I never said it didn't have a negative effect. Likewise, you can't prove it does have a negative effect. No one can without a massive, scientific, unbiased study that will never happen.

    There are a million reason why CD sales went up last year, and there is nothing I've seen that can draw a direct connection between Napster use and CD sales going up. The question isn't how many CDs were sold last year, it's how many would have been sold if Napster (and the resulting MP3 explosion) would not have happened.

    Again, I did not say anything about CD sales on the rise. But I'm glad you brought it up... If Napster really was having a measurable impact on CD sales, they would have gone down, regardless of how you measure causation or correlation.

    -thomas


    "Extraordinary claims require extraordinary evidence."
  • Some kinds of watermark cannot be detected (that is, distinguished from noise-like signals) without knowing the right key. Some watermarks are very difficult to remove without knowing the right key.
    The SDMI player is going to have to recognise it, so all you need to do is pull it apart and see how it works, like the DeCSS chaps did.
  • For instance, connect your soundcard "out" to your "in" and record--there's no getting around that.

    That may not degrade the signal enough to get rid of any watermarks.

    LK
  • by dirk (87083) <dirk@one.net> on Friday September 15, 2000 @03:29AM (#778011) Homepage
    As the RIAA has gone after Napster, everyone has been talking about how they would buy digital music if is was available. Well, that's what they are trying to do. They are trying to make music available online, and to make it secure. They simply cannot release the music in an unsecure format. The only thing that would accomplish to make the music easy to put on Napster (or whatever). Someone would buy the music, and the first thing they would do is put it in with all of their other MP3s, shared on Napster. Then everyone else finds it on Napster, and has no need to buy it (and this is especially true for digital music, as you have exactly what you would be purchasing). So the only way to offer music online and to have a chance to make any profit is to offer it is some kind of either encrypted or watermarked format. If you want music available for download (legally), there is no other way.
  • by Veteran (203989) on Friday September 15, 2000 @03:31AM (#778033)
    The best reason not to attempt to crack the protection scheme is that it tells these people WHO YOU ARE.

    That is the real reason for the 'hacking contest'. Much in the way that the real reason for registration of firearms is to make the later collection of those weapons from the law abiding easier - so is the real purpose of this contest to allow the music industry to collect information on who is interested in trying to crack their copy protection scheme. Anything you do in this 'contest' may be used against you in a court of law at a later time and date.

  • Any news from the site : because here it is 09:13, Sept 15 (Us&Canadian eastern time), and nothing worth the trouble is showing on http://www.hacksdmi.org/. And like someone pointed out, they have a like to their site into their own site that will create an interesting Escher-like "Recursive Frame stack fault" into you Browser.
    As for the boycott : they are clearly trying to avoid a DECSS-like failure.
    Maybe they have the same level of confidence for their crypto technical than for their www one ?

    This shows that DECSS teached some lessons.

    But like usual, thos BIG-CORPORATE-FAT--ETC guys understood the teaching the wrong way, because if their "new" system is not cracked it three weeks, it's going to be cracked in four, five... until the sun blows. And even if the crack is declared illegal their will be a part of the world whete someone will sell it, and the bootleging-vox populi will do the rest.

    For every better lock, there will be a better thief ! Hey guys, instead of focusing on the lock, please look at the door design.

    On the other hand, like every #$$^#@#$ marketing guys, they gave the delays, blissly disregarding the rules of the game. And like usual the requirements seems to be late.

    Bu I will advise for the boycott, because their goal is not clear. Apparently they are going to put a bunch of differents technologies under public scrunity. They seemed to learn at that principle of free software : the most testers you have, the better the product. But testing FOR them will be against our interests. Let them test, and if they cannot get people competent enough to point the flaws in their systems, it means they did not deserve that.
  • by GlitchZ (205899) on Friday September 15, 2000 @03:45AM (#778048)

    DISCLAIMER: Its long!

    Basically they believe that the gaol of these hackers (if they find any) will be for the money or fame. After the three weeks they will give up and go home and never think about it again. However they are just going to end up giving these contestants a taste of flesh and they aren't going to stop. I'm just not that good with words so here are someone else's:

    They are fools that think that wealth or women or strong drink or even drugs can buy the most in effort out of the soul of a man. These things offer pale pleasures compared to that which is greatest of them all, that task which demands from him more than his utmost strength, that absorbs him, bone and sinew and brain and hope and fear and dreams -- and still calls for more.

    They are fools that think otherwise. No great effort was ever bought. No painting, no music, no poem, no cathedral in stone, no church, no state was ever raised into being for payment of any kind. No parthenon, no Thermopylae was ever built or fought for pay or glory; no Bukhara sacked, or China ground beneath Mongol heel, for loot or power alone. The payment for doing these things was itself the doing of them.

    To wield onself -- to use oneself as a tool in one's own hand -- and so to make or break that which no one else can build or ruin -- THAT is the greatest pleasure known to man! To one who has felt the chisel in his hand and set free the angel prisoned in the marble block, or to one who has felt sword in hand and set homeless the soul that a moment before lived in the body of his mortal enemy -- to those both come alike the taste of that rare food spread only for demons or for gods."

    -- Gordon R. Dickson, "Soldier Ask Not"

  • by nihilogos (87025) on Friday September 15, 2000 @03:45AM (#778049)
    Go to the HackSDMI Website [hacksdmi.org]. Click on the link to www.hacksdmi.org [hacksdmi.org], and continue recursively. The person who can get the most cascaded frames before their browser crashes wins.

    Before one learns to fly, one must first learn to walk. Before one learns to develop a secure framework for digital music, one must first learn to use the target attribute.
  • by Luminous (192747) on Friday September 15, 2000 @03:50AM (#778068) Journal
    10K is a large amount, but how much money would the RIAA have to pay real programmers and security technicians come in and take apart SDMI? I assure you, it would cost a lot more than 10K. What is going on here is an attempt to gain publicity (see, the hacker community can't break it, it is good) or if it is broken they reap the benefits that would have cost them a lot.

    It is far better to take SDMI, not find the holes, let them institute it, and then flood the market with the methodology to crack it, forcing them to scrap the entire project and walk away with egg on thier faces.

  • by tswinzig (210999) on Friday September 15, 2000 @04:49AM (#778084) Journal
    Well, simple watermarking is a fantastic idea. It means that people aren't going to be doing a napster and share music with everyone and his dog

    Do you really believe that a company or organization will ever be able to do anything to protect their music, video, or software from piraters if they really want it?

    The music industry simply needs to be concerned about making it easy for consumers to buy and use digital music. If they do this, they might be just as successful as the software market.

    -thomas


    "Extraordinary claims require extraordinary evidence."
  • by CaseyB (1105) on Friday September 15, 2000 @03:56AM (#778088)
    Guaranteed or not, it's peanuts if you do get it.

    How much time of a professional crypto expert's time would that buy in the real world? A week if they're feeling charitable.

    The people behind the SDMI collective spend $10K on lunch. The prize money is more an insult to the value of cryptographic analysis than anything.

  • by interiot (50685) on Friday September 15, 2000 @03:56AM (#778090) Homepage
    Oh come on, with such a sparse site, the only thing you can comment on is what the did say, not what they didn't say.

    Notice they don't say what copy-protection/watermark methods there are to crack? Or what exactly a successful crack consists of?

    It looks like the site requires a major update before the contest can start, and I imagine the legal details will be spelled out more thoroughly at that time. (If ever... the site was built on imagecafe and has dangling links to default pages and has a problem with its frames. It looks as if the only people who worked on it was the PR team.)
    --

  • by Trinition (114758) on Friday September 15, 2000 @03:58AM (#778097) Homepage
    Boycotting the hacker challenge is just one extreme. I'd rather have us "hackers" show the Borg-like SDMI collective that their motives are futile.

    How can this be done? I'm no expert on watermarking, so I'll leave that one to someone else. But, for conventional means of copy protection, I have some ideas. If you can hear it, it can be recorded. Better yet, if its digital and your sound card plays it, then its driver is being sent the raw, unencoded, unencrypted data.

    How about a fake sound driver? If someone wrote a sound driver (preferably for Windows so the collective would see the impact more plainly) that acted like a regular asound driver but instead recorded the raw audio data to a file, the "protected" songs would be available in an "unprotected" form.

    So, how about it? Or do you think the SDMI would just have a law passed to make all Audio Card manufacturers adhere to SDMI specs and encrypt the data down to the DAC?

  • by Veteran (203989) on Friday September 15, 2000 @03:58AM (#778099)
    DMCA.

    Under the DMCA any player which does NOT use the watermark is a device which is 'bypassing digital copy protection means' and is thus ILLEGAL.

    Not only will all new players be forced, by law, to use the copy protection scheme; but you can be imprisoned for 5 years by using your old CDROM or sound card once the new copy protection scheme is on the market. Like DeCSS any device which can be used to copy protected music IS ILLEGAL under the DMCA.

    For example a PC which has a current CDROM burner would be illegal. We can assume that Microsoft will put the music copy protection scheme into a future version of Windows - thus making illegal all current operating systems which do not have that code in them.

    The DMCA is not about copy protection; it is about controlling what YOU can do with digital technology.

We warn the reader in advance that the proof presented here depends on a clever but highly unmotivated trick. -- Howard Anton, "Elementary Linear Algebra"

Working...